From: Sasha Levin Date: Tue, 29 Oct 2019 11:33:39 +0000 (-0400) Subject: fixes for 5.3 X-Git-Tag: v4.4.199~53 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b5fd087d13cd7b567997f5da08bcfd580dd7b2b9;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 5.3 Signed-off-by: Sasha Levin --- diff --git a/queue-5.3/arm64-armv8_deprecated-checking-return-value-for-mem.patch b/queue-5.3/arm64-armv8_deprecated-checking-return-value-for-mem.patch new file mode 100644 index 00000000000..e0499be4f29 --- /dev/null +++ b/queue-5.3/arm64-armv8_deprecated-checking-return-value-for-mem.patch @@ -0,0 +1,45 @@ +From 5a68a5f030e285e954e6896fc0a72ac24941cfd7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 29 Sep 2019 12:44:17 +0800 +Subject: arm64: armv8_deprecated: Checking return value for memory allocation + +From: Yunfeng Ye + +[ Upstream commit 3e7c93bd04edfb0cae7dad1215544c9350254b8f ] + +There are no return value checking when using kzalloc() and kcalloc() for +memory allocation. so add it. + +Signed-off-by: Yunfeng Ye +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/armv8_deprecated.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/arch/arm64/kernel/armv8_deprecated.c b/arch/arm64/kernel/armv8_deprecated.c +index 2ec09debc2bb1..ca158be21f833 100644 +--- a/arch/arm64/kernel/armv8_deprecated.c ++++ b/arch/arm64/kernel/armv8_deprecated.c +@@ -174,6 +174,9 @@ static void __init register_insn_emulation(struct insn_emulation_ops *ops) + struct insn_emulation *insn; + + insn = kzalloc(sizeof(*insn), GFP_KERNEL); ++ if (!insn) ++ return; ++ + insn->ops = ops; + insn->min = INSN_UNDEF; + +@@ -233,6 +236,8 @@ static void __init register_insn_emulation_sysctl(void) + + insns_sysctl = kcalloc(nr_insn_emulated + 1, sizeof(*sysctl), + GFP_KERNEL); ++ if (!insns_sysctl) ++ return; + + raw_spin_lock_irqsave(&insn_emulation_lock, flags); + list_for_each_entry(insn, &insn_emulation, node) { +-- +2.20.1 + diff --git a/queue-5.3/arm64-cpufeature-effectively-expose-frint-capability.patch b/queue-5.3/arm64-cpufeature-effectively-expose-frint-capability.patch new file mode 100644 index 00000000000..556d6320670 --- /dev/null +++ b/queue-5.3/arm64-cpufeature-effectively-expose-frint-capability.patch @@ -0,0 +1,46 @@ +From ee66c2f1dce5796914d03764f2b61d63ffe3c586 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 12:12:08 +0100 +Subject: arm64: cpufeature: Effectively expose FRINT capability to userspace + +From: Julien Grall + +[ Upstream commit 7230f7e99fecc684180322b056fad3853d1029d3 ] + +The HWCAP framework will detect a new capability based on the sanitized +version of the ID registers. + +Sanitization is based on a whitelist, so any field not described will end +up to be zeroed. + +At the moment, ID_AA64ISAR1_EL1.FRINTTS is not described in +ftr_id_aa64isar1. This means the field will be zeroed and therefore the +userspace will not be able to see the HWCAP even if the hardware +supports the feature. + +This can be fixed by describing the field in ftr_id_aa64isar1. + +Fixes: ca9503fc9e98 ("arm64: Expose FRINT capabilities to userspace") +Signed-off-by: Julien Grall +Cc: mark.brown@arm.com +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/cpufeature.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c +index 9323bcc40a58a..cabebf1a79768 100644 +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -136,6 +136,7 @@ static const struct arm64_ftr_bits ftr_id_aa64isar0[] = { + + static const struct arm64_ftr_bits ftr_id_aa64isar1[] = { + ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_SB_SHIFT, 4, 0), ++ ARM64_FTR_BITS(FTR_VISIBLE, FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_FRINTTS_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), + FTR_STRICT, FTR_LOWER_SAFE, ID_AA64ISAR1_GPI_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_VISIBLE_IF_IS_ENABLED(CONFIG_ARM64_PTR_AUTH), +-- +2.20.1 + diff --git a/queue-5.3/arm64-default-to-building-compat-vdso-with-clang-whe.patch b/queue-5.3/arm64-default-to-building-compat-vdso-with-clang-whe.patch new file mode 100644 index 00000000000..bc09112ba73 --- /dev/null +++ b/queue-5.3/arm64-default-to-building-compat-vdso-with-clang-whe.patch @@ -0,0 +1,40 @@ +From 2b418f3c3228828812fbf4096fd3bb294c88ab56 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 14:08:13 +0100 +Subject: arm64: Default to building compat vDSO with clang when + CONFIG_CC_IS_CLANG + +From: Will Deacon + +[ Upstream commit 24ee01a927bfe56c66429ec4b1df6955a814adc8 ] + +Rather than force the use of GCC for the compat cross-compiler, instead +extract the target from CROSS_COMPILE_COMPAT and pass it to clang if the +main compiler is clang. + +Acked-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/Makefile | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile +index 9743b50bdee7d..5858d6e449268 100644 +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -47,7 +47,11 @@ $(warning Detected assembler with broken .inst; disassembly will be unreliable) + endif + endif + ++ifeq ($(CONFIG_CC_IS_CLANG), y) ++COMPATCC ?= $(CC) --target=$(notdir $(CROSS_COMPILE_COMPAT:%-=%)) ++else + COMPATCC ?= $(CROSS_COMPILE_COMPAT)gcc ++endif + export COMPATCC + + ifeq ($(CONFIG_GENERIC_COMPAT_VDSO), y) +-- +2.20.1 + diff --git a/queue-5.3/arm64-fix-incorrect-irqflag-restore-for-priority-mas.patch b/queue-5.3/arm64-fix-incorrect-irqflag-restore-for-priority-mas.patch new file mode 100644 index 00000000000..34204fe343f --- /dev/null +++ b/queue-5.3/arm64-fix-incorrect-irqflag-restore-for-priority-mas.patch @@ -0,0 +1,44 @@ +From c43eb2c6e5699fc3ec60f6390be797754c87f8d5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 18:01:27 +0100 +Subject: arm64: Fix incorrect irqflag restore for priority masking for compat + +From: James Morse + +[ Upstream commit f46f27a576cc3b1e3d45ea50bc06287aa46b04b2 ] + +Commit bd82d4bd2188 ("arm64: Fix incorrect irqflag restore for priority +masking") added a macro to the entry.S call paths that leave the +PSTATE.I bit set. This tells the pPNMI masking logic that interrupts +are masked by the CPU, not by the PMR. This value is read back by +local_daif_save(). + +Commit bd82d4bd2188 added this call to el0_svc, as el0_svc_handler +is called with interrupts masked. el0_svc_compat was missed, but should +be covered in the same way as both of these paths end up in +el0_svc_common(), which expects to unmask interrupts. + +Fixes: bd82d4bd2188 ("arm64: Fix incorrect irqflag restore for priority masking") +Signed-off-by: James Morse +Cc: Julien Thierry +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/entry.S | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm64/kernel/entry.S b/arch/arm64/kernel/entry.S +index 109894bd31948..239f6841a7412 100644 +--- a/arch/arm64/kernel/entry.S ++++ b/arch/arm64/kernel/entry.S +@@ -775,6 +775,7 @@ el0_sync_compat: + b.ge el0_dbg + b el0_inv + el0_svc_compat: ++ gic_prio_kentry_setup tmp=x1 + mov x0, sp + bl el0_svc_compat_handler + b ret_to_user +-- +2.20.1 + diff --git a/queue-5.3/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch b/queue-5.3/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch new file mode 100644 index 00000000000..46c0228a87f --- /dev/null +++ b/queue-5.3/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch @@ -0,0 +1,65 @@ +From 1137a62cd86a5bb0bc16d17578addc92b60ca6bc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 10:49:35 +0100 +Subject: arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 + #1542419 + +From: James Morse + +[ Upstream commit dd8a1f13488438c6c220b7cafa500baaf21a6e53 ] + +CPUs affected by Neoverse-N1 #1542419 may execute a stale instruction if +it was recently modified. The affected sequence requires freshly written +instructions to be executable before a branch to them is updated. + +There are very few places in the kernel that modify executable text, +all but one come with sufficient synchronisation: + * The module loader's flush_module_icache() calls flush_icache_range(), + which does a kick_all_cpus_sync() + * bpf_int_jit_compile() calls flush_icache_range(). + * Kprobes calls aarch64_insn_patch_text(), which does its work in + stop_machine(). + * static keys and ftrace both patch between nops and branches to + existing kernel code (not generated code). + +The affected sequence is the interaction between ftrace and modules. +The module PLT is cleaned using __flush_icache_range() as the trampoline +shouldn't be executable until we update the branch to it. + +Drop the double-underscore so that this path runs kick_all_cpus_sync() +too. + +Signed-off-by: James Morse +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/ftrace.c | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c +index 1717732579742..06e56b4703153 100644 +--- a/arch/arm64/kernel/ftrace.c ++++ b/arch/arm64/kernel/ftrace.c +@@ -121,10 +121,16 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) + + /* + * Ensure updated trampoline is visible to instruction +- * fetch before we patch in the branch. ++ * fetch before we patch in the branch. Although the ++ * architecture doesn't require an IPI in this case, ++ * Neoverse-N1 erratum #1542419 does require one ++ * if the TLB maintenance in module_enable_ro() is ++ * skipped due to rodata_enabled. It doesn't seem worth ++ * it to make it conditional given that this is ++ * certainly not a fast-path. + */ +- __flush_icache_range((unsigned long)&dst[0], +- (unsigned long)&dst[1]); ++ flush_icache_range((unsigned long)&dst[0], ++ (unsigned long)&dst[1]); + } + addr = (unsigned long)dst; + #else /* CONFIG_ARM64_MODULE_PLTS */ +-- +2.20.1 + diff --git a/queue-5.3/arm64-vdso32-detect-binutils-support-for-dmb-ishld.patch b/queue-5.3/arm64-vdso32-detect-binutils-support-for-dmb-ishld.patch new file mode 100644 index 00000000000..1eaa5bdd370 --- /dev/null +++ b/queue-5.3/arm64-vdso32-detect-binutils-support-for-dmb-ishld.patch @@ -0,0 +1,79 @@ +From e4fc12c4e5d5e763c4a93a285dc926d1944f1562 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 18:48:34 +0100 +Subject: arm64: vdso32: Detect binutils support for dmb ishld + +From: Vincenzo Frascino + +[ Upstream commit 0df2c90eba60791148cee1823c0bf5fc66e3465c ] + +Older versions of binutils (prior to 2.24) do not support the "ISHLD" +option for memory barrier instructions, which leads to a build failure +when assembling the vdso32 library. + +Add a compilation time mechanism that detects if binutils supports those +instructions and configure the kernel accordingly. + +Cc: Will Deacon +Cc: Catalin Marinas +Reported-by: Will Deacon +Signed-off-by: Vincenzo Frascino +Reviewed-by: Catalin Marinas +Tested-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/vdso/compat_barrier.h | 2 +- + arch/arm64/kernel/vdso32/Makefile | 9 +++++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/vdso/compat_barrier.h b/arch/arm64/include/asm/vdso/compat_barrier.h +index fb60a88b5ed41..3fd8fd6d8fc25 100644 +--- a/arch/arm64/include/asm/vdso/compat_barrier.h ++++ b/arch/arm64/include/asm/vdso/compat_barrier.h +@@ -20,7 +20,7 @@ + + #define dmb(option) __asm__ __volatile__ ("dmb " #option : : : "memory") + +-#if __LINUX_ARM_ARCH__ >= 8 ++#if __LINUX_ARM_ARCH__ >= 8 && defined(CONFIG_AS_DMB_ISHLD) + #define aarch32_smp_mb() dmb(ish) + #define aarch32_smp_rmb() dmb(ishld) + #define aarch32_smp_wmb() dmb(ishst) +diff --git a/arch/arm64/kernel/vdso32/Makefile b/arch/arm64/kernel/vdso32/Makefile +index 19e0d3115ffe0..77aa613403747 100644 +--- a/arch/arm64/kernel/vdso32/Makefile ++++ b/arch/arm64/kernel/vdso32/Makefile +@@ -15,6 +15,8 @@ cc32-disable-warning = $(call try-run,\ + $(COMPATCC) -W$(strip $(1)) -c -x c /dev/null -o "$$TMP",-Wno-$(strip $(1))) + cc32-ldoption = $(call try-run,\ + $(COMPATCC) $(1) -nostdlib -x c /dev/null -o "$$TMP",$(1),$(2)) ++cc32-as-instr = $(call try-run,\ ++ printf "%b\n" "$(1)" | $(COMPATCC) $(VDSO_AFLAGS) -c -x assembler -o "$$TMP" -,$(2),$(3)) + + # We cannot use the global flags to compile the vDSO files, the main reason + # being that the 32-bit compiler may be older than the main (64-bit) compiler +@@ -53,6 +55,7 @@ endif + VDSO_CAFLAGS += -fPIC -fno-builtin -fno-stack-protector + VDSO_CAFLAGS += -DDISABLE_BRANCH_PROFILING + ++ + # Try to compile for ARMv8. If the compiler is too old and doesn't support it, + # fall back to v7. There is no easy way to check for what architecture the code + # is being compiled, so define a macro specifying that (see arch/arm/Makefile). +@@ -89,6 +92,12 @@ VDSO_CFLAGS += -Wno-int-to-pointer-cast + VDSO_AFLAGS := $(VDSO_CAFLAGS) + VDSO_AFLAGS += -D__ASSEMBLY__ + ++# Check for binutils support for dmb ishld ++dmbinstr := $(call cc32-as-instr,dmb ishld,-DCONFIG_AS_DMB_ISHLD=1) ++ ++VDSO_CFLAGS += $(dmbinstr) ++VDSO_AFLAGS += $(dmbinstr) ++ + VDSO_LDFLAGS := $(VDSO_CPPFLAGS) + # From arm vDSO Makefile + VDSO_LDFLAGS += -Wl,-Bsymbolic -Wl,--no-undefined -Wl,-soname=linux-vdso.so.1 +-- +2.20.1 + diff --git a/queue-5.3/arm64-vdso32-don-t-use-kbuild_cppflags-unconditional.patch b/queue-5.3/arm64-vdso32-don-t-use-kbuild_cppflags-unconditional.patch new file mode 100644 index 00000000000..93d121d7316 --- /dev/null +++ b/queue-5.3/arm64-vdso32-don-t-use-kbuild_cppflags-unconditional.patch @@ -0,0 +1,48 @@ +From d22a08926e65d8d4878cc2cefda12621440aa6a6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 15:44:45 +0100 +Subject: arm64: vdso32: Don't use KBUILD_CPPFLAGS unconditionally + +From: Will Deacon + +[ Upstream commit c71e88c437962c1ec43d4d23a0ebf4c9cf9bee0d ] + +KBUILD_CPPFLAGS is defined differently depending on whether the main +compiler is clang or not. This means that it is not possible to build +the compat vDSO with GCC if the rest of the kernel is built with clang. + +Define VDSO_CPPFLAGS directly to break this dependency and allow a clang +kernel to build a compat vDSO with GCC: + + $ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- \ + CROSS_COMPILE_COMPAT=arm-linux-gnueabihf- CC=clang \ + COMPATCC=arm-linux-gnueabihf-gcc + +Acked-by: Catalin Marinas +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/vdso32/Makefile | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/arch/arm64/kernel/vdso32/Makefile b/arch/arm64/kernel/vdso32/Makefile +index 77aa613403747..aa171b043287b 100644 +--- a/arch/arm64/kernel/vdso32/Makefile ++++ b/arch/arm64/kernel/vdso32/Makefile +@@ -25,11 +25,9 @@ cc32-as-instr = $(call try-run,\ + # arm64 one. + # As a result we set our own flags here. + +-# From top-level Makefile +-# NOSTDINC_FLAGS +-VDSO_CPPFLAGS := -nostdinc -isystem $(shell $(COMPATCC) -print-file-name=include) ++# KBUILD_CPPFLAGS and NOSTDINC_FLAGS from top-level Makefile ++VDSO_CPPFLAGS := -D__KERNEL__ -nostdinc -isystem $(shell $(COMPATCC) -print-file-name=include) + VDSO_CPPFLAGS += $(LINUXINCLUDE) +-VDSO_CPPFLAGS += $(KBUILD_CPPFLAGS) + + # Common C and assembly flags + # From top-level Makefile +-- +2.20.1 + diff --git a/queue-5.3/arm64-vdso32-fix-broken-compat-vdso-build-warnings.patch b/queue-5.3/arm64-vdso32-fix-broken-compat-vdso-build-warnings.patch new file mode 100644 index 00000000000..8385072313c --- /dev/null +++ b/queue-5.3/arm64-vdso32-fix-broken-compat-vdso-build-warnings.patch @@ -0,0 +1,111 @@ +From c3a5502bee58f4af5dd690f7925c83cfe0f08690 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 18:48:33 +0100 +Subject: arm64: vdso32: Fix broken compat vDSO build warnings + +From: Vincenzo Frascino + +[ Upstream commit e0de01aafc3dd7b73308106b056ead2d48391905 ] + +The .config file and the generated include/config/auto.conf can +end up out of sync after a set of commands since +CONFIG_CROSS_COMPILE_COMPAT_VDSO is not updated correctly. + +The sequence can be reproduced as follows: + +$ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- defconfig +[...] +$ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- menuconfig +[set CONFIG_CROSS_COMPILE_COMPAT_VDSO="arm-linux-gnueabihf-"] +$ make ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- + +Which results in: + +arch/arm64/Makefile:62: CROSS_COMPILE_COMPAT not defined or empty, +the compat vDSO will not be built + +even though the compat vDSO has been built: + +$ file arch/arm64/kernel/vdso32/vdso.so +arch/arm64/kernel/vdso32/vdso.so: ELF 32-bit LSB pie executable, ARM, +EABI5 version 1 (SYSV), dynamically linked, +BuildID[sha1]=c67f6c786f2d2d6f86c71f708595594aa25247f6, stripped + +A similar case that involves changing the configuration parameter +multiple times can be reconducted to the same family of problems. + +Remove the use of CONFIG_CROSS_COMPILE_COMPAT_VDSO altogether and +instead rely on the cross-compiler prefix coming from the environment +via CROSS_COMPILE_COMPAT, much like we do for the rest of the kernel. + +Cc: Will Deacon +Cc: Catalin Marinas +Reported-by: Will Deacon +Signed-off-by: Vincenzo Frascino +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/Kconfig | 2 +- + arch/arm64/Makefile | 18 +++++------------- + arch/arm64/kernel/vdso32/Makefile | 2 -- + 3 files changed, 6 insertions(+), 16 deletions(-) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index e8cf562838716..f63b824cdc2d3 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -111,7 +111,7 @@ config ARM64 + select GENERIC_STRNLEN_USER + select GENERIC_TIME_VSYSCALL + select GENERIC_GETTIMEOFDAY +- select GENERIC_COMPAT_VDSO if (!CPU_BIG_ENDIAN && COMPAT) ++ select GENERIC_COMPAT_VDSO if (!CPU_BIG_ENDIAN && COMPAT && "$(CROSS_COMPILE_COMPAT)" != "") + select HANDLE_DOMAIN_IRQ + select HARDIRQS_SW_RESEND + select HAVE_PCI +diff --git a/arch/arm64/Makefile b/arch/arm64/Makefile +index 61de992bbea3f..9743b50bdee7d 100644 +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -47,20 +47,12 @@ $(warning Detected assembler with broken .inst; disassembly will be unreliable) + endif + endif + ++COMPATCC ?= $(CROSS_COMPILE_COMPAT)gcc ++export COMPATCC ++ + ifeq ($(CONFIG_GENERIC_COMPAT_VDSO), y) +- CROSS_COMPILE_COMPAT ?= $(CONFIG_CROSS_COMPILE_COMPAT_VDSO:"%"=%) +- +- ifeq ($(CONFIG_CC_IS_CLANG), y) +- $(warning CROSS_COMPILE_COMPAT is clang, the compat vDSO will not be built) +- else ifeq ($(strip $(CROSS_COMPILE_COMPAT)),) +- $(warning CROSS_COMPILE_COMPAT not defined or empty, the compat vDSO will not be built) +- else ifeq ($(shell which $(CROSS_COMPILE_COMPAT)gcc 2> /dev/null),) +- $(error $(CROSS_COMPILE_COMPAT)gcc not found, check CROSS_COMPILE_COMPAT) +- else +- export CROSS_COMPILE_COMPAT +- export CONFIG_COMPAT_VDSO := y +- compat_vdso := -DCONFIG_COMPAT_VDSO=1 +- endif ++ export CONFIG_COMPAT_VDSO := y ++ compat_vdso := -DCONFIG_COMPAT_VDSO=1 + endif + + KBUILD_CFLAGS += -mgeneral-regs-only $(lseinstr) $(brokengasinst) $(compat_vdso) +diff --git a/arch/arm64/kernel/vdso32/Makefile b/arch/arm64/kernel/vdso32/Makefile +index 1fba0776ed40e..19e0d3115ffe0 100644 +--- a/arch/arm64/kernel/vdso32/Makefile ++++ b/arch/arm64/kernel/vdso32/Makefile +@@ -8,8 +8,6 @@ + ARCH_REL_TYPE_ABS := R_ARM_JUMP_SLOT|R_ARM_GLOB_DAT|R_ARM_ABS32 + include $(srctree)/lib/vdso/Makefile + +-COMPATCC := $(CROSS_COMPILE_COMPAT)gcc +- + # Same as cc-*option, but using COMPATCC instead of CC + cc32-option = $(call try-run,\ + $(COMPATCC) $(1) -c -x c /dev/null -o "$$TMP",$(1),$(2)) +-- +2.20.1 + diff --git a/queue-5.3/btrfs-fix-inode-cache-block-reserve-leak-on-failure-.patch b/queue-5.3/btrfs-fix-inode-cache-block-reserve-leak-on-failure-.patch new file mode 100644 index 00000000000..83be6d177ed --- /dev/null +++ b/queue-5.3/btrfs-fix-inode-cache-block-reserve-leak-on-failure-.patch @@ -0,0 +1,237 @@ +From a33d565ab5782dfe1ba4fc984c06a2032f766f86 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Jul 2019 16:24:19 +0100 +Subject: Btrfs: fix inode cache block reserve leak on failure to allocate data + space + +From: Filipe Manana + +[ Upstream commit 29d47d00e0ae61668ee0c5d90bef2893c8abbafa ] + +If we failed to allocate the data extent(s) for the inode space cache, we +were bailing out without releasing the previously reserved metadata. This +was triggering the following warnings when unmounting a filesystem: + + $ cat -n fs/btrfs/inode.c + (...) + 9268 void btrfs_destroy_inode(struct inode *inode) + 9269 { + (...) + 9276 WARN_ON(BTRFS_I(inode)->block_rsv.reserved); + 9277 WARN_ON(BTRFS_I(inode)->block_rsv.size); + (...) + 9281 WARN_ON(BTRFS_I(inode)->csum_bytes); + 9282 WARN_ON(BTRFS_I(inode)->defrag_bytes); + (...) + +Several fstests test cases triggered this often, such as generic/083, +generic/102, generic/172, generic/269 and generic/300 at least, producing +stack traces like the following in dmesg/syslog: + + [82039.079546] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9276 btrfs_destroy_inode+0x203/0x270 [btrfs] + (...) + [82039.081543] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1 + [82039.081912] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 + [82039.082673] RIP: 0010:btrfs_destroy_inode+0x203/0x270 [btrfs] + (...) + [82039.083913] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206 + [82039.084320] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002 + [82039.084736] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660 + [82039.085156] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000 + [82039.085578] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0 + [82039.086000] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000 + [82039.086416] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000 + [82039.086837] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [82039.087253] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0 + [82039.087672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + [82039.088089] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + [82039.088504] Call Trace: + [82039.088918] destroy_inode+0x3b/0x70 + [82039.089340] btrfs_free_fs_root+0x16/0xa0 [btrfs] + [82039.089768] btrfs_free_fs_roots+0xd8/0x160 [btrfs] + [82039.090183] ? wait_for_completion+0x65/0x1a0 + [82039.090607] close_ctree+0x172/0x370 [btrfs] + [82039.091021] generic_shutdown_super+0x6c/0x110 + [82039.091427] kill_anon_super+0xe/0x30 + [82039.091832] btrfs_kill_super+0x12/0xa0 [btrfs] + [82039.092233] deactivate_locked_super+0x3a/0x70 + [82039.092636] cleanup_mnt+0x3b/0x80 + [82039.093039] task_work_run+0x93/0xc0 + [82039.093457] exit_to_usermode_loop+0xfa/0x100 + [82039.093856] do_syscall_64+0x162/0x1d0 + [82039.094244] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [82039.094634] RIP: 0033:0x7f8db8fbab37 + (...) + [82039.095876] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + [82039.096290] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37 + [82039.096700] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240 + [82039.097110] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015 + [82039.097522] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64 + [82039.097937] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0 + [82039.098350] irq event stamp: 0 + [82039.098750] hardirqs last enabled at (0): [<0000000000000000>] 0x0 + [82039.099150] hardirqs last disabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.099545] softirqs last enabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.099925] softirqs last disabled at (0): [<0000000000000000>] 0x0 + [82039.100292] ---[ end trace f2521afa616ddccc ]--- + [82039.100707] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9277 btrfs_destroy_inode+0x1ac/0x270 [btrfs] + (...) + [82039.103050] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1 + [82039.103428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 + [82039.104203] RIP: 0010:btrfs_destroy_inode+0x1ac/0x270 [btrfs] + (...) + [82039.105461] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010206 + [82039.105866] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002 + [82039.106270] RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff8dde29b34660 + [82039.106673] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000 + [82039.107078] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0 + [82039.107487] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000 + [82039.107894] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000 + [82039.108309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [82039.108723] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0 + [82039.109146] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + [82039.109567] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + [82039.109989] Call Trace: + [82039.110405] destroy_inode+0x3b/0x70 + [82039.110830] btrfs_free_fs_root+0x16/0xa0 [btrfs] + [82039.111257] btrfs_free_fs_roots+0xd8/0x160 [btrfs] + [82039.111675] ? wait_for_completion+0x65/0x1a0 + [82039.112101] close_ctree+0x172/0x370 [btrfs] + [82039.112519] generic_shutdown_super+0x6c/0x110 + [82039.112988] kill_anon_super+0xe/0x30 + [82039.113439] btrfs_kill_super+0x12/0xa0 [btrfs] + [82039.113861] deactivate_locked_super+0x3a/0x70 + [82039.114278] cleanup_mnt+0x3b/0x80 + [82039.114685] task_work_run+0x93/0xc0 + [82039.115083] exit_to_usermode_loop+0xfa/0x100 + [82039.115476] do_syscall_64+0x162/0x1d0 + [82039.115863] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [82039.116254] RIP: 0033:0x7f8db8fbab37 + (...) + [82039.117463] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + [82039.117882] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37 + [82039.118330] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240 + [82039.118743] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015 + [82039.119159] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64 + [82039.119574] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0 + [82039.119987] irq event stamp: 0 + [82039.120387] hardirqs last enabled at (0): [<0000000000000000>] 0x0 + [82039.120787] hardirqs last disabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.121182] softirqs last enabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.121563] softirqs last disabled at (0): [<0000000000000000>] 0x0 + [82039.121933] ---[ end trace f2521afa616ddccd ]--- + [82039.122353] WARNING: CPU: 2 PID: 13167 at fs/btrfs/inode.c:9278 btrfs_destroy_inode+0x1bc/0x270 [btrfs] + (...) + [82039.124606] CPU: 2 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1 + [82039.125008] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 + [82039.125801] RIP: 0010:btrfs_destroy_inode+0x1bc/0x270 [btrfs] + (...) + [82039.126998] RSP: 0018:ffffac0b426a7d30 EFLAGS: 00010202 + [82039.127399] RAX: ffff8ddf77691158 RBX: ffff8dde29b34660 RCX: 0000000000000002 + [82039.127803] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8dde29b34660 + [82039.128206] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000 + [82039.128611] R10: ffffac0b426a7c90 R11: ffffffffb9aad768 R12: ffffac0b426a7db0 + [82039.129020] R13: ffff8ddf5fbec0a0 R14: dead000000000100 R15: 0000000000000000 + [82039.129428] FS: 00007f8db96d12c0(0000) GS:ffff8de036b00000(0000) knlGS:0000000000000000 + [82039.129846] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [82039.130261] CR2: 0000000001416108 CR3: 00000002315cc001 CR4: 00000000003606e0 + [82039.130684] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + [82039.131142] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + [82039.131561] Call Trace: + [82039.131990] destroy_inode+0x3b/0x70 + [82039.132417] btrfs_free_fs_root+0x16/0xa0 [btrfs] + [82039.132844] btrfs_free_fs_roots+0xd8/0x160 [btrfs] + [82039.133262] ? wait_for_completion+0x65/0x1a0 + [82039.133688] close_ctree+0x172/0x370 [btrfs] + [82039.134157] generic_shutdown_super+0x6c/0x110 + [82039.134575] kill_anon_super+0xe/0x30 + [82039.134997] btrfs_kill_super+0x12/0xa0 [btrfs] + [82039.135415] deactivate_locked_super+0x3a/0x70 + [82039.135832] cleanup_mnt+0x3b/0x80 + [82039.136239] task_work_run+0x93/0xc0 + [82039.136637] exit_to_usermode_loop+0xfa/0x100 + [82039.137029] do_syscall_64+0x162/0x1d0 + [82039.137418] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [82039.137812] RIP: 0033:0x7f8db8fbab37 + (...) + [82039.139059] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + [82039.139475] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37 + [82039.139890] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240 + [82039.140302] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015 + [82039.140719] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64 + [82039.141138] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0 + [82039.141597] irq event stamp: 0 + [82039.142043] hardirqs last enabled at (0): [<0000000000000000>] 0x0 + [82039.142443] hardirqs last disabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.142839] softirqs last enabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.143220] softirqs last disabled at (0): [<0000000000000000>] 0x0 + [82039.143588] ---[ end trace f2521afa616ddcce ]--- + [82039.167472] WARNING: CPU: 3 PID: 13167 at fs/btrfs/extent-tree.c:10120 btrfs_free_block_groups+0x30d/0x460 [btrfs] + (...) + [82039.173800] CPU: 3 PID: 13167 Comm: umount Tainted: G W 5.2.0-rc4-btrfs-next-50 #1 + [82039.174847] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.2-0-gf9626ccb91-prebuilt.qemu-project.org 04/01/2014 + [82039.177031] RIP: 0010:btrfs_free_block_groups+0x30d/0x460 [btrfs] + (...) + [82039.180397] RSP: 0018:ffffac0b426a7dd8 EFLAGS: 00010206 + [82039.181574] RAX: ffff8de010a1db40 RBX: ffff8de010a1db40 RCX: 0000000000170014 + [82039.182711] RDX: ffff8ddff4380040 RSI: ffff8de010a1da58 RDI: 0000000000000246 + [82039.183817] RBP: ffff8ddf5fbec000 R08: 0000000000000000 R09: 0000000000000000 + [82039.184925] R10: ffff8de036404380 R11: ffffffffb8a5ea00 R12: ffff8de010a1b2b8 + [82039.186090] R13: ffff8de010a1b2b8 R14: 0000000000000000 R15: dead000000000100 + [82039.187208] FS: 00007f8db96d12c0(0000) GS:ffff8de036b80000(0000) knlGS:0000000000000000 + [82039.188345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [82039.189481] CR2: 00007fb044005170 CR3: 00000002315cc006 CR4: 00000000003606e0 + [82039.190674] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + [82039.191829] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + [82039.192978] Call Trace: + [82039.194160] close_ctree+0x19a/0x370 [btrfs] + [82039.195315] generic_shutdown_super+0x6c/0x110 + [82039.196486] kill_anon_super+0xe/0x30 + [82039.197645] btrfs_kill_super+0x12/0xa0 [btrfs] + [82039.198696] deactivate_locked_super+0x3a/0x70 + [82039.199619] cleanup_mnt+0x3b/0x80 + [82039.200559] task_work_run+0x93/0xc0 + [82039.201505] exit_to_usermode_loop+0xfa/0x100 + [82039.202436] do_syscall_64+0x162/0x1d0 + [82039.203339] entry_SYSCALL_64_after_hwframe+0x49/0xbe + [82039.204091] RIP: 0033:0x7f8db8fbab37 + (...) + [82039.206360] RSP: 002b:00007ffdce35b468 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 + [82039.207132] RAX: 0000000000000000 RBX: 0000560d20b00060 RCX: 00007f8db8fbab37 + [82039.207906] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000560d20b00240 + [82039.208621] RBP: 0000560d20b00240 R08: 0000560d20b00270 R09: 0000000000000015 + [82039.209285] R10: 00000000000006b4 R11: 0000000000000246 R12: 00007f8db94bce64 + [82039.209984] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffdce35b6f0 + [82039.210642] irq event stamp: 0 + [82039.211306] hardirqs last enabled at (0): [<0000000000000000>] 0x0 + [82039.211971] hardirqs last disabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.212643] softirqs last enabled at (0): [] copy_process.part.33+0x7f2/0x1f00 + [82039.213304] softirqs last disabled at (0): [<0000000000000000>] 0x0 + [82039.213875] ---[ end trace f2521afa616ddccf ]--- + +Fix this by releasing the reserved metadata on failure to allocate data +extent(s) for the inode cache. + +Fixes: 69fe2d75dd91d0 ("btrfs: make the delalloc block rsv per inode") +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/inode-map.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c +index 2e8bb402050b9..10a73c97f8966 100644 +--- a/fs/btrfs/inode-map.c ++++ b/fs/btrfs/inode-map.c +@@ -485,6 +485,7 @@ again: + prealloc, prealloc, &alloc_hint); + if (ret) { + btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, true); ++ btrfs_delalloc_release_metadata(BTRFS_I(inode), prealloc, true); + goto out_put; + } + +-- +2.20.1 + diff --git a/queue-5.3/btrfs-qgroup-always-free-prealloc-meta-reserve-in-bt.patch b/queue-5.3/btrfs-qgroup-always-free-prealloc-meta-reserve-in-bt.patch new file mode 100644 index 00000000000..e7448db7116 --- /dev/null +++ b/queue-5.3/btrfs-qgroup-always-free-prealloc-meta-reserve-in-bt.patch @@ -0,0 +1,332 @@ +From 97383fcd65a00254e6e9f467ac9ac0e0ae66beda Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Oct 2019 14:34:51 +0800 +Subject: btrfs: qgroup: Always free PREALLOC META reserve in + btrfs_delalloc_release_extents() + +From: Qu Wenruo + +[ Upstream commit 8702ba9396bf7bbae2ab93c94acd4bd37cfa4f09 ] + +[Background] +Btrfs qgroup uses two types of reserved space for METADATA space, +PERTRANS and PREALLOC. + +PERTRANS is metadata space reserved for each transaction started by +btrfs_start_transaction(). +While PREALLOC is for delalloc, where we reserve space before joining a +transaction, and finally it will be converted to PERTRANS after the +writeback is done. + +[Inconsistency] +However there is inconsistency in how we handle PREALLOC metadata space. + +The most obvious one is: +In btrfs_buffered_write(): + btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes, true); + +We always free qgroup PREALLOC meta space. + +While in btrfs_truncate_block(): + btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, (ret != 0)); + +We only free qgroup PREALLOC meta space when something went wrong. + +[The Correct Behavior] +The correct behavior should be the one in btrfs_buffered_write(), we +should always free PREALLOC metadata space. + +The reason is, the btrfs_delalloc_* mechanism works by: +- Reserve metadata first, even it's not necessary + In btrfs_delalloc_reserve_metadata() + +- Free the unused metadata space + Normally in: + btrfs_delalloc_release_extents() + |- btrfs_inode_rsv_release() + Here we do calculation on whether we should release or not. + +E.g. for 64K buffered write, the metadata rsv works like: + +/* The first page */ +reserve_meta: num_bytes=calc_inode_reservations() +free_meta: num_bytes=0 +total: num_bytes=calc_inode_reservations() +/* The first page caused one outstanding extent, thus needs metadata + rsv */ + +/* The 2nd page */ +reserve_meta: num_bytes=calc_inode_reservations() +free_meta: num_bytes=calc_inode_reservations() +total: not changed +/* The 2nd page doesn't cause new outstanding extent, needs no new meta + rsv, so we free what we have reserved */ + +/* The 3rd~16th pages */ +reserve_meta: num_bytes=calc_inode_reservations() +free_meta: num_bytes=calc_inode_reservations() +total: not changed (still space for one outstanding extent) + +This means, if btrfs_delalloc_release_extents() determines to free some +space, then those space should be freed NOW. +So for qgroup, we should call btrfs_qgroup_free_meta_prealloc() other +than btrfs_qgroup_convert_reserved_meta(). + +The good news is: +- The callers are not that hot + The hottest caller is in btrfs_buffered_write(), which is already + fixed by commit 336a8bb8e36a ("btrfs: Fix wrong + btrfs_delalloc_release_extents parameter"). Thus it's not that + easy to cause false EDQUOT. + +- The trans commit in advance for qgroup would hide the bug + Since commit f5fef4593653 ("btrfs: qgroup: Make qgroup async transaction + commit more aggressive"), when btrfs qgroup metadata free space is slow, + it will try to commit transaction and free the wrongly converted + PERTRANS space, so it's not that easy to hit such bug. + +[FIX] +So to fix the problem, remove the @qgroup_free parameter for +btrfs_delalloc_release_extents(), and always pass true to +btrfs_inode_rsv_release(). + +Reported-by: Filipe Manana +Fixes: 43b18595d660 ("btrfs: qgroup: Use separate meta reservation type for delalloc") +CC: stable@vger.kernel.org # 4.19+ +Reviewed-by: Filipe Manana +Signed-off-by: Qu Wenruo +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/ctree.h | 3 +-- + fs/btrfs/delalloc-space.c | 6 ++---- + fs/btrfs/file.c | 7 +++---- + fs/btrfs/inode-map.c | 4 ++-- + fs/btrfs/inode.c | 12 ++++++------ + fs/btrfs/ioctl.c | 6 ++---- + fs/btrfs/relocation.c | 9 ++++----- + 7 files changed, 20 insertions(+), 27 deletions(-) + +diff --git a/fs/btrfs/ctree.h b/fs/btrfs/ctree.h +index e7a1ec075c652..180749080fd85 100644 +--- a/fs/btrfs/ctree.h ++++ b/fs/btrfs/ctree.h +@@ -2758,8 +2758,7 @@ int btrfs_subvolume_reserve_metadata(struct btrfs_root *root, + int nitems, bool use_global_rsv); + void btrfs_subvolume_release_metadata(struct btrfs_fs_info *fs_info, + struct btrfs_block_rsv *rsv); +-void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes, +- bool qgroup_free); ++void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes); + + int btrfs_delalloc_reserve_metadata(struct btrfs_inode *inode, u64 num_bytes); + int btrfs_inc_block_group_ro(struct btrfs_block_group_cache *cache); +diff --git a/fs/btrfs/delalloc-space.c b/fs/btrfs/delalloc-space.c +index 934521fe7e71d..8d2bb28ff5e0e 100644 +--- a/fs/btrfs/delalloc-space.c ++++ b/fs/btrfs/delalloc-space.c +@@ -407,7 +407,6 @@ void btrfs_delalloc_release_metadata(struct btrfs_inode *inode, u64 num_bytes, + * btrfs_delalloc_release_extents - release our outstanding_extents + * @inode: the inode to balance the reservation for. + * @num_bytes: the number of bytes we originally reserved with +- * @qgroup_free: do we need to free qgroup meta reservation or convert them. + * + * When we reserve space we increase outstanding_extents for the extents we may + * add. Once we've set the range as delalloc or created our ordered extents we +@@ -415,8 +414,7 @@ void btrfs_delalloc_release_metadata(struct btrfs_inode *inode, u64 num_bytes, + * temporarily tracked outstanding_extents. This _must_ be used in conjunction + * with btrfs_delalloc_reserve_metadata. + */ +-void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes, +- bool qgroup_free) ++void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes) + { + struct btrfs_fs_info *fs_info = inode->root->fs_info; + unsigned num_extents; +@@ -430,7 +428,7 @@ void btrfs_delalloc_release_extents(struct btrfs_inode *inode, u64 num_bytes, + if (btrfs_is_testing(fs_info)) + return; + +- btrfs_inode_rsv_release(inode, qgroup_free); ++ btrfs_inode_rsv_release(inode, true); + } + + /** +diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c +index d68add0bf3462..a8a2adaf222f4 100644 +--- a/fs/btrfs/file.c ++++ b/fs/btrfs/file.c +@@ -1692,7 +1692,7 @@ again: + force_page_uptodate); + if (ret) { + btrfs_delalloc_release_extents(BTRFS_I(inode), +- reserve_bytes, true); ++ reserve_bytes); + break; + } + +@@ -1704,7 +1704,7 @@ again: + if (extents_locked == -EAGAIN) + goto again; + btrfs_delalloc_release_extents(BTRFS_I(inode), +- reserve_bytes, true); ++ reserve_bytes); + ret = extents_locked; + break; + } +@@ -1772,8 +1772,7 @@ again: + else + free_extent_state(cached_state); + +- btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes, +- true); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), reserve_bytes); + if (ret) { + btrfs_drop_pages(pages, num_pages); + break; +diff --git a/fs/btrfs/inode-map.c b/fs/btrfs/inode-map.c +index 10a73c97f8966..e2f49615c4297 100644 +--- a/fs/btrfs/inode-map.c ++++ b/fs/btrfs/inode-map.c +@@ -484,13 +484,13 @@ again: + ret = btrfs_prealloc_file_range_trans(inode, trans, 0, 0, prealloc, + prealloc, prealloc, &alloc_hint); + if (ret) { +- btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, true); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc); + btrfs_delalloc_release_metadata(BTRFS_I(inode), prealloc, true); + goto out_put; + } + + ret = btrfs_write_out_ino_cache(root, trans, path, inode); +- btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc, false); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), prealloc); + out_put: + iput(inode); + out_release: +diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c +index b3453adb214da..1b85278471f62 100644 +--- a/fs/btrfs/inode.c ++++ b/fs/btrfs/inode.c +@@ -2167,7 +2167,7 @@ again: + + ClearPageChecked(page); + set_page_dirty(page); +- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, false); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE); + out: + unlock_extent_cached(&BTRFS_I(inode)->io_tree, page_start, page_end, + &cached_state); +@@ -4912,7 +4912,7 @@ again: + if (!page) { + btrfs_delalloc_release_space(inode, data_reserved, + block_start, blocksize, true); +- btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, true); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize); + ret = -ENOMEM; + goto out; + } +@@ -4980,7 +4980,7 @@ out_unlock: + if (ret) + btrfs_delalloc_release_space(inode, data_reserved, block_start, + blocksize, true); +- btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize, (ret != 0)); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), blocksize); + unlock_page(page); + put_page(page); + out: +@@ -8685,7 +8685,7 @@ static ssize_t btrfs_direct_IO(struct kiocb *iocb, struct iov_iter *iter) + } else if (ret >= 0 && (size_t)ret < count) + btrfs_delalloc_release_space(inode, data_reserved, + offset, count - (size_t)ret, true); +- btrfs_delalloc_release_extents(BTRFS_I(inode), count, false); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), count); + } + out: + if (wakeup) +@@ -9038,7 +9038,7 @@ again: + unlock_extent_cached(io_tree, page_start, page_end, &cached_state); + + if (!ret2) { +- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, true); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE); + sb_end_pagefault(inode->i_sb); + extent_changeset_free(data_reserved); + return VM_FAULT_LOCKED; +@@ -9047,7 +9047,7 @@ again: + out_unlock: + unlock_page(page); + out: +- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, (ret != 0)); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE); + btrfs_delalloc_release_space(inode, data_reserved, page_start, + reserved_space, (ret != 0)); + out_noreserve: +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index 818f7ec8bb0ee..8dad66df74ed7 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -1360,8 +1360,7 @@ again: + unlock_page(pages[i]); + put_page(pages[i]); + } +- btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT, +- false); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT); + extent_changeset_free(data_reserved); + return i_done; + out: +@@ -1372,8 +1371,7 @@ out: + btrfs_delalloc_release_space(inode, data_reserved, + start_index << PAGE_SHIFT, + page_cnt << PAGE_SHIFT, true); +- btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT, +- true); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), page_cnt << PAGE_SHIFT); + extent_changeset_free(data_reserved); + return ret; + +diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c +index 074947bebd165..572314aebdf11 100644 +--- a/fs/btrfs/relocation.c ++++ b/fs/btrfs/relocation.c +@@ -3277,7 +3277,7 @@ static int relocate_file_extent_cluster(struct inode *inode, + btrfs_delalloc_release_metadata(BTRFS_I(inode), + PAGE_SIZE, true); + btrfs_delalloc_release_extents(BTRFS_I(inode), +- PAGE_SIZE, true); ++ PAGE_SIZE); + ret = -ENOMEM; + goto out; + } +@@ -3298,7 +3298,7 @@ static int relocate_file_extent_cluster(struct inode *inode, + btrfs_delalloc_release_metadata(BTRFS_I(inode), + PAGE_SIZE, true); + btrfs_delalloc_release_extents(BTRFS_I(inode), +- PAGE_SIZE, true); ++ PAGE_SIZE); + ret = -EIO; + goto out; + } +@@ -3327,7 +3327,7 @@ static int relocate_file_extent_cluster(struct inode *inode, + btrfs_delalloc_release_metadata(BTRFS_I(inode), + PAGE_SIZE, true); + btrfs_delalloc_release_extents(BTRFS_I(inode), +- PAGE_SIZE, true); ++ PAGE_SIZE); + + clear_extent_bits(&BTRFS_I(inode)->io_tree, + page_start, page_end, +@@ -3343,8 +3343,7 @@ static int relocate_file_extent_cluster(struct inode *inode, + put_page(page); + + index++; +- btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE, +- false); ++ btrfs_delalloc_release_extents(BTRFS_I(inode), PAGE_SIZE); + balance_dirty_pages_ratelimited(inode->i_mapping); + btrfs_throttle(fs_info); + } +-- +2.20.1 + diff --git a/queue-5.3/btrfs-silence-maybe-uninitialized-warning-in-clone_r.patch b/queue-5.3/btrfs-silence-maybe-uninitialized-warning-in-clone_r.patch new file mode 100644 index 00000000000..35d72ff7211 --- /dev/null +++ b/queue-5.3/btrfs-silence-maybe-uninitialized-warning-in-clone_r.patch @@ -0,0 +1,56 @@ +From 7525c1e17f3beec8a324e2de3608b8609fc14d46 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Sep 2019 12:30:19 +0900 +Subject: btrfs: silence maybe-uninitialized warning in clone_range +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Austin Kim + +[ Upstream commit 431d39887d6273d6d84edf3c2eab09f4200e788a ] + +GCC throws warning message as below: + +‘clone_src_i_size’ may be used uninitialized in this function +[-Wmaybe-uninitialized] + #define IS_ALIGNED(x, a) (((x) & ((typeof(x))(a) - 1)) == 0) + ^ +fs/btrfs/send.c:5088:6: note: ‘clone_src_i_size’ was declared here + u64 clone_src_i_size; + ^ +The clone_src_i_size is only used as call-by-reference +in a call to get_inode_info(). + +Silence the warning by initializing clone_src_i_size to 0. + +Note that the warning is a false positive and reported by older versions +of GCC (eg. 7.x) but not eg 9.x. As there have been numerous people, the +patch is applied. Setting clone_src_i_size to 0 does not otherwise make +sense and would not do any action in case the code changes in the future. + +Signed-off-by: Austin Kim +Reviewed-by: David Sterba +[ add note ] +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/send.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c +index c3c0c064c25da..91c702b4cae9d 100644 +--- a/fs/btrfs/send.c ++++ b/fs/btrfs/send.c +@@ -5070,7 +5070,7 @@ static int clone_range(struct send_ctx *sctx, + struct btrfs_path *path; + struct btrfs_key key; + int ret; +- u64 clone_src_i_size; ++ u64 clone_src_i_size = 0; + + /* + * Prevent cloning from a zero offset with a length matching the sector +-- +2.20.1 + diff --git a/queue-5.3/dm-snapshot-introduce-account_start_copy-and-account.patch b/queue-5.3/dm-snapshot-introduce-account_start_copy-and-account.patch new file mode 100644 index 00000000000..f9d16be2ce8 --- /dev/null +++ b/queue-5.3/dm-snapshot-introduce-account_start_copy-and-account.patch @@ -0,0 +1,91 @@ +From c92060628669f9fe2a77e32eab40a308414eacfb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 06:14:17 -0400 +Subject: dm snapshot: introduce account_start_copy() and account_end_copy() + +From: Mikulas Patocka + +[ Upstream commit a2f83e8b0c82c9500421a26c49eb198b25fcdea3 ] + +This simple refactoring moves code for modifying the semaphore cow_count +into separate functions to prepare for changes that will extend these +methods to provide for a more sophisticated mechanism for COW +throttling. + +Signed-off-by: Mikulas Patocka +Reviewed-by: Nikos Tsironis +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-snap.c | 20 +++++++++++++++----- + 1 file changed, 15 insertions(+), 5 deletions(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index f150f5c5492b9..da3bd1794ee05 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -1512,6 +1512,16 @@ static void snapshot_dtr(struct dm_target *ti) + kfree(s); + } + ++static void account_start_copy(struct dm_snapshot *s) ++{ ++ down(&s->cow_count); ++} ++ ++static void account_end_copy(struct dm_snapshot *s) ++{ ++ up(&s->cow_count); ++} ++ + /* + * Flush a list of buffers. + */ +@@ -1732,7 +1742,7 @@ static void copy_callback(int read_err, unsigned long write_err, void *context) + rb_link_node(&pe->out_of_order_node, parent, p); + rb_insert_color(&pe->out_of_order_node, &s->out_of_order_tree); + } +- up(&s->cow_count); ++ account_end_copy(s); + } + + /* +@@ -1756,7 +1766,7 @@ static void start_copy(struct dm_snap_pending_exception *pe) + dest.count = src.count; + + /* Hand over to kcopyd */ +- down(&s->cow_count); ++ account_start_copy(s); + dm_kcopyd_copy(s->kcopyd_client, &src, 1, &dest, 0, copy_callback, pe); + } + +@@ -1776,7 +1786,7 @@ static void start_full_bio(struct dm_snap_pending_exception *pe, + pe->full_bio = bio; + pe->full_bio_end_io = bio->bi_end_io; + +- down(&s->cow_count); ++ account_start_copy(s); + callback_data = dm_kcopyd_prepare_callback(s->kcopyd_client, + copy_callback, pe); + +@@ -1866,7 +1876,7 @@ static void zero_callback(int read_err, unsigned long write_err, void *context) + struct bio *bio = context; + struct dm_snapshot *s = bio->bi_private; + +- up(&s->cow_count); ++ account_end_copy(s); + bio->bi_status = write_err ? BLK_STS_IOERR : 0; + bio_endio(bio); + } +@@ -1880,7 +1890,7 @@ static void zero_exception(struct dm_snapshot *s, struct dm_exception *e, + dest.sector = bio->bi_iter.bi_sector; + dest.count = s->store->chunk_size; + +- down(&s->cow_count); ++ account_start_copy(s); + WARN_ON_ONCE(bio->bi_private); + bio->bi_private = s; + dm_kcopyd_zero(s->kcopyd_client, 1, &dest, 0, zero_callback, bio); +-- +2.20.1 + diff --git a/queue-5.3/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch b/queue-5.3/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch new file mode 100644 index 00000000000..0894d4a9e0c --- /dev/null +++ b/queue-5.3/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch @@ -0,0 +1,244 @@ +From e89ce656306dba9fab02d8452fbf95dd78b5be09 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 06:15:53 -0400 +Subject: dm snapshot: rework COW throttling to fix deadlock + +From: Mikulas Patocka + +[ Upstream commit b21555786f18cd77f2311ad89074533109ae3ffa ] + +Commit 721b1d98fb517a ("dm snapshot: Fix excessive memory usage and +workqueue stalls") introduced a semaphore to limit the maximum number of +in-flight kcopyd (COW) jobs. + +The implementation of this throttling mechanism is prone to a deadlock: + +1. One or more threads write to the origin device causing COW, which is + performed by kcopyd. + +2. At some point some of these threads might reach the s->cow_count + semaphore limit and block in down(&s->cow_count), holding a read lock + on _origins_lock. + +3. Someone tries to acquire a write lock on _origins_lock, e.g., + snapshot_ctr(), which blocks because the threads at step (2) already + hold a read lock on it. + +4. A COW operation completes and kcopyd runs dm-snapshot's completion + callback, which ends up calling pending_complete(). + pending_complete() tries to resubmit any deferred origin bios. This + requires acquiring a read lock on _origins_lock, which blocks. + + This happens because the read-write semaphore implementation gives + priority to writers, meaning that as soon as a writer tries to enter + the critical section, no readers will be allowed in, until all + writers have completed their work. + + So, pending_complete() waits for the writer at step (3) to acquire + and release the lock. This writer waits for the readers at step (2) + to release the read lock and those readers wait for + pending_complete() (the kcopyd thread) to signal the s->cow_count + semaphore: DEADLOCK. + +The above was thoroughly analyzed and documented by Nikos Tsironis as +part of his initial proposal for fixing this deadlock, see: +https://www.redhat.com/archives/dm-devel/2019-October/msg00001.html + +Fix this deadlock by reworking COW throttling so that it waits without +holding any locks. Add a variable 'in_progress' that counts how many +kcopyd jobs are running. A function wait_for_in_progress() will sleep if +'in_progress' is over the limit. It drops _origins_lock in order to +avoid the deadlock. + +Reported-by: Guruswamy Basavaiah +Reported-by: Nikos Tsironis +Reviewed-by: Nikos Tsironis +Tested-by: Nikos Tsironis +Fixes: 721b1d98fb51 ("dm snapshot: Fix excessive memory usage and workqueue stalls") +Cc: stable@vger.kernel.org # v5.0+ +Depends-on: 4a3f111a73a8c ("dm snapshot: introduce account_start_copy() and account_end_copy()") +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-snap.c | 78 ++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 64 insertions(+), 14 deletions(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index da3bd1794ee05..4fb1a40e68a08 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -18,7 +18,6 @@ + #include + #include + #include +-#include + + #include "dm.h" + +@@ -107,8 +106,8 @@ struct dm_snapshot { + /* The on disk metadata handler */ + struct dm_exception_store *store; + +- /* Maximum number of in-flight COW jobs. */ +- struct semaphore cow_count; ++ unsigned in_progress; ++ struct wait_queue_head in_progress_wait; + + struct dm_kcopyd_client *kcopyd_client; + +@@ -162,8 +161,8 @@ struct dm_snapshot { + */ + #define DEFAULT_COW_THRESHOLD 2048 + +-static int cow_threshold = DEFAULT_COW_THRESHOLD; +-module_param_named(snapshot_cow_threshold, cow_threshold, int, 0644); ++static unsigned cow_threshold = DEFAULT_COW_THRESHOLD; ++module_param_named(snapshot_cow_threshold, cow_threshold, uint, 0644); + MODULE_PARM_DESC(snapshot_cow_threshold, "Maximum number of chunks being copied on write"); + + DECLARE_DM_KCOPYD_THROTTLE_WITH_MODULE_PARM(snapshot_copy_throttle, +@@ -1327,7 +1326,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + goto bad_hash_tables; + } + +- sema_init(&s->cow_count, (cow_threshold > 0) ? cow_threshold : INT_MAX); ++ init_waitqueue_head(&s->in_progress_wait); + + s->kcopyd_client = dm_kcopyd_client_create(&dm_kcopyd_throttle); + if (IS_ERR(s->kcopyd_client)) { +@@ -1509,17 +1508,54 @@ static void snapshot_dtr(struct dm_target *ti) + + dm_put_device(ti, s->origin); + ++ WARN_ON(s->in_progress); ++ + kfree(s); + } + + static void account_start_copy(struct dm_snapshot *s) + { +- down(&s->cow_count); ++ spin_lock(&s->in_progress_wait.lock); ++ s->in_progress++; ++ spin_unlock(&s->in_progress_wait.lock); + } + + static void account_end_copy(struct dm_snapshot *s) + { +- up(&s->cow_count); ++ spin_lock(&s->in_progress_wait.lock); ++ BUG_ON(!s->in_progress); ++ s->in_progress--; ++ if (likely(s->in_progress <= cow_threshold) && ++ unlikely(waitqueue_active(&s->in_progress_wait))) ++ wake_up_locked(&s->in_progress_wait); ++ spin_unlock(&s->in_progress_wait.lock); ++} ++ ++static bool wait_for_in_progress(struct dm_snapshot *s, bool unlock_origins) ++{ ++ if (unlikely(s->in_progress > cow_threshold)) { ++ spin_lock(&s->in_progress_wait.lock); ++ if (likely(s->in_progress > cow_threshold)) { ++ /* ++ * NOTE: this throttle doesn't account for whether ++ * the caller is servicing an IO that will trigger a COW ++ * so excess throttling may result for chunks not required ++ * to be COW'd. But if cow_threshold was reached, extra ++ * throttling is unlikely to negatively impact performance. ++ */ ++ DECLARE_WAITQUEUE(wait, current); ++ __add_wait_queue(&s->in_progress_wait, &wait); ++ __set_current_state(TASK_UNINTERRUPTIBLE); ++ spin_unlock(&s->in_progress_wait.lock); ++ if (unlock_origins) ++ up_read(&_origins_lock); ++ io_schedule(); ++ remove_wait_queue(&s->in_progress_wait, &wait); ++ return false; ++ } ++ spin_unlock(&s->in_progress_wait.lock); ++ } ++ return true; + } + + /* +@@ -1537,7 +1573,7 @@ static void flush_bios(struct bio *bio) + } + } + +-static int do_origin(struct dm_dev *origin, struct bio *bio); ++static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit); + + /* + * Flush a list of buffers. +@@ -1550,7 +1586,7 @@ static void retry_origin_bios(struct dm_snapshot *s, struct bio *bio) + while (bio) { + n = bio->bi_next; + bio->bi_next = NULL; +- r = do_origin(s->origin, bio); ++ r = do_origin(s->origin, bio, false); + if (r == DM_MAPIO_REMAPPED) + generic_make_request(bio); + bio = n; +@@ -1926,6 +1962,11 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + if (!s->valid) + return DM_MAPIO_KILL; + ++ if (bio_data_dir(bio) == WRITE) { ++ while (unlikely(!wait_for_in_progress(s, false))) ++ ; /* wait_for_in_progress() has slept */ ++ } ++ + down_read(&s->lock); + dm_exception_table_lock(&lock); + +@@ -2122,7 +2163,7 @@ redirect_to_origin: + + if (bio_data_dir(bio) == WRITE) { + up_write(&s->lock); +- return do_origin(s->origin, bio); ++ return do_origin(s->origin, bio, false); + } + + out_unlock: +@@ -2497,15 +2538,24 @@ next_snapshot: + /* + * Called on a write from the origin driver. + */ +-static int do_origin(struct dm_dev *origin, struct bio *bio) ++static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit) + { + struct origin *o; + int r = DM_MAPIO_REMAPPED; + ++again: + down_read(&_origins_lock); + o = __lookup_origin(origin->bdev); +- if (o) ++ if (o) { ++ if (limit) { ++ struct dm_snapshot *s; ++ list_for_each_entry(s, &o->snapshots, list) ++ if (unlikely(!wait_for_in_progress(s, true))) ++ goto again; ++ } ++ + r = __origin_write(&o->snapshots, bio->bi_iter.bi_sector, bio); ++ } + up_read(&_origins_lock); + + return r; +@@ -2618,7 +2668,7 @@ static int origin_map(struct dm_target *ti, struct bio *bio) + dm_accept_partial_bio(bio, available_sectors); + + /* Only tell snapshots if this is a write */ +- return do_origin(o->dev, bio); ++ return do_origin(o->dev, bio, true); + } + + /* +-- +2.20.1 + diff --git a/queue-5.3/drm-amdgpu-fix-memory-leak.patch b/queue-5.3/drm-amdgpu-fix-memory-leak.patch new file mode 100644 index 00000000000..e97cdcc7f9e --- /dev/null +++ b/queue-5.3/drm-amdgpu-fix-memory-leak.patch @@ -0,0 +1,74 @@ +From ba30f27176440b5010d47ccde1ef507a51a83fff Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 11:53:37 +0200 +Subject: drm/amdgpu: fix memory leak +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nirmoy Das + +[ Upstream commit 083164dbdb17c5ea4ad92c1782b59c9d75567790 ] + +cleanup error handling code and make sure temporary info array +with the handles are freed by amdgpu_bo_list_put() on +idr_replace()'s failure. + +Signed-off-by: Nirmoy Das +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c +index 7bcf86c619995..61e38e43ad1d5 100644 +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c +@@ -270,7 +270,7 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data, + + r = amdgpu_bo_create_list_entry_array(&args->in, &info); + if (r) +- goto error_free; ++ return r; + + switch (args->in.operation) { + case AMDGPU_BO_LIST_OP_CREATE: +@@ -283,8 +283,7 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data, + r = idr_alloc(&fpriv->bo_list_handles, list, 1, 0, GFP_KERNEL); + mutex_unlock(&fpriv->bo_list_lock); + if (r < 0) { +- amdgpu_bo_list_put(list); +- return r; ++ goto error_put_list; + } + + handle = r; +@@ -306,9 +305,8 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data, + mutex_unlock(&fpriv->bo_list_lock); + + if (IS_ERR(old)) { +- amdgpu_bo_list_put(list); + r = PTR_ERR(old); +- goto error_free; ++ goto error_put_list; + } + + amdgpu_bo_list_put(old); +@@ -325,8 +323,10 @@ int amdgpu_bo_list_ioctl(struct drm_device *dev, void *data, + + return 0; + ++error_put_list: ++ amdgpu_bo_list_put(list); ++ + error_free: +- if (info) +- kvfree(info); ++ kvfree(info); + return r; + } +-- +2.20.1 + diff --git a/queue-5.3/efi-cper-fix-endianness-of-pcie-class-code.patch b/queue-5.3/efi-cper-fix-endianness-of-pcie-class-code.patch new file mode 100644 index 00000000000..431b63beedf --- /dev/null +++ b/queue-5.3/efi-cper-fix-endianness-of-pcie-class-code.patch @@ -0,0 +1,61 @@ +From 4b50d02df8140693871466c88304cb47e5cb265d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 18:58:58 +0200 +Subject: efi/cper: Fix endianness of PCIe class code + +From: Lukas Wunner + +[ Upstream commit 6fb9367a15d1a126d222d738b2702c7958594a5f ] + +The CPER parser assumes that the class code is big endian, but at least +on this edk2-derived Intel Purley platform it's little endian: + + efi: EFI v2.50 by EDK II BIOS ID:PLYDCRB1.86B.0119.R05.1701181843 + DMI: Intel Corporation PURLEY/PURLEY, BIOS PLYDCRB1.86B.0119.R05.1701181843 01/18/2017 + + {1}[Hardware Error]: device_id: 0000:5d:00.0 + {1}[Hardware Error]: slot: 0 + {1}[Hardware Error]: secondary_bus: 0x5e + {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2030 + {1}[Hardware Error]: class_code: 000406 + ^^^^^^ (should be 060400) + +Signed-off-by: Lukas Wunner +Signed-off-by: Ard Biesheuvel +Cc: Ben Dooks +Cc: Dave Young +Cc: Jarkko Sakkinen +Cc: Jerry Snitselaar +Cc: Linus Torvalds +Cc: Lyude Paul +Cc: Matthew Garrett +Cc: Octavian Purdila +Cc: Peter Jones +Cc: Peter Zijlstra +Cc: Scott Talbert +Cc: Thomas Gleixner +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Link: https://lkml.kernel.org/r/20191002165904.8819-2-ard.biesheuvel@linaro.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/cper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c +index addf0749dd8b6..b1af0de2e1008 100644 +--- a/drivers/firmware/efi/cper.c ++++ b/drivers/firmware/efi/cper.c +@@ -381,7 +381,7 @@ static void cper_print_pcie(const char *pfx, const struct cper_sec_pcie *pcie, + printk("%s""vendor_id: 0x%04x, device_id: 0x%04x\n", pfx, + pcie->device_id.vendor_id, pcie->device_id.device_id); + p = pcie->device_id.class_code; +- printk("%s""class_code: %02x%02x%02x\n", pfx, p[0], p[1], p[2]); ++ printk("%s""class_code: %02x%02x%02x\n", pfx, p[2], p[1], p[0]); + } + if (pcie->validation_bits & CPER_PCIE_VALID_SERIAL_NUMBER) + printk("%s""serial number: 0x%04x, 0x%04x\n", pfx, +-- +2.20.1 + diff --git a/queue-5.3/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch b/queue-5.3/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch new file mode 100644 index 00000000000..9f230211c2c --- /dev/null +++ b/queue-5.3/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch @@ -0,0 +1,61 @@ +From 163456fc9ef0470ee7c441236f2118bce788a1c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 18:59:04 +0200 +Subject: efi/x86: Do not clean dummy variable in kexec path + +From: Dave Young + +[ Upstream commit 2ecb7402cfc7f22764e7bbc80790e66eadb20560 ] + +kexec reboot fails randomly in UEFI based KVM guest. The firmware +just resets while calling efi_delete_dummy_variable(); Unfortunately +I don't know how to debug the firmware, it is also possible a potential +problem on real hardware as well although nobody reproduced it. + +The intention of the efi_delete_dummy_variable is to trigger garbage collection +when entering virtual mode. But SetVirtualAddressMap can only run once +for each physical reboot, thus kexec_enter_virtual_mode() is not necessarily +a good place to clean a dummy object. + +Drop the efi_delete_dummy_variable so that kexec reboot can work. + +Signed-off-by: Dave Young +Signed-off-by: Ard Biesheuvel +Acked-by: Matthew Garrett +Cc: Ben Dooks +Cc: Jarkko Sakkinen +Cc: Jerry Snitselaar +Cc: Linus Torvalds +Cc: Lukas Wunner +Cc: Lyude Paul +Cc: Octavian Purdila +Cc: Peter Jones +Cc: Peter Zijlstra +Cc: Scott Talbert +Cc: Thomas Gleixner +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Link: https://lkml.kernel.org/r/20191002165904.8819-8-ard.biesheuvel@linaro.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/platform/efi/efi.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index a7189a3b4d70f..3304f61538a26 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -894,9 +894,6 @@ static void __init kexec_enter_virtual_mode(void) + + if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX)) + runtime_code_page_mkexec(); +- +- /* clean DUMMY object */ +- efi_delete_dummy_variable(); + #endif + } + +-- +2.20.1 + diff --git a/queue-5.3/fs-cifs-mute-wunused-const-variable-message.patch b/queue-5.3/fs-cifs-mute-wunused-const-variable-message.patch new file mode 100644 index 00000000000..c5b69464b36 --- /dev/null +++ b/queue-5.3/fs-cifs-mute-wunused-const-variable-message.patch @@ -0,0 +1,43 @@ +From f56bf5ffe3b7301dc696fe802ee67c35eb64e2af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 16:34:13 +0900 +Subject: fs: cifs: mute -Wunused-const-variable message + +From: Austin Kim + +[ Upstream commit dd19c106a36690b47bb1acc68372f2b472b495b8 ] + +After 'Initial git repository build' commit, +'mapping_table_ERRHRD' variable has not been used. + +So 'mapping_table_ERRHRD' const variable could be removed +to mute below warning message: + + fs/cifs/netmisc.c:120:40: warning: unused variable 'mapping_table_ERRHRD' [-Wunused-const-variable] + static const struct smb_to_posix_error mapping_table_ERRHRD[] = { + ^ +Signed-off-by: Austin Kim +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/netmisc.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c +index ed92958e842d3..657f409d4de06 100644 +--- a/fs/cifs/netmisc.c ++++ b/fs/cifs/netmisc.c +@@ -117,10 +117,6 @@ static const struct smb_to_posix_error mapping_table_ERRSRV[] = { + {0, 0} + }; + +-static const struct smb_to_posix_error mapping_table_ERRHRD[] = { +- {0, 0} +-}; +- + /* + * Convert a string containing text IPv4 or IPv6 address to binary form. + * +-- +2.20.1 + diff --git a/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch b/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch new file mode 100644 index 00000000000..658d7460943 --- /dev/null +++ b/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch @@ -0,0 +1,60 @@ +From 28ed5bacd805458cd2315df327009c051f027250 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:54 -0700 +Subject: fs: ocfs2: fix a possible null-pointer dereference in + ocfs2_write_end_nolock() + +From: Jia-Ju Bai + +[ Upstream commit 583fee3e12df0e6f1f66f063b989d8e7fed0e65a ] + +In ocfs2_write_end_nolock(), there are an if statement on lines 1976, +2047 and 2058, to check whether handle is NULL: + + if (handle) + +When handle is NULL, it is used on line 2045: + + ocfs2_update_inode_fsync_trans(handle, inode, 1); + oi->i_sync_tid = handle->h_transaction->t_tid; + +Thus, a possible null-pointer dereference may occur. + +To fix this bug, handle is checked before calling +ocfs2_update_inode_fsync_trans(). + +This bug is found by a static analysis tool STCheck written by us. + +Link: http://lkml.kernel.org/r/20190726033705.32307-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/aops.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index 3e0a93e799ea1..9b827143a3504 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2042,7 +2042,8 @@ out_write_size: + inode->i_mtime = inode->i_ctime = current_time(inode); + di->i_mtime = di->i_ctime = cpu_to_le64(inode->i_mtime.tv_sec); + di->i_mtime_nsec = di->i_ctime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec); +- ocfs2_update_inode_fsync_trans(handle, inode, 1); ++ if (handle) ++ ocfs2_update_inode_fsync_trans(handle, inode, 1); + } + if (handle) + ocfs2_journal_dirty(handle, wc->w_di_bh); +-- +2.20.1 + diff --git a/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-19879 b/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-19879 new file mode 100644 index 00000000000..2c56324fc1d --- /dev/null +++ b/queue-5.3/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-19879 @@ -0,0 +1,59 @@ +From be436659a4196bac557079a5cd241763ce933b41 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:57 -0700 +Subject: fs: ocfs2: fix a possible null-pointer dereference in + ocfs2_info_scan_inode_alloc() + +From: Jia-Ju Bai + +[ Upstream commit 2abb7d3b12d007c30193f48bebed781009bebdd2 ] + +In ocfs2_info_scan_inode_alloc(), there is an if statement on line 283 +to check whether inode_alloc is NULL: + + if (inode_alloc) + +When inode_alloc is NULL, it is used on line 287: + + ocfs2_inode_lock(inode_alloc, &bh, 0); + ocfs2_inode_lock_full_nested(inode, ...) + struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); + +Thus, a possible null-pointer dereference may occur. + +To fix this bug, inode_alloc is checked on line 286. + +This bug is found by a static analysis tool STCheck written by us. + +Link: http://lkml.kernel.org/r/20190726033717.32359-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c +index d6f7b299eb236..efeea208fdebd 100644 +--- a/fs/ocfs2/ioctl.c ++++ b/fs/ocfs2/ioctl.c +@@ -283,7 +283,7 @@ static int ocfs2_info_scan_inode_alloc(struct ocfs2_super *osb, + if (inode_alloc) + inode_lock(inode_alloc); + +- if (o2info_coherent(&fi->ifi_req)) { ++ if (inode_alloc && o2info_coherent(&fi->ifi_req)) { + status = ocfs2_inode_lock(inode_alloc, &bh, 0); + if (status < 0) { + mlog_errno(status); +-- +2.20.1 + diff --git a/queue-5.3/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch b/queue-5.3/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch new file mode 100644 index 00000000000..af7c2f684ab --- /dev/null +++ b/queue-5.3/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch @@ -0,0 +1,131 @@ +From 84e51ae620f429d7705e9268313ef697260e98fb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:50 -0700 +Subject: fs: ocfs2: fix possible null-pointer dereferences in + ocfs2_xa_prepare_entry() + +From: Jia-Ju Bai + +[ Upstream commit 56e94ea132bb5c2c1d0b60a6aeb34dcb7d71a53d ] + +In ocfs2_xa_prepare_entry(), there is an if statement on line 2136 to +check whether loc->xl_entry is NULL: + + if (loc->xl_entry) + +When loc->xl_entry is NULL, it is used on line 2158: + + ocfs2_xa_add_entry(loc, name_hash); + loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash); + loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size); + +and line 2164: + + ocfs2_xa_add_namevalue(loc, xi); + loc->xl_entry->xe_value_size = cpu_to_le64(xi->xi_value_len); + loc->xl_entry->xe_name_len = xi->xi_name_len; + +Thus, possible null-pointer dereferences may occur. + +To fix these bugs, if loc-xl_entry is NULL, ocfs2_xa_prepare_entry() +abnormally returns with -EINVAL. + +These bugs are found by a static analysis tool STCheck written by us. + +[akpm@linux-foundation.org: remove now-unused ocfs2_xa_add_entry()] +Link: http://lkml.kernel.org/r/20190726101447.9153-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: Stephen Rothwell +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/xattr.c | 56 ++++++++++++++++++++---------------------------- + 1 file changed, 23 insertions(+), 33 deletions(-) + +diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c +index 90c830e3758e2..d8507972ee135 100644 +--- a/fs/ocfs2/xattr.c ++++ b/fs/ocfs2/xattr.c +@@ -1490,18 +1490,6 @@ static int ocfs2_xa_check_space(struct ocfs2_xa_loc *loc, + return loc->xl_ops->xlo_check_space(loc, xi); + } + +-static void ocfs2_xa_add_entry(struct ocfs2_xa_loc *loc, u32 name_hash) +-{ +- loc->xl_ops->xlo_add_entry(loc, name_hash); +- loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash); +- /* +- * We can't leave the new entry's xe_name_offset at zero or +- * add_namevalue() will go nuts. We set it to the size of our +- * storage so that it can never be less than any other entry. +- */ +- loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size); +-} +- + static void ocfs2_xa_add_namevalue(struct ocfs2_xa_loc *loc, + struct ocfs2_xattr_info *xi) + { +@@ -2133,29 +2121,31 @@ static int ocfs2_xa_prepare_entry(struct ocfs2_xa_loc *loc, + if (rc) + goto out; + +- if (loc->xl_entry) { +- if (ocfs2_xa_can_reuse_entry(loc, xi)) { +- orig_value_size = loc->xl_entry->xe_value_size; +- rc = ocfs2_xa_reuse_entry(loc, xi, ctxt); +- if (rc) +- goto out; +- goto alloc_value; +- } ++ if (!loc->xl_entry) { ++ rc = -EINVAL; ++ goto out; ++ } + +- if (!ocfs2_xattr_is_local(loc->xl_entry)) { +- orig_clusters = ocfs2_xa_value_clusters(loc); +- rc = ocfs2_xa_value_truncate(loc, 0, ctxt); +- if (rc) { +- mlog_errno(rc); +- ocfs2_xa_cleanup_value_truncate(loc, +- "overwriting", +- orig_clusters); +- goto out; +- } ++ if (ocfs2_xa_can_reuse_entry(loc, xi)) { ++ orig_value_size = loc->xl_entry->xe_value_size; ++ rc = ocfs2_xa_reuse_entry(loc, xi, ctxt); ++ if (rc) ++ goto out; ++ goto alloc_value; ++ } ++ ++ if (!ocfs2_xattr_is_local(loc->xl_entry)) { ++ orig_clusters = ocfs2_xa_value_clusters(loc); ++ rc = ocfs2_xa_value_truncate(loc, 0, ctxt); ++ if (rc) { ++ mlog_errno(rc); ++ ocfs2_xa_cleanup_value_truncate(loc, ++ "overwriting", ++ orig_clusters); ++ goto out; + } +- ocfs2_xa_wipe_namevalue(loc); +- } else +- ocfs2_xa_add_entry(loc, name_hash); ++ } ++ ocfs2_xa_wipe_namevalue(loc); + + /* + * If we get here, we have a blank entry. Fill it. We grow our +-- +2.20.1 + diff --git a/queue-5.3/gpio-max77620-use-correct-unit-for-debounce-times.patch b/queue-5.3/gpio-max77620-use-correct-unit-for-debounce-times.patch new file mode 100644 index 00000000000..28aae5083ad --- /dev/null +++ b/queue-5.3/gpio-max77620-use-correct-unit-for-debounce-times.patch @@ -0,0 +1,45 @@ +From 2b388607b5254e3ea2f94489c11ec93b3256a872 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 14:28:23 +0200 +Subject: gpio: max77620: Use correct unit for debounce times + +From: Thierry Reding + +[ Upstream commit fffa6af94894126994a7600c6f6f09b892e89fa9 ] + +The gpiod_set_debounce() function takes the debounce time in +microseconds. Adjust the switch/case values in the MAX77620 GPIO to use +the correct unit. + +Signed-off-by: Thierry Reding +Link: https://lore.kernel.org/r/20191002122825.3948322-1-thierry.reding@gmail.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-max77620.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpio/gpio-max77620.c b/drivers/gpio/gpio-max77620.c +index b7d89e30131e2..06e8caaafa811 100644 +--- a/drivers/gpio/gpio-max77620.c ++++ b/drivers/gpio/gpio-max77620.c +@@ -192,13 +192,13 @@ static int max77620_gpio_set_debounce(struct max77620_gpio *mgpio, + case 0: + val = MAX77620_CNFG_GPIO_DBNC_None; + break; +- case 1 ... 8: ++ case 1000 ... 8000: + val = MAX77620_CNFG_GPIO_DBNC_8ms; + break; +- case 9 ... 16: ++ case 9000 ... 16000: + val = MAX77620_CNFG_GPIO_DBNC_16ms; + break; +- case 17 ... 32: ++ case 17000 ... 32000: + val = MAX77620_CNFG_GPIO_DBNC_32ms; + break; + default: +-- +2.20.1 + diff --git a/queue-5.3/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch b/queue-5.3/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch new file mode 100644 index 00000000000..64c5213160e --- /dev/null +++ b/queue-5.3/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch @@ -0,0 +1,99 @@ +From 775a63b666a7c82704fde781929a2fb3575b86e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Aug 2019 02:56:34 +0000 +Subject: HID: hyperv: Use in-place iterator API in the channel callback + +From: Dexuan Cui + +[ Upstream commit 6a297c90efa68b2864483193b8bfb0d19478600c ] + +Simplify the ring buffer handling with the in-place API. + +Also avoid the dynamic allocation and the memory leak in the channel +callback function. + +Signed-off-by: Dexuan Cui +Acked-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-hyperv.c | 56 +++++++--------------------------------- + 1 file changed, 10 insertions(+), 46 deletions(-) + +diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c +index 7795831d37c21..f363163200759 100644 +--- a/drivers/hid/hid-hyperv.c ++++ b/drivers/hid/hid-hyperv.c +@@ -314,60 +314,24 @@ static void mousevsc_on_receive(struct hv_device *device, + + static void mousevsc_on_channel_callback(void *context) + { +- const int packet_size = 0x100; +- int ret; + struct hv_device *device = context; +- u32 bytes_recvd; +- u64 req_id; + struct vmpacket_descriptor *desc; +- unsigned char *buffer; +- int bufferlen = packet_size; +- +- buffer = kmalloc(bufferlen, GFP_ATOMIC); +- if (!buffer) +- return; +- +- do { +- ret = vmbus_recvpacket_raw(device->channel, buffer, +- bufferlen, &bytes_recvd, &req_id); +- +- switch (ret) { +- case 0: +- if (bytes_recvd <= 0) { +- kfree(buffer); +- return; +- } +- desc = (struct vmpacket_descriptor *)buffer; +- +- switch (desc->type) { +- case VM_PKT_COMP: +- break; +- +- case VM_PKT_DATA_INBAND: +- mousevsc_on_receive(device, desc); +- break; +- +- default: +- pr_err("unhandled packet type %d, tid %llx len %d\n", +- desc->type, req_id, bytes_recvd); +- break; +- } + ++ foreach_vmbus_pkt(desc, device->channel) { ++ switch (desc->type) { ++ case VM_PKT_COMP: + break; + +- case -ENOBUFS: +- kfree(buffer); +- /* Handle large packet */ +- bufferlen = bytes_recvd; +- buffer = kmalloc(bytes_recvd, GFP_ATOMIC); +- +- if (!buffer) +- return; ++ case VM_PKT_DATA_INBAND: ++ mousevsc_on_receive(device, desc); ++ break; + ++ default: ++ pr_err("Unhandled packet type %d, tid %llx len %d\n", ++ desc->type, desc->trans_id, desc->len8 * 8); + break; + } +- } while (1); +- ++ } + } + + static int mousevsc_connect_to_vsp(struct hv_device *device) +-- +2.20.1 + diff --git a/queue-5.3/iio-adc-meson_saradc-fix-memory-allocation-order.patch b/queue-5.3/iio-adc-meson_saradc-fix-memory-allocation-order.patch new file mode 100644 index 00000000000..93c02a2c1d8 --- /dev/null +++ b/queue-5.3/iio-adc-meson_saradc-fix-memory-allocation-order.patch @@ -0,0 +1,60 @@ +From 615f90e75f961343ea9170b5135c49efe389beee Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 1 Sep 2019 12:54:10 +0200 +Subject: iio: adc: meson_saradc: Fix memory allocation order + +From: Remi Pommarel + +[ Upstream commit de10ac47597e7a3596b27631d0d5ce5f48d2c099 ] + +meson_saradc's irq handler uses priv->regmap so make sure that it is +allocated before the irq get enabled. + +This also fixes crash when CONFIG_DEBUG_SHIRQ is enabled, as device +managed resources are freed in the inverted order they had been +allocated, priv->regmap was freed before the spurious fake irq that +CONFIG_DEBUG_SHIRQ adds called the handler. + +Fixes: 3af109131b7eb8 ("iio: adc: meson-saradc: switch from polling to interrupt mode") +Reported-by: Elie Roudninski +Signed-off-by: Remi Pommarel +Reviewed-by: Martin Blumenstingl +Tested-by: Elie ROUDNINSKI +Reviewed-by: Kevin Hilman +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/adc/meson_saradc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/iio/adc/meson_saradc.c b/drivers/iio/adc/meson_saradc.c +index 7b28d045d2719..7b27306330a35 100644 +--- a/drivers/iio/adc/meson_saradc.c ++++ b/drivers/iio/adc/meson_saradc.c +@@ -1219,6 +1219,11 @@ static int meson_sar_adc_probe(struct platform_device *pdev) + if (IS_ERR(base)) + return PTR_ERR(base); + ++ priv->regmap = devm_regmap_init_mmio(&pdev->dev, base, ++ priv->param->regmap_config); ++ if (IS_ERR(priv->regmap)) ++ return PTR_ERR(priv->regmap); ++ + irq = irq_of_parse_and_map(pdev->dev.of_node, 0); + if (!irq) + return -EINVAL; +@@ -1228,11 +1233,6 @@ static int meson_sar_adc_probe(struct platform_device *pdev) + if (ret) + return ret; + +- priv->regmap = devm_regmap_init_mmio(&pdev->dev, base, +- priv->param->regmap_config); +- if (IS_ERR(priv->regmap)) +- return PTR_ERR(priv->regmap); +- + priv->clkin = devm_clk_get(&pdev->dev, "clkin"); + if (IS_ERR(priv->clkin)) { + dev_err(&pdev->dev, "failed to get clkin\n"); +-- +2.20.1 + diff --git a/queue-5.3/iio-fix-center-temperature-of-bmc150-accel-core.patch b/queue-5.3/iio-fix-center-temperature-of-bmc150-accel-core.patch new file mode 100644 index 00000000000..e2c5efad7b7 --- /dev/null +++ b/queue-5.3/iio-fix-center-temperature-of-bmc150-accel-core.patch @@ -0,0 +1,39 @@ +From bd6147afbc7644d3a192d6c988c5e1f5603fe966 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2019 07:29:41 +0200 +Subject: iio: fix center temperature of bmc150-accel-core + +From: Pascal Bouwmann + +[ Upstream commit 6c59a962e081df6d8fe43325bbfabec57e0d4751 ] + +The center temperature of the supported devices stored in the constant +BMC150_ACCEL_TEMP_CENTER_VAL is not 24 degrees but 23 degrees. + +It seems that some datasheets were inconsistent on this value leading +to the error. For most usecases will only make minor difference so +not queued for stable. + +Signed-off-by: Pascal Bouwmann +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/accel/bmc150-accel-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c +index cf6c0e3a83d38..121b4e89f038c 100644 +--- a/drivers/iio/accel/bmc150-accel-core.c ++++ b/drivers/iio/accel/bmc150-accel-core.c +@@ -117,7 +117,7 @@ + #define BMC150_ACCEL_SLEEP_1_SEC 0x0F + + #define BMC150_ACCEL_REG_TEMP 0x08 +-#define BMC150_ACCEL_TEMP_CENTER_VAL 24 ++#define BMC150_ACCEL_TEMP_CENTER_VAL 23 + + #define BMC150_ACCEL_AXIS_TO_REG(axis) (BMC150_ACCEL_REG_XOUT_L + (axis * 2)) + #define BMC150_AUTO_SUSPEND_DELAY_MS 2000 +-- +2.20.1 + diff --git a/queue-5.3/iio-imu-adis16400-fix-memory-leak.patch b/queue-5.3/iio-imu-adis16400-fix-memory-leak.patch new file mode 100644 index 00000000000..f99750e3ba9 --- /dev/null +++ b/queue-5.3/iio-imu-adis16400-fix-memory-leak.patch @@ -0,0 +1,40 @@ +From ae520d7305b8430db0f8606613a4febcc308d1d5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 10:56:35 -0500 +Subject: iio: imu: adis16400: fix memory leak + +From: Navid Emamdoost + +[ Upstream commit 9c0530e898f384c5d279bfcebd8bb17af1105873 ] + +In adis_update_scan_mode_burst, if adis->buffer allocation fails release +the adis->xfer. + +Signed-off-by: Navid Emamdoost +Reviewed-by: Alexandru Ardelean +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/imu/adis_buffer.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/iio/imu/adis_buffer.c b/drivers/iio/imu/adis_buffer.c +index f446ff4978091..4998a89d083d5 100644 +--- a/drivers/iio/imu/adis_buffer.c ++++ b/drivers/iio/imu/adis_buffer.c +@@ -35,8 +35,11 @@ static int adis_update_scan_mode_burst(struct iio_dev *indio_dev, + return -ENOMEM; + + adis->buffer = kzalloc(burst_length + sizeof(u16), GFP_KERNEL); +- if (!adis->buffer) ++ if (!adis->buffer) { ++ kfree(adis->xfer); ++ adis->xfer = NULL; + return -ENOMEM; ++ } + + tx = adis->buffer + burst_length; + tx[0] = ADIS_READ_REG(adis->burst->reg_cmd); +-- +2.20.1 + diff --git a/queue-5.3/iio-imu-adis16400-release-allocated-memory-on-failur.patch b/queue-5.3/iio-imu-adis16400-release-allocated-memory-on-failur.patch new file mode 100644 index 00000000000..952a5d2f59f --- /dev/null +++ b/queue-5.3/iio-imu-adis16400-release-allocated-memory-on-failur.patch @@ -0,0 +1,40 @@ +From 29b912645d78aa1e79d8ceb6f74ed256ccb8c1be Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 10:50:02 -0500 +Subject: iio: imu: adis16400: release allocated memory on failure + +From: Navid Emamdoost + +[ Upstream commit ab612b1daf415b62c58e130cb3d0f30b255a14d0 ] + +In adis_update_scan_mode, if allocation for adis->buffer fails, +previously allocated adis->xfer needs to be released. + +Signed-off-by: Navid Emamdoost +Reviewed-by: Alexandru Ardelean +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/imu/adis_buffer.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/iio/imu/adis_buffer.c b/drivers/iio/imu/adis_buffer.c +index 9ac8356d9a954..f446ff4978091 100644 +--- a/drivers/iio/imu/adis_buffer.c ++++ b/drivers/iio/imu/adis_buffer.c +@@ -78,8 +78,11 @@ int adis_update_scan_mode(struct iio_dev *indio_dev, + return -ENOMEM; + + adis->buffer = kcalloc(indio_dev->scan_bytes, 2, GFP_KERNEL); +- if (!adis->buffer) ++ if (!adis->buffer) { ++ kfree(adis->xfer); ++ adis->xfer = NULL; + return -ENOMEM; ++ } + + rx = adis->buffer; + tx = rx + scan_count; +-- +2.20.1 + diff --git a/queue-5.3/iio-imu-st_lsm6dsx-fix-waitime-for-st_lsm6dsx-i2c-co.patch b/queue-5.3/iio-imu-st_lsm6dsx-fix-waitime-for-st_lsm6dsx-i2c-co.patch new file mode 100644 index 00000000000..28245b20c3d --- /dev/null +++ b/queue-5.3/iio-imu-st_lsm6dsx-fix-waitime-for-st_lsm6dsx-i2c-co.patch @@ -0,0 +1,43 @@ +From 0ef787e88c3754246fa46048876b7d6d91566407 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 17 Sep 2019 00:01:29 +0200 +Subject: iio: imu: st_lsm6dsx: fix waitime for st_lsm6dsx i2c controller + +From: Lorenzo Bianconi + +[ Upstream commit fdb828e2c71a09bb9e865f41b015597c5f671705 ] + +i2c controller available in st_lsm6dsx series performs i2c slave +configuration using accel clock as trigger. +st_lsm6dsx_shub_wait_complete routine is used to wait the controller has +carried out the requested configuration. However if the accel sensor is not +enabled we should not use its configured odr to estimate a proper timeout + +Fixes: c91c1c844ebd ("iio: imu: st_lsm6dsx: add i2c embedded controller support") +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c +index 66fbcd94642d4..4c754a02717b3 100644 +--- a/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c ++++ b/drivers/iio/imu/st_lsm6dsx/st_lsm6dsx_shub.c +@@ -92,9 +92,11 @@ static const struct st_lsm6dsx_ext_dev_settings st_lsm6dsx_ext_dev_table[] = { + static void st_lsm6dsx_shub_wait_complete(struct st_lsm6dsx_hw *hw) + { + struct st_lsm6dsx_sensor *sensor; ++ u16 odr; + + sensor = iio_priv(hw->iio_devs[ST_LSM6DSX_ID_ACC]); +- msleep((2000U / sensor->odr) + 1); ++ odr = (hw->enable_mask & BIT(ST_LSM6DSX_ID_ACC)) ? sensor->odr : 13; ++ msleep((2000U / odr) + 1); + } + + /** +-- +2.20.1 + diff --git a/queue-5.3/io_uring-fix-up-o_nonblock-handling-for-sockets.patch b/queue-5.3/io_uring-fix-up-o_nonblock-handling-for-sockets.patch new file mode 100644 index 00000000000..5fcc4d2ea8a --- /dev/null +++ b/queue-5.3/io_uring-fix-up-o_nonblock-handling-for-sockets.patch @@ -0,0 +1,160 @@ +From fd19d7d2bbf33d26d139b6dc4a6c495c44fc7a36 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Oct 2019 09:20:46 -0600 +Subject: io_uring: fix up O_NONBLOCK handling for sockets + +From: Jens Axboe + +[ Upstream commit 491381ce07ca57f68c49c79a8a43da5b60749e32 ] + +We've got two issues with the non-regular file handling for non-blocking +IO: + +1) We don't want to re-do a short read in full for a non-regular file, + as we can't just read the data again. +2) For non-regular files that don't support non-blocking IO attempts, + we need to punt to async context even if the file is opened as + non-blocking. Otherwise the caller always gets -EAGAIN. + +Add two new request flags to handle these cases. One is just a cache +of the inode S_ISREG() status, the other tells io_uring that we always +need to punt this request to async context, even if REQ_F_NOWAIT is set. + +Cc: stable@vger.kernel.org +Reported-by: Hrvoje Zeba +Tested-by: Hrvoje Zeba +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/io_uring.c | 57 +++++++++++++++++++++++++++++++++++---------------- + 1 file changed, 39 insertions(+), 18 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index ed223c33dd898..59925b6583ba0 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -338,6 +338,8 @@ struct io_kiocb { + #define REQ_F_LINK 64 /* linked sqes */ + #define REQ_F_LINK_DONE 128 /* linked sqes done */ + #define REQ_F_FAIL_LINK 256 /* fail rest of links */ ++#define REQ_F_ISREG 2048 /* regular file */ ++#define REQ_F_MUST_PUNT 4096 /* must be punted even for NONBLOCK */ + u64 user_data; + u32 result; + u32 sequence; +@@ -885,26 +887,26 @@ static int io_iopoll_check(struct io_ring_ctx *ctx, unsigned *nr_events, + return ret; + } + +-static void kiocb_end_write(struct kiocb *kiocb) ++static void kiocb_end_write(struct io_kiocb *req) + { +- if (kiocb->ki_flags & IOCB_WRITE) { +- struct inode *inode = file_inode(kiocb->ki_filp); ++ /* ++ * Tell lockdep we inherited freeze protection from submission ++ * thread. ++ */ ++ if (req->flags & REQ_F_ISREG) { ++ struct inode *inode = file_inode(req->file); + +- /* +- * Tell lockdep we inherited freeze protection from submission +- * thread. +- */ +- if (S_ISREG(inode->i_mode)) +- __sb_writers_acquired(inode->i_sb, SB_FREEZE_WRITE); +- file_end_write(kiocb->ki_filp); ++ __sb_writers_acquired(inode->i_sb, SB_FREEZE_WRITE); + } ++ file_end_write(req->file); + } + + static void io_complete_rw(struct kiocb *kiocb, long res, long res2) + { + struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw); + +- kiocb_end_write(kiocb); ++ if (kiocb->ki_flags & IOCB_WRITE) ++ kiocb_end_write(req); + + if ((req->flags & REQ_F_LINK) && res != req->result) + req->flags |= REQ_F_FAIL_LINK; +@@ -916,7 +918,8 @@ static void io_complete_rw_iopoll(struct kiocb *kiocb, long res, long res2) + { + struct io_kiocb *req = container_of(kiocb, struct io_kiocb, rw); + +- kiocb_end_write(kiocb); ++ if (kiocb->ki_flags & IOCB_WRITE) ++ kiocb_end_write(req); + + if ((req->flags & REQ_F_LINK) && res != req->result) + req->flags |= REQ_F_FAIL_LINK; +@@ -1030,8 +1033,17 @@ static int io_prep_rw(struct io_kiocb *req, const struct sqe_submit *s, + if (!req->file) + return -EBADF; + +- if (force_nonblock && !io_file_supports_async(req->file)) +- force_nonblock = false; ++ if (S_ISREG(file_inode(req->file)->i_mode)) ++ req->flags |= REQ_F_ISREG; ++ ++ /* ++ * If the file doesn't support async, mark it as REQ_F_MUST_PUNT so ++ * we know to async punt it even if it was opened O_NONBLOCK ++ */ ++ if (force_nonblock && !io_file_supports_async(req->file)) { ++ req->flags |= REQ_F_MUST_PUNT; ++ return -EAGAIN; ++ } + + kiocb->ki_pos = READ_ONCE(sqe->off); + kiocb->ki_flags = iocb_flags(kiocb->ki_filp); +@@ -1052,7 +1064,8 @@ static int io_prep_rw(struct io_kiocb *req, const struct sqe_submit *s, + return ret; + + /* don't allow async punt if RWF_NOWAIT was requested */ +- if (kiocb->ki_flags & IOCB_NOWAIT) ++ if ((kiocb->ki_flags & IOCB_NOWAIT) || ++ (req->file->f_flags & O_NONBLOCK)) + req->flags |= REQ_F_NOWAIT; + + if (force_nonblock) +@@ -1286,7 +1299,9 @@ static int io_read(struct io_kiocb *req, const struct sqe_submit *s, + * need async punt anyway, so it's more efficient to do it + * here. + */ +- if (force_nonblock && ret2 > 0 && ret2 < read_size) ++ if (force_nonblock && !(req->flags & REQ_F_NOWAIT) && ++ (req->flags & REQ_F_ISREG) && ++ ret2 > 0 && ret2 < read_size) + ret2 = -EAGAIN; + /* Catch -EAGAIN return for forced non-blocking submission */ + if (!force_nonblock || ret2 != -EAGAIN) { +@@ -1353,7 +1368,7 @@ static int io_write(struct io_kiocb *req, const struct sqe_submit *s, + * released so that it doesn't complain about the held lock when + * we return to userspace. + */ +- if (S_ISREG(file_inode(file)->i_mode)) { ++ if (req->flags & REQ_F_ISREG) { + __sb_start_write(file_inode(file)->i_sb, + SB_FREEZE_WRITE, true); + __sb_writers_release(file_inode(file)->i_sb, +@@ -2096,7 +2111,13 @@ static int io_queue_sqe(struct io_ring_ctx *ctx, struct io_kiocb *req, + } + + ret = __io_submit_sqe(ctx, req, s, true); +- if (ret == -EAGAIN && !(req->flags & REQ_F_NOWAIT)) { ++ ++ /* ++ * We async punt it if the file wasn't marked NOWAIT, or if the file ++ * doesn't support non-blocking read/write attempts ++ */ ++ if (ret == -EAGAIN && (!(req->flags & REQ_F_NOWAIT) || ++ (req->flags & REQ_F_MUST_PUNT))) { + struct io_uring_sqe *sqe_copy; + + sqe_copy = kmalloc(sizeof(*sqe_copy), GFP_KERNEL); +-- +2.20.1 + diff --git a/queue-5.3/kselftest-exclude-failed-targets-from-runlist.patch b/queue-5.3/kselftest-exclude-failed-targets-from-runlist.patch new file mode 100644 index 00000000000..d872712e635 --- /dev/null +++ b/queue-5.3/kselftest-exclude-failed-targets-from-runlist.patch @@ -0,0 +1,39 @@ +From c934c25c63be67fee7b66b89a48e680d2ef5ad9c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Sep 2019 18:52:19 +0100 +Subject: kselftest: exclude failed TARGETS from runlist + +From: Cristian Marussi + +[ Upstream commit 131b30c94fbc0adb15f911609884dd39dada8f00 ] + +A TARGET which failed to be built/installed should not be included in the +runlist generated inside the run_kselftest.sh script. + +Signed-off-by: Cristian Marussi +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/Makefile | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile +index 25b43a8c2b159..1779923d7a7b8 100644 +--- a/tools/testing/selftests/Makefile ++++ b/tools/testing/selftests/Makefile +@@ -198,8 +198,12 @@ ifdef INSTALL_PATH + echo " cat /dev/null > \$$logfile" >> $(ALL_SCRIPT) + echo "fi" >> $(ALL_SCRIPT) + ++ @# While building run_kselftest.sh skip also non-existent TARGET dirs: ++ @# they could be the result of a build failure and should NOT be ++ @# included in the generated runlist. + for TARGET in $(TARGETS); do \ + BUILD_TARGET=$$BUILD/$$TARGET; \ ++ [ ! -d $$INSTALL_PATH/$$TARGET ] && echo "Skipping non-existent dir: $$TARGET" && continue; \ + echo "[ -w /dev/kmsg ] && echo \"kselftest: Running tests in $$TARGET\" >> /dev/kmsg" >> $(ALL_SCRIPT); \ + echo "cd $$TARGET" >> $(ALL_SCRIPT); \ + echo -n "run_many" >> $(ALL_SCRIPT); \ +-- +2.20.1 + diff --git a/queue-5.3/libsubcmd-make-_fortify_source-defines-dependent-on-.patch b/queue-5.3/libsubcmd-make-_fortify_source-defines-dependent-on-.patch new file mode 100644 index 00000000000..64215cc8fe1 --- /dev/null +++ b/queue-5.3/libsubcmd-make-_fortify_source-defines-dependent-on-.patch @@ -0,0 +1,52 @@ +From 6e4bf6f6a2591aea20ec30865533cc18c13f9004 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 12:59:23 -0700 +Subject: libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature + +From: Ian Rogers + +[ Upstream commit 4b0b2b096da9d296e0e5668cdfba8613bd6f5bc8 ] + +Unconditionally defining _FORTIFY_SOURCE can break tools that don't work +with it, such as memory sanitizers: + + https://github.com/google/sanitizers/wiki/AddressSanitizer#faq + +Fixes: 4b6ab94eabe4 ("perf subcmd: Create subcmd library") +Signed-off-by: Ian Rogers +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Josh Poimboeuf +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Link: http://lore.kernel.org/lkml/20190925195924.152834-1-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/lib/subcmd/Makefile | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tools/lib/subcmd/Makefile b/tools/lib/subcmd/Makefile +index ed61fb3a46c08..5b2cd5e58df09 100644 +--- a/tools/lib/subcmd/Makefile ++++ b/tools/lib/subcmd/Makefile +@@ -20,7 +20,13 @@ MAKEFLAGS += --no-print-directory + LIBFILE = $(OUTPUT)libsubcmd.a + + CFLAGS := $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) +-CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIC ++CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -fPIC ++ ++ifeq ($(DEBUG),0) ++ ifeq ($(feature-fortify-source), 1) ++ CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 ++ endif ++endif + + ifeq ($(CC_NO_CLANG), 0) + CFLAGS += -O3 +-- +2.20.1 + diff --git a/queue-5.3/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch b/queue-5.3/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch new file mode 100644 index 00000000000..8aed99f02b4 --- /dev/null +++ b/queue-5.3/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch @@ -0,0 +1,38 @@ +From 451bc01da4bbe7258aa4377a4479953bc465d061 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2019 17:10:56 +0200 +Subject: MIPS: fw: sni: Fix out of bounds init of o32 stack + +From: Thomas Bogendoerfer + +[ Upstream commit efcb529694c3b707dc0471b312944337ba16e4dd ] + +Use ARRAY_SIZE to caluculate the top of the o32 stack. + +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/fw/sni/sniprom.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/mips/fw/sni/sniprom.c b/arch/mips/fw/sni/sniprom.c +index 8772617b64cef..80112f2298b68 100644 +--- a/arch/mips/fw/sni/sniprom.c ++++ b/arch/mips/fw/sni/sniprom.c +@@ -43,7 +43,7 @@ + + /* O32 stack has to be 8-byte aligned. */ + static u64 o32_stk[4096]; +-#define O32_STK &o32_stk[sizeof(o32_stk)] ++#define O32_STK (&o32_stk[ARRAY_SIZE(o32_stk)]) + + #define __PROM_O32(fun, arg) fun arg __asm__(#fun); \ + __asm__(#fun " = call_o32") +-- +2.20.1 + diff --git a/queue-5.3/mips-include-mark-__cmpxchg-as-__always_inline.patch b/queue-5.3/mips-include-mark-__cmpxchg-as-__always_inline.patch new file mode 100644 index 00000000000..9ec6148d069 --- /dev/null +++ b/queue-5.3/mips-include-mark-__cmpxchg-as-__always_inline.patch @@ -0,0 +1,47 @@ +From 54a2b67fd80d9a5fe1b976efad4f513b495b58e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 15:12:32 +0200 +Subject: MIPS: include: Mark __cmpxchg as __always_inline + +From: Thomas Bogendoerfer + +[ Upstream commit 88356d09904bc606182c625575237269aeece22e ] + +Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING +forcibly") allows compiler to uninline functions marked as 'inline'. +In cace of cmpxchg this would cause to reference function +__cmpxchg_called_with_bad_pointer, which is a error case +for catching bugs and will not happen for correct code, if +__cmpxchg is inlined. + +Signed-off-by: Thomas Bogendoerfer +[paul.burton@mips.com: s/__cmpxchd/__cmpxchg in subject] +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/cmpxchg.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h +index c8a47d18f6288..319522fa3a45e 100644 +--- a/arch/mips/include/asm/cmpxchg.h ++++ b/arch/mips/include/asm/cmpxchg.h +@@ -153,8 +153,9 @@ static inline unsigned long __xchg(volatile void *ptr, unsigned long x, + extern unsigned long __cmpxchg_small(volatile void *ptr, unsigned long old, + unsigned long new, unsigned int size); + +-static inline unsigned long __cmpxchg(volatile void *ptr, unsigned long old, +- unsigned long new, unsigned int size) ++static __always_inline ++unsigned long __cmpxchg(volatile void *ptr, unsigned long old, ++ unsigned long new, unsigned int size) + { + switch (size) { + case 1: +-- +2.20.1 + diff --git a/queue-5.3/mips-include-mark-__xchg-as-__always_inline.patch b/queue-5.3/mips-include-mark-__xchg-as-__always_inline.patch new file mode 100644 index 00000000000..bbbfe92bee2 --- /dev/null +++ b/queue-5.3/mips-include-mark-__xchg-as-__always_inline.patch @@ -0,0 +1,49 @@ +From 3d9d512843e328fe15df9892520d6138ce7faf7e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2019 12:06:00 +0200 +Subject: MIPS: include: Mark __xchg as __always_inline +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Bogendoerfer + +[ Upstream commit 46f1619500d022501a4f0389f9f4c349ab46bb86 ] + +Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING +forcibly") allows compiler to uninline functions marked as 'inline'. +In cace of __xchg this would cause to reference function +__xchg_called_with_bad_pointer, which is an error case +for catching bugs and will not happen for correct code, if +__xchg is inlined. + +Signed-off-by: Thomas Bogendoerfer +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/cmpxchg.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h +index 319522fa3a45e..2b61052e10c94 100644 +--- a/arch/mips/include/asm/cmpxchg.h ++++ b/arch/mips/include/asm/cmpxchg.h +@@ -77,8 +77,8 @@ extern unsigned long __xchg_called_with_bad_pointer(void) + extern unsigned long __xchg_small(volatile void *ptr, unsigned long val, + unsigned int size); + +-static inline unsigned long __xchg(volatile void *ptr, unsigned long x, +- int size) ++static __always_inline ++unsigned long __xchg(volatile void *ptr, unsigned long x, int size) + { + switch (size) { + case 1: +-- +2.20.1 + diff --git a/queue-5.3/misc-fastrpc-prevent-memory-leak-in-fastrpc_dma_buf_.patch b/queue-5.3/misc-fastrpc-prevent-memory-leak-in-fastrpc_dma_buf_.patch new file mode 100644 index 00000000000..083efd8bebb --- /dev/null +++ b/queue-5.3/misc-fastrpc-prevent-memory-leak-in-fastrpc_dma_buf_.patch @@ -0,0 +1,35 @@ +From 7affa871abb1d689155211a0d2d133abe1901cc1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 10:27:41 -0500 +Subject: misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach + +From: Navid Emamdoost + +[ Upstream commit fc739a058d99c9297ef6bfd923b809d85855b9a9 ] + +In fastrpc_dma_buf_attach if dma_get_sgtable fails the allocated memory +for a should be released. + +Signed-off-by: Navid Emamdoost +Link: https://lore.kernel.org/r/20190925152742.16258-1-navid.emamdoost@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/misc/fastrpc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/misc/fastrpc.c b/drivers/misc/fastrpc.c +index 98603e235cf04..a76b6c6fd660f 100644 +--- a/drivers/misc/fastrpc.c ++++ b/drivers/misc/fastrpc.c +@@ -499,6 +499,7 @@ static int fastrpc_dma_buf_attach(struct dma_buf *dmabuf, + FASTRPC_PHYS(buffer->phys), buffer->size); + if (ret < 0) { + dev_err(buffer->dev, "failed to get scatterlist from DMA API\n"); ++ kfree(a); + return -EINVAL; + } + +-- +2.20.1 + diff --git a/queue-5.3/nbd-fix-possible-sysfs-duplicate-warning.patch b/queue-5.3/nbd-fix-possible-sysfs-duplicate-warning.patch new file mode 100644 index 00000000000..c2477baeb96 --- /dev/null +++ b/queue-5.3/nbd-fix-possible-sysfs-duplicate-warning.patch @@ -0,0 +1,49 @@ +From 1454bad6d1de1cd413ead7d5905651b6501d74b0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 11:44:27 +0530 +Subject: nbd: fix possible sysfs duplicate warning + +From: Xiubo Li + +[ Upstream commit 862488105b84ca744b3d8ff131e0fcfe10644be1 ] + +1. nbd_put takes the mutex and drops nbd->ref to 0. It then does +idr_remove and drops the mutex. + +2. nbd_genl_connect takes the mutex. idr_find/idr_for_each fails +to find an existing device, so it does nbd_dev_add. + +3. just before the nbd_put could call nbd_dev_remove or not finished +totally, but if nbd_dev_add try to add_disk, we can hit: + +debugfs: Directory 'nbd1' with parent 'block' already present! + +This patch will make sure all the disk add/remove stuff are done +by holding the nbd_index_mutex lock. + +Reported-by: Mike Christie +Reviewed-by: Josef Bacik +Signed-off-by: Xiubo Li +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/block/nbd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c +index 0b727f7432f9e..bd164192045b0 100644 +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -230,8 +230,8 @@ static void nbd_put(struct nbd_device *nbd) + if (refcount_dec_and_mutex_lock(&nbd->refs, + &nbd_index_mutex)) { + idr_remove(&nbd_index_idr, nbd->index); +- mutex_unlock(&nbd_index_mutex); + nbd_dev_remove(nbd); ++ mutex_unlock(&nbd_index_mutex); + } + } + +-- +2.20.1 + diff --git a/queue-5.3/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch b/queue-5.3/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch new file mode 100644 index 00000000000..fb0c20f8a5a --- /dev/null +++ b/queue-5.3/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch @@ -0,0 +1,91 @@ +From 9eb694da444b641468d53ec26e693588c7df5cd3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Sep 2019 14:29:38 +0800 +Subject: nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request + +From: ZhangXiaoxu + +[ Upstream commit 33ea5aaa87cdae0f9af4d6b7ee4f650a1a36fd1d ] + +When xfstests testing, there are some WARNING as below: + +WARNING: CPU: 0 PID: 6235 at fs/nfs/inode.c:122 nfs_clear_inode+0x9c/0xd8 +Modules linked in: +CPU: 0 PID: 6235 Comm: umount.nfs +Hardware name: linux,dummy-virt (DT) +pstate: 60000005 (nZCv daif -PAN -UAO) +pc : nfs_clear_inode+0x9c/0xd8 +lr : nfs_evict_inode+0x60/0x78 +sp : fffffc000f68fc00 +x29: fffffc000f68fc00 x28: fffffe00c53155c0 +x27: fffffe00c5315000 x26: fffffc0009a63748 +x25: fffffc000f68fd18 x24: fffffc000bfaaf40 +x23: fffffc000936d3c0 x22: fffffe00c4ff5e20 +x21: fffffc000bfaaf40 x20: fffffe00c4ff5d10 +x19: fffffc000c056000 x18: 000000000000003c +x17: 0000000000000000 x16: 0000000000000000 +x15: 0000000000000040 x14: 0000000000000228 +x13: fffffc000c3a2000 x12: 0000000000000045 +x11: 0000000000000000 x10: 0000000000000000 +x9 : 0000000000000000 x8 : 0000000000000000 +x7 : 0000000000000000 x6 : fffffc00084b027c +x5 : fffffc0009a64000 x4 : fffffe00c0e77400 +x3 : fffffc000c0563a8 x2 : fffffffffffffffb +x1 : 000000000000764e x0 : 0000000000000001 +Call trace: + nfs_clear_inode+0x9c/0xd8 + nfs_evict_inode+0x60/0x78 + evict+0x108/0x380 + dispose_list+0x70/0xa0 + evict_inodes+0x194/0x210 + generic_shutdown_super+0xb0/0x220 + nfs_kill_super+0x40/0x88 + deactivate_locked_super+0xb4/0x120 + deactivate_super+0x144/0x160 + cleanup_mnt+0x98/0x148 + __cleanup_mnt+0x38/0x50 + task_work_run+0x114/0x160 + do_notify_resume+0x2f8/0x308 + work_pending+0x8/0x14 + +The nrequest should be increased/decreased only if PG_INODE_REF flag +was setted. + +But in the nfs_inode_remove_request function, it maybe decrease when +no PG_INODE_REF flag, this maybe lead nrequests count error. + +Reported-by: Hulk Robot +Signed-off-by: ZhangXiaoxu +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/write.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/fs/nfs/write.c b/fs/nfs/write.c +index 85ca49549b39b..52cab65f91cf0 100644 +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -786,7 +786,6 @@ static void nfs_inode_remove_request(struct nfs_page *req) + struct nfs_inode *nfsi = NFS_I(inode); + struct nfs_page *head; + +- atomic_long_dec(&nfsi->nrequests); + if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + head = req->wb_head; + +@@ -799,8 +798,10 @@ static void nfs_inode_remove_request(struct nfs_page *req) + spin_unlock(&mapping->private_lock); + } + +- if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) ++ if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { + nfs_release_request(req); ++ atomic_long_dec(&nfsi->nrequests); ++ } + } + + static void +-- +2.20.1 + diff --git a/queue-5.3/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch b/queue-5.3/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch new file mode 100644 index 00000000000..0c73b3de16e --- /dev/null +++ b/queue-5.3/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch @@ -0,0 +1,60 @@ +From 339ee08d905911a5d699236baffa73c2b2b37816 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 09:58:54 -0400 +Subject: NFSv4: Fix leak of clp->cl_acceptor string + +From: Chuck Lever + +[ Upstream commit 1047ec868332034d1fbcb2fae19fe6d4cb869ff2 ] + +Our client can issue multiple SETCLIENTID operations to the same +server in some circumstances. Ensure that calls to +nfs4_proc_setclientid() after the first one do not overwrite the +previously allocated cl_acceptor string. + +unreferenced object 0xffff888461031800 (size 32): + comm "mount.nfs", pid 2227, jiffies 4294822467 (age 1407.749s) + hex dump (first 32 bytes): + 6e 66 73 40 6b 6c 69 6d 74 2e 69 62 2e 31 30 31 nfs@klimt.ib.101 + 35 67 72 61 6e 67 65 72 2e 6e 65 74 00 00 00 00 5granger.net.... + backtrace: + [<00000000ab820188>] __kmalloc+0x128/0x176 + [<00000000eeaf4ec8>] gss_stringify_acceptor+0xbd/0x1a7 [auth_rpcgss] + [<00000000e85e3382>] nfs4_proc_setclientid+0x34e/0x46c [nfsv4] + [<000000003d9cf1fa>] nfs40_discover_server_trunking+0x7a/0xed [nfsv4] + [<00000000b81c3787>] nfs4_discover_server_trunking+0x81/0x244 [nfsv4] + [<000000000801b55f>] nfs4_init_client+0x1b0/0x238 [nfsv4] + [<00000000977daf7f>] nfs4_set_client+0xfe/0x14d [nfsv4] + [<0000000053a68a2a>] nfs4_create_server+0x107/0x1db [nfsv4] + [<0000000088262019>] nfs4_remote_mount+0x2c/0x59 [nfsv4] + [<00000000e84a2fd0>] legacy_get_tree+0x2d/0x4c + [<00000000797e947c>] vfs_get_tree+0x20/0xc7 + [<00000000ecabaaa8>] fc_mount+0xe/0x36 + [<00000000f15fafc2>] vfs_kern_mount+0x74/0x8d + [<00000000a3ff4e26>] nfs_do_root_mount+0x8a/0xa3 [nfsv4] + [<00000000d1c2b337>] nfs4_try_mount+0x58/0xad [nfsv4] + [<000000004c9bddee>] nfs_fs_mount+0x820/0x869 [nfs] + +Fixes: f11b2a1cfbf5 ("nfs4: copy acceptor name from context ... ") +Signed-off-by: Chuck Lever +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 1406858bae6c9..e1e7d2724b971 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -6058,6 +6058,7 @@ int nfs4_proc_setclientid(struct nfs_client *clp, u32 program, + } + status = task->tk_status; + if (setclientid.sc_cred) { ++ kfree(clp->cl_acceptor); + clp->cl_acceptor = rpcauth_stringify_acceptor(setclientid.sc_cred); + put_rpccred(setclientid.sc_cred); + } +-- +2.20.1 + diff --git a/queue-5.3/ocfs2-clear-zero-in-unaligned-direct-io.patch b/queue-5.3/ocfs2-clear-zero-in-unaligned-direct-io.patch new file mode 100644 index 00000000000..915a4f3dbba --- /dev/null +++ b/queue-5.3/ocfs2-clear-zero-in-unaligned-direct-io.patch @@ -0,0 +1,93 @@ +From a3fd6d5f1c888366e5e9d7d7177ae0e9ee616640 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:47 -0700 +Subject: ocfs2: clear zero in unaligned direct IO + +From: Jia Guo + +[ Upstream commit 7a243c82ea527cd1da47381ad9cd646844f3b693 ] + +Unused portion of a part-written fs-block-sized block is not set to zero +in unaligned append direct write.This can lead to serious data +inconsistencies. + +Ocfs2 manage disk with cluster size(for example, 1M), part-written in +one cluster will change the cluster state from UN-WRITTEN to WRITTEN, +VFS(function dio_zero_block) doesn't do the cleaning because bh's state +is not set to NEW in function ocfs2_dio_wr_get_block when we write a +WRITTEN cluster. For example, the cluster size is 1M, file size is 8k +and we direct write from 14k to 15k, then 12k~14k and 15k~16k will +contain dirty data. + +We have to deal with two cases: + 1.The starting position of direct write is outside the file. + 2.The starting position of direct write is located in the file. + +We need set bh's state to NEW in the first case. In the second case, we +need mapped twice because bh's state of area out file should be set to +NEW while area in file not. + +[akpm@linux-foundation.org: coding style fixes] +Link: http://lkml.kernel.org/r/5292e287-8f1a-fd4a-1a14-661e555e0bed@huawei.com +Signed-off-by: Jia Guo +Reviewed-by: Yiwen Jiang +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Joseph Qi +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/aops.c | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index a4c905d6b5755..3e0a93e799ea1 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2139,13 +2139,30 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock, + struct ocfs2_dio_write_ctxt *dwc = NULL; + struct buffer_head *di_bh = NULL; + u64 p_blkno; +- loff_t pos = iblock << inode->i_sb->s_blocksize_bits; ++ unsigned int i_blkbits = inode->i_sb->s_blocksize_bits; ++ loff_t pos = iblock << i_blkbits; ++ sector_t endblk = (i_size_read(inode) - 1) >> i_blkbits; + unsigned len, total_len = bh_result->b_size; + int ret = 0, first_get_block = 0; + + len = osb->s_clustersize - (pos & (osb->s_clustersize - 1)); + len = min(total_len, len); + ++ /* ++ * bh_result->b_size is count in get_more_blocks according to write ++ * "pos" and "end", we need map twice to return different buffer state: ++ * 1. area in file size, not set NEW; ++ * 2. area out file size, set NEW. ++ * ++ * iblock endblk ++ * |--------|---------|---------|--------- ++ * |<-------area in file------->| ++ */ ++ ++ if ((iblock <= endblk) && ++ ((iblock + ((len - 1) >> i_blkbits)) > endblk)) ++ len = (endblk - iblock + 1) << i_blkbits; ++ + mlog(0, "get block of %lu at %llu:%u req %u\n", + inode->i_ino, pos, len, total_len); + +@@ -2229,6 +2246,9 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock, + if (desc->c_needs_zero) + set_buffer_new(bh_result); + ++ if (iblock > endblk) ++ set_buffer_new(bh_result); ++ + /* May sleep in end_io. It should not happen in a irq context. So defer + * it to dio work queue. */ + set_buffer_defer_completion(bh_result); +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-don-t-return-1-for-error-when-doing-bp.patch b/queue-5.3/perf-annotate-don-t-return-1-for-error-when-doing-bp.patch new file mode 100644 index 00000000000..2af086bcaa2 --- /dev/null +++ b/queue-5.3/perf-annotate-don-t-return-1-for-error-when-doing-bp.patch @@ -0,0 +1,107 @@ +From bf8bc3333712fa00cb2eaef32d332912b51fc39f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 16:04:21 -0300 +Subject: perf annotate: Don't return -1 for error when doing BPF disassembly + +From: Arnaldo Carvalho de Melo + +[ Upstream commit 11aad897f6d1a28eae3b7e5b293647c522d65819 ] + +Return errno when open_memstream() fails and add two new speciall error +codes for when an invalid, non BPF file or one without BTF is passed to +symbol__disassemble_bpf(), so that its callers can rely on +symbol__strerror_disassemble() to convert that to a human readable error +message that can help figure out what is wrong, with hints even. + +Cc: Russell King - ARM Linux admin +Cc: Song Liu +Cc: Alexei Starovoitov +Cc: Daniel Borkmann +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-usevw9r2gcipfcrbpaueurw0@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/annotate.c | 19 +++++++++++++++---- + tools/perf/util/annotate.h | 2 ++ + 2 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index ab7851ec0ce53..fb8756026a805 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -1631,6 +1631,13 @@ int symbol__strerror_disassemble(struct symbol *sym __maybe_unused, struct map * + case SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING: + scnprintf(buf, buflen, "Problems while parsing the CPUID in the arch specific initialization."); + break; ++ case SYMBOL_ANNOTATE_ERRNO__BPF_INVALID_FILE: ++ scnprintf(buf, buflen, "Invalid BPF file: %s.", dso->long_name); ++ break; ++ case SYMBOL_ANNOTATE_ERRNO__BPF_MISSING_BTF: ++ scnprintf(buf, buflen, "The %s BPF file has no BTF section, compile with -g or use pahole -J.", ++ dso->long_name); ++ break; + default: + scnprintf(buf, buflen, "Internal error: Invalid %d error code\n", errnum); + break; +@@ -1713,13 +1720,13 @@ static int symbol__disassemble_bpf(struct symbol *sym, + char tpath[PATH_MAX]; + size_t buf_size; + int nr_skip = 0; +- int ret = -1; + char *buf; + bfd *bfdf; ++ int ret; + FILE *s; + + if (dso->binary_type != DSO_BINARY_TYPE__BPF_PROG_INFO) +- return -1; ++ return SYMBOL_ANNOTATE_ERRNO__BPF_INVALID_FILE; + + pr_debug("%s: handling sym %s addr %" PRIx64 " len %" PRIx64 "\n", __func__, + sym->name, sym->start, sym->end - sym->start); +@@ -1732,8 +1739,10 @@ static int symbol__disassemble_bpf(struct symbol *sym, + assert(bfd_check_format(bfdf, bfd_object)); + + s = open_memstream(&buf, &buf_size); +- if (!s) ++ if (!s) { ++ ret = errno; + goto out; ++ } + init_disassemble_info(&info, s, + (fprintf_ftype) fprintf); + +@@ -1742,8 +1751,10 @@ static int symbol__disassemble_bpf(struct symbol *sym, + + info_node = perf_env__find_bpf_prog_info(dso->bpf_prog.env, + dso->bpf_prog.id); +- if (!info_node) ++ if (!info_node) { ++ return SYMBOL_ANNOTATE_ERRNO__BPF_MISSING_BTF; + goto out; ++ } + info_linear = info_node->info_linear; + sub_id = dso->bpf_prog.sub_id; + +diff --git a/tools/perf/util/annotate.h b/tools/perf/util/annotate.h +index a1191995fe77e..2004e2cf0211b 100644 +--- a/tools/perf/util/annotate.h ++++ b/tools/perf/util/annotate.h +@@ -372,6 +372,8 @@ enum symbol_disassemble_errno { + SYMBOL_ANNOTATE_ERRNO__NO_LIBOPCODES_FOR_BPF, + SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING, + SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_REGEXP, ++ SYMBOL_ANNOTATE_ERRNO__BPF_INVALID_FILE, ++ SYMBOL_ANNOTATE_ERRNO__BPF_MISSING_BTF, + + __SYMBOL_ANNOTATE_ERRNO__END, + }; +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-fix-arch-specific-init-failure-errors.patch b/queue-5.3/perf-annotate-fix-arch-specific-init-failure-errors.patch new file mode 100644 index 00000000000..86c2f5e17fd --- /dev/null +++ b/queue-5.3/perf-annotate-fix-arch-specific-init-failure-errors.patch @@ -0,0 +1,140 @@ +From 897f8f8a8e9ae5c582098e3f14198c38d8b77529 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:48:12 -0300 +Subject: perf annotate: Fix arch specific ->init() failure errors + +From: Arnaldo Carvalho de Melo + +[ Upstream commit 42d7a9107d83223a5fcecc6732d626a6c074cbc2 ] + +They are called from symbol__annotate() and to propagate errors that can +help understand the problem make them return what +symbol__strerror_disassemble() known, i.e. errno codes and other +annotation specific errors in a special, out of errnos, range. + +Reported-by: Russell King - ARM Linux admin +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-pqx7srcv7tixgid251aeboj6@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/arch/arm/annotate/instructions.c | 4 ++-- + tools/perf/arch/arm64/annotate/instructions.c | 4 ++-- + tools/perf/arch/s390/annotate/instructions.c | 6 ++++-- + tools/perf/arch/x86/annotate/instructions.c | 6 ++++-- + tools/perf/util/annotate.c | 6 ++++++ + tools/perf/util/annotate.h | 2 ++ + 6 files changed, 20 insertions(+), 8 deletions(-) + +diff --git a/tools/perf/arch/arm/annotate/instructions.c b/tools/perf/arch/arm/annotate/instructions.c +index c7d1a69b894fe..19ac54758c713 100644 +--- a/tools/perf/arch/arm/annotate/instructions.c ++++ b/tools/perf/arch/arm/annotate/instructions.c +@@ -36,7 +36,7 @@ static int arm__annotate_init(struct arch *arch, char *cpuid __maybe_unused) + + arm = zalloc(sizeof(*arm)); + if (!arm) +- return -1; ++ return ENOMEM; + + #define ARM_CONDS "(cc|cs|eq|ge|gt|hi|le|ls|lt|mi|ne|pl|vc|vs)" + err = regcomp(&arm->call_insn, "^blx?" ARM_CONDS "?$", REG_EXTENDED); +@@ -58,5 +58,5 @@ out_free_call: + regfree(&arm->call_insn); + out_free_arm: + free(arm); +- return -1; ++ return SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_REGEXP; + } +diff --git a/tools/perf/arch/arm64/annotate/instructions.c b/tools/perf/arch/arm64/annotate/instructions.c +index 8f70a1b282dfb..223e2f161f414 100644 +--- a/tools/perf/arch/arm64/annotate/instructions.c ++++ b/tools/perf/arch/arm64/annotate/instructions.c +@@ -94,7 +94,7 @@ static int arm64__annotate_init(struct arch *arch, char *cpuid __maybe_unused) + + arm = zalloc(sizeof(*arm)); + if (!arm) +- return -1; ++ return ENOMEM; + + /* bl, blr */ + err = regcomp(&arm->call_insn, "^blr?$", REG_EXTENDED); +@@ -117,5 +117,5 @@ out_free_call: + regfree(&arm->call_insn); + out_free_arm: + free(arm); +- return -1; ++ return SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_REGEXP; + } +diff --git a/tools/perf/arch/s390/annotate/instructions.c b/tools/perf/arch/s390/annotate/instructions.c +index 89bb8f2c54cee..a50e70baf9183 100644 +--- a/tools/perf/arch/s390/annotate/instructions.c ++++ b/tools/perf/arch/s390/annotate/instructions.c +@@ -164,8 +164,10 @@ static int s390__annotate_init(struct arch *arch, char *cpuid __maybe_unused) + if (!arch->initialized) { + arch->initialized = true; + arch->associate_instruction_ops = s390__associate_ins_ops; +- if (cpuid) +- err = s390__cpuid_parse(arch, cpuid); ++ if (cpuid) { ++ if (s390__cpuid_parse(arch, cpuid)) ++ err = SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING; ++ } + } + + return err; +diff --git a/tools/perf/arch/x86/annotate/instructions.c b/tools/perf/arch/x86/annotate/instructions.c +index 44f5aba78210e..7eb5621c021d8 100644 +--- a/tools/perf/arch/x86/annotate/instructions.c ++++ b/tools/perf/arch/x86/annotate/instructions.c +@@ -196,8 +196,10 @@ static int x86__annotate_init(struct arch *arch, char *cpuid) + if (arch->initialized) + return 0; + +- if (cpuid) +- err = x86__cpuid_parse(arch, cpuid); ++ if (cpuid) { ++ if (x86__cpuid_parse(arch, cpuid)) ++ err = SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING; ++ } + + arch->initialized = true; + return err; +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index ca8b517e38fa8..b475449f955ef 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -1625,6 +1625,12 @@ int symbol__strerror_disassemble(struct symbol *sym __maybe_unused, struct map * + case SYMBOL_ANNOTATE_ERRNO__NO_LIBOPCODES_FOR_BPF: + scnprintf(buf, buflen, "Please link with binutils's libopcode to enable BPF annotation"); + break; ++ case SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_REGEXP: ++ scnprintf(buf, buflen, "Problems with arch specific instruction name regular expressions."); ++ break; ++ case SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING: ++ scnprintf(buf, buflen, "Problems while parsing the CPUID in the arch specific initialization."); ++ break; + default: + scnprintf(buf, buflen, "Internal error: Invalid %d error code\n", errnum); + break; +diff --git a/tools/perf/util/annotate.h b/tools/perf/util/annotate.h +index 5bc0cf655d377..a1191995fe77e 100644 +--- a/tools/perf/util/annotate.h ++++ b/tools/perf/util/annotate.h +@@ -370,6 +370,8 @@ enum symbol_disassemble_errno { + + SYMBOL_ANNOTATE_ERRNO__NO_VMLINUX = __SYMBOL_ANNOTATE_ERRNO__START, + SYMBOL_ANNOTATE_ERRNO__NO_LIBOPCODES_FOR_BPF, ++ SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_CPUID_PARSING, ++ SYMBOL_ANNOTATE_ERRNO__ARCH_INIT_REGEXP, + + __SYMBOL_ANNOTATE_ERRNO__END, + }; +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-fix-the-signedness-of-failure-returns.patch b/queue-5.3/perf-annotate-fix-the-signedness-of-failure-returns.patch new file mode 100644 index 00000000000..a6b550c754d --- /dev/null +++ b/queue-5.3/perf-annotate-fix-the-signedness-of-failure-returns.patch @@ -0,0 +1,44 @@ +From 97fc5807493644628248df90fdb8444595f25c08 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:11:47 -0300 +Subject: perf annotate: Fix the signedness of failure returns + +From: Arnaldo Carvalho de Melo + +[ Upstream commit 28f4417c3333940b242af03d90214f713bbef232 ] + +Callers of symbol__annotate() expect a errno value or some other +extended error value range in symbol__strerror_disassemble() to +convert to a proper error string, fix it when propagating a failure to +find the arch specific annotation routines via arch__find(arch_name). + +Reported-by: Russell King - ARM Linux admin +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-o0k6dw7cas0vvmjjvgsyvu1i@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/annotate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index 6d9642c082e52..2dac51e9e4180 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -2069,7 +2069,7 @@ int symbol__annotate(struct symbol *sym, struct map *map, + + args.arch = arch = arch__find(arch_name); + if (arch == NULL) +- return -ENOTSUP; ++ return ENOTSUP; + + if (parch) + *parch = arch; +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-propagate-perf_env__arch-error.patch b/queue-5.3/perf-annotate-propagate-perf_env__arch-error.patch new file mode 100644 index 00000000000..dda45ce3087 --- /dev/null +++ b/queue-5.3/perf-annotate-propagate-perf_env__arch-error.patch @@ -0,0 +1,45 @@ +From 94c8b2e4a2745080b2777089b6647e037f031560 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:06:01 -0300 +Subject: perf annotate: Propagate perf_env__arch() error + +From: Arnaldo Carvalho de Melo + +[ Upstream commit a66fa0619a0ae3585ef09e9c33ecfb5c7c6cb72b ] + +The callers of symbol__annotate2() use symbol__strerror_disassemble() to +convert its failure returns into a human readable string, so +propagate error values from functions it calls, starting with +perf_env__arch() that when fails the right thing to do is to look at +'errno' to see why its possible call to uname() failed. + +Reported-by: Russell King - ARM Linux admin +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-it5d83kyusfhb1q1b0l4pxzs@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/annotate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index 163536720149b..6d9642c082e52 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -2065,7 +2065,7 @@ int symbol__annotate(struct symbol *sym, struct map *map, + int err; + + if (!arch_name) +- return -1; ++ return errno; + + args.arch = arch = arch__find(arch_name); + if (arch == NULL) +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-propagate-the-symbol__annotate-error-r.patch b/queue-5.3/perf-annotate-propagate-the-symbol__annotate-error-r.patch new file mode 100644 index 00000000000..522ad891002 --- /dev/null +++ b/queue-5.3/perf-annotate-propagate-the-symbol__annotate-error-r.patch @@ -0,0 +1,48 @@ +From 9ff169becc951f630791b07cfaf2f45750e432eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:44:13 -0300 +Subject: perf annotate: Propagate the symbol__annotate() error return + +From: Arnaldo Carvalho de Melo + +[ Upstream commit 211f493b611eef012841f795166c38ec7528738d ] + +We were just returning -1 in symbol__annotate() when symbol__annotate() +failed, propagate its error as it is used later to pass to +symbol__strerror_disassemble() to present a error message to the user, +that in some cases were getting: + + "Invalid -1 error code" + +Fix it to propagate the error. + +Reported-by: Russell King - ARM Linux admin +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-0tj89rs9g7nbcyd5skadlvuu@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/annotate.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index 2dac51e9e4180..ca8b517e38fa8 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -2991,7 +2991,7 @@ int symbol__annotate2(struct symbol *sym, struct map *map, struct perf_evsel *ev + + out_free_offsets: + zfree(¬es->offsets); +- return -1; ++ return err; + } + + #define ANNOTATION__CFG(n) \ +-- +2.20.1 + diff --git a/queue-5.3/perf-annotate-return-appropriate-error-code-for-allo.patch b/queue-5.3/perf-annotate-return-appropriate-error-code-for-allo.patch new file mode 100644 index 00000000000..d1e1ce7f029 --- /dev/null +++ b/queue-5.3/perf-annotate-return-appropriate-error-code-for-allo.patch @@ -0,0 +1,52 @@ +From a39d0a6a75bf37300361da6d3f26467172f09e0b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:53:33 -0300 +Subject: perf annotate: Return appropriate error code for allocation failures + +From: Arnaldo Carvalho de Melo + +[ Upstream commit 16ed3c1e91159e28b02f11f71ff4ce4cbc6f99e4 ] + +We should return errno or the annotation extra range understood by +symbol__strerror_disassemble() instead of -1, fix it, returning ENOMEM +instead. + +Reported-by: Russell King - ARM Linux admin +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra , +Cc: Will Deacon +Link: https://lkml.kernel.org/n/tip-8of1cmj3rz0mppfcshc9bbqq@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/annotate.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/perf/util/annotate.c b/tools/perf/util/annotate.c +index b475449f955ef..ab7851ec0ce53 100644 +--- a/tools/perf/util/annotate.c ++++ b/tools/perf/util/annotate.c +@@ -1662,7 +1662,7 @@ static int dso__disassemble_filename(struct dso *dso, char *filename, size_t fil + + build_id_path = strdup(filename); + if (!build_id_path) +- return -1; ++ return ENOMEM; + + /* + * old style build-id cache has name of XX/XXXXXXX.. while +@@ -2971,7 +2971,7 @@ int symbol__annotate2(struct symbol *sym, struct map *map, struct perf_evsel *ev + + notes->offsets = zalloc(size * sizeof(struct annotation_line *)); + if (notes->offsets == NULL) +- return -1; ++ return ENOMEM; + + if (perf_evsel__is_group_event(evsel)) + nr_pcnt = evsel->nr_members; +-- +2.20.1 + diff --git a/queue-5.3/perf-core-fix-corner-case-in-perf_rotate_context.patch b/queue-5.3/perf-core-fix-corner-case-in-perf_rotate_context.patch new file mode 100644 index 00000000000..d64a447c1cf --- /dev/null +++ b/queue-5.3/perf-core-fix-corner-case-in-perf_rotate_context.patch @@ -0,0 +1,103 @@ +From 61177b9e5b1e6a12b2b2b9391198d265d1b4f6c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Oct 2019 09:59:49 -0700 +Subject: perf/core: Fix corner case in perf_rotate_context() + +From: Song Liu + +[ Upstream commit 7fa343b7fdc4f351de4e3f28d5c285937dd1f42f ] + +In perf_rotate_context(), when the first cpu flexible event fail to +schedule, cpu_rotate is 1, while cpu_event is NULL. Since cpu_event is +NULL, perf_rotate_context will _NOT_ call cpu_ctx_sched_out(), thus +cpuctx->ctx.is_active will have EVENT_FLEXIBLE set. Then, the next +perf_event_sched_in() will skip all cpu flexible events because of the +EVENT_FLEXIBLE bit. + +In the next call of perf_rotate_context(), cpu_rotate stays 1, and +cpu_event stays NULL, so this process repeats. The end result is, flexible +events on this cpu will not be scheduled (until another event being added +to the cpuctx). + +Here is an easy repro of this issue. On Intel CPUs, where ref-cycles +could only use one counter, run one pinned event for ref-cycles, one +flexible event for ref-cycles, and one flexible event for cycles. The +flexible ref-cycles is never scheduled, which is expected. However, +because of this issue, the cycles event is never scheduled either. + + $ perf stat -e ref-cycles:D,ref-cycles,cycles -C 5 -I 1000 + + time counts unit events + 1.000152973 15,412,480 ref-cycles:D + 1.000152973 ref-cycles (0.00%) + 1.000152973 cycles (0.00%) + 2.000486957 18,263,120 ref-cycles:D + 2.000486957 ref-cycles (0.00%) + 2.000486957 cycles (0.00%) + +To fix this, when the flexible_active list is empty, try rotate the +first event in the flexible_groups. Also, rename ctx_first_active() to +ctx_event_to_rotate(), which is more accurate. + +Signed-off-by: Song Liu +Signed-off-by: Peter Zijlstra (Intel) +Cc: +Cc: Arnaldo Carvalho de Melo +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Sasha Levin +Cc: Thomas Gleixner +Fixes: 8d5bce0c37fa ("perf/core: Optimize perf_rotate_context() event scheduling") +Link: https://lkml.kernel.org/r/20191008165949.920548-1-songliubraving@fb.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index c0a6a50e01af6..2ff44d7308dd7 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -3694,11 +3694,23 @@ static void rotate_ctx(struct perf_event_context *ctx, struct perf_event *event) + perf_event_groups_insert(&ctx->flexible_groups, event); + } + ++/* pick an event from the flexible_groups to rotate */ + static inline struct perf_event * +-ctx_first_active(struct perf_event_context *ctx) ++ctx_event_to_rotate(struct perf_event_context *ctx) + { +- return list_first_entry_or_null(&ctx->flexible_active, +- struct perf_event, active_list); ++ struct perf_event *event; ++ ++ /* pick the first active flexible event */ ++ event = list_first_entry_or_null(&ctx->flexible_active, ++ struct perf_event, active_list); ++ ++ /* if no active flexible event, pick the first event */ ++ if (!event) { ++ event = rb_entry_safe(rb_first(&ctx->flexible_groups.tree), ++ typeof(*event), group_node); ++ } ++ ++ return event; + } + + static bool perf_rotate_context(struct perf_cpu_context *cpuctx) +@@ -3723,9 +3735,9 @@ static bool perf_rotate_context(struct perf_cpu_context *cpuctx) + perf_pmu_disable(cpuctx->ctx.pmu); + + if (task_rotate) +- task_event = ctx_first_active(task_ctx); ++ task_event = ctx_event_to_rotate(task_ctx); + if (cpu_rotate) +- cpu_event = ctx_first_active(&cpuctx->ctx); ++ cpu_event = ctx_event_to_rotate(&cpuctx->ctx); + + /* + * As per the order given at ctx_resched() first 'pop' task flexible +-- +2.20.1 + diff --git a/queue-5.3/perf-core-rework-memory-accounting-in-perf_mmap.patch b/queue-5.3/perf-core-rework-memory-accounting-in-perf_mmap.patch new file mode 100644 index 00000000000..fb91021705f --- /dev/null +++ b/queue-5.3/perf-core-rework-memory-accounting-in-perf_mmap.patch @@ -0,0 +1,79 @@ +From 0e41331ae2eae507ae70a0d94257b6064a270dbe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Sep 2019 14:46:18 -0700 +Subject: perf/core: Rework memory accounting in perf_mmap() + +From: Song Liu + +[ Upstream commit d44248a41337731a111374822d7d4451b64e73e4 ] + +perf_mmap() always increases user->locked_vm. As a result, "extra" could +grow bigger than "user_extra", which doesn't make sense. Here is an +example case: + +(Note: Assume "user_lock_limit" is very small.) + + | # of perf_mmap calls |vma->vm_mm->pinned_vm|user->locked_vm| + | 0 | 0 | 0 | + | 1 | user_extra | user_extra | + | 2 | 3 * user_extra | 2 * user_extra| + | 3 | 6 * user_extra | 3 * user_extra| + | 4 | 10 * user_extra | 4 * user_extra| + +Fix this by maintaining proper user_extra and extra. + +Reviewed-By: Hechao Li +Reported-by: Hechao Li +Signed-off-by: Song Liu +Signed-off-by: Peter Zijlstra (Intel) +Cc: +Cc: Jie Meng +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Link: https://lkml.kernel.org/r/20190904214618.3795672-1-songliubraving@fb.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index a2a50b668ef32..c0a6a50e01af6 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -5585,7 +5585,8 @@ again: + * undo the VM accounting. + */ + +- atomic_long_sub((size >> PAGE_SHIFT) + 1, &mmap_user->locked_vm); ++ atomic_long_sub((size >> PAGE_SHIFT) + 1 - mmap_locked, ++ &mmap_user->locked_vm); + atomic64_sub(mmap_locked, &vma->vm_mm->pinned_vm); + free_uid(mmap_user); + +@@ -5729,8 +5730,20 @@ accounting: + + user_locked = atomic_long_read(&user->locked_vm) + user_extra; + +- if (user_locked > user_lock_limit) ++ if (user_locked <= user_lock_limit) { ++ /* charge all to locked_vm */ ++ } else if (atomic_long_read(&user->locked_vm) >= user_lock_limit) { ++ /* charge all to pinned_vm */ ++ extra = user_extra; ++ user_extra = 0; ++ } else { ++ /* ++ * charge locked_vm until it hits user_lock_limit; ++ * charge the rest from pinned_vm ++ */ + extra = user_locked - user_lock_limit; ++ user_extra -= extra; ++ } + + lock_limit = rlimit(RLIMIT_MEMLOCK); + lock_limit >>= PAGE_SHIFT; +-- +2.20.1 + diff --git a/queue-5.3/perf-jevents-fix-period-for-intel-fixed-counters.patch b/queue-5.3/perf-jevents-fix-period-for-intel-fixed-counters.patch new file mode 100644 index 00000000000..fb6dbde85ca --- /dev/null +++ b/queue-5.3/perf-jevents-fix-period-for-intel-fixed-counters.patch @@ -0,0 +1,53 @@ +From bb57e302ab52847af2d53a9ba15cbe39153ffc65 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 16:35:45 -0700 +Subject: perf jevents: Fix period for Intel fixed counters + +From: Andi Kleen + +[ Upstream commit 6bdfd9f118bd59cf0f85d3bf4b72b586adea17c1 ] + +The Intel fixed counters use a special table to override the JSON +information. + +During this override the period information from the JSON file got +dropped, which results in inst_retired.any and similar running with +frequency mode instead of a period. + +Just specify the expected period in the table. + +Signed-off-by: Andi Kleen +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20190927233546.11533-2-andi@firstfloor.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/pmu-events/jevents.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c +index d413761621b09..fa85e33762f72 100644 +--- a/tools/perf/pmu-events/jevents.c ++++ b/tools/perf/pmu-events/jevents.c +@@ -449,12 +449,12 @@ static struct fixed { + const char *name; + const char *event; + } fixed[] = { +- { "inst_retired.any", "event=0xc0" }, +- { "inst_retired.any_p", "event=0xc0" }, +- { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03" }, +- { "cpu_clk_unhalted.thread", "event=0x3c" }, +- { "cpu_clk_unhalted.core", "event=0x3c" }, +- { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1" }, ++ { "inst_retired.any", "event=0xc0,period=2000003" }, ++ { "inst_retired.any_p", "event=0xc0,period=2000003" }, ++ { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03,period=2000003" }, ++ { "cpu_clk_unhalted.thread", "event=0x3c,period=2000003" }, ++ { "cpu_clk_unhalted.core", "event=0x3c,period=2000003" }, ++ { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1,period=2000003" }, + { NULL, NULL}, + }; + +-- +2.20.1 + diff --git a/queue-5.3/perf-map-fix-overlapped-map-handling.patch b/queue-5.3/perf-map-fix-overlapped-map-handling.patch new file mode 100644 index 00000000000..11fd4f03570 --- /dev/null +++ b/queue-5.3/perf-map-fix-overlapped-map-handling.patch @@ -0,0 +1,120 @@ +From 595c12f3a2498dce58294d8684a99de5fac3aaf8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 28 Sep 2019 01:39:00 +0000 +Subject: perf map: Fix overlapped map handling + +From: Steve MacLean + +[ Upstream commit ee212d6ea20887c0ef352be8563ca13dbf965906 ] + +Whenever an mmap/mmap2 event occurs, the map tree must be updated to add a new +entry. If a new map overlaps a previous map, the overlapped section of the +previous map is effectively unmapped, but the non-overlapping sections are +still valid. + +maps__fixup_overlappings() is responsible for creating any new map entries from +the previously overlapped map. It optionally creates a before and an after map. + +When creating the after map the existing code failed to adjust the map.pgoff. +This meant the new after map would incorrectly calculate the file offset +for the ip. This results in incorrect symbol name resolution for any ip in the +after region. + +Make maps__fixup_overlappings() correctly populate map.pgoff. + +Add an assert that new mapping matches old mapping at the beginning of +the after map. + +Committer-testing: + +Validated correct parsing of libcoreclr.so symbols from .NET Core 3.0 preview9 +(which didn't strip symbols). + +Preparation: + + ~/dotnet3.0-preview9/dotnet new webapi -o perfSymbol + cd perfSymbol + ~/dotnet3.0-preview9/dotnet publish + perf record ~/dotnet3.0-preview9/dotnet \ + bin/Debug/netcoreapp3.0/publish/perfSymbol.dll + ^C + +Before: + + perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\ + grep libcoreclr.so | head -n 4 + dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \ + r-xp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.705249: 250000 cpu-clock: \ + 7fe6159a1f99 [unknown] \ + (.../3.0.0-preview9-19423-09/libcoreclr.so) + +After: + + perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\ + grep libcoreclr.so | head -n 4 + dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \ + r-xp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + +All the [unknown] symbols were resolved. + +Signed-off-by: Steve MacLean +Tested-by: Brian Robbins +Acked-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Davidlohr Bueso +Cc: Eric Saint-Etienne +Cc: John Keeping +Cc: John Salem +Cc: Leo Yan +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Song Liu +Cc: Stephane Eranian +Cc: Tom McDonald +Link: http://lore.kernel.org/lkml/BN8PR21MB136270949F22A6A02335C238F7800@BN8PR21MB1362.namprd21.prod.outlook.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/map.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c +index 7666206d06fa7..f18113581cf03 100644 +--- a/tools/perf/util/map.c ++++ b/tools/perf/util/map.c +@@ -1,5 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + #include "symbol.h" ++#include + #include + #include + #include +@@ -847,6 +848,8 @@ static int maps__fixup_overlappings(struct maps *maps, struct map *map, FILE *fp + } + + after->start = map->end; ++ after->pgoff += map->end - pos->start; ++ assert(pos->map_ip(pos, map->end) == after->map_ip(after, map->end)); + __map_groups__insert(pos->groups, after); + if (verbose >= 2 && !use_browser) + map__fprintf(after, fp); +-- +2.20.1 + diff --git a/queue-5.3/perf-script-brstackinsn-fix-recovery-from-lbr-binary.patch b/queue-5.3/perf-script-brstackinsn-fix-recovery-from-lbr-binary.patch new file mode 100644 index 00000000000..98457b40dd2 --- /dev/null +++ b/queue-5.3/perf-script-brstackinsn-fix-recovery-from-lbr-binary.patch @@ -0,0 +1,77 @@ +From 7384b1c231fceb32515c29c1d0d0ce58d748d950 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 16:35:44 -0700 +Subject: perf script brstackinsn: Fix recovery from LBR/binary mismatch + +From: Andi Kleen + +[ Upstream commit e98df280bc2a499fd41d7f9e2d6733884de69902 ] + +When the LBR data and the instructions in a binary do not match the loop +printing instructions could get confused and print a long stream of +bogus instructions. + +The problem was that if the instruction decoder cannot decode an +instruction it ilen wasn't initialized, so the loop going through the +basic block would continue with the previous value. + +Harden the code to avoid such problems: + +- Make sure ilen is always freshly initialized and is 0 for bad + instructions. + +- Do not overrun the code buffer while printing instructions + +- Print a warning message if the final jump is not on an instruction + boundary. + +Signed-off-by: Andi Kleen +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20190927233546.11533-1-andi@firstfloor.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-script.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c +index 0140ddb8dd0bd..c14a1cdad80c0 100644 +--- a/tools/perf/builtin-script.c ++++ b/tools/perf/builtin-script.c +@@ -1054,7 +1054,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample, + continue; + + insn = 0; +- for (off = 0;; off += ilen) { ++ for (off = 0; off < (unsigned)len; off += ilen) { + uint64_t ip = start + off; + + printed += ip__fprintf_sym(ip, thread, x.cpumode, x.cpu, &lastsym, attr, fp); +@@ -1065,6 +1065,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample, + printed += print_srccode(thread, x.cpumode, ip); + break; + } else { ++ ilen = 0; + printed += fprintf(fp, "\t%016" PRIx64 "\t%s\n", ip, + dump_insn(&x, ip, buffer + off, len - off, &ilen)); + if (ilen == 0) +@@ -1074,6 +1075,8 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample, + insn++; + } + } ++ if (off != (unsigned)len) ++ printed += fprintf(fp, "\tmismatch of LBR data and executable\n"); + } + + /* +@@ -1114,6 +1117,7 @@ static int perf_sample__fprintf_brstackinsn(struct perf_sample *sample, + goto out; + } + for (off = 0; off <= end - start; off += ilen) { ++ ilen = 0; + printed += fprintf(fp, "\t%016" PRIx64 "\t%s\n", start + off, + dump_insn(&x, start + off, buffer + off, len - off, &ilen)); + if (ilen == 0) +-- +2.20.1 + diff --git a/queue-5.3/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch b/queue-5.3/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch new file mode 100644 index 00000000000..7fb4aa2205d --- /dev/null +++ b/queue-5.3/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch @@ -0,0 +1,90 @@ +From c6ea6bedb12edf7726036646e324a94e4577e1b8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 12:59:24 -0700 +Subject: perf tests: Avoid raising SEGV using an obvious NULL dereference + +From: Ian Rogers + +[ Upstream commit e3e2cf3d5b1fe800b032e14c0fdcd9a6fb20cf3b ] + +An optimized build such as: + + make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-O3 + +will turn the dereference operation into a ud2 instruction, raising a +SIGILL rather than a SIGSEGV. Use raise(..) for correctness and clarity. + +Similar issues were addressed in Numfor Mbiziwo-Tiapo's patch: + + https://lkml.org/lkml/2019/7/8/1234 + +Committer testing: + +Before: + + [root@quaco ~]# perf test hooks + 55: perf hooks : Ok + [root@quaco ~]# perf test -v hooks + 55: perf hooks : + --- start --- + test child forked, pid 17092 + SIGSEGV is observed as expected, try to recover. + Fatal error (SEGFAULT) in perf hook 'test' + test child finished with 0 + ---- end ---- + perf hooks: Ok + [root@quaco ~]# + +After: + + [root@quaco ~]# perf test hooks + 55: perf hooks : Ok + [root@quaco ~]# perf test -v hooks + 55: perf hooks : + --- start --- + test child forked, pid 17909 + SIGSEGV is observed as expected, try to recover. + Fatal error (SEGFAULT) in perf hook 'test' + test child finished with 0 + ---- end ---- + perf hooks: Ok + [root@quaco ~]# + +Fixes: a074865e60ed ("perf tools: Introduce perf hooks") +Signed-off-by: Ian Rogers +Tested-by: Arnaldo Carvalho de Melo +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: Wang Nan +Link: http://lore.kernel.org/lkml/20190925195924.152834-2-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/tests/perf-hooks.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/perf/tests/perf-hooks.c b/tools/perf/tests/perf-hooks.c +index a693bcf017ea2..44c16fd11bf6e 100644 +--- a/tools/perf/tests/perf-hooks.c ++++ b/tools/perf/tests/perf-hooks.c +@@ -20,12 +20,11 @@ static void sigsegv_handler(int sig __maybe_unused) + static void the_hook(void *_hook_flags) + { + int *hook_flags = _hook_flags; +- int *p = NULL; + + *hook_flags = 1234; + + /* Generate a segfault, test perf_hooks__recover */ +- *p = 0; ++ raise(SIGSEGV); + } + + int test__perf_hooks(struct test *test __maybe_unused, int subtest __maybe_unused) +-- +2.20.1 + diff --git a/queue-5.3/perf-tools-propagate-get_cpuid-error.patch b/queue-5.3/perf-tools-propagate-get_cpuid-error.patch new file mode 100644 index 00000000000..941bb687b32 --- /dev/null +++ b/queue-5.3/perf-tools-propagate-get_cpuid-error.patch @@ -0,0 +1,138 @@ +From e651912d805350520335975dd58cfa817f09340b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 10:55:34 -0300 +Subject: perf tools: Propagate get_cpuid() error + +From: Arnaldo Carvalho de Melo + +[ Upstream commit f67001a4a08eb124197ed4376941e1da9cf94b42 ] + +For consistency, propagate the exact cause for get_cpuid() to have +failed. + +Cc: Adrian Hunter +Cc: Jiri Olsa +Cc: Namhyung Kim +Link: https://lkml.kernel.org/n/tip-9ig269f7ktnhh99g4l15vpu2@git.kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/arch/powerpc/util/header.c | 3 ++- + tools/perf/arch/s390/util/header.c | 9 +++++---- + tools/perf/arch/x86/util/header.c | 3 ++- + tools/perf/builtin-kvm.c | 7 ++++--- + 4 files changed, 13 insertions(+), 9 deletions(-) + +diff --git a/tools/perf/arch/powerpc/util/header.c b/tools/perf/arch/powerpc/util/header.c +index 0b242664f5ea7..e46be9ef5a688 100644 +--- a/tools/perf/arch/powerpc/util/header.c ++++ b/tools/perf/arch/powerpc/util/header.c +@@ -1,5 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + #include ++#include + #include + #include + #include +@@ -31,7 +32,7 @@ get_cpuid(char *buffer, size_t sz) + buffer[nb-1] = '\0'; + return 0; + } +- return -1; ++ return ENOBUFS; + } + + char * +diff --git a/tools/perf/arch/s390/util/header.c b/tools/perf/arch/s390/util/header.c +index 8b0b018d896ab..7933f6871c818 100644 +--- a/tools/perf/arch/s390/util/header.c ++++ b/tools/perf/arch/s390/util/header.c +@@ -8,6 +8,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -54,7 +55,7 @@ int get_cpuid(char *buffer, size_t sz) + + sysinfo = fopen(SYSINFO, "r"); + if (sysinfo == NULL) +- return -1; ++ return errno; + + while ((read = getline(&line, &line_sz, sysinfo)) != -1) { + if (!strncmp(line, SYSINFO_MANU, strlen(SYSINFO_MANU))) { +@@ -89,7 +90,7 @@ int get_cpuid(char *buffer, size_t sz) + + /* Missing manufacturer, type or model information should not happen */ + if (!manufacturer[0] || !type[0] || !model[0]) +- return -1; ++ return EINVAL; + + /* + * Scan /proc/service_levels and return the CPU-MF counter facility +@@ -133,14 +134,14 @@ skip_sysinfo: + else + nbytes = snprintf(buffer, sz, "%s,%s,%s", manufacturer, type, + model); +- return (nbytes >= sz) ? -1 : 0; ++ return (nbytes >= sz) ? ENOBUFS : 0; + } + + char *get_cpuid_str(struct perf_pmu *pmu __maybe_unused) + { + char *buf = malloc(128); + +- if (buf && get_cpuid(buf, 128) < 0) ++ if (buf && get_cpuid(buf, 128)) + zfree(&buf); + return buf; + } +diff --git a/tools/perf/arch/x86/util/header.c b/tools/perf/arch/x86/util/header.c +index af9a9f2600be4..a089af60906a0 100644 +--- a/tools/perf/arch/x86/util/header.c ++++ b/tools/perf/arch/x86/util/header.c +@@ -1,5 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + #include ++#include + #include + #include + #include +@@ -57,7 +58,7 @@ __get_cpuid(char *buffer, size_t sz, const char *fmt) + buffer[nb-1] = '\0'; + return 0; + } +- return -1; ++ return ENOBUFS; + } + + int +diff --git a/tools/perf/builtin-kvm.c b/tools/perf/builtin-kvm.c +index b33c834891208..44ff3ea1da23f 100644 +--- a/tools/perf/builtin-kvm.c ++++ b/tools/perf/builtin-kvm.c +@@ -699,14 +699,15 @@ static int process_sample_event(struct perf_tool *tool, + + static int cpu_isa_config(struct perf_kvm_stat *kvm) + { +- char buf[64], *cpuid; ++ char buf[128], *cpuid; + int err; + + if (kvm->live) { + err = get_cpuid(buf, sizeof(buf)); + if (err != 0) { +- pr_err("Failed to look up CPU type\n"); +- return err; ++ pr_err("Failed to look up CPU type: %s\n", ++ str_error_r(err, buf, sizeof(buf))); ++ return -err; + } + cpuid = buf; + } else +-- +2.20.1 + diff --git a/queue-5.3/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch b/queue-5.3/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch new file mode 100644 index 00000000000..1c2211132ff --- /dev/null +++ b/queue-5.3/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch @@ -0,0 +1,131 @@ +From d9ef1197a5ab7d021999407475a5ac254e17ada7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Aug 2019 18:57:41 +0000 +Subject: perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp + +From: Tom Lendacky + +[ Upstream commit df4d29732fdad43a51284f826bec3e6ded177540 ] + +It turns out that the NMI latency workaround from commit: + + 6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs") + +ends up being too conservative and results in the perf NMI handler claiming +NMIs too easily on AMD hardware when the NMI watchdog is active. + +This has an impact, for example, on the hpwdt (HPE watchdog timer) module. +This module can produce an NMI that is used to reset the system. It +registers an NMI handler for the NMI_UNKNOWN type and relies on the fact +that nothing has claimed an NMI so that its handler will be invoked when +the watchdog device produces an NMI. After the referenced commit, the +hpwdt module is unable to process its generated NMI if the NMI watchdog is +active, because the current NMI latency mitigation results in the NMI +being claimed by the perf NMI handler. + +Update the AMD perf NMI latency mitigation workaround to, instead, use a +window of time. Whenever a PMC is handled in the perf NMI handler, set a +timestamp which will act as a perf NMI window. Any NMIs arriving within +that window will be claimed by perf. Anything outside that window will +not be claimed by perf. The value for the NMI window is set to 100 msecs. +This is a conservative value that easily covers any NMI latency in the +hardware. While this still results in a window in which the hpwdt module +will not receive its NMI, the window is now much, much smaller. + +Signed-off-by: Tom Lendacky +Signed-off-by: Peter Zijlstra (Intel) +Cc: Alexander Shishkin +Cc: Arnaldo Carvalho de Melo +Cc: Borislav Petkov +Cc: Jerry Hoemann +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs") +Link: https://lkml.kernel.org/r/Message-ID: +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/events/amd/core.c | 30 +++++++++++++++++------------- + 1 file changed, 17 insertions(+), 13 deletions(-) + +diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c +index e7d35f60d53fc..64c3e70b0556b 100644 +--- a/arch/x86/events/amd/core.c ++++ b/arch/x86/events/amd/core.c +@@ -5,12 +5,14 @@ + #include + #include + #include ++#include + #include + #include + + #include "../perf_event.h" + +-static DEFINE_PER_CPU(unsigned int, perf_nmi_counter); ++static DEFINE_PER_CPU(unsigned long, perf_nmi_tstamp); ++static unsigned long perf_nmi_window; + + static __initconst const u64 amd_hw_cache_event_ids + [PERF_COUNT_HW_CACHE_MAX] +@@ -641,11 +643,12 @@ static void amd_pmu_disable_event(struct perf_event *event) + * handler when multiple PMCs are active or PMC overflow while handling some + * other source of an NMI. + * +- * Attempt to mitigate this by using the number of active PMCs to determine +- * whether to return NMI_HANDLED if the perf NMI handler did not handle/reset +- * any PMCs. The per-CPU perf_nmi_counter variable is set to a minimum of the +- * number of active PMCs or 2. The value of 2 is used in case an NMI does not +- * arrive at the LAPIC in time to be collapsed into an already pending NMI. ++ * Attempt to mitigate this by creating an NMI window in which un-handled NMIs ++ * received during this window will be claimed. This prevents extending the ++ * window past when it is possible that latent NMIs should be received. The ++ * per-CPU perf_nmi_tstamp will be set to the window end time whenever perf has ++ * handled a counter. When an un-handled NMI is received, it will be claimed ++ * only if arriving within that window. + */ + static int amd_pmu_handle_irq(struct pt_regs *regs) + { +@@ -663,21 +666,19 @@ static int amd_pmu_handle_irq(struct pt_regs *regs) + handled = x86_pmu_handle_irq(regs); + + /* +- * If a counter was handled, record the number of possible remaining +- * NMIs that can occur. ++ * If a counter was handled, record a timestamp such that un-handled ++ * NMIs will be claimed if arriving within that window. + */ + if (handled) { +- this_cpu_write(perf_nmi_counter, +- min_t(unsigned int, 2, active)); ++ this_cpu_write(perf_nmi_tstamp, ++ jiffies + perf_nmi_window); + + return handled; + } + +- if (!this_cpu_read(perf_nmi_counter)) ++ if (time_after(jiffies, this_cpu_read(perf_nmi_tstamp))) + return NMI_DONE; + +- this_cpu_dec(perf_nmi_counter); +- + return NMI_HANDLED; + } + +@@ -909,6 +910,9 @@ static int __init amd_core_pmu_init(void) + if (!boot_cpu_has(X86_FEATURE_PERFCTR_CORE)) + return 0; + ++ /* Avoid calulating the value each time in the NMI handler */ ++ perf_nmi_window = msecs_to_jiffies(100); ++ + switch (boot_cpu_data.x86) { + case 0x15: + pr_cont("Fam15h "); +-- +2.20.1 + diff --git a/queue-5.3/rdma-cm-fix-memory-leak-in-cm_add-remove_one.patch b/queue-5.3/rdma-cm-fix-memory-leak-in-cm_add-remove_one.patch new file mode 100644 index 00000000000..03271c9235a --- /dev/null +++ b/queue-5.3/rdma-cm-fix-memory-leak-in-cm_add-remove_one.patch @@ -0,0 +1,69 @@ +From bcebd2c90524f778c5d7e5f11350de849343a585 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Sep 2019 10:11:51 +0300 +Subject: RDMA/cm: Fix memory leak in cm_add/remove_one + +From: Jack Morgenstein + +[ Upstream commit 94635c36f3854934a46d9e812e028d4721bbb0e6 ] + +In the process of moving the debug counters sysfs entries, the commit +mentioned below eliminated the cm_infiniband sysfs directory. + +This sysfs directory was tied to the cm_port object allocated in procedure +cm_add_one(). + +Before the commit below, this cm_port object was freed via a call to +kobject_put(port->kobj) in procedure cm_remove_port_fs(). + +Since port no longer uses its kobj, kobject_put(port->kobj) was eliminated. +This, however, meant that kfree was never called for the cm_port buffers. + +Fix this by adding explicit kfree(port) calls to functions cm_add_one() +and cm_remove_one(). + +Note: the kfree call in the first chunk below (in the cm_add_one error +flow) fixes an old, undetected memory leak. + +Fixes: c87e65cfb97c ("RDMA/cm: Move debug counters to be under relevant IB device") +Link: https://lore.kernel.org/r/20190916071154.20383-2-leon@kernel.org +Signed-off-by: Jack Morgenstein +Signed-off-by: Leon Romanovsky +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/cm.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c +index da10e6ccb43cd..5920c0085d35b 100644 +--- a/drivers/infiniband/core/cm.c ++++ b/drivers/infiniband/core/cm.c +@@ -4399,6 +4399,7 @@ error2: + error1: + port_modify.set_port_cap_mask = 0; + port_modify.clr_port_cap_mask = IB_PORT_CM_SUP; ++ kfree(port); + while (--i) { + if (!rdma_cap_ib_cm(ib_device, i)) + continue; +@@ -4407,6 +4408,7 @@ error1: + ib_modify_port(ib_device, port->port_num, 0, &port_modify); + ib_unregister_mad_agent(port->mad_agent); + cm_remove_port_fs(port); ++ kfree(port); + } + free: + kfree(cm_dev); +@@ -4460,6 +4462,7 @@ static void cm_remove_one(struct ib_device *ib_device, void *client_data) + spin_unlock_irq(&cm.state_lock); + ib_unregister_mad_agent(cur_mad_agent); + cm_remove_port_fs(port); ++ kfree(port); + } + + kfree(cm_dev); +-- +2.20.1 + diff --git a/queue-5.3/rdma-core-fix-an-error-handling-path-in-res_get_comm.patch b/queue-5.3/rdma-core-fix-an-error-handling-path-in-res_get_comm.patch new file mode 100644 index 00000000000..1ac0d105545 --- /dev/null +++ b/queue-5.3/rdma-core-fix-an-error-handling-path-in-res_get_comm.patch @@ -0,0 +1,39 @@ +From 19e3008160b5291d383d655b3cf8e7058976aeb2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 18 Aug 2019 11:10:44 +0200 +Subject: RDMA/core: Fix an error handling path in 'res_get_common_doit()' + +From: Christophe JAILLET + +[ Upstream commit ab59ca3eb4e7059727df85eee68bda169d26c8f8 ] + +According to surrounding error paths, it is likely that 'goto err_get;' is +expected here. Otherwise, a call to 'rdma_restrack_put(res);' would be +missing. + +Fixes: c5dfe0ea6ffa ("RDMA/nldev: Add resource tracker doit callback") +Link: https://lore.kernel.org/r/20190818091044.8845-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Christophe JAILLET +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/nldev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c +index 020c269765584..91e2cc9ddb9f8 100644 +--- a/drivers/infiniband/core/nldev.c ++++ b/drivers/infiniband/core/nldev.c +@@ -1230,7 +1230,7 @@ static int res_get_common_doit(struct sk_buff *skb, struct nlmsghdr *nlh, + msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); + if (!msg) { + ret = -ENOMEM; +- goto err; ++ goto err_get; + } + + nlh = nlmsg_put(msg, NETLINK_CB(skb).portid, nlh->nlmsg_seq, +-- +2.20.1 + diff --git a/queue-5.3/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch b/queue-5.3/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch new file mode 100644 index 00000000000..5dbb06b7429 --- /dev/null +++ b/queue-5.3/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch @@ -0,0 +1,42 @@ +From ea82fe391df105d569e46ffa4532c951f8e0c18f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 09:45:42 -0500 +Subject: RDMA/hfi1: Prevent memory leak in sdma_init + +From: Navid Emamdoost + +[ Upstream commit 34b3be18a04ecdc610aae4c48e5d1b799d8689f6 ] + +In sdma_init if rhashtable_init fails the allocated memory for +tmp_sdma_rht should be released. + +Fixes: 5a52a7acf7e2 ("IB/hfi1: NULL pointer dereference when freeing rhashtable") +Link: https://lore.kernel.org/r/20190925144543.10141-1-navid.emamdoost@gmail.com +Signed-off-by: Navid Emamdoost +Acked-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/hfi1/sdma.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c +index 2395fd4233a7e..2ed7bfd5feea6 100644 +--- a/drivers/infiniband/hw/hfi1/sdma.c ++++ b/drivers/infiniband/hw/hfi1/sdma.c +@@ -1526,8 +1526,11 @@ int sdma_init(struct hfi1_devdata *dd, u8 port) + } + + ret = rhashtable_init(tmp_sdma_rht, &sdma_rht_params); +- if (ret < 0) ++ if (ret < 0) { ++ kfree(tmp_sdma_rht); + goto bail; ++ } ++ + dd->sdma_rht = tmp_sdma_rht; + + dd_dev_info(dd, "SDMA num_sdma: %u\n", dd->num_sdma); +-- +2.20.1 + diff --git a/queue-5.3/rdma-iw_cxgb4-fix-srq-access-from-dump_qp.patch b/queue-5.3/rdma-iw_cxgb4-fix-srq-access-from-dump_qp.patch new file mode 100644 index 00000000000..81602e6318a --- /dev/null +++ b/queue-5.3/rdma-iw_cxgb4-fix-srq-access-from-dump_qp.patch @@ -0,0 +1,94 @@ +From 485370a39a8a3d8ea3a8a315896a7d3df336e2ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 13:11:19 +0530 +Subject: RDMA/iw_cxgb4: fix SRQ access from dump_qp() + +From: Potnuri Bharat Teja + +[ Upstream commit 91724c1e5afe45b64970036170659726e7dc5cff ] + +dump_qp() is wrongly trying to dump SRQ structures as QP when SRQ is used +by the application. This patch matches the QPID before dumping them. Also +removes unwanted SRQ id addition to QP id xarray. + +Fixes: 2f43129127e6 ("cxgb4: Convert qpidr to XArray") +Link: https://lore.kernel.org/r/20190930074119.20046-1-bharat@chelsio.com +Signed-off-by: Rahul Kundu +Signed-off-by: Potnuri Bharat Teja +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/cxgb4/device.c | 7 +++++-- + drivers/infiniband/hw/cxgb4/qp.c | 10 +--------- + 2 files changed, 6 insertions(+), 11 deletions(-) + +diff --git a/drivers/infiniband/hw/cxgb4/device.c b/drivers/infiniband/hw/cxgb4/device.c +index a8b9548bd1a26..599340c1f0b82 100644 +--- a/drivers/infiniband/hw/cxgb4/device.c ++++ b/drivers/infiniband/hw/cxgb4/device.c +@@ -242,10 +242,13 @@ static void set_ep_sin6_addrs(struct c4iw_ep *ep, + } + } + +-static int dump_qp(struct c4iw_qp *qp, struct c4iw_debugfs_data *qpd) ++static int dump_qp(unsigned long id, struct c4iw_qp *qp, ++ struct c4iw_debugfs_data *qpd) + { + int space; + int cc; ++ if (id != qp->wq.sq.qid) ++ return 0; + + space = qpd->bufsize - qpd->pos - 1; + if (space == 0) +@@ -350,7 +353,7 @@ static int qp_open(struct inode *inode, struct file *file) + + xa_lock_irq(&qpd->devp->qps); + xa_for_each(&qpd->devp->qps, index, qp) +- dump_qp(qp, qpd); ++ dump_qp(index, qp, qpd); + xa_unlock_irq(&qpd->devp->qps); + + qpd->buf[qpd->pos++] = 0; +diff --git a/drivers/infiniband/hw/cxgb4/qp.c b/drivers/infiniband/hw/cxgb4/qp.c +index eb9368be28c1d..bbcac539777a2 100644 +--- a/drivers/infiniband/hw/cxgb4/qp.c ++++ b/drivers/infiniband/hw/cxgb4/qp.c +@@ -2737,15 +2737,11 @@ int c4iw_create_srq(struct ib_srq *ib_srq, struct ib_srq_init_attr *attrs, + if (CHELSIO_CHIP_VERSION(rhp->rdev.lldi.adapter_type) > CHELSIO_T6) + srq->flags = T4_SRQ_LIMIT_SUPPORT; + +- ret = xa_insert_irq(&rhp->qps, srq->wq.qid, srq, GFP_KERNEL); +- if (ret) +- goto err_free_queue; +- + if (udata) { + srq_key_mm = kmalloc(sizeof(*srq_key_mm), GFP_KERNEL); + if (!srq_key_mm) { + ret = -ENOMEM; +- goto err_remove_handle; ++ goto err_free_queue; + } + srq_db_key_mm = kmalloc(sizeof(*srq_db_key_mm), GFP_KERNEL); + if (!srq_db_key_mm) { +@@ -2789,8 +2785,6 @@ err_free_srq_db_key_mm: + kfree(srq_db_key_mm); + err_free_srq_key_mm: + kfree(srq_key_mm); +-err_remove_handle: +- xa_erase_irq(&rhp->qps, srq->wq.qid); + err_free_queue: + free_srq_queue(srq, ucontext ? &ucontext->uctx : &rhp->rdev.uctx, + srq->wr_waitp); +@@ -2813,8 +2807,6 @@ void c4iw_destroy_srq(struct ib_srq *ibsrq, struct ib_udata *udata) + rhp = srq->rhp; + + pr_debug("%s id %d\n", __func__, srq->wq.qid); +- +- xa_erase_irq(&rhp->qps, srq->wq.qid); + ucontext = rdma_udata_to_drv_context(udata, struct c4iw_ucontext, + ibucontext); + free_srq_queue(srq, ucontext ? &ucontext->uctx : &rhp->rdev.uctx, +-- +2.20.1 + diff --git a/queue-5.3/rdma-iwcm-fix-a-lock-inversion-issue.patch b/queue-5.3/rdma-iwcm-fix-a-lock-inversion-issue.patch new file mode 100644 index 00000000000..62919a091ab --- /dev/null +++ b/queue-5.3/rdma-iwcm-fix-a-lock-inversion-issue.patch @@ -0,0 +1,87 @@ +From 3c13c0bbe438f1a7a124798c9b14627a942f5378 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 16:16:54 -0700 +Subject: RDMA/iwcm: Fix a lock inversion issue + +From: Bart Van Assche + +[ Upstream commit b66f31efbdad95ec274345721d99d1d835e6de01 ] + +This patch fixes the lock inversion complaint: + +============================================ +WARNING: possible recursive locking detected +5.3.0-rc7-dbg+ #1 Not tainted +-------------------------------------------- +kworker/u16:6/171 is trying to acquire lock: +00000000035c6e6c (&id_priv->handler_mutex){+.+.}, at: rdma_destroy_id+0x78/0x4a0 [rdma_cm] + +but task is already holding lock: +00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm] + +other info that might help us debug this: + Possible unsafe locking scenario: + + CPU0 + ---- + lock(&id_priv->handler_mutex); + lock(&id_priv->handler_mutex); + + *** DEADLOCK *** + + May be due to missing lock nesting notation + +3 locks held by kworker/u16:6/171: + #0: 00000000e2eaa773 ((wq_completion)iw_cm_wq){+.+.}, at: process_one_work+0x472/0xac0 + #1: 000000001efd357b ((work_completion)(&work->work)#3){+.+.}, at: process_one_work+0x476/0xac0 + #2: 00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm] + +stack backtrace: +CPU: 3 PID: 171 Comm: kworker/u16:6 Not tainted 5.3.0-rc7-dbg+ #1 +Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 +Workqueue: iw_cm_wq cm_work_handler [iw_cm] +Call Trace: + dump_stack+0x8a/0xd6 + __lock_acquire.cold+0xe1/0x24d + lock_acquire+0x106/0x240 + __mutex_lock+0x12e/0xcb0 + mutex_lock_nested+0x1f/0x30 + rdma_destroy_id+0x78/0x4a0 [rdma_cm] + iw_conn_req_handler+0x5c9/0x680 [rdma_cm] + cm_work_handler+0xe62/0x1100 [iw_cm] + process_one_work+0x56d/0xac0 + worker_thread+0x7a/0x5d0 + kthread+0x1bc/0x210 + ret_from_fork+0x24/0x30 + +This is not a bug as there are actually two lock classes here. + +Link: https://lore.kernel.org/r/20190930231707.48259-3-bvanassche@acm.org +Fixes: de910bd92137 ("RDMA/cma: Simplify locking needed for serialization of callbacks") +Signed-off-by: Bart Van Assche +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/cma.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c +index a68d0ccf67a43..2e48b59926c19 100644 +--- a/drivers/infiniband/core/cma.c ++++ b/drivers/infiniband/core/cma.c +@@ -2396,9 +2396,10 @@ static int iw_conn_req_handler(struct iw_cm_id *cm_id, + conn_id->cm_id.iw = NULL; + cma_exch(conn_id, RDMA_CM_DESTROYING); + mutex_unlock(&conn_id->handler_mutex); ++ mutex_unlock(&listen_id->handler_mutex); + cma_deref_id(conn_id); + rdma_destroy_id(&conn_id->id); +- goto out; ++ return ret; + } + + mutex_unlock(&conn_id->handler_mutex); +-- +2.20.1 + diff --git a/queue-5.3/rdma-mlx5-add-missing-synchronize_srcu-for-mw-cases.patch b/queue-5.3/rdma-mlx5-add-missing-synchronize_srcu-for-mw-cases.patch new file mode 100644 index 00000000000..b1411158376 --- /dev/null +++ b/queue-5.3/rdma-mlx5-add-missing-synchronize_srcu-for-mw-cases.patch @@ -0,0 +1,207 @@ +From 77caeb94a2b162f7f814fccb191887c87ca405c9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 12:38:21 -0300 +Subject: RDMA/mlx5: Add missing synchronize_srcu() for MW cases + +From: Jason Gunthorpe + +[ Upstream commit 0417791536ae1e28d7f0418f1d20048ec4d3c6cf ] + +While MR uses live as the SRCU 'update', the MW case uses the xarray +directly, xa_erase() causes the MW to become inaccessible to the pagefault +thread. + +Thus whenever a MW is removed from the xarray we must synchronize_srcu() +before freeing it. + +This must be done before freeing the mkey as re-use of the mkey while the +pagefault thread is using the stale mkey is undesirable. + +Add the missing synchronizes to MW and DEVX indirect mkey and delete the +bogus protection against double destroy in mlx5_core_destroy_mkey() + +Fixes: 534fd7aac56a ("IB/mlx5: Manage indirection mkey upon DEVX flow for ODP") +Fixes: 6aec21f6a832 ("IB/mlx5: Page faults handling infrastructure") +Link: https://lore.kernel.org/r/20191001153821.23621-7-jgg@ziepe.ca +Reviewed-by: Artemy Kovalyov +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/mlx5/devx.c | 58 ++++++-------------- + drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 - + drivers/infiniband/hw/mlx5/mr.c | 21 +++++-- + drivers/net/ethernet/mellanox/mlx5/core/mr.c | 8 +-- + 4 files changed, 33 insertions(+), 55 deletions(-) + +diff --git a/drivers/infiniband/hw/mlx5/devx.c b/drivers/infiniband/hw/mlx5/devx.c +index af5bbb35c0589..ef7ba0133d28a 100644 +--- a/drivers/infiniband/hw/mlx5/devx.c ++++ b/drivers/infiniband/hw/mlx5/devx.c +@@ -1275,29 +1275,6 @@ static int devx_handle_mkey_create(struct mlx5_ib_dev *dev, + return 0; + } + +-static void devx_free_indirect_mkey(struct rcu_head *rcu) +-{ +- kfree(container_of(rcu, struct devx_obj, devx_mr.rcu)); +-} +- +-/* This function to delete from the radix tree needs to be called before +- * destroying the underlying mkey. Otherwise a race might occur in case that +- * other thread will get the same mkey before this one will be deleted, +- * in that case it will fail via inserting to the tree its own data. +- * +- * Note: +- * An error in the destroy is not expected unless there is some other indirect +- * mkey which points to this one. In a kernel cleanup flow it will be just +- * destroyed in the iterative destruction call. In a user flow, in case +- * the application didn't close in the expected order it's its own problem, +- * the mkey won't be part of the tree, in both cases the kernel is safe. +- */ +-static void devx_cleanup_mkey(struct devx_obj *obj) +-{ +- xa_erase(&obj->ib_dev->mdev->priv.mkey_table, +- mlx5_base_mkey(obj->devx_mr.mmkey.key)); +-} +- + static void devx_cleanup_subscription(struct mlx5_ib_dev *dev, + struct devx_event_subscription *sub) + { +@@ -1339,8 +1316,16 @@ static int devx_obj_cleanup(struct ib_uobject *uobject, + int ret; + + dev = mlx5_udata_to_mdev(&attrs->driver_udata); +- if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) +- devx_cleanup_mkey(obj); ++ if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) { ++ /* ++ * The pagefault_single_data_segment() does commands against ++ * the mmkey, we must wait for that to stop before freeing the ++ * mkey, as another allocation could get the same mkey #. ++ */ ++ xa_erase(&obj->ib_dev->mdev->priv.mkey_table, ++ mlx5_base_mkey(obj->devx_mr.mmkey.key)); ++ synchronize_srcu(&dev->mr_srcu); ++ } + + if (obj->flags & DEVX_OBJ_FLAGS_DCT) + ret = mlx5_core_destroy_dct(obj->ib_dev->mdev, &obj->core_dct); +@@ -1359,12 +1344,6 @@ static int devx_obj_cleanup(struct ib_uobject *uobject, + devx_cleanup_subscription(dev, sub_entry); + mutex_unlock(&devx_event_table->event_xa_lock); + +- if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) { +- call_srcu(&dev->mr_srcu, &obj->devx_mr.rcu, +- devx_free_indirect_mkey); +- return ret; +- } +- + kfree(obj); + return ret; + } +@@ -1468,26 +1447,21 @@ static int UVERBS_HANDLER(MLX5_IB_METHOD_DEVX_OBJ_CREATE)( + &obj_id); + WARN_ON(obj->dinlen > MLX5_MAX_DESTROY_INBOX_SIZE_DW * sizeof(u32)); + +- if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) { +- err = devx_handle_mkey_indirect(obj, dev, cmd_in, cmd_out); +- if (err) +- goto obj_destroy; +- } +- + err = uverbs_copy_to(attrs, MLX5_IB_ATTR_DEVX_OBJ_CREATE_CMD_OUT, cmd_out, cmd_out_len); + if (err) +- goto err_copy; ++ goto obj_destroy; + + if (opcode == MLX5_CMD_OP_CREATE_GENERAL_OBJECT) + obj_type = MLX5_GET(general_obj_in_cmd_hdr, cmd_in, obj_type); +- + obj->obj_id = get_enc_obj_id(opcode | obj_type << 16, obj_id); + ++ if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) { ++ err = devx_handle_mkey_indirect(obj, dev, cmd_in, cmd_out); ++ if (err) ++ goto obj_destroy; ++ } + return 0; + +-err_copy: +- if (obj->flags & DEVX_OBJ_FLAGS_INDIRECT_MKEY) +- devx_cleanup_mkey(obj); + obj_destroy: + if (obj->flags & DEVX_OBJ_FLAGS_DCT) + mlx5_core_destroy_dct(obj->ib_dev->mdev, &obj->core_dct); +diff --git a/drivers/infiniband/hw/mlx5/mlx5_ib.h b/drivers/infiniband/hw/mlx5/mlx5_ib.h +index 9ae587b74b121..43c7353b98123 100644 +--- a/drivers/infiniband/hw/mlx5/mlx5_ib.h ++++ b/drivers/infiniband/hw/mlx5/mlx5_ib.h +@@ -638,7 +638,6 @@ struct mlx5_ib_mw { + struct mlx5_ib_devx_mr { + struct mlx5_core_mkey mmkey; + int ndescs; +- struct rcu_head rcu; + }; + + struct mlx5_ib_umr_context { +diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c +index 96c8a6835592d..c15d05f61cc7b 100644 +--- a/drivers/infiniband/hw/mlx5/mr.c ++++ b/drivers/infiniband/hw/mlx5/mr.c +@@ -1970,14 +1970,25 @@ free: + + int mlx5_ib_dealloc_mw(struct ib_mw *mw) + { ++ struct mlx5_ib_dev *dev = to_mdev(mw->device); + struct mlx5_ib_mw *mmw = to_mmw(mw); + int err; + +- err = mlx5_core_destroy_mkey((to_mdev(mw->device))->mdev, +- &mmw->mmkey); +- if (!err) +- kfree(mmw); +- return err; ++ if (IS_ENABLED(CONFIG_INFINIBAND_ON_DEMAND_PAGING)) { ++ xa_erase(&dev->mdev->priv.mkey_table, ++ mlx5_base_mkey(mmw->mmkey.key)); ++ /* ++ * pagefault_single_data_segment() may be accessing mmw under ++ * SRCU if the user bound an ODP MR to this MW. ++ */ ++ synchronize_srcu(&dev->mr_srcu); ++ } ++ ++ err = mlx5_core_destroy_mkey(dev->mdev, &mmw->mmkey); ++ if (err) ++ return err; ++ kfree(mmw); ++ return 0; + } + + int mlx5_ib_check_mr_status(struct ib_mr *ibmr, u32 check_mask, +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mr.c b/drivers/net/ethernet/mellanox/mlx5/core/mr.c +index 9231b39d18b21..c501bf2a02521 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/mr.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/mr.c +@@ -112,17 +112,11 @@ int mlx5_core_destroy_mkey(struct mlx5_core_dev *dev, + u32 out[MLX5_ST_SZ_DW(destroy_mkey_out)] = {0}; + u32 in[MLX5_ST_SZ_DW(destroy_mkey_in)] = {0}; + struct xarray *mkeys = &dev->priv.mkey_table; +- struct mlx5_core_mkey *deleted_mkey; + unsigned long flags; + + xa_lock_irqsave(mkeys, flags); +- deleted_mkey = __xa_erase(mkeys, mlx5_base_mkey(mkey->key)); ++ __xa_erase(mkeys, mlx5_base_mkey(mkey->key)); + xa_unlock_irqrestore(mkeys, flags); +- if (!deleted_mkey) { +- mlx5_core_dbg(dev, "failed xarray delete of mkey 0x%x\n", +- mlx5_base_mkey(mkey->key)); +- return -ENOENT; +- } + + MLX5_SET(destroy_mkey_in, in, opcode, MLX5_CMD_OP_DESTROY_MKEY); + MLX5_SET(destroy_mkey_in, in, mkey_index, mlx5_mkey_to_idx(mkey->key)); +-- +2.20.1 + diff --git a/queue-5.3/rdma-mlx5-do-not-allow-rereg-of-a-odp-mr.patch b/queue-5.3/rdma-mlx5-do-not-allow-rereg-of-a-odp-mr.patch new file mode 100644 index 00000000000..8571d28bb3e --- /dev/null +++ b/queue-5.3/rdma-mlx5-do-not-allow-rereg-of-a-odp-mr.patch @@ -0,0 +1,56 @@ +From 9fcc15bb17eb3749c37a78a46451c42e31e458ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 12:38:16 -0300 +Subject: RDMA/mlx5: Do not allow rereg of a ODP MR + +From: Jason Gunthorpe + +[ Upstream commit 880505cfef1d086d18b59d2920eb2160429ffa1f ] + +This code is completely broken, the umem of a ODP MR simply cannot be +discarded without a lot more locking, nor can an ODP mkey be blithely +destroyed via destroy_mkey(). + +Fixes: 6aec21f6a832 ("IB/mlx5: Page faults handling infrastructure") +Link: https://lore.kernel.org/r/20191001153821.23621-2-jgg@ziepe.ca +Reviewed-by: Artemy Kovalyov +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/mlx5/mr.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c +index 3401f5f6792e6..c4ba8838d2c46 100644 +--- a/drivers/infiniband/hw/mlx5/mr.c ++++ b/drivers/infiniband/hw/mlx5/mr.c +@@ -1423,6 +1423,9 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, + if (!mr->umem) + return -EINVAL; + ++ if (is_odp_mr(mr)) ++ return -EOPNOTSUPP; ++ + if (flags & IB_MR_REREG_TRANS) { + addr = virt_addr; + len = length; +@@ -1468,8 +1471,6 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, + } + + mr->allocated_from_cache = 0; +- if (IS_ENABLED(CONFIG_INFINIBAND_ON_DEMAND_PAGING)) +- mr->live = 1; + } else { + /* + * Send a UMR WQE +@@ -1498,7 +1499,6 @@ int mlx5_ib_rereg_user_mr(struct ib_mr *ib_mr, int flags, u64 start, + + set_mr_fields(dev, mr, npages, len, access_flags); + +- update_odp_mr(mr); + return 0; + + err: +-- +2.20.1 + diff --git a/queue-5.3/rdma-mlx5-order-num_pending_prefetch-properly-with-s.patch b/queue-5.3/rdma-mlx5-order-num_pending_prefetch-properly-with-s.patch new file mode 100644 index 00000000000..e5773cf7817 --- /dev/null +++ b/queue-5.3/rdma-mlx5-order-num_pending_prefetch-properly-with-s.patch @@ -0,0 +1,63 @@ +From 7a4669e6de59a30b34cb6db73f9a48f34780a880 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 12:38:19 -0300 +Subject: RDMA/mlx5: Order num_pending_prefetch properly with synchronize_srcu + +From: Jason Gunthorpe + +[ Upstream commit aa116b810ac9077a263ed8679fb4d595f180e0eb ] + +During destroy setting live = 0 and then synchronize_srcu() prevents +num_pending_prefetch from incrementing, and also, ensures that all work +holding that count is queued on the WQ. Testing before causes races of the +form: + + CPU0 CPU1 + dereg_mr() + mlx5_ib_advise_mr_prefetch() + srcu_read_lock() + num_pending_prefetch_inc() + if (!live) + live = 0 + atomic_read() == 0 + // skip flush_workqueue() + atomic_inc() + queue_work(); + srcu_read_unlock() + WARN_ON(atomic_read()) // Fails + +Swap the order so that the synchronize_srcu() prevents this. + +Fixes: a6bc3875f176 ("IB/mlx5: Protect against prefetch of invalid MR") +Link: https://lore.kernel.org/r/20191001153821.23621-5-jgg@ziepe.ca +Reviewed-by: Artemy Kovalyov +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/mlx5/mr.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/infiniband/hw/mlx5/mr.c b/drivers/infiniband/hw/mlx5/mr.c +index c4ba8838d2c46..96c8a6835592d 100644 +--- a/drivers/infiniband/hw/mlx5/mr.c ++++ b/drivers/infiniband/hw/mlx5/mr.c +@@ -1591,13 +1591,14 @@ static void dereg_mr(struct mlx5_ib_dev *dev, struct mlx5_ib_mr *mr) + */ + mr->live = 0; + ++ /* Wait for all running page-fault handlers to finish. */ ++ synchronize_srcu(&dev->mr_srcu); ++ + /* dequeue pending prefetch requests for the mr */ + if (atomic_read(&mr->num_pending_prefetch)) + flush_workqueue(system_unbound_wq); + WARN_ON(atomic_read(&mr->num_pending_prefetch)); + +- /* Wait for all running page-fault handlers to finish. */ +- synchronize_srcu(&dev->mr_srcu); + /* Destroy all page mappings */ + if (umem_odp->page_list) + mlx5_ib_invalidate_range(umem_odp, +-- +2.20.1 + diff --git a/queue-5.3/rdma-nldev-reshuffle-the-code-to-avoid-need-to-rebin.patch b/queue-5.3/rdma-nldev-reshuffle-the-code-to-avoid-need-to-rebin.patch new file mode 100644 index 00000000000..0ad89e53c3c --- /dev/null +++ b/queue-5.3/rdma-nldev-reshuffle-the-code-to-avoid-need-to-rebin.patch @@ -0,0 +1,62 @@ +From 653c1ba04ee00aaf6e6026ba6c841c312f1ad858 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 14:56:27 +0300 +Subject: RDMA/nldev: Reshuffle the code to avoid need to rebind QP in error + path + +From: Leon Romanovsky + +[ Upstream commit 594e6c5d41ed2471ab0b90f3f0b66cdf618b7ac9 ] + +Properly unwind QP counter rebinding in case of failure. + +Trying to rebind the counter after unbiding it is not going to work +reliably, move the unbind to the end so it doesn't have to be unwound. + +Fixes: b389327df905 ("RDMA/nldev: Allow counter manual mode configration through RDMA netlink") +Link: https://lore.kernel.org/r/20191002115627.16740-1-leon@kernel.org +Reviewed-by: Mark Zhang +Signed-off-by: Leon Romanovsky +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/nldev.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/drivers/infiniband/core/nldev.c b/drivers/infiniband/core/nldev.c +index 91e2cc9ddb9f8..f42e856f30729 100644 +--- a/drivers/infiniband/core/nldev.c ++++ b/drivers/infiniband/core/nldev.c +@@ -1787,10 +1787,6 @@ static int nldev_stat_del_doit(struct sk_buff *skb, struct nlmsghdr *nlh, + + cntn = nla_get_u32(tb[RDMA_NLDEV_ATTR_STAT_COUNTER_ID]); + qpn = nla_get_u32(tb[RDMA_NLDEV_ATTR_RES_LQPN]); +- ret = rdma_counter_unbind_qpn(device, port, qpn, cntn); +- if (ret) +- goto err_unbind; +- + if (fill_nldev_handle(msg, device) || + nla_put_u32(msg, RDMA_NLDEV_ATTR_PORT_INDEX, port) || + nla_put_u32(msg, RDMA_NLDEV_ATTR_STAT_COUNTER_ID, cntn) || +@@ -1799,13 +1795,15 @@ static int nldev_stat_del_doit(struct sk_buff *skb, struct nlmsghdr *nlh, + goto err_fill; + } + ++ ret = rdma_counter_unbind_qpn(device, port, qpn, cntn); ++ if (ret) ++ goto err_fill; ++ + nlmsg_end(msg, nlh); + ib_device_put(device); + return rdma_nl_unicast(msg, NETLINK_CB(skb).portid); + + err_fill: +- rdma_counter_bind_qpn(device, port, qpn, cntn); +-err_unbind: + nlmsg_free(msg); + err: + ib_device_put(device); +-- +2.20.1 + diff --git a/queue-5.3/rdma-siw-fix-serialization-issue-in-write_space.patch b/queue-5.3/rdma-siw-fix-serialization-issue-in-write_space.patch new file mode 100644 index 00000000000..07b0cf41aef --- /dev/null +++ b/queue-5.3/rdma-siw-fix-serialization-issue-in-write_space.patch @@ -0,0 +1,109 @@ +From 8b2f4a748eb0d2651e94e5ebcd8deb80305d48c9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 15:41:12 +0530 +Subject: RDMA/siw: Fix serialization issue in write_space() + +From: Krishnamraju Eraparaju + +[ Upstream commit df791c54d627bae53c9be3be40a69594c55de487 ] + +In siw_qp_llp_write_space(), 'sock' members should be accessed with +sk_callback_lock held, otherwise, it could race with +siw_sk_restore_upcalls(). And this could cause "NULL deref" panic. Below +panic is due to the NULL cep returned from sk_to_cep(sk): + + Call Trace: + siw_qp_llp_write_space+0x11/0x40 [siw] + tcp_check_space+0x4c/0xf0 + tcp_rcv_established+0x52b/0x630 + tcp_v4_do_rcv+0xf4/0x1e0 + tcp_v4_rcv+0x9b8/0xab0 + ip_protocol_deliver_rcu+0x2c/0x1c0 + ip_local_deliver_finish+0x44/0x50 + ip_local_deliver+0x6b/0xf0 + ? ip_protocol_deliver_rcu+0x1c0/0x1c0 + ip_rcv+0x52/0xd0 + ? ip_rcv_finish_core.isra.14+0x390/0x390 + __netif_receive_skb_one_core+0x83/0xa0 + netif_receive_skb_internal+0x73/0xb0 + napi_gro_frags+0x1ff/0x2b0 + t4_ethrx_handler+0x4a7/0x740 [cxgb4] + process_responses+0x2c9/0x590 [cxgb4] + ? t4_sge_intr_msix+0x1d/0x30 [cxgb4] + ? handle_irq_event_percpu+0x51/0x70 + ? handle_irq_event+0x41/0x60 + ? handle_edge_irq+0x97/0x1a0 + napi_rx_handler+0x14/0xe0 [cxgb4] + net_rx_action+0x2af/0x410 + __do_softirq+0xda/0x2a8 + do_softirq_own_stack+0x2a/0x40 + + do_softirq+0x50/0x60 + __local_bh_enable_ip+0x50/0x60 + ip_finish_output2+0x18f/0x520 + ip_output+0x6e/0xf0 + ? __ip_finish_output+0x1f0/0x1f0 + __ip_queue_xmit+0x14f/0x3d0 + ? __slab_alloc+0x4b/0x58 + __tcp_transmit_skb+0x57d/0xa60 + tcp_write_xmit+0x23b/0xfd0 + __tcp_push_pending_frames+0x2e/0xf0 + tcp_sendmsg_locked+0x939/0xd50 + tcp_sendmsg+0x27/0x40 + sock_sendmsg+0x57/0x80 + siw_tx_hdt+0x894/0xb20 [siw] + ? find_busiest_group+0x3e/0x5b0 + ? common_interrupt+0xa/0xf + ? common_interrupt+0xa/0xf + ? common_interrupt+0xa/0xf + siw_qp_sq_process+0xf1/0xe60 [siw] + ? __wake_up_common_lock+0x87/0xc0 + siw_sq_resume+0x33/0xe0 [siw] + siw_run_sq+0xac/0x190 [siw] + ? remove_wait_queue+0x60/0x60 + kthread+0xf8/0x130 + ? siw_sq_resume+0xe0/0xe0 [siw] + ? kthread_bind+0x10/0x10 + ret_from_fork+0x35/0x40 + +Fixes: f29dd55b0236 ("rdma/siw: queue pair methods") +Link: https://lore.kernel.org/r/20190923101112.32685-1-krishna2@chelsio.com +Signed-off-by: Krishnamraju Eraparaju +Reviewed-by: Bernard Metzler +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/sw/siw/siw_qp.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/drivers/infiniband/sw/siw/siw_qp.c b/drivers/infiniband/sw/siw/siw_qp.c +index 430314c8abd94..52d402f39df93 100644 +--- a/drivers/infiniband/sw/siw/siw_qp.c ++++ b/drivers/infiniband/sw/siw/siw_qp.c +@@ -182,12 +182,19 @@ void siw_qp_llp_close(struct siw_qp *qp) + */ + void siw_qp_llp_write_space(struct sock *sk) + { +- struct siw_cep *cep = sk_to_cep(sk); ++ struct siw_cep *cep; + +- cep->sk_write_space(sk); ++ read_lock(&sk->sk_callback_lock); ++ ++ cep = sk_to_cep(sk); ++ if (cep) { ++ cep->sk_write_space(sk); + +- if (!test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) +- (void)siw_sq_start(cep->qp); ++ if (!test_bit(SOCK_NOSPACE, &sk->sk_socket->flags)) ++ (void)siw_sq_start(cep->qp); ++ } ++ ++ read_unlock(&sk->sk_callback_lock); + } + + static int siw_qp_readq_init(struct siw_qp *qp, int irq_size, int orq_size) +-- +2.20.1 + diff --git a/queue-5.3/riscv-avoid-kernel-hangs-when-trapped-in-bug.patch b/queue-5.3/riscv-avoid-kernel-hangs-when-trapped-in-bug.patch new file mode 100644 index 00000000000..9c29dd9e7d2 --- /dev/null +++ b/queue-5.3/riscv-avoid-kernel-hangs-when-trapped-in-bug.patch @@ -0,0 +1,58 @@ +From 8e6eb29bfc27b43f3ba4d09e4b4cc6fecf33ad2d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 08:45:14 +0800 +Subject: riscv: avoid kernel hangs when trapped in BUG() + +From: Vincent Chen + +[ Upstream commit 8b04825ed205da38754f86f4c07ea8600d8c2a65 ] + +When the CONFIG_GENERIC_BUG is disabled by disabling CONFIG_BUG, if a +kernel thread is trapped by BUG(), the whole system will be in the +loop that infinitely handles the ebreak exception instead of entering the +die function. To fix this problem, the do_trap_break() will always call +the die() to deal with the break exception as the type of break is +BUG_TRAP_TYPE_BUG. + +Signed-off-by: Vincent Chen +Reviewed-by: Christoph Hellwig +Signed-off-by: Paul Walmsley +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 424eb72d56b10..055a937aca70a 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -124,23 +124,23 @@ static inline unsigned long get_break_insn_length(unsigned long pc) + + asmlinkage void do_trap_break(struct pt_regs *regs) + { +-#ifdef CONFIG_GENERIC_BUG + if (!user_mode(regs)) { + enum bug_trap_type type; + + type = report_bug(regs->sepc, regs); + switch (type) { ++#ifdef CONFIG_GENERIC_BUG + case BUG_TRAP_TYPE_NONE: + break; + case BUG_TRAP_TYPE_WARN: + regs->sepc += get_break_insn_length(regs->sepc); + break; + case BUG_TRAP_TYPE_BUG: ++#endif /* CONFIG_GENERIC_BUG */ ++ default: + die(regs, "Kernel BUG"); + } + } +-#endif /* CONFIG_GENERIC_BUG */ +- + force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)(regs->sepc)); + } + +-- +2.20.1 + diff --git a/queue-5.3/riscv-avoid-sending-a-sigtrap-to-a-user-thread-trapp.patch b/queue-5.3/riscv-avoid-sending-a-sigtrap-to-a-user-thread-trapp.patch new file mode 100644 index 00000000000..e61c741c803 --- /dev/null +++ b/queue-5.3/riscv-avoid-sending-a-sigtrap-to-a-user-thread-trapp.patch @@ -0,0 +1,39 @@ +From 2632145a6c67fb5660d14892919785118dc6cc4e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 08:45:15 +0800 +Subject: riscv: avoid sending a SIGTRAP to a user thread trapped in WARN() + +From: Vincent Chen + +[ Upstream commit e0c0fc18f10d5080cddde0e81505fd3e952c20c4 ] + +On RISC-V, when the kernel runs code on behalf of a user thread, and the +kernel executes a WARN() or WARN_ON(), the user thread will be sent +a bogus SIGTRAP. Fix the RISC-V kernel code to not send a SIGTRAP when +a WARN()/WARN_ON() is executed. + +Signed-off-by: Vincent Chen +Reviewed-by: Christoph Hellwig +[paul.walmsley@sifive.com: fixed subject] +Signed-off-by: Paul Walmsley +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 055a937aca70a..82f42a55451eb 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -134,7 +134,7 @@ asmlinkage void do_trap_break(struct pt_regs *regs) + break; + case BUG_TRAP_TYPE_WARN: + regs->sepc += get_break_insn_length(regs->sepc); +- break; ++ return; + case BUG_TRAP_TYPE_BUG: + #endif /* CONFIG_GENERIC_BUG */ + default: +-- +2.20.1 + diff --git a/queue-5.3/riscv-correct-the-handling-of-unexpected-ebreak-in-d.patch b/queue-5.3/riscv-correct-the-handling-of-unexpected-ebreak-in-d.patch new file mode 100644 index 00000000000..794a5ba97e3 --- /dev/null +++ b/queue-5.3/riscv-correct-the-handling-of-unexpected-ebreak-in-d.patch @@ -0,0 +1,57 @@ +From 5870580f8ee2841a56124f1d180cc3f031549fe4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 08:45:16 +0800 +Subject: riscv: Correct the handling of unexpected ebreak in do_trap_break() + +From: Vincent Chen + +[ Upstream commit 8bb0daef64e5a92db63ad1d3bbf9e280a7b3612a ] + +For the kernel space, all ebreak instructions are determined at compile +time because the kernel space debugging module is currently unsupported. +Hence, it should be treated as a bug if an ebreak instruction which does +not belong to BUG_TRAP_TYPE_WARN or BUG_TRAP_TYPE_BUG is executed in +kernel space. For the userspace, debugging module or user problem may +intentionally insert an ebreak instruction to trigger a SIGTRAP signal. +To approach the above two situations, the do_trap_break() will direct +the BUG_TRAP_TYPE_NONE ebreak exception issued in kernel space to die() +and will send a SIGTRAP to the trapped process only when the ebreak is +in userspace. + +Signed-off-by: Vincent Chen +Reviewed-by: Christoph Hellwig +[paul.walmsley@sifive.com: fixed checkpatch issue] +Signed-off-by: Paul Walmsley +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/traps.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/riscv/kernel/traps.c b/arch/riscv/kernel/traps.c +index 82f42a55451eb..93742df9067fb 100644 +--- a/arch/riscv/kernel/traps.c ++++ b/arch/riscv/kernel/traps.c +@@ -130,8 +130,6 @@ asmlinkage void do_trap_break(struct pt_regs *regs) + type = report_bug(regs->sepc, regs); + switch (type) { + #ifdef CONFIG_GENERIC_BUG +- case BUG_TRAP_TYPE_NONE: +- break; + case BUG_TRAP_TYPE_WARN: + regs->sepc += get_break_insn_length(regs->sepc); + return; +@@ -140,8 +138,10 @@ asmlinkage void do_trap_break(struct pt_regs *regs) + default: + die(regs, "Kernel BUG"); + } ++ } else { ++ force_sig_fault(SIGTRAP, TRAP_BRKPT, ++ (void __user *)(regs->sepc)); + } +- force_sig_fault(SIGTRAP, TRAP_BRKPT, (void __user *)(regs->sepc)); + } + + #ifdef CONFIG_GENERIC_BUG +-- +2.20.1 + diff --git a/queue-5.3/s390-cio-fix-virtio-ccw-dma-without-pv.patch b/queue-5.3/s390-cio-fix-virtio-ccw-dma-without-pv.patch new file mode 100644 index 00000000000..b359fd23019 --- /dev/null +++ b/queue-5.3/s390-cio-fix-virtio-ccw-dma-without-pv.patch @@ -0,0 +1,92 @@ +From 33ef2c5563ded3af7b262267f3c4d3bc26c27abd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 17:38:02 +0200 +Subject: s390/cio: fix virtio-ccw DMA without PV + +From: Halil Pasic + +[ Upstream commit 05668e1d74b84c53fbe0f28565e4c9502a6b8a67 ] + +Commit 37db8985b211 ("s390/cio: add basic protected virtualization +support") breaks virtio-ccw devices with VIRTIO_F_IOMMU_PLATFORM for non +Protected Virtualization (PV) guests. The problem is that the dma_mask +of the ccw device, which is used by virtio core, gets changed from 64 to +31 bit, because some of the DMA allocations do require 31 bit +addressable memory. For PV the only drawback is that some of the virtio +structures must end up in ZONE_DMA because we have the bounce the +buffers mapped via DMA API anyway. + +But for non PV guests we have a problem: because of the 31 bit mask +guests bigger than 2G are likely to try bouncing buffers. The swiotlb +however is only initialized for PV guests, because we don't want to +bounce anything for non PV guests. The first such map kills the guest. + +Since the DMA API won't allow us to specify for each allocation whether +we need memory from ZONE_DMA (31 bit addressable) or any DMA capable +memory will do, let us use coherent_dma_mask (which is used for +allocations) to force allocating form ZONE_DMA while changing dma_mask +to DMA_BIT_MASK(64) so that at least the streaming API will regard +the whole memory DMA capable. + +Signed-off-by: Halil Pasic +Reported-by: Marc Hartmayer +Suggested-by: Robin Murphy +Fixes: 37db8985b211 ("s390/cio: add basic protected virtualization support") +Link: https://lore.kernel.org/lkml/20190930153803.7958-1-pasic@linux.ibm.com +Reviewed-by: Christoph Hellwig +Reviewed-by: Cornelia Huck +Signed-off-by: Christian Borntraeger +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + drivers/s390/cio/cio.h | 1 + + drivers/s390/cio/css.c | 7 ++++++- + drivers/s390/cio/device.c | 2 +- + 3 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/drivers/s390/cio/cio.h b/drivers/s390/cio/cio.h +index ba7d2480613b9..dcdaba689b20c 100644 +--- a/drivers/s390/cio/cio.h ++++ b/drivers/s390/cio/cio.h +@@ -113,6 +113,7 @@ struct subchannel { + enum sch_todo todo; + struct work_struct todo_work; + struct schib_config config; ++ u64 dma_mask; + char *driver_override; /* Driver name to force a match */ + } __attribute__ ((aligned(8))); + +diff --git a/drivers/s390/cio/css.c b/drivers/s390/cio/css.c +index 1fbfb0a93f5f1..831850435c23b 100644 +--- a/drivers/s390/cio/css.c ++++ b/drivers/s390/cio/css.c +@@ -232,7 +232,12 @@ struct subchannel *css_alloc_subchannel(struct subchannel_id schid, + * belong to a subchannel need to fit 31 bit width (e.g. ccw). + */ + sch->dev.coherent_dma_mask = DMA_BIT_MASK(31); +- sch->dev.dma_mask = &sch->dev.coherent_dma_mask; ++ /* ++ * But we don't have such restrictions imposed on the stuff that ++ * is handled by the streaming API. ++ */ ++ sch->dma_mask = DMA_BIT_MASK(64); ++ sch->dev.dma_mask = &sch->dma_mask; + return sch; + + err: +diff --git a/drivers/s390/cio/device.c b/drivers/s390/cio/device.c +index c421899be20f2..027ef1dde5a7a 100644 +--- a/drivers/s390/cio/device.c ++++ b/drivers/s390/cio/device.c +@@ -710,7 +710,7 @@ static struct ccw_device * io_subchannel_allocate_dev(struct subchannel *sch) + if (!cdev->private) + goto err_priv; + cdev->dev.coherent_dma_mask = sch->dev.coherent_dma_mask; +- cdev->dev.dma_mask = &cdev->dev.coherent_dma_mask; ++ cdev->dev.dma_mask = sch->dev.dma_mask; + dma_pool = cio_gp_dma_create(&cdev->dev, 1); + if (!dma_pool) + goto err_dma_pool; +-- +2.20.1 + diff --git a/queue-5.3/s390-uaccess-avoid-false-positive-compiler-warnings.patch b/queue-5.3/s390-uaccess-avoid-false-positive-compiler-warnings.patch new file mode 100644 index 00000000000..d65108a8e6d --- /dev/null +++ b/queue-5.3/s390-uaccess-avoid-false-positive-compiler-warnings.patch @@ -0,0 +1,60 @@ +From af6111e7add5679f0ad5927d0d51d9d0a3ea0abe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Oct 2019 17:02:32 +0200 +Subject: s390/uaccess: avoid (false positive) compiler warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian Borntraeger + +[ Upstream commit 062795fcdcb2d22822fb42644b1d76a8ad8439b3 ] + +Depending on inlining decisions by the compiler, __get/put_user_fn +might become out of line. Then the compiler is no longer able to tell +that size can only be 1,2,4 or 8 due to the check in __get/put_user +resulting in false positives like + +./arch/s390/include/asm/uaccess.h: In function ‘__put_user_fn’: +./arch/s390/include/asm/uaccess.h:113:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized] + 113 | return rc; + | ^~ +./arch/s390/include/asm/uaccess.h: In function ‘__get_user_fn’: +./arch/s390/include/asm/uaccess.h:143:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized] + 143 | return rc; + | ^~ + +These functions are supposed to be always inlined. Mark it as such. + +Signed-off-by: Christian Borntraeger +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/include/asm/uaccess.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h +index bd2fd9a7821da..a470f1fa9f2af 100644 +--- a/arch/s390/include/asm/uaccess.h ++++ b/arch/s390/include/asm/uaccess.h +@@ -83,7 +83,7 @@ raw_copy_to_user(void __user *to, const void *from, unsigned long n); + __rc; \ + }) + +-static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) ++static __always_inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) + { + unsigned long spec = 0x010000UL; + int rc; +@@ -113,7 +113,7 @@ static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) + return rc; + } + +-static inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size) ++static __always_inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size) + { + unsigned long spec = 0x01UL; + int rc; +-- +2.20.1 + diff --git a/queue-5.3/sched-fair-scale-bandwidth-quota-and-period-without-.patch b/queue-5.3/sched-fair-scale-bandwidth-quota-and-period-without-.patch new file mode 100644 index 00000000000..9dfb137b1b6 --- /dev/null +++ b/queue-5.3/sched-fair-scale-bandwidth-quota-and-period-without-.patch @@ -0,0 +1,112 @@ +From f29ed0830a0c361e2a3b6c6b03335507f880e7aa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Oct 2019 17:12:43 -0700 +Subject: sched/fair: Scale bandwidth quota and period without losing + quota/period ratio precision + +From: Xuewei Zhang + +[ Upstream commit 4929a4e6faa0f13289a67cae98139e727f0d4a97 ] + +The quota/period ratio is used to ensure a child task group won't get +more bandwidth than the parent task group, and is calculated as: + + normalized_cfs_quota() = [(quota_us << 20) / period_us] + +If the quota/period ratio was changed during this scaling due to +precision loss, it will cause inconsistency between parent and child +task groups. + +See below example: + +A userspace container manager (kubelet) does three operations: + + 1) Create a parent cgroup, set quota to 1,000us and period to 10,000us. + 2) Create a few children cgroups. + 3) Set quota to 1,000us and period to 10,000us on a child cgroup. + +These operations are expected to succeed. However, if the scaling of +147/128 happens before step 3, quota and period of the parent cgroup +will be changed: + + new_quota: 1148437ns, 1148us + new_period: 11484375ns, 11484us + +And when step 3 comes in, the ratio of the child cgroup will be +104857, which will be larger than the parent cgroup ratio (104821), +and will fail. + +Scaling them by a factor of 2 will fix the problem. + +Tested-by: Phil Auld +Signed-off-by: Xuewei Zhang +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Phil Auld +Cc: Anton Blanchard +Cc: Ben Segall +Cc: Dietmar Eggemann +Cc: Juri Lelli +Cc: Linus Torvalds +Cc: Mel Gorman +Cc: Peter Zijlstra +Cc: Steven Rostedt +Cc: Thomas Gleixner +Cc: Vincent Guittot +Fixes: 2e8e19226398 ("sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup") +Link: https://lkml.kernel.org/r/20191004001243.140897-1-xueweiz@google.com +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/sched/fair.c | 36 ++++++++++++++++++++++-------------- + 1 file changed, 22 insertions(+), 14 deletions(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 86cfc5d5129ce..16b5d29bd7300 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -4995,20 +4995,28 @@ static enum hrtimer_restart sched_cfs_period_timer(struct hrtimer *timer) + if (++count > 3) { + u64 new, old = ktime_to_ns(cfs_b->period); + +- new = (old * 147) / 128; /* ~115% */ +- new = min(new, max_cfs_quota_period); +- +- cfs_b->period = ns_to_ktime(new); +- +- /* since max is 1s, this is limited to 1e9^2, which fits in u64 */ +- cfs_b->quota *= new; +- cfs_b->quota = div64_u64(cfs_b->quota, old); +- +- pr_warn_ratelimited( +- "cfs_period_timer[cpu%d]: period too short, scaling up (new cfs_period_us %lld, cfs_quota_us = %lld)\n", +- smp_processor_id(), +- div_u64(new, NSEC_PER_USEC), +- div_u64(cfs_b->quota, NSEC_PER_USEC)); ++ /* ++ * Grow period by a factor of 2 to avoid losing precision. ++ * Precision loss in the quota/period ratio can cause __cfs_schedulable ++ * to fail. ++ */ ++ new = old * 2; ++ if (new < max_cfs_quota_period) { ++ cfs_b->period = ns_to_ktime(new); ++ cfs_b->quota *= 2; ++ ++ pr_warn_ratelimited( ++ "cfs_period_timer[cpu%d]: period too short, scaling up (new cfs_period_us = %lld, cfs_quota_us = %lld)\n", ++ smp_processor_id(), ++ div_u64(new, NSEC_PER_USEC), ++ div_u64(cfs_b->quota, NSEC_PER_USEC)); ++ } else { ++ pr_warn_ratelimited( ++ "cfs_period_timer[cpu%d]: period too short, but cannot scale up without losing precision (cfs_period_us = %lld, cfs_quota_us = %lld)\n", ++ smp_processor_id(), ++ div_u64(old, NSEC_PER_USEC), ++ div_u64(cfs_b->quota, NSEC_PER_USEC)); ++ } + + /* reset count so we don't come right back in here */ + count = 0; +-- +2.20.1 + diff --git a/queue-5.3/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch b/queue-5.3/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch new file mode 100644 index 00000000000..b8fee705d8c --- /dev/null +++ b/queue-5.3/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch @@ -0,0 +1,79 @@ +From 864384e58e0f0d227c8a759b12884d62d465ae03 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 23:42:42 +0200 +Subject: sched/vtime: Fix guest/system mis-accounting on task switch + +From: Frederic Weisbecker + +[ Upstream commit 68e7a4d66b0ce04bf18ff2ffded5596ab3618585 ] + +vtime_account_system() assumes that the target task to account cputime +to is always the current task. This is most often true indeed except on +task switch where we call: + + vtime_common_task_switch(prev) + vtime_account_system(prev) + +Here prev is the scheduling-out task where we account the cputime to. It +doesn't match current that is already the scheduling-in task at this +stage of the context switch. + +So we end up checking the wrong task flags to determine if we are +accounting guest or system time to the previous task. + +As a result the wrong task is used to check if the target is running in +guest mode. We may then spuriously account or leak either system or +guest time on task switch. + +Fix this assumption and also turn vtime_guest_enter/exit() to use the +task passed in parameter as well to avoid future similar issues. + +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Rik van Riel +Cc: Thomas Gleixner +Cc: Wanpeng Li +Fixes: 2a42eb9594a1 ("sched/cputime: Accumulate vtime on top of nsec clocksource") +Link: https://lkml.kernel.org/r/20190925214242.21873-1-frederic@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/sched/cputime.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c +index 2305ce89a26cf..46ed4e1383e21 100644 +--- a/kernel/sched/cputime.c ++++ b/kernel/sched/cputime.c +@@ -740,7 +740,7 @@ void vtime_account_system(struct task_struct *tsk) + + write_seqcount_begin(&vtime->seqcount); + /* We might have scheduled out from guest path */ +- if (current->flags & PF_VCPU) ++ if (tsk->flags & PF_VCPU) + vtime_account_guest(tsk, vtime); + else + __vtime_account_system(tsk, vtime); +@@ -783,7 +783,7 @@ void vtime_guest_enter(struct task_struct *tsk) + */ + write_seqcount_begin(&vtime->seqcount); + __vtime_account_system(tsk, vtime); +- current->flags |= PF_VCPU; ++ tsk->flags |= PF_VCPU; + write_seqcount_end(&vtime->seqcount); + } + EXPORT_SYMBOL_GPL(vtime_guest_enter); +@@ -794,7 +794,7 @@ void vtime_guest_exit(struct task_struct *tsk) + + write_seqcount_begin(&vtime->seqcount); + vtime_account_guest(tsk, vtime); +- current->flags &= ~PF_VCPU; ++ tsk->flags &= ~PF_VCPU; + write_seqcount_end(&vtime->seqcount); + } + EXPORT_SYMBOL_GPL(vtime_guest_exit); +-- +2.20.1 + diff --git a/queue-5.3/selftests-kselftest-runner.sh-add-45-second-timeout-.patch b/queue-5.3/selftests-kselftest-runner.sh-add-45-second-timeout-.patch new file mode 100644 index 00000000000..902c94cca05 --- /dev/null +++ b/queue-5.3/selftests-kselftest-runner.sh-add-45-second-timeout-.patch @@ -0,0 +1,117 @@ +From ee123f476c05b30fb73d192c0e7546efd803727a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 11:06:44 -0700 +Subject: selftests/kselftest/runner.sh: Add 45 second timeout per test + +From: Kees Cook + +[ Upstream commit 852c8cbf34d3b3130a05c38064dd98614f97d3a8 ] + +Commit a745f7af3cbd ("selftests/harness: Add 30 second timeout per +test") solves the problem of kselftest_harness.h-using binary tests +possibly hanging forever. However, scripts and other binaries can still +hang forever. This adds a global timeout to each test script run. + +To make this configurable (e.g. as needed in the "rtc" test case), +include a new per-test-directory "settings" file (similar to "config") +that can contain kselftest-specific settings. The first recognized field +is "timeout". + +Additionally, this splits the reporting for timeouts into a specific +"TIMEOUT" not-ok (and adds exit code reporting in the remaining case). + +Signed-off-by: Kees Cook +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/kselftest/runner.sh | 36 +++++++++++++++++++-- + tools/testing/selftests/rtc/settings | 1 + + 2 files changed, 34 insertions(+), 3 deletions(-) + create mode 100644 tools/testing/selftests/rtc/settings + +diff --git a/tools/testing/selftests/kselftest/runner.sh b/tools/testing/selftests/kselftest/runner.sh +index 00c9020bdda8b..84de7bc74f2cf 100644 +--- a/tools/testing/selftests/kselftest/runner.sh ++++ b/tools/testing/selftests/kselftest/runner.sh +@@ -3,9 +3,14 @@ + # + # Runs a set of tests in a given subdirectory. + export skip_rc=4 ++export timeout_rc=124 + export logfile=/dev/stdout + export per_test_logging= + ++# Defaults for "settings" file fields: ++# "timeout" how many seconds to let each test run before failing. ++export kselftest_default_timeout=45 ++ + # There isn't a shell-agnostic way to find the path of a sourced file, + # so we must rely on BASE_DIR being set to find other tools. + if [ -z "$BASE_DIR" ]; then +@@ -24,6 +29,16 @@ tap_prefix() + fi + } + ++tap_timeout() ++{ ++ # Make sure tests will time out if utility is available. ++ if [ -x /usr/bin/timeout ] ; then ++ /usr/bin/timeout "$kselftest_timeout" "$1" ++ else ++ "$1" ++ fi ++} ++ + run_one() + { + DIR="$1" +@@ -32,6 +47,18 @@ run_one() + + BASENAME_TEST=$(basename $TEST) + ++ # Reset any "settings"-file variables. ++ export kselftest_timeout="$kselftest_default_timeout" ++ # Load per-test-directory kselftest "settings" file. ++ settings="$BASE_DIR/$DIR/settings" ++ if [ -r "$settings" ] ; then ++ while read line ; do ++ field=$(echo "$line" | cut -d= -f1) ++ value=$(echo "$line" | cut -d= -f2-) ++ eval "kselftest_$field"="$value" ++ done < "$settings" ++ fi ++ + TEST_HDR_MSG="selftests: $DIR: $BASENAME_TEST" + echo "# $TEST_HDR_MSG" + if [ ! -x "$TEST" ]; then +@@ -44,14 +71,17 @@ run_one() + echo "not ok $test_num $TEST_HDR_MSG" + else + cd `dirname $TEST` > /dev/null +- (((((./$BASENAME_TEST 2>&1; echo $? >&3) | ++ ((((( tap_timeout ./$BASENAME_TEST 2>&1; echo $? >&3) | + tap_prefix >&4) 3>&1) | + (read xs; exit $xs)) 4>>"$logfile" && + echo "ok $test_num $TEST_HDR_MSG") || +- (if [ $? -eq $skip_rc ]; then \ ++ (rc=$?; \ ++ if [ $rc -eq $skip_rc ]; then \ + echo "not ok $test_num $TEST_HDR_MSG # SKIP" ++ elif [ $rc -eq $timeout_rc ]; then \ ++ echo "not ok $test_num $TEST_HDR_MSG # TIMEOUT" + else +- echo "not ok $test_num $TEST_HDR_MSG" ++ echo "not ok $test_num $TEST_HDR_MSG # exit=$rc" + fi) + cd - >/dev/null + fi +diff --git a/tools/testing/selftests/rtc/settings b/tools/testing/selftests/rtc/settings +new file mode 100644 +index 0000000000000..ba4d85f74cd6b +--- /dev/null ++++ b/tools/testing/selftests/rtc/settings +@@ -0,0 +1 @@ ++timeout=90 +-- +2.20.1 + diff --git a/queue-5.3/serial-8250_omap-fix-gpio-check-for-auto-rts-cts.patch b/queue-5.3/serial-8250_omap-fix-gpio-check-for-auto-rts-cts.patch new file mode 100644 index 00000000000..27628a73c64 --- /dev/null +++ b/queue-5.3/serial-8250_omap-fix-gpio-check-for-auto-rts-cts.patch @@ -0,0 +1,51 @@ +From 59e17421efeb4696418a05a58433d0c855c979bd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 11:33:12 -0500 +Subject: serial: 8250_omap: Fix gpio check for auto RTS/CTS + +From: Adam Ford + +[ Upstream commit fc64f7abbef2dae7ee4c94702fb3cf9a2be5431a ] + +There are two checks to see if the manual gpio is configured, but +these the check is seeing if the structure is NULL instead it +should check to see if there are CTS and/or RTS pins defined. + +This patch uses checks for those individual pins instead of +checking for the structure itself to restore auto RTS/CTS. + +Signed-off-by: Adam Ford +Reviewed-by: Yegor Yefremov +Link: https://lore.kernel.org/r/20191006163314.23191-2-aford173@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/8250/8250_omap.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/tty/serial/8250/8250_omap.c b/drivers/tty/serial/8250/8250_omap.c +index 3ef65cbd2478a..e4b08077f8757 100644 +--- a/drivers/tty/serial/8250/8250_omap.c ++++ b/drivers/tty/serial/8250/8250_omap.c +@@ -141,7 +141,7 @@ static void omap8250_set_mctrl(struct uart_port *port, unsigned int mctrl) + + serial8250_do_set_mctrl(port, mctrl); + +- if (!up->gpios) { ++ if (!mctrl_gpio_to_gpiod(up->gpios, UART_GPIO_RTS)) { + /* + * Turn off autoRTS if RTS is lowered and restore autoRTS + * setting if RTS is raised +@@ -456,7 +456,8 @@ static void omap_8250_set_termios(struct uart_port *port, + up->port.status &= ~(UPSTAT_AUTOCTS | UPSTAT_AUTORTS | UPSTAT_AUTOXOFF); + + if (termios->c_cflag & CRTSCTS && up->port.flags & UPF_HARD_FLOW && +- !up->gpios) { ++ !mctrl_gpio_to_gpiod(up->gpios, UART_GPIO_RTS) && ++ !mctrl_gpio_to_gpiod(up->gpios, UART_GPIO_CTS)) { + /* Enable AUTOCTS (autoRTS is enabled when RTS is raised) */ + up->port.status |= UPSTAT_AUTOCTS | UPSTAT_AUTORTS; + priv->efr |= UART_EFR_CTS; +-- +2.20.1 + diff --git a/queue-5.3/serial-mctrl_gpio-check-for-null-pointer.patch b/queue-5.3/serial-mctrl_gpio-check-for-null-pointer.patch new file mode 100644 index 00000000000..b1803f8e3d5 --- /dev/null +++ b/queue-5.3/serial-mctrl_gpio-check-for-null-pointer.patch @@ -0,0 +1,40 @@ +From d69f2298df140af3b65979d5455ea869e0e1db9d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 11:33:11 -0500 +Subject: serial: mctrl_gpio: Check for NULL pointer + +From: Adam Ford + +[ Upstream commit 37e3ab00e4734acc15d96b2926aab55c894f4d9c ] + +When using mctrl_gpio_to_gpiod, it dereferences gpios into a single +requested GPIO. This dereferencing can break if gpios is NULL, +so this patch adds a NULL check before dereferencing it. If +gpios is NULL, this function will also return NULL. + +Signed-off-by: Adam Ford +Reviewed-by: Yegor Yefremov +Link: https://lore.kernel.org/r/20191006163314.23191-1-aford173@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/serial_mctrl_gpio.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/tty/serial/serial_mctrl_gpio.c b/drivers/tty/serial/serial_mctrl_gpio.c +index 2b400189be911..54c43e02e3755 100644 +--- a/drivers/tty/serial/serial_mctrl_gpio.c ++++ b/drivers/tty/serial/serial_mctrl_gpio.c +@@ -61,6 +61,9 @@ EXPORT_SYMBOL_GPL(mctrl_gpio_set); + struct gpio_desc *mctrl_gpio_to_gpiod(struct mctrl_gpios *gpios, + enum mctrl_gpio_idx gidx) + { ++ if (gpios == NULL) ++ return NULL; ++ + return gpios->gpio[gidx]; + } + EXPORT_SYMBOL_GPL(mctrl_gpio_to_gpiod); +-- +2.20.1 + diff --git a/queue-5.3/serial-sifive-select-serial_earlycon.patch b/queue-5.3/serial-sifive-select-serial_earlycon.patch new file mode 100644 index 00000000000..5056dfe794a --- /dev/null +++ b/queue-5.3/serial-sifive-select-serial_earlycon.patch @@ -0,0 +1,37 @@ +From 8b69e0be66c462ed6b963f853142d01678290b42 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 07:59:23 +0200 +Subject: serial/sifive: select SERIAL_EARLYCON + +From: Christoph Hellwig + +[ Upstream commit 7e2a165de5a52003d10a611ee3884cdb5c44e8cd ] + +The sifive serial driver implements earlycon support, but unless +another driver is built in that supports earlycon support it won't +be usable. Explicitly select SERIAL_EARLYCON instead. + +Signed-off-by: Christoph Hellwig +Reviewed-by: Paul Walmsley +Link: https://lore.kernel.org/r/20190910055923.28384-1-hch@lst.de +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/tty/serial/Kconfig b/drivers/tty/serial/Kconfig +index 3083dbae35f7e..3b436ccd29dad 100644 +--- a/drivers/tty/serial/Kconfig ++++ b/drivers/tty/serial/Kconfig +@@ -1075,6 +1075,7 @@ config SERIAL_SIFIVE_CONSOLE + bool "Console on SiFive UART" + depends on SERIAL_SIFIVE=y + select SERIAL_CORE_CONSOLE ++ select SERIAL_EARLYCON + help + Select this option if you would like to use a SiFive UART as the + system console. +-- +2.20.1 + diff --git a/queue-5.3/series b/queue-5.3/series new file mode 100644 index 00000000000..9c6b30cbab6 --- /dev/null +++ b/queue-5.3/series @@ -0,0 +1,82 @@ +io_uring-fix-up-o_nonblock-handling-for-sockets.patch +dm-snapshot-introduce-account_start_copy-and-account.patch +dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch +btrfs-fix-inode-cache-block-reserve-leak-on-failure-.patch +btrfs-qgroup-always-free-prealloc-meta-reserve-in-bt.patch +iio-adc-meson_saradc-fix-memory-allocation-order.patch +iio-fix-center-temperature-of-bmc150-accel-core.patch +libsubcmd-make-_fortify_source-defines-dependent-on-.patch +perf-tests-avoid-raising-segv-using-an-obvious-null-.patch +perf-map-fix-overlapped-map-handling.patch +perf-script-brstackinsn-fix-recovery-from-lbr-binary.patch +perf-jevents-fix-period-for-intel-fixed-counters.patch +perf-tools-propagate-get_cpuid-error.patch +perf-annotate-propagate-perf_env__arch-error.patch +perf-annotate-fix-the-signedness-of-failure-returns.patch +perf-annotate-propagate-the-symbol__annotate-error-r.patch +perf-annotate-fix-arch-specific-init-failure-errors.patch +perf-annotate-return-appropriate-error-code-for-allo.patch +perf-annotate-don-t-return-1-for-error-when-doing-bp.patch +staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch +rdma-siw-fix-serialization-issue-in-write_space.patch +rdma-hfi1-prevent-memory-leak-in-sdma_init.patch +rdma-iw_cxgb4-fix-srq-access-from-dump_qp.patch +rdma-iwcm-fix-a-lock-inversion-issue.patch +hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch +kselftest-exclude-failed-targets-from-runlist.patch +selftests-kselftest-runner.sh-add-45-second-timeout-.patch +nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch +arm64-cpufeature-effectively-expose-frint-capability.patch +arm64-fix-incorrect-irqflag-restore-for-priority-mas.patch +arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch +tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch +tty-serial-rda-fix-the-link-time-qualifier-of-rda_ua.patch +serial-sifive-select-serial_earlycon.patch +tty-n_hdlc-fix-build-on-sparc.patch +misc-fastrpc-prevent-memory-leak-in-fastrpc_dma_buf_.patch +rdma-core-fix-an-error-handling-path-in-res_get_comm.patch +rdma-cm-fix-memory-leak-in-cm_add-remove_one.patch +rdma-nldev-reshuffle-the-code-to-avoid-need-to-rebin.patch +rdma-mlx5-do-not-allow-rereg-of-a-odp-mr.patch +rdma-mlx5-order-num_pending_prefetch-properly-with-s.patch +rdma-mlx5-add-missing-synchronize_srcu-for-mw-cases.patch +gpio-max77620-use-correct-unit-for-debounce-times.patch +fs-cifs-mute-wunused-const-variable-message.patch +arm64-vdso32-fix-broken-compat-vdso-build-warnings.patch +arm64-vdso32-detect-binutils-support-for-dmb-ishld.patch +serial-mctrl_gpio-check-for-null-pointer.patch +serial-8250_omap-fix-gpio-check-for-auto-rts-cts.patch +arm64-default-to-building-compat-vdso-with-clang-whe.patch +arm64-vdso32-don-t-use-kbuild_cppflags-unconditional.patch +efi-cper-fix-endianness-of-pcie-class-code.patch +efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch +mips-include-mark-__cmpxchg-as-__always_inline.patch +riscv-avoid-kernel-hangs-when-trapped-in-bug.patch +riscv-avoid-sending-a-sigtrap-to-a-user-thread-trapp.patch +riscv-correct-the-handling-of-unexpected-ebreak-in-d.patch +x86-xen-return-from-panic-notifier.patch +ocfs2-clear-zero-in-unaligned-direct-io.patch +fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch +fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch +fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-19879 +btrfs-silence-maybe-uninitialized-warning-in-clone_r.patch +arm64-armv8_deprecated-checking-return-value-for-mem.patch +x86-cpu-add-comet-lake-to-the-intel-cpu-models-heade.patch +sched-fair-scale-bandwidth-quota-and-period-without-.patch +sched-vtime-fix-guest-system-mis-accounting-on-task-.patch +perf-core-rework-memory-accounting-in-perf_mmap.patch +perf-core-fix-corner-case-in-perf_rotate_context.patch +perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch +drm-amdgpu-fix-memory-leak.patch +iio-imu-adis16400-release-allocated-memory-on-failur.patch +iio-imu-adis16400-fix-memory-leak.patch +iio-imu-st_lsm6dsx-fix-waitime-for-st_lsm6dsx-i2c-co.patch +mips-include-mark-__xchg-as-__always_inline.patch +mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch +s390-cio-fix-virtio-ccw-dma-without-pv.patch +virt-vbox-fix-memory-leak-in-hgcm_call_preprocess_li.patch +nbd-fix-possible-sysfs-duplicate-warning.patch +nfsv4-fix-leak-of-clp-cl_acceptor-string.patch +sunrpc-fix-race-to-sk_err-after-xs_error_report.patch +s390-uaccess-avoid-false-positive-compiler-warnings.patch +tracing-initialize-iter-seq-after-zeroing-in-tracing.patch diff --git a/queue-5.3/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch b/queue-5.3/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch new file mode 100644 index 00000000000..98f0177da2c --- /dev/null +++ b/queue-5.3/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch @@ -0,0 +1,48 @@ +From f6765b6ef73ec23f2d6f282e9af5f9ad2f787ba5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 14:44:15 -0700 +Subject: staging: rtl8188eu: fix null dereference when kzalloc fails + +From: Connor Kuehl + +[ Upstream commit 955c1532a34305f2f780b47f0c40cc7c65500810 ] + +If kzalloc() returns NULL, the error path doesn't stop the flow of +control from entering rtw_hal_read_chip_version() which dereferences the +null pointer. Fix this by adding a 'goto' to the error path to more +gracefully handle the issue and avoid proceeding with initialization +steps that we're no longer prepared to handle. + +Also update the debug message to be more consistent with the other debug +messages in this function. + +Addresses-Coverity: ("Dereference after null check") + +Signed-off-by: Connor Kuehl +Link: https://lore.kernel.org/r/20190927214415.899-1-connor.kuehl@canonical.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +index 664d93a7f90df..4fac9dca798e8 100644 +--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c ++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +@@ -348,8 +348,10 @@ static struct adapter *rtw_usb_if1_init(struct dvobj_priv *dvobj, + } + + padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL); +- if (!padapter->HalData) +- DBG_88E("cant not alloc memory for HAL DATA\n"); ++ if (!padapter->HalData) { ++ DBG_88E("Failed to allocate memory for HAL data\n"); ++ goto free_adapter; ++ } + + /* step read_chip_version */ + rtw_hal_read_chip_version(padapter); +-- +2.20.1 + diff --git a/queue-5.3/sunrpc-fix-race-to-sk_err-after-xs_error_report.patch b/queue-5.3/sunrpc-fix-race-to-sk_err-after-xs_error_report.patch new file mode 100644 index 00000000000..d6093700db1 --- /dev/null +++ b/queue-5.3/sunrpc-fix-race-to-sk_err-after-xs_error_report.patch @@ -0,0 +1,94 @@ +From e18b22ef311b4d9a59f7657fddb4cfd527ca32e3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 10:40:55 -0400 +Subject: SUNRPC: fix race to sk_err after xs_error_report + +From: Benjamin Coddington + +[ Upstream commit af84537dbd1b39505d1f3d8023029b4a59666513 ] + +Since commit 4f8943f80883 ("SUNRPC: Replace direct task wakeups from +softirq context") there has been a race to the value of the sk_err if both +XPRT_SOCK_WAKE_ERROR and XPRT_SOCK_WAKE_DISCONNECT are set. In that case, +we may end up losing the sk_err value that existed when xs_error_report was +called. + +Fix this by reverting to the previous behavior: instead of using SO_ERROR +to retrieve the value at a later time (which might also return sk_err_soft), +copy the sk_err value onto struct sock_xprt, and use that value to wake +pending tasks. + +Signed-off-by: Benjamin Coddington +Fixes: 4f8943f80883 ("SUNRPC: Replace direct task wakeups from softirq context") +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + include/linux/sunrpc/xprtsock.h | 1 + + net/sunrpc/xprtsock.c | 17 ++++++++--------- + 2 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/include/linux/sunrpc/xprtsock.h b/include/linux/sunrpc/xprtsock.h +index 7638dbe7bc500..a940de03808dd 100644 +--- a/include/linux/sunrpc/xprtsock.h ++++ b/include/linux/sunrpc/xprtsock.h +@@ -61,6 +61,7 @@ struct sock_xprt { + struct mutex recv_mutex; + struct sockaddr_storage srcaddr; + unsigned short srcport; ++ int xprt_err; + + /* + * UDP socket buffer size parameters +diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c +index e2176c167a579..4e0b5bed6c737 100644 +--- a/net/sunrpc/xprtsock.c ++++ b/net/sunrpc/xprtsock.c +@@ -1243,19 +1243,21 @@ static void xs_error_report(struct sock *sk) + { + struct sock_xprt *transport; + struct rpc_xprt *xprt; +- int err; + + read_lock_bh(&sk->sk_callback_lock); + if (!(xprt = xprt_from_sock(sk))) + goto out; + + transport = container_of(xprt, struct sock_xprt, xprt); +- err = -sk->sk_err; +- if (err == 0) ++ transport->xprt_err = -sk->sk_err; ++ if (transport->xprt_err == 0) + goto out; + dprintk("RPC: xs_error_report client %p, error=%d...\n", +- xprt, -err); +- trace_rpc_socket_error(xprt, sk->sk_socket, err); ++ xprt, -transport->xprt_err); ++ trace_rpc_socket_error(xprt, sk->sk_socket, transport->xprt_err); ++ ++ /* barrier ensures xprt_err is set before XPRT_SOCK_WAKE_ERROR */ ++ smp_mb__before_atomic(); + xs_run_error_worker(transport, XPRT_SOCK_WAKE_ERROR); + out: + read_unlock_bh(&sk->sk_callback_lock); +@@ -2470,7 +2472,6 @@ static void xs_wake_write(struct sock_xprt *transport) + static void xs_wake_error(struct sock_xprt *transport) + { + int sockerr; +- int sockerr_len = sizeof(sockerr); + + if (!test_bit(XPRT_SOCK_WAKE_ERROR, &transport->sock_state)) + return; +@@ -2479,9 +2480,7 @@ static void xs_wake_error(struct sock_xprt *transport) + goto out; + if (!test_and_clear_bit(XPRT_SOCK_WAKE_ERROR, &transport->sock_state)) + goto out; +- if (kernel_getsockopt(transport->sock, SOL_SOCKET, SO_ERROR, +- (char *)&sockerr, &sockerr_len) != 0) +- goto out; ++ sockerr = xchg(&transport->xprt_err, 0); + if (sockerr < 0) + xprt_wake_pending_tasks(&transport->xprt, sockerr); + out: +-- +2.20.1 + diff --git a/queue-5.3/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch b/queue-5.3/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch new file mode 100644 index 00000000000..169d70b6155 --- /dev/null +++ b/queue-5.3/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch @@ -0,0 +1,82 @@ +From edca011f79376d7a705c8acc214cf492612202ec Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 16:21:34 +0200 +Subject: tracing: Initialize iter->seq after zeroing in tracing_read_pipe() + +From: Petr Mladek + +[ Upstream commit d303de1fcf344ff7c15ed64c3f48a991c9958775 ] + +A customer reported the following softlockup: + +[899688.160002] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [test.sh:16464] +[899688.160002] CPU: 0 PID: 16464 Comm: test.sh Not tainted 4.12.14-6.23-azure #1 SLE12-SP4 +[899688.160002] RIP: 0010:up_write+0x1a/0x30 +[899688.160002] Kernel panic - not syncing: softlockup: hung tasks +[899688.160002] RIP: 0010:up_write+0x1a/0x30 +[899688.160002] RSP: 0018:ffffa86784d4fde8 EFLAGS: 00000257 ORIG_RAX: ffffffffffffff12 +[899688.160002] RAX: ffffffff970fea00 RBX: 0000000000000001 RCX: 0000000000000000 +[899688.160002] RDX: ffffffff00000001 RSI: 0000000000000080 RDI: ffffffff970fea00 +[899688.160002] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 +[899688.160002] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b59014720d8 +[899688.160002] R13: ffff8b59014720c0 R14: ffff8b5901471090 R15: ffff8b5901470000 +[899688.160002] tracing_read_pipe+0x336/0x3c0 +[899688.160002] __vfs_read+0x26/0x140 +[899688.160002] vfs_read+0x87/0x130 +[899688.160002] SyS_read+0x42/0x90 +[899688.160002] do_syscall_64+0x74/0x160 + +It caught the process in the middle of trace_access_unlock(). There is +no loop. So, it must be looping in the caller tracing_read_pipe() +via the "waitagain" label. + +Crashdump analyze uncovered that iter->seq was completely zeroed +at this point, including iter->seq.seq.size. It means that +print_trace_line() was never able to print anything and +there was no forward progress. + +The culprit seems to be in the code: + + /* reset all but tr, trace, and overruns */ + memset(&iter->seq, 0, + sizeof(struct trace_iterator) - + offsetof(struct trace_iterator, seq)); + +It was added by the commit 53d0aa773053ab182877 ("ftrace: +add logic to record overruns"). It was v2.6.27-rc1. +It was the time when iter->seq looked like: + + struct trace_seq { + unsigned char buffer[PAGE_SIZE]; + unsigned int len; + }; + +There was no "size" variable and zeroing was perfectly fine. + +The solution is to reinitialize the structure after or without +zeroing. + +Link: http://lkml.kernel.org/r/20191011142134.11997-1-pmladek@suse.com + +Signed-off-by: Petr Mladek +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 04458ed44a557..a5e27f1c35a1f 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -6012,6 +6012,7 @@ waitagain: + sizeof(struct trace_iterator) - + offsetof(struct trace_iterator, seq)); + cpumask_clear(iter->started); ++ trace_seq_init(&iter->seq); + iter->pos = -1; + + trace_event_read_lock(); +-- +2.20.1 + diff --git a/queue-5.3/tty-n_hdlc-fix-build-on-sparc.patch b/queue-5.3/tty-n_hdlc-fix-build-on-sparc.patch new file mode 100644 index 00000000000..cfea437b437 --- /dev/null +++ b/queue-5.3/tty-n_hdlc-fix-build-on-sparc.patch @@ -0,0 +1,52 @@ +From 9c9012e3b3bba6310a4218f0033855a29d73a6d2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 19:15:12 -0700 +Subject: tty: n_hdlc: fix build on SPARC + +From: Randy Dunlap + +[ Upstream commit 47a7e5e97d4edd7b14974d34f0e5a5560fad2915 ] + +Fix tty driver build on SPARC by not using __exitdata. +It appears that SPARC does not support section .exit.data. + +Fixes these build errors: + +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o + +Reported-by: kbuild test robot +Fixes: 063246641d4a ("format-security: move static strings to const") +Signed-off-by: Randy Dunlap +Cc: Kees Cook +Cc: Greg Kroah-Hartman +Cc: "David S. Miller" +Cc: Andrew Morton +Link: https://lore.kernel.org/r/675e7bd9-955b-3ff3-1101-a973b58b5b75@infradead.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/n_hdlc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c +index e55c79eb64309..98361acd3053f 100644 +--- a/drivers/tty/n_hdlc.c ++++ b/drivers/tty/n_hdlc.c +@@ -968,6 +968,11 @@ static int __init n_hdlc_init(void) + + } /* end of init_module() */ + ++#ifdef CONFIG_SPARC ++#undef __exitdata ++#define __exitdata ++#endif ++ + static const char hdlc_unregister_ok[] __exitdata = + KERN_INFO "N_HDLC: line discipline unregistered\n"; + static const char hdlc_unregister_fail[] __exitdata = +-- +2.20.1 + diff --git a/queue-5.3/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch b/queue-5.3/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch new file mode 100644 index 00000000000..b4f84c95000 --- /dev/null +++ b/queue-5.3/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch @@ -0,0 +1,36 @@ +From 8968da08c2f268e4c383008a394d1971f9944495 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 06:11:29 +0200 +Subject: tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' + +From: Christophe JAILLET + +[ Upstream commit 6264dab6efd6069f0387efb078a9960b5642377b ] + +'exit' functions should be marked as __exit, not __init. + +Fixes: fc60a8b675bd ("tty: serial: owl: Implement console driver") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/20190910041129.6978-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/owl-uart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c +index 29a6dc6a8d23c..73fcc6bdb0312 100644 +--- a/drivers/tty/serial/owl-uart.c ++++ b/drivers/tty/serial/owl-uart.c +@@ -742,7 +742,7 @@ static int __init owl_uart_init(void) + return ret; + } + +-static void __init owl_uart_exit(void) ++static void __exit owl_uart_exit(void) + { + platform_driver_unregister(&owl_uart_platform_driver); + uart_unregister_driver(&owl_uart_driver); +-- +2.20.1 + diff --git a/queue-5.3/tty-serial-rda-fix-the-link-time-qualifier-of-rda_ua.patch b/queue-5.3/tty-serial-rda-fix-the-link-time-qualifier-of-rda_ua.patch new file mode 100644 index 00000000000..13c6a29a1e1 --- /dev/null +++ b/queue-5.3/tty-serial-rda-fix-the-link-time-qualifier-of-rda_ua.patch @@ -0,0 +1,36 @@ +From ee25ae3c07e2c6f9a6775b43493a22cd63f6c26a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 06:17:02 +0200 +Subject: tty: serial: rda: Fix the link time qualifier of 'rda_uart_exit()' + +From: Christophe JAILLET + +[ Upstream commit 5080d127127ac5b610b57900774d9559ae55e817 ] + +'exit' functions should be marked as __exit, not __init. + +Fixes: c10b13325ced ("tty: serial: Add RDA8810PL UART driver") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/20190910041702.7357-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/rda-uart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/serial/rda-uart.c b/drivers/tty/serial/rda-uart.c +index 284623eefaeba..ba5e488a03742 100644 +--- a/drivers/tty/serial/rda-uart.c ++++ b/drivers/tty/serial/rda-uart.c +@@ -817,7 +817,7 @@ static int __init rda_uart_init(void) + return ret; + } + +-static void __init rda_uart_exit(void) ++static void __exit rda_uart_exit(void) + { + platform_driver_unregister(&rda_uart_platform_driver); + uart_unregister_driver(&rda_uart_driver); +-- +2.20.1 + diff --git a/queue-5.3/virt-vbox-fix-memory-leak-in-hgcm_call_preprocess_li.patch b/queue-5.3/virt-vbox-fix-memory-leak-in-hgcm_call_preprocess_li.patch new file mode 100644 index 00000000000..67a099ff66f --- /dev/null +++ b/queue-5.3/virt-vbox-fix-memory-leak-in-hgcm_call_preprocess_li.patch @@ -0,0 +1,49 @@ +From fc23ccbaeeedd4d769fb632256e42b90ab2da7ac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 15:42:22 -0500 +Subject: virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr + +From: Navid Emamdoost + +[ Upstream commit e0b0cb9388642c104838fac100a4af32745621e2 ] + +In hgcm_call_preprocess_linaddr memory is allocated for bounce_buf but +is not released if copy_form_user fails. In order to prevent memory leak +in case of failure, the assignment to bounce_buf_ret is moved before the +error check. This way the allocated bounce_buf will be released by the +caller. + +Fixes: 579db9d45cb4 ("virt: Add vboxguest VMMDEV communication code") +Signed-off-by: Navid Emamdoost +Reviewed-by: Hans de Goede +Link: https://lore.kernel.org/r/20190930204223.3660-1-navid.emamdoost@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/virt/vboxguest/vboxguest_utils.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/virt/vboxguest/vboxguest_utils.c b/drivers/virt/vboxguest/vboxguest_utils.c +index 75fd140b02ff8..43c391626a000 100644 +--- a/drivers/virt/vboxguest/vboxguest_utils.c ++++ b/drivers/virt/vboxguest/vboxguest_utils.c +@@ -220,6 +220,8 @@ static int hgcm_call_preprocess_linaddr( + if (!bounce_buf) + return -ENOMEM; + ++ *bounce_buf_ret = bounce_buf; ++ + if (copy_in) { + ret = copy_from_user(bounce_buf, (void __user *)buf, len); + if (ret) +@@ -228,7 +230,6 @@ static int hgcm_call_preprocess_linaddr( + memset(bounce_buf, 0, len); + } + +- *bounce_buf_ret = bounce_buf; + hgcm_call_add_pagelist_size(bounce_buf, len, extra); + return 0; + } +-- +2.20.1 + diff --git a/queue-5.3/x86-cpu-add-comet-lake-to-the-intel-cpu-models-heade.patch b/queue-5.3/x86-cpu-add-comet-lake-to-the-intel-cpu-models-heade.patch new file mode 100644 index 00000000000..24ae982f1f4 --- /dev/null +++ b/queue-5.3/x86-cpu-add-comet-lake-to-the-intel-cpu-models-heade.patch @@ -0,0 +1,49 @@ +From 5b86882ad42b30ea703a1d70028629e24109fe4a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Oct 2019 08:50:02 -0700 +Subject: x86/cpu: Add Comet Lake to the Intel CPU models header + +From: Kan Liang + +[ Upstream commit 8d7c6ac3b2371eb1cbc9925a88f4d10efff374de ] + +Comet Lake is the new 10th Gen Intel processor. Add two new CPU model +numbers to the Intel family list. + +The CPU model numbers are not published in the SDM yet but they come +from an authoritative internal source. + + [ bp: Touch up commit message. ] + +Signed-off-by: Kan Liang +Signed-off-by: Borislav Petkov +Reviewed-by: Tony Luck +Cc: ak@linux.intel.com +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: x86-ml +Link: https://lkml.kernel.org/r/1570549810-25049-2-git-send-email-kan.liang@linux.intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/intel-family.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h +index 9ae1c0f05fd2d..3525014c71da9 100644 +--- a/arch/x86/include/asm/intel-family.h ++++ b/arch/x86/include/asm/intel-family.h +@@ -76,6 +76,9 @@ + #define INTEL_FAM6_TIGERLAKE_L 0x8C + #define INTEL_FAM6_TIGERLAKE 0x8D + ++#define INTEL_FAM6_COMETLAKE 0xA5 ++#define INTEL_FAM6_COMETLAKE_L 0xA6 ++ + /* "Small Core" Processors (Atom) */ + + #define INTEL_FAM6_ATOM_BONNELL 0x1C /* Diamondville, Pineview */ +-- +2.20.1 + diff --git a/queue-5.3/x86-xen-return-from-panic-notifier.patch b/queue-5.3/x86-xen-return-from-panic-notifier.patch new file mode 100644 index 00000000000..045261455b1 --- /dev/null +++ b/queue-5.3/x86-xen-return-from-panic-notifier.patch @@ -0,0 +1,102 @@ +From f70ddde505e5ee6996c628f3bebc343d5e353c97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 16:44:41 -0400 +Subject: x86/xen: Return from panic notifier + +From: Boris Ostrovsky + +[ Upstream commit c6875f3aacf2a5a913205accddabf0bfb75cac76 ] + +Currently execution of panic() continues until Xen's panic notifier +(xen_panic_event()) is called at which point we make a hypercall that +never returns. + +This means that any notifier that is supposed to be called later as +well as significant part of panic() code (such as pstore writes from +kmsg_dump()) is never executed. + +There is no reason for xen_panic_event() to be this last point in +execution since panic()'s emergency_restart() will call into +xen_emergency_restart() from where we can perform our hypercall. + +Nevertheless, we will provide xen_legacy_crash boot option that will +preserve original behavior during crash. This option could be used, +for example, if running kernel dumper (which happens after panic +notifiers) is undesirable. + +Reported-by: James Dingwall +Signed-off-by: Boris Ostrovsky +Reviewed-by: Juergen Gross +Signed-off-by: Sasha Levin +--- + .../admin-guide/kernel-parameters.txt | 4 +++ + arch/x86/xen/enlighten.c | 28 +++++++++++++++++-- + 2 files changed, 29 insertions(+), 3 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index 4c1971960afa3..5ea005c9e2d60 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -5267,6 +5267,10 @@ + the unplug protocol + never -- do not unplug even if version check succeeds + ++ xen_legacy_crash [X86,XEN] ++ Crash from Xen panic notifier, without executing late ++ panic() code such as dumping handler. ++ + xen_nopvspin [X86,XEN] + Disables the ticketlock slowpath using Xen PV + optimizations. +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index 750f46ad018a0..205b1176084f5 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -269,19 +269,41 @@ void xen_reboot(int reason) + BUG(); + } + ++static int reboot_reason = SHUTDOWN_reboot; ++static bool xen_legacy_crash; + void xen_emergency_restart(void) + { +- xen_reboot(SHUTDOWN_reboot); ++ xen_reboot(reboot_reason); + } + + static int + xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr) + { +- if (!kexec_crash_loaded()) +- xen_reboot(SHUTDOWN_crash); ++ if (!kexec_crash_loaded()) { ++ if (xen_legacy_crash) ++ xen_reboot(SHUTDOWN_crash); ++ ++ reboot_reason = SHUTDOWN_crash; ++ ++ /* ++ * If panic_timeout==0 then we are supposed to wait forever. ++ * However, to preserve original dom0 behavior we have to drop ++ * into hypervisor. (domU behavior is controlled by its ++ * config file) ++ */ ++ if (panic_timeout == 0) ++ panic_timeout = -1; ++ } + return NOTIFY_DONE; + } + ++static int __init parse_xen_legacy_crash(char *arg) ++{ ++ xen_legacy_crash = true; ++ return 0; ++} ++early_param("xen_legacy_crash", parse_xen_legacy_crash); ++ + static struct notifier_block xen_panic_block = { + .notifier_call = xen_panic_event, + .priority = INT_MIN +-- +2.20.1 +