From: Greg Kroah-Hartman Date: Fri, 7 Sep 2018 11:23:12 +0000 (+0200) Subject: 4.18-stable patches X-Git-Tag: v4.18.7~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b927690ec9b9fee5a5ce300e94eb9a47bc935b14;p=thirdparty%2Fkernel%2Fstable-queue.git 4.18-stable patches added patches: acpica-aml-parser-skip-opcodes-that-open-a-scope-upon-parse-failure.patch acpica-clear-status-of-all-events-when-entering-sleep-states.patch alsa-ac97-fix-check-of-pm_runtime_get_sync-failure.patch alsa-ac97-fix-device-initialization-in-the-compat-layer.patch alsa-ac97-fix-unbalanced-pm_runtime_enable.patch arm-dts-am57xx-idk-enable-dual-role-for-usb2-port.patch arm-tegra-fix-tegra30-cardhu-pca954x-reset.patch block-bfq-return-nbytes-and-not-zero-from-struct-cftype-.write-method.patch cpufreq-governor-avoid-accessing-invalid-governor_data.patch cpuidle-menu-handle-stopped-tick-more-aggressively.patch drivers-block-zram-zram_drv.c-fix-bug-storing-backing_dev.patch i2c-designware-re-init-controllers-with-pm_disabled-set-on-resume.patch kvm-ppc-book3s-fix-guest-dma-when-guest-partially-backed-by-thp-pages.patch kvm-vmx-fixes-for-vmentry_l1d_flush-module-parameter.patch nfsd-fix-leaked-file-lock-with-nfs-exported-overlayfs.patch nfsv4-client-live-hangs-after-live-data-migration-recovery.patch nfsv4-fix-a-sleep-in-atomic-context-in-nfs4_callback_sequence.patch nfsv4-fix-locking-in-pnfs_generic_recover_commit_reqs.patch pm-sleep-wakeup-fix-build-error-caused-by-missing-srcu-support.patch pnfs-blocklayout-off-by-one-in-bl_map_stripe.patch sched-idle-avoid-retaining-the-tick-when-it-has-been-stopped.patch xtensa-increase-ranges-in-___invalidate_-i-d-cache_all.patch xtensa-limit-offsets-in-__loop_cache_-all-page.patch --- diff --git a/queue-4.18/acpica-aml-parser-skip-opcodes-that-open-a-scope-upon-parse-failure.patch b/queue-4.18/acpica-aml-parser-skip-opcodes-that-open-a-scope-upon-parse-failure.patch new file mode 100644 index 00000000000..fdeea52280b --- /dev/null +++ b/queue-4.18/acpica-aml-parser-skip-opcodes-that-open-a-scope-upon-parse-failure.patch @@ -0,0 +1,67 @@ +From 4a7c94c721074eafb27298d93dbcc339aa28e745 Mon Sep 17 00:00:00 2001 +From: Erik Schmauss +Date: Fri, 10 Aug 2018 14:42:58 -0700 +Subject: ACPICA: AML Parser: skip opcodes that open a scope upon parse failure + +From: Erik Schmauss + +commit 4a7c94c721074eafb27298d93dbcc339aa28e745 upstream. + +This change skips the entire length of opcodes that open a scope +(Device, Scope, Processor, etc) if the creation of the op fails. The +failure could be caused by various errors including AE_ALREADY_EXISTS +and AE_NOT_FOUND. + +Reported-by: Jeremy Linton +Tested-by: Jeremy Linton +Signed-off-by: Erik Schmauss +Cc: 4.17+ # 4.17+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/psloop.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +--- a/drivers/acpi/acpica/psloop.c ++++ b/drivers/acpi/acpica/psloop.c +@@ -22,6 +22,7 @@ + #include "acdispat.h" + #include "amlcode.h" + #include "acconvert.h" ++#include "acnamesp.h" + + #define _COMPONENT ACPI_PARSER + ACPI_MODULE_NAME("psloop") +@@ -527,12 +528,18 @@ acpi_status acpi_ps_parse_loop(struct ac + if (ACPI_FAILURE(status)) { + return_ACPI_STATUS(status); + } +- if (walk_state->opcode == AML_SCOPE_OP) { ++ if (acpi_ns_opens_scope ++ (acpi_ps_get_opcode_info ++ (walk_state->opcode)->object_type)) { + /* +- * If the scope op fails to parse, skip the body of the +- * scope op because the parse failure indicates that the +- * device may not exist. ++ * If the scope/device op fails to parse, skip the body of ++ * the scope op because the parse failure indicates that ++ * the device may not exist. + */ ++ ACPI_ERROR((AE_INFO, ++ "Skip parsing opcode %s", ++ acpi_ps_get_opcode_name ++ (walk_state->opcode))); + walk_state->parser_state.aml = + walk_state->aml + 1; + walk_state->parser_state.aml = +@@ -540,8 +547,6 @@ acpi_status acpi_ps_parse_loop(struct ac + (&walk_state->parser_state); + walk_state->aml = + walk_state->parser_state.aml; +- ACPI_ERROR((AE_INFO, +- "Skipping Scope block")); + } + + continue; diff --git a/queue-4.18/acpica-clear-status-of-all-events-when-entering-sleep-states.patch b/queue-4.18/acpica-clear-status-of-all-events-when-entering-sleep-states.patch new file mode 100644 index 00000000000..595e2a4fb35 --- /dev/null +++ b/queue-4.18/acpica-clear-status-of-all-events-when-entering-sleep-states.patch @@ -0,0 +1,54 @@ +From f317c7dc12b73eb9d67fdae404563deb907dcfb7 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Sun, 12 Aug 2018 12:50:09 +0200 +Subject: ACPICA: Clear status of all events when entering sleep states + +From: Rafael J. Wysocki + +commit f317c7dc12b73eb9d67fdae404563deb907dcfb7 upstream. + +Commit fa85015c0d95 (ACPICA: Clear status of all events when entering +S5) made the sleep state entry code in ACPICA clear the status of all +ACPI events when entering S5 to fix a functional regression reported +against commit 18996f2db918 (ACPICA: Events: Stop unconditionally +clearing ACPI IRQs during suspend/resume). However, it is reported +now that the regression also affects system states other than S5 on +some systems and causes them to wake up from sleep prematurely. + +For this reason, make the code in question clear the status of all +ACPI events when entering all sleep states (in addition to S5) to +avoid the premature wakeups (this may cause some wakeup events to +be missed in theory, but the likelihood of that is small and the +change here simply restores the previous behavior of the code). + +Fixes: 18996f2db918 (ACPICA: Events: Stop unconditionally clearing ACPI IRQs during suspend/resume) +Reported-by: Paul Menzel +Tested-by: Paul Menzel +Cc: 4.17+ # 4.17+: fa85015c0d95 ACPICA: Clear status ... +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/acpica/hwsleep.c | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +--- a/drivers/acpi/acpica/hwsleep.c ++++ b/drivers/acpi/acpica/hwsleep.c +@@ -56,14 +56,9 @@ acpi_status acpi_hw_legacy_sleep(u8 slee + if (ACPI_FAILURE(status)) { + return_ACPI_STATUS(status); + } +- /* +- * If the target sleep state is S5, clear all GPEs and fixed events too +- */ +- if (sleep_state == ACPI_STATE_S5) { +- status = acpi_hw_clear_acpi_status(); +- if (ACPI_FAILURE(status)) { +- return_ACPI_STATUS(status); +- } ++ status = acpi_hw_clear_acpi_status(); ++ if (ACPI_FAILURE(status)) { ++ return_ACPI_STATUS(status); + } + acpi_gbl_system_awake_and_running = FALSE; + diff --git a/queue-4.18/alsa-ac97-fix-check-of-pm_runtime_get_sync-failure.patch b/queue-4.18/alsa-ac97-fix-check-of-pm_runtime_get_sync-failure.patch new file mode 100644 index 00000000000..039d6120ae5 --- /dev/null +++ b/queue-4.18/alsa-ac97-fix-check-of-pm_runtime_get_sync-failure.patch @@ -0,0 +1,33 @@ +From d15ec0b482ff502e4e19e43d15aa5072e4290199 Mon Sep 17 00:00:00 2001 +From: Lihua Yao +Date: Wed, 15 Aug 2018 23:20:34 +0800 +Subject: ALSA: ac97: fix check of pm_runtime_get_sync failure + +From: Lihua Yao + +commit d15ec0b482ff502e4e19e43d15aa5072e4290199 upstream. + +pm_runtime_get_sync returns negative on failure. + +Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") +Signed-off-by: Lihua Yao +Acked-by: Robert Jarzmik +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/ac97/bus.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/ac97/bus.c ++++ b/sound/ac97/bus.c +@@ -503,7 +503,7 @@ static int ac97_bus_remove(struct device + int ret; + + ret = pm_runtime_get_sync(dev); +- if (ret) ++ if (ret < 0) + return ret; + + ret = adrv->remove(adev); diff --git a/queue-4.18/alsa-ac97-fix-device-initialization-in-the-compat-layer.patch b/queue-4.18/alsa-ac97-fix-device-initialization-in-the-compat-layer.patch new file mode 100644 index 00000000000..7e002d75dd0 --- /dev/null +++ b/queue-4.18/alsa-ac97-fix-device-initialization-in-the-compat-layer.patch @@ -0,0 +1,72 @@ +From c7b8170790c19293acd835dc50b8247ec207d4a3 Mon Sep 17 00:00:00 2001 +From: Lihua Yao +Date: Wed, 15 Aug 2018 20:59:46 +0800 +Subject: ALSA: ac97: fix device initialization in the compat layer + +From: Lihua Yao + +commit c7b8170790c19293acd835dc50b8247ec207d4a3 upstream. + +ac97->dev is an object of 'struct device' type. It should be initialized +via device_initialize() or device_register(). + +Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") +Signed-off-by: Lihua Yao +Tested-by: Robert Jarzmik +Acked-by: Robert Jarzmik +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/ac97/snd_ac97_compat.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +--- a/sound/ac97/snd_ac97_compat.c ++++ b/sound/ac97/snd_ac97_compat.c +@@ -15,6 +15,11 @@ + + #include "ac97_core.h" + ++static void compat_ac97_release(struct device *dev) ++{ ++ kfree(to_ac97_t(dev)); ++} ++ + static void compat_ac97_reset(struct snd_ac97 *ac97) + { + struct ac97_codec_device *adev = to_ac97_device(ac97->private_data); +@@ -65,21 +70,31 @@ static struct snd_ac97_bus compat_soc_ac + struct snd_ac97 *snd_ac97_compat_alloc(struct ac97_codec_device *adev) + { + struct snd_ac97 *ac97; ++ int ret; + + ac97 = kzalloc(sizeof(struct snd_ac97), GFP_KERNEL); + if (ac97 == NULL) + return ERR_PTR(-ENOMEM); + +- ac97->dev = adev->dev; + ac97->private_data = adev; + ac97->bus = &compat_soc_ac97_bus; ++ ++ ac97->dev.parent = &adev->dev; ++ ac97->dev.release = compat_ac97_release; ++ dev_set_name(&ac97->dev, "%s-compat", dev_name(&adev->dev)); ++ ret = device_register(&ac97->dev); ++ if (ret) { ++ put_device(&ac97->dev); ++ return ERR_PTR(ret); ++ } ++ + return ac97; + } + EXPORT_SYMBOL_GPL(snd_ac97_compat_alloc); + + void snd_ac97_compat_release(struct snd_ac97 *ac97) + { +- kfree(ac97); ++ device_unregister(&ac97->dev); + } + EXPORT_SYMBOL_GPL(snd_ac97_compat_release); + diff --git a/queue-4.18/alsa-ac97-fix-unbalanced-pm_runtime_enable.patch b/queue-4.18/alsa-ac97-fix-unbalanced-pm_runtime_enable.patch new file mode 100644 index 00000000000..42765621ffc --- /dev/null +++ b/queue-4.18/alsa-ac97-fix-unbalanced-pm_runtime_enable.patch @@ -0,0 +1,34 @@ +From 250ea7c5f56e350cdafebe6b87478b00db4f7af8 Mon Sep 17 00:00:00 2001 +From: Lihua Yao +Date: Wed, 15 Aug 2018 23:20:35 +0800 +Subject: ALSA: ac97: fix unbalanced pm_runtime_enable + +From: Lihua Yao + +commit 250ea7c5f56e350cdafebe6b87478b00db4f7af8 upstream. + +Runtime PM is enabled at ac97_bus_probe() and should be disabled +at ac97_bus_remove(). + +Fixes: 74426fbff66e ("ALSA: ac97: add an ac97 bus") +Signed-off-by: Lihua Yao +Acked-by: Robert Jarzmik +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/ac97/bus.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/ac97/bus.c ++++ b/sound/ac97/bus.c +@@ -511,6 +511,8 @@ static int ac97_bus_remove(struct device + if (ret == 0) + ac97_put_disable_clk(adev); + ++ pm_runtime_disable(dev); ++ + return ret; + } + diff --git a/queue-4.18/arm-dts-am57xx-idk-enable-dual-role-for-usb2-port.patch b/queue-4.18/arm-dts-am57xx-idk-enable-dual-role-for-usb2-port.patch new file mode 100644 index 00000000000..2e958a784f2 --- /dev/null +++ b/queue-4.18/arm-dts-am57xx-idk-enable-dual-role-for-usb2-port.patch @@ -0,0 +1,67 @@ +From 5f3cc16483d40bbc609a828511ff851296fc62b6 Mon Sep 17 00:00:00 2001 +From: Roger Quadros +Date: Tue, 29 May 2018 12:00:55 +0300 +Subject: ARM: dts: am57xx-idk: Enable dual role for USB2 port + +From: Roger Quadros + +commit 5f3cc16483d40bbc609a828511ff851296fc62b6 upstream. + +Dual-role support was added in v4.12. We should be using +it for USB2 port on the am57xx-idk. + +Cc: [4.16+] +Reported-by: Bin Liu +Signed-off-by: Roger Quadros +Signed-off-by: Tony Lindgren +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/am571x-idk.dts | 4 ---- + arch/arm/boot/dts/am572x-idk-common.dtsi | 4 ---- + arch/arm/boot/dts/am57xx-idk-common.dtsi | 7 ++++++- + 3 files changed, 6 insertions(+), 9 deletions(-) + +--- a/arch/arm/boot/dts/am571x-idk.dts ++++ b/arch/arm/boot/dts/am571x-idk.dts +@@ -66,10 +66,6 @@ + }; + }; + +-&omap_dwc3_2 { +- extcon = <&extcon_usb2>; +-}; +- + &extcon_usb2 { + id-gpio = <&gpio5 7 GPIO_ACTIVE_HIGH>; + vbus-gpio = <&gpio7 22 GPIO_ACTIVE_HIGH>; +--- a/arch/arm/boot/dts/am572x-idk-common.dtsi ++++ b/arch/arm/boot/dts/am572x-idk-common.dtsi +@@ -57,10 +57,6 @@ + }; + }; + +-&omap_dwc3_2 { +- extcon = <&extcon_usb2>; +-}; +- + &extcon_usb2 { + id-gpio = <&gpio3 16 GPIO_ACTIVE_HIGH>; + vbus-gpio = <&gpio3 26 GPIO_ACTIVE_HIGH>; +--- a/arch/arm/boot/dts/am57xx-idk-common.dtsi ++++ b/arch/arm/boot/dts/am57xx-idk-common.dtsi +@@ -395,8 +395,13 @@ + dr_mode = "host"; + }; + ++&omap_dwc3_2 { ++ extcon = <&extcon_usb2>; ++}; ++ + &usb2 { +- dr_mode = "peripheral"; ++ extcon = <&extcon_usb2>; ++ dr_mode = "otg"; + }; + + &mmc1 { diff --git a/queue-4.18/arm-tegra-fix-tegra30-cardhu-pca954x-reset.patch b/queue-4.18/arm-tegra-fix-tegra30-cardhu-pca954x-reset.patch new file mode 100644 index 00000000000..e64a973576d --- /dev/null +++ b/queue-4.18/arm-tegra-fix-tegra30-cardhu-pca954x-reset.patch @@ -0,0 +1,44 @@ +From 6e1811900b6fe6f2b4665dba6bd6ed32c6b98575 Mon Sep 17 00:00:00 2001 +From: Jon Hunter +Date: Tue, 3 Jul 2018 09:59:47 +0100 +Subject: ARM: tegra: Fix Tegra30 Cardhu PCA954x reset + +From: Jon Hunter + +commit 6e1811900b6fe6f2b4665dba6bd6ed32c6b98575 upstream. + +On all versions of Tegra30 Cardhu, the reset signal to the NXP PCA9546 +I2C mux is connected to the Tegra GPIO BB0. Currently, this pin on the +Tegra is not configured as a GPIO but as a special-function IO (SFIO) +that is multiplexing the pin to an I2S controller. On exiting system +suspend, I2C commands sent to the PCA9546 are failing because there is +no ACK. Although it is not possible to see exactly what is happening +to the reset during suspend, by ensuring it is configured as a GPIO +and driven high, to de-assert the reset, the failures are no longer +seen. + +Please note that this GPIO is also used to drive the reset signal +going to the camera connector on the board. However, given that there +is no camera support currently for Cardhu, this should not have any +impact. + +Fixes: 40431d16ff11 ("ARM: tegra: enable PCA9546 on Cardhu") +Cc: stable@vger.kernel.org +Signed-off-by: Jon Hunter +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/boot/dts/tegra30-cardhu.dtsi | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm/boot/dts/tegra30-cardhu.dtsi ++++ b/arch/arm/boot/dts/tegra30-cardhu.dtsi +@@ -206,6 +206,7 @@ + #address-cells = <1>; + #size-cells = <0>; + reg = <0x70>; ++ reset-gpio = <&gpio TEGRA_GPIO(BB, 0) GPIO_ACTIVE_LOW>; + }; + }; + diff --git a/queue-4.18/block-bfq-return-nbytes-and-not-zero-from-struct-cftype-.write-method.patch b/queue-4.18/block-bfq-return-nbytes-and-not-zero-from-struct-cftype-.write-method.patch new file mode 100644 index 00000000000..4f439be9907 --- /dev/null +++ b/queue-4.18/block-bfq-return-nbytes-and-not-zero-from-struct-cftype-.write-method.patch @@ -0,0 +1,38 @@ +From fc8ebd01deeb12728c83381f6ec923e4a192ffd3 Mon Sep 17 00:00:00 2001 +From: "Maciej S. Szmigiero" +Date: Wed, 15 Aug 2018 23:56:45 +0200 +Subject: block, bfq: return nbytes and not zero from struct cftype .write() method + +From: Maciej S. Szmigiero + +commit fc8ebd01deeb12728c83381f6ec923e4a192ffd3 upstream. + +The value that struct cftype .write() method returns is then directly +returned to userspace as the value returned by write() syscall, so it +should be the number of bytes actually written (or consumed) and not zero. + +Returning zero from write() syscall makes programs like /bin/echo or bash +spin. + +Signed-off-by: Maciej S. Szmigiero +Fixes: e21b7a0b9887 ("block, bfq: add full hierarchical scheduling and cgroups support") +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + block/bfq-cgroup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/block/bfq-cgroup.c ++++ b/block/bfq-cgroup.c +@@ -913,7 +913,8 @@ static ssize_t bfq_io_set_weight(struct + if (ret) + return ret; + +- return bfq_io_set_weight_legacy(of_css(of), NULL, weight); ++ ret = bfq_io_set_weight_legacy(of_css(of), NULL, weight); ++ return ret ?: nbytes; + } + + #ifdef CONFIG_DEBUG_BLK_CGROUP diff --git a/queue-4.18/cpufreq-governor-avoid-accessing-invalid-governor_data.patch b/queue-4.18/cpufreq-governor-avoid-accessing-invalid-governor_data.patch new file mode 100644 index 00000000000..06398582c06 --- /dev/null +++ b/queue-4.18/cpufreq-governor-avoid-accessing-invalid-governor_data.patch @@ -0,0 +1,53 @@ +From 2a3eb51e30b9ac66fe1b75877627a7e4aaeca24a Mon Sep 17 00:00:00 2001 +From: Henry Willard +Date: Tue, 14 Aug 2018 17:01:02 -0700 +Subject: cpufreq: governor: Avoid accessing invalid governor_data + +From: Henry Willard + +commit 2a3eb51e30b9ac66fe1b75877627a7e4aaeca24a upstream. + +If cppc_cpufreq.ko is deleted at the same time that tuned-adm is +changing profiles, there is a small chance that a race can occur +between cpufreq_dbs_governor_exit() and cpufreq_dbs_governor_limits() +resulting in a system failure when the latter tries to use +policy->governor_data that has been freed by the former. + +This patch uses gov_dbs_data_mutex to synchronize access. + +Fixes: e788892ba3cc (cpufreq: governor: Get rid of governor events) +Signed-off-by: Henry Willard +[ rjw: Subject, minor white space adjustment ] +Cc: 4.8+ # 4.8+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpufreq/cpufreq_governor.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/drivers/cpufreq/cpufreq_governor.c ++++ b/drivers/cpufreq/cpufreq_governor.c +@@ -555,12 +555,20 @@ EXPORT_SYMBOL_GPL(cpufreq_dbs_governor_s + + void cpufreq_dbs_governor_limits(struct cpufreq_policy *policy) + { +- struct policy_dbs_info *policy_dbs = policy->governor_data; ++ struct policy_dbs_info *policy_dbs; ++ ++ /* Protect gov->gdbs_data against cpufreq_dbs_governor_exit() */ ++ mutex_lock(&gov_dbs_data_mutex); ++ policy_dbs = policy->governor_data; ++ if (!policy_dbs) ++ goto out; + + mutex_lock(&policy_dbs->update_mutex); + cpufreq_policy_apply_limits(policy); + gov_update_sample_delay(policy_dbs, 0); +- + mutex_unlock(&policy_dbs->update_mutex); ++ ++out: ++ mutex_unlock(&gov_dbs_data_mutex); + } + EXPORT_SYMBOL_GPL(cpufreq_dbs_governor_limits); diff --git a/queue-4.18/cpuidle-menu-handle-stopped-tick-more-aggressively.patch b/queue-4.18/cpuidle-menu-handle-stopped-tick-more-aggressively.patch new file mode 100644 index 00000000000..179c9c30b87 --- /dev/null +++ b/queue-4.18/cpuidle-menu-handle-stopped-tick-more-aggressively.patch @@ -0,0 +1,118 @@ +From 5ef499cd571c293b74a30d77e7ef512edb6ded6b Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Tue, 14 Aug 2018 12:34:40 +0200 +Subject: cpuidle: menu: Handle stopped tick more aggressively + +From: Rafael J. Wysocki + +commit 5ef499cd571c293b74a30d77e7ef512edb6ded6b upstream. + +Commit 87c9fe6ee495 (cpuidle: menu: Avoid selecting shallow states +with stopped tick) missed the case when the target residencies of +deep idle states of CPUs are above the tick boundary which may cause +the CPU to get stuck in a shallow idle state for a long time. + +Say there are two CPU idle states available: one shallow, with the +target residency much below the tick boundary and one deep, with +the target residency significantly above the tick boundary. In +that case, if the tick has been stopped already and the expected +next timer event is relatively far in the future, the governor will +assume the idle duration to be equal to TICK_USEC and it will select +the idle state for the CPU accordingly. However, that will cause the +shallow state to be selected even though it would have been more +energy-efficient to select the deep one. + +To address this issue, modify the governor to always use the time +till the closest timer event instead of the predicted idle duration +if the latter is less than the tick period length and the tick has +been stopped already. Also make it extend the search for a matching +idle state if the tick is stopped to avoid settling on a shallow +state if deep states with target residencies above the tick period +length are available. + +In addition, make it always indicate that the tick should be stopped +if it has been stopped already for consistency. + +Fixes: 87c9fe6ee495 (cpuidle: menu: Avoid selecting shallow states with stopped tick) +Reported-by: Leo Yan +Acked-by: Peter Zijlstra (Intel) +Cc: 4.17+ # 4.17+ +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/cpuidle/governors/menu.c | 36 ++++++++++++++++++++++++------------ + 1 file changed, 24 insertions(+), 12 deletions(-) + +--- a/drivers/cpuidle/governors/menu.c ++++ b/drivers/cpuidle/governors/menu.c +@@ -349,14 +349,12 @@ static int menu_select(struct cpuidle_dr + * If the tick is already stopped, the cost of possible short + * idle duration misprediction is much higher, because the CPU + * may be stuck in a shallow idle state for a long time as a +- * result of it. In that case say we might mispredict and try +- * to force the CPU into a state for which we would have stopped +- * the tick, unless a timer is going to expire really soon +- * anyway. ++ * result of it. In that case say we might mispredict and use ++ * the known time till the closest timer event for the idle ++ * state selection. + */ + if (data->predicted_us < TICK_USEC) +- data->predicted_us = min_t(unsigned int, TICK_USEC, +- ktime_to_us(delta_next)); ++ data->predicted_us = ktime_to_us(delta_next); + } else { + /* + * Use the performance multiplier and the user-configurable +@@ -381,8 +379,22 @@ static int menu_select(struct cpuidle_dr + continue; + if (idx == -1) + idx = i; /* first enabled state */ +- if (s->target_residency > data->predicted_us) +- break; ++ if (s->target_residency > data->predicted_us) { ++ if (!tick_nohz_tick_stopped()) ++ break; ++ ++ /* ++ * If the state selected so far is shallow and this ++ * state's target residency matches the time till the ++ * closest timer event, select this one to avoid getting ++ * stuck in the shallow one for too long. ++ */ ++ if (drv->states[idx].target_residency < TICK_USEC && ++ s->target_residency <= ktime_to_us(delta_next)) ++ idx = i; ++ ++ goto out; ++ } + if (s->exit_latency > latency_req) { + /* + * If we break out of the loop for latency reasons, use +@@ -403,14 +415,13 @@ static int menu_select(struct cpuidle_dr + * Don't stop the tick if the selected state is a polling one or if the + * expected idle duration is shorter than the tick period length. + */ +- if ((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) || +- expected_interval < TICK_USEC) { ++ if (((drv->states[idx].flags & CPUIDLE_FLAG_POLLING) || ++ expected_interval < TICK_USEC) && !tick_nohz_tick_stopped()) { + unsigned int delta_next_us = ktime_to_us(delta_next); + + *stop_tick = false; + +- if (!tick_nohz_tick_stopped() && idx > 0 && +- drv->states[idx].target_residency > delta_next_us) { ++ if (idx > 0 && drv->states[idx].target_residency > delta_next_us) { + /* + * The tick is not going to be stopped and the target + * residency of the state to be returned is not within +@@ -429,6 +440,7 @@ static int menu_select(struct cpuidle_dr + } + } + ++out: + data->last_state_idx = idx; + + return data->last_state_idx; diff --git a/queue-4.18/drivers-block-zram-zram_drv.c-fix-bug-storing-backing_dev.patch b/queue-4.18/drivers-block-zram-zram_drv.c-fix-bug-storing-backing_dev.patch new file mode 100644 index 00000000000..dd0f53edb8e --- /dev/null +++ b/queue-4.18/drivers-block-zram-zram_drv.c-fix-bug-storing-backing_dev.patch @@ -0,0 +1,58 @@ +From c8bd134a4bddafe5917d163eea73873932c15e83 Mon Sep 17 00:00:00 2001 +From: Peter Kalauskas +Date: Tue, 21 Aug 2018 21:54:02 -0700 +Subject: drivers/block/zram/zram_drv.c: fix bug storing backing_dev + +From: Peter Kalauskas + +commit c8bd134a4bddafe5917d163eea73873932c15e83 upstream. + +The call to strlcpy in backing_dev_store is incorrect. It should take +the size of the destination buffer instead of the size of the source +buffer. Additionally, ignore the newline character (\n) when reading +the new file_name buffer. This makes it possible to set the backing_dev +as follows: + + echo /dev/sdX > /sys/block/zram0/backing_dev + +The reason it worked before was the fact that strlcpy() copies 'len - 1' +bytes, which is strlen(buf) - 1 in our case, so it accidentally didn't +copy the trailing new line symbol. Which also means that "echo -n +/dev/sdX" most likely was broken. + +Signed-off-by: Peter Kalauskas +Link: http://lkml.kernel.org/r/20180813061623.GC64836@rodete-desktop-imager.corp.google.com +Acked-by: Minchan Kim +Reviewed-by: Sergey Senozhatsky +Cc: [4.14+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/zram/zram_drv.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -337,6 +337,7 @@ static ssize_t backing_dev_store(struct + struct device_attribute *attr, const char *buf, size_t len) + { + char *file_name; ++ size_t sz; + struct file *backing_dev = NULL; + struct inode *inode; + struct address_space *mapping; +@@ -357,7 +358,11 @@ static ssize_t backing_dev_store(struct + goto out; + } + +- strlcpy(file_name, buf, len); ++ strlcpy(file_name, buf, PATH_MAX); ++ /* ignore trailing newline */ ++ sz = strlen(file_name); ++ if (sz > 0 && file_name[sz - 1] == '\n') ++ file_name[sz - 1] = 0x00; + + backing_dev = filp_open(file_name, O_RDWR|O_LARGEFILE, 0); + if (IS_ERR(backing_dev)) { diff --git a/queue-4.18/i2c-designware-re-init-controllers-with-pm_disabled-set-on-resume.patch b/queue-4.18/i2c-designware-re-init-controllers-with-pm_disabled-set-on-resume.patch new file mode 100644 index 00000000000..d3b80e25bb3 --- /dev/null +++ b/queue-4.18/i2c-designware-re-init-controllers-with-pm_disabled-set-on-resume.patch @@ -0,0 +1,116 @@ +From 9d9a152ebaa86a9dede4624919566483c955d0a7 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 29 Aug 2018 15:06:31 +0200 +Subject: i2c: designware: Re-init controllers with pm_disabled set on resume + +From: Hans de Goede + +commit 9d9a152ebaa86a9dede4624919566483c955d0a7 upstream. + +On Bay Trail and Cherry Trail devices we set the pm_disabled flag for I2C +busses which the OS shares with the PUNIT as these need special handling. +Until now we called dev_pm_syscore_device(dev, true) for I2C controllers +with this flag set to keep these I2C controllers always on. + +After commit 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and +resume from hibernation"), this no longer works. This commit modifies +lpss_iosf_exit_d3_state() to only run if lpss_iosf_enter_d3_state() has ran +before it, so that it does not run on a resume from hibernate (or from S3). + +On these systems the conditions for lpss_iosf_enter_d3_state() to run +never become true, so lpss_iosf_exit_d3_state() never gets called and +the 2 LPSS DMA controllers never get forced into D0 mode, instead they +are left in their default automatic power-on when needed mode. + +The not forcing of D0 mode for the DMA controllers enables these systems +to properly enter S0ix modes, which is a good thing. + +But after entering S0ix modes the I2C controller connected to the PMIC +no longer works, leading to e.g. broken battery monitoring. + +The _PS3 method for this I2C controller looks like this: + + Method (_PS3, 0, NotSerialized) // _PS3: Power State 3 + { + If ((((PMID == 0x04) || (PMID == 0x05)) || (PMID == 0x06))) + { + Return (Zero) + } + + PSAT |= 0x03 + Local0 = PSAT /* \_SB_.I2C5.PSAT */ + } + +Where PMID = 0x05, so we enter the Return (Zero) path on these systems. + +So even if we were to not call dev_pm_syscore_device(dev, true) the +I2C controller will be left in D0 rather then be switched to D3. + +Yet on other Bay and Cherry Trail devices S0ix is not entered unless *all* +I2C controllers are in D3 mode. This combined with the I2C controller no +longer working now that we reach S0ix states on these systems leads to me +believing that the PUNIT itself puts the I2C controller in D3 when all +other conditions for entering S0ix states are true. + +Since now the I2C controller is put in D3 over a suspend/resume we must +re-initialize it afterwards and that does indeed fix it no longer working. + +This commit implements this fix by: + +1) Making the suspend_late callback a no-op if pm_disabled is set and +making the resume_early callback skip the clock re-enable (since it now was +not disabled) while still doing the necessary I2C controller re-init. + +2) Removing the dev_pm_syscore_device(dev, true) call, so that the suspend +and resume callbacks are actually called. Normally this would cause the +ACPI pm code to call _PS3 putting the I2C controller in D3, wreaking havoc +since it is shared with the PUNIT, but in this special case the _PS3 method +is a no-op so we can safely allow a "fake" suspend / resume. + +Fixes: 12864ff8545f ("ACPI / LPSS: Avoid PM quirks on suspend and resume ...") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=200861 +Cc: 4.15+ # 4.15+ +Signed-off-by: Hans de Goede +Reviewed-by: Andy Shevchenko +Acked-by: Jarkko Nikula +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/i2c/busses/i2c-designware-master.c | 1 - + drivers/i2c/busses/i2c-designware-platdrv.c | 7 ++++++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/i2c/busses/i2c-designware-master.c ++++ b/drivers/i2c/busses/i2c-designware-master.c +@@ -693,7 +693,6 @@ int i2c_dw_probe(struct dw_i2c_dev *dev) + i2c_set_adapdata(adap, dev); + + if (dev->pm_disabled) { +- dev_pm_syscore_device(dev->dev, true); + irq_flags = IRQF_NO_SUSPEND; + } else { + irq_flags = IRQF_SHARED | IRQF_COND_SUSPEND; +--- a/drivers/i2c/busses/i2c-designware-platdrv.c ++++ b/drivers/i2c/busses/i2c-designware-platdrv.c +@@ -448,6 +448,9 @@ static int dw_i2c_plat_suspend(struct de + { + struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); + ++ if (i_dev->pm_disabled) ++ return 0; ++ + i_dev->disable(i_dev); + i2c_dw_prepare_clk(i_dev, false); + +@@ -458,7 +461,9 @@ static int dw_i2c_plat_resume(struct dev + { + struct dw_i2c_dev *i_dev = dev_get_drvdata(dev); + +- i2c_dw_prepare_clk(i_dev, true); ++ if (!i_dev->pm_disabled) ++ i2c_dw_prepare_clk(i_dev, true); ++ + i_dev->init(i_dev); + + return 0; diff --git a/queue-4.18/kvm-ppc-book3s-fix-guest-dma-when-guest-partially-backed-by-thp-pages.patch b/queue-4.18/kvm-ppc-book3s-fix-guest-dma-when-guest-partially-backed-by-thp-pages.patch new file mode 100644 index 00000000000..739cf5284e3 --- /dev/null +++ b/queue-4.18/kvm-ppc-book3s-fix-guest-dma-when-guest-partially-backed-by-thp-pages.patch @@ -0,0 +1,118 @@ +From 8cfbdbdc24815417a3ab35101ccf706b9a23ff17 Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Thu, 23 Aug 2018 10:08:58 +1000 +Subject: KVM: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages + +From: Paul Mackerras + +commit 8cfbdbdc24815417a3ab35101ccf706b9a23ff17 upstream. + +Commit 76fa4975f3ed ("KVM: PPC: Check if IOMMU page is contained in +the pinned physical page", 2018-07-17) added some checks to ensure +that guest DMA mappings don't attempt to map more than the guest is +entitled to access. However, errors in the logic mean that legitimate +guest requests to map pages for DMA are being denied in some +situations. Specifically, if the first page of the range passed to +mm_iommu_get() is mapped with a normal page, and subsequent pages are +mapped with transparent huge pages, we end up with mem->pageshift == +0. That means that the page size checks in mm_iommu_ua_to_hpa() and +mm_iommu_up_to_hpa_rm() will always fail for every page in that +region, and thus the guest can never map any memory in that region for +DMA, typically leading to a flood of error messages like this: + + qemu-system-ppc64: VFIO_MAP_DMA: -22 + qemu-system-ppc64: vfio_dma_map(0x10005f47780, 0x800000000000000, 0x10000, 0x7fff63ff0000) = -22 (Invalid argument) + +The logic errors in mm_iommu_get() are: + + (a) use of 'ua' not 'ua + (i << PAGE_SHIFT)' in the find_linux_pte() + call (meaning that find_linux_pte() returns the pte for the + first address in the range, not the address we are currently up + to); + (b) use of 'pageshift' as the variable to receive the hugepage shift + returned by find_linux_pte() - for a normal page this gets set + to 0, leading to us setting mem->pageshift to 0 when we conclude + that the pte returned by find_linux_pte() didn't match the page + we were looking at; + (c) comparing 'compshift', which is a page order, i.e. log base 2 of + the number of pages, with 'pageshift', which is a log base 2 of + the number of bytes. + +To fix these problems, this patch introduces 'cur_ua' to hold the +current user address and uses that in the find_linux_pte() call; +introduces 'pteshift' to hold the hugepage shift found by +find_linux_pte(); and compares 'pteshift' with 'compshift + +PAGE_SHIFT' rather than 'compshift'. + +The patch also moves the local_irq_restore to the point after the PTE +pointer returned by find_linux_pte() has been dereferenced because +otherwise the PTE could change underneath us, and adds a check to +avoid doing the find_linux_pte() call once mem->pageshift has been +reduced to PAGE_SHIFT, as an optimization. + +Fixes: 76fa4975f3ed ("KVM: PPC: Check if IOMMU page is contained in the pinned physical page") +Cc: stable@vger.kernel.org # v4.12+ +Signed-off-by: Paul Mackerras +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/mm/mmu_context_iommu.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/arch/powerpc/mm/mmu_context_iommu.c ++++ b/arch/powerpc/mm/mmu_context_iommu.c +@@ -129,6 +129,7 @@ long mm_iommu_get(struct mm_struct *mm, + long i, j, ret = 0, locked_entries = 0; + unsigned int pageshift; + unsigned long flags; ++ unsigned long cur_ua; + struct page *page = NULL; + + mutex_lock(&mem_list_mutex); +@@ -177,7 +178,8 @@ long mm_iommu_get(struct mm_struct *mm, + } + + for (i = 0; i < entries; ++i) { +- if (1 != get_user_pages_fast(ua + (i << PAGE_SHIFT), ++ cur_ua = ua + (i << PAGE_SHIFT); ++ if (1 != get_user_pages_fast(cur_ua, + 1/* pages */, 1/* iswrite */, &page)) { + ret = -EFAULT; + for (j = 0; j < i; ++j) +@@ -196,7 +198,7 @@ long mm_iommu_get(struct mm_struct *mm, + if (is_migrate_cma_page(page)) { + if (mm_iommu_move_page_from_cma(page)) + goto populate; +- if (1 != get_user_pages_fast(ua + (i << PAGE_SHIFT), ++ if (1 != get_user_pages_fast(cur_ua, + 1/* pages */, 1/* iswrite */, + &page)) { + ret = -EFAULT; +@@ -210,20 +212,21 @@ long mm_iommu_get(struct mm_struct *mm, + } + populate: + pageshift = PAGE_SHIFT; +- if (PageCompound(page)) { ++ if (mem->pageshift > PAGE_SHIFT && PageCompound(page)) { + pte_t *pte; + struct page *head = compound_head(page); + unsigned int compshift = compound_order(head); ++ unsigned int pteshift; + + local_irq_save(flags); /* disables as well */ +- pte = find_linux_pte(mm->pgd, ua, NULL, &pageshift); +- local_irq_restore(flags); ++ pte = find_linux_pte(mm->pgd, cur_ua, NULL, &pteshift); + + /* Double check it is still the same pinned page */ + if (pte && pte_page(*pte) == head && +- pageshift == compshift) +- pageshift = max_t(unsigned int, pageshift, ++ pteshift == compshift + PAGE_SHIFT) ++ pageshift = max_t(unsigned int, pteshift, + PAGE_SHIFT); ++ local_irq_restore(flags); + } + mem->pageshift = min(mem->pageshift, pageshift); + mem->hpas[i] = page_to_pfn(page) << PAGE_SHIFT; diff --git a/queue-4.18/kvm-vmx-fixes-for-vmentry_l1d_flush-module-parameter.patch b/queue-4.18/kvm-vmx-fixes-for-vmentry_l1d_flush-module-parameter.patch new file mode 100644 index 00000000000..65041acee10 --- /dev/null +++ b/queue-4.18/kvm-vmx-fixes-for-vmentry_l1d_flush-module-parameter.patch @@ -0,0 +1,94 @@ +From 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 22 Aug 2018 16:43:39 +0200 +Subject: KVM: VMX: fixes for vmentry_l1d_flush module parameter + +From: Paolo Bonzini + +commit 0027ff2a75f9dcf0537ac0a65c5840b0e21a4950 upstream. + +Two bug fixes: + +1) missing entries in the l1d_param array; this can cause a host crash +if an access attempts to reach the missing entry. Future-proof the get +function against any overflows as well. However, the two entries +VMENTER_L1D_FLUSH_EPT_DISABLED and VMENTER_L1D_FLUSH_NOT_REQUIRED must +not be accepted by the parse function, so disable them there. + +2) invalid values must be rejected even if the CPU does not have the +bug, so test for them before checking boot_cpu_has(X86_BUG_L1TF) + +... and a small refactoring, since the .cmd field is redundant with +the index in the array. + +Reported-by: Bandan Das +Cc: stable@vger.kernel.org +Fixes: a7b9020b06ec6d7c3f3b0d4ef1a9eba12654f4f7 +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kvm/vmx.c | 26 ++++++++++++++++---------- + 1 file changed, 16 insertions(+), 10 deletions(-) + +--- a/arch/x86/kvm/vmx.c ++++ b/arch/x86/kvm/vmx.c +@@ -197,12 +197,14 @@ static enum vmx_l1d_flush_state __read_m + + static const struct { + const char *option; +- enum vmx_l1d_flush_state cmd; ++ bool for_parse; + } vmentry_l1d_param[] = { +- {"auto", VMENTER_L1D_FLUSH_AUTO}, +- {"never", VMENTER_L1D_FLUSH_NEVER}, +- {"cond", VMENTER_L1D_FLUSH_COND}, +- {"always", VMENTER_L1D_FLUSH_ALWAYS}, ++ [VMENTER_L1D_FLUSH_AUTO] = {"auto", true}, ++ [VMENTER_L1D_FLUSH_NEVER] = {"never", true}, ++ [VMENTER_L1D_FLUSH_COND] = {"cond", true}, ++ [VMENTER_L1D_FLUSH_ALWAYS] = {"always", true}, ++ [VMENTER_L1D_FLUSH_EPT_DISABLED] = {"EPT disabled", false}, ++ [VMENTER_L1D_FLUSH_NOT_REQUIRED] = {"not required", false}, + }; + + #define L1D_CACHE_ORDER 4 +@@ -286,8 +288,9 @@ static int vmentry_l1d_flush_parse(const + + if (s) { + for (i = 0; i < ARRAY_SIZE(vmentry_l1d_param); i++) { +- if (sysfs_streq(s, vmentry_l1d_param[i].option)) +- return vmentry_l1d_param[i].cmd; ++ if (vmentry_l1d_param[i].for_parse && ++ sysfs_streq(s, vmentry_l1d_param[i].option)) ++ return i; + } + } + return -EINVAL; +@@ -297,13 +300,13 @@ static int vmentry_l1d_flush_set(const c + { + int l1tf, ret; + +- if (!boot_cpu_has(X86_BUG_L1TF)) +- return 0; +- + l1tf = vmentry_l1d_flush_parse(s); + if (l1tf < 0) + return l1tf; + ++ if (!boot_cpu_has(X86_BUG_L1TF)) ++ return 0; ++ + /* + * Has vmx_init() run already? If not then this is the pre init + * parameter parsing. In that case just store the value and let +@@ -323,6 +326,9 @@ static int vmentry_l1d_flush_set(const c + + static int vmentry_l1d_flush_get(char *s, const struct kernel_param *kp) + { ++ if (WARN_ON_ONCE(l1tf_vmx_mitigation >= ARRAY_SIZE(vmentry_l1d_param))) ++ return sprintf(s, "???\n"); ++ + return sprintf(s, "%s\n", vmentry_l1d_param[l1tf_vmx_mitigation].option); + } + diff --git a/queue-4.18/nfsd-fix-leaked-file-lock-with-nfs-exported-overlayfs.patch b/queue-4.18/nfsd-fix-leaked-file-lock-with-nfs-exported-overlayfs.patch new file mode 100644 index 00000000000..ba7ffe955c8 --- /dev/null +++ b/queue-4.18/nfsd-fix-leaked-file-lock-with-nfs-exported-overlayfs.patch @@ -0,0 +1,160 @@ +From 64bed6cbe38bc95689fb9399872d9ce250192f90 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Fri, 13 Jul 2018 17:22:24 +0300 +Subject: nfsd: fix leaked file lock with nfs exported overlayfs + +From: Amir Goldstein + +commit 64bed6cbe38bc95689fb9399872d9ce250192f90 upstream. + +nfsd and lockd call vfs_lock_file() to lock/unlock the inode +returned by locks_inode(file). + +Many places in nfsd/lockd code use the inode returned by +file_inode(file) for lock manipulation. With Overlayfs, file_inode() +(the underlying inode) is not the same object as locks_inode() (the +overlay inode). This can result in "Leaked POSIX lock" messages +and eventually to a kernel crash as reported by Eddie Horng: +https://marc.info/?l=linux-unionfs&m=153086643202072&w=2 + +Fix all the call sites in nfsd/lockd that should use locks_inode(). +This is a correctness bug that manifested when overlayfs gained +NFS export support in v4.16. + +Reported-by: Eddie Horng +Tested-by: Eddie Horng +Cc: Jeff Layton +Fixes: 8383f1748829 ("ovl: wire up NFS export operations") +Cc: stable@vger.kernel.org +Signed-off-by: Amir Goldstein +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/lockd/clntlock.c | 2 +- + fs/lockd/clntproc.c | 2 +- + fs/lockd/svclock.c | 16 ++++++++-------- + fs/lockd/svcsubs.c | 4 ++-- + fs/nfsd/nfs4state.c | 2 +- + include/linux/lockd/lockd.h | 4 ++-- + 6 files changed, 15 insertions(+), 15 deletions(-) + +--- a/fs/lockd/clntlock.c ++++ b/fs/lockd/clntlock.c +@@ -187,7 +187,7 @@ __be32 nlmclnt_grant(const struct sockad + continue; + if (!rpc_cmp_addr(nlm_addr(block->b_host), addr)) + continue; +- if (nfs_compare_fh(NFS_FH(file_inode(fl_blocked->fl_file)) ,fh) != 0) ++ if (nfs_compare_fh(NFS_FH(locks_inode(fl_blocked->fl_file)), fh) != 0) + continue; + /* Alright, we found a lock. Set the return status + * and wake up the caller +--- a/fs/lockd/clntproc.c ++++ b/fs/lockd/clntproc.c +@@ -128,7 +128,7 @@ static void nlmclnt_setlockargs(struct n + char *nodename = req->a_host->h_rpcclnt->cl_nodename; + + nlmclnt_next_cookie(&argp->cookie); +- memcpy(&lock->fh, NFS_FH(file_inode(fl->fl_file)), sizeof(struct nfs_fh)); ++ memcpy(&lock->fh, NFS_FH(locks_inode(fl->fl_file)), sizeof(struct nfs_fh)); + lock->caller = nodename; + lock->oh.data = req->a_owner; + lock->oh.len = snprintf(req->a_owner, sizeof(req->a_owner), "%u@%s", +--- a/fs/lockd/svclock.c ++++ b/fs/lockd/svclock.c +@@ -405,8 +405,8 @@ nlmsvc_lock(struct svc_rqst *rqstp, stru + __be32 ret; + + dprintk("lockd: nlmsvc_lock(%s/%ld, ty=%d, pi=%d, %Ld-%Ld, bl=%d)\n", +- file_inode(file->f_file)->i_sb->s_id, +- file_inode(file->f_file)->i_ino, ++ locks_inode(file->f_file)->i_sb->s_id, ++ locks_inode(file->f_file)->i_ino, + lock->fl.fl_type, lock->fl.fl_pid, + (long long)lock->fl.fl_start, + (long long)lock->fl.fl_end, +@@ -511,8 +511,8 @@ nlmsvc_testlock(struct svc_rqst *rqstp, + __be32 ret; + + dprintk("lockd: nlmsvc_testlock(%s/%ld, ty=%d, %Ld-%Ld)\n", +- file_inode(file->f_file)->i_sb->s_id, +- file_inode(file->f_file)->i_ino, ++ locks_inode(file->f_file)->i_sb->s_id, ++ locks_inode(file->f_file)->i_ino, + lock->fl.fl_type, + (long long)lock->fl.fl_start, + (long long)lock->fl.fl_end); +@@ -566,8 +566,8 @@ nlmsvc_unlock(struct net *net, struct nl + int error; + + dprintk("lockd: nlmsvc_unlock(%s/%ld, pi=%d, %Ld-%Ld)\n", +- file_inode(file->f_file)->i_sb->s_id, +- file_inode(file->f_file)->i_ino, ++ locks_inode(file->f_file)->i_sb->s_id, ++ locks_inode(file->f_file)->i_ino, + lock->fl.fl_pid, + (long long)lock->fl.fl_start, + (long long)lock->fl.fl_end); +@@ -595,8 +595,8 @@ nlmsvc_cancel_blocked(struct net *net, s + int status = 0; + + dprintk("lockd: nlmsvc_cancel(%s/%ld, pi=%d, %Ld-%Ld)\n", +- file_inode(file->f_file)->i_sb->s_id, +- file_inode(file->f_file)->i_ino, ++ locks_inode(file->f_file)->i_sb->s_id, ++ locks_inode(file->f_file)->i_ino, + lock->fl.fl_pid, + (long long)lock->fl.fl_start, + (long long)lock->fl.fl_end); +--- a/fs/lockd/svcsubs.c ++++ b/fs/lockd/svcsubs.c +@@ -44,7 +44,7 @@ static inline void nlm_debug_print_fh(ch + + static inline void nlm_debug_print_file(char *msg, struct nlm_file *file) + { +- struct inode *inode = file_inode(file->f_file); ++ struct inode *inode = locks_inode(file->f_file); + + dprintk("lockd: %s %s/%ld\n", + msg, inode->i_sb->s_id, inode->i_ino); +@@ -414,7 +414,7 @@ nlmsvc_match_sb(void *datap, struct nlm_ + { + struct super_block *sb = datap; + +- return sb == file_inode(file->f_file)->i_sb; ++ return sb == locks_inode(file->f_file)->i_sb; + } + + /** +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -6293,7 +6293,7 @@ check_for_locks(struct nfs4_file *fp, st + return status; + } + +- inode = file_inode(filp); ++ inode = locks_inode(filp); + flctx = inode->i_flctx; + + if (flctx && !list_empty_careful(&flctx->flc_posix)) { +--- a/include/linux/lockd/lockd.h ++++ b/include/linux/lockd/lockd.h +@@ -299,7 +299,7 @@ int nlmsvc_unlock_all_by_ip(st + + static inline struct inode *nlmsvc_file_inode(struct nlm_file *file) + { +- return file_inode(file->f_file); ++ return locks_inode(file->f_file); + } + + static inline int __nlm_privileged_request4(const struct sockaddr *sap) +@@ -359,7 +359,7 @@ static inline int nlm_privileged_request + static inline int nlm_compare_locks(const struct file_lock *fl1, + const struct file_lock *fl2) + { +- return file_inode(fl1->fl_file) == file_inode(fl2->fl_file) ++ return locks_inode(fl1->fl_file) == locks_inode(fl2->fl_file) + && fl1->fl_pid == fl2->fl_pid + && fl1->fl_owner == fl2->fl_owner + && fl1->fl_start == fl2->fl_start diff --git a/queue-4.18/nfsv4-client-live-hangs-after-live-data-migration-recovery.patch b/queue-4.18/nfsv4-client-live-hangs-after-live-data-migration-recovery.patch new file mode 100644 index 00000000000..52920fbd0e8 --- /dev/null +++ b/queue-4.18/nfsv4-client-live-hangs-after-live-data-migration-recovery.patch @@ -0,0 +1,129 @@ +From 0f90be132cbf1537d87a6a8b9e80867adac892f6 Mon Sep 17 00:00:00 2001 +From: Bill Baker +Date: Tue, 19 Jun 2018 16:24:58 -0500 +Subject: NFSv4 client live hangs after live data migration recovery + +From: Bill Baker + +commit 0f90be132cbf1537d87a6a8b9e80867adac892f6 upstream. + +After a live data migration event at the NFS server, the client may send +I/O requests to the wrong server, causing a live hang due to repeated +recovery events. On the wire, this will appear as an I/O request failing +with NFS4ERR_BADSESSION, followed by successful CREATE_SESSION, repeatedly. +NFS4ERR_BADSSESSION is returned because the session ID being used was +issued by the other server and is not valid at the old server. + +The failure is caused by async worker threads having cached the transport +(xprt) in the rpc_task structure. After the migration recovery completes, +the task is redispatched and the task resends the request to the wrong +server based on the old value still present in tk_xprt. + +The solution is to recompute the tk_xprt field of the rpc_task structure +so that the request goes to the correct server. + +Signed-off-by: Bill Baker +Reviewed-by: Chuck Lever +Tested-by: Helen Chao +Fixes: fb43d17210ba ("SUNRPC: Use the multipath iterator to assign a ...") +Cc: stable@vger.kernel.org # v4.9+ +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 9 ++++++++- + include/linux/sunrpc/clnt.h | 1 + + net/sunrpc/clnt.c | 28 ++++++++++++++++++++-------- + 3 files changed, 29 insertions(+), 9 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -581,8 +581,15 @@ nfs4_async_handle_exception(struct rpc_t + ret = -EIO; + return ret; + out_retry: +- if (ret == 0) ++ if (ret == 0) { + exception->retry = 1; ++ /* ++ * For NFS4ERR_MOVED, the client transport will need to ++ * be recomputed after migration recovery has completed. ++ */ ++ if (errorcode == -NFS4ERR_MOVED) ++ rpc_task_release_transport(task); ++ } + return ret; + } + +--- a/include/linux/sunrpc/clnt.h ++++ b/include/linux/sunrpc/clnt.h +@@ -156,6 +156,7 @@ int rpc_switch_client_transport(struct + + void rpc_shutdown_client(struct rpc_clnt *); + void rpc_release_client(struct rpc_clnt *); ++void rpc_task_release_transport(struct rpc_task *); + void rpc_task_release_client(struct rpc_task *); + + int rpcb_create_local(struct net *); +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -965,10 +965,20 @@ out: + } + EXPORT_SYMBOL_GPL(rpc_bind_new_program); + ++void rpc_task_release_transport(struct rpc_task *task) ++{ ++ struct rpc_xprt *xprt = task->tk_xprt; ++ ++ if (xprt) { ++ task->tk_xprt = NULL; ++ xprt_put(xprt); ++ } ++} ++EXPORT_SYMBOL_GPL(rpc_task_release_transport); ++ + void rpc_task_release_client(struct rpc_task *task) + { + struct rpc_clnt *clnt = task->tk_client; +- struct rpc_xprt *xprt = task->tk_xprt; + + if (clnt != NULL) { + /* Remove from client task list */ +@@ -979,12 +989,14 @@ void rpc_task_release_client(struct rpc_ + + rpc_release_client(clnt); + } ++ rpc_task_release_transport(task); ++} + +- if (xprt != NULL) { +- task->tk_xprt = NULL; +- +- xprt_put(xprt); +- } ++static ++void rpc_task_set_transport(struct rpc_task *task, struct rpc_clnt *clnt) ++{ ++ if (!task->tk_xprt) ++ task->tk_xprt = xprt_iter_get_next(&clnt->cl_xpi); + } + + static +@@ -992,8 +1004,7 @@ void rpc_task_set_client(struct rpc_task + { + + if (clnt != NULL) { +- if (task->tk_xprt == NULL) +- task->tk_xprt = xprt_iter_get_next(&clnt->cl_xpi); ++ rpc_task_set_transport(task, clnt); + task->tk_client = clnt; + atomic_inc(&clnt->cl_count); + if (clnt->cl_softrtry) +@@ -1512,6 +1523,7 @@ call_start(struct rpc_task *task) + clnt->cl_program->version[clnt->cl_vers]->counts[idx]++; + clnt->cl_stats->rpccnt++; + task->tk_action = call_reserve; ++ rpc_task_set_transport(task, clnt); + } + + /* diff --git a/queue-4.18/nfsv4-fix-a-sleep-in-atomic-context-in-nfs4_callback_sequence.patch b/queue-4.18/nfsv4-fix-a-sleep-in-atomic-context-in-nfs4_callback_sequence.patch new file mode 100644 index 00000000000..5dd9b115d88 --- /dev/null +++ b/queue-4.18/nfsv4-fix-a-sleep-in-atomic-context-in-nfs4_callback_sequence.patch @@ -0,0 +1,63 @@ +From 8618289c46556fd4dd259a1af02ccc448032f48d Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 14 Aug 2018 17:55:56 -0400 +Subject: NFSv4: Fix a sleep in atomic context in nfs4_callback_sequence() + +From: Trond Myklebust + +commit 8618289c46556fd4dd259a1af02ccc448032f48d upstream. + +We must drop the lock before we can sleep in referring_call_exists(). + +Reported-by: Jia-Ju Bai +Fixes: 045d2a6d076a ("NFSv4.1: Delay callback processing...") +Cc: stable@vger.kernel.org # v4.9+ +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/callback_proc.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/fs/nfs/callback_proc.c ++++ b/fs/nfs/callback_proc.c +@@ -441,11 +441,14 @@ validate_seqid(const struct nfs4_slot_ta + * a match. If the slot is in use and the sequence numbers match, the + * client is still waiting for a response to the original request. + */ +-static bool referring_call_exists(struct nfs_client *clp, ++static int referring_call_exists(struct nfs_client *clp, + uint32_t nrclists, +- struct referring_call_list *rclists) ++ struct referring_call_list *rclists, ++ spinlock_t *lock) ++ __releases(lock) ++ __acquires(lock) + { +- bool status = false; ++ int status = 0; + int i, j; + struct nfs4_session *session; + struct nfs4_slot_table *tbl; +@@ -468,8 +471,10 @@ static bool referring_call_exists(struct + + for (j = 0; j < rclist->rcl_nrefcalls; j++) { + ref = &rclist->rcl_refcalls[j]; ++ spin_unlock(lock); + status = nfs4_slot_wait_on_seqid(tbl, ref->rc_slotid, + ref->rc_sequenceid, HZ >> 1) < 0; ++ spin_lock(lock); + if (status) + goto out; + } +@@ -546,7 +551,8 @@ __be32 nfs4_callback_sequence(void *argp + * related callback was received before the response to the original + * call. + */ +- if (referring_call_exists(clp, args->csa_nrclists, args->csa_rclists)) { ++ if (referring_call_exists(clp, args->csa_nrclists, args->csa_rclists, ++ &tbl->slot_tbl_lock) < 0) { + status = htonl(NFS4ERR_DELAY); + goto out_unlock; + } diff --git a/queue-4.18/nfsv4-fix-locking-in-pnfs_generic_recover_commit_reqs.patch b/queue-4.18/nfsv4-fix-locking-in-pnfs_generic_recover_commit_reqs.patch new file mode 100644 index 00000000000..39dc8e8aa74 --- /dev/null +++ b/queue-4.18/nfsv4-fix-locking-in-pnfs_generic_recover_commit_reqs.patch @@ -0,0 +1,86 @@ +From d0fbb1d8a194c0ec0180c1d073ad709e45503a43 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 14 Aug 2018 17:25:37 -0400 +Subject: NFSv4: Fix locking in pnfs_generic_recover_commit_reqs + +From: Trond Myklebust + +commit d0fbb1d8a194c0ec0180c1d073ad709e45503a43 upstream. + +The use of the inode->i_lock was converted to a mutex, but we forgot +to remove the old inode unlock/lock() pair that allowed the layout +segment to be put inside the loop. + +Reported-by: Jia-Ju Bai +Fixes: e824f99adaaf1 ("NFSv4: Use a mutex to protect the per-inode commit...") +Cc: stable@vger.kernel.org # v4.14+ +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs_nfs.c | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +--- a/fs/nfs/pnfs_nfs.c ++++ b/fs/nfs/pnfs_nfs.c +@@ -61,7 +61,7 @@ EXPORT_SYMBOL_GPL(pnfs_generic_commit_re + + /* The generic layer is about to remove the req from the commit list. + * If this will make the bucket empty, it will need to put the lseg reference. +- * Note this must be called holding i_lock ++ * Note this must be called holding nfsi->commit_mutex + */ + void + pnfs_generic_clear_request_commit(struct nfs_page *req, +@@ -149,9 +149,7 @@ restart: + if (list_empty(&b->written)) { + freeme = b->wlseg; + b->wlseg = NULL; +- spin_unlock(&cinfo->inode->i_lock); + pnfs_put_lseg(freeme); +- spin_lock(&cinfo->inode->i_lock); + goto restart; + } + } +@@ -167,7 +165,7 @@ static void pnfs_generic_retry_commit(st + LIST_HEAD(pages); + int i; + +- spin_lock(&cinfo->inode->i_lock); ++ mutex_lock(&NFS_I(cinfo->inode)->commit_mutex); + for (i = idx; i < fl_cinfo->nbuckets; i++) { + bucket = &fl_cinfo->buckets[i]; + if (list_empty(&bucket->committing)) +@@ -177,12 +175,12 @@ static void pnfs_generic_retry_commit(st + list_for_each(pos, &bucket->committing) + cinfo->ds->ncommitting--; + list_splice_init(&bucket->committing, &pages); +- spin_unlock(&cinfo->inode->i_lock); ++ mutex_unlock(&NFS_I(cinfo->inode)->commit_mutex); + nfs_retry_commit(&pages, freeme, cinfo, i); + pnfs_put_lseg(freeme); +- spin_lock(&cinfo->inode->i_lock); ++ mutex_lock(&NFS_I(cinfo->inode)->commit_mutex); + } +- spin_unlock(&cinfo->inode->i_lock); ++ mutex_unlock(&NFS_I(cinfo->inode)->commit_mutex); + } + + static unsigned int +@@ -222,13 +220,13 @@ void pnfs_fetch_commit_bucket_list(struc + struct list_head *pos; + + bucket = &cinfo->ds->buckets[data->ds_commit_index]; +- spin_lock(&cinfo->inode->i_lock); ++ mutex_lock(&NFS_I(cinfo->inode)->commit_mutex); + list_for_each(pos, &bucket->committing) + cinfo->ds->ncommitting--; + list_splice_init(&bucket->committing, pages); + data->lseg = bucket->clseg; + bucket->clseg = NULL; +- spin_unlock(&cinfo->inode->i_lock); ++ mutex_unlock(&NFS_I(cinfo->inode)->commit_mutex); + + } + diff --git a/queue-4.18/pm-sleep-wakeup-fix-build-error-caused-by-missing-srcu-support.patch b/queue-4.18/pm-sleep-wakeup-fix-build-error-caused-by-missing-srcu-support.patch new file mode 100644 index 00000000000..501fac318c2 --- /dev/null +++ b/queue-4.18/pm-sleep-wakeup-fix-build-error-caused-by-missing-srcu-support.patch @@ -0,0 +1,53 @@ +From 3df6f61fff49632492490fb6e42646b803a9958a Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Tue, 14 Aug 2018 10:34:42 +0800 +Subject: PM / sleep: wakeup: Fix build error caused by missing SRCU support + +From: zhangyi (F) + +commit 3df6f61fff49632492490fb6e42646b803a9958a upstream. + +Commit ea0212f40c6 (power: auto select CONFIG_SRCU) made the code in +drivers/base/power/wakeup.c use SRCU instead of RCU, but it forgot to +select CONFIG_SRCU in Kconfig, which leads to the following build +error if CONFIG_SRCU is not selected somewhere else: + +drivers/built-in.o: In function `wakeup_source_remove': +(.text+0x3c6fc): undefined reference to `synchronize_srcu' +drivers/built-in.o: In function `pm_print_active_wakeup_sources': +(.text+0x3c7a8): undefined reference to `__srcu_read_lock' +drivers/built-in.o: In function `pm_print_active_wakeup_sources': +(.text+0x3c84c): undefined reference to `__srcu_read_unlock' +drivers/built-in.o: In function `device_wakeup_arm_wake_irqs': +(.text+0x3d1d8): undefined reference to `__srcu_read_lock' +drivers/built-in.o: In function `device_wakeup_arm_wake_irqs': +(.text+0x3d228): undefined reference to `__srcu_read_unlock' +drivers/built-in.o: In function `device_wakeup_disarm_wake_irqs': +(.text+0x3d24c): undefined reference to `__srcu_read_lock' +drivers/built-in.o: In function `device_wakeup_disarm_wake_irqs': +(.text+0x3d29c): undefined reference to `__srcu_read_unlock' +drivers/built-in.o:(.data+0x4158): undefined reference to `process_srcu' + +Fix this error by selecting CONFIG_SRCU when PM_SLEEP is enabled. + +Fixes: ea0212f40c6 (power: auto select CONFIG_SRCU) +Cc: 4.2+ # 4.2+ +Signed-off-by: zhangyi (F) +[ rjw: Minor subject/changelog fixups ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/power/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/kernel/power/Kconfig ++++ b/kernel/power/Kconfig +@@ -105,6 +105,7 @@ config PM_SLEEP + def_bool y + depends on SUSPEND || HIBERNATE_CALLBACKS + select PM ++ select SRCU + + config PM_SLEEP_SMP + def_bool y diff --git a/queue-4.18/pnfs-blocklayout-off-by-one-in-bl_map_stripe.patch b/queue-4.18/pnfs-blocklayout-off-by-one-in-bl_map_stripe.patch new file mode 100644 index 00000000000..8c1989597af --- /dev/null +++ b/queue-4.18/pnfs-blocklayout-off-by-one-in-bl_map_stripe.patch @@ -0,0 +1,37 @@ +From 0914bb965e38a055e9245637aed117efbe976e91 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 4 Jul 2018 12:59:58 +0300 +Subject: pnfs/blocklayout: off by one in bl_map_stripe() + +From: Dan Carpenter + +commit 0914bb965e38a055e9245637aed117efbe976e91 upstream. + +"dev->nr_children" is the number of children which were parsed +successfully in bl_parse_stripe(). It could be all of them and then, in +that case, it is equal to v->stripe.volumes_count. Either way, the > +should be >= so that we don't go beyond the end of what we're supposed +to. + +Fixes: 5c83746a0cf2 ("pnfs/blocklayout: in-kernel GETDEVICEINFO XDR parsing") +Signed-off-by: Dan Carpenter +Reviewed-by: Christoph Hellwig +Cc: stable@vger.kernel.org # 3.17+ +Signed-off-by: Anna Schumaker +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/blocklayout/dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/blocklayout/dev.c ++++ b/fs/nfs/blocklayout/dev.c +@@ -204,7 +204,7 @@ static bool bl_map_stripe(struct pnfs_bl + chunk = div_u64(offset, dev->chunk_size); + div_u64_rem(chunk, dev->nr_children, &chunk_idx); + +- if (chunk_idx > dev->nr_children) { ++ if (chunk_idx >= dev->nr_children) { + dprintk("%s: invalid chunk idx %d (%lld/%lld)\n", + __func__, chunk_idx, offset, dev->chunk_size); + /* error, should not happen */ diff --git a/queue-4.18/sched-idle-avoid-retaining-the-tick-when-it-has-been-stopped.patch b/queue-4.18/sched-idle-avoid-retaining-the-tick-when-it-has-been-stopped.patch new file mode 100644 index 00000000000..abe91306436 --- /dev/null +++ b/queue-4.18/sched-idle-avoid-retaining-the-tick-when-it-has-been-stopped.patch @@ -0,0 +1,35 @@ +From 7059b36636beab57c3c43c62104483e5449bee95 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Thu, 9 Aug 2018 19:08:34 +0200 +Subject: sched: idle: Avoid retaining the tick when it has been stopped + +From: Rafael J. Wysocki + +commit 7059b36636beab57c3c43c62104483e5449bee95 upstream. + +If the tick has been stopped already, but the governor has not asked to +stop it (which it can do sometimes), the idle loop should invoke +tick_nohz_idle_stop_tick(), to let tick_nohz_stop_tick() take care +of this case properly. + +Fixes: 554c8aa8ecad (sched: idle: Select idle state before stopping the tick) +Cc: 4.17+ # 4.17+ +Acked-by: Peter Zijlstra (Intel) +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/idle.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/sched/idle.c ++++ b/kernel/sched/idle.c +@@ -190,7 +190,7 @@ static void cpuidle_idle_call(void) + */ + next_state = cpuidle_select(drv, dev, &stop_tick); + +- if (stop_tick) ++ if (stop_tick || tick_nohz_tick_stopped()) + tick_nohz_idle_stop_tick(); + else + tick_nohz_idle_retain_tick(); diff --git a/queue-4.18/series b/queue-4.18/series index 7d31ff8226c..456d17a63d4 100644 --- a/queue-4.18/series +++ b/queue-4.18/series @@ -79,3 +79,26 @@ livepatch-validate-module-old-func-name-length.patch uprobes-use-synchronize_rcu-not-synchronize_sched.patch mfd-hi655x-fix-regmap-area-declared-size-for-hi655x.patch ovl-fix-wrong-use-of-impure-dir-cache-in-ovl_iterate.patch +acpica-aml-parser-skip-opcodes-that-open-a-scope-upon-parse-failure.patch +acpica-clear-status-of-all-events-when-entering-sleep-states.patch +drivers-block-zram-zram_drv.c-fix-bug-storing-backing_dev.patch +sched-idle-avoid-retaining-the-tick-when-it-has-been-stopped.patch +cpuidle-menu-handle-stopped-tick-more-aggressively.patch +cpufreq-governor-avoid-accessing-invalid-governor_data.patch +pm-sleep-wakeup-fix-build-error-caused-by-missing-srcu-support.patch +alsa-ac97-fix-device-initialization-in-the-compat-layer.patch +alsa-ac97-fix-check-of-pm_runtime_get_sync-failure.patch +alsa-ac97-fix-unbalanced-pm_runtime_enable.patch +i2c-designware-re-init-controllers-with-pm_disabled-set-on-resume.patch +kvm-vmx-fixes-for-vmentry_l1d_flush-module-parameter.patch +kvm-ppc-book3s-fix-guest-dma-when-guest-partially-backed-by-thp-pages.patch +xtensa-limit-offsets-in-__loop_cache_-all-page.patch +xtensa-increase-ranges-in-___invalidate_-i-d-cache_all.patch +block-bfq-return-nbytes-and-not-zero-from-struct-cftype-.write-method.patch +pnfs-blocklayout-off-by-one-in-bl_map_stripe.patch +nfsd-fix-leaked-file-lock-with-nfs-exported-overlayfs.patch +nfsv4-client-live-hangs-after-live-data-migration-recovery.patch +nfsv4-fix-locking-in-pnfs_generic_recover_commit_reqs.patch +nfsv4-fix-a-sleep-in-atomic-context-in-nfs4_callback_sequence.patch +arm-tegra-fix-tegra30-cardhu-pca954x-reset.patch +arm-dts-am57xx-idk-enable-dual-role-for-usb2-port.patch diff --git a/queue-4.18/xtensa-increase-ranges-in-___invalidate_-i-d-cache_all.patch b/queue-4.18/xtensa-increase-ranges-in-___invalidate_-i-d-cache_all.patch new file mode 100644 index 00000000000..8885011053e --- /dev/null +++ b/queue-4.18/xtensa-increase-ranges-in-___invalidate_-i-d-cache_all.patch @@ -0,0 +1,48 @@ +From fec3259c9f747c039f90e99570540114c8d81a14 Mon Sep 17 00:00:00 2001 +From: Max Filippov +Date: Fri, 10 Aug 2018 22:21:22 -0700 +Subject: xtensa: increase ranges in ___invalidate_{i,d}cache_all + +From: Max Filippov + +commit fec3259c9f747c039f90e99570540114c8d81a14 upstream. + +Cache invalidation macros use cache line size to iterate over +invalidated cache lines, assuming that all cache ways are invalidated by +single instruction, but xtensa ISA recommends to not assume that for +future compatibility: + In some implementations all ways at index Addry-1..z are invalidated + regardless of the specified way, but for future compatibility this + behavior should not be assumed. + +Iterate over all cache ways in ___invalidate_icache_all and +___invalidate_dcache_all. + +Cc: stable@vger.kernel.org +Signed-off-by: Max Filippov +Signed-off-by: Greg Kroah-Hartman + +--- + arch/xtensa/include/asm/cacheasm.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/xtensa/include/asm/cacheasm.h ++++ b/arch/xtensa/include/asm/cacheasm.h +@@ -123,7 +123,7 @@ + .macro ___invalidate_dcache_all ar at + + #if XCHAL_DCACHE_SIZE +- __loop_cache_all \ar \at dii __stringify(DCACHE_WAY_SIZE) \ ++ __loop_cache_all \ar \at dii XCHAL_DCACHE_SIZE \ + XCHAL_DCACHE_LINEWIDTH 1020 + #endif + +@@ -133,7 +133,7 @@ + .macro ___invalidate_icache_all ar at + + #if XCHAL_ICACHE_SIZE +- __loop_cache_all \ar \at iii __stringify(ICACHE_WAY_SIZE) \ ++ __loop_cache_all \ar \at iii XCHAL_ICACHE_SIZE \ + XCHAL_ICACHE_LINEWIDTH 1020 + #endif + diff --git a/queue-4.18/xtensa-limit-offsets-in-__loop_cache_-all-page.patch b/queue-4.18/xtensa-limit-offsets-in-__loop_cache_-all-page.patch new file mode 100644 index 00000000000..3cff79406f3 --- /dev/null +++ b/queue-4.18/xtensa-limit-offsets-in-__loop_cache_-all-page.patch @@ -0,0 +1,191 @@ +From be75de25251f7cf3e399ca1f584716a95510d24a Mon Sep 17 00:00:00 2001 +From: Max Filippov +Date: Fri, 10 Aug 2018 20:43:48 -0700 +Subject: xtensa: limit offsets in __loop_cache_{all,page} + +From: Max Filippov + +commit be75de25251f7cf3e399ca1f584716a95510d24a upstream. + +When building kernel for xtensa cores with big cache lines (e.g. 128 +bytes or more) __loop_cache_all and __loop_cache_page may generate +assembly instructions with immediate fields that are too big. This +results in the following build errors: + + arch/xtensa/mm/misc.S: Assembler messages: + arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '256' + arch/xtensa/mm/misc.S:464: Error: operand 2 of 'diwbi' has invalid value '384' + arch/xtensa/kernel/head.S: Assembler messages: + arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '256' + arch/xtensa/kernel/head.S:172: Error: operand 2 of 'diu' has invalid value '384' + arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '256' + arch/xtensa/kernel/head.S:176: Error: operand 2 of 'iiu' has invalid value '384' + arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '256' + arch/xtensa/kernel/head.S:255: Error: operand 2 of 'diwb' has invalid value '384' + +Add parameter max_immed to these macros and use it to limit values of +immediate operands. Extract common code of these macros into the new +macro __loop_cache_unroll. + +Cc: stable@vger.kernel.org +Signed-off-by: Max Filippov +Signed-off-by: Greg Kroah-Hartman + +--- + arch/xtensa/include/asm/cacheasm.h | 65 ++++++++++++++++++++++--------------- + 1 file changed, 40 insertions(+), 25 deletions(-) + +--- a/arch/xtensa/include/asm/cacheasm.h ++++ b/arch/xtensa/include/asm/cacheasm.h +@@ -31,16 +31,32 @@ + * + */ + +- .macro __loop_cache_all ar at insn size line_width + +- movi \ar, 0 ++ .macro __loop_cache_unroll ar at insn size line_width max_immed ++ ++ .if (1 << (\line_width)) > (\max_immed) ++ .set _reps, 1 ++ .elseif (2 << (\line_width)) > (\max_immed) ++ .set _reps, 2 ++ .else ++ .set _reps, 4 ++ .endif ++ ++ __loopi \ar, \at, \size, (_reps << (\line_width)) ++ .set _index, 0 ++ .rep _reps ++ \insn \ar, _index << (\line_width) ++ .set _index, _index + 1 ++ .endr ++ __endla \ar, \at, _reps << (\line_width) ++ ++ .endm ++ + +- __loopi \ar, \at, \size, (4 << (\line_width)) +- \insn \ar, 0 << (\line_width) +- \insn \ar, 1 << (\line_width) +- \insn \ar, 2 << (\line_width) +- \insn \ar, 3 << (\line_width) +- __endla \ar, \at, 4 << (\line_width) ++ .macro __loop_cache_all ar at insn size line_width max_immed ++ ++ movi \ar, 0 ++ __loop_cache_unroll \ar, \at, \insn, \size, \line_width, \max_immed + + .endm + +@@ -57,14 +73,9 @@ + .endm + + +- .macro __loop_cache_page ar at insn line_width ++ .macro __loop_cache_page ar at insn line_width max_immed + +- __loopi \ar, \at, PAGE_SIZE, 4 << (\line_width) +- \insn \ar, 0 << (\line_width) +- \insn \ar, 1 << (\line_width) +- \insn \ar, 2 << (\line_width) +- \insn \ar, 3 << (\line_width) +- __endla \ar, \at, 4 << (\line_width) ++ __loop_cache_unroll \ar, \at, \insn, PAGE_SIZE, \line_width, \max_immed + + .endm + +@@ -72,7 +83,8 @@ + .macro ___unlock_dcache_all ar at + + #if XCHAL_DCACHE_LINE_LOCKABLE && XCHAL_DCACHE_SIZE +- __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_all \ar \at diu XCHAL_DCACHE_SIZE \ ++ XCHAL_DCACHE_LINEWIDTH 240 + #endif + + .endm +@@ -81,7 +93,8 @@ + .macro ___unlock_icache_all ar at + + #if XCHAL_ICACHE_LINE_LOCKABLE && XCHAL_ICACHE_SIZE +- __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE XCHAL_ICACHE_LINEWIDTH ++ __loop_cache_all \ar \at iiu XCHAL_ICACHE_SIZE \ ++ XCHAL_ICACHE_LINEWIDTH 240 + #endif + + .endm +@@ -90,7 +103,8 @@ + .macro ___flush_invalidate_dcache_all ar at + + #if XCHAL_DCACHE_SIZE +- __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_all \ar \at diwbi XCHAL_DCACHE_SIZE \ ++ XCHAL_DCACHE_LINEWIDTH 240 + #endif + + .endm +@@ -99,7 +113,8 @@ + .macro ___flush_dcache_all ar at + + #if XCHAL_DCACHE_SIZE +- __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_all \ar \at diwb XCHAL_DCACHE_SIZE \ ++ XCHAL_DCACHE_LINEWIDTH 240 + #endif + + .endm +@@ -109,7 +124,7 @@ + + #if XCHAL_DCACHE_SIZE + __loop_cache_all \ar \at dii __stringify(DCACHE_WAY_SIZE) \ +- XCHAL_DCACHE_LINEWIDTH ++ XCHAL_DCACHE_LINEWIDTH 1020 + #endif + + .endm +@@ -119,7 +134,7 @@ + + #if XCHAL_ICACHE_SIZE + __loop_cache_all \ar \at iii __stringify(ICACHE_WAY_SIZE) \ +- XCHAL_ICACHE_LINEWIDTH ++ XCHAL_ICACHE_LINEWIDTH 1020 + #endif + + .endm +@@ -166,7 +181,7 @@ + .macro ___flush_invalidate_dcache_page ar as + + #if XCHAL_DCACHE_SIZE +- __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_page \ar \as dhwbi XCHAL_DCACHE_LINEWIDTH 1020 + #endif + + .endm +@@ -175,7 +190,7 @@ + .macro ___flush_dcache_page ar as + + #if XCHAL_DCACHE_SIZE +- __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_page \ar \as dhwb XCHAL_DCACHE_LINEWIDTH 1020 + #endif + + .endm +@@ -184,7 +199,7 @@ + .macro ___invalidate_dcache_page ar as + + #if XCHAL_DCACHE_SIZE +- __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH ++ __loop_cache_page \ar \as dhi XCHAL_DCACHE_LINEWIDTH 1020 + #endif + + .endm +@@ -193,7 +208,7 @@ + .macro ___invalidate_icache_page ar as + + #if XCHAL_ICACHE_SIZE +- __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH ++ __loop_cache_page \ar \as ihi XCHAL_ICACHE_LINEWIDTH 1020 + #endif + + .endm