From: Greg Kroah-Hartman Date: Mon, 19 Nov 2018 15:21:45 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v4.19.3~9 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=be796463f4c38a0f249b5ab1f919165705aac63c;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch ovl-check-whiteout-in-ovl_create_over_whiteout.patch printk-never-set-console_may_schedule-in-console_trylock.patch --- diff --git a/queue-4.14/config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch b/queue-4.14/config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch new file mode 100644 index 00000000000..1cabd2c44b4 --- /dev/null +++ b/queue-4.14/config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch @@ -0,0 +1,45 @@ +From f9005571701920551bcf54a500973fb61f2e1eda Mon Sep 17 00:00:00 2001 +From: Stefano Stabellini +Date: Wed, 31 Oct 2018 16:11:49 -0700 +Subject: CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM + +From: Stefano Stabellini + +commit f9005571701920551bcf54a500973fb61f2e1eda upstream. + +xen_create_contiguous_region has now only an implementation if +CONFIG_XEN_PV is defined. However, on ARM we never set CONFIG_XEN_PV but +we do have an implementation of xen_create_contiguous_region which is +required for swiotlb-xen to work correctly (although it just sets +*dma_handle). + +[backport: remove change to xen_remap_pfn] + +Cc: # 4.12 +Fixes: 16624390816c ("xen: create xen_create/destroy_contiguous_region() stubs for PVHVM only builds") +Signed-off-by: Stefano Stabellini +Reviewed-by: Juergen Gross +CC: Jeff.Kubascik@dornerworks.com +CC: Jarvis.Roach@dornerworks.com +CC: Nathan.Studer@dornerworks.com +CC: vkuznets@redhat.com +CC: boris.ostrovsky@oracle.com +CC: jgross@suse.com +CC: julien.grall@arm.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman +--- + include/xen/xen-ops.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/xen/xen-ops.h ++++ b/include/xen/xen-ops.h +@@ -40,7 +40,7 @@ int xen_setup_shutdown_event(void); + + extern unsigned long *xen_contiguous_bitmap; + +-#ifdef CONFIG_XEN_PV ++#if defined(CONFIG_XEN_PV) || defined(CONFIG_ARM) || defined(CONFIG_ARM64) + int xen_create_contiguous_region(phys_addr_t pstart, unsigned int order, + unsigned int address_bits, + dma_addr_t *dma_handle); diff --git a/queue-4.14/gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch b/queue-4.14/gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch new file mode 100644 index 00000000000..4b3c70616f8 --- /dev/null +++ b/queue-4.14/gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch @@ -0,0 +1,83 @@ +From 142c168e0e50164e67c9399c28dedd65a307cfe5 Mon Sep 17 00:00:00 2001 +From: Doug Berger +Date: Tue, 24 Oct 2017 12:54:47 -0700 +Subject: gpio: brcmstb: release the bgpio lock during irq handlers + +From: Doug Berger + +commit 142c168e0e50164e67c9399c28dedd65a307cfe5 upstream. + +The basic memory-mapped GPIO controller lock must be released +before calling the registered GPIO interrupt handlers to allow +the interrupt handlers to access the hardware. + +Examples of why a GPIO interrupt handler might want to access +the GPIO hardware include an interrupt that is configured to +trigger on rising and falling edges that needs to read the +current level of the input to know how to respond, or an +interrupt that causes a change in a GPIO output in the same +bank. If the lock is not released before enterring the handler +the hardware accesses will deadlock when they attempt to grab +the lock. + +Since the lock is only needed to protect the calculation of +unmasked pending interrupts create a dedicated function to +perform this and hide the complexity. + +Fixes: 19a7b6940b78 ("gpio: brcmstb: Add interrupt and wakeup source support") +Signed-off-by: Doug Berger +Reviewed-by: Florian Fainelli +Acked-by: Gregory Fong +Signed-off-by: Linus Walleij +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-brcmstb.c | 21 ++++++++++++++++----- + 1 file changed, 16 insertions(+), 5 deletions(-) + +--- a/drivers/gpio/gpio-brcmstb.c ++++ b/drivers/gpio/gpio-brcmstb.c +@@ -63,6 +63,21 @@ brcmstb_gpio_gc_to_priv(struct gpio_chip + return bank->parent_priv; + } + ++static unsigned long ++brcmstb_gpio_get_active_irqs(struct brcmstb_gpio_bank *bank) ++{ ++ void __iomem *reg_base = bank->parent_priv->reg_base; ++ unsigned long status; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&bank->gc.bgpio_lock, flags); ++ status = bank->gc.read_reg(reg_base + GIO_STAT(bank->id)) & ++ bank->gc.read_reg(reg_base + GIO_MASK(bank->id)); ++ spin_unlock_irqrestore(&bank->gc.bgpio_lock, flags); ++ ++ return status; ++} ++ + static void brcmstb_gpio_set_imask(struct brcmstb_gpio_bank *bank, + unsigned int offset, bool enable) + { +@@ -205,11 +220,8 @@ static void brcmstb_gpio_irq_bank_handle + struct irq_domain *irq_domain = bank->gc.irqdomain; + void __iomem *reg_base = priv->reg_base; + unsigned long status; +- unsigned long flags; + +- spin_lock_irqsave(&bank->gc.bgpio_lock, flags); +- while ((status = bank->gc.read_reg(reg_base + GIO_STAT(bank->id)) & +- bank->gc.read_reg(reg_base + GIO_MASK(bank->id)))) { ++ while ((status = brcmstb_gpio_get_active_irqs(bank))) { + int bit; + + for_each_set_bit(bit, &status, 32) { +@@ -224,7 +236,6 @@ static void brcmstb_gpio_irq_bank_handle + generic_handle_irq(irq_find_mapping(irq_domain, bit)); + } + } +- spin_unlock_irqrestore(&bank->gc.bgpio_lock, flags); + } + + /* Each UPG GIO block has one IRQ for all banks */ diff --git a/queue-4.14/nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch b/queue-4.14/nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch new file mode 100644 index 00000000000..800398c2539 --- /dev/null +++ b/queue-4.14/nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch @@ -0,0 +1,66 @@ +From 11d9ea6f2ca69237d35d6c55755beba3e006b106 Mon Sep 17 00:00:00 2001 +From: Ming Lei +Date: Thu, 12 Apr 2018 09:16:04 -0600 +Subject: nvme-loop: fix kernel oops in case of unhandled command + +From: Ming Lei + +commit 11d9ea6f2ca69237d35d6c55755beba3e006b106 upstream. + +When nvmet_req_init() fails, __nvmet_req_complete() is called +to handle the target request via .queue_response(), so +nvme_loop_queue_response() shouldn't be called again for +handling the failure. + +This patch fixes this case by the following way: + +- move blk_mq_start_request() before nvmet_req_init(), so +nvme_loop_queue_response() may work well to complete this +host request + +- don't call nvme_cleanup_cmd() which is done in nvme_loop_complete_rq() + +- don't call nvme_loop_queue_response() which is done via +.queue_response() + +Signed-off-by: Ming Lei +Reviewed-by: Christoph Hellwig +[trimmed changelog] +Signed-off-by: Keith Busch +Signed-off-by: Jens Axboe +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/target/loop.c | 9 ++------- + 1 file changed, 2 insertions(+), 7 deletions(-) + +--- a/drivers/nvme/target/loop.c ++++ b/drivers/nvme/target/loop.c +@@ -183,15 +183,12 @@ static blk_status_t nvme_loop_queue_rq(s + if (ret) + return ret; + ++ blk_mq_start_request(req); + iod->cmd.common.flags |= NVME_CMD_SGL_METABUF; + iod->req.port = nvmet_loop_port; + if (!nvmet_req_init(&iod->req, &queue->nvme_cq, +- &queue->nvme_sq, &nvme_loop_ops)) { +- nvme_cleanup_cmd(req); +- blk_mq_start_request(req); +- nvme_loop_queue_response(&iod->req); ++ &queue->nvme_sq, &nvme_loop_ops)) + return BLK_STS_OK; +- } + + if (blk_rq_bytes(req)) { + iod->sg_table.sgl = iod->first_sgl; +@@ -204,8 +201,6 @@ static blk_status_t nvme_loop_queue_rq(s + iod->req.sg_cnt = blk_rq_map_sg(req->q, req, iod->sg_table.sgl); + } + +- blk_mq_start_request(req); +- + schedule_work(&iod->work); + return BLK_STS_OK; + } diff --git a/queue-4.14/ovl-check-whiteout-in-ovl_create_over_whiteout.patch b/queue-4.14/ovl-check-whiteout-in-ovl_create_over_whiteout.patch new file mode 100644 index 00000000000..ce1c4de7040 --- /dev/null +++ b/queue-4.14/ovl-check-whiteout-in-ovl_create_over_whiteout.patch @@ -0,0 +1,49 @@ +From 5e1275808630ea3b2c97c776f40e475017535f72 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Wed, 31 Oct 2018 12:15:23 +0100 +Subject: ovl: check whiteout in ovl_create_over_whiteout() + +From: Miklos Szeredi + +commit 5e1275808630ea3b2c97c776f40e475017535f72 upstream. + +Kaixuxia repors that it's possible to crash overlayfs by removing the +whiteout on the upper layer before creating a directory over it. This is a +reproducer: + + mkdir lower upper work merge + touch lower/file + mount -t overlay overlay -olowerdir=lower,upperdir=upper,workdir=work merge + rm merge/file + ls -al merge/file + rm upper/file + ls -al merge/ + mkdir merge/file + +Before commencing with a vfs_rename(..., RENAME_EXCHANGE) verify that the +lookup of "upper" is positive and is a whiteout, and return ESTALE +otherwise. + +Reported by: kaixuxia +Signed-off-by: Miklos Szeredi +Fixes: e9be9d5e76e3 ("overlay filesystem") +Cc: # v3.18 +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/dir.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/overlayfs/dir.c ++++ b/fs/overlayfs/dir.c +@@ -392,6 +392,10 @@ static int ovl_create_over_whiteout(stru + if (IS_ERR(upper)) + goto out_dput; + ++ err = -ESTALE; ++ if (d_is_negative(upper) || !IS_WHITEOUT(d_inode(upper))) ++ goto out_dput2; ++ + err = ovl_create_real(wdir, newdentry, cattr, hardlink, true); + if (err) + goto out_dput2; diff --git a/queue-4.14/printk-never-set-console_may_schedule-in-console_trylock.patch b/queue-4.14/printk-never-set-console_may_schedule-in-console_trylock.patch new file mode 100644 index 00000000000..dab4f229fe8 --- /dev/null +++ b/queue-4.14/printk-never-set-console_may_schedule-in-console_trylock.patch @@ -0,0 +1,111 @@ +From fd5f7cde1b85d4c8e09ca46ce948e008a2377f64 Mon Sep 17 00:00:00 2001 +From: Sergey Senozhatsky +Date: Tue, 16 Jan 2018 13:47:16 +0900 +Subject: printk: Never set console_may_schedule in console_trylock() + +From: Sergey Senozhatsky + +commit fd5f7cde1b85d4c8e09ca46ce948e008a2377f64 upstream. + +This patch, basically, reverts commit 6b97a20d3a79 ("printk: +set may_schedule for some of console_trylock() callers"). +That commit was a mistake, it introduced a big dependency +on the scheduler, by enabling preemption under console_sem +in printk()->console_unlock() path, which is rather too +critical. The patch did not significantly reduce the +possibilities of printk() lockups, but made it possible to +stall printk(), as has been reported by Tetsuo Handa [1]. + +Another issues is that preemption under console_sem also +messes up with Steven Rostedt's hand off scheme, by making +it possible to sleep with console_sem both in console_unlock() +and in vprintk_emit(), after acquiring the console_sem +ownership (anywhere between printk_safe_exit_irqrestore() in +console_trylock_spinning() and printk_safe_enter_irqsave() +in console_unlock()). This makes hand off less likely and, +at the same time, may result in a significant amount of +pending logbuf messages. Preempted console_sem owner makes +it impossible for other CPUs to emit logbuf messages, but +does not make it impossible for other CPUs to append new +messages to the logbuf. + +Reinstate the old behavior and make printk() non-preemptible. +Should any printk() lockup reports arrive they must be handled +in a different way. + +[1] http://lkml.kernel.org/r/201603022101.CAH73907.OVOOMFHFFtQJSL%20()%20I-love%20!%20SAKURA%20!%20ne%20!%20jp +Fixes: 6b97a20d3a79 ("printk: set may_schedule for some of console_trylock() callers") +Link: http://lkml.kernel.org/r/20180116044716.GE6607@jagdpanzerIV +To: Tetsuo Handa +Cc: Sergey Senozhatsky +Cc: Tejun Heo +Cc: akpm@linux-foundation.org +Cc: linux-mm@kvack.org +Cc: Cong Wang +Cc: Dave Hansen +Cc: Johannes Weiner +Cc: Mel Gorman +Cc: Michal Hocko +Cc: Vlastimil Babka +Cc: Peter Zijlstra +Cc: Linus Torvalds +Cc: Jan Kara +Cc: Mathieu Desnoyers +Cc: Byungchul Park +Cc: Pavel Machek +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sergey Senozhatsky +Reported-by: Tetsuo Handa +Reviewed-by: Steven Rostedt (VMware) +Signed-off-by: Petr Mladek +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/printk/printk.c | 22 ++++++++-------------- + 1 file changed, 8 insertions(+), 14 deletions(-) + +--- a/kernel/printk/printk.c ++++ b/kernel/printk/printk.c +@@ -1763,12 +1763,19 @@ asmlinkage int vprintk_emit(int facility + /* If called from the scheduler, we can not call up(). */ + if (!in_sched) { + /* ++ * Disable preemption to avoid being preempted while holding ++ * console_sem which would prevent anyone from printing to ++ * console ++ */ ++ preempt_disable(); ++ /* + * Try to acquire and then immediately release the console + * semaphore. The release will print out buffers and wake up + * /dev/kmsg and syslog() users. + */ + if (console_trylock()) + console_unlock(); ++ preempt_enable(); + } + + return printed_len; +@@ -2083,20 +2090,7 @@ int console_trylock(void) + return 0; + } + console_locked = 1; +- /* +- * When PREEMPT_COUNT disabled we can't reliably detect if it's +- * safe to schedule (e.g. calling printk while holding a spin_lock), +- * because preempt_disable()/preempt_enable() are just barriers there +- * and preempt_count() is always 0. +- * +- * RCU read sections have a separate preemption counter when +- * PREEMPT_RCU enabled thus we must take extra care and check +- * rcu_preempt_depth(), otherwise RCU read sections modify +- * preempt_count(). +- */ +- console_may_schedule = !oops_in_progress && +- preemptible() && +- !rcu_preempt_depth(); ++ console_may_schedule = 0; + return 1; + } + EXPORT_SYMBOL(console_trylock); diff --git a/queue-4.14/series b/queue-4.14/series index e07b18a9314..5571b35a2f0 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -117,3 +117,8 @@ drm-i915-hdmi-add-hdmi-2.0-audio-clock-recovery-n-values.patch drm-i915-don-t-oops-during-modeset-shutdown-after-lpe-audio-deinit.patch drm-i915-mark-pin-flags-as-u64.patch drm-i915-execlists-force-write-serialisation-into-context-image-vs-execution.patch +config_xen_pv-breaks-xen_create_contiguous_region-on-arm.patch +ovl-check-whiteout-in-ovl_create_over_whiteout.patch +printk-never-set-console_may_schedule-in-console_trylock.patch +nvme-loop-fix-kernel-oops-in-case-of-unhandled-command.patch +gpio-brcmstb-release-the-bgpio-lock-during-irq-handlers.patch