From: Greg Kroah-Hartman Date: Mon, 17 Aug 2020 13:24:18 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v4.19.140~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c23dae4196e6b0565e994283edb306ccbc9e2507;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch s390-gmap-improve-thp-splitting.patch xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch xen-balloon-make-the-balloon-wait-interruptible.patch xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch --- diff --git a/queue-5.4/s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch b/queue-5.4/s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch new file mode 100644 index 00000000000..db2ef2c1cb4 --- /dev/null +++ b/queue-5.4/s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch @@ -0,0 +1,105 @@ +From 9f4aa52387c68049403b59939df5c0dd8e3872cc Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Tue, 14 Jul 2020 22:03:26 +0200 +Subject: s390/dasd: fix inability to use DASD with DIAG driver + +From: Stefan Haberland + +commit 9f4aa52387c68049403b59939df5c0dd8e3872cc upstream. + +During initialization of the DASD DIAG driver a request is issued +that has a bio structure that resides on the stack. With virtually +mapped kernel stacks this bio address might be in virtual storage +which is unsuitable for usage with the diag250 call. +In this case the device can not be set online using the DIAG +discipline and fails with -EOPNOTSUP. +In the system journal the following error message is presented: + +dasd: X.X.XXXX Setting the DASD online with discipline DIAG failed +with rc=-95 + +Fix by allocating the bio structure instead of having it on the stack. + +Fixes: ce3dc447493f ("s390: add support for virtually mapped kernel stacks") +Signed-off-by: Stefan Haberland +Reviewed-by: Peter Oberparleiter +Cc: stable@vger.kernel.org #4.20 +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/s390/block/dasd_diag.c | 25 +++++++++++++++++-------- + 1 file changed, 17 insertions(+), 8 deletions(-) + +--- a/drivers/s390/block/dasd_diag.c ++++ b/drivers/s390/block/dasd_diag.c +@@ -319,7 +319,7 @@ dasd_diag_check_device(struct dasd_devic + struct dasd_diag_characteristics *rdc_data; + struct vtoc_cms_label *label; + struct dasd_block *block; +- struct dasd_diag_bio bio; ++ struct dasd_diag_bio *bio; + unsigned int sb, bsize; + blocknum_t end_block; + int rc; +@@ -395,29 +395,36 @@ dasd_diag_check_device(struct dasd_devic + rc = -ENOMEM; + goto out; + } ++ bio = kzalloc(sizeof(*bio), GFP_KERNEL); ++ if (bio == NULL) { ++ DBF_DEV_EVENT(DBF_WARNING, device, "%s", ++ "No memory to allocate initialization bio"); ++ rc = -ENOMEM; ++ goto out_label; ++ } + rc = 0; + end_block = 0; + /* try all sizes - needed for ECKD devices */ + for (bsize = 512; bsize <= PAGE_SIZE; bsize <<= 1) { + mdsk_init_io(device, bsize, 0, &end_block); +- memset(&bio, 0, sizeof (struct dasd_diag_bio)); +- bio.type = MDSK_READ_REQ; +- bio.block_number = private->pt_block + 1; +- bio.buffer = label; ++ memset(bio, 0, sizeof(*bio)); ++ bio->type = MDSK_READ_REQ; ++ bio->block_number = private->pt_block + 1; ++ bio->buffer = label; + memset(&private->iob, 0, sizeof (struct dasd_diag_rw_io)); + private->iob.dev_nr = rdc_data->dev_nr; + private->iob.key = 0; + private->iob.flags = 0; /* do synchronous io */ + private->iob.block_count = 1; + private->iob.interrupt_params = 0; +- private->iob.bio_list = &bio; ++ private->iob.bio_list = bio; + private->iob.flaga = DASD_DIAG_FLAGA_DEFAULT; + rc = dia250(&private->iob, RW_BIO); + if (rc == 3) { + pr_warn("%s: A 64-bit DIAG call failed\n", + dev_name(&device->cdev->dev)); + rc = -EOPNOTSUPP; +- goto out_label; ++ goto out_bio; + } + mdsk_term_io(device); + if (rc == 0) +@@ -427,7 +434,7 @@ dasd_diag_check_device(struct dasd_devic + pr_warn("%s: Accessing the DASD failed because of an incorrect format (rc=%d)\n", + dev_name(&device->cdev->dev), rc); + rc = -EIO; +- goto out_label; ++ goto out_bio; + } + /* check for label block */ + if (memcmp(label->label_id, DASD_DIAG_CMS1, +@@ -457,6 +464,8 @@ dasd_diag_check_device(struct dasd_devic + (rc == 4) ? ", read-only device" : ""); + rc = 0; + } ++out_bio: ++ kfree(bio); + out_label: + free_page((long) label); + out: diff --git a/queue-5.4/s390-gmap-improve-thp-splitting.patch b/queue-5.4/s390-gmap-improve-thp-splitting.patch new file mode 100644 index 00000000000..aa23c5ea30b --- /dev/null +++ b/queue-5.4/s390-gmap-improve-thp-splitting.patch @@ -0,0 +1,79 @@ +From ba925fa35057a062ac98c3e8138b013ce4ce351c Mon Sep 17 00:00:00 2001 +From: Gerald Schaefer +Date: Wed, 29 Jul 2020 22:22:34 +0200 +Subject: s390/gmap: improve THP splitting + +From: Gerald Schaefer + +commit ba925fa35057a062ac98c3e8138b013ce4ce351c upstream. + +During s390_enable_sie(), we need to take care of splitting all qemu user +process THP mappings. This is currently done with follow_page(FOLL_SPLIT), +by simply iterating over all vma ranges, with PAGE_SIZE increment. + +This logic is sub-optimal and can result in a lot of unnecessary overhead, +especially when using qemu and ASAN with large shadow map. Ilya reported +significant system slow-down with one CPU busy for a long time and overall +unresponsiveness. + +Fix this by using walk_page_vma() and directly calling split_huge_pmd() +only for present pmds, which greatly reduces overhead. + +Cc: # v5.4+ +Reported-by: Ilya Leoshkevich +Tested-by: Ilya Leoshkevich +Acked-by: Christian Borntraeger +Signed-off-by: Gerald Schaefer +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman + +--- + arch/s390/mm/gmap.c | 27 ++++++++++++++++++++------- + 1 file changed, 20 insertions(+), 7 deletions(-) + +--- a/arch/s390/mm/gmap.c ++++ b/arch/s390/mm/gmap.c +@@ -2485,23 +2485,36 @@ void gmap_sync_dirty_log_pmd(struct gmap + } + EXPORT_SYMBOL_GPL(gmap_sync_dirty_log_pmd); + ++#ifdef CONFIG_TRANSPARENT_HUGEPAGE ++static int thp_split_walk_pmd_entry(pmd_t *pmd, unsigned long addr, ++ unsigned long end, struct mm_walk *walk) ++{ ++ struct vm_area_struct *vma = walk->vma; ++ ++ split_huge_pmd(vma, pmd, addr); ++ return 0; ++} ++ ++static const struct mm_walk_ops thp_split_walk_ops = { ++ .pmd_entry = thp_split_walk_pmd_entry, ++}; ++ + static inline void thp_split_mm(struct mm_struct *mm) + { +-#ifdef CONFIG_TRANSPARENT_HUGEPAGE + struct vm_area_struct *vma; +- unsigned long addr; + + for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) { +- for (addr = vma->vm_start; +- addr < vma->vm_end; +- addr += PAGE_SIZE) +- follow_page(vma, addr, FOLL_SPLIT); + vma->vm_flags &= ~VM_HUGEPAGE; + vma->vm_flags |= VM_NOHUGEPAGE; ++ walk_page_vma(vma, &thp_split_walk_ops, NULL); + } + mm->def_flags |= VM_NOHUGEPAGE; +-#endif + } ++#else ++static inline void thp_split_mm(struct mm_struct *mm) ++{ ++} ++#endif /* CONFIG_TRANSPARENT_HUGEPAGE */ + + /* + * Remove all empty zero pages from the mapping for lazy refaulting diff --git a/queue-5.4/series b/queue-5.4/series index b3a9866dc61..072793326bd 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -262,3 +262,8 @@ bitfield.h-don-t-compile-time-validate-_val-in-field_fit.patch fs-minix-check-return-value-of-sb_getblk.patch fs-minix-don-t-allow-getting-deleted-inodes.patch fs-minix-reject-too-large-maximum-file-size.patch +xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch +xen-balloon-make-the-balloon-wait-interruptible.patch +xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch +s390-dasd-fix-inability-to-use-dasd-with-diag-driver.patch +s390-gmap-improve-thp-splitting.patch diff --git a/queue-5.4/xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch b/queue-5.4/xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch new file mode 100644 index 00000000000..bc76969417f --- /dev/null +++ b/queue-5.4/xen-balloon-fix-accounting-in-alloc_xenballooned_pages-error-path.patch @@ -0,0 +1,43 @@ +From 1951fa33ec259abdf3497bfee7b63e7ddbb1a394 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Mon, 27 Jul 2020 11:13:39 +0200 +Subject: xen/balloon: fix accounting in alloc_xenballooned_pages error path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Roger Pau Monne + +commit 1951fa33ec259abdf3497bfee7b63e7ddbb1a394 upstream. + +target_unpopulated is incremented with nr_pages at the start of the +function, but the call to free_xenballooned_pages will only subtract +pgno number of pages, and thus the rest need to be subtracted before +returning or else accounting will be skewed. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Juergen Gross +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200727091342.52325-2-roger.pau@citrix.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/xen/balloon.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/xen/balloon.c ++++ b/drivers/xen/balloon.c +@@ -632,6 +632,12 @@ int alloc_xenballooned_pages(int nr_page + out_undo: + mutex_unlock(&balloon_mutex); + free_xenballooned_pages(pgno, pages); ++ /* ++ * NB: free_xenballooned_pages will only subtract pgno pages, but since ++ * target_unpopulated is incremented with nr_pages at the start we need ++ * to remove the remaining ones also, or accounting will be screwed. ++ */ ++ balloon_stats.target_unpopulated -= nr_pages - pgno; + return ret; + } + EXPORT_SYMBOL(alloc_xenballooned_pages); diff --git a/queue-5.4/xen-balloon-make-the-balloon-wait-interruptible.patch b/queue-5.4/xen-balloon-make-the-balloon-wait-interruptible.patch new file mode 100644 index 00000000000..137f8397b01 --- /dev/null +++ b/queue-5.4/xen-balloon-make-the-balloon-wait-interruptible.patch @@ -0,0 +1,44 @@ +From 88a479ff6ef8af7f07e11593d58befc644244ff7 Mon Sep 17 00:00:00 2001 +From: Roger Pau Monne +Date: Mon, 27 Jul 2020 11:13:40 +0200 +Subject: xen/balloon: make the balloon wait interruptible +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Roger Pau Monne + +commit 88a479ff6ef8af7f07e11593d58befc644244ff7 upstream. + +So it can be killed, or else processes can get hung indefinitely +waiting for balloon pages. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Juergen Gross +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200727091342.52325-3-roger.pau@citrix.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/xen/balloon.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/xen/balloon.c ++++ b/drivers/xen/balloon.c +@@ -570,11 +570,13 @@ static int add_ballooned_pages(int nr_pa + if (xen_hotplug_unpopulated) { + st = reserve_additional_memory(); + if (st != BP_ECANCELED) { ++ int rc; ++ + mutex_unlock(&balloon_mutex); +- wait_event(balloon_wq, ++ rc = wait_event_interruptible(balloon_wq, + !list_empty(&ballooned_pages)); + mutex_lock(&balloon_mutex); +- return 0; ++ return rc ? -ENOMEM : 0; + } + } + diff --git a/queue-5.4/xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch b/queue-5.4/xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch new file mode 100644 index 00000000000..6530aefa85a --- /dev/null +++ b/queue-5.4/xen-gntdev-fix-dmabuf-import-with-non-zero-sgt-offset.patch @@ -0,0 +1,43 @@ +From 5fa4e6f1c2d8c9a4e47e1931b42893172d388f2b Mon Sep 17 00:00:00 2001 +From: Oleksandr Andrushchenko +Date: Thu, 13 Aug 2020 09:21:09 +0300 +Subject: xen/gntdev: Fix dmabuf import with non-zero sgt offset + +From: Oleksandr Andrushchenko + +commit 5fa4e6f1c2d8c9a4e47e1931b42893172d388f2b upstream. + +It is possible that the scatter-gather table during dmabuf import has +non-zero offset of the data, but user-space doesn't expect that. +Fix this by failing the import, so user-space doesn't access wrong data. + +Fixes: bf8dc55b1358 ("xen/gntdev: Implement dma-buf import functionality") + +Signed-off-by: Oleksandr Andrushchenko +Acked-by: Juergen Gross +Cc: +Link: https://lore.kernel.org/r/20200813062113.11030-2-andr2000@gmail.com +Signed-off-by: Juergen Gross +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/xen/gntdev-dmabuf.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/xen/gntdev-dmabuf.c ++++ b/drivers/xen/gntdev-dmabuf.c +@@ -641,6 +641,14 @@ dmabuf_imp_to_refs(struct gntdev_dmabuf_ + goto fail_detach; + } + ++ /* Check that we have zero offset. */ ++ if (sgt->sgl->offset) { ++ ret = ERR_PTR(-EINVAL); ++ pr_debug("DMA buffer has %d bytes offset, user-space expects 0\n", ++ sgt->sgl->offset); ++ goto fail_unmap; ++ } ++ + /* Check number of pages that imported buffer has. */ + if (attach->dmabuf->size != gntdev_dmabuf->nr_pages << PAGE_SHIFT) { + ret = ERR_PTR(-EINVAL);