From: Greg Kroah-Hartman Date: Fri, 15 Dec 2017 08:01:48 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v3.18.88~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca5aa89b2949dd0c35788d3307470cd9755dad0e;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: audit-allow-auditd-to-set-pid-to-0-to-end-auditing.patch audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch blk-mq-avoid-that-request-queue-removal-can-trigger-list-corruption.patch dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch ide-ide-atapi-fix-compile-error-with-defining-macro-debug.patch ipvlan-fix-ipv6-outbound-device.patch kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch md-free-unused-memory-after-bitmap-resize.patch nvmet-rdma-update-queue-list-during-ib_device-removal.patch powerpc-powernv-idle-round-up-latency-and-residency-values.patch rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch --- diff --git a/queue-4.14/audit-allow-auditd-to-set-pid-to-0-to-end-auditing.patch b/queue-4.14/audit-allow-auditd-to-set-pid-to-0-to-end-auditing.patch new file mode 100644 index 00000000000..704fd262df4 --- /dev/null +++ b/queue-4.14/audit-allow-auditd-to-set-pid-to-0-to-end-auditing.patch @@ -0,0 +1,68 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Steve Grubb +Date: Tue, 17 Oct 2017 18:29:22 -0400 +Subject: audit: Allow auditd to set pid to 0 to end auditing + +From: Steve Grubb + + +[ Upstream commit 33e8a907804428109ce1d12301c3365d619cc4df ] + +The API to end auditing has historically been for auditd to set the +pid to 0. This patch restores that functionality. + +See: https://github.com/linux-audit/audit-kernel/issues/69 + +Reviewed-by: Richard Guy Briggs +Signed-off-by: Steve Grubb +Signed-off-by: Paul Moore +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit.c | 29 ++++++++++++++++------------- + 1 file changed, 16 insertions(+), 13 deletions(-) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -1197,25 +1197,28 @@ static int audit_receive_msg(struct sk_b + pid_t auditd_pid; + struct pid *req_pid = task_tgid(current); + +- /* sanity check - PID values must match */ +- if (new_pid != pid_vnr(req_pid)) ++ /* Sanity check - PID values must match. Setting ++ * pid to 0 is how auditd ends auditing. */ ++ if (new_pid && (new_pid != pid_vnr(req_pid))) + return -EINVAL; + + /* test the auditd connection */ + audit_replace(req_pid); + + auditd_pid = auditd_pid_vnr(); +- /* only the current auditd can unregister itself */ +- if ((!new_pid) && (new_pid != auditd_pid)) { +- audit_log_config_change("audit_pid", new_pid, +- auditd_pid, 0); +- return -EACCES; +- } +- /* replacing a healthy auditd is not allowed */ +- if (auditd_pid && new_pid) { +- audit_log_config_change("audit_pid", new_pid, +- auditd_pid, 0); +- return -EEXIST; ++ if (auditd_pid) { ++ /* replacing a healthy auditd is not allowed */ ++ if (new_pid) { ++ audit_log_config_change("audit_pid", ++ new_pid, auditd_pid, 0); ++ return -EEXIST; ++ } ++ /* only current auditd can unregister itself */ ++ if (pid_vnr(req_pid) != auditd_pid) { ++ audit_log_config_change("audit_pid", ++ new_pid, auditd_pid, 0); ++ return -EACCES; ++ } + } + + if (new_pid) { diff --git a/queue-4.14/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch b/queue-4.14/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch new file mode 100644 index 00000000000..4b651535faf --- /dev/null +++ b/queue-4.14/audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch @@ -0,0 +1,64 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Paul Moore +Date: Fri, 1 Sep 2017 09:44:34 -0400 +Subject: audit: ensure that 'audit=1' actually enables audit for PID 1 + +From: Paul Moore + + +[ Upstream commit 173743dd99a49c956b124a74c8aacb0384739a4c ] + +Prior to this patch we enabled audit in audit_init(), which is too +late for PID 1 as the standard initcalls are run after the PID 1 task +is forked. This means that we never allocate an audit_context (see +audit_alloc()) for PID 1 and therefore miss a lot of audit events +generated by PID 1. + +This patch enables audit as early as possible to help ensure that when +PID 1 is forked it can allocate an audit_context if required. + +Reviewed-by: Richard Guy Briggs +Signed-off-by: Paul Moore +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + kernel/audit.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -85,13 +85,13 @@ static int audit_initialized; + #define AUDIT_OFF 0 + #define AUDIT_ON 1 + #define AUDIT_LOCKED 2 +-u32 audit_enabled; +-u32 audit_ever_enabled; ++u32 audit_enabled = AUDIT_OFF; ++u32 audit_ever_enabled = !!AUDIT_OFF; + + EXPORT_SYMBOL_GPL(audit_enabled); + + /* Default state when kernel boots without any parameters. */ +-static u32 audit_default; ++static u32 audit_default = AUDIT_OFF; + + /* If auditing cannot proceed, audit_failure selects what happens. */ + static u32 audit_failure = AUDIT_FAIL_PRINTK; +@@ -1552,8 +1552,6 @@ static int __init audit_init(void) + register_pernet_subsys(&audit_net_ops); + + audit_initialized = AUDIT_INITIALIZED; +- audit_enabled = audit_default; +- audit_ever_enabled |= !!audit_default; + + kauditd_task = kthread_run(kauditd_thread, NULL, "kauditd"); + if (IS_ERR(kauditd_task)) { +@@ -1575,6 +1573,8 @@ static int __init audit_enable(char *str + audit_default = !!simple_strtol(str, NULL, 0); + if (!audit_default) + audit_initialized = AUDIT_DISABLED; ++ audit_enabled = audit_default; ++ audit_ever_enabled = !!audit_enabled; + + pr_info("%s\n", audit_default ? + "enabled (after initialization)" : "disabled (until reboot)"); diff --git a/queue-4.14/blk-mq-avoid-that-request-queue-removal-can-trigger-list-corruption.patch b/queue-4.14/blk-mq-avoid-that-request-queue-removal-can-trigger-list-corruption.patch new file mode 100644 index 00000000000..a44b2f49b21 --- /dev/null +++ b/queue-4.14/blk-mq-avoid-that-request-queue-removal-can-trigger-list-corruption.patch @@ -0,0 +1,42 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Bart Van Assche +Date: Wed, 8 Nov 2017 10:23:45 -0800 +Subject: blk-mq: Avoid that request queue removal can trigger list corruption + +From: Bart Van Assche + + +[ Upstream commit aba7afc5671c23beade64d10caf86e24a9105dab ] + +Avoid that removal of a request queue sporadically triggers the +following warning: + +list_del corruption. next->prev should be ffff8807d649b970, but was 6b6b6b6b6b6b6b6b +WARNING: CPU: 3 PID: 342 at lib/list_debug.c:56 __list_del_entry_valid+0x92/0xa0 +Call Trace: + process_one_work+0x11b/0x660 + worker_thread+0x3d/0x3b0 + kthread+0x129/0x140 + ret_from_fork+0x27/0x40 + +Signed-off-by: Bart Van Assche +Cc: Christoph Hellwig +Cc: Hannes Reinecke +Cc: Johannes Thumshirn +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/block/blk-core.c ++++ b/block/blk-core.c +@@ -339,6 +339,7 @@ void blk_sync_queue(struct request_queue + struct blk_mq_hw_ctx *hctx; + int i; + ++ cancel_delayed_work_sync(&q->requeue_work); + queue_for_each_hw_ctx(q, hctx, i) + cancel_delayed_work_sync(&hctx->run_work); + } else { diff --git a/queue-4.14/dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch b/queue-4.14/dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch new file mode 100644 index 00000000000..0cd821a157a --- /dev/null +++ b/queue-4.14/dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch @@ -0,0 +1,71 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Heinz Mauelshagen +Date: Thu, 2 Nov 2017 19:58:28 +0100 +Subject: dm raid: fix panic when attempting to force a raid to sync + +From: Heinz Mauelshagen + + +[ Upstream commit 233978449074ca7e45d9c959f9ec612d1b852893 ] + +Requesting a sync on an active raid device via a table reload +(see 'sync' parameter in Documentation/device-mapper/dm-raid.txt) +skips the super_load() call that defines the superblock size +(rdev->sb_size) -- resulting in an oops if/when super_sync()->memset() +is called. + +Fix by moving the initialization of the superblock start and size +out of super_load() to the caller (analyse_superblocks). + +Signed-off-by: Heinz Mauelshagen +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-raid.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -2143,13 +2143,6 @@ static int super_load(struct md_rdev *rd + struct dm_raid_superblock *refsb; + uint64_t events_sb, events_refsb; + +- rdev->sb_start = 0; +- rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); +- if (rdev->sb_size < sizeof(*sb) || rdev->sb_size > PAGE_SIZE) { +- DMERR("superblock size of a logical block is no longer valid"); +- return -EINVAL; +- } +- + r = read_disk_sb(rdev, rdev->sb_size, false); + if (r) + return r; +@@ -2494,6 +2487,17 @@ static int analyse_superblocks(struct dm + if (test_bit(Journal, &rdev->flags)) + continue; + ++ if (!rdev->meta_bdev) ++ continue; ++ ++ /* Set superblock offset/size for metadata device. */ ++ rdev->sb_start = 0; ++ rdev->sb_size = bdev_logical_block_size(rdev->meta_bdev); ++ if (rdev->sb_size < sizeof(struct dm_raid_superblock) || rdev->sb_size > PAGE_SIZE) { ++ DMERR("superblock size of a logical block is no longer valid"); ++ return -EINVAL; ++ } ++ + /* + * Skipping super_load due to CTR_FLAG_SYNC will cause + * the array to undergo initialization again as +@@ -2506,9 +2510,6 @@ static int analyse_superblocks(struct dm + if (test_bit(__CTR_FLAG_SYNC, &rs->ctr_flags)) + continue; + +- if (!rdev->meta_bdev) +- continue; +- + r = super_load(rdev, freshest); + + switch (r) { diff --git a/queue-4.14/ide-ide-atapi-fix-compile-error-with-defining-macro-debug.patch b/queue-4.14/ide-ide-atapi-fix-compile-error-with-defining-macro-debug.patch new file mode 100644 index 00000000000..3b02726fdfe --- /dev/null +++ b/queue-4.14/ide-ide-atapi-fix-compile-error-with-defining-macro-debug.patch @@ -0,0 +1,59 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Hongxu Jia +Date: Fri, 10 Nov 2017 15:59:17 +0800 +Subject: ide: ide-atapi: fix compile error with defining macro DEBUG + +From: Hongxu Jia + + +[ Upstream commit 8dc7a31fbce5e2dbbacd83d910da37105181b054 ] + +Compile ide-atapi failed with defining macro "DEBUG" +... +|drivers/ide/ide-atapi.c:285:52: error: 'struct request' has +no member named 'cmd'; did you mean 'csd'? +| debug_log("%s: rq->cmd[0]: 0x%x\n", __func__, rq->cmd[0]); +... + +Since we split the scsi_request out of struct request, it missed +do the same thing on debug_log + +Fixes: 82ed4db499b8 ("block: split scsi_request out of struct request") + +Signed-off-by: Hongxu Jia +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ide/ide-atapi.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/ide/ide-atapi.c ++++ b/drivers/ide/ide-atapi.c +@@ -282,7 +282,7 @@ int ide_cd_expiry(ide_drive_t *drive) + struct request *rq = drive->hwif->rq; + unsigned long wait = 0; + +- debug_log("%s: rq->cmd[0]: 0x%x\n", __func__, rq->cmd[0]); ++ debug_log("%s: scsi_req(rq)->cmd[0]: 0x%x\n", __func__, scsi_req(rq)->cmd[0]); + + /* + * Some commands are *slow* and normally take a long time to complete. +@@ -463,7 +463,7 @@ static ide_startstop_t ide_pc_intr(ide_d + return ide_do_reset(drive); + } + +- debug_log("[cmd %x]: check condition\n", rq->cmd[0]); ++ debug_log("[cmd %x]: check condition\n", scsi_req(rq)->cmd[0]); + + /* Retry operation */ + ide_retry_pc(drive); +@@ -531,7 +531,7 @@ static ide_startstop_t ide_pc_intr(ide_d + ide_pad_transfer(drive, write, bcount); + + debug_log("[cmd %x] transferred %d bytes, padded %d bytes, resid: %u\n", +- rq->cmd[0], done, bcount, scsi_req(rq)->resid_len); ++ scsi_req(rq)->cmd[0], done, bcount, scsi_req(rq)->resid_len); + + /* And set the interrupt handler again */ + ide_set_handler(drive, ide_pc_intr, timeout); diff --git a/queue-4.14/ipvlan-fix-ipv6-outbound-device.patch b/queue-4.14/ipvlan-fix-ipv6-outbound-device.patch new file mode 100644 index 00000000000..5ee85a043a2 --- /dev/null +++ b/queue-4.14/ipvlan-fix-ipv6-outbound-device.patch @@ -0,0 +1,33 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Keefe Liu +Date: Thu, 9 Nov 2017 20:09:31 +0800 +Subject: ipvlan: fix ipv6 outbound device + +From: Keefe Liu + + +[ Upstream commit ca29fd7cce5a6444d57fb86517589a1a31c759e1 ] + +When process the outbound packet of ipv6, we should assign the master +device to output device other than input device. + +Signed-off-by: Keefe Liu +Acked-by: Mahesh Bandewar +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ipvlan/ipvlan_core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ipvlan/ipvlan_core.c ++++ b/drivers/net/ipvlan/ipvlan_core.c +@@ -409,7 +409,7 @@ static int ipvlan_process_v6_outbound(st + struct dst_entry *dst; + int err, ret = NET_XMIT_DROP; + struct flowi6 fl6 = { +- .flowi6_iif = dev->ifindex, ++ .flowi6_oif = dev->ifindex, + .daddr = ip6h->daddr, + .saddr = ip6h->saddr, + .flowi6_flags = FLOWI_FLAG_ANYSRC, diff --git a/queue-4.14/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch b/queue-4.14/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch new file mode 100644 index 00000000000..83ac746f101 --- /dev/null +++ b/queue-4.14/kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch @@ -0,0 +1,101 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Masahiro Yamada +Date: Thu, 12 Oct 2017 18:22:25 +0900 +Subject: kbuild: do not call cc-option before KBUILD_CFLAGS initialization + +From: Masahiro Yamada + + +[ Upstream commit 433dc2ebe7d17dd21cba7ad5c362d37323592236 ] + +Some $(call cc-option,...) are invoked very early, even before +KBUILD_CFLAGS, etc. are initialized. + +The returned string from $(call cc-option,...) depends on +KBUILD_CPPFLAGS, KBUILD_CFLAGS, and GCC_PLUGINS_CFLAGS. + +Since they are exported, they are not empty when the top Makefile +is recursively invoked. + +The recursion occurs in several places. For example, the top +Makefile invokes itself for silentoldconfig. "make tinyconfig", +"make rpm-pkg" are the cases, too. + +In those cases, the second call of cc-option from the same line +runs a different shell command due to non-pristine KBUILD_CFLAGS. + +To get the same result all the time, KBUILD_* and GCC_PLUGINS_CFLAGS +must be initialized before any call of cc-option. This avoids +garbage data in the .cache.mk file. + +Move all calls of cc-option below the config targets because target +compiler flags are unnecessary for Kconfig. + +Signed-off-by: Masahiro Yamada +Reviewed-by: Douglas Anderson +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + Makefile | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -373,9 +373,6 @@ LDFLAGS_MODULE = + CFLAGS_KERNEL = + AFLAGS_KERNEL = + LDFLAGS_vmlinux = +-CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) +-CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) +- + + # Use USERINCLUDE when you must reference the UAPI directories only. + USERINCLUDE := \ +@@ -394,21 +391,19 @@ LINUXINCLUDE := \ + -I$(objtree)/include \ + $(USERINCLUDE) + +-KBUILD_CPPFLAGS := -D__KERNEL__ +- ++KBUILD_AFLAGS := -D__ASSEMBLY__ + KBUILD_CFLAGS := -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs \ + -fno-strict-aliasing -fno-common -fshort-wchar \ + -Werror-implicit-function-declaration \ + -Wno-format-security \ +- -std=gnu89 $(call cc-option,-fno-PIE) +- +- ++ -std=gnu89 ++KBUILD_CPPFLAGS := -D__KERNEL__ + KBUILD_AFLAGS_KERNEL := + KBUILD_CFLAGS_KERNEL := +-KBUILD_AFLAGS := -D__ASSEMBLY__ $(call cc-option,-fno-PIE) + KBUILD_AFLAGS_MODULE := -DMODULE + KBUILD_CFLAGS_MODULE := -DMODULE + KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds ++GCC_PLUGINS_CFLAGS := + + # Read KERNELRELEASE from include/config/kernel.release (if it exists) + KERNELRELEASE = $(shell cat include/config/kernel.release 2> /dev/null) +@@ -421,7 +416,7 @@ export MAKE AWK GENKSYMS INSTALLKERNEL P + export HOSTCXX HOSTCXXFLAGS LDFLAGS_MODULE CHECK CHECKFLAGS + + export KBUILD_CPPFLAGS NOSTDINC_FLAGS LINUXINCLUDE OBJCOPYFLAGS LDFLAGS +-export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_GCOV CFLAGS_KCOV CFLAGS_KASAN CFLAGS_UBSAN ++export KBUILD_CFLAGS CFLAGS_KERNEL CFLAGS_MODULE CFLAGS_KASAN CFLAGS_UBSAN + export KBUILD_AFLAGS AFLAGS_KERNEL AFLAGS_MODULE + export KBUILD_AFLAGS_MODULE KBUILD_CFLAGS_MODULE KBUILD_LDFLAGS_MODULE + export KBUILD_AFLAGS_KERNEL KBUILD_CFLAGS_KERNEL +@@ -622,6 +617,12 @@ endif + # Defaults to vmlinux, but the arch makefile usually adds further targets + all: vmlinux + ++KBUILD_CFLAGS += $(call cc-option,-fno-PIE) ++KBUILD_AFLAGS += $(call cc-option,-fno-PIE) ++CFLAGS_GCOV := -fprofile-arcs -ftest-coverage -fno-tree-loop-im $(call cc-disable-warning,maybe-uninitialized,) ++CFLAGS_KCOV := $(call cc-option,-fsanitize-coverage=trace-pc,) ++export CFLAGS_GCOV CFLAGS_KCOV ++ + # The arch Makefile can set ARCH_{CPP,A,C}FLAGS to override the default + # values of the respective KBUILD_* variables + ARCH_CPPFLAGS := diff --git a/queue-4.14/md-free-unused-memory-after-bitmap-resize.patch b/queue-4.14/md-free-unused-memory-after-bitmap-resize.patch new file mode 100644 index 00000000000..3ffa3a3238b --- /dev/null +++ b/queue-4.14/md-free-unused-memory-after-bitmap-resize.patch @@ -0,0 +1,71 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Zdenek Kabelac +Date: Wed, 8 Nov 2017 13:44:56 +0100 +Subject: md: free unused memory after bitmap resize + +From: Zdenek Kabelac + + +[ Upstream commit 0868b99c214a3d55486c700de7c3f770b7243e7c ] + +When bitmap is resized, the old kalloced chunks just are not released +once the resized bitmap starts to use new space. + +This fixes in particular kmemleak reports like this one: + +unreferenced object 0xffff8f4311e9c000 (size 4096): + comm "lvm", pid 19333, jiffies 4295263268 (age 528.265s) + hex dump (first 32 bytes): + 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ + 02 80 02 80 02 80 02 80 02 80 02 80 02 80 02 80 ................ + backtrace: + [] kmemleak_alloc+0x4a/0xa0 + [] kmem_cache_alloc_trace+0x14e/0x2e0 + [] bitmap_checkpage+0x7c/0x110 + [] bitmap_get_counter+0x45/0xd0 + [] bitmap_set_memory_bits+0x43/0xe0 + [] bitmap_init_from_disk+0x23c/0x530 + [] bitmap_load+0xbe/0x160 + [] raid_preresume+0x203/0x2f0 [dm_raid] + [] dm_table_resume_targets+0x4f/0xe0 + [] dm_resume+0x122/0x140 + [] dev_suspend+0x18f/0x290 + [] ctl_ioctl+0x287/0x560 + [] dm_ctl_ioctl+0x13/0x20 + [] do_vfs_ioctl+0xa6/0x750 + [] SyS_ioctl+0x79/0x90 + [] entry_SYSCALL_64_fastpath+0x1f/0xc2 + +Signed-off-by: Zdenek Kabelac +Signed-off-by: Shaohua Li +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/bitmap.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/md/bitmap.c ++++ b/drivers/md/bitmap.c +@@ -2158,6 +2158,7 @@ int bitmap_resize(struct bitmap *bitmap, + for (k = 0; k < page; k++) { + kfree(new_bp[k].map); + } ++ kfree(new_bp); + + /* restore some fields from old_counts */ + bitmap->counts.bp = old_counts.bp; +@@ -2208,6 +2209,14 @@ int bitmap_resize(struct bitmap *bitmap, + block += old_blocks; + } + ++ if (bitmap->counts.bp != old_counts.bp) { ++ unsigned long k; ++ for (k = 0; k < old_counts.pages; k++) ++ if (!old_counts.bp[k].hijacked) ++ kfree(old_counts.bp[k].map); ++ kfree(old_counts.bp); ++ } ++ + if (!init) { + int i; + while (block < (chunks << chunkshift)) { diff --git a/queue-4.14/nvmet-rdma-update-queue-list-during-ib_device-removal.patch b/queue-4.14/nvmet-rdma-update-queue-list-during-ib_device-removal.patch new file mode 100644 index 00000000000..4826217c72a --- /dev/null +++ b/queue-4.14/nvmet-rdma-update-queue-list-during-ib_device-removal.patch @@ -0,0 +1,51 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Israel Rukshin +Date: Sun, 5 Nov 2017 08:43:01 +0000 +Subject: nvmet-rdma: update queue list during ib_device removal + +From: Israel Rukshin + + +[ Upstream commit 43b92fd27aaef0f529c9321cfebbaec1d7b8f503 ] + +A NULL deref happens when nvmet_rdma_remove_one() is called more than once +(e.g. while connected via 2 ports). +The first call frees the queues related to the first ib_device but +doesn't remove them from the queue list. +While calling nvmet_rdma_remove_one() for the second ib_device it goes over +the full queue list again and we get the NULL deref. + +Fixes: f1d4ef7d ("nvmet-rdma: register ib_client to not deadlock in device removal") +Signed-off-by: Israel Rukshin +Reviewed-by: Max Gurtovoy +Reviewed-by: Sagi Grimberg +Signed-off-by: Christoph Hellwig +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/nvme/target/rdma.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/nvme/target/rdma.c ++++ b/drivers/nvme/target/rdma.c +@@ -1512,15 +1512,17 @@ static struct nvmet_fabrics_ops nvmet_rd + + static void nvmet_rdma_remove_one(struct ib_device *ib_device, void *client_data) + { +- struct nvmet_rdma_queue *queue; ++ struct nvmet_rdma_queue *queue, *tmp; + + /* Device is being removed, delete all queues using this device */ + mutex_lock(&nvmet_rdma_queue_mutex); +- list_for_each_entry(queue, &nvmet_rdma_queue_list, queue_list) { ++ list_for_each_entry_safe(queue, tmp, &nvmet_rdma_queue_list, ++ queue_list) { + if (queue->dev->device != ib_device) + continue; + + pr_info("Removing queue %d\n", queue->idx); ++ list_del_init(&queue->queue_list); + __nvmet_rdma_queue_disconnect(queue); + } + mutex_unlock(&nvmet_rdma_queue_mutex); diff --git a/queue-4.14/powerpc-powernv-idle-round-up-latency-and-residency-values.patch b/queue-4.14/powerpc-powernv-idle-round-up-latency-and-residency-values.patch new file mode 100644 index 00000000000..e47f1e92fb6 --- /dev/null +++ b/queue-4.14/powerpc-powernv-idle-round-up-latency-and-residency-values.patch @@ -0,0 +1,47 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Vaidyanathan Srinivasan +Date: Thu, 24 Aug 2017 00:28:41 +0530 +Subject: powerpc/powernv/idle: Round up latency and residency values + +From: Vaidyanathan Srinivasan + + +[ Upstream commit 8d4e10e9ed9450e18fbbf6a8872be0eac9fd4999 ] + +On PowerNV platforms, firmware provides exit latency and +target residency for each of the idle states in nano +seconds. Cpuidle framework expects the values in micro +seconds. Round up to nearest micro seconds to avoid errors +in cases where the values are defined as fractional micro +seconds. + +Default idle state of 'snooze' has exit latency of zero. If +other states have fractional micro second exit latency, they +would get rounded down to zero micro second and make cpuidle +framework choose deeper idle state when snooze loop is the +right choice. + +Reported-by: Anton Blanchard +Signed-off-by: Vaidyanathan Srinivasan +Reviewed-by: Gautham R. Shenoy +Signed-off-by: Michael Ellerman +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cpuidle/cpuidle-powernv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/cpuidle/cpuidle-powernv.c ++++ b/drivers/cpuidle/cpuidle-powernv.c +@@ -384,9 +384,9 @@ static int powernv_add_idle_states(void) + * Firmware passes residency and latency values in ns. + * cpuidle expects it in us. + */ +- exit_latency = latency_ns[i] / 1000; ++ exit_latency = DIV_ROUND_UP(latency_ns[i], 1000); + if (!rc) +- target_residency = residency_ns[i] / 1000; ++ target_residency = DIV_ROUND_UP(residency_ns[i], 1000); + else + target_residency = 0; + diff --git a/queue-4.14/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch b/queue-4.14/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch new file mode 100644 index 00000000000..e95440cbfd1 --- /dev/null +++ b/queue-4.14/rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch @@ -0,0 +1,46 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Leon Romanovsky +Date: Wed, 25 Oct 2017 23:10:19 +0300 +Subject: RDMA/cxgb4: Annotate r2 and stag as __be32 + +From: Leon Romanovsky + + +[ Upstream commit 7d7d065a5eec7e218174d5c64a9f53f99ffdb119 ] + +Chelsio cxgb4 HW is big-endian, hence there is need to properly +annotate r2 and stag fields as __be32 and not __u32 to fix the +following sparse warnings. + + drivers/infiniband/hw/cxgb4/qp.c:614:16: + warning: incorrect type in assignment (different base types) + expected unsigned int [unsigned] [usertype] r2 + got restricted __be32 [usertype] + drivers/infiniband/hw/cxgb4/qp.c:615:18: + warning: incorrect type in assignment (different base types) + expected unsigned int [unsigned] [usertype] stag + got restricted __be32 [usertype] + +Cc: Steve Wise +Signed-off-by: Leon Romanovsky +Reviewed-by: Steve Wise +Signed-off-by: Doug Ledford +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/cxgb4/t4fw_ri_api.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h ++++ b/drivers/infiniband/hw/cxgb4/t4fw_ri_api.h +@@ -675,8 +675,8 @@ struct fw_ri_fr_nsmr_tpte_wr { + __u16 wrid; + __u8 r1[3]; + __u8 len16; +- __u32 r2; +- __u32 stag; ++ __be32 r2; ++ __be32 stag; + struct fw_ri_tpte tpte; + __u64 pbl[2]; + }; diff --git a/queue-4.14/series b/queue-4.14/series index 0ddf436b89e..f64b1038167 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -36,3 +36,15 @@ usb-gadget-ffs-forbid-usb_ep_alloc_request-from-sleeping.patch fcntl-don-t-cap-l_start-and-l_end-values-for-f_getlk64-in-compat-syscall.patch fix-kcm_clone.patch kvm-arm-arm64-vgic-its-preserve-the-revious-read-from-the-pending-table.patch +kbuild-do-not-call-cc-option-before-kbuild_cflags-initialization.patch +powerpc-powernv-idle-round-up-latency-and-residency-values.patch +ipvlan-fix-ipv6-outbound-device.patch +ide-ide-atapi-fix-compile-error-with-defining-macro-debug.patch +blk-mq-avoid-that-request-queue-removal-can-trigger-list-corruption.patch +nvmet-rdma-update-queue-list-during-ib_device-removal.patch +audit-allow-auditd-to-set-pid-to-0-to-end-auditing.patch +audit-ensure-that-audit-1-actually-enables-audit-for-pid-1.patch +dm-raid-fix-panic-when-attempting-to-force-a-raid-to-sync.patch +md-free-unused-memory-after-bitmap-resize.patch +rdma-cxgb4-annotate-r2-and-stag-as-__be32.patch +x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch diff --git a/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch b/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch new file mode 100644 index 00000000000..bbd93943b8e --- /dev/null +++ b/queue-4.14/x86-intel_rdt-fix-potential-deadlock-during-resctrl-unmount.patch @@ -0,0 +1,159 @@ +From foo@baz Tue Dec 12 10:32:42 CET 2017 +From: Reinette Chatre +Date: Fri, 20 Oct 2017 02:16:58 -0700 +Subject: x86/intel_rdt: Fix potential deadlock during resctrl unmount + +From: Reinette Chatre + + +[ Upstream commit 36b6f9fcb8928c06b6638a4cf91bc9d69bb49aa2 ] + +Lockdep warns about a potential deadlock: + +[ 66.782842] ====================================================== +[ 66.782888] WARNING: possible circular locking dependency detected +[ 66.782937] 4.14.0-rc2-test-test+ #48 Not tainted +[ 66.782983] ------------------------------------------------------ +[ 66.783052] umount/336 is trying to acquire lock: +[ 66.783117] (cpu_hotplug_lock.rw_sem){++++}, at: [] rdt_kill_sb+0x215/0x390 +[ 66.783193] + but task is already holding lock: +[ 66.783244] (rdtgroup_mutex){+.+.}, at: [] rdt_kill_sb+0x36/0x390 +[ 66.783305] + which lock already depends on the new lock. + +[ 66.783364] + the existing dependency chain (in reverse order) is: +[ 66.783419] + -> #3 (rdtgroup_mutex){+.+.}: +[ 66.783467] __lock_acquire+0x1293/0x13f0 +[ 66.783509] lock_acquire+0xaf/0x220 +[ 66.783543] __mutex_lock+0x71/0x9b0 +[ 66.783575] mutex_lock_nested+0x1b/0x20 +[ 66.783610] intel_rdt_online_cpu+0x3b/0x430 +[ 66.783649] cpuhp_invoke_callback+0xab/0x8e0 +[ 66.783687] cpuhp_thread_fun+0x7a/0x150 +[ 66.783722] smpboot_thread_fn+0x1cc/0x270 +[ 66.783764] kthread+0x16e/0x190 +[ 66.783794] ret_from_fork+0x27/0x40 +[ 66.783825] + -> #2 (cpuhp_state){+.+.}: +[ 66.783870] __lock_acquire+0x1293/0x13f0 +[ 66.783906] lock_acquire+0xaf/0x220 +[ 66.783938] cpuhp_issue_call+0x102/0x170 +[ 66.783974] __cpuhp_setup_state_cpuslocked+0x154/0x2a0 +[ 66.784023] __cpuhp_setup_state+0xc7/0x170 +[ 66.784061] page_writeback_init+0x43/0x67 +[ 66.784097] pagecache_init+0x43/0x4a +[ 66.784131] start_kernel+0x3ad/0x3f7 +[ 66.784165] x86_64_start_reservations+0x2a/0x2c +[ 66.784204] x86_64_start_kernel+0x72/0x75 +[ 66.784241] verify_cpu+0x0/0xfb +[ 66.784270] + -> #1 (cpuhp_state_mutex){+.+.}: +[ 66.784319] __lock_acquire+0x1293/0x13f0 +[ 66.784355] lock_acquire+0xaf/0x220 +[ 66.784387] __mutex_lock+0x71/0x9b0 +[ 66.784419] mutex_lock_nested+0x1b/0x20 +[ 66.784454] __cpuhp_setup_state_cpuslocked+0x52/0x2a0 +[ 66.784497] __cpuhp_setup_state+0xc7/0x170 +[ 66.784535] page_alloc_init+0x28/0x30 +[ 66.784569] start_kernel+0x148/0x3f7 +[ 66.784602] x86_64_start_reservations+0x2a/0x2c +[ 66.784642] x86_64_start_kernel+0x72/0x75 +[ 66.784678] verify_cpu+0x0/0xfb +[ 66.784707] + -> #0 (cpu_hotplug_lock.rw_sem){++++}: +[ 66.784759] check_prev_add+0x32f/0x6e0 +[ 66.784794] __lock_acquire+0x1293/0x13f0 +[ 66.784830] lock_acquire+0xaf/0x220 +[ 66.784863] cpus_read_lock+0x3d/0xb0 +[ 66.784896] rdt_kill_sb+0x215/0x390 +[ 66.784930] deactivate_locked_super+0x3e/0x70 +[ 66.784968] deactivate_super+0x40/0x60 +[ 66.785003] cleanup_mnt+0x3f/0x80 +[ 66.785034] __cleanup_mnt+0x12/0x20 +[ 66.785070] task_work_run+0x8b/0xc0 +[ 66.785103] exit_to_usermode_loop+0x94/0xa0 +[ 66.786804] syscall_return_slowpath+0xe8/0x150 +[ 66.788502] entry_SYSCALL_64_fastpath+0xab/0xad +[ 66.790194] + other info that might help us debug this: + +[ 66.795139] Chain exists of: + cpu_hotplug_lock.rw_sem --> cpuhp_state --> rdtgroup_mutex + +[ 66.800035] Possible unsafe locking scenario: + +[ 66.803267] CPU0 CPU1 +[ 66.804867] ---- ---- +[ 66.806443] lock(rdtgroup_mutex); +[ 66.808002] lock(cpuhp_state); +[ 66.809565] lock(rdtgroup_mutex); +[ 66.811110] lock(cpu_hotplug_lock.rw_sem); +[ 66.812608] + *** DEADLOCK *** + +[ 66.816983] 2 locks held by umount/336: +[ 66.818418] #0: (&type->s_umount_key#35){+.+.}, at: [] deactivate_super+0x38/0x60 +[ 66.819922] #1: (rdtgroup_mutex){+.+.}, at: [] rdt_kill_sb+0x36/0x390 + +When the resctrl filesystem is unmounted the locks should be obtain in the +locks in the same order as was done when the cpus came online: + + cpu_hotplug_lock before rdtgroup_mutex. + +This also requires to switch the static_branch_disable() calls to the +_cpulocked variant because now cpu hotplug lock is held already. + +[ tglx: Switched to cpus_read_[un]lock ] + +Signed-off-by: Reinette Chatre +Signed-off-by: Thomas Gleixner +Tested-by: Sai Praneeth Prakhya +Acked-by: Vikas Shivappa +Acked-by: Fenghua Yu +Acked-by: Tony Luck +Link: https://lkml.kernel.org/r/cc292e76be073f7260604651711c47b09fd0dc81.1508490116.git.reinette.chatre@intel.com +Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c ++++ b/arch/x86/kernel/cpu/intel_rdt_rdtgroup.c +@@ -1297,9 +1297,7 @@ static void rmdir_all_sub(void) + kfree(rdtgrp); + } + /* Notify online CPUs to update per cpu storage and PQR_ASSOC MSR */ +- get_online_cpus(); + update_closid_rmid(cpu_online_mask, &rdtgroup_default); +- put_online_cpus(); + + kernfs_remove(kn_info); + kernfs_remove(kn_mongrp); +@@ -1310,6 +1308,7 @@ static void rdt_kill_sb(struct super_blo + { + struct rdt_resource *r; + ++ cpus_read_lock(); + mutex_lock(&rdtgroup_mutex); + + /*Put everything back to default values. */ +@@ -1317,11 +1316,12 @@ static void rdt_kill_sb(struct super_blo + reset_all_ctrls(r); + cdp_disable(); + rmdir_all_sub(); +- static_branch_disable(&rdt_alloc_enable_key); +- static_branch_disable(&rdt_mon_enable_key); +- static_branch_disable(&rdt_enable_key); ++ static_branch_disable_cpuslocked(&rdt_alloc_enable_key); ++ static_branch_disable_cpuslocked(&rdt_mon_enable_key); ++ static_branch_disable_cpuslocked(&rdt_enable_key); + kernfs_kill_sb(sb); + mutex_unlock(&rdtgroup_mutex); ++ cpus_read_unlock(); + } + + static struct file_system_type rdt_fs_type = {