From: Greg Kroah-Hartman Date: Fri, 2 Dec 2016 17:11:09 +0000 (+0100) Subject: 4.8-stable patches X-Git-Tag: v4.8.13~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ca71d4616f75cd127b2fa2d77d02bed60af6e708;p=thirdparty%2Fkernel%2Fstable-queue.git 4.8-stable patches added patches: arc-don-t-use-l-inline-asm-constraint.patch arc-mm-pae40-fix-crash-at-munmap.patch input-change-key_data-from-0x275-to-0x277.patch input-psmouse-disable-automatic-probing-of-byd-touchpads.patch kasan-update-kasan_global-for-gcc-7.patch libata-scsi-fixup-ata_gen_passthru_sense.patch mm-fix-false-positive-warn_on-in-truncate-invalidate-for-hugetlb.patch mm-thp-propagation-of-conditional-compilation-in-khugepaged.c.patch ovl-fix-d_real-for-stacked-fs.patch scsi-hpsa-use-bus-3-for-legacy-hba-devices.patch scsi-libfc-fix-seconds_since_last_reset-miscalculation.patch thp-fix-corner-case-of-munlock-of-pte-mapped-thps.patch zram-fix-unbalanced-idr-management-at-hot-removal.patch --- diff --git a/queue-4.8/arc-don-t-use-l-inline-asm-constraint.patch b/queue-4.8/arc-don-t-use-l-inline-asm-constraint.patch new file mode 100644 index 00000000000..e9dc382d96d --- /dev/null +++ b/queue-4.8/arc-don-t-use-l-inline-asm-constraint.patch @@ -0,0 +1,37 @@ +From 3c7c7a2fc8811bc7097479f69acf2527693d7562 Mon Sep 17 00:00:00 2001 +From: Vineet Gupta +Date: Wed, 23 Nov 2016 17:43:17 -0800 +Subject: ARC: Don't use "+l" inline asm constraint + +From: Vineet Gupta + +commit 3c7c7a2fc8811bc7097479f69acf2527693d7562 upstream. + +Apparenty this is coming in the way of gcc fix which inhibits the usage +of LP_COUNT as a gpr. + +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/include/asm/delay.h | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/arch/arc/include/asm/delay.h ++++ b/arch/arc/include/asm/delay.h +@@ -22,10 +22,11 @@ + static inline void __delay(unsigned long loops) + { + __asm__ __volatile__( +- " lp 1f \n" +- " nop \n" +- "1: \n" +- : "+l"(loops)); ++ " mov lp_count, %0 \n" ++ " lp 1f \n" ++ " nop \n" ++ "1: \n" ++ : : "r"(loops)); + } + + extern void __bad_udelay(void); diff --git a/queue-4.8/arc-mm-pae40-fix-crash-at-munmap.patch b/queue-4.8/arc-mm-pae40-fix-crash-at-munmap.patch new file mode 100644 index 00000000000..8649fa1c41b --- /dev/null +++ b/queue-4.8/arc-mm-pae40-fix-crash-at-munmap.patch @@ -0,0 +1,37 @@ +From 6a8b2ca702b279bea0e8f0363056439352e2081c Mon Sep 17 00:00:00 2001 +From: Yuriy Kolerov +Date: Mon, 28 Nov 2016 07:07:17 +0300 +Subject: ARC: mm: PAE40: Fix crash at munmap + +From: Yuriy Kolerov + +commit 6a8b2ca702b279bea0e8f0363056439352e2081c upstream. + +commit 1c3c90930392 broke PAE40. Macro pfn_pte(pfn, prot) creates paddr +from pfn, but the page shift was getting truncated to 32 bits since we lost +the proper cast to 64 bits (for PAE400 + +Instead of reverting that commit, use a better helper which is 32/64 bits +safe just like ARM implementation. + +Fixes: 1c3c90930392 ("ARC: mm: fix build breakage with STRICT_MM_TYPECHECKS") +Signed-off-by: Yuriy Kolerov +[vgupta: massaged changelog] +Signed-off-by: Vineet Gupta +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arc/include/asm/pgtable.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arc/include/asm/pgtable.h ++++ b/arch/arc/include/asm/pgtable.h +@@ -280,7 +280,7 @@ static inline void pmd_set(pmd_t *pmdp, + + #define pte_page(pte) pfn_to_page(pte_pfn(pte)) + #define mk_pte(page, prot) pfn_pte(page_to_pfn(page), prot) +-#define pfn_pte(pfn, prot) __pte(((pfn) << PAGE_SHIFT) | pgprot_val(prot)) ++#define pfn_pte(pfn, prot) __pte(__pfn_to_phys(pfn) | pgprot_val(prot)) + + /* Don't use virt_to_pfn for macros below: could cause truncations for PAE40*/ + #define pte_pfn(pte) (pte_val(pte) >> PAGE_SHIFT) diff --git a/queue-4.8/input-change-key_data-from-0x275-to-0x277.patch b/queue-4.8/input-change-key_data-from-0x275-to-0x277.patch new file mode 100644 index 00000000000..63290d76334 --- /dev/null +++ b/queue-4.8/input-change-key_data-from-0x275-to-0x277.patch @@ -0,0 +1,32 @@ +From 2425f1808123bf69a8f66d4ec90e0d0e302c2613 Mon Sep 17 00:00:00 2001 +From: Ping Cheng +Date: Mon, 28 Nov 2016 13:20:51 -0800 +Subject: Input: change KEY_DATA from 0x275 to 0x277 + +From: Ping Cheng + +commit 2425f1808123bf69a8f66d4ec90e0d0e302c2613 upstream. + +0x275 is used by KEY_FASTREVERSE. + +Fixes: 488326947cd1 ("Input: add HDMI CEC specific keycodes") +Signed-off-by: Ping Cheng +Acked-by: Hans Verkuil +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/input-event-codes.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/uapi/linux/input-event-codes.h ++++ b/include/uapi/linux/input-event-codes.h +@@ -640,7 +640,7 @@ + * Control a data application associated with the currently viewed channel, + * e.g. teletext or data broadcast application (MHEG, MHP, HbbTV, etc.) + */ +-#define KEY_DATA 0x275 ++#define KEY_DATA 0x277 + + #define BTN_TRIGGER_HAPPY 0x2c0 + #define BTN_TRIGGER_HAPPY1 0x2c0 diff --git a/queue-4.8/input-psmouse-disable-automatic-probing-of-byd-touchpads.patch b/queue-4.8/input-psmouse-disable-automatic-probing-of-byd-touchpads.patch new file mode 100644 index 00000000000..62138502568 --- /dev/null +++ b/queue-4.8/input-psmouse-disable-automatic-probing-of-byd-touchpads.patch @@ -0,0 +1,62 @@ +From e9fb7cc63801d3dc71b60ca11c4d08f68f879a53 Mon Sep 17 00:00:00 2001 +From: Dmitry Torokhov +Date: Sat, 12 Nov 2016 10:45:48 -0800 +Subject: Input: psmouse - disable automatic probing of BYD touchpads +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Dmitry Torokhov + +commit e9fb7cc63801d3dc71b60ca11c4d08f68f879a53 upstream. + +BYD automatic protocol detection is extremely unreliable and is often +triggers false positives on regular mice, Sentelic touchpads, and other +devices. BYD has several documents that have recommended detection +sequence, but they conflict with each other and, as far as I can see, still +would not produce unique enough output to reliably differentiate BYD from +other PS/2 devices. + +OEMs sourcing BYD devices also do not do us any favors by not supplying any +reasonable DMI data and instead leaving turds like "To Be Filled By O.E.M." +in place of vendor data, or "System Serial Number" as serial number. + +On top of that BYD is not truly modern multitouch controller, but rather a +single-touch transitional device that only reports absolute coordinates at +the beginning of finger contact and then reverts to reporting +displacements, and thus not very precise; the only benefit from using BYD +mode vs the legacy PS/2 mode is possibility of edge scrolling. + +Given the above, and the fact that BYD devices are somewhat uncommon, let's +disable automatic detection of BYD devices. Users who know they have BYD +trackpads or want to experiment can attempt to activate BYD protocol via +sysfs: + + echo -n "byd" > /sys/bus/serio/devices/serio1/drvctl + +Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=151691 +Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=175421 +Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=120781 +Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=121281 +Fixes: 98ee37714493 ("Input: byd - add BYD PS/2 touchpad driver") +Reviewed-by: Pali Rohár +Signed-off-by: Dmitry Torokhov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/input/mouse/psmouse-base.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/drivers/input/mouse/psmouse-base.c ++++ b/drivers/input/mouse/psmouse-base.c +@@ -1115,10 +1115,6 @@ static int psmouse_extensions(struct psm + if (psmouse_try_protocol(psmouse, PSMOUSE_TOUCHKIT_PS2, + &max_proto, set_properties, true)) + return PSMOUSE_TOUCHKIT_PS2; +- +- if (psmouse_try_protocol(psmouse, PSMOUSE_BYD, +- &max_proto, set_properties, true)) +- return PSMOUSE_BYD; + } + + /* diff --git a/queue-4.8/kasan-update-kasan_global-for-gcc-7.patch b/queue-4.8/kasan-update-kasan_global-for-gcc-7.patch new file mode 100644 index 00000000000..807b5316393 --- /dev/null +++ b/queue-4.8/kasan-update-kasan_global-for-gcc-7.patch @@ -0,0 +1,53 @@ +From 045d599a286bc01daa3510d59272440a17b23c2e Mon Sep 17 00:00:00 2001 +From: Dmitry Vyukov +Date: Wed, 30 Nov 2016 15:54:13 -0800 +Subject: kasan: update kasan_global for gcc 7 + +From: Dmitry Vyukov + +commit 045d599a286bc01daa3510d59272440a17b23c2e upstream. + +kasan_global struct is part of compiler/runtime ABI. gcc revision +241983 has added a new field to kasan_global struct. Update kernel +definition of kasan_global struct to include the new field. + +Without this patch KASAN is broken with gcc 7. + +Link: http://lkml.kernel.org/r/1479219743-28682-1-git-send-email-dvyukov@google.com +Signed-off-by: Dmitry Vyukov +Acked-by: Andrey Ryabinin +Cc: Alexander Potapenko +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/compiler-gcc.h | 4 +++- + mm/kasan/kasan.h | 3 +++ + 2 files changed, 6 insertions(+), 1 deletion(-) + +--- a/include/linux/compiler-gcc.h ++++ b/include/linux/compiler-gcc.h +@@ -256,7 +256,9 @@ + #endif + #endif /* CONFIG_ARCH_USE_BUILTIN_BSWAP && !__CHECKER__ */ + +-#if GCC_VERSION >= 50000 ++#if GCC_VERSION >= 70000 ++#define KASAN_ABI_VERSION 5 ++#elif GCC_VERSION >= 50000 + #define KASAN_ABI_VERSION 4 + #elif GCC_VERSION >= 40902 + #define KASAN_ABI_VERSION 3 +--- a/mm/kasan/kasan.h ++++ b/mm/kasan/kasan.h +@@ -53,6 +53,9 @@ struct kasan_global { + #if KASAN_ABI_VERSION >= 4 + struct kasan_source_location *location; + #endif ++#if KASAN_ABI_VERSION >= 5 ++ char *odr_indicator; ++#endif + }; + + /** diff --git a/queue-4.8/libata-scsi-fixup-ata_gen_passthru_sense.patch b/queue-4.8/libata-scsi-fixup-ata_gen_passthru_sense.patch new file mode 100644 index 00000000000..9a973c57af1 --- /dev/null +++ b/queue-4.8/libata-scsi-fixup-ata_gen_passthru_sense.patch @@ -0,0 +1,33 @@ +From e0029dcb5b6e1c23e68f578ce7a3d6c5caba0501 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Mon, 31 Oct 2016 21:06:58 +0100 +Subject: libata-scsi: Fixup ata_gen_passthru_sense() + +From: Hannes Reinecke + +commit e0029dcb5b6e1c23e68f578ce7a3d6c5caba0501 upstream. + +There's a typo in ata_gen_passthru_sense(), where the first byte +would be overwritten incorrectly later on. + +Reported-by: Charles Machalow +Signed-off-by: Hannes Reinecke +Fixes: 11093cb1ef56 ("libata-scsi: generate correct ATA pass-through sense") +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/ata/libata-scsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ata/libata-scsi.c ++++ b/drivers/ata/libata-scsi.c +@@ -1088,7 +1088,7 @@ static void ata_gen_passthru_sense(struc + desc[1] = tf->command; /* status */ + desc[2] = tf->device; + desc[3] = tf->nsect; +- desc[0] = 0; ++ desc[7] = 0; + if (tf->flags & ATA_TFLAG_LBA48) { + desc[8] |= 0x80; + if (tf->hob_nsect) diff --git a/queue-4.8/mm-fix-false-positive-warn_on-in-truncate-invalidate-for-hugetlb.patch b/queue-4.8/mm-fix-false-positive-warn_on-in-truncate-invalidate-for-hugetlb.patch new file mode 100644 index 00000000000..4bf5f6f4953 --- /dev/null +++ b/queue-4.8/mm-fix-false-positive-warn_on-in-truncate-invalidate-for-hugetlb.patch @@ -0,0 +1,114 @@ +From 5cbc198ae08d84bd416b672ad8bd1222acd0855c Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Wed, 30 Nov 2016 15:54:19 -0800 +Subject: mm: fix false-positive WARN_ON() in truncate/invalidate for hugetlb + +From: Kirill A. Shutemov + +commit 5cbc198ae08d84bd416b672ad8bd1222acd0855c upstream. + +Hugetlb pages have ->index in size of the huge pages (PMD_SIZE or +PUD_SIZE), not in PAGE_SIZE as other types of pages. This means we +cannot user page_to_pgoff() to check whether we've got the right page +for the radix-tree index. + +Let's introduce page_to_index() which would return radix-tree index for +given page. + +We will be able to get rid of this once hugetlb will be switched to +multi-order entries. + +Fixes: fc127da085c2 ("truncate: handle file thp") +Link: http://lkml.kernel.org/r/20161123093053.mjbnvn5zwxw5e6lk@black.fi.intel.com +Signed-off-by: Kirill A. Shutemov +Reported-by: Doug Nelson +Tested-by: Doug Nelson +Reviewed-by: Naoya Horiguchi +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/pagemap.h | 21 +++++++++++++++------ + mm/truncate.c | 8 ++++---- + 2 files changed, 19 insertions(+), 10 deletions(-) + +--- a/include/linux/pagemap.h ++++ b/include/linux/pagemap.h +@@ -364,16 +364,13 @@ static inline struct page *read_mapping_ + } + + /* +- * Get the offset in PAGE_SIZE. +- * (TODO: hugepage should have ->index in PAGE_SIZE) ++ * Get index of the page with in radix-tree ++ * (TODO: remove once hugetlb pages will have ->index in PAGE_SIZE) + */ +-static inline pgoff_t page_to_pgoff(struct page *page) ++static inline pgoff_t page_to_index(struct page *page) + { + pgoff_t pgoff; + +- if (unlikely(PageHeadHuge(page))) +- return page->index << compound_order(page); +- + if (likely(!PageTransTail(page))) + return page->index; + +@@ -387,6 +384,18 @@ static inline pgoff_t page_to_pgoff(stru + } + + /* ++ * Get the offset in PAGE_SIZE. ++ * (TODO: hugepage should have ->index in PAGE_SIZE) ++ */ ++static inline pgoff_t page_to_pgoff(struct page *page) ++{ ++ if (unlikely(PageHeadHuge(page))) ++ return page->index << compound_order(page); ++ ++ return page_to_index(page); ++} ++ ++/* + * Return byte-offset into filesystem object for page. + */ + static inline loff_t page_offset(struct page *page) +--- a/mm/truncate.c ++++ b/mm/truncate.c +@@ -283,7 +283,7 @@ void truncate_inode_pages_range(struct a + + if (!trylock_page(page)) + continue; +- WARN_ON(page_to_pgoff(page) != index); ++ WARN_ON(page_to_index(page) != index); + if (PageWriteback(page)) { + unlock_page(page); + continue; +@@ -371,7 +371,7 @@ void truncate_inode_pages_range(struct a + } + + lock_page(page); +- WARN_ON(page_to_pgoff(page) != index); ++ WARN_ON(page_to_index(page) != index); + wait_on_page_writeback(page); + truncate_inode_page(mapping, page); + unlock_page(page); +@@ -492,7 +492,7 @@ unsigned long invalidate_mapping_pages(s + if (!trylock_page(page)) + continue; + +- WARN_ON(page_to_pgoff(page) != index); ++ WARN_ON(page_to_index(page) != index); + + /* Middle of THP: skip */ + if (PageTransTail(page)) { +@@ -612,7 +612,7 @@ int invalidate_inode_pages2_range(struct + } + + lock_page(page); +- WARN_ON(page_to_pgoff(page) != index); ++ WARN_ON(page_to_index(page) != index); + if (page->mapping != mapping) { + unlock_page(page); + continue; diff --git a/queue-4.8/mm-thp-propagation-of-conditional-compilation-in-khugepaged.c.patch b/queue-4.8/mm-thp-propagation-of-conditional-compilation-in-khugepaged.c.patch new file mode 100644 index 00000000000..c7ee4890ce2 --- /dev/null +++ b/queue-4.8/mm-thp-propagation-of-conditional-compilation-in-khugepaged.c.patch @@ -0,0 +1,55 @@ +From e1465d125d2189e667029b9fa8a6f455180fbcf2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lefaure?= +Date: Wed, 30 Nov 2016 15:54:02 -0800 +Subject: mm, thp: propagation of conditional compilation in khugepaged.c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jérémy Lefaure + +commit e1465d125d2189e667029b9fa8a6f455180fbcf2 upstream. + +Commit b46e756f5e47 ("thp: extract khugepaged from mm/huge_memory.c") +moved code from huge_memory.c to khugepaged.c. Some of this code should +be compiled only when CONFIG_SYSFS is enabled but the condition around +this code was not moved into khugepaged.c. + +The result is a compilation error when CONFIG_SYSFS is disabled: + + mm/built-in.o: In function `khugepaged_defrag_store': khugepaged.c:(.text+0x2d095): undefined reference to `single_hugepage_flag_store' + mm/built-in.o: In function `khugepaged_defrag_show': khugepaged.c:(.text+0x2d0ab): undefined reference to `single_hugepage_flag_show' + +This commit adds the #ifdef CONFIG_SYSFS around the code related to +sysfs. + +Link: http://lkml.kernel.org/r/20161114203448.24197-1-jeremy.lefaure@lse.epita.fr +Signed-off-by: Jérémy Lefaure +Acked-by: Kirill A. Shutemov +Acked-by: Hillf Danton +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/khugepaged.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/mm/khugepaged.c ++++ b/mm/khugepaged.c +@@ -103,6 +103,7 @@ static struct khugepaged_scan khugepaged + .mm_head = LIST_HEAD_INIT(khugepaged_scan.mm_head), + }; + ++#ifdef CONFIG_SYSFS + static ssize_t scan_sleep_millisecs_show(struct kobject *kobj, + struct kobj_attribute *attr, + char *buf) +@@ -295,6 +296,7 @@ struct attribute_group khugepaged_attr_g + .attrs = khugepaged_attr, + .name = "khugepaged", + }; ++#endif /* CONFIG_SYSFS */ + + #define VM_NO_KHUGEPAGED (VM_SPECIAL | VM_HUGETLB) + diff --git a/queue-4.8/ovl-fix-d_real-for-stacked-fs.patch b/queue-4.8/ovl-fix-d_real-for-stacked-fs.patch new file mode 100644 index 00000000000..6ec52b42e74 --- /dev/null +++ b/queue-4.8/ovl-fix-d_real-for-stacked-fs.patch @@ -0,0 +1,63 @@ +From c4fcfc1619ea43a8a89ad2f83ff23905eee088bd Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Tue, 29 Nov 2016 10:20:24 +0100 +Subject: ovl: fix d_real() for stacked fs + +From: Miklos Szeredi + +commit c4fcfc1619ea43a8a89ad2f83ff23905eee088bd upstream. + +Handling of recursion in d_real() is completely broken. Recursion is only +done in the 'inode != NULL' case. But when opening the file we have +'inode == NULL' hence d_real() will return an overlay dentry. This won't +work since overlayfs doesn't define its own file operations, so all file +ops will fail. + +Fix by doing the recursion first and the check against the inode second. + +Bash script to reproduce the issue written by Quentin: + + - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - - +tmpdir=$(mktemp -d) +pushd ${tmpdir} + +mkdir -p {upper,lower,work} +echo -n 'rocks' > lower/ksplice +mount -t overlay level_zero upper -o lowerdir=lower,upperdir=upper,workdir=work +cat upper/ksplice + +tmpdir2=$(mktemp -d) +pushd ${tmpdir2} + +mkdir -p {upper,work} +mount -t overlay level_one upper -o lowerdir=${tmpdir}/upper,upperdir=upper,workdir=work +ls -l upper/ksplice +cat upper/ksplice + - 8< - - - - - 8< - - - - - 8< - - - - - 8< - - - - + +Reported-by: Quentin Casasnovas +Signed-off-by: Miklos Szeredi +Fixes: 2d902671ce1c ("vfs: merge .d_select_inode() into .d_real()") +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/super.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -329,11 +329,11 @@ static struct dentry *ovl_d_real(struct + if (!real) + goto bug; + ++ /* Handle recursion */ ++ real = d_real(real, inode, open_flags); ++ + if (!inode || inode == d_inode(real)) + return real; +- +- /* Handle recursion */ +- return d_real(real, inode, open_flags); + bug: + WARN(1, "ovl_d_real(%pd4, %s:%lu): real dentry not found\n", dentry, + inode ? inode->i_sb->s_id : "NULL", inode ? inode->i_ino : 0); diff --git a/queue-4.8/scsi-hpsa-use-bus-3-for-legacy-hba-devices.patch b/queue-4.8/scsi-hpsa-use-bus-3-for-legacy-hba-devices.patch new file mode 100644 index 00000000000..5b6dd53d502 --- /dev/null +++ b/queue-4.8/scsi-hpsa-use-bus-3-for-legacy-hba-devices.patch @@ -0,0 +1,93 @@ +From 7630b3a599e2c6d1c042945d32ff2debc855ad29 Mon Sep 17 00:00:00 2001 +From: Hannes Reinecke +Date: Thu, 17 Nov 2016 12:15:56 +0100 +Subject: scsi: hpsa: use bus '3' for legacy HBA devices + +From: Hannes Reinecke + +commit 7630b3a599e2c6d1c042945d32ff2debc855ad29 upstream. + +Older controllers use SCSI target id '0' for the first internal disk. As +the controllers are now placed on the same bus as the internal disks +this leads to a clash with the SCSI target id of controller. This patch +checks the SCSI revision, and moves older controller to bus '3' to be +compatible with older releases and avoid this problem. + +[mkp: fixed uninitialized variable] + +Fixes: 09371d623c9 ("hpsa: Change SAS transport devices to bus 0.") +Signed-off-by: Hannes Reinecke +Acked-by: Don Brace +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/hpsa.c | 16 +++++++++++----- + drivers/scsi/hpsa.h | 2 ++ + 2 files changed, 13 insertions(+), 5 deletions(-) + +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -2007,7 +2007,7 @@ static struct hpsa_scsi_dev_t *lookup_hp + + static int hpsa_slave_alloc(struct scsi_device *sdev) + { +- struct hpsa_scsi_dev_t *sd; ++ struct hpsa_scsi_dev_t *sd = NULL; + unsigned long flags; + struct ctlr_info *h; + +@@ -2024,7 +2024,8 @@ static int hpsa_slave_alloc(struct scsi_ + sd->target = sdev_id(sdev); + sd->lun = sdev->lun; + } +- } else ++ } ++ if (!sd) + sd = lookup_hpsa_scsi_dev(h, sdev_channel(sdev), + sdev_id(sdev), sdev->lun); + +@@ -3805,6 +3806,7 @@ static int hpsa_update_device_info(struc + sizeof(this_device->vendor)); + memcpy(this_device->model, &inq_buff[16], + sizeof(this_device->model)); ++ this_device->rev = inq_buff[2]; + memset(this_device->device_id, 0, + sizeof(this_device->device_id)); + hpsa_get_device_id(h, scsi3addr, this_device->device_id, 8, +@@ -3887,10 +3889,14 @@ static void figure_bus_target_lun(struct + + if (!is_logical_dev_addr_mode(lunaddrbytes)) { + /* physical device, target and lun filled in later */ +- if (is_hba_lunid(lunaddrbytes)) ++ if (is_hba_lunid(lunaddrbytes)) { ++ int bus = HPSA_HBA_BUS; ++ ++ if (!device->rev) ++ bus = HPSA_LEGACY_HBA_BUS; + hpsa_set_bus_target_lun(device, +- HPSA_HBA_BUS, 0, lunid & 0x3fff); +- else ++ bus, 0, lunid & 0x3fff); ++ } else + /* defer target, lun assignment for physical devices */ + hpsa_set_bus_target_lun(device, + HPSA_PHYSICAL_DEVICE_BUS, -1, -1); +--- a/drivers/scsi/hpsa.h ++++ b/drivers/scsi/hpsa.h +@@ -69,6 +69,7 @@ struct hpsa_scsi_dev_t { + u64 sas_address; + unsigned char vendor[8]; /* bytes 8-15 of inquiry data */ + unsigned char model[16]; /* bytes 16-31 of inquiry data */ ++ unsigned char rev; /* byte 2 of inquiry data */ + unsigned char raid_level; /* from inquiry page 0xC1 */ + unsigned char volume_offline; /* discovered via TUR or VPD */ + u16 queue_depth; /* max queue_depth for this device */ +@@ -403,6 +404,7 @@ struct offline_device_entry { + #define HPSA_RAID_VOLUME_BUS 1 + #define HPSA_EXTERNAL_RAID_VOLUME_BUS 2 + #define HPSA_HBA_BUS 0 ++#define HPSA_LEGACY_HBA_BUS 3 + + /* + Send the command to the hardware diff --git a/queue-4.8/scsi-libfc-fix-seconds_since_last_reset-miscalculation.patch b/queue-4.8/scsi-libfc-fix-seconds_since_last_reset-miscalculation.patch new file mode 100644 index 00000000000..512b4bc29a2 --- /dev/null +++ b/queue-4.8/scsi-libfc-fix-seconds_since_last_reset-miscalculation.patch @@ -0,0 +1,35 @@ +From 208da78e8ec8b6d6ce3747ab0e5c120458e08ae6 Mon Sep 17 00:00:00 2001 +From: Johannes Thumshirn +Date: Thu, 17 Nov 2016 12:50:23 +0100 +Subject: scsi: libfc: fix seconds_since_last_reset miscalculation + +From: Johannes Thumshirn + +commit 208da78e8ec8b6d6ce3747ab0e5c120458e08ae6 upstream. + +Commit 540eb1eef0ab ("scsi: libfc: fix seconds_since_last_reset calculation") +removed the use of 'struct timespec' from fc_get_host_stats(). This broke the +output of 'fcoeadm -s' after kernel 4.8-rc1. + +Signed-off-by: Johannes Thumshirn +Fixes: 540eb1eef0ab ("scsi: libfc: fix seconds_since_last_reset calculation") +Acked-by: Arnd Bergmann +Reviewed-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/libfc/fc_lport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/libfc/fc_lport.c ++++ b/drivers/scsi/libfc/fc_lport.c +@@ -308,7 +308,7 @@ struct fc_host_statistics *fc_get_host_s + fc_stats = &lport->host_stats; + memset(fc_stats, 0, sizeof(struct fc_host_statistics)); + +- fc_stats->seconds_since_last_reset = (lport->boot_time - jiffies) / HZ; ++ fc_stats->seconds_since_last_reset = (jiffies - lport->boot_time) / HZ; + + for_each_possible_cpu(cpu) { + struct fc_stats *stats; diff --git a/queue-4.8/thp-fix-corner-case-of-munlock-of-pte-mapped-thps.patch b/queue-4.8/thp-fix-corner-case-of-munlock-of-pte-mapped-thps.patch new file mode 100644 index 00000000000..6be026149a8 --- /dev/null +++ b/queue-4.8/thp-fix-corner-case-of-munlock-of-pte-mapped-thps.patch @@ -0,0 +1,66 @@ +From 655548bf6271b212cd1e4c259da9dbe616348d38 Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Wed, 30 Nov 2016 15:54:05 -0800 +Subject: thp: fix corner case of munlock() of PTE-mapped THPs + +From: Kirill A. Shutemov + +commit 655548bf6271b212cd1e4c259da9dbe616348d38 upstream. + +The following program triggers BUG() in munlock_vma_pages_range(): + + // autogenerated by syzkaller (http://github.com/google/syzkaller) + #include + + int main() + { + mmap((void*)0x20105000ul, 0xc00000ul, 0x2ul, 0x2172ul, -1, 0); + mremap((void*)0x201fd000ul, 0x4000ul, 0xc00000ul, 0x3ul, 0x203f0000ul); + return 0; + } + +The test-case constructs the situation when munlock_vma_pages_range() +finds PTE-mapped THP-head in the middle of page table and, by mistake, +skips HPAGE_PMD_NR pages after that. + +As result, on the next iteration it hits the middle of PMD-mapped THP +and gets upset seeing mlocked tail page. + +The solution is only skip HPAGE_PMD_NR pages if the THP was mlocked +during munlock_vma_page(). It would guarantee that the page is +PMD-mapped as we never mlock PTE-mapeed THPs. + +Fixes: e90309c9f772 ("thp: allow mlocked THP again") +Link: http://lkml.kernel.org/r/20161115132703.7s7rrgmwttegcdh4@black.fi.intel.com +Signed-off-by: Kirill A. Shutemov +Reported-by: Dmitry Vyukov +Cc: Konstantin Khlebnikov +Cc: Andrey Ryabinin +Cc: syzkaller +Cc: Andrea Arcangeli +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/mlock.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/mm/mlock.c ++++ b/mm/mlock.c +@@ -190,10 +190,13 @@ unsigned int munlock_vma_page(struct pag + */ + spin_lock_irq(zone_lru_lock(zone)); + +- nr_pages = hpage_nr_pages(page); +- if (!TestClearPageMlocked(page)) ++ if (!TestClearPageMlocked(page)) { ++ /* Potentially, PTE-mapped THP: do not skip the rest PTEs */ ++ nr_pages = 1; + goto unlock_out; ++ } + ++ nr_pages = hpage_nr_pages(page); + __mod_zone_page_state(zone, NR_MLOCK, -nr_pages); + + if (__munlock_isolate_lru_page(page, true)) { diff --git a/queue-4.8/zram-fix-unbalanced-idr-management-at-hot-removal.patch b/queue-4.8/zram-fix-unbalanced-idr-management-at-hot-removal.patch new file mode 100644 index 00000000000..ac2a86ed95f --- /dev/null +++ b/queue-4.8/zram-fix-unbalanced-idr-management-at-hot-removal.patch @@ -0,0 +1,88 @@ +From 529e71e16403830ae0d737a66c55c5f360f3576b Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Wed, 30 Nov 2016 15:54:08 -0800 +Subject: zram: fix unbalanced idr management at hot removal + +From: Takashi Iwai + +commit 529e71e16403830ae0d737a66c55c5f360f3576b upstream. + +The zram hot removal code calls idr_remove() even when zram_remove() +returns an error (typically -EBUSY). This results in a leftover at the +device release, eventually leading to a crash when the module is +reloaded. + +As described in the bug report below, the following procedure would +cause an Oops with zram: + + - provision three zram devices via modprobe zram num_devices=3 + - configure a size for each device + + echo "1G" > /sys/block/$zram_name/disksize + - mkfs and mount zram0 only + - attempt to hot remove all three devices + + echo 2 > /sys/class/zram-control/hot_remove + + echo 1 > /sys/class/zram-control/hot_remove + + echo 0 > /sys/class/zram-control/hot_remove + - zram0 removal fails with EBUSY, as expected + - unmount zram0 + - try zram0 hot remove again + + echo 0 > /sys/class/zram-control/hot_remove + - fails with ENODEV (unexpected) + - unload zram kernel module + + completes successfully + - zram0 device node still exists + - attempt to mount /dev/zram0 + + mount command is killed + + following BUG is encountered + + BUG: unable to handle kernel paging request at ffffffffa0002ba0 + IP: get_disk+0x16/0x50 + Oops: 0000 [#1] SMP + CPU: 0 PID: 252 Comm: mount Not tainted 4.9.0-rc6 #176 + Call Trace: + exact_lock+0xc/0x20 + kobj_lookup+0xdc/0x160 + get_gendisk+0x2f/0x110 + __blkdev_get+0x10c/0x3c0 + blkdev_get+0x19d/0x2e0 + blkdev_open+0x56/0x70 + do_dentry_open.isra.19+0x1ff/0x310 + vfs_open+0x43/0x60 + path_openat+0x2c9/0xf30 + do_filp_open+0x79/0xd0 + do_sys_open+0x114/0x1e0 + SyS_open+0x19/0x20 + entry_SYSCALL_64_fastpath+0x13/0x94 + +This patch adds the proper error check in hot_remove_store() not to call +idr_remove() unconditionally. + +Fixes: 17ec4cd98578 ("zram: don't call idr_remove() from zram_remove()") +Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=1010970 +Link: http://lkml.kernel.org/r/20161121132140.12683-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Reviewed-by: David Disseldorp +Reported-by: David Disseldorp +Tested-by: David Disseldorp +Acked-by: Minchan Kim +Acked-by: Sergey Senozhatsky +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/zram/zram_drv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -1403,7 +1403,8 @@ static ssize_t hot_remove_store(struct c + zram = idr_find(&zram_index_idr, dev_id); + if (zram) { + ret = zram_remove(zram); +- idr_remove(&zram_index_idr, dev_id); ++ if (!ret) ++ idr_remove(&zram_index_idr, dev_id); + } else { + ret = -ENODEV; + }