From: Greg Kroah-Hartman Date: Mon, 29 Apr 2019 09:54:57 +0000 (+0200) Subject: drop nfs patch that should not have been backported X-Git-Tag: v4.9.172~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d12b261ef4fe88a113f4aa4ae03f9345daefbf13;p=thirdparty%2Fkernel%2Fstable-queue.git drop nfs patch that should not have been backported --- diff --git a/queue-4.14/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch b/queue-4.14/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch deleted file mode 100644 index 5b1a6749937..00000000000 --- a/queue-4.14/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f456458e4d25a8962d0946891617c76cc3ff5fb9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 22 Apr 2019 12:34:24 -0400 -Subject: nfsd: wake blocked file lock waiters before sending callback - -From: Jeff Layton - -commit f456458e4d25a8962d0946891617c76cc3ff5fb9 upstream. - -When a blocked NFS lock is "awoken" we send a callback to the server and -then wake any hosts waiting on it. If a client attempts to get a lock -and then drops off the net, we could end up waiting for a long time -until we end up waking locks blocked on that request. - -So, wake any other waiting lock requests before sending the callback. -Do this by calling locks_delete_block in a new "prepare" phase for -CB_NOTIFY_LOCK callbacks. - -URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363 -Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.") -Reported-by: Slawomir Pryczek -Cc: Neil Brown -Cc: stable@vger.kernel.org -Signed-off-by: Jeff Layton -Signed-off-by: J. Bruce Fields -Signed-off-by: Greg Kroah-Hartman - ---- - fs/nfsd/nfs4state.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -292,6 +292,14 @@ remove_blocked_locks(struct nfs4_lockown - } - } - -+static void -+nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) -+{ -+ struct nfsd4_blocked_lock *nbl = container_of(cb, -+ struct nfsd4_blocked_lock, nbl_cb); -+ locks_delete_block(&nbl->nbl_lock); -+} -+ - static int - nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) - { -@@ -319,6 +327,7 @@ nfsd4_cb_notify_lock_release(struct nfsd - } - - static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { -+ .prepare = nfsd4_cb_notify_lock_prepare, - .done = nfsd4_cb_notify_lock_done, - .release = nfsd4_cb_notify_lock_release, - }; diff --git a/queue-4.14/powerpc-mm-radix-make-radix-require-hugetlb_page.patch b/queue-4.14/powerpc-mm-radix-make-radix-require-hugetlb_page.patch deleted file mode 100644 index cdaa49ae53e..00000000000 --- a/queue-4.14/powerpc-mm-radix-make-radix-require-hugetlb_page.patch +++ /dev/null @@ -1,99 +0,0 @@ -From 8adddf349fda0d3de2f6bb41ddf838cbf36a8ad2 Mon Sep 17 00:00:00 2001 -From: Michael Ellerman -Date: Tue, 16 Apr 2019 23:59:02 +1000 -Subject: powerpc/mm/radix: Make Radix require HUGETLB_PAGE - -From: Michael Ellerman - -commit 8adddf349fda0d3de2f6bb41ddf838cbf36a8ad2 upstream. - -Joel reported weird crashes using skiroot_defconfig, in his case we -jumped into an NX page: - - kernel tried to execute exec-protected page (c000000002bff4f0) - exploit attempt? (uid: 0) - BUG: Unable to handle kernel instruction fetch - Faulting instruction address: 0xc000000002bff4f0 - -Looking at the disassembly, we had simply branched to that address: - - c000000000c001bc 49fff335 bl c000000002bff4f0 - -But that didn't match the original kernel image: - - c000000000c001bc 4bfff335 bl c000000000bff4f0 - -When STRICT_KERNEL_RWX is enabled, and we're using the radix MMU, we -call radix__change_memory_range() late in boot to change page -protections. We do that both to mark rodata read only and also to mark -init text no-execute. That involves walking the kernel page tables, -and clearing _PAGE_WRITE or _PAGE_EXEC respectively. - -With radix we may use hugepages for the linear mapping, so the code in -radix__change_memory_range() uses eg. pmd_huge() to test if it has -found a huge mapping, and if so it stops the page table walk and -changes the PMD permissions. - -However if the kernel is built without HUGETLBFS support, pmd_huge() -is just a #define that always returns 0. That causes the code in -radix__change_memory_range() to incorrectly interpret the PMD value as -a pointer to a PTE page rather than as a PTE at the PMD level. - -We can see this using `dv` in xmon which also uses pmd_huge(): - - 0:mon> dv c000000000000000 - pgd @ 0xc000000001740000 - pgdp @ 0xc000000001740000 = 0x80000000ffffb009 - pudp @ 0xc0000000ffffb000 = 0x80000000ffffa009 - pmdp @ 0xc0000000ffffa000 = 0xc00000000000018f <- this is a PTE - ptep @ 0xc000000000000100 = 0xa64bb17da64ab07d <- kernel text - -The end result is we treat the value at 0xc000000000000100 as a PTE -and clear _PAGE_WRITE or _PAGE_EXEC, potentially corrupting the code -at that address. - -In Joel's specific case we cleared the sign bit in the offset of the -branch, causing a backward branch to turn into a forward branch which -caused us to branch into a non-executable page. However the exact -nature of the crash depends on kernel version, compiler version, and -other factors. - -We need to fix radix__change_memory_range() to not use accessors that -depend on HUGETLBFS, but we also have radix memory hotplug code that -uses pmd_huge() etc that will also need fixing. So for now just -disallow the broken combination of Radix with HUGETLBFS disabled. - -The only defconfig we have that is affected is skiroot_defconfig, so -turn on HUGETLBFS there so that it still gets Radix. - -Fixes: 566ca99af026 ("powerpc/mm/radix: Add dummy radix_enabled()") -Cc: stable@vger.kernel.org # v4.7+ -Reported-by: Joel Stanley -Signed-off-by: Michael Ellerman -Signed-off-by: Greg Kroah-Hartman - ---- - arch/powerpc/configs/skiroot_defconfig | 1 + - arch/powerpc/platforms/Kconfig.cputype | 2 +- - 2 files changed, 2 insertions(+), 1 deletion(-) - ---- a/arch/powerpc/configs/skiroot_defconfig -+++ b/arch/powerpc/configs/skiroot_defconfig -@@ -195,6 +195,7 @@ CONFIG_UDF_FS=m - CONFIG_MSDOS_FS=m - CONFIG_VFAT_FS=m - CONFIG_PROC_KCORE=y -+CONFIG_HUGETLBFS=y - CONFIG_TMPFS=y - CONFIG_TMPFS_POSIX_ACL=y - # CONFIG_MISC_FILESYSTEMS is not set ---- a/arch/powerpc/platforms/Kconfig.cputype -+++ b/arch/powerpc/platforms/Kconfig.cputype -@@ -330,7 +330,7 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK - - config PPC_RADIX_MMU - bool "Radix MMU Support" -- depends on PPC_BOOK3S_64 -+ depends on PPC_BOOK3S_64 && HUGETLB_PAGE - select ARCH_HAS_GIGANTIC_PAGE if (MEMORY_ISOLATION && COMPACTION) || CMA - default y - help diff --git a/queue-4.14/series b/queue-4.14/series index 1f0202cf634..467078a5cbe 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -12,7 +12,6 @@ ceph-only-use-d_name-directly-when-parent-is-locked.patch ceph-ensure-d_name-stability-in-ceph_dentry_hash.patch ceph-fix-ci-i_head_snapc-leak.patch nfsd-don-t-release-the-callback-slot-unless-it-was-actually-held.patch -nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch sunrpc-don-t-mark-uninitialised-items-as-valid.patch input-synaptics-rmi4-write-config-register-values-to-the-right-offset.patch vfio-type1-limit-dma-mappings-per-container.patch @@ -25,4 +24,3 @@ usb-add-new-usb-lpm-helpers.patch usb-consolidate-lpm-checks-to-avoid-enabling-lpm-twice.patch ext4-fix-some-error-pointer-dereferences.patch vsock-virtio-fix-kernel-panic-from-virtio_transport_reset_no_sock.patch -powerpc-mm-radix-make-radix-require-hugetlb_page.patch diff --git a/queue-4.19/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch b/queue-4.19/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch deleted file mode 100644 index 44e24b503a5..00000000000 --- a/queue-4.19/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f456458e4d25a8962d0946891617c76cc3ff5fb9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 22 Apr 2019 12:34:24 -0400 -Subject: nfsd: wake blocked file lock waiters before sending callback - -From: Jeff Layton - -commit f456458e4d25a8962d0946891617c76cc3ff5fb9 upstream. - -When a blocked NFS lock is "awoken" we send a callback to the server and -then wake any hosts waiting on it. If a client attempts to get a lock -and then drops off the net, we could end up waiting for a long time -until we end up waking locks blocked on that request. - -So, wake any other waiting lock requests before sending the callback. -Do this by calling locks_delete_block in a new "prepare" phase for -CB_NOTIFY_LOCK callbacks. - -URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363 -Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.") -Reported-by: Slawomir Pryczek -Cc: Neil Brown -Cc: stable@vger.kernel.org -Signed-off-by: Jeff Layton -Signed-off-by: J. Bruce Fields -Signed-off-by: Greg Kroah-Hartman - ---- - fs/nfsd/nfs4state.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -298,6 +298,14 @@ remove_blocked_locks(struct nfs4_lockown - } - } - -+static void -+nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) -+{ -+ struct nfsd4_blocked_lock *nbl = container_of(cb, -+ struct nfsd4_blocked_lock, nbl_cb); -+ locks_delete_block(&nbl->nbl_lock); -+} -+ - static int - nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) - { -@@ -325,6 +333,7 @@ nfsd4_cb_notify_lock_release(struct nfsd - } - - static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { -+ .prepare = nfsd4_cb_notify_lock_prepare, - .done = nfsd4_cb_notify_lock_done, - .release = nfsd4_cb_notify_lock_release, - }; diff --git a/queue-4.19/series b/queue-4.19/series index c97305ff18b..abe7df95a31 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -36,7 +36,6 @@ ceph-only-use-d_name-directly-when-parent-is-locked.patch ceph-ensure-d_name-stability-in-ceph_dentry_hash.patch ceph-fix-ci-i_head_snapc-leak.patch nfsd-don-t-release-the-callback-slot-unless-it-was-actually-held.patch -nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch sunrpc-don-t-mark-uninitialised-items-as-valid.patch perf-x86-intel-update-kbl-package-c-state-events-to-also-include-pc8-pc9-pc10-counters.patch input-synaptics-rmi4-write-config-register-values-to-the-right-offset.patch diff --git a/queue-4.9/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch b/queue-4.9/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch deleted file mode 100644 index 5b1a6749937..00000000000 --- a/queue-4.9/nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch +++ /dev/null @@ -1,56 +0,0 @@ -From f456458e4d25a8962d0946891617c76cc3ff5fb9 Mon Sep 17 00:00:00 2001 -From: Jeff Layton -Date: Mon, 22 Apr 2019 12:34:24 -0400 -Subject: nfsd: wake blocked file lock waiters before sending callback - -From: Jeff Layton - -commit f456458e4d25a8962d0946891617c76cc3ff5fb9 upstream. - -When a blocked NFS lock is "awoken" we send a callback to the server and -then wake any hosts waiting on it. If a client attempts to get a lock -and then drops off the net, we could end up waiting for a long time -until we end up waking locks blocked on that request. - -So, wake any other waiting lock requests before sending the callback. -Do this by calling locks_delete_block in a new "prepare" phase for -CB_NOTIFY_LOCK callbacks. - -URL: https://bugzilla.kernel.org/show_bug.cgi?id=203363 -Fixes: 16306a61d3b7 ("fs/locks: always delete_block after waiting.") -Reported-by: Slawomir Pryczek -Cc: Neil Brown -Cc: stable@vger.kernel.org -Signed-off-by: Jeff Layton -Signed-off-by: J. Bruce Fields -Signed-off-by: Greg Kroah-Hartman - ---- - fs/nfsd/nfs4state.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -292,6 +292,14 @@ remove_blocked_locks(struct nfs4_lockown - } - } - -+static void -+nfsd4_cb_notify_lock_prepare(struct nfsd4_callback *cb) -+{ -+ struct nfsd4_blocked_lock *nbl = container_of(cb, -+ struct nfsd4_blocked_lock, nbl_cb); -+ locks_delete_block(&nbl->nbl_lock); -+} -+ - static int - nfsd4_cb_notify_lock_done(struct nfsd4_callback *cb, struct rpc_task *task) - { -@@ -319,6 +327,7 @@ nfsd4_cb_notify_lock_release(struct nfsd - } - - static const struct nfsd4_callback_ops nfsd4_cb_notify_lock_ops = { -+ .prepare = nfsd4_cb_notify_lock_prepare, - .done = nfsd4_cb_notify_lock_done, - .release = nfsd4_cb_notify_lock_release, - }; diff --git a/queue-4.9/series b/queue-4.9/series index 9d45e891a53..e107a719156 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -8,7 +8,6 @@ sched-numa-fix-a-possible-divide-by-zero.patch ceph-ensure-d_name-stability-in-ceph_dentry_hash.patch ceph-fix-ci-i_head_snapc-leak.patch nfsd-don-t-release-the-callback-slot-unless-it-was-actually-held.patch -nfsd-wake-blocked-file-lock-waiters-before-sending-callback.patch sunrpc-don-t-mark-uninitialised-items-as-valid.patch input-synaptics-rmi4-write-config-register-values-to-the-right-offset.patch dmaengine-sh-rcar-dmac-with-cyclic-dma-residue-0-is-valid.patch