From: Greg Kroah-Hartman Date: Wed, 20 Mar 2019 15:42:29 +0000 (+0100) Subject: 5.0-stable patches X-Git-Tag: v3.18.137~75 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e6dde9d2aa2fa85f672305c4ca9e7c709b5496f8;p=thirdparty%2Fkernel%2Fstable-queue.git 5.0-stable patches added patches: acpi-nfit-fix-bus-command-validation.patch dax-flush-partial-pmds-correctly.patch fix-cgroup_do_mount-handling-of-failure-exits.patch libnvdimm-fix-altmap-reservation-size-calculation.patch libnvdimm-label-clear-updating-flag-after-label-set-update.patch libnvdimm-pfn-fix-over-trim-in-trim_pfn_device.patch libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch nfit-acpi_nfit_ctl-check-out_obj-type-in-the-right-place.patch nfit-ars-attempt-a-short-ars-whenever-the-ars-state-is-idle-at-boot.patch nfit-ars-attempt-short-ars-even-in-the-no_init_ars-case.patch nfit-fix-nfit_intel_shutdown_status-command-submission.patch --- diff --git a/queue-5.0/acpi-nfit-fix-bus-command-validation.patch b/queue-5.0/acpi-nfit-fix-bus-command-validation.patch new file mode 100644 index 0000000000..619b0dfb2b --- /dev/null +++ b/queue-5.0/acpi-nfit-fix-bus-command-validation.patch @@ -0,0 +1,100 @@ +From ebe9f6f19d80d8978d16078dff3d5bd93ad8d102 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 7 Feb 2019 14:56:50 -0800 +Subject: acpi/nfit: Fix bus command validation + +From: Dan Williams + +commit ebe9f6f19d80d8978d16078dff3d5bd93ad8d102 upstream. + +Commit 11189c1089da "acpi/nfit: Fix command-supported detection" broke +ND_CMD_CALL for bus-level commands. The "func = cmd" assumption is only +valid for: + + ND_CMD_ARS_CAP + ND_CMD_ARS_START + ND_CMD_ARS_STATUS + ND_CMD_CLEAR_ERROR + +The function number otherwise needs to be pulled from the command +payload for: + + NFIT_CMD_TRANSLATE_SPA + NFIT_CMD_ARS_INJECT_SET + NFIT_CMD_ARS_INJECT_CLEAR + NFIT_CMD_ARS_INJECT_GET + +Update cmd_to_func() for the bus case and call it in the common path. + +Fixes: 11189c1089da ("acpi/nfit: Fix command-supported detection") +Cc: +Reviewed-by: Vishal Verma +Reported-by: Grzegorz Burzynski +Tested-by: Jeff Moyer +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 22 ++++++++++++---------- + 1 file changed, 12 insertions(+), 10 deletions(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -415,7 +415,7 @@ static int cmd_to_func(struct nfit_mem * + if (call_pkg) { + int i; + +- if (nfit_mem->family != call_pkg->nd_family) ++ if (nfit_mem && nfit_mem->family != call_pkg->nd_family) + return -ENOTTY; + + for (i = 0; i < ARRAY_SIZE(call_pkg->nd_reserved2); i++) +@@ -424,6 +424,10 @@ static int cmd_to_func(struct nfit_mem * + return call_pkg->nd_command; + } + ++ /* In the !call_pkg case, bus commands == bus functions */ ++ if (!nfit_mem) ++ return cmd; ++ + /* Linux ND commands == NVDIMM_FAMILY_INTEL function numbers */ + if (nfit_mem->family == NVDIMM_FAMILY_INTEL) + return cmd; +@@ -454,17 +458,18 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc + if (cmd_rc) + *cmd_rc = -EINVAL; + ++ if (cmd == ND_CMD_CALL) ++ call_pkg = buf; ++ func = cmd_to_func(nfit_mem, cmd, call_pkg); ++ if (func < 0) ++ return func; ++ + if (nvdimm) { + struct acpi_device *adev = nfit_mem->adev; + + if (!adev) + return -ENOTTY; + +- if (cmd == ND_CMD_CALL) +- call_pkg = buf; +- func = cmd_to_func(nfit_mem, cmd, call_pkg); +- if (func < 0) +- return func; + dimm_name = nvdimm_name(nvdimm); + cmd_name = nvdimm_cmd_name(cmd); + cmd_mask = nvdimm_cmd_mask(nvdimm); +@@ -475,12 +480,9 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc + } else { + struct acpi_device *adev = to_acpi_dev(acpi_desc); + +- func = cmd; + cmd_name = nvdimm_bus_cmd_name(cmd); + cmd_mask = nd_desc->cmd_mask; +- dsm_mask = cmd_mask; +- if (cmd == ND_CMD_CALL) +- dsm_mask = nd_desc->bus_dsm_mask; ++ dsm_mask = nd_desc->bus_dsm_mask; + desc = nd_cmd_bus_desc(cmd); + guid = to_nfit_uuid(NFIT_DEV_BUS); + handle = adev->handle; diff --git a/queue-5.0/dax-flush-partial-pmds-correctly.patch b/queue-5.0/dax-flush-partial-pmds-correctly.patch new file mode 100644 index 0000000000..ae01c56df0 --- /dev/null +++ b/queue-5.0/dax-flush-partial-pmds-correctly.patch @@ -0,0 +1,76 @@ +From e4b3448bc346fedf36db64124a664a959995b085 Mon Sep 17 00:00:00 2001 +From: Matthew Wilcox +Date: Fri, 1 Mar 2019 11:12:41 -0800 +Subject: dax: Flush partial PMDs correctly + +From: Matthew Wilcox + +commit e4b3448bc346fedf36db64124a664a959995b085 upstream. + +The radix tree would rewind the index in an iterator to the lowest index +of a multi-slot entry. The XArray iterators instead leave the index +unchanged, but I overlooked that when converting DAX from the radix tree +to the XArray. Adjust the index that we use for flushing to the start +of the PMD range. + +Fixes: c1901cd33cf4 ("page cache: Convert find_get_entries_tag to XArray") +Cc: +Reported-by: Piotr Balcer +Tested-by: Dan Williams +Reviewed-by: Jan Kara +Signed-off-by: Matthew Wilcox +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + fs/dax.c | 19 +++++++++---------- + 1 file changed, 9 insertions(+), 10 deletions(-) + +--- a/fs/dax.c ++++ b/fs/dax.c +@@ -843,9 +843,8 @@ unlock_pte: + static int dax_writeback_one(struct xa_state *xas, struct dax_device *dax_dev, + struct address_space *mapping, void *entry) + { +- unsigned long pfn; ++ unsigned long pfn, index, count; + long ret = 0; +- size_t size; + + /* + * A page got tagged dirty in DAX mapping? Something is seriously +@@ -894,17 +893,18 @@ static int dax_writeback_one(struct xa_s + xas_unlock_irq(xas); + + /* +- * Even if dax_writeback_mapping_range() was given a wbc->range_start +- * in the middle of a PMD, the 'index' we are given will be aligned to +- * the start index of the PMD, as will the pfn we pull from 'entry'. ++ * If dax_writeback_mapping_range() was given a wbc->range_start ++ * in the middle of a PMD, the 'index' we use needs to be ++ * aligned to the start of the PMD. + * This allows us to flush for PMD_SIZE and not have to worry about + * partial PMD writebacks. + */ + pfn = dax_to_pfn(entry); +- size = PAGE_SIZE << dax_entry_order(entry); ++ count = 1UL << dax_entry_order(entry); ++ index = xas->xa_index & ~(count - 1); + +- dax_entry_mkclean(mapping, xas->xa_index, pfn); +- dax_flush(dax_dev, page_address(pfn_to_page(pfn)), size); ++ dax_entry_mkclean(mapping, index, pfn); ++ dax_flush(dax_dev, page_address(pfn_to_page(pfn)), count * PAGE_SIZE); + /* + * After we have flushed the cache, we can clear the dirty tag. There + * cannot be new dirty data in the pfn after the flush has completed as +@@ -917,8 +917,7 @@ static int dax_writeback_one(struct xa_s + xas_clear_mark(xas, PAGECACHE_TAG_DIRTY); + dax_wake_entry(xas, entry, false); + +- trace_dax_writeback_one(mapping->host, xas->xa_index, +- size >> PAGE_SHIFT); ++ trace_dax_writeback_one(mapping->host, index, count); + return ret; + + put_unlocked: diff --git a/queue-5.0/fix-cgroup_do_mount-handling-of-failure-exits.patch b/queue-5.0/fix-cgroup_do_mount-handling-of-failure-exits.patch new file mode 100644 index 0000000000..9a0d61d225 --- /dev/null +++ b/queue-5.0/fix-cgroup_do_mount-handling-of-failure-exits.patch @@ -0,0 +1,95 @@ +From 399504e21a10be16dd1408ba0147367d9d82a10c Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sun, 6 Jan 2019 11:41:29 -0500 +Subject: fix cgroup_do_mount() handling of failure exits + +From: Al Viro + +commit 399504e21a10be16dd1408ba0147367d9d82a10c upstream. + +same story as with last May fixes in sysfs (7b745a4e4051 +"unfuck sysfs_mount()"); new_sb is left uninitialized +in case of early errors in kernfs_mount_ns() and papering +over it by treating any error from kernfs_mount_ns() as +equivalent to !new_ns ends up conflating the cases when +objects had never been transferred to a superblock with +ones when that has happened and resulting new superblock +had been dropped. Easily fixed (same way as in sysfs +case). Additionally, there's a superblock leak on +kernfs_node_dentry() failure *and* a dentry leak inside +kernfs_node_dentry() itself - the latter on probably +impossible errors, but the former not impossible to trigger +(as the matter of fact, injecting allocation failures +at that point *does* trigger it). + +Cc: stable@kernel.org +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/kernfs/mount.c | 8 ++++++-- + kernel/cgroup/cgroup.c | 9 ++++++--- + 2 files changed, 12 insertions(+), 5 deletions(-) + +--- a/fs/kernfs/mount.c ++++ b/fs/kernfs/mount.c +@@ -196,8 +196,10 @@ struct dentry *kernfs_node_dentry(struct + return dentry; + + knparent = find_next_ancestor(kn, NULL); +- if (WARN_ON(!knparent)) ++ if (WARN_ON(!knparent)) { ++ dput(dentry); + return ERR_PTR(-EINVAL); ++ } + + do { + struct dentry *dtmp; +@@ -206,8 +208,10 @@ struct dentry *kernfs_node_dentry(struct + if (kn == knparent) + return dentry; + kntmp = find_next_ancestor(kn, knparent); +- if (WARN_ON(!kntmp)) ++ if (WARN_ON(!kntmp)) { ++ dput(dentry); + return ERR_PTR(-EINVAL); ++ } + dtmp = lookup_one_len_unlocked(kntmp->name, dentry, + strlen(kntmp->name)); + dput(dentry); +--- a/kernel/cgroup/cgroup.c ++++ b/kernel/cgroup/cgroup.c +@@ -2033,7 +2033,7 @@ struct dentry *cgroup_do_mount(struct fi + struct cgroup_namespace *ns) + { + struct dentry *dentry; +- bool new_sb; ++ bool new_sb = false; + + dentry = kernfs_mount(fs_type, flags, root->kf_root, magic, &new_sb); + +@@ -2043,6 +2043,7 @@ struct dentry *cgroup_do_mount(struct fi + */ + if (!IS_ERR(dentry) && ns != &init_cgroup_ns) { + struct dentry *nsdentry; ++ struct super_block *sb = dentry->d_sb; + struct cgroup *cgrp; + + mutex_lock(&cgroup_mutex); +@@ -2053,12 +2054,14 @@ struct dentry *cgroup_do_mount(struct fi + spin_unlock_irq(&css_set_lock); + mutex_unlock(&cgroup_mutex); + +- nsdentry = kernfs_node_dentry(cgrp->kn, dentry->d_sb); ++ nsdentry = kernfs_node_dentry(cgrp->kn, sb); + dput(dentry); ++ if (IS_ERR(nsdentry)) ++ deactivate_locked_super(sb); + dentry = nsdentry; + } + +- if (IS_ERR(dentry) || !new_sb) ++ if (!new_sb) + cgroup_put(&root->cgrp); + + return dentry; diff --git a/queue-5.0/libnvdimm-fix-altmap-reservation-size-calculation.patch b/queue-5.0/libnvdimm-fix-altmap-reservation-size-calculation.patch new file mode 100644 index 0000000000..c118eddce4 --- /dev/null +++ b/queue-5.0/libnvdimm-fix-altmap-reservation-size-calculation.patch @@ -0,0 +1,59 @@ +From 07464e88365e9236febaca9ed1a2e2006d8bc952 Mon Sep 17 00:00:00 2001 +From: Oliver O'Halloran +Date: Wed, 6 Feb 2019 13:04:53 +1100 +Subject: libnvdimm: Fix altmap reservation size calculation + +From: Oliver O'Halloran + +commit 07464e88365e9236febaca9ed1a2e2006d8bc952 upstream. + +Libnvdimm reserves the first 8K of pfn and devicedax namespaces to +store a superblock describing the namespace. This 8K reservation +is contained within the altmap area which the kernel uses for the +vmemmap backing for the pages within the namespace. The altmap +allows for some pages at the start of the altmap area to be reserved +and that mechanism is used to protect the superblock from being +re-used as vmemmap backing. + +The number of PFNs to reserve is calculated using: + + PHYS_PFN(SZ_8K) + +Which is implemented as: + + #define PHYS_PFN(x) ((unsigned long)((x) >> PAGE_SHIFT)) + +So on systems where PAGE_SIZE is greater than 8K the reservation +size is truncated to zero and the superblock area is re-used as +vmemmap backing. As a result all the namespace information stored +in the superblock (i.e. if it's a PFN or DAX namespace) is lost +and the namespace needs to be re-created to get access to the +contents. + +This patch fixes this by using PFN_UP() rather than PHYS_PFN() to ensure +that at least one page is reserved. On systems with a 4K pages size this +patch should have no effect. + +Cc: stable@vger.kernel.org +Cc: Dan Williams +Fixes: ac515c084be9 ("libnvdimm, pmem, pfn: move pfn setup to the core") +Signed-off-by: Oliver O'Halloran +Reviewed-by: Vishal Verma +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvdimm/pfn_devs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvdimm/pfn_devs.c ++++ b/drivers/nvdimm/pfn_devs.c +@@ -593,7 +593,7 @@ static unsigned long init_altmap_base(re + + static unsigned long init_altmap_reserve(resource_size_t base) + { +- unsigned long reserve = PHYS_PFN(SZ_8K); ++ unsigned long reserve = PFN_UP(SZ_8K); + unsigned long base_pfn = PHYS_PFN(base); + + reserve += base_pfn - PFN_SECTION_ALIGN_DOWN(base_pfn); diff --git a/queue-5.0/libnvdimm-label-clear-updating-flag-after-label-set-update.patch b/queue-5.0/libnvdimm-label-clear-updating-flag-after-label-set-update.patch new file mode 100644 index 0000000000..b1207b2347 --- /dev/null +++ b/queue-5.0/libnvdimm-label-clear-updating-flag-after-label-set-update.patch @@ -0,0 +1,97 @@ +From 966d23a006ca7b44ac8cf4d0c96b19785e0c3da0 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 15 Jan 2019 10:47:00 -0800 +Subject: libnvdimm/label: Clear 'updating' flag after label-set update + +From: Dan Williams + +commit 966d23a006ca7b44ac8cf4d0c96b19785e0c3da0 upstream. + +The UEFI 2.7 specification sets expectations that the 'updating' flag is +eventually cleared. To date, the libnvdimm core has never adhered to +that protocol. The policy of the core matches the policy of other +multi-device info-block formats like MD-Software-RAID that expect +administrator intervention on inconsistent info-blocks, not automatic +invalidation. + +However, some pre-boot environments may unfortunately attempt to "clean +up" the labels and invalidate a set when it fails to find at least one +"non-updating" label in the set. Clear the updating flag after set +updates to minimize the window of vulnerability to aggressive pre-boot +environments. + +Ideally implementations would not write to the label area outside of +creating namespaces. + +Note that this only minimizes the window, it does not close it as the +system can still crash while clearing the flag and the set can be +subsequently deleted / invalidated by the pre-boot environment. + +Fixes: f524bf271a5c ("libnvdimm: write pmem label set") +Cc: +Cc: Kelly Couch +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvdimm/label.c | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +--- a/drivers/nvdimm/label.c ++++ b/drivers/nvdimm/label.c +@@ -755,7 +755,7 @@ static const guid_t *to_abstraction_guid + + static int __pmem_label_update(struct nd_region *nd_region, + struct nd_mapping *nd_mapping, struct nd_namespace_pmem *nspm, +- int pos) ++ int pos, unsigned long flags) + { + struct nd_namespace_common *ndns = &nspm->nsio.common; + struct nd_interleave_set *nd_set = nd_region->nd_set; +@@ -796,7 +796,7 @@ static int __pmem_label_update(struct nd + memcpy(nd_label->uuid, nspm->uuid, NSLABEL_UUID_LEN); + if (nspm->alt_name) + memcpy(nd_label->name, nspm->alt_name, NSLABEL_NAME_LEN); +- nd_label->flags = __cpu_to_le32(NSLABEL_FLAG_UPDATING); ++ nd_label->flags = __cpu_to_le32(flags); + nd_label->nlabel = __cpu_to_le16(nd_region->ndr_mappings); + nd_label->position = __cpu_to_le16(pos); + nd_label->isetcookie = __cpu_to_le64(cookie); +@@ -1249,13 +1249,13 @@ static int del_labels(struct nd_mapping + int nd_pmem_namespace_label_update(struct nd_region *nd_region, + struct nd_namespace_pmem *nspm, resource_size_t size) + { +- int i; ++ int i, rc; + + for (i = 0; i < nd_region->ndr_mappings; i++) { + struct nd_mapping *nd_mapping = &nd_region->mapping[i]; + struct nvdimm_drvdata *ndd = to_ndd(nd_mapping); + struct resource *res; +- int rc, count = 0; ++ int count = 0; + + if (size == 0) { + rc = del_labels(nd_mapping, nspm->uuid); +@@ -1273,7 +1273,20 @@ int nd_pmem_namespace_label_update(struc + if (rc < 0) + return rc; + +- rc = __pmem_label_update(nd_region, nd_mapping, nspm, i); ++ rc = __pmem_label_update(nd_region, nd_mapping, nspm, i, ++ NSLABEL_FLAG_UPDATING); ++ if (rc) ++ return rc; ++ } ++ ++ if (size == 0) ++ return 0; ++ ++ /* Clear the UPDATING flag per UEFI 2.7 expectations */ ++ for (i = 0; i < nd_region->ndr_mappings; i++) { ++ struct nd_mapping *nd_mapping = &nd_region->mapping[i]; ++ ++ rc = __pmem_label_update(nd_region, nd_mapping, nspm, i, 0); + if (rc) + return rc; + } diff --git a/queue-5.0/libnvdimm-pfn-fix-over-trim-in-trim_pfn_device.patch b/queue-5.0/libnvdimm-pfn-fix-over-trim-in-trim_pfn_device.patch new file mode 100644 index 0000000000..c42fef5f22 --- /dev/null +++ b/queue-5.0/libnvdimm-pfn-fix-over-trim-in-trim_pfn_device.patch @@ -0,0 +1,37 @@ +From f101ada7da6551127d192c2f1742c1e9e0f62799 Mon Sep 17 00:00:00 2001 +From: Wei Yang +Date: Tue, 22 Jan 2019 10:48:09 +0800 +Subject: libnvdimm, pfn: Fix over-trim in trim_pfn_device() + +From: Wei Yang + +commit f101ada7da6551127d192c2f1742c1e9e0f62799 upstream. + +When trying to see whether current nd_region intersects with others, +trim_pfn_device() has already calculated the *size* to be expanded to +SECTION size. + +Do not double append 'adjust' to 'size' when calculating whether the end +of a region collides with the next pmem region. + +Fixes: ae86cbfef381 "libnvdimm, pfn: Pad pfn namespaces relative to other regions" +Cc: +Signed-off-by: Wei Yang +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvdimm/pfn_devs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvdimm/pfn_devs.c ++++ b/drivers/nvdimm/pfn_devs.c +@@ -678,7 +678,7 @@ static void trim_pfn_device(struct nd_pf + if (region_intersects(start, size, IORESOURCE_SYSTEM_RAM, + IORES_DESC_NONE) == REGION_MIXED + || !IS_ALIGNED(end, nd_pfn->align) +- || nd_region_conflict(nd_region, start, size + adjust)) ++ || nd_region_conflict(nd_region, start, size)) + *end_trunc = end - phys_pmem_align_down(nd_pfn, end); + } + diff --git a/queue-5.0/libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch b/queue-5.0/libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch new file mode 100644 index 0000000000..6f25dfe3e5 --- /dev/null +++ b/queue-5.0/libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch @@ -0,0 +1,46 @@ +From fa7d2e639cd90442d868dfc6ca1d4cc9d8bf206e Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 24 Jan 2019 17:33:06 -0800 +Subject: libnvdimm/pmem: Honor force_raw for legacy pmem regions + +From: Dan Williams + +commit fa7d2e639cd90442d868dfc6ca1d4cc9d8bf206e upstream. + +For recovery, where non-dax access is needed to a given physical address +range, and testing, allow the 'force_raw' attribute to override the +default establishment of a dev_pagemap. + +Otherwise without this capability it is possible to end up with a +namespace that can not be activated due to corrupted info-block, and one +that can not be repaired due to a section collision. + +Cc: +Fixes: 004f1afbe199 ("libnvdimm, pmem: direct map legacy pmem by default") +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvdimm/namespace_devs.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/nvdimm/namespace_devs.c ++++ b/drivers/nvdimm/namespace_devs.c +@@ -138,6 +138,7 @@ bool nd_is_uuid_unique(struct device *de + bool pmem_should_map_pages(struct device *dev) + { + struct nd_region *nd_region = to_nd_region(dev->parent); ++ struct nd_namespace_common *ndns = to_ndns(dev); + struct nd_namespace_io *nsio; + + if (!IS_ENABLED(CONFIG_ZONE_DEVICE)) +@@ -149,6 +150,9 @@ bool pmem_should_map_pages(struct device + if (is_nd_pfn(dev) || is_nd_btt(dev)) + return false; + ++ if (ndns->force_raw) ++ return false; ++ + nsio = to_nd_namespace_io(dev); + if (region_intersects(nsio->res.start, resource_size(&nsio->res), + IORESOURCE_SYSTEM_RAM, diff --git a/queue-5.0/nfit-acpi_nfit_ctl-check-out_obj-type-in-the-right-place.patch b/queue-5.0/nfit-acpi_nfit_ctl-check-out_obj-type-in-the-right-place.patch new file mode 100644 index 0000000000..24d544b5f5 --- /dev/null +++ b/queue-5.0/nfit-acpi_nfit_ctl-check-out_obj-type-in-the-right-place.patch @@ -0,0 +1,54 @@ +From 43f89877f26671c6309cd87d7364b1a3e66e71cf Mon Sep 17 00:00:00 2001 +From: Dexuan Cui +Date: Wed, 30 Jan 2019 01:23:01 +0000 +Subject: nfit: acpi_nfit_ctl(): Check out_obj->type in the right place + +From: Dexuan Cui + +commit 43f89877f26671c6309cd87d7364b1a3e66e71cf upstream. + +In the case of ND_CMD_CALL, we should also check out_obj->type. + +The patch uses out_obj->type, which is a short alias to +out_obj->package.type. + +Fixes: 31eca76ba2fc ("nfit, libnvdimm: limited/whitelisted dimm command marshaling mechanism") +Cc: +Signed-off-by: Dexuan Cui +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -554,6 +554,13 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc + return -EINVAL; + } + ++ if (out_obj->type != ACPI_TYPE_BUFFER) { ++ dev_dbg(dev, "%s unexpected output object type cmd: %s type: %d\n", ++ dimm_name, cmd_name, out_obj->type); ++ rc = -EINVAL; ++ goto out; ++ } ++ + if (call_pkg) { + call_pkg->nd_fw_size = out_obj->buffer.length; + memcpy(call_pkg->nd_payload + call_pkg->nd_size_in, +@@ -572,13 +579,6 @@ int acpi_nfit_ctl(struct nvdimm_bus_desc + return 0; + } + +- if (out_obj->package.type != ACPI_TYPE_BUFFER) { +- dev_dbg(dev, "%s unexpected output object type cmd: %s type: %d\n", +- dimm_name, cmd_name, out_obj->type); +- rc = -EINVAL; +- goto out; +- } +- + dev_dbg(dev, "%s cmd: %s output length: %d\n", dimm_name, + cmd_name, out_obj->buffer.length); + print_hex_dump_debug(cmd_name, DUMP_PREFIX_OFFSET, 4, 4, diff --git a/queue-5.0/nfit-ars-attempt-a-short-ars-whenever-the-ars-state-is-idle-at-boot.patch b/queue-5.0/nfit-ars-attempt-a-short-ars-whenever-the-ars-state-is-idle-at-boot.patch new file mode 100644 index 0000000000..407ad0ae6d --- /dev/null +++ b/queue-5.0/nfit-ars-attempt-a-short-ars-whenever-the-ars-state-is-idle-at-boot.patch @@ -0,0 +1,42 @@ +From c6c5df293bf1b488cf8459aac658aecfdccb13a9 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Wed, 13 Feb 2019 08:58:40 -0800 +Subject: nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot + +From: Dan Williams + +commit c6c5df293bf1b488cf8459aac658aecfdccb13a9 upstream. + +If query-ARS reports that ARS has stopped and requires continuation +attempt to retrieve short-ARS results before continuing the long +operation. + +Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") +Cc: +Reported-by: Krzysztof Rusocki +Reviewed-by: Toshi Kani +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -3021,6 +3021,7 @@ static int ars_register(struct acpi_nfit + + switch (acpi_nfit_query_poison(acpi_desc)) { + case 0: ++ case -ENOSPC: + case -EAGAIN: + rc = ars_start(acpi_desc, nfit_spa, ARS_REQ_SHORT); + /* shouldn't happen, try again later */ +@@ -3045,7 +3046,6 @@ static int ars_register(struct acpi_nfit + break; + case -EBUSY: + case -ENOMEM: +- case -ENOSPC: + /* + * BIOS was using ARS, wait for it to complete (or + * resources to become available) and then perform our diff --git a/queue-5.0/nfit-ars-attempt-short-ars-even-in-the-no_init_ars-case.patch b/queue-5.0/nfit-ars-attempt-short-ars-even-in-the-no_init_ars-case.patch new file mode 100644 index 0000000000..281c1ca9f2 --- /dev/null +++ b/queue-5.0/nfit-ars-attempt-short-ars-even-in-the-no_init_ars-case.patch @@ -0,0 +1,40 @@ +From fa3ed4d981b1fc19acdd07fcb152a4bd3706892b Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Wed, 13 Feb 2019 09:01:13 -0800 +Subject: nfit/ars: Attempt short-ARS even in the no_init_ars case + +From: Dan Williams + +commit fa3ed4d981b1fc19acdd07fcb152a4bd3706892b upstream. + +The no_init_ars option is meant to prevent long-ARS, but short-ARS +should be allowed to grab any immediate results. + +Fixes: bc6ba8085842 ("nfit, address-range-scrub: rework and simplify ARS...") +Cc: +Reported-by: Erwin Tsaur +Reviewed-by: Toshi Kani +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -3013,11 +3013,12 @@ static int ars_register(struct acpi_nfit + { + int rc; + +- if (no_init_ars || test_bit(ARS_FAILED, &nfit_spa->ars_state)) ++ if (test_bit(ARS_FAILED, &nfit_spa->ars_state)) + return acpi_nfit_register_region(acpi_desc, nfit_spa); + + set_bit(ARS_REQ_SHORT, &nfit_spa->ars_state); +- set_bit(ARS_REQ_LONG, &nfit_spa->ars_state); ++ if (!no_init_ars) ++ set_bit(ARS_REQ_LONG, &nfit_spa->ars_state); + + switch (acpi_nfit_query_poison(acpi_desc)) { + case 0: diff --git a/queue-5.0/nfit-fix-nfit_intel_shutdown_status-command-submission.patch b/queue-5.0/nfit-fix-nfit_intel_shutdown_status-command-submission.patch new file mode 100644 index 0000000000..502aaac386 --- /dev/null +++ b/queue-5.0/nfit-fix-nfit_intel_shutdown_status-command-submission.patch @@ -0,0 +1,124 @@ +From f596c8844fe1d0022007ae6c7a377361fb653eff Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Tue, 29 Jan 2019 22:06:41 -0800 +Subject: nfit: Fix nfit_intel_shutdown_status() command submission + +From: Dan Williams + +commit f596c8844fe1d0022007ae6c7a377361fb653eff upstream. + +The implementation is broken in all the ways the unit test did not touch: + +1/ The local definition of in_buf and in_obj violated C99 initializer + expectations for zeroing. By only initializing 2 out of the three + struct members the compiler was free to zero-initialize the remaining + entry even though the aliased location in the union was initialized. + +2/ The implementation made assumptions about the state of the 'smart' + payload after command execution that are satisfied by + acpi_nfit_ctl(), but not acpi_evaluate_dsm(). + +3/ populate_shutdown_status() is skipped on Intel NVDIMMs due to the early + return for skipping the common _LS{I,R,W} enabling. + +4/ The input length should be zero. + +This breakage was missed due to the unit test implementation only +testing the case where nfit_intel_shutdown_status() returns a valid +payload. + +Much of this complexity would be saved if acpi_nfit_ctl() could be used, but +that currently requires a 'struct nvdimm *' argument and one is not created +until later in the init process. The health result is needed before the device +is created because the payload gates whether the nmemX/nfit/dirty_shutdown +property is visible in sysfs. + +Cc: +Fixes: 0ead11181fe0 ("acpi, nfit: Collect shutdown status") +Reported-by: Dexuan Cui +Reviewed-by: Dexuan Cui +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/acpi/nfit/core.c | 43 +++++++++++++++++++++++++------------------ + 1 file changed, 25 insertions(+), 18 deletions(-) + +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -1759,14 +1759,14 @@ static bool acpi_nvdimm_has_method(struc + + __weak void nfit_intel_shutdown_status(struct nfit_mem *nfit_mem) + { ++ struct device *dev = &nfit_mem->adev->dev; + struct nd_intel_smart smart = { 0 }; + union acpi_object in_buf = { +- .type = ACPI_TYPE_BUFFER, +- .buffer.pointer = (char *) &smart, +- .buffer.length = sizeof(smart), ++ .buffer.type = ACPI_TYPE_BUFFER, ++ .buffer.length = 0, + }; + union acpi_object in_obj = { +- .type = ACPI_TYPE_PACKAGE, ++ .package.type = ACPI_TYPE_PACKAGE, + .package.count = 1, + .package.elements = &in_buf, + }; +@@ -1781,8 +1781,15 @@ __weak void nfit_intel_shutdown_status(s + return; + + out_obj = acpi_evaluate_dsm(handle, guid, revid, func, &in_obj); +- if (!out_obj) ++ if (!out_obj || out_obj->type != ACPI_TYPE_BUFFER ++ || out_obj->buffer.length < sizeof(smart)) { ++ dev_dbg(dev->parent, "%s: failed to retrieve initial health\n", ++ dev_name(dev)); ++ ACPI_FREE(out_obj); + return; ++ } ++ memcpy(&smart, out_obj->buffer.pointer, sizeof(smart)); ++ ACPI_FREE(out_obj); + + if (smart.flags & ND_INTEL_SMART_SHUTDOWN_VALID) { + if (smart.shutdown_state) +@@ -1793,7 +1800,6 @@ __weak void nfit_intel_shutdown_status(s + set_bit(NFIT_MEM_DIRTY_COUNT, &nfit_mem->flags); + nfit_mem->dirty_shutdown = smart.shutdown_count; + } +- ACPI_FREE(out_obj); + } + + static void populate_shutdown_status(struct nfit_mem *nfit_mem) +@@ -1915,18 +1921,19 @@ static int acpi_nfit_add_dimm(struct acp + | 1 << ND_CMD_SET_CONFIG_DATA; + if (family == NVDIMM_FAMILY_INTEL + && (dsm_mask & label_mask) == label_mask) +- return 0; +- +- if (acpi_nvdimm_has_method(adev_dimm, "_LSI") +- && acpi_nvdimm_has_method(adev_dimm, "_LSR")) { +- dev_dbg(dev, "%s: has _LSR\n", dev_name(&adev_dimm->dev)); +- set_bit(NFIT_MEM_LSR, &nfit_mem->flags); +- } +- +- if (test_bit(NFIT_MEM_LSR, &nfit_mem->flags) +- && acpi_nvdimm_has_method(adev_dimm, "_LSW")) { +- dev_dbg(dev, "%s: has _LSW\n", dev_name(&adev_dimm->dev)); +- set_bit(NFIT_MEM_LSW, &nfit_mem->flags); ++ /* skip _LS{I,R,W} enabling */; ++ else { ++ if (acpi_nvdimm_has_method(adev_dimm, "_LSI") ++ && acpi_nvdimm_has_method(adev_dimm, "_LSR")) { ++ dev_dbg(dev, "%s: has _LSR\n", dev_name(&adev_dimm->dev)); ++ set_bit(NFIT_MEM_LSR, &nfit_mem->flags); ++ } ++ ++ if (test_bit(NFIT_MEM_LSR, &nfit_mem->flags) ++ && acpi_nvdimm_has_method(adev_dimm, "_LSW")) { ++ dev_dbg(dev, "%s: has _LSW\n", dev_name(&adev_dimm->dev)); ++ set_bit(NFIT_MEM_LSW, &nfit_mem->flags); ++ } + } + + populate_shutdown_status(nfit_mem); diff --git a/queue-5.0/series b/queue-5.0/series index 423e410f02..64a2bc3b78 100644 --- a/queue-5.0/series +++ b/queue-5.0/series @@ -22,3 +22,14 @@ crypto-ofb-fix-handling-partial-blocks-and-make-thread-safe.patch crypto-ahash-fix-another-early-termination-in-hash-walk.patch crypto-rockchip-fix-scatterlist-nents-error.patch crypto-rockchip-update-new-iv-to-device-in-multiple-operations.patch +dax-flush-partial-pmds-correctly.patch +nfit-fix-nfit_intel_shutdown_status-command-submission.patch +nfit-acpi_nfit_ctl-check-out_obj-type-in-the-right-place.patch +acpi-nfit-fix-bus-command-validation.patch +nfit-ars-attempt-a-short-ars-whenever-the-ars-state-is-idle-at-boot.patch +nfit-ars-attempt-short-ars-even-in-the-no_init_ars-case.patch +libnvdimm-label-clear-updating-flag-after-label-set-update.patch +libnvdimm-pfn-fix-over-trim-in-trim_pfn_device.patch +libnvdimm-pmem-honor-force_raw-for-legacy-pmem-regions.patch +libnvdimm-fix-altmap-reservation-size-calculation.patch +fix-cgroup_do_mount-handling-of-failure-exits.patch