From: Greg Kroah-Hartman Date: Mon, 3 Jul 2017 12:29:45 +0000 (+0200) Subject: 4.4-stable patches X-Git-Tag: v3.18.60~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ed289352ce32da88e54373794bb3275dc8afd029;p=thirdparty%2Fkernel%2Fstable-queue.git 4.4-stable patches added patches: arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch x86-mm-fix-flush_tlb_page-on-xen.patch x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch --- diff --git a/queue-4.4/arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch b/queue-4.4/arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch new file mode 100644 index 00000000000..a372c5ce6de --- /dev/null +++ b/queue-4.4/arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch @@ -0,0 +1,56 @@ +From 9e25ebfe56ece7541cd10a20d715cbdd148a2e06 Mon Sep 17 00:00:00 2001 +From: Doug Berger +Date: Thu, 29 Jun 2017 18:41:36 +0100 +Subject: ARM: 8685/1: ensure memblock-limit is pmd-aligned + +From: Doug Berger + +commit 9e25ebfe56ece7541cd10a20d715cbdd148a2e06 upstream. + +The pmd containing memblock_limit is cleared by prepare_page_table() +which creates the opportunity for early_alloc() to allocate unmapped +memory if memblock_limit is not pmd aligned causing a boot-time hang. + +Commit 965278dcb8ab ("ARM: 8356/1: mm: handle non-pmd-aligned end of RAM") +attempted to resolve this problem, but there is a path through the +adjust_lowmem_bounds() routine where if all memory regions start and +end on pmd-aligned addresses the memblock_limit will be set to +arm_lowmem_limit. + +Since arm_lowmem_limit can be affected by the vmalloc early parameter, +the value of arm_lowmem_limit may not be pmd-aligned. This commit +corrects this oversight such that memblock_limit is always rounded +down to pmd-alignment. + +Fixes: 965278dcb8ab ("ARM: 8356/1: mm: handle non-pmd-aligned end of RAM") +Signed-off-by: Doug Berger +Suggested-by: Mark Rutland +Signed-off-by: Russell King +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm/mm/mmu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/arch/arm/mm/mmu.c ++++ b/arch/arm/mm/mmu.c +@@ -1184,15 +1184,15 @@ void __init sanity_check_meminfo(void) + + high_memory = __va(arm_lowmem_limit - 1) + 1; + ++ if (!memblock_limit) ++ memblock_limit = arm_lowmem_limit; ++ + /* + * Round the memblock limit down to a pmd size. This + * helps to ensure that we will allocate memory from the + * last full pmd, which should be mapped. + */ +- if (memblock_limit) +- memblock_limit = round_down(memblock_limit, PMD_SIZE); +- if (!memblock_limit) +- memblock_limit = arm_lowmem_limit; ++ memblock_limit = round_down(memblock_limit, PMD_SIZE); + + memblock_set_current_limit(memblock_limit); + } diff --git a/queue-4.4/arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch b/queue-4.4/arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch new file mode 100644 index 00000000000..a2977fb0b49 --- /dev/null +++ b/queue-4.4/arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch @@ -0,0 +1,57 @@ +From cb7cf772d83d2d4e6995c5bb9e0fb59aea8f7080 Mon Sep 17 00:00:00 2001 +From: Lorenzo Pieralisi +Date: Fri, 26 May 2017 17:40:02 +0100 +Subject: ARM64/ACPI: Fix BAD_MADT_GICC_ENTRY() macro implementation + +From: Lorenzo Pieralisi + +commit cb7cf772d83d2d4e6995c5bb9e0fb59aea8f7080 upstream. + +The BAD_MADT_GICC_ENTRY() macro checks if a GICC MADT entry passes +muster from an ACPI specification standpoint. Current macro detects the +MADT GICC entry length through ACPI firmware version (it changed from 76 +to 80 bytes in the transition from ACPI 5.1 to ACPI 6.0 specification) +but always uses (erroneously) the ACPICA (latest) struct (ie struct +acpi_madt_generic_interrupt - that is 80-bytes long) length to check if +the current GICC entry memory record exceeds the MADT table end in +memory as defined by the MADT table header itself, which may result in +false negatives depending on the ACPI firmware version and how the MADT +entries are laid out in memory (ie on ACPI 5.1 firmware MADT GICC +entries are 76 bytes long, so by adding 80 to a GICC entry start address +in memory the resulting address may well be past the actual MADT end, +triggering a false negative). + +Fix the BAD_MADT_GICC_ENTRY() macro by reshuffling the condition checks +and update them to always use the firmware version specific MADT GICC +entry length in order to carry out boundary checks. + +Fixes: b6cfb277378e ("ACPI / ARM64: add BAD_MADT_GICC_ENTRY() macro") +Reported-by: Julien Grall +Acked-by: Will Deacon +Acked-by: Marc Zyngier +Signed-off-by: Lorenzo Pieralisi +Cc: Julien Grall +Cc: Hanjun Guo +Cc: Al Stone +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/include/asm/acpi.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/arm64/include/asm/acpi.h ++++ b/arch/arm64/include/asm/acpi.h +@@ -22,9 +22,9 @@ + #define ACPI_MADT_GICC_LENGTH \ + (acpi_gbl_FADT.header.revision < 6 ? 76 : 80) + +-#define BAD_MADT_GICC_ENTRY(entry, end) \ +- (!(entry) || (unsigned long)(entry) + sizeof(*(entry)) > (end) || \ +- (entry)->header.length != ACPI_MADT_GICC_LENGTH) ++#define BAD_MADT_GICC_ENTRY(entry, end) \ ++ (!(entry) || (entry)->header.length != ACPI_MADT_GICC_LENGTH || \ ++ (unsigned long)(entry) + ACPI_MADT_GICC_LENGTH > (end)) + + /* Basic configuration for ACPI */ + #ifdef CONFIG_ACPI diff --git a/queue-4.4/ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch b/queue-4.4/ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch new file mode 100644 index 00000000000..41d5200b9e7 --- /dev/null +++ b/queue-4.4/ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch @@ -0,0 +1,66 @@ +From 33496c3c3d7b88dcbe5e55aa01288b05646c6aca Mon Sep 17 00:00:00 2001 +From: Junxiao Bi +Date: Wed, 3 May 2017 14:51:41 -0700 +Subject: ocfs2: o2hb: revert hb threshold to keep compatible + +From: Junxiao Bi + +commit 33496c3c3d7b88dcbe5e55aa01288b05646c6aca upstream. + +Configfs is the interface for ocfs2-tools to set configure to kernel and +$configfs_dir/cluster/$clustername/heartbeat/dead_threshold is the one +used to configure heartbeat dead threshold. Kernel has a default value +of it but user can set O2CB_HEARTBEAT_THRESHOLD in /etc/sysconfig/o2cb +to override it. + +Commit 45b997737a80 ("ocfs2/cluster: use per-attribute show and store +methods") changed heartbeat dead threshold name while ocfs2-tools did +not, so ocfs2-tools won't set this configurable and the default value is +always used. So revert it. + +Fixes: 45b997737a80 ("ocfs2/cluster: use per-attribute show and store methods") +Link: http://lkml.kernel.org/r/1490665245-15374-1-git-send-email-junxiao.bi@oracle.com +Signed-off-by: Junxiao Bi +Acked-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/cluster/heartbeat.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/ocfs2/cluster/heartbeat.c ++++ b/fs/ocfs2/cluster/heartbeat.c +@@ -2070,13 +2070,13 @@ unlock: + spin_unlock(&o2hb_live_lock); + } + +-static ssize_t o2hb_heartbeat_group_threshold_show(struct config_item *item, ++static ssize_t o2hb_heartbeat_group_dead_threshold_show(struct config_item *item, + char *page) + { + return sprintf(page, "%u\n", o2hb_dead_threshold); + } + +-static ssize_t o2hb_heartbeat_group_threshold_store(struct config_item *item, ++static ssize_t o2hb_heartbeat_group_dead_threshold_store(struct config_item *item, + const char *page, size_t count) + { + unsigned long tmp; +@@ -2125,11 +2125,11 @@ static ssize_t o2hb_heartbeat_group_mode + + } + +-CONFIGFS_ATTR(o2hb_heartbeat_group_, threshold); ++CONFIGFS_ATTR(o2hb_heartbeat_group_, dead_threshold); + CONFIGFS_ATTR(o2hb_heartbeat_group_, mode); + + static struct configfs_attribute *o2hb_heartbeat_group_attrs[] = { +- &o2hb_heartbeat_group_attr_threshold, ++ &o2hb_heartbeat_group_attr_dead_threshold, + &o2hb_heartbeat_group_attr_mode, + NULL, + }; diff --git a/queue-4.4/sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch b/queue-4.4/sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch new file mode 100644 index 00000000000..b1d0b6d40e2 --- /dev/null +++ b/queue-4.4/sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch @@ -0,0 +1,84 @@ +From 6e5f32f7a43f45ee55c401c0b9585eb01f9629a8 Mon Sep 17 00:00:00 2001 +From: Matt Fleming +Date: Fri, 17 Feb 2017 12:07:30 +0000 +Subject: sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting + +From: Matt Fleming + +commit 6e5f32f7a43f45ee55c401c0b9585eb01f9629a8 upstream. + +If we crossed a sample window while in NO_HZ we will add LOAD_FREQ to +the pending sample window time on exit, setting the next update not +one window into the future, but two. + +This situation on exiting NO_HZ is described by: + + this_rq->calc_load_update < jiffies < calc_load_update + +In this scenario, what we should be doing is: + + this_rq->calc_load_update = calc_load_update [ next window ] + +But what we actually do is: + + this_rq->calc_load_update = calc_load_update + LOAD_FREQ [ next+1 window ] + +This has the effect of delaying load average updates for potentially +up to ~9seconds. + +This can result in huge spikes in the load average values due to +per-cpu uninterruptible task counts being out of sync when accumulated +across all CPUs. + +It's safe to update the per-cpu active count if we wake between sample +windows because any load that we left in 'calc_load_idle' will have +been zero'd when the idle load was folded in calc_global_load(). + +This issue is easy to reproduce before, + + commit 9d89c257dfb9 ("sched/fair: Rewrite runnable load and utilization average tracking") + +just by forking short-lived process pipelines built from ps(1) and +grep(1) in a loop. I'm unable to reproduce the spikes after that +commit, but the bug still seems to be present from code review. + +Signed-off-by: Matt Fleming +Signed-off-by: Peter Zijlstra (Intel) +Cc: Frederic Weisbecker +Cc: Linus Torvalds +Cc: Mike Galbraith +Cc: Mike Galbraith +Cc: Morten Rasmussen +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: Vincent Guittot +Fixes: commit 5167e8d ("sched/nohz: Rewrite and fix load-avg computation -- again") +Link: http://lkml.kernel.org/r/20170217120731.11868-2-matt@codeblueprint.co.uk +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/sched/loadavg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/sched/loadavg.c ++++ b/kernel/sched/loadavg.c +@@ -201,8 +201,9 @@ void calc_load_exit_idle(void) + struct rq *this_rq = this_rq(); + + /* +- * If we're still before the sample window, we're done. ++ * If we're still before the pending sample window, we're done. + */ ++ this_rq->calc_load_update = calc_load_update; + if (time_before(jiffies, this_rq->calc_load_update)) + return; + +@@ -211,7 +212,6 @@ void calc_load_exit_idle(void) + * accounted through the nohz accounting, so skip the entire deal and + * sync up for the next window. + */ +- this_rq->calc_load_update = calc_load_update; + if (time_before(jiffies, this_rq->calc_load_update + 10)) + this_rq->calc_load_update += LOAD_FREQ; + } diff --git a/queue-4.4/series b/queue-4.4/series index 7549dbe7729..f367e96350c 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -84,3 +84,10 @@ jump-label-fix-passing-kbuild_cflags-when-checking-for-asm-goto-support.patch xfrm-fix-stack-access-out-of-bounds-with-config_xfrm_sub_policy.patch xfrm-null-dereference-on-allocation-failure.patch xfrm-oops-on-error-in-pfkey_msg2xfrm_state.patch +watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch +sched-loadavg-avoid-loadavg-spikes-caused-by-delayed-no_hz-accounting.patch +arm64-acpi-fix-bad_madt_gicc_entry-macro-implementation.patch +arm-8685-1-ensure-memblock-limit-is-pmd-aligned.patch +x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch +x86-mm-fix-flush_tlb_page-on-xen.patch +ocfs2-o2hb-revert-hb-threshold-to-keep-compatible.patch diff --git a/queue-4.4/watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch b/queue-4.4/watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch new file mode 100644 index 00000000000..f8e656b1abc --- /dev/null +++ b/queue-4.4/watchdog-bcm281xx-fix-use-of-uninitialized-spinlock.patch @@ -0,0 +1,44 @@ +From fedf266f9955d9a019643cde199a2fd9a0259f6f Mon Sep 17 00:00:00 2001 +From: Eric Anholt +Date: Thu, 27 Apr 2017 18:02:32 -0700 +Subject: watchdog: bcm281xx: Fix use of uninitialized spinlock. + +From: Eric Anholt + +commit fedf266f9955d9a019643cde199a2fd9a0259f6f upstream. + +The bcm_kona_wdt_set_resolution_reg() call takes the spinlock, so +initialize it earlier. Fixes a warning at boot with lock debugging +enabled. + +Fixes: 6adb730dc208 ("watchdog: bcm281xx: Watchdog Driver") +Signed-off-by: Eric Anholt +Reviewed-by: Florian Fainelli +Reviewed-by: Guenter Roeck +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/watchdog/bcm_kona_wdt.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/watchdog/bcm_kona_wdt.c ++++ b/drivers/watchdog/bcm_kona_wdt.c +@@ -304,6 +304,8 @@ static int bcm_kona_wdt_probe(struct pla + if (!wdt) + return -ENOMEM; + ++ spin_lock_init(&wdt->lock); ++ + res = platform_get_resource(pdev, IORESOURCE_MEM, 0); + wdt->base = devm_ioremap_resource(dev, res); + if (IS_ERR(wdt->base)) +@@ -316,7 +318,6 @@ static int bcm_kona_wdt_probe(struct pla + return ret; + } + +- spin_lock_init(&wdt->lock); + platform_set_drvdata(pdev, wdt); + watchdog_set_drvdata(&bcm_kona_wdt_wdd, wdt); + bcm_kona_wdt_wdd.parent = &pdev->dev; diff --git a/queue-4.4/x86-mm-fix-flush_tlb_page-on-xen.patch b/queue-4.4/x86-mm-fix-flush_tlb_page-on-xen.patch new file mode 100644 index 00000000000..3fc5d12e0e2 --- /dev/null +++ b/queue-4.4/x86-mm-fix-flush_tlb_page-on-xen.patch @@ -0,0 +1,64 @@ +From dbd68d8e84c606673ebbcf15862f8c155fa92326 Mon Sep 17 00:00:00 2001 +From: Andy Lutomirski +Date: Sat, 22 Apr 2017 00:01:22 -0700 +Subject: x86/mm: Fix flush_tlb_page() on Xen + +From: Andy Lutomirski + +commit dbd68d8e84c606673ebbcf15862f8c155fa92326 upstream. + +flush_tlb_page() passes a bogus range to flush_tlb_others() and +expects the latter to fix it up. native_flush_tlb_others() has the +fixup but Xen's version doesn't. Move the fixup to +flush_tlb_others(). + +AFAICS the only real effect is that, without this fix, Xen would +flush everything instead of just the one page on remote vCPUs in +when flush_tlb_page() was called. + +Signed-off-by: Andy Lutomirski +Reviewed-by: Boris Ostrovsky +Cc: Andrew Morton +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Juergen Gross +Cc: Konrad Rzeszutek Wilk +Cc: Linus Torvalds +Cc: Michal Hocko +Cc: Nadav Amit +Cc: Peter Zijlstra +Cc: Rik van Riel +Cc: Thomas Gleixner +Fixes: e7b52ffd45a6 ("x86/flush_tlb: try flush_tlb_single one by one in flush_tlb_range") +Link: http://lkml.kernel.org/r/10ed0e4dfea64daef10b87fb85df1746999b4dba.1492844372.git.luto@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/mm/tlb.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/arch/x86/mm/tlb.c ++++ b/arch/x86/mm/tlb.c +@@ -134,8 +134,6 @@ void native_flush_tlb_others(const struc + { + struct flush_tlb_info info; + +- if (end == 0) +- end = start + PAGE_SIZE; + info.flush_mm = mm; + info.flush_start = start; + info.flush_end = end; +@@ -264,7 +262,7 @@ void flush_tlb_page(struct vm_area_struc + } + + if (cpumask_any_but(mm_cpumask(mm), smp_processor_id()) < nr_cpu_ids) +- flush_tlb_others(mm_cpumask(mm), mm, start, 0UL); ++ flush_tlb_others(mm_cpumask(mm), mm, start, start + PAGE_SIZE); + + preempt_enable(); + } diff --git a/queue-4.4/x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch b/queue-4.4/x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch new file mode 100644 index 00000000000..0ced217ece5 --- /dev/null +++ b/queue-4.4/x86-mpx-correctly-report-do_mpx_bt_fault-failures-to-user-space.patch @@ -0,0 +1,57 @@ +From 5ed386ec09a5d75bcf073967e55e895c2607a5c3 Mon Sep 17 00:00:00 2001 +From: Joerg Roedel +Date: Thu, 6 Apr 2017 16:19:22 +0200 +Subject: x86/mpx: Correctly report do_mpx_bt_fault() failures to user-space + +From: Joerg Roedel + +commit 5ed386ec09a5d75bcf073967e55e895c2607a5c3 upstream. + +When this function fails it just sends a SIGSEGV signal to +user-space using force_sig(). This signal is missing +essential information about the cause, e.g. the trap_nr or +an error code. + +Fix this by propagating the error to the only caller of +mpx_handle_bd_fault(), do_bounds(), which sends the correct +SIGSEGV signal to the process. + +Signed-off-by: Joerg Roedel +Cc: Andy Lutomirski +Cc: Borislav Petkov +Cc: Brian Gerst +Cc: Dave Hansen +Cc: Denys Vlasenko +Cc: H. Peter Anvin +Cc: Josh Poimboeuf +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: fe3d197f84319 ('x86, mpx: On-demand kernel allocation of bounds tables') +Link: http://lkml.kernel.org/r/1491488362-27198-1-git-send-email-joro@8bytes.org +Signed-off-by: Ingo Molnar +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/mm/mpx.c | 10 +--------- + 1 file changed, 1 insertion(+), 9 deletions(-) + +--- a/arch/x86/mm/mpx.c ++++ b/arch/x86/mm/mpx.c +@@ -525,15 +525,7 @@ int mpx_handle_bd_fault(void) + if (!kernel_managing_mpx_tables(current->mm)) + return -EINVAL; + +- if (do_mpx_bt_fault()) { +- force_sig(SIGSEGV, current); +- /* +- * The force_sig() is essentially "handling" this +- * exception, so we do not pass up the error +- * from do_mpx_bt_fault(). +- */ +- } +- return 0; ++ return do_mpx_bt_fault(); + } + + /*