From: Sasha Levin Date: Sun, 13 Jun 2021 23:34:53 +0000 (-0400) Subject: Fixes for 5.12 X-Git-Tag: v4.4.273~37 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee73f51b37083a8387cd0b8adf521f380f5b5837;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.12 Signed-off-by: Sasha Levin --- diff --git a/queue-5.12/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch b/queue-5.12/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch new file mode 100644 index 00000000000..3c7ab3730e8 --- /dev/null +++ b/queue-5.12/nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch @@ -0,0 +1,38 @@ +From d1ad4c4e6607d641564949b9f4b7d59e667be59f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Jun 2021 15:37:53 +0300 +Subject: NFS: Fix a potential NULL dereference in nfs_get_client() + +From: Dan Carpenter + +[ Upstream commit 09226e8303beeec10f2ff844d2e46d1371dc58e0 ] + +None of the callers are expecting NULL returns from nfs_get_client() so +this code will lead to an Oops. It's better to return an error +pointer. I expect that this is dead code so hopefully no one is +affected. + +Fixes: 31434f496abb ("nfs: check hostname in nfs_get_client") +Signed-off-by: Dan Carpenter +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/client.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/nfs/client.c b/fs/nfs/client.c +index ff5c4d0d6d13..686b211342a8 100644 +--- a/fs/nfs/client.c ++++ b/fs/nfs/client.c +@@ -406,7 +406,7 @@ struct nfs_client *nfs_get_client(const struct nfs_client_initdata *cl_init) + + if (cl_init->hostname == NULL) { + WARN_ON(1); +- return NULL; ++ return ERR_PTR(-EINVAL); + } + + /* see if the client already exists */ +-- +2.30.2 + diff --git a/queue-5.12/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch b/queue-5.12/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch new file mode 100644 index 00000000000..a653fd8caa8 --- /dev/null +++ b/queue-5.12/nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch @@ -0,0 +1,97 @@ +From 681ffa008e3cbf7ec32332e9f21d02ff81d9d96c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Jun 2021 11:10:05 -0400 +Subject: NFSv4: Fix deadlock between nfs4_evict_inode() and + nfs4_opendata_get_inode() + +From: Trond Myklebust + +[ Upstream commit dfe1fe75e00e4c724ede7b9e593f6f680e446c5f ] + +If the inode is being evicted, but has to return a delegation first, +then it can cause a deadlock in the corner case where the server reboots +before the delegreturn completes, but while the call to iget5_locked() in +nfs4_opendata_get_inode() is waiting for the inode free to complete. +Since the open call still holds a session slot, the reboot recovery +cannot proceed. + +In order to break the logjam, we can turn the delegation return into a +privileged operation for the case where we're evicting the inode. We +know that in that case, there can be no other state recovery operation +that conflicts. + +Reported-by: zhangxiaoxu (A) +Fixes: 5fcdfacc01f3 ("NFSv4: Return delegations synchronously in evict_inode") +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4_fs.h | 1 + + fs/nfs/nfs4proc.c | 12 +++++++++++- + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/nfs4_fs.h b/fs/nfs/nfs4_fs.h +index 065cb04222a1..543d916f79ab 100644 +--- a/fs/nfs/nfs4_fs.h ++++ b/fs/nfs/nfs4_fs.h +@@ -205,6 +205,7 @@ struct nfs4_exception { + struct inode *inode; + nfs4_stateid *stateid; + long timeout; ++ unsigned char task_is_privileged : 1; + unsigned char delay : 1, + recovering : 1, + retry : 1; +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 0b809cc6ad1d..bd3db61b746f 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -590,6 +590,8 @@ int nfs4_handle_exception(struct nfs_server *server, int errorcode, struct nfs4_ + goto out_retry; + } + if (exception->recovering) { ++ if (exception->task_is_privileged) ++ return -EDEADLOCK; + ret = nfs4_wait_clnt_recover(clp); + if (test_bit(NFS_MIG_FAILED, &server->mig_status)) + return -EIO; +@@ -615,6 +617,8 @@ nfs4_async_handle_exception(struct rpc_task *task, struct nfs_server *server, + goto out_retry; + } + if (exception->recovering) { ++ if (exception->task_is_privileged) ++ return -EDEADLOCK; + rpc_sleep_on(&clp->cl_rpcwaitq, task, NULL); + if (test_bit(NFS4CLNT_MANAGER_RUNNING, &clp->cl_state) == 0) + rpc_wake_up_queued_task(&clp->cl_rpcwaitq, task); +@@ -6381,6 +6385,7 @@ static void nfs4_delegreturn_done(struct rpc_task *task, void *calldata) + struct nfs4_exception exception = { + .inode = data->inode, + .stateid = &data->stateid, ++ .task_is_privileged = data->args.seq_args.sa_privileged, + }; + + if (!nfs4_sequence_done(task, &data->res.seq_res)) +@@ -6504,7 +6509,6 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred, + data = kzalloc(sizeof(*data), GFP_NOFS); + if (data == NULL) + return -ENOMEM; +- nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1, 0); + + nfs4_state_protect(server->nfs_client, + NFS_SP4_MACH_CRED_CLEANUP, +@@ -6535,6 +6539,12 @@ static int _nfs4_proc_delegreturn(struct inode *inode, const struct cred *cred, + } + } + ++ if (!data->inode) ++ nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1, ++ 1); ++ else ++ nfs4_init_sequence(&data->args.seq_args, &data->res.seq_res, 1, ++ 0); + task_setup_data.callback_data = data; + msg.rpc_argp = &data->args; + msg.rpc_resp = &data->res; +-- +2.30.2 + diff --git a/queue-5.12/perf-session-correct-buffer-copying-when-peeking-eve.patch b/queue-5.12/perf-session-correct-buffer-copying-when-peeking-eve.patch new file mode 100644 index 00000000000..0a2609edfd4 --- /dev/null +++ b/queue-5.12/perf-session-correct-buffer-copying-when-peeking-eve.patch @@ -0,0 +1,55 @@ +From b95e0ac6fe41a3757d367f38f0ac74437bcc26cb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 5 Jun 2021 13:29:57 +0800 +Subject: perf session: Correct buffer copying when peeking events + +From: Leo Yan + +[ Upstream commit 197eecb6ecae0b04bd694432f640ff75597fed9c ] + +When peeking an event, it has a short path and a long path. The short +path uses the session pointer "one_mmap_addr" to directly fetch the +event; and the long path needs to read out the event header and the +following event data from file and fill into the buffer pointer passed +through the argument "buf". + +The issue is in the long path that it copies the event header and event +data into the same destination address which pointer "buf", this means +the event header is overwritten. We are just lucky to run into the +short path in most cases, so we don't hit the issue in the long path. + +This patch adds the offset "hdr_sz" to the pointer "buf" when copying +the event data, so that it can reserve the event header which can be +used properly by its caller. + +Fixes: 5a52f33adf02 ("perf session: Add perf_session__peek_event()") +Signed-off-by: Leo Yan +Acked-by: Adrian Hunter +Acked-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Kan Liang +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Link: http://lore.kernel.org/lkml/20210605052957.1070720-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/session.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/perf/util/session.c b/tools/perf/util/session.c +index e9d4e6f4bdf3..b7cfdbf207b7 100644 +--- a/tools/perf/util/session.c ++++ b/tools/perf/util/session.c +@@ -1710,6 +1710,7 @@ int perf_session__peek_event(struct perf_session *session, off_t file_offset, + if (event->header.size < hdr_sz || event->header.size > buf_sz) + return -1; + ++ buf += hdr_sz; + rest = event->header.size - hdr_sz; + + if (readn(fd, buf, rest) != (ssize_t)rest) +-- +2.30.2 + diff --git a/queue-5.12/pinctrl-qcom-make-it-possible-to-select-sc8180x-tlmm.patch b/queue-5.12/pinctrl-qcom-make-it-possible-to-select-sc8180x-tlmm.patch new file mode 100644 index 00000000000..0c2ecebd6ae --- /dev/null +++ b/queue-5.12/pinctrl-qcom-make-it-possible-to-select-sc8180x-tlmm.patch @@ -0,0 +1,37 @@ +From ef8003449a1d64c52f5f566fe68792c21377170c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Jun 2021 11:07:02 -0700 +Subject: pinctrl: qcom: Make it possible to select SC8180x TLMM + +From: Bjorn Andersson + +[ Upstream commit 30e9857a134905ac0d03ca244b615cc3ff0a076e ] + +It's currently not possible to select the SC8180x TLMM driver, due to it +selecting PINCTRL_MSM, rather than depending on the same. Fix this. + +Fixes: 97423113ec4b ("pinctrl: qcom: Add sc8180x TLMM driver") +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20210608180702.2064253-1-bjorn.andersson@linaro.org +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/qcom/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/qcom/Kconfig b/drivers/pinctrl/qcom/Kconfig +index 6853a896c476..740ecf6011a9 100644 +--- a/drivers/pinctrl/qcom/Kconfig ++++ b/drivers/pinctrl/qcom/Kconfig +@@ -223,7 +223,7 @@ config PINCTRL_SC7280 + config PINCTRL_SC8180X + tristate "Qualcomm Technologies Inc SC8180x pin controller driver" + depends on GPIOLIB && OF +- select PINCTRL_MSM ++ depends on PINCTRL_MSM + help + This is the pinctrl, pinmux, pinconf and gpiolib driver for the + Qualcomm Technologies Inc TLMM block found on the Qualcomm +-- +2.30.2 + diff --git a/queue-5.12/series b/queue-5.12/series index 503a2cfad66..be2dc9fba54 100644 --- a/queue-5.12/series +++ b/queue-5.12/series @@ -159,3 +159,7 @@ platform-surface-aggregator-fix-event-disable-function.patch x86-nmi_watchdog-fix-old-style-nmi-watchdog-regression-on-old-intel-cpus.patch kvm-x86-ensure-liveliness-of-nested-vm-enter-fail-tracepoint-message.patch ib-mlx5-fix-initializing-cq-fragments-buffer.patch +nfs-fix-a-potential-null-dereference-in-nfs_get_clie.patch +nfsv4-fix-deadlock-between-nfs4_evict_inode-and-nfs4.patch +pinctrl-qcom-make-it-possible-to-select-sc8180x-tlmm.patch +perf-session-correct-buffer-copying-when-peeking-eve.patch