From 3c5ceb6ebd43e1cabf87e13f9af4f4695226cb71 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 23 Feb 2019 12:12:10 +0100 Subject: [PATCH] 4.19-stable patches added patches: alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch gpio-mt7621-use-a-per-instance-irq_chip-structure.patch gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch keys-allow-reaching-the-keys-quotas-exactly.patch libceph-handle-an-empty-authorize-reply.patch mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch mips-ebpf-always-return-sign-extended-32b-values.patch numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch tracing-fix-number-of-entries-in-trace-header.patch --- ...ble-pc-beep-in-passthrough-on-alc285.patch | 68 ++++ ...l-speaker-support-for-system76-oryp5.patch | 89 +++++ ...adding-inode-to-mdsc-snap_flush_list.patch | 33 ++ ...se-a-per-instance-irq_chip-structure.patch | 94 +++++ ...et-pin-direction-via-pinctrl-on-mmp2.patch | 34 ++ ...low-reaching-the-keys-quotas-exactly.patch | 43 +++ ...ceph-handle-an-empty-authorize-reply.patch | 74 ++++ ...ject-when-rhashtable-insertion-fails.patch | 57 +++ ...if-beacon-interval-if-start-ap-fails.patch | 73 ++++ ...d-of-rhashtable-walk-for-mesh-tables.patch | 343 ++++++++++++++++++ ...ways-return-sign-extended-32b-values.patch | 64 ++++ ...-nr_node_ids-instead-of-max_numnodes.patch | 71 ++++ ...alien-mms-when-setting-oom_score_adj.patch | 56 +++ queue-4.19/series | 14 + ...ix-number-of-entries-in-trace-header.patch | 43 +++ 15 files changed, 1156 insertions(+) create mode 100644 queue-4.19/alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch create mode 100644 queue-4.19/alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch create mode 100644 queue-4.19/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch create mode 100644 queue-4.19/gpio-mt7621-use-a-per-instance-irq_chip-structure.patch create mode 100644 queue-4.19/gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch create mode 100644 queue-4.19/keys-allow-reaching-the-keys-quotas-exactly.patch create mode 100644 queue-4.19/libceph-handle-an-empty-authorize-reply.patch create mode 100644 queue-4.19/mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch create mode 100644 queue-4.19/mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch create mode 100644 queue-4.19/mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch create mode 100644 queue-4.19/mips-ebpf-always-return-sign-extended-32b-values.patch create mode 100644 queue-4.19/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch create mode 100644 queue-4.19/proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch create mode 100644 queue-4.19/tracing-fix-number-of-entries-in-trace-header.patch diff --git a/queue-4.19/alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch b/queue-4.19/alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch new file mode 100644 index 00000000000..33cd3ad84ad --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch @@ -0,0 +1,68 @@ +From c8c6ee611926685a7d753409e0a6e48b9e1b8748 Mon Sep 17 00:00:00 2001 +From: Hui Wang +Date: Thu, 14 Feb 2019 11:41:33 +0800 +Subject: ALSA: hda/realtek: Disable PC beep in passthrough on alc285 + +From: Hui Wang + +commit c8c6ee611926685a7d753409e0a6e48b9e1b8748 upstream. + +It is reported that there's a constant background "hum/whitenoise" +in the headset on the Lenovo X1 machines with the codec alc285, and it +is confirmed that if we run the command below, the noise will stop. + sudo hda-verb /dev/snd/hwC0D0 0x1d SET_PIN_WIDGET_CONTROL 0x0 + +Then I consulted this issue with Kailang, he told me the pin 0x1d on +this codec is used for PC beep in, the noise probably comes from this +pin and we can also disable the PC beep in passthrough, then the PC +beep in will not affect other sound playback. + +Fixes: c4cfcf6f4297 ("ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops") +Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1660581 +Cc: +Signed-off-by: Kailang Yang +Signed-off-by: Hui Wang +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -5601,6 +5601,7 @@ enum { + ALC294_FIXUP_ASUS_HEADSET_MIC, + ALC294_FIXUP_ASUS_SPK, + ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE, ++ ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE, + }; + + static const struct hda_fixup alc269_fixups[] = { +@@ -6534,6 +6535,17 @@ static const struct hda_fixup alc269_fix + .chained = true, + .chain_id = ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC + }, ++ [ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE] = { ++ .type = HDA_FIXUP_VERBS, ++ .v.verbs = (const struct hda_verb[]) { ++ /* Disable PCBEEP-IN passthrough */ ++ { 0x20, AC_VERB_SET_COEF_INDEX, 0x36 }, ++ { 0x20, AC_VERB_SET_PROC_COEF, 0x57d7 }, ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC285_FIXUP_LENOVO_HEADPHONE_NOISE ++ }, + }; + + static const struct snd_pci_quirk alc269_fixup_tbl[] = { +@@ -7215,7 +7227,7 @@ static const struct snd_hda_pin_quirk al + {0x12, 0x90a60130}, + {0x19, 0x03a11020}, + {0x21, 0x0321101f}), +- SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_HEADPHONE_NOISE, ++ SND_HDA_PIN_QUIRK(0x10ec0285, 0x17aa, "Lenovo", ALC285_FIXUP_LENOVO_PC_BEEP_IN_NOISE, + {0x12, 0x90a60130}, + {0x14, 0x90170110}, + {0x19, 0x04a11040}, diff --git a/queue-4.19/alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch b/queue-4.19/alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch new file mode 100644 index 00000000000..46dedfe8212 --- /dev/null +++ b/queue-4.19/alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch @@ -0,0 +1,89 @@ +From 7f665b1c3283aae5b61843136d0a8ee808ba3199 Mon Sep 17 00:00:00 2001 +From: Jeremy Soller +Date: Wed, 13 Feb 2019 10:56:19 -0700 +Subject: ALSA: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 + +From: Jeremy Soller + +commit 7f665b1c3283aae5b61843136d0a8ee808ba3199 upstream. + +On the System76 Oryx Pro (oryp5), there is a headset microphone input +attached to 0x19 that does not have a jack detect. In order to get it +working, the pin configuration needs to be set correctly, and the +ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC fixup needs to be applied. This is +similar to the MIC_NO_PRESENCE fixups for some Dell laptops, except we +have a separate microphone jack that is already configured correctly. + +Since the ALC1220 does not have a fixup similar to +ALC269_FIXUP_HEADSET_MODE_NO_HP_MIC, I have exposed the fixup from the +ALC269 in a way that it can be accessed from the +alc1220_fixup_system76_oryp5 function. In addition, the +alc1220_fixup_clevo_p950 needs to be applied to gain speaker output. + +Signed-off-by: Jeremy Soller +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/pci/hda/patch_realtek.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -1855,6 +1855,8 @@ enum { + ALC887_FIXUP_BASS_CHMAP, + ALC1220_FIXUP_GB_DUAL_CODECS, + ALC1220_FIXUP_CLEVO_P950, ++ ALC1220_FIXUP_SYSTEM76_ORYP5, ++ ALC1220_FIXUP_SYSTEM76_ORYP5_PINS, + }; + + static void alc889_fixup_coef(struct hda_codec *codec, +@@ -2056,6 +2058,17 @@ static void alc1220_fixup_clevo_p950(str + snd_hda_override_conn_list(codec, 0x1b, 1, conn1); + } + ++static void alc_fixup_headset_mode_no_hp_mic(struct hda_codec *codec, ++ const struct hda_fixup *fix, int action); ++ ++static void alc1220_fixup_system76_oryp5(struct hda_codec *codec, ++ const struct hda_fixup *fix, ++ int action) ++{ ++ alc1220_fixup_clevo_p950(codec, fix, action); ++ alc_fixup_headset_mode_no_hp_mic(codec, fix, action); ++} ++ + static const struct hda_fixup alc882_fixups[] = { + [ALC882_FIXUP_ABIT_AW9D_MAX] = { + .type = HDA_FIXUP_PINS, +@@ -2300,6 +2313,19 @@ static const struct hda_fixup alc882_fix + .type = HDA_FIXUP_FUNC, + .v.func = alc1220_fixup_clevo_p950, + }, ++ [ALC1220_FIXUP_SYSTEM76_ORYP5] = { ++ .type = HDA_FIXUP_FUNC, ++ .v.func = alc1220_fixup_system76_oryp5, ++ }, ++ [ALC1220_FIXUP_SYSTEM76_ORYP5_PINS] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */ ++ {} ++ }, ++ .chained = true, ++ .chain_id = ALC1220_FIXUP_SYSTEM76_ORYP5, ++ }, + }; + + static const struct snd_pci_quirk alc882_fixup_tbl[] = { +@@ -2376,6 +2402,8 @@ static const struct snd_pci_quirk alc882 + SND_PCI_QUIRK(0x1558, 0x9501, "Clevo P950HR", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1558, 0x95e1, "Clevo P95xER", ALC1220_FIXUP_CLEVO_P950), + SND_PCI_QUIRK(0x1558, 0x95e2, "Clevo P950ER", ALC1220_FIXUP_CLEVO_P950), ++ SND_PCI_QUIRK(0x1558, 0x96e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS), ++ SND_PCI_QUIRK(0x1558, 0x97e1, "System76 Oryx Pro (oryp5)", ALC1220_FIXUP_SYSTEM76_ORYP5_PINS), + SND_PCI_QUIRK_VENDOR(0x1558, "Clevo laptop", ALC882_FIXUP_EAPD), + SND_PCI_QUIRK(0x161f, 0x2054, "Medion laptop", ALC883_FIXUP_EAPD), + SND_PCI_QUIRK(0x17aa, 0x3a0d, "Lenovo Y530", ALC882_FIXUP_LENOVO_Y530), diff --git a/queue-4.19/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch b/queue-4.19/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch new file mode 100644 index 00000000000..fb997a996dd --- /dev/null +++ b/queue-4.19/ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch @@ -0,0 +1,33 @@ +From 04242ff3ac0abbaa4362f97781dac268e6c3541a Mon Sep 17 00:00:00 2001 +From: "Yan, Zheng" +Date: Mon, 11 Feb 2019 15:18:52 +0800 +Subject: ceph: avoid repeatedly adding inode to mdsc->snap_flush_list + +From: Yan, Zheng + +commit 04242ff3ac0abbaa4362f97781dac268e6c3541a upstream. + +Otherwise, mdsc->snap_flush_list may get corrupted. + +Cc: stable@vger.kernel.org +Signed-off-by: "Yan, Zheng" +Reviewed-by: Ilya Dryomov +Signed-off-by: Ilya Dryomov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ceph/snap.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ceph/snap.c ++++ b/fs/ceph/snap.c +@@ -616,7 +616,8 @@ int __ceph_finish_cap_snap(struct ceph_i + capsnap->size); + + spin_lock(&mdsc->snap_flush_lock); +- list_add_tail(&ci->i_snap_flush_item, &mdsc->snap_flush_list); ++ if (list_empty(&ci->i_snap_flush_item)) ++ list_add_tail(&ci->i_snap_flush_item, &mdsc->snap_flush_list); + spin_unlock(&mdsc->snap_flush_lock); + return 1; /* caller may want to ceph_flush_snaps */ + } diff --git a/queue-4.19/gpio-mt7621-use-a-per-instance-irq_chip-structure.patch b/queue-4.19/gpio-mt7621-use-a-per-instance-irq_chip-structure.patch new file mode 100644 index 00000000000..ccaba24f6a3 --- /dev/null +++ b/queue-4.19/gpio-mt7621-use-a-per-instance-irq_chip-structure.patch @@ -0,0 +1,94 @@ +From fa84667b98fd1a191b2465d66b440bda6714b3bf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ren=C3=A9=20van=20Dorst?= +Date: Wed, 30 Jan 2019 17:10:49 +0100 +Subject: gpio: MT7621: use a per instance irq_chip structure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: René van Dorst + +commit fa84667b98fd1a191b2465d66b440bda6714b3bf upstream. + +This fixes the kernel complains: +gpio gpiochip1: (1e000600.gpio-bank1): detected irqchip that is shared + with multiple gpiochips: please fix the driver. +gpio gpiochip2: (1e000600.gpio-bank2): detected irqchip that is shared + with multiple gpiochips: please fix the driver. + +Fixes: 4ba9c3afda41 ("gpio: mt7621: Add a driver for MT7621") +Cc: stable@vger.kernel.org +Signed-off-by: René van Dorst +Cc: linux-gpio@vger.kernel.org +Cc: linux-mediatek@lists.infradead.org +Tested-by: Greg Ungerer +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-mt7621.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +--- a/drivers/gpio/gpio-mt7621.c ++++ b/drivers/gpio/gpio-mt7621.c +@@ -30,6 +30,7 @@ + #define GPIO_REG_EDGE 0xA0 + + struct mtk_gc { ++ struct irq_chip irq_chip; + struct gpio_chip chip; + spinlock_t lock; + int bank; +@@ -189,13 +190,6 @@ mediatek_gpio_irq_type(struct irq_data * + return 0; + } + +-static struct irq_chip mediatek_gpio_irq_chip = { +- .irq_unmask = mediatek_gpio_irq_unmask, +- .irq_mask = mediatek_gpio_irq_mask, +- .irq_mask_ack = mediatek_gpio_irq_mask, +- .irq_set_type = mediatek_gpio_irq_type, +-}; +- + static int + mediatek_gpio_xlate(struct gpio_chip *chip, + const struct of_phandle_args *spec, u32 *flags) +@@ -254,6 +248,13 @@ mediatek_gpio_bank_probe(struct device * + return ret; + } + ++ rg->irq_chip.name = dev_name(dev); ++ rg->irq_chip.parent_device = dev; ++ rg->irq_chip.irq_unmask = mediatek_gpio_irq_unmask; ++ rg->irq_chip.irq_mask = mediatek_gpio_irq_mask; ++ rg->irq_chip.irq_mask_ack = mediatek_gpio_irq_mask; ++ rg->irq_chip.irq_set_type = mediatek_gpio_irq_type; ++ + if (mtk->gpio_irq) { + /* + * Manually request the irq here instead of passing +@@ -270,14 +271,14 @@ mediatek_gpio_bank_probe(struct device * + return ret; + } + +- ret = gpiochip_irqchip_add(&rg->chip, &mediatek_gpio_irq_chip, ++ ret = gpiochip_irqchip_add(&rg->chip, &rg->irq_chip, + 0, handle_simple_irq, IRQ_TYPE_NONE); + if (ret) { + dev_err(dev, "failed to add gpiochip_irqchip\n"); + return ret; + } + +- gpiochip_set_chained_irqchip(&rg->chip, &mediatek_gpio_irq_chip, ++ gpiochip_set_chained_irqchip(&rg->chip, &rg->irq_chip, + mtk->gpio_irq, NULL); + } + +@@ -310,7 +311,6 @@ mediatek_gpio_probe(struct platform_devi + mtk->gpio_irq = irq_of_parse_and_map(np, 0); + mtk->dev = dev; + platform_set_drvdata(pdev, mtk); +- mediatek_gpio_irq_chip.name = dev_name(dev); + + for (i = 0; i < MTK_BANK_CNT; i++) { + ret = mediatek_gpio_bank_probe(dev, np, i); diff --git a/queue-4.19/gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch b/queue-4.19/gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch new file mode 100644 index 00000000000..5f5acfb544a --- /dev/null +++ b/queue-4.19/gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch @@ -0,0 +1,34 @@ +From af14b2c98adb85e9517390bb88309338b9075350 Mon Sep 17 00:00:00 2001 +From: Lubomir Rintel +Date: Thu, 14 Feb 2019 00:06:18 +0100 +Subject: gpio: pxa: avoid attempting to set pin direction via pinctrl on MMP2 + +From: Lubomir Rintel + +commit af14b2c98adb85e9517390bb88309338b9075350 upstream. + +Similarly to PXA3xx, pinctrl-single can't set pin direction on MMP2 either. +See also: commit 9dabfdd84bdfa ("gpio: pxa: disable pinctrl calls for +PXA3xx") + +Cc: stable@vger.kernel.org +Fixes: a770d946371e ("gpio: pxa: add pin control gpio direction and request") +Signed-off-by: Lubomir Rintel +Acked-by: Pavel Machek +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpio/gpio-pxa.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpio/gpio-pxa.c ++++ b/drivers/gpio/gpio-pxa.c +@@ -245,6 +245,7 @@ static bool pxa_gpio_has_pinctrl(void) + { + switch (gpio_type) { + case PXA3XX_GPIO: ++ case MMP2_GPIO: + return false; + + default: diff --git a/queue-4.19/keys-allow-reaching-the-keys-quotas-exactly.patch b/queue-4.19/keys-allow-reaching-the-keys-quotas-exactly.patch new file mode 100644 index 00000000000..3262c7edf09 --- /dev/null +++ b/queue-4.19/keys-allow-reaching-the-keys-quotas-exactly.patch @@ -0,0 +1,43 @@ +From a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 14 Feb 2019 16:20:01 +0000 +Subject: KEYS: allow reaching the keys quotas exactly + +From: Eric Biggers + +commit a08bf91ce28ed3ae7b6fef35d843fef8dc8c2cd9 upstream. + +If the sysctl 'kernel.keys.maxkeys' is set to some number n, then +actually users can only add up to 'n - 1' keys. Likewise for +'kernel.keys.maxbytes' and the root_* versions of these sysctls. But +these sysctls are apparently supposed to be *maximums*, as per their +names and all documentation I could find -- the keyrings(7) man page, +Documentation/security/keys/core.rst, and all the mentions of EDQUOT +meaning that the key quota was *exceeded* (as opposed to reached). + +Thus, fix the code to allow reaching the quotas exactly. + +Fixes: 0b77f5bfb45c ("keys: make the keyring quotas controllable through /proc/sys") +Cc: stable@vger.kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: David Howells +Signed-off-by: James Morris +Signed-off-by: Greg Kroah-Hartman + +--- + security/keys/key.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -265,8 +265,8 @@ struct key *key_alloc(struct key_type *t + + spin_lock(&user->lock); + if (!(flags & KEY_ALLOC_QUOTA_OVERRUN)) { +- if (user->qnkeys + 1 >= maxkeys || +- user->qnbytes + quotalen >= maxbytes || ++ if (user->qnkeys + 1 > maxkeys || ++ user->qnbytes + quotalen > maxbytes || + user->qnbytes + quotalen < user->qnbytes) + goto no_quota; + } diff --git a/queue-4.19/libceph-handle-an-empty-authorize-reply.patch b/queue-4.19/libceph-handle-an-empty-authorize-reply.patch new file mode 100644 index 00000000000..05390587f98 --- /dev/null +++ b/queue-4.19/libceph-handle-an-empty-authorize-reply.patch @@ -0,0 +1,74 @@ +From 0fd3fd0a9bb0b02b6435bb7070e9f7b82a23f068 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Tue, 5 Feb 2019 20:30:27 +0100 +Subject: libceph: handle an empty authorize reply + +From: Ilya Dryomov + +commit 0fd3fd0a9bb0b02b6435bb7070e9f7b82a23f068 upstream. + +The authorize reply can be empty, for example when the ticket used to +build the authorizer is too old and TAG_BADAUTHORIZER is returned from +the service. Calling ->verify_authorizer_reply() results in an attempt +to decrypt and validate (somewhat) random data in au->buf (most likely +the signature block from calc_signature()), which fails and ends up in +con_fault_finish() with !con->auth_retry. The ticket isn't invalidated +and the connection is retried again and again until a new ticket is +obtained from the monitor: + + libceph: osd2 192.168.122.1:6809 bad authorize reply + libceph: osd2 192.168.122.1:6809 bad authorize reply + libceph: osd2 192.168.122.1:6809 bad authorize reply + libceph: osd2 192.168.122.1:6809 bad authorize reply + +Let TAG_BADAUTHORIZER handler kick in and increment con->auth_retry. + +Cc: stable@vger.kernel.org +Fixes: 5c056fdc5b47 ("libceph: verify authorize reply on connect") +Link: https://tracker.ceph.com/issues/20164 +Signed-off-by: Ilya Dryomov +Reviewed-by: Sage Weil +Signed-off-by: Greg Kroah-Hartman + +--- + net/ceph/messenger.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/net/ceph/messenger.c ++++ b/net/ceph/messenger.c +@@ -2091,6 +2091,8 @@ static int process_connect(struct ceph_c + dout("process_connect on %p tag %d\n", con, (int)con->in_tag); + + if (con->auth) { ++ int len = le32_to_cpu(con->in_reply.authorizer_len); ++ + /* + * Any connection that defines ->get_authorizer() + * should also define ->add_authorizer_challenge() and +@@ -2100,8 +2102,7 @@ static int process_connect(struct ceph_c + */ + if (con->in_reply.tag == CEPH_MSGR_TAG_CHALLENGE_AUTHORIZER) { + ret = con->ops->add_authorizer_challenge( +- con, con->auth->authorizer_reply_buf, +- le32_to_cpu(con->in_reply.authorizer_len)); ++ con, con->auth->authorizer_reply_buf, len); + if (ret < 0) + return ret; + +@@ -2111,10 +2112,12 @@ static int process_connect(struct ceph_c + return 0; + } + +- ret = con->ops->verify_authorizer_reply(con); +- if (ret < 0) { +- con->error_msg = "bad authorize reply"; +- return ret; ++ if (len) { ++ ret = con->ops->verify_authorizer_reply(con); ++ if (ret < 0) { ++ con->error_msg = "bad authorize reply"; ++ return ret; ++ } + } + } + diff --git a/queue-4.19/mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch b/queue-4.19/mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch new file mode 100644 index 00000000000..1ec25a676f7 --- /dev/null +++ b/queue-4.19/mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch @@ -0,0 +1,57 @@ +From 4ff3a9d14c6c06eaa4e5976c61599ea2bd9e81b2 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Thu, 14 Feb 2019 22:03:25 +0800 +Subject: mac80211: Free mpath object when rhashtable insertion fails + +From: Herbert Xu + +commit 4ff3a9d14c6c06eaa4e5976c61599ea2bd9e81b2 upstream. + +When rhashtable insertion fails the mesh table code doesn't free +the now-orphan mesh path object. This patch fixes that. + +Cc: stable@vger.kernel.org +Signed-off-by: Herbert Xu +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/mesh_pathtbl.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/net/mac80211/mesh_pathtbl.c ++++ b/net/mac80211/mesh_pathtbl.c +@@ -436,17 +436,15 @@ struct mesh_path *mesh_path_add(struct i + } while (unlikely(ret == -EEXIST && !mpath)); + spin_unlock_bh(&tbl->walk_lock); + +- if (ret && ret != -EEXIST) +- return ERR_PTR(ret); +- +- /* At this point either new_mpath was added, or we found a +- * matching entry already in the table; in the latter case +- * free the unnecessary new entry. +- */ +- if (ret == -EEXIST) { ++ if (ret) { + kfree(new_mpath); ++ ++ if (ret != -EEXIST) ++ return ERR_PTR(ret); ++ + new_mpath = mpath; + } ++ + sdata->u.mesh.mesh_paths_generation++; + return new_mpath; + } +@@ -481,6 +479,9 @@ int mpp_path_add(struct ieee80211_sub_if + hlist_add_head_rcu(&new_mpath->walk_list, &tbl->walk_head); + spin_unlock_bh(&tbl->walk_lock); + ++ if (ret) ++ kfree(new_mpath); ++ + sdata->u.mesh.mpp_paths_generation++; + return ret; + } diff --git a/queue-4.19/mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch b/queue-4.19/mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch new file mode 100644 index 00000000000..90516ec534e --- /dev/null +++ b/queue-4.19/mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch @@ -0,0 +1,73 @@ +From 83e37e0bdd1470bbe6612250b745ad39b1a7b130 Mon Sep 17 00:00:00 2001 +From: Rakesh Pillai +Date: Fri, 15 Feb 2019 14:16:02 +0530 +Subject: mac80211: Restore vif beacon interval if start ap fails + +From: Rakesh Pillai + +commit 83e37e0bdd1470bbe6612250b745ad39b1a7b130 upstream. + +The starting of AP interface can fail due to invalid +beacon interval, which does not match the minimum gcd +requirement set by the wifi driver. In such case, the +beacon interval of that interface gets updated with +that invalid beacon interval. + +The next time that interface is brought up in AP mode, +an interface combination check is performed and the +beacon interval is taken from the previously set value. + +In a case where an invalid beacon interval, i.e. a beacon +interval value which does not satisfy the minimum gcd criteria +set by the driver, is set, all the subsequent trials to +bring that interface in AP mode will fail, even if the +subsequent trials have a valid beacon interval. + +To avoid this, in case of a failure in bringing up an +interface in AP mode due to interface combination error, +the interface beacon interval which is stored in bss +conf, needs to be restored with the last working value +of beacon interval. + +Tested on ath10k using WCN3990. + +Cc: stable@vger.kernel.org +Fixes: 0c317a02ca98 ("cfg80211: support virtual interfaces with different beacon intervals") +Signed-off-by: Rakesh Pillai +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/cfg.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -887,6 +887,7 @@ static int ieee80211_start_ap(struct wip + BSS_CHANGED_P2P_PS | + BSS_CHANGED_TXPOWER; + int err; ++ int prev_beacon_int; + + old = sdata_dereference(sdata->u.ap.beacon, sdata); + if (old) +@@ -909,6 +910,7 @@ static int ieee80211_start_ap(struct wip + + sdata->needed_rx_chains = sdata->local->rx_chains; + ++ prev_beacon_int = sdata->vif.bss_conf.beacon_int; + sdata->vif.bss_conf.beacon_int = params->beacon_interval; + + mutex_lock(&local->mtx); +@@ -917,8 +919,10 @@ static int ieee80211_start_ap(struct wip + if (!err) + ieee80211_vif_copy_chanctx_to_vlans(sdata, false); + mutex_unlock(&local->mtx); +- if (err) ++ if (err) { ++ sdata->vif.bss_conf.beacon_int = prev_beacon_int; + return err; ++ } + + /* + * Apply control port protocol, this allows us to diff --git a/queue-4.19/mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch b/queue-4.19/mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch new file mode 100644 index 00000000000..612a834da9c --- /dev/null +++ b/queue-4.19/mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch @@ -0,0 +1,343 @@ +From b4c3fbe6360178dc2181b7b43b7ae793a192b282 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Thu, 14 Feb 2019 22:03:24 +0800 +Subject: mac80211: Use linked list instead of rhashtable walk for mesh tables + +From: Herbert Xu + +commit b4c3fbe6360178dc2181b7b43b7ae793a192b282 upstream. + +The mesh table code walks over hash tables for two purposes. First of +all it's used as part of a netlink dump process, but it is also used +for looking up entries to delete using criteria other than the hash +key. + +The second purpose is directly contrary to the design specification +of rhashtable walks. It is only meant for use by netlink dumps. + +This is because rhashtable is resizable and you cannot obtain a +stable walk over it during a resize process. + +In fact mesh's use of rhashtable for dumping is bogus too. Rather +than using rhashtable walk's iterator to keep track of the current +position, it always converts the current position to an integer +which defeats the purpose of the iterator. + +Therefore this patch converts all uses of rhashtable walk into a +simple linked list. + +This patch also adds a new spin lock to protect the hash table +insertion/removal as well as the walk list modifications. In fact +the previous code was buggy as the removals can race with each +other, potentially resulting in a double-free. + +Cc: stable@vger.kernel.org +Signed-off-by: Herbert Xu +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/mesh.h | 6 + + net/mac80211/mesh_pathtbl.c | 138 +++++++++++--------------------------------- + 2 files changed, 43 insertions(+), 101 deletions(-) + +--- a/net/mac80211/mesh.h ++++ b/net/mac80211/mesh.h +@@ -70,6 +70,7 @@ enum mesh_deferred_task_flags { + * @dst: mesh path destination mac address + * @mpp: mesh proxy mac address + * @rhash: rhashtable list pointer ++ * @walk_list: linked list containing all mesh_path objects. + * @gate_list: list pointer for known gates list + * @sdata: mesh subif + * @next_hop: mesh neighbor to which frames for this destination will be +@@ -105,6 +106,7 @@ struct mesh_path { + u8 dst[ETH_ALEN]; + u8 mpp[ETH_ALEN]; /* used for MPP or MAP */ + struct rhash_head rhash; ++ struct hlist_node walk_list; + struct hlist_node gate_list; + struct ieee80211_sub_if_data *sdata; + struct sta_info __rcu *next_hop; +@@ -133,12 +135,16 @@ struct mesh_path { + * gate's mpath may or may not be resolved and active. + * @gates_lock: protects updates to known_gates + * @rhead: the rhashtable containing struct mesh_paths, keyed by dest addr ++ * @walk_head: linked list containging all mesh_path objects ++ * @walk_lock: lock protecting walk_head + * @entries: number of entries in the table + */ + struct mesh_table { + struct hlist_head known_gates; + spinlock_t gates_lock; + struct rhashtable rhead; ++ struct hlist_head walk_head; ++ spinlock_t walk_lock; + atomic_t entries; /* Up to MAX_MESH_NEIGHBOURS */ + }; + +--- a/net/mac80211/mesh_pathtbl.c ++++ b/net/mac80211/mesh_pathtbl.c +@@ -59,8 +59,10 @@ static struct mesh_table *mesh_table_all + return NULL; + + INIT_HLIST_HEAD(&newtbl->known_gates); ++ INIT_HLIST_HEAD(&newtbl->walk_head); + atomic_set(&newtbl->entries, 0); + spin_lock_init(&newtbl->gates_lock); ++ spin_lock_init(&newtbl->walk_lock); + + return newtbl; + } +@@ -249,28 +251,15 @@ mpp_path_lookup(struct ieee80211_sub_if_ + static struct mesh_path * + __mesh_path_lookup_by_idx(struct mesh_table *tbl, int idx) + { +- int i = 0, ret; +- struct mesh_path *mpath = NULL; +- struct rhashtable_iter iter; +- +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_ATOMIC); +- if (ret) +- return NULL; +- +- rhashtable_walk_start(&iter); ++ int i = 0; ++ struct mesh_path *mpath; + +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ hlist_for_each_entry_rcu(mpath, &tbl->walk_head, walk_list) { + if (i++ == idx) + break; + } +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); + +- if (IS_ERR(mpath) || !mpath) ++ if (!mpath) + return NULL; + + if (mpath_expired(mpath)) { +@@ -432,6 +421,7 @@ struct mesh_path *mesh_path_add(struct i + return ERR_PTR(-ENOMEM); + + tbl = sdata->u.mesh.mesh_paths; ++ spin_lock_bh(&tbl->walk_lock); + do { + ret = rhashtable_lookup_insert_fast(&tbl->rhead, + &new_mpath->rhash, +@@ -441,8 +431,10 @@ struct mesh_path *mesh_path_add(struct i + mpath = rhashtable_lookup_fast(&tbl->rhead, + dst, + mesh_rht_params); +- ++ else if (!ret) ++ hlist_add_head(&new_mpath->walk_list, &tbl->walk_head); + } while (unlikely(ret == -EEXIST && !mpath)); ++ spin_unlock_bh(&tbl->walk_lock); + + if (ret && ret != -EEXIST) + return ERR_PTR(ret); +@@ -480,9 +472,14 @@ int mpp_path_add(struct ieee80211_sub_if + + memcpy(new_mpath->mpp, mpp, ETH_ALEN); + tbl = sdata->u.mesh.mpp_paths; ++ ++ spin_lock_bh(&tbl->walk_lock); + ret = rhashtable_lookup_insert_fast(&tbl->rhead, + &new_mpath->rhash, + mesh_rht_params); ++ if (!ret) ++ hlist_add_head_rcu(&new_mpath->walk_list, &tbl->walk_head); ++ spin_unlock_bh(&tbl->walk_lock); + + sdata->u.mesh.mpp_paths_generation++; + return ret; +@@ -503,20 +500,9 @@ void mesh_plink_broken(struct sta_info * + struct mesh_table *tbl = sdata->u.mesh.mesh_paths; + static const u8 bcast[ETH_ALEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; + struct mesh_path *mpath; +- struct rhashtable_iter iter; +- int ret; +- +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_ATOMIC); +- if (ret) +- return; +- +- rhashtable_walk_start(&iter); + +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ rcu_read_lock(); ++ hlist_for_each_entry_rcu(mpath, &tbl->walk_head, walk_list) { + if (rcu_access_pointer(mpath->next_hop) == sta && + mpath->flags & MESH_PATH_ACTIVE && + !(mpath->flags & MESH_PATH_FIXED)) { +@@ -530,8 +516,7 @@ void mesh_plink_broken(struct sta_info * + WLAN_REASON_MESH_PATH_DEST_UNREACHABLE, bcast); + } + } +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); ++ rcu_read_unlock(); + } + + static void mesh_path_free_rcu(struct mesh_table *tbl, +@@ -551,6 +536,7 @@ static void mesh_path_free_rcu(struct me + + static void __mesh_path_del(struct mesh_table *tbl, struct mesh_path *mpath) + { ++ hlist_del_rcu(&mpath->walk_list); + rhashtable_remove_fast(&tbl->rhead, &mpath->rhash, mesh_rht_params); + mesh_path_free_rcu(tbl, mpath); + } +@@ -571,27 +557,14 @@ void mesh_path_flush_by_nexthop(struct s + struct ieee80211_sub_if_data *sdata = sta->sdata; + struct mesh_table *tbl = sdata->u.mesh.mesh_paths; + struct mesh_path *mpath; +- struct rhashtable_iter iter; +- int ret; +- +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_ATOMIC); +- if (ret) +- return; +- +- rhashtable_walk_start(&iter); +- +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ struct hlist_node *n; + ++ spin_lock_bh(&tbl->walk_lock); ++ hlist_for_each_entry_safe(mpath, n, &tbl->walk_head, walk_list) { + if (rcu_access_pointer(mpath->next_hop) == sta) + __mesh_path_del(tbl, mpath); + } +- +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); ++ spin_unlock_bh(&tbl->walk_lock); + } + + static void mpp_flush_by_proxy(struct ieee80211_sub_if_data *sdata, +@@ -599,51 +572,26 @@ static void mpp_flush_by_proxy(struct ie + { + struct mesh_table *tbl = sdata->u.mesh.mpp_paths; + struct mesh_path *mpath; +- struct rhashtable_iter iter; +- int ret; +- +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_ATOMIC); +- if (ret) +- return; +- +- rhashtable_walk_start(&iter); +- +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ struct hlist_node *n; + ++ spin_lock_bh(&tbl->walk_lock); ++ hlist_for_each_entry_safe(mpath, n, &tbl->walk_head, walk_list) { + if (ether_addr_equal(mpath->mpp, proxy)) + __mesh_path_del(tbl, mpath); + } +- +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); ++ spin_unlock_bh(&tbl->walk_lock); + } + + static void table_flush_by_iface(struct mesh_table *tbl) + { + struct mesh_path *mpath; +- struct rhashtable_iter iter; +- int ret; +- +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_ATOMIC); +- if (ret) +- return; +- +- rhashtable_walk_start(&iter); ++ struct hlist_node *n; + +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ spin_lock_bh(&tbl->walk_lock); ++ hlist_for_each_entry_safe(mpath, n, &tbl->walk_head, walk_list) { + __mesh_path_del(tbl, mpath); + } +- +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); ++ spin_unlock_bh(&tbl->walk_lock); + } + + /** +@@ -675,7 +623,7 @@ static int table_path_del(struct mesh_ta + { + struct mesh_path *mpath; + +- rcu_read_lock(); ++ spin_lock_bh(&tbl->walk_lock); + mpath = rhashtable_lookup_fast(&tbl->rhead, addr, mesh_rht_params); + if (!mpath) { + rcu_read_unlock(); +@@ -683,7 +631,7 @@ static int table_path_del(struct mesh_ta + } + + __mesh_path_del(tbl, mpath); +- rcu_read_unlock(); ++ spin_unlock_bh(&tbl->walk_lock); + return 0; + } + +@@ -854,28 +802,16 @@ void mesh_path_tbl_expire(struct ieee802 + struct mesh_table *tbl) + { + struct mesh_path *mpath; +- struct rhashtable_iter iter; +- int ret; ++ struct hlist_node *n; + +- ret = rhashtable_walk_init(&tbl->rhead, &iter, GFP_KERNEL); +- if (ret) +- return; +- +- rhashtable_walk_start(&iter); +- +- while ((mpath = rhashtable_walk_next(&iter))) { +- if (IS_ERR(mpath) && PTR_ERR(mpath) == -EAGAIN) +- continue; +- if (IS_ERR(mpath)) +- break; ++ spin_lock_bh(&tbl->walk_lock); ++ hlist_for_each_entry_safe(mpath, n, &tbl->walk_head, walk_list) { + if ((!(mpath->flags & MESH_PATH_RESOLVING)) && + (!(mpath->flags & MESH_PATH_FIXED)) && + time_after(jiffies, mpath->exp_time + MESH_PATH_EXPIRE)) + __mesh_path_del(tbl, mpath); + } +- +- rhashtable_walk_stop(&iter); +- rhashtable_walk_exit(&iter); ++ spin_unlock_bh(&tbl->walk_lock); + } + + void mesh_path_expire(struct ieee80211_sub_if_data *sdata) diff --git a/queue-4.19/mips-ebpf-always-return-sign-extended-32b-values.patch b/queue-4.19/mips-ebpf-always-return-sign-extended-32b-values.patch new file mode 100644 index 00000000000..0862c88927e --- /dev/null +++ b/queue-4.19/mips-ebpf-always-return-sign-extended-32b-values.patch @@ -0,0 +1,64 @@ +From 13443154f6cac61d148471ede6d7f1f6b5ea946a Mon Sep 17 00:00:00 2001 +From: Paul Burton +Date: Fri, 15 Feb 2019 20:14:15 +0000 +Subject: MIPS: eBPF: Always return sign extended 32b values + +From: Paul Burton + +commit 13443154f6cac61d148471ede6d7f1f6b5ea946a upstream. + +The function prototype used to call JITed eBPF code (ie. the type of the +struct bpf_prog bpf_func field) returns an unsigned int. The MIPS n64 +ABI that MIPS64 kernels target defines that 32 bit integers should +always be sign extended when passed in registers as either arguments or +return values. + +This means that when returning any value which may not already be sign +extended (ie. of type REG_64BIT or REG_32BIT_ZERO_EX) we need to perform +that sign extension in order to comply with the n64 ABI. Without this we +see strange looking test failures from test_bpf.ko, such as: + + test_bpf: #65 ALU64_MOV_X: + dst = 4294967295 jited:1 ret -1 != -1 FAIL (1 times) + +Although the return value printed matches the expected value, this is +only because printf is only examining the least significant 32 bits of +the 64 bit register value we returned. The register holding the expected +value is sign extended whilst the v0 register was set to a zero extended +value by our JITed code, so when compared by a conditional branch +instruction the values are not equal. + +We already handle this when the return value register is of type +REG_32BIT_ZERO_EX, so simply extend this to also cover REG_64BIT. + +Signed-off-by: Paul Burton +Fixes: b6bd53f9c4e8 ("MIPS: Add missing file for eBPF JIT.") +Cc: stable@vger.kernel.org # v4.13+ +Signed-off-by: Daniel Borkmann +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/net/ebpf_jit.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/arch/mips/net/ebpf_jit.c ++++ b/arch/mips/net/ebpf_jit.c +@@ -343,12 +343,15 @@ static int build_int_epilogue(struct jit + const struct bpf_prog *prog = ctx->skf; + int stack_adjust = ctx->stack_size; + int store_offset = stack_adjust - 8; ++ enum reg_val_type td; + int r0 = MIPS_R_V0; + +- if (dest_reg == MIPS_R_RA && +- get_reg_val_type(ctx, prog->len, BPF_REG_0) == REG_32BIT_ZERO_EX) ++ if (dest_reg == MIPS_R_RA) { + /* Don't let zero extended value escape. */ +- emit_instr(ctx, sll, r0, r0, 0); ++ td = get_reg_val_type(ctx, prog->len, BPF_REG_0); ++ if (td == REG_64BIT || td == REG_32BIT_ZERO_EX) ++ emit_instr(ctx, sll, r0, r0, 0); ++ } + + if (ctx->flags & EBPF_SAVE_RA) { + emit_instr(ctx, ld, MIPS_R_RA, store_offset, MIPS_R_SP); diff --git a/queue-4.19/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch b/queue-4.19/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch new file mode 100644 index 00000000000..45462d314e8 --- /dev/null +++ b/queue-4.19/numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch @@ -0,0 +1,71 @@ +From 050c17f239fd53adb55aa768d4f41bc76c0fe045 Mon Sep 17 00:00:00 2001 +From: Ralph Campbell +Date: Wed, 20 Feb 2019 22:18:58 -0800 +Subject: numa: change get_mempolicy() to use nr_node_ids instead of MAX_NUMNODES + +From: Ralph Campbell + +commit 050c17f239fd53adb55aa768d4f41bc76c0fe045 upstream. + +The system call, get_mempolicy() [1], passes an unsigned long *nodemask +pointer and an unsigned long maxnode argument which specifies the length +of the user's nodemask array in bits (which is rounded up). The manual +page says that if the maxnode value is too small, get_mempolicy will +return EINVAL but there is no system call to return this minimum value. +To determine this value, some programs search /proc//status for a +line starting with "Mems_allowed:" and use the number of digits in the +mask to determine the minimum value. A recent change to the way this line +is formatted [2] causes these programs to compute a value less than +MAX_NUMNODES so get_mempolicy() returns EINVAL. + +Change get_mempolicy(), the older compat version of get_mempolicy(), and +the copy_nodes_to_user() function to use nr_node_ids instead of +MAX_NUMNODES, thus preserving the defacto method of computing the minimum +size for the nodemask array and the maxnode argument. + +[1] http://man7.org/linux/man-pages/man2/get_mempolicy.2.html +[2] https://lore.kernel.org/lkml/1545405631-6808-1-git-send-email-longman@redhat.com + +Link: http://lkml.kernel.org/r/20190211180245.22295-1-rcampbell@nvidia.com +Fixes: 4fb8e5b89bcbbbb ("include/linux/nodemask.h: use nr_node_ids (not MAX_NUMNODES) in __nodemask_pr_numnodes()") +Signed-off-by: Ralph Campbell +Suggested-by: Alexander Duyck +Cc: Waiman Long +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/mempolicy.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/mempolicy.c ++++ b/mm/mempolicy.c +@@ -1300,7 +1300,7 @@ static int copy_nodes_to_user(unsigned l + nodemask_t *nodes) + { + unsigned long copy = ALIGN(maxnode-1, 64) / 8; +- const int nbytes = BITS_TO_LONGS(MAX_NUMNODES) * sizeof(long); ++ unsigned int nbytes = BITS_TO_LONGS(nr_node_ids) * sizeof(long); + + if (copy > nbytes) { + if (copy > PAGE_SIZE) +@@ -1477,7 +1477,7 @@ static int kernel_get_mempolicy(int __us + int uninitialized_var(pval); + nodemask_t nodes; + +- if (nmask != NULL && maxnode < MAX_NUMNODES) ++ if (nmask != NULL && maxnode < nr_node_ids) + return -EINVAL; + + err = do_get_mempolicy(&pval, &nodes, addr, flags); +@@ -1513,7 +1513,7 @@ COMPAT_SYSCALL_DEFINE5(get_mempolicy, in + unsigned long nr_bits, alloc_size; + DECLARE_BITMAP(bm, MAX_NUMNODES); + +- nr_bits = min_t(unsigned long, maxnode-1, MAX_NUMNODES); ++ nr_bits = min_t(unsigned long, maxnode-1, nr_node_ids); + alloc_size = ALIGN(nr_bits, BITS_PER_LONG) / 8; + + if (nmask) diff --git a/queue-4.19/proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch b/queue-4.19/proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch new file mode 100644 index 00000000000..dec77796b57 --- /dev/null +++ b/queue-4.19/proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch @@ -0,0 +1,56 @@ +From b2b469939e93458753cfbf8282ad52636495965e Mon Sep 17 00:00:00 2001 +From: Michal Hocko +Date: Wed, 20 Feb 2019 22:19:42 -0800 +Subject: proc, oom: do not report alien mms when setting oom_score_adj + +From: Michal Hocko + +commit b2b469939e93458753cfbf8282ad52636495965e upstream. + +Tetsuo has reported that creating a thousands of processes sharing MM +without SIGHAND (aka alien threads) and setting +/proc//oom_score_adj will swamp the kernel log and takes ages [1] +to finish. This is especially worrisome that all that printing is done +under RCU lock and this can potentially trigger RCU stall or softlockup +detector. + +The primary reason for the printk was to catch potential users who might +depend on the behavior prior to 44a70adec910 ("mm, oom_adj: make sure +processes sharing mm have same view of oom_score_adj") but after more +than 2 years without a single report I guess it is safe to simply remove +the printk altogether. + +The next step should be moving oom_score_adj over to the mm struct and +remove all the tasks crawling as suggested by [2] + +[1] http://lkml.kernel.org/r/97fce864-6f75-bca5-14bc-12c9f890e740@i-love.sakura.ne.jp +[2] http://lkml.kernel.org/r/20190117155159.GA4087@dhcp22.suse.cz + +Link: http://lkml.kernel.org/r/20190212102129.26288-1-mhocko@kernel.org +Signed-off-by: Michal Hocko +Reported-by: Tetsuo Handa +Acked-by: Johannes Weiner +Cc: David Rientjes +Cc: Yong-Taek Lee +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/proc/base.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -1084,10 +1084,6 @@ static int __set_oom_adj(struct file *fi + + task_lock(p); + if (!p->vfork_done && process_shares_mm(p, mm)) { +- pr_info("updating oom_score_adj for %d (%s) from %d to %d because it shares mm with %d (%s). Report if this is unexpected.\n", +- task_pid_nr(p), p->comm, +- p->signal->oom_score_adj, oom_adj, +- task_pid_nr(task), task->comm); + p->signal->oom_score_adj = oom_adj; + if (!legacy && has_capability_noaudit(current, CAP_SYS_RESOURCE)) + p->signal->oom_score_adj_min = (short)oom_adj; diff --git a/queue-4.19/series b/queue-4.19/series index aa795322ed3..f4d180e99ad 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -1 +1,15 @@ arm-8834-1-fix-kprobes-optimized-kprobes-illegal-instruction.patch +tracing-fix-number-of-entries-in-trace-header.patch +mips-ebpf-always-return-sign-extended-32b-values.patch +gpio-mt7621-use-a-per-instance-irq_chip-structure.patch +gpio-pxa-avoid-attempting-to-set-pin-direction-via-pinctrl-on-mmp2.patch +mac80211-restore-vif-beacon-interval-if-start-ap-fails.patch +mac80211-use-linked-list-instead-of-rhashtable-walk-for-mesh-tables.patch +mac80211-free-mpath-object-when-rhashtable-insertion-fails.patch +libceph-handle-an-empty-authorize-reply.patch +ceph-avoid-repeatedly-adding-inode-to-mdsc-snap_flush_list.patch +numa-change-get_mempolicy-to-use-nr_node_ids-instead-of-max_numnodes.patch +proc-oom-do-not-report-alien-mms-when-setting-oom_score_adj.patch +alsa-hda-realtek-headset-microphone-and-internal-speaker-support-for-system76-oryp5.patch +alsa-hda-realtek-disable-pc-beep-in-passthrough-on-alc285.patch +keys-allow-reaching-the-keys-quotas-exactly.patch diff --git a/queue-4.19/tracing-fix-number-of-entries-in-trace-header.patch b/queue-4.19/tracing-fix-number-of-entries-in-trace-header.patch new file mode 100644 index 00000000000..d8492235d20 --- /dev/null +++ b/queue-4.19/tracing-fix-number-of-entries-in-trace-header.patch @@ -0,0 +1,43 @@ +From 9e7382153f80ba45a0bbcd540fb77d4b15f6e966 Mon Sep 17 00:00:00 2001 +From: Quentin Perret +Date: Thu, 14 Feb 2019 15:29:50 +0000 +Subject: tracing: Fix number of entries in trace header + +From: Quentin Perret + +commit 9e7382153f80ba45a0bbcd540fb77d4b15f6e966 upstream. + +The following commit + + 441dae8f2f29 ("tracing: Add support for display of tgid in trace output") + +removed the call to print_event_info() from print_func_help_header_irq() +which results in the ftrace header not reporting the number of entries +written in the buffer. As this wasn't the original intent of the patch, +re-introduce the call to print_event_info() to restore the orginal +behaviour. + +Link: http://lkml.kernel.org/r/20190214152950.4179-1-quentin.perret@arm.com + +Acked-by: Joel Fernandes +Cc: stable@vger.kernel.org +Fixes: 441dae8f2f29 ("tracing: Add support for display of tgid in trace output") +Signed-off-by: Quentin Perret +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -3383,6 +3383,8 @@ static void print_func_help_header_irq(s + const char tgid_space[] = " "; + const char space[] = " "; + ++ print_event_info(buf, m); ++ + seq_printf(m, "# %s _-----=> irqs-off\n", + tgid ? tgid_space : space); + seq_printf(m, "# %s / _----=> need-resched\n", -- 2.47.3