From 70d0605a0ee9019234541a03a3a378b55e4d9c41 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 29 Oct 2019 07:33:40 -0400 Subject: [PATCH] fixes for 4.14 Signed-off-by: Sasha Levin --- ...-apply-alc294-hp-init-also-for-s4-re.patch | 40 +++ ...ure-synchronisation-in-plt-setup-for.patch | 60 ++++ ...ister-clks-on-failure-in-clk_boston_.patch | 71 ++++ ...oduce-account_start_copy-and-account.patch | 73 ++++ ...ework-cow-throttling-to-fix-deadlock.patch | 246 +++++++++++++ ...ot-use-mutex-instead-of-rw_semaphore.patch | 335 ++++++++++++++++++ ...or-all-structs-with-embedded-biosets.patch | 123 +++++++ ...er-fix-endianness-of-pcie-class-code.patch | 61 ++++ ...t-clean-dummy-variable-in-kexec-path.patch | 61 ++++ ...-do-not-exec-truncated-interpreter-p.patch | 119 +++++++ ...h-quota-blocks-after-turnning-it-off.patch | 40 +++ ...-mute-wunused-const-variable-message.patch | 43 +++ ...ossible-null-pointer-dereference-in-.patch | 60 ++++ ...le-null-pointer-dereference-in-.patch-2862 | 59 +++ ...sible-null-pointer-dereferences-in-o.patch | 131 +++++++ ...-use-correct-unit-for-debounce-times.patch | 45 +++ ...t100chi-keyboard-dock-battery-quirks.patch | 36 ++ ...n-place-iterator-api-in-the-channel-.patch | 99 ++++++ ...direkt-tek-dtlapy133-1-to-descriptor.patch | 42 +++ ...odys-winbook-13-to-descriptor-overri.patch | 44 +++ ...n_saradc-fix-memory-allocation-order.patch | 60 ++++ ...ter-temperature-of-bmc150-accel-core.patch | 39 ++ ...fortify_source-defines-dependent-on-.patch | 52 +++ ...vimc-remove-unused-but-set-variables.patch | 44 +++ ...-fix-out-of-bounds-init-of-o32-stack.patch | 38 ++ ...de-mark-__cmpxchg-as-__always_inline.patch | 47 +++ ...clude-mark-__xchg-as-__always_inline.patch | 49 +++ ...et-lag-port-collector-only-when-acti.patch | 134 +++++++ ...fix-possible-sysfs-duplicate-warning.patch | 49 +++ ...quests-count-error-on-nfs_inode_remo.patch | 91 +++++ ...4-fix-leak-of-clp-cl_acceptor-string.patch | 60 ++++ ...s2-clear-zero-in-unaligned-direct-io.patch | 93 +++++ ...ix-possible-use-after-free-on-remove.patch | 41 +++ ...-fix-period-for-intel-fixed-counters.patch | 53 +++ ...perf-map-fix-overlapped-map-handling.patch | 120 +++++++ ...-raising-segv-using-an-obvious-null-.patch | 90 +++++ ...nge-fix-nmi-latency-mitigation-to-us.patch | 131 +++++++ ...ax14656-fix-potential-use-after-free.patch | 71 ++++ ...hold-device_hotplug_lock-when-callin.patch | 96 +++++ ...fi1-prevent-memory-leak-in-sdma_init.patch | 42 +++ ...rdma-iwcm-fix-a-lock-inversion-issue.patch | 87 +++++ ...23-set-xtal-load-capacitance-from-dt.patch | 90 +++++ ...oid-false-positive-compiler-warnings.patch | 60 ++++ ...is7xx-fix-for-unexpected-interrupt-8.patch | 121 +++++++ ...guest-system-mis-accounting-on-task-.patch | 79 +++++ ...version-improve-dirty-check-with-git.patch | 69 ++++ ...-a-duplicate-0711-log-message-number.patch | 35 ++ ...al-mctrl_gpio-check-for-null-pointer.patch | 40 +++ queue-4.14/series | 56 +++ ...u-fix-null-dereference-when-kzalloc-.patch | 48 +++ ...ze-iter-seq-after-zeroing-in-tracing.patch | 82 +++++ .../tty-n_hdlc-fix-build-on-sparc.patch | 52 +++ ...ix-the-link-time-qualifier-of-owl_ua.patch | 36 ++ ...rm-reset-port-requests-on-hub-resume.patch | 55 +++ ...x86-cpu-add-atom-tremont-jacobsville.patch | 60 ++++ .../x86-xen-return-from-panic-notifier.patch | 102 ++++++ ...tween-backing_dev_show-and-backing_d.patch | 68 ++++ 57 files changed, 4328 insertions(+) create mode 100644 queue-4.14/alsa-hda-realtek-apply-alc294-hp-init-also-for-s4-re.patch create mode 100644 queue-4.14/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch create mode 100644 queue-4.14/clk-boston-unregister-clks-on-failure-in-clk_boston_.patch create mode 100644 queue-4.14/dm-snapshot-introduce-account_start_copy-and-account.patch create mode 100644 queue-4.14/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch create mode 100644 queue-4.14/dm-snapshot-use-mutex-instead-of-rw_semaphore.patch create mode 100644 queue-4.14/dm-use-kzalloc-for-all-structs-with-embedded-biosets.patch create mode 100644 queue-4.14/efi-cper-fix-endianness-of-pcie-class-code.patch create mode 100644 queue-4.14/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch create mode 100644 queue-4.14/exec-load_script-do-not-exec-truncated-interpreter-p.patch create mode 100644 queue-4.14/f2fs-flush-quota-blocks-after-turnning-it-off.patch create mode 100644 queue-4.14/fs-cifs-mute-wunused-const-variable-message.patch create mode 100644 queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch create mode 100644 queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-2862 create mode 100644 queue-4.14/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch create mode 100644 queue-4.14/gpio-max77620-use-correct-unit-for-debounce-times.patch create mode 100644 queue-4.14/hid-add-asus-t100chi-keyboard-dock-battery-quirks.patch create mode 100644 queue-4.14/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch create mode 100644 queue-4.14/hid-i2c-hid-add-direkt-tek-dtlapy133-1-to-descriptor.patch create mode 100644 queue-4.14/hid-i2c-hid-add-odys-winbook-13-to-descriptor-overri.patch create mode 100644 queue-4.14/iio-adc-meson_saradc-fix-memory-allocation-order.patch create mode 100644 queue-4.14/iio-fix-center-temperature-of-bmc150-accel-core.patch create mode 100644 queue-4.14/libsubcmd-make-_fortify_source-defines-dependent-on-.patch create mode 100644 queue-4.14/media-vimc-remove-unused-but-set-variables.patch create mode 100644 queue-4.14/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch create mode 100644 queue-4.14/mips-include-mark-__cmpxchg-as-__always_inline.patch create mode 100644 queue-4.14/mips-include-mark-__xchg-as-__always_inline.patch create mode 100644 queue-4.14/mlxsw-spectrum-set-lag-port-collector-only-when-acti.patch create mode 100644 queue-4.14/nbd-fix-possible-sysfs-duplicate-warning.patch create mode 100644 queue-4.14/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch create mode 100644 queue-4.14/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch create mode 100644 queue-4.14/ocfs2-clear-zero-in-unaligned-direct-io.patch create mode 100644 queue-4.14/pci-pme-fix-possible-use-after-free-on-remove.patch create mode 100644 queue-4.14/perf-jevents-fix-period-for-intel-fixed-counters.patch create mode 100644 queue-4.14/perf-map-fix-overlapped-map-handling.patch create mode 100644 queue-4.14/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch create mode 100644 queue-4.14/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch create mode 100644 queue-4.14/power-supply-max14656-fix-potential-use-after-free.patch create mode 100644 queue-4.14/powerpc-powernv-hold-device_hotplug_lock-when-callin.patch create mode 100644 queue-4.14/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch create mode 100644 queue-4.14/rdma-iwcm-fix-a-lock-inversion-issue.patch create mode 100644 queue-4.14/rtc-pcf8523-set-xtal-load-capacitance-from-dt.patch create mode 100644 queue-4.14/s390-uaccess-avoid-false-positive-compiler-warnings.patch create mode 100644 queue-4.14/sc16is7xx-fix-for-unexpected-interrupt-8.patch create mode 100644 queue-4.14/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch create mode 100644 queue-4.14/scripts-setlocalversion-improve-dirty-check-with-git.patch create mode 100644 queue-4.14/scsi-lpfc-fix-a-duplicate-0711-log-message-number.patch create mode 100644 queue-4.14/serial-mctrl_gpio-check-for-null-pointer.patch create mode 100644 queue-4.14/series create mode 100644 queue-4.14/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch create mode 100644 queue-4.14/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch create mode 100644 queue-4.14/tty-n_hdlc-fix-build-on-sparc.patch create mode 100644 queue-4.14/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch create mode 100644 queue-4.14/usb-handle-warm-reset-port-requests-on-hub-resume.patch create mode 100644 queue-4.14/x86-cpu-add-atom-tremont-jacobsville.patch create mode 100644 queue-4.14/x86-xen-return-from-panic-notifier.patch create mode 100644 queue-4.14/zram-fix-race-between-backing_dev_show-and-backing_d.patch diff --git a/queue-4.14/alsa-hda-realtek-apply-alc294-hp-init-also-for-s4-re.patch b/queue-4.14/alsa-hda-realtek-apply-alc294-hp-init-also-for-s4-re.patch new file mode 100644 index 00000000000..c95e923eb5e --- /dev/null +++ b/queue-4.14/alsa-hda-realtek-apply-alc294-hp-init-also-for-s4-re.patch @@ -0,0 +1,40 @@ +From a103109ef920af2b281e705c25e6ff5ea933b157 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 29 Jan 2019 14:14:51 +0100 +Subject: ALSA: hda/realtek - Apply ALC294 hp init also for S4 resume + +From: Takashi Iwai + +[ Upstream commit f6ef4e0e284251ff795c541db1129c84515ed044 ] + +The init sequence for ALC294 headphone stuff is needed not only for +the boot up time but also for the resume from hibernation, where the +device is switched from the boot kernel without sound driver to the +suspended image. Since we record the PM event in the device +power_state field, we can now recognize the call pattern and apply the +sequence conditionally. + +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/patch_realtek.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 5412952557f7a..8d6c5be387362 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -3246,7 +3246,9 @@ static void alc294_init(struct hda_codec *codec) + { + struct alc_spec *spec = codec->spec; + +- if (!spec->done_hp_init) { ++ /* required only at boot or S4 resume time */ ++ if (!spec->done_hp_init || ++ codec->core.dev.power.power_state.event == PM_EVENT_RESTORE) { + alc294_hp_init(codec); + spec->done_hp_init = true; + } +-- +2.20.1 + diff --git a/queue-4.14/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch b/queue-4.14/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch new file mode 100644 index 00000000000..2ec3911f542 --- /dev/null +++ b/queue-4.14/arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch @@ -0,0 +1,60 @@ +From 3b10eea8beb993dce44134f3a2a0f27385a4bef8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 10:49:35 +0100 +Subject: arm64: ftrace: Ensure synchronisation in PLT setup for Neoverse-N1 + #1542419 + +From: James Morse + +[ Upstream commit dd8a1f13488438c6c220b7cafa500baaf21a6e53 ] + +CPUs affected by Neoverse-N1 #1542419 may execute a stale instruction if +it was recently modified. The affected sequence requires freshly written +instructions to be executable before a branch to them is updated. + +There are very few places in the kernel that modify executable text, +all but one come with sufficient synchronisation: + * The module loader's flush_module_icache() calls flush_icache_range(), + which does a kick_all_cpus_sync() + * bpf_int_jit_compile() calls flush_icache_range(). + * Kprobes calls aarch64_insn_patch_text(), which does its work in + stop_machine(). + * static keys and ftrace both patch between nops and branches to + existing kernel code (not generated code). + +The affected sequence is the interaction between ftrace and modules. +The module PLT is cleaned using __flush_icache_range() as the trampoline +shouldn't be executable until we update the branch to it. + +Drop the double-underscore so that this path runs kick_all_cpus_sync() +too. + +Signed-off-by: James Morse +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/ftrace.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c +index fac79d75d1d9d..6eefd5873aef4 100644 +--- a/arch/arm64/kernel/ftrace.c ++++ b/arch/arm64/kernel/ftrace.c +@@ -119,7 +119,13 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) + + /* + * Ensure updated trampoline is visible to instruction +- * fetch before we patch in the branch. ++ * fetch before we patch in the branch. Although the ++ * architecture doesn't require an IPI in this case, ++ * Neoverse-N1 erratum #1542419 does require one ++ * if the TLB maintenance in module_enable_ro() is ++ * skipped due to rodata_enabled. It doesn't seem worth ++ * it to make it conditional given that this is ++ * certainly not a fast-path. + */ + flush_icache_range((unsigned long)&dst[0], + (unsigned long)&dst[1]); +-- +2.20.1 + diff --git a/queue-4.14/clk-boston-unregister-clks-on-failure-in-clk_boston_.patch b/queue-4.14/clk-boston-unregister-clks-on-failure-in-clk_boston_.patch new file mode 100644 index 00000000000..2eb0e65bcb4 --- /dev/null +++ b/queue-4.14/clk-boston-unregister-clks-on-failure-in-clk_boston_.patch @@ -0,0 +1,71 @@ +From ad0cba41857804d0c6043ecc0ee98016e09f447c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Oct 2018 15:41:42 +0800 +Subject: clk: boston: unregister clks on failure in clk_boston_setup() + +From: Yi Wang + +[ Upstream commit 8b627f616ed63dcaf922369fc14a5daf8ad03038 ] + +The registered clks should unregister when something wrong happens +before going out in function clk_boston_setup(). + +Signed-off-by: Yi Wang +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/imgtec/clk-boston.c | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/drivers/clk/imgtec/clk-boston.c b/drivers/clk/imgtec/clk-boston.c +index f5d54a64d33c5..dddda45127a80 100644 +--- a/drivers/clk/imgtec/clk-boston.c ++++ b/drivers/clk/imgtec/clk-boston.c +@@ -73,31 +73,39 @@ static void __init clk_boston_setup(struct device_node *np) + hw = clk_hw_register_fixed_rate(NULL, "input", NULL, 0, in_freq); + if (IS_ERR(hw)) { + pr_err("failed to register input clock: %ld\n", PTR_ERR(hw)); +- goto error; ++ goto fail_input; + } + onecell->hws[BOSTON_CLK_INPUT] = hw; + + hw = clk_hw_register_fixed_rate(NULL, "sys", "input", 0, sys_freq); + if (IS_ERR(hw)) { + pr_err("failed to register sys clock: %ld\n", PTR_ERR(hw)); +- goto error; ++ goto fail_sys; + } + onecell->hws[BOSTON_CLK_SYS] = hw; + + hw = clk_hw_register_fixed_rate(NULL, "cpu", "input", 0, cpu_freq); + if (IS_ERR(hw)) { + pr_err("failed to register cpu clock: %ld\n", PTR_ERR(hw)); +- goto error; ++ goto fail_cpu; + } + onecell->hws[BOSTON_CLK_CPU] = hw; + + err = of_clk_add_hw_provider(np, of_clk_hw_onecell_get, onecell); +- if (err) ++ if (err) { + pr_err("failed to add DT provider: %d\n", err); ++ goto fail_clk_add; ++ } + + return; + +-error: ++fail_clk_add: ++ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_CPU]); ++fail_cpu: ++ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_SYS]); ++fail_sys: ++ clk_hw_unregister_fixed_rate(onecell->hws[BOSTON_CLK_INPUT]); ++fail_input: + kfree(onecell); + } + +-- +2.20.1 + diff --git a/queue-4.14/dm-snapshot-introduce-account_start_copy-and-account.patch b/queue-4.14/dm-snapshot-introduce-account_start_copy-and-account.patch new file mode 100644 index 00000000000..1bb239593f6 --- /dev/null +++ b/queue-4.14/dm-snapshot-introduce-account_start_copy-and-account.patch @@ -0,0 +1,73 @@ +From e98409c1e53e1790d74165e8f9df1db939c1e0dd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 06:14:17 -0400 +Subject: dm snapshot: introduce account_start_copy() and account_end_copy() + +From: Mikulas Patocka + +[ Upstream commit a2f83e8b0c82c9500421a26c49eb198b25fcdea3 ] + +This simple refactoring moves code for modifying the semaphore cow_count +into separate functions to prepare for changes that will extend these +methods to provide for a more sophisticated mechanism for COW +throttling. + +Signed-off-by: Mikulas Patocka +Reviewed-by: Nikos Tsironis +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-snap.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index 8b1556e77a0a0..a9575122a0c6e 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -1399,6 +1399,16 @@ static void snapshot_dtr(struct dm_target *ti) + kfree(s); + } + ++static void account_start_copy(struct dm_snapshot *s) ++{ ++ down(&s->cow_count); ++} ++ ++static void account_end_copy(struct dm_snapshot *s) ++{ ++ up(&s->cow_count); ++} ++ + /* + * Flush a list of buffers. + */ +@@ -1581,7 +1591,7 @@ static void copy_callback(int read_err, unsigned long write_err, void *context) + } + list_add(&pe->out_of_order_entry, lh); + } +- up(&s->cow_count); ++ account_end_copy(s); + } + + /* +@@ -1605,7 +1615,7 @@ static void start_copy(struct dm_snap_pending_exception *pe) + dest.count = src.count; + + /* Hand over to kcopyd */ +- down(&s->cow_count); ++ account_start_copy(s); + dm_kcopyd_copy(s->kcopyd_client, &src, 1, &dest, 0, copy_callback, pe); + } + +@@ -1625,7 +1635,7 @@ static void start_full_bio(struct dm_snap_pending_exception *pe, + pe->full_bio = bio; + pe->full_bio_end_io = bio->bi_end_io; + +- down(&s->cow_count); ++ account_start_copy(s); + callback_data = dm_kcopyd_prepare_callback(s->kcopyd_client, + copy_callback, pe); + +-- +2.20.1 + diff --git a/queue-4.14/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch b/queue-4.14/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch new file mode 100644 index 00000000000..5cb203352a4 --- /dev/null +++ b/queue-4.14/dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch @@ -0,0 +1,246 @@ +From 8909f7b68e2713f62140a6257d72487a909ebbcb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 06:15:53 -0400 +Subject: dm snapshot: rework COW throttling to fix deadlock + +From: Mikulas Patocka + +[ Upstream commit b21555786f18cd77f2311ad89074533109ae3ffa ] + +Commit 721b1d98fb517a ("dm snapshot: Fix excessive memory usage and +workqueue stalls") introduced a semaphore to limit the maximum number of +in-flight kcopyd (COW) jobs. + +The implementation of this throttling mechanism is prone to a deadlock: + +1. One or more threads write to the origin device causing COW, which is + performed by kcopyd. + +2. At some point some of these threads might reach the s->cow_count + semaphore limit and block in down(&s->cow_count), holding a read lock + on _origins_lock. + +3. Someone tries to acquire a write lock on _origins_lock, e.g., + snapshot_ctr(), which blocks because the threads at step (2) already + hold a read lock on it. + +4. A COW operation completes and kcopyd runs dm-snapshot's completion + callback, which ends up calling pending_complete(). + pending_complete() tries to resubmit any deferred origin bios. This + requires acquiring a read lock on _origins_lock, which blocks. + + This happens because the read-write semaphore implementation gives + priority to writers, meaning that as soon as a writer tries to enter + the critical section, no readers will be allowed in, until all + writers have completed their work. + + So, pending_complete() waits for the writer at step (3) to acquire + and release the lock. This writer waits for the readers at step (2) + to release the read lock and those readers wait for + pending_complete() (the kcopyd thread) to signal the s->cow_count + semaphore: DEADLOCK. + +The above was thoroughly analyzed and documented by Nikos Tsironis as +part of his initial proposal for fixing this deadlock, see: +https://www.redhat.com/archives/dm-devel/2019-October/msg00001.html + +Fix this deadlock by reworking COW throttling so that it waits without +holding any locks. Add a variable 'in_progress' that counts how many +kcopyd jobs are running. A function wait_for_in_progress() will sleep if +'in_progress' is over the limit. It drops _origins_lock in order to +avoid the deadlock. + +Reported-by: Guruswamy Basavaiah +Reported-by: Nikos Tsironis +Reviewed-by: Nikos Tsironis +Tested-by: Nikos Tsironis +Fixes: 721b1d98fb51 ("dm snapshot: Fix excessive memory usage and workqueue stalls") +Cc: stable@vger.kernel.org # v5.0+ +Depends-on: 4a3f111a73a8c ("dm snapshot: introduce account_start_copy() and account_end_copy()") +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-snap.c | 80 +++++++++++++++++++++++++++++++++++--------- + 1 file changed, 64 insertions(+), 16 deletions(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index a9575122a0c6e..95c564b60d79a 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -19,7 +19,6 @@ + #include + #include + #include +-#include + + #include "dm.h" + +@@ -106,8 +105,8 @@ struct dm_snapshot { + /* The on disk metadata handler */ + struct dm_exception_store *store; + +- /* Maximum number of in-flight COW jobs. */ +- struct semaphore cow_count; ++ unsigned in_progress; ++ struct wait_queue_head in_progress_wait; + + struct dm_kcopyd_client *kcopyd_client; + +@@ -158,8 +157,8 @@ struct dm_snapshot { + */ + #define DEFAULT_COW_THRESHOLD 2048 + +-static int cow_threshold = DEFAULT_COW_THRESHOLD; +-module_param_named(snapshot_cow_threshold, cow_threshold, int, 0644); ++static unsigned cow_threshold = DEFAULT_COW_THRESHOLD; ++module_param_named(snapshot_cow_threshold, cow_threshold, uint, 0644); + MODULE_PARM_DESC(snapshot_cow_threshold, "Maximum number of chunks being copied on write"); + + DECLARE_DM_KCOPYD_THROTTLE_WITH_MODULE_PARM(snapshot_copy_throttle, +@@ -1206,7 +1205,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + goto bad_hash_tables; + } + +- sema_init(&s->cow_count, (cow_threshold > 0) ? cow_threshold : INT_MAX); ++ init_waitqueue_head(&s->in_progress_wait); + + s->kcopyd_client = dm_kcopyd_client_create(&dm_kcopyd_throttle); + if (IS_ERR(s->kcopyd_client)) { +@@ -1396,17 +1395,54 @@ static void snapshot_dtr(struct dm_target *ti) + + dm_put_device(ti, s->origin); + ++ WARN_ON(s->in_progress); ++ + kfree(s); + } + + static void account_start_copy(struct dm_snapshot *s) + { +- down(&s->cow_count); ++ spin_lock(&s->in_progress_wait.lock); ++ s->in_progress++; ++ spin_unlock(&s->in_progress_wait.lock); + } + + static void account_end_copy(struct dm_snapshot *s) + { +- up(&s->cow_count); ++ spin_lock(&s->in_progress_wait.lock); ++ BUG_ON(!s->in_progress); ++ s->in_progress--; ++ if (likely(s->in_progress <= cow_threshold) && ++ unlikely(waitqueue_active(&s->in_progress_wait))) ++ wake_up_locked(&s->in_progress_wait); ++ spin_unlock(&s->in_progress_wait.lock); ++} ++ ++static bool wait_for_in_progress(struct dm_snapshot *s, bool unlock_origins) ++{ ++ if (unlikely(s->in_progress > cow_threshold)) { ++ spin_lock(&s->in_progress_wait.lock); ++ if (likely(s->in_progress > cow_threshold)) { ++ /* ++ * NOTE: this throttle doesn't account for whether ++ * the caller is servicing an IO that will trigger a COW ++ * so excess throttling may result for chunks not required ++ * to be COW'd. But if cow_threshold was reached, extra ++ * throttling is unlikely to negatively impact performance. ++ */ ++ DECLARE_WAITQUEUE(wait, current); ++ __add_wait_queue(&s->in_progress_wait, &wait); ++ __set_current_state(TASK_UNINTERRUPTIBLE); ++ spin_unlock(&s->in_progress_wait.lock); ++ if (unlock_origins) ++ up_read(&_origins_lock); ++ io_schedule(); ++ remove_wait_queue(&s->in_progress_wait, &wait); ++ return false; ++ } ++ spin_unlock(&s->in_progress_wait.lock); ++ } ++ return true; + } + + /* +@@ -1424,7 +1460,7 @@ static void flush_bios(struct bio *bio) + } + } + +-static int do_origin(struct dm_dev *origin, struct bio *bio); ++static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit); + + /* + * Flush a list of buffers. +@@ -1437,7 +1473,7 @@ static void retry_origin_bios(struct dm_snapshot *s, struct bio *bio) + while (bio) { + n = bio->bi_next; + bio->bi_next = NULL; +- r = do_origin(s->origin, bio); ++ r = do_origin(s->origin, bio, false); + if (r == DM_MAPIO_REMAPPED) + generic_make_request(bio); + bio = n; +@@ -1726,8 +1762,11 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + if (!s->valid) + return DM_MAPIO_KILL; + +- /* FIXME: should only take write lock if we need +- * to copy an exception */ ++ if (bio_data_dir(bio) == WRITE) { ++ while (unlikely(!wait_for_in_progress(s, false))) ++ ; /* wait_for_in_progress() has slept */ ++ } ++ + mutex_lock(&s->lock); + + if (!s->valid || (unlikely(s->snapshot_overflowed) && +@@ -1876,7 +1915,7 @@ redirect_to_origin: + + if (bio_data_dir(bio) == WRITE) { + mutex_unlock(&s->lock); +- return do_origin(s->origin, bio); ++ return do_origin(s->origin, bio, false); + } + + out_unlock: +@@ -2213,15 +2252,24 @@ next_snapshot: + /* + * Called on a write from the origin driver. + */ +-static int do_origin(struct dm_dev *origin, struct bio *bio) ++static int do_origin(struct dm_dev *origin, struct bio *bio, bool limit) + { + struct origin *o; + int r = DM_MAPIO_REMAPPED; + ++again: + down_read(&_origins_lock); + o = __lookup_origin(origin->bdev); +- if (o) ++ if (o) { ++ if (limit) { ++ struct dm_snapshot *s; ++ list_for_each_entry(s, &o->snapshots, list) ++ if (unlikely(!wait_for_in_progress(s, true))) ++ goto again; ++ } ++ + r = __origin_write(&o->snapshots, bio->bi_iter.bi_sector, bio); ++ } + up_read(&_origins_lock); + + return r; +@@ -2334,7 +2382,7 @@ static int origin_map(struct dm_target *ti, struct bio *bio) + dm_accept_partial_bio(bio, available_sectors); + + /* Only tell snapshots if this is a write */ +- return do_origin(o->dev, bio); ++ return do_origin(o->dev, bio, true); + } + + static long origin_dax_direct_access(struct dm_target *ti, pgoff_t pgoff, +-- +2.20.1 + diff --git a/queue-4.14/dm-snapshot-use-mutex-instead-of-rw_semaphore.patch b/queue-4.14/dm-snapshot-use-mutex-instead-of-rw_semaphore.patch new file mode 100644 index 00000000000..a4750dcfdf5 --- /dev/null +++ b/queue-4.14/dm-snapshot-use-mutex-instead-of-rw_semaphore.patch @@ -0,0 +1,335 @@ +From 149328674b2c089eeb1ba902392be054e121d266 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Nov 2017 16:15:43 -0500 +Subject: dm snapshot: use mutex instead of rw_semaphore + +From: Mikulas Patocka + +[ Upstream commit ae1093be5a0ef997833e200a0dafb9ed0b1ff4fe ] + +The rw_semaphore is acquired for read only in two places, neither is +performance-critical. So replace it with a mutex -- which is more +efficient. + +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-snap.c | 84 +++++++++++++++++++++++--------------------- + 1 file changed, 43 insertions(+), 41 deletions(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index b502debc6df3f..8b1556e77a0a0 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -48,7 +48,7 @@ struct dm_exception_table { + }; + + struct dm_snapshot { +- struct rw_semaphore lock; ++ struct mutex lock; + + struct dm_dev *origin; + struct dm_dev *cow; +@@ -456,9 +456,9 @@ static int __find_snapshots_sharing_cow(struct dm_snapshot *snap, + if (!bdev_equal(s->cow->bdev, snap->cow->bdev)) + continue; + +- down_read(&s->lock); ++ mutex_lock(&s->lock); + active = s->active; +- up_read(&s->lock); ++ mutex_unlock(&s->lock); + + if (active) { + if (snap_src) +@@ -926,7 +926,7 @@ static int remove_single_exception_chunk(struct dm_snapshot *s) + int r; + chunk_t old_chunk = s->first_merging_chunk + s->num_merging_chunks - 1; + +- down_write(&s->lock); ++ mutex_lock(&s->lock); + + /* + * Process chunks (and associated exceptions) in reverse order +@@ -941,7 +941,7 @@ static int remove_single_exception_chunk(struct dm_snapshot *s) + b = __release_queued_bios_after_merge(s); + + out: +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + if (b) + flush_bios(b); + +@@ -1000,9 +1000,9 @@ static void snapshot_merge_next_chunks(struct dm_snapshot *s) + if (linear_chunks < 0) { + DMERR("Read error in exception store: " + "shutting down merge"); +- down_write(&s->lock); ++ mutex_lock(&s->lock); + s->merge_failed = 1; +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + } + goto shut; + } +@@ -1043,10 +1043,10 @@ static void snapshot_merge_next_chunks(struct dm_snapshot *s) + previous_count = read_pending_exceptions_done_count(); + } + +- down_write(&s->lock); ++ mutex_lock(&s->lock); + s->first_merging_chunk = old_chunk; + s->num_merging_chunks = linear_chunks; +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + + /* Wait until writes to all 'linear_chunks' drain */ + for (i = 0; i < linear_chunks; i++) +@@ -1088,10 +1088,10 @@ static void merge_callback(int read_err, unsigned long write_err, void *context) + return; + + shut: +- down_write(&s->lock); ++ mutex_lock(&s->lock); + s->merge_failed = 1; + b = __release_queued_bios_after_merge(s); +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + error_bios(b); + + merge_shutdown(s); +@@ -1190,7 +1190,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + s->exception_start_sequence = 0; + s->exception_complete_sequence = 0; + INIT_LIST_HEAD(&s->out_of_order_list); +- init_rwsem(&s->lock); ++ mutex_init(&s->lock); + INIT_LIST_HEAD(&s->list); + spin_lock_init(&s->pe_lock); + s->state_bits = 0; +@@ -1357,9 +1357,9 @@ static void snapshot_dtr(struct dm_target *ti) + /* Check whether exception handover must be cancelled */ + (void) __find_snapshots_sharing_cow(s, &snap_src, &snap_dest, NULL); + if (snap_src && snap_dest && (s == snap_src)) { +- down_write(&snap_dest->lock); ++ mutex_lock(&snap_dest->lock); + snap_dest->valid = 0; +- up_write(&snap_dest->lock); ++ mutex_unlock(&snap_dest->lock); + DMERR("Cancelling snapshot handover."); + } + up_read(&_origins_lock); +@@ -1390,6 +1390,8 @@ static void snapshot_dtr(struct dm_target *ti) + + dm_exception_store_destroy(s->store); + ++ mutex_destroy(&s->lock); ++ + dm_put_device(ti, s->cow); + + dm_put_device(ti, s->origin); +@@ -1477,7 +1479,7 @@ static void pending_complete(void *context, int success) + + if (!success) { + /* Read/write error - snapshot is unusable */ +- down_write(&s->lock); ++ mutex_lock(&s->lock); + __invalidate_snapshot(s, -EIO); + error = 1; + goto out; +@@ -1485,14 +1487,14 @@ static void pending_complete(void *context, int success) + + e = alloc_completed_exception(GFP_NOIO); + if (!e) { +- down_write(&s->lock); ++ mutex_lock(&s->lock); + __invalidate_snapshot(s, -ENOMEM); + error = 1; + goto out; + } + *e = pe->e; + +- down_write(&s->lock); ++ mutex_lock(&s->lock); + if (!s->valid) { + free_completed_exception(e); + error = 1; +@@ -1517,7 +1519,7 @@ out: + full_bio->bi_end_io = pe->full_bio_end_io; + increment_pending_exceptions_done_count(); + +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + + /* Submit any pending write bios */ + if (error) { +@@ -1716,7 +1718,7 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + + /* FIXME: should only take write lock if we need + * to copy an exception */ +- down_write(&s->lock); ++ mutex_lock(&s->lock); + + if (!s->valid || (unlikely(s->snapshot_overflowed) && + bio_data_dir(bio) == WRITE)) { +@@ -1739,9 +1741,9 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + if (bio_data_dir(bio) == WRITE) { + pe = __lookup_pending_exception(s, chunk); + if (!pe) { +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + pe = alloc_pending_exception(s); +- down_write(&s->lock); ++ mutex_lock(&s->lock); + + if (!s->valid || s->snapshot_overflowed) { + free_pending_exception(pe); +@@ -1776,7 +1778,7 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + bio->bi_iter.bi_size == + (s->store->chunk_size << SECTOR_SHIFT)) { + pe->started = 1; +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + start_full_bio(pe, bio); + goto out; + } +@@ -1786,7 +1788,7 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + if (!pe->started) { + /* this is protected by snap->lock */ + pe->started = 1; +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + start_copy(pe); + goto out; + } +@@ -1796,7 +1798,7 @@ static int snapshot_map(struct dm_target *ti, struct bio *bio) + } + + out_unlock: +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + out: + return r; + } +@@ -1832,7 +1834,7 @@ static int snapshot_merge_map(struct dm_target *ti, struct bio *bio) + + chunk = sector_to_chunk(s->store, bio->bi_iter.bi_sector); + +- down_write(&s->lock); ++ mutex_lock(&s->lock); + + /* Full merging snapshots are redirected to the origin */ + if (!s->valid) +@@ -1863,12 +1865,12 @@ redirect_to_origin: + bio_set_dev(bio, s->origin->bdev); + + if (bio_data_dir(bio) == WRITE) { +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + return do_origin(s->origin, bio); + } + + out_unlock: +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + + return r; + } +@@ -1900,7 +1902,7 @@ static int snapshot_preresume(struct dm_target *ti) + down_read(&_origins_lock); + (void) __find_snapshots_sharing_cow(s, &snap_src, &snap_dest, NULL); + if (snap_src && snap_dest) { +- down_read(&snap_src->lock); ++ mutex_lock(&snap_src->lock); + if (s == snap_src) { + DMERR("Unable to resume snapshot source until " + "handover completes."); +@@ -1910,7 +1912,7 @@ static int snapshot_preresume(struct dm_target *ti) + "source is suspended."); + r = -EINVAL; + } +- up_read(&snap_src->lock); ++ mutex_unlock(&snap_src->lock); + } + up_read(&_origins_lock); + +@@ -1956,11 +1958,11 @@ static void snapshot_resume(struct dm_target *ti) + + (void) __find_snapshots_sharing_cow(s, &snap_src, &snap_dest, NULL); + if (snap_src && snap_dest) { +- down_write(&snap_src->lock); +- down_write_nested(&snap_dest->lock, SINGLE_DEPTH_NESTING); ++ mutex_lock(&snap_src->lock); ++ mutex_lock_nested(&snap_dest->lock, SINGLE_DEPTH_NESTING); + __handover_exceptions(snap_src, snap_dest); +- up_write(&snap_dest->lock); +- up_write(&snap_src->lock); ++ mutex_unlock(&snap_dest->lock); ++ mutex_unlock(&snap_src->lock); + } + + up_read(&_origins_lock); +@@ -1975,9 +1977,9 @@ static void snapshot_resume(struct dm_target *ti) + /* Now we have correct chunk size, reregister */ + reregister_snapshot(s); + +- down_write(&s->lock); ++ mutex_lock(&s->lock); + s->active = 1; +- up_write(&s->lock); ++ mutex_unlock(&s->lock); + } + + static uint32_t get_origin_minimum_chunksize(struct block_device *bdev) +@@ -2017,7 +2019,7 @@ static void snapshot_status(struct dm_target *ti, status_type_t type, + switch (type) { + case STATUSTYPE_INFO: + +- down_write(&snap->lock); ++ mutex_lock(&snap->lock); + + if (!snap->valid) + DMEMIT("Invalid"); +@@ -2042,7 +2044,7 @@ static void snapshot_status(struct dm_target *ti, status_type_t type, + DMEMIT("Unknown"); + } + +- up_write(&snap->lock); ++ mutex_unlock(&snap->lock); + + break; + +@@ -2108,7 +2110,7 @@ static int __origin_write(struct list_head *snapshots, sector_t sector, + if (dm_target_is_snapshot_merge(snap->ti)) + continue; + +- down_write(&snap->lock); ++ mutex_lock(&snap->lock); + + /* Only deal with valid and active snapshots */ + if (!snap->valid || !snap->active) +@@ -2135,9 +2137,9 @@ static int __origin_write(struct list_head *snapshots, sector_t sector, + + pe = __lookup_pending_exception(snap, chunk); + if (!pe) { +- up_write(&snap->lock); ++ mutex_unlock(&snap->lock); + pe = alloc_pending_exception(snap); +- down_write(&snap->lock); ++ mutex_lock(&snap->lock); + + if (!snap->valid) { + free_pending_exception(pe); +@@ -2180,7 +2182,7 @@ static int __origin_write(struct list_head *snapshots, sector_t sector, + } + + next_snapshot: +- up_write(&snap->lock); ++ mutex_unlock(&snap->lock); + + if (pe_to_start_now) { + start_copy(pe_to_start_now); +-- +2.20.1 + diff --git a/queue-4.14/dm-use-kzalloc-for-all-structs-with-embedded-biosets.patch b/queue-4.14/dm-use-kzalloc-for-all-structs-with-embedded-biosets.patch new file mode 100644 index 00000000000..76d6187c45b --- /dev/null +++ b/queue-4.14/dm-use-kzalloc-for-all-structs-with-embedded-biosets.patch @@ -0,0 +1,123 @@ +From 888e32b47a3e5dbefc7a38cf4335ba7abf943d58 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Jun 2018 05:26:33 -0400 +Subject: dm: Use kzalloc for all structs with embedded biosets/mempools + +From: Kent Overstreet + +[ Upstream commit d377535405686f735b90a8ad4ba269484cd7c96e ] + +mempool_init()/bioset_init() require that the mempools/biosets be zeroed +first; they probably should not _require_ this, but not allocating those +structs with kzalloc is a fairly nonsensical thing to do (calling +mempool_exit()/bioset_exit() on an uninitialized mempool/bioset is legal +and safe, but only works if said memory was zeroed.) + +Acked-by: Mike Snitzer +Signed-off-by: Kent Overstreet +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/md/dm-bio-prison-v1.c | 2 +- + drivers/md/dm-bio-prison-v2.c | 2 +- + drivers/md/dm-io.c | 2 +- + drivers/md/dm-kcopyd.c | 2 +- + drivers/md/dm-region-hash.c | 2 +- + drivers/md/dm-snap.c | 2 +- + drivers/md/dm-thin.c | 2 +- + 7 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/md/dm-bio-prison-v1.c b/drivers/md/dm-bio-prison-v1.c +index 874841f0fc837..10532a76688ea 100644 +--- a/drivers/md/dm-bio-prison-v1.c ++++ b/drivers/md/dm-bio-prison-v1.c +@@ -33,7 +33,7 @@ static struct kmem_cache *_cell_cache; + */ + struct dm_bio_prison *dm_bio_prison_create(void) + { +- struct dm_bio_prison *prison = kmalloc(sizeof(*prison), GFP_KERNEL); ++ struct dm_bio_prison *prison = kzalloc(sizeof(*prison), GFP_KERNEL); + + if (!prison) + return NULL; +diff --git a/drivers/md/dm-bio-prison-v2.c b/drivers/md/dm-bio-prison-v2.c +index 8ce3a1a588cfd..c34ec615420f2 100644 +--- a/drivers/md/dm-bio-prison-v2.c ++++ b/drivers/md/dm-bio-prison-v2.c +@@ -35,7 +35,7 @@ static struct kmem_cache *_cell_cache; + */ + struct dm_bio_prison_v2 *dm_bio_prison_create_v2(struct workqueue_struct *wq) + { +- struct dm_bio_prison_v2 *prison = kmalloc(sizeof(*prison), GFP_KERNEL); ++ struct dm_bio_prison_v2 *prison = kzalloc(sizeof(*prison), GFP_KERNEL); + + if (!prison) + return NULL; +diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c +index b4357ed4d5416..56e2c0e079d78 100644 +--- a/drivers/md/dm-io.c ++++ b/drivers/md/dm-io.c +@@ -50,7 +50,7 @@ struct dm_io_client *dm_io_client_create(void) + struct dm_io_client *client; + unsigned min_ios = dm_get_reserved_bio_based_ios(); + +- client = kmalloc(sizeof(*client), GFP_KERNEL); ++ client = kzalloc(sizeof(*client), GFP_KERNEL); + if (!client) + return ERR_PTR(-ENOMEM); + +diff --git a/drivers/md/dm-kcopyd.c b/drivers/md/dm-kcopyd.c +index bd9a45b94b552..7ca2b1aaa79d4 100644 +--- a/drivers/md/dm-kcopyd.c ++++ b/drivers/md/dm-kcopyd.c +@@ -892,7 +892,7 @@ struct dm_kcopyd_client *dm_kcopyd_client_create(struct dm_kcopyd_throttle *thro + int r = -ENOMEM; + struct dm_kcopyd_client *kc; + +- kc = kmalloc(sizeof(*kc), GFP_KERNEL); ++ kc = kzalloc(sizeof(*kc), GFP_KERNEL); + if (!kc) + return ERR_PTR(-ENOMEM); + +diff --git a/drivers/md/dm-region-hash.c b/drivers/md/dm-region-hash.c +index 85c32b22a420a..91c6f6d72eeec 100644 +--- a/drivers/md/dm-region-hash.c ++++ b/drivers/md/dm-region-hash.c +@@ -179,7 +179,7 @@ struct dm_region_hash *dm_region_hash_create( + ; + nr_buckets >>= 1; + +- rh = kmalloc(sizeof(*rh), GFP_KERNEL); ++ rh = kzalloc(sizeof(*rh), GFP_KERNEL); + if (!rh) { + DMERR("unable to allocate region hash memory"); + return ERR_PTR(-ENOMEM); +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index 95c564b60d79a..2170f6c118b89 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -1136,7 +1136,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + origin_mode = FMODE_WRITE; + } + +- s = kmalloc(sizeof(*s), GFP_KERNEL); ++ s = kzalloc(sizeof(*s), GFP_KERNEL); + if (!s) { + ti->error = "Cannot allocate private snapshot structure"; + r = -ENOMEM; +diff --git a/drivers/md/dm-thin.c b/drivers/md/dm-thin.c +index aa77959909894..0ee5eae716909 100644 +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -2962,7 +2962,7 @@ static struct pool *pool_create(struct mapped_device *pool_md, + return (struct pool *)pmd; + } + +- pool = kmalloc(sizeof(*pool), GFP_KERNEL); ++ pool = kzalloc(sizeof(*pool), GFP_KERNEL); + if (!pool) { + *error = "Error allocating memory for pool"; + err_p = ERR_PTR(-ENOMEM); +-- +2.20.1 + diff --git a/queue-4.14/efi-cper-fix-endianness-of-pcie-class-code.patch b/queue-4.14/efi-cper-fix-endianness-of-pcie-class-code.patch new file mode 100644 index 00000000000..8c2f8fe1ac8 --- /dev/null +++ b/queue-4.14/efi-cper-fix-endianness-of-pcie-class-code.patch @@ -0,0 +1,61 @@ +From 57beef6e12eeb34ed757425eda7638920351ba9d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 18:58:58 +0200 +Subject: efi/cper: Fix endianness of PCIe class code + +From: Lukas Wunner + +[ Upstream commit 6fb9367a15d1a126d222d738b2702c7958594a5f ] + +The CPER parser assumes that the class code is big endian, but at least +on this edk2-derived Intel Purley platform it's little endian: + + efi: EFI v2.50 by EDK II BIOS ID:PLYDCRB1.86B.0119.R05.1701181843 + DMI: Intel Corporation PURLEY/PURLEY, BIOS PLYDCRB1.86B.0119.R05.1701181843 01/18/2017 + + {1}[Hardware Error]: device_id: 0000:5d:00.0 + {1}[Hardware Error]: slot: 0 + {1}[Hardware Error]: secondary_bus: 0x5e + {1}[Hardware Error]: vendor_id: 0x8086, device_id: 0x2030 + {1}[Hardware Error]: class_code: 000406 + ^^^^^^ (should be 060400) + +Signed-off-by: Lukas Wunner +Signed-off-by: Ard Biesheuvel +Cc: Ben Dooks +Cc: Dave Young +Cc: Jarkko Sakkinen +Cc: Jerry Snitselaar +Cc: Linus Torvalds +Cc: Lyude Paul +Cc: Matthew Garrett +Cc: Octavian Purdila +Cc: Peter Jones +Cc: Peter Zijlstra +Cc: Scott Talbert +Cc: Thomas Gleixner +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Link: https://lkml.kernel.org/r/20191002165904.8819-2-ard.biesheuvel@linaro.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + drivers/firmware/efi/cper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/firmware/efi/cper.c b/drivers/firmware/efi/cper.c +index db404aab82b2a..209dc5aefc310 100644 +--- a/drivers/firmware/efi/cper.c ++++ b/drivers/firmware/efi/cper.c +@@ -498,7 +498,7 @@ static void cper_print_pcie(const char *pfx, const struct cper_sec_pcie *pcie, + printk("%s""vendor_id: 0x%04x, device_id: 0x%04x\n", pfx, + pcie->device_id.vendor_id, pcie->device_id.device_id); + p = pcie->device_id.class_code; +- printk("%s""class_code: %02x%02x%02x\n", pfx, p[0], p[1], p[2]); ++ printk("%s""class_code: %02x%02x%02x\n", pfx, p[2], p[1], p[0]); + } + if (pcie->validation_bits & CPER_PCIE_VALID_SERIAL_NUMBER) + printk("%s""serial number: 0x%04x, 0x%04x\n", pfx, +-- +2.20.1 + diff --git a/queue-4.14/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch b/queue-4.14/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch new file mode 100644 index 00000000000..8421f000220 --- /dev/null +++ b/queue-4.14/efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch @@ -0,0 +1,61 @@ +From a69930044a061b472f37680de5d6b3ccd0348b04 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 18:59:04 +0200 +Subject: efi/x86: Do not clean dummy variable in kexec path + +From: Dave Young + +[ Upstream commit 2ecb7402cfc7f22764e7bbc80790e66eadb20560 ] + +kexec reboot fails randomly in UEFI based KVM guest. The firmware +just resets while calling efi_delete_dummy_variable(); Unfortunately +I don't know how to debug the firmware, it is also possible a potential +problem on real hardware as well although nobody reproduced it. + +The intention of the efi_delete_dummy_variable is to trigger garbage collection +when entering virtual mode. But SetVirtualAddressMap can only run once +for each physical reboot, thus kexec_enter_virtual_mode() is not necessarily +a good place to clean a dummy object. + +Drop the efi_delete_dummy_variable so that kexec reboot can work. + +Signed-off-by: Dave Young +Signed-off-by: Ard Biesheuvel +Acked-by: Matthew Garrett +Cc: Ben Dooks +Cc: Jarkko Sakkinen +Cc: Jerry Snitselaar +Cc: Linus Torvalds +Cc: Lukas Wunner +Cc: Lyude Paul +Cc: Octavian Purdila +Cc: Peter Jones +Cc: Peter Zijlstra +Cc: Scott Talbert +Cc: Thomas Gleixner +Cc: linux-efi@vger.kernel.org +Cc: linux-integrity@vger.kernel.org +Link: https://lkml.kernel.org/r/20191002165904.8819-8-ard.biesheuvel@linaro.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/platform/efi/efi.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c +index 9061babfbc83d..335a62e74a2e9 100644 +--- a/arch/x86/platform/efi/efi.c ++++ b/arch/x86/platform/efi/efi.c +@@ -893,9 +893,6 @@ static void __init kexec_enter_virtual_mode(void) + + if (efi_enabled(EFI_OLD_MEMMAP) && (__supported_pte_mask & _PAGE_NX)) + runtime_code_page_mkexec(); +- +- /* clean DUMMY object */ +- efi_delete_dummy_variable(); + #endif + } + +-- +2.20.1 + diff --git a/queue-4.14/exec-load_script-do-not-exec-truncated-interpreter-p.patch b/queue-4.14/exec-load_script-do-not-exec-truncated-interpreter-p.patch new file mode 100644 index 00000000000..ccf2c219848 --- /dev/null +++ b/queue-4.14/exec-load_script-do-not-exec-truncated-interpreter-p.patch @@ -0,0 +1,119 @@ +From f1380967d3c4843872393a9126c919280b45c71c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Feb 2019 16:36:48 -0800 +Subject: exec: load_script: Do not exec truncated interpreter path + +From: Kees Cook + +[ Upstream commit b5372fe5dc84235dbe04998efdede3c4daa866a9 ] + +Commit 8099b047ecc4 ("exec: load_script: don't blindly truncate +shebang string") was trying to protect against a confused exec of a +truncated interpreter path. However, it was overeager and also refused +to truncate arguments as well, which broke userspace, and it was +reverted. This attempts the protection again, but allows arguments to +remain truncated. In an effort to improve readability, helper functions +and comments have been added. + +Co-developed-by: Linus Torvalds +Signed-off-by: Kees Cook +Cc: Andrew Morton +Cc: Oleg Nesterov +Cc: Samuel Dionne-Riel +Cc: Richard Weinberger +Cc: Graham Christensen +Cc: Michal Hocko +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/binfmt_script.c | 57 ++++++++++++++++++++++++++++++++++++++-------- + 1 file changed, 48 insertions(+), 9 deletions(-) + +diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c +index 7cde3f46ad263..e996174cbfc02 100644 +--- a/fs/binfmt_script.c ++++ b/fs/binfmt_script.c +@@ -14,13 +14,30 @@ + #include + #include + ++static inline bool spacetab(char c) { return c == ' ' || c == '\t'; } ++static inline char *next_non_spacetab(char *first, const char *last) ++{ ++ for (; first <= last; first++) ++ if (!spacetab(*first)) ++ return first; ++ return NULL; ++} ++static inline char *next_terminator(char *first, const char *last) ++{ ++ for (; first <= last; first++) ++ if (spacetab(*first) || !*first) ++ return first; ++ return NULL; ++} ++ + static int load_script(struct linux_binprm *bprm) + { + const char *i_arg, *i_name; +- char *cp; ++ char *cp, *buf_end; + struct file *file; + int retval; + ++ /* Not ours to exec if we don't start with "#!". */ + if ((bprm->buf[0] != '#') || (bprm->buf[1] != '!')) + return -ENOEXEC; + +@@ -33,18 +50,40 @@ static int load_script(struct linux_binprm *bprm) + if (bprm->interp_flags & BINPRM_FLAGS_PATH_INACCESSIBLE) + return -ENOENT; + +- /* +- * This section does the #! interpretation. +- * Sorta complicated, but hopefully it will work. -TYT +- */ +- ++ /* Release since we are not mapping a binary into memory. */ + allow_write_access(bprm->file); + fput(bprm->file); + bprm->file = NULL; + +- bprm->buf[BINPRM_BUF_SIZE - 1] = '\0'; +- if ((cp = strchr(bprm->buf, '\n')) == NULL) +- cp = bprm->buf+BINPRM_BUF_SIZE-1; ++ /* ++ * This section handles parsing the #! line into separate ++ * interpreter path and argument strings. We must be careful ++ * because bprm->buf is not yet guaranteed to be NUL-terminated ++ * (though the buffer will have trailing NUL padding when the ++ * file size was smaller than the buffer size). ++ * ++ * We do not want to exec a truncated interpreter path, so either ++ * we find a newline (which indicates nothing is truncated), or ++ * we find a space/tab/NUL after the interpreter path (which ++ * itself may be preceded by spaces/tabs). Truncating the ++ * arguments is fine: the interpreter can re-read the script to ++ * parse them on its own. ++ */ ++ buf_end = bprm->buf + sizeof(bprm->buf) - 1; ++ cp = strnchr(bprm->buf, sizeof(bprm->buf), '\n'); ++ if (!cp) { ++ cp = next_non_spacetab(bprm->buf + 2, buf_end); ++ if (!cp) ++ return -ENOEXEC; /* Entire buf is spaces/tabs */ ++ /* ++ * If there is no later space/tab/NUL we must assume the ++ * interpreter path is truncated. ++ */ ++ if (!next_terminator(cp, buf_end)) ++ return -ENOEXEC; ++ cp = buf_end; ++ } ++ /* NUL-terminate the buffer and any trailing spaces/tabs. */ + *cp = '\0'; + while (cp > bprm->buf) { + cp--; +-- +2.20.1 + diff --git a/queue-4.14/f2fs-flush-quota-blocks-after-turnning-it-off.patch b/queue-4.14/f2fs-flush-quota-blocks-after-turnning-it-off.patch new file mode 100644 index 00000000000..1827577a8d4 --- /dev/null +++ b/queue-4.14/f2fs-flush-quota-blocks-after-turnning-it-off.patch @@ -0,0 +1,40 @@ +From 5e1f5362953eaf2317e10e561f179be739c6b83a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 27 Jan 2019 17:59:53 -0800 +Subject: f2fs: flush quota blocks after turnning it off + +From: Jaegeuk Kim + +[ Upstream commit 0e0667b625cf64243df83171bff61f9d350b9ca5 ] + +After quota_off, we'll get some dirty blocks. If put_super don't have a chance +to flush them by checkpoint, it causes NULL pointer exception in end_io after +iput(node_inode). (e.g., by checkpoint=disable) + +Reviewed-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/super.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c +index e70975ca723b7..0f3209b23c940 100644 +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -1523,6 +1523,12 @@ void f2fs_quota_off_umount(struct super_block *sb) + set_sbi_flag(F2FS_SB(sb), SBI_NEED_FSCK); + } + } ++ /* ++ * In case of checkpoint=disable, we must flush quota blocks. ++ * This can cause NULL exception for node_inode in end_io, since ++ * put_super already dropped it. ++ */ ++ sync_filesystem(sb); + } + + int f2fs_get_projid(struct inode *inode, kprojid_t *projid) +-- +2.20.1 + diff --git a/queue-4.14/fs-cifs-mute-wunused-const-variable-message.patch b/queue-4.14/fs-cifs-mute-wunused-const-variable-message.patch new file mode 100644 index 00000000000..9162207a0c5 --- /dev/null +++ b/queue-4.14/fs-cifs-mute-wunused-const-variable-message.patch @@ -0,0 +1,43 @@ +From e660c08dcbb7d4b9c9315bc5054023f3dbd6c9d8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Oct 2019 16:34:13 +0900 +Subject: fs: cifs: mute -Wunused-const-variable message + +From: Austin Kim + +[ Upstream commit dd19c106a36690b47bb1acc68372f2b472b495b8 ] + +After 'Initial git repository build' commit, +'mapping_table_ERRHRD' variable has not been used. + +So 'mapping_table_ERRHRD' const variable could be removed +to mute below warning message: + + fs/cifs/netmisc.c:120:40: warning: unused variable 'mapping_table_ERRHRD' [-Wunused-const-variable] + static const struct smb_to_posix_error mapping_table_ERRHRD[] = { + ^ +Signed-off-by: Austin Kim +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/netmisc.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/fs/cifs/netmisc.c b/fs/cifs/netmisc.c +index cc88f4f0325ef..bed9733302279 100644 +--- a/fs/cifs/netmisc.c ++++ b/fs/cifs/netmisc.c +@@ -130,10 +130,6 @@ static const struct smb_to_posix_error mapping_table_ERRSRV[] = { + {0, 0} + }; + +-static const struct smb_to_posix_error mapping_table_ERRHRD[] = { +- {0, 0} +-}; +- + /* + * Convert a string containing text IPv4 or IPv6 address to binary form. + * +-- +2.20.1 + diff --git a/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch b/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch new file mode 100644 index 00000000000..b80bedb1481 --- /dev/null +++ b/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch @@ -0,0 +1,60 @@ +From 08b63b7f022f50c88587dfc9dd707dfee2d32730 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:54 -0700 +Subject: fs: ocfs2: fix a possible null-pointer dereference in + ocfs2_write_end_nolock() + +From: Jia-Ju Bai + +[ Upstream commit 583fee3e12df0e6f1f66f063b989d8e7fed0e65a ] + +In ocfs2_write_end_nolock(), there are an if statement on lines 1976, +2047 and 2058, to check whether handle is NULL: + + if (handle) + +When handle is NULL, it is used on line 2045: + + ocfs2_update_inode_fsync_trans(handle, inode, 1); + oi->i_sync_tid = handle->h_transaction->t_tid; + +Thus, a possible null-pointer dereference may occur. + +To fix this bug, handle is checked before calling +ocfs2_update_inode_fsync_trans(). + +This bug is found by a static analysis tool STCheck written by us. + +Link: http://lkml.kernel.org/r/20190726033705.32307-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/aops.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index ebeec7530cb60..7de0c9562b707 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2054,7 +2054,8 @@ out_write_size: + inode->i_mtime = inode->i_ctime = current_time(inode); + di->i_mtime = di->i_ctime = cpu_to_le64(inode->i_mtime.tv_sec); + di->i_mtime_nsec = di->i_ctime_nsec = cpu_to_le32(inode->i_mtime.tv_nsec); +- ocfs2_update_inode_fsync_trans(handle, inode, 1); ++ if (handle) ++ ocfs2_update_inode_fsync_trans(handle, inode, 1); + } + if (handle) + ocfs2_journal_dirty(handle, wc->w_di_bh); +-- +2.20.1 + diff --git a/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-2862 b/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-2862 new file mode 100644 index 00000000000..200fd043d23 --- /dev/null +++ b/queue-4.14/fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-2862 @@ -0,0 +1,59 @@ +From b759de4240785bdc852f30267780d6a203d084bb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:57 -0700 +Subject: fs: ocfs2: fix a possible null-pointer dereference in + ocfs2_info_scan_inode_alloc() + +From: Jia-Ju Bai + +[ Upstream commit 2abb7d3b12d007c30193f48bebed781009bebdd2 ] + +In ocfs2_info_scan_inode_alloc(), there is an if statement on line 283 +to check whether inode_alloc is NULL: + + if (inode_alloc) + +When inode_alloc is NULL, it is used on line 287: + + ocfs2_inode_lock(inode_alloc, &bh, 0); + ocfs2_inode_lock_full_nested(inode, ...) + struct ocfs2_super *osb = OCFS2_SB(inode->i_sb); + +Thus, a possible null-pointer dereference may occur. + +To fix this bug, inode_alloc is checked on line 286. + +This bug is found by a static analysis tool STCheck written by us. + +Link: http://lkml.kernel.org/r/20190726033717.32359-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c +index ab30c005cc4bc..9fa98abecfc6b 100644 +--- a/fs/ocfs2/ioctl.c ++++ b/fs/ocfs2/ioctl.c +@@ -290,7 +290,7 @@ static int ocfs2_info_scan_inode_alloc(struct ocfs2_super *osb, + if (inode_alloc) + inode_lock(inode_alloc); + +- if (o2info_coherent(&fi->ifi_req)) { ++ if (inode_alloc && o2info_coherent(&fi->ifi_req)) { + status = ocfs2_inode_lock(inode_alloc, &bh, 0); + if (status < 0) { + mlog_errno(status); +-- +2.20.1 + diff --git a/queue-4.14/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch b/queue-4.14/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch new file mode 100644 index 00000000000..9a15af350ff --- /dev/null +++ b/queue-4.14/fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch @@ -0,0 +1,131 @@ +From 8f2a542eb417acc714e4c94cd698bec59128e15a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:50 -0700 +Subject: fs: ocfs2: fix possible null-pointer dereferences in + ocfs2_xa_prepare_entry() + +From: Jia-Ju Bai + +[ Upstream commit 56e94ea132bb5c2c1d0b60a6aeb34dcb7d71a53d ] + +In ocfs2_xa_prepare_entry(), there is an if statement on line 2136 to +check whether loc->xl_entry is NULL: + + if (loc->xl_entry) + +When loc->xl_entry is NULL, it is used on line 2158: + + ocfs2_xa_add_entry(loc, name_hash); + loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash); + loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size); + +and line 2164: + + ocfs2_xa_add_namevalue(loc, xi); + loc->xl_entry->xe_value_size = cpu_to_le64(xi->xi_value_len); + loc->xl_entry->xe_name_len = xi->xi_name_len; + +Thus, possible null-pointer dereferences may occur. + +To fix these bugs, if loc-xl_entry is NULL, ocfs2_xa_prepare_entry() +abnormally returns with -EINVAL. + +These bugs are found by a static analysis tool STCheck written by us. + +[akpm@linux-foundation.org: remove now-unused ocfs2_xa_add_entry()] +Link: http://lkml.kernel.org/r/20190726101447.9153-1-baijiaju1990@gmail.com +Signed-off-by: Jia-Ju Bai +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: Stephen Rothwell +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/xattr.c | 56 ++++++++++++++++++++---------------------------- + 1 file changed, 23 insertions(+), 33 deletions(-) + +diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c +index 77740ef5a8e85..eca49da6d7e0d 100644 +--- a/fs/ocfs2/xattr.c ++++ b/fs/ocfs2/xattr.c +@@ -1497,18 +1497,6 @@ static int ocfs2_xa_check_space(struct ocfs2_xa_loc *loc, + return loc->xl_ops->xlo_check_space(loc, xi); + } + +-static void ocfs2_xa_add_entry(struct ocfs2_xa_loc *loc, u32 name_hash) +-{ +- loc->xl_ops->xlo_add_entry(loc, name_hash); +- loc->xl_entry->xe_name_hash = cpu_to_le32(name_hash); +- /* +- * We can't leave the new entry's xe_name_offset at zero or +- * add_namevalue() will go nuts. We set it to the size of our +- * storage so that it can never be less than any other entry. +- */ +- loc->xl_entry->xe_name_offset = cpu_to_le16(loc->xl_size); +-} +- + static void ocfs2_xa_add_namevalue(struct ocfs2_xa_loc *loc, + struct ocfs2_xattr_info *xi) + { +@@ -2140,29 +2128,31 @@ static int ocfs2_xa_prepare_entry(struct ocfs2_xa_loc *loc, + if (rc) + goto out; + +- if (loc->xl_entry) { +- if (ocfs2_xa_can_reuse_entry(loc, xi)) { +- orig_value_size = loc->xl_entry->xe_value_size; +- rc = ocfs2_xa_reuse_entry(loc, xi, ctxt); +- if (rc) +- goto out; +- goto alloc_value; +- } ++ if (!loc->xl_entry) { ++ rc = -EINVAL; ++ goto out; ++ } + +- if (!ocfs2_xattr_is_local(loc->xl_entry)) { +- orig_clusters = ocfs2_xa_value_clusters(loc); +- rc = ocfs2_xa_value_truncate(loc, 0, ctxt); +- if (rc) { +- mlog_errno(rc); +- ocfs2_xa_cleanup_value_truncate(loc, +- "overwriting", +- orig_clusters); +- goto out; +- } ++ if (ocfs2_xa_can_reuse_entry(loc, xi)) { ++ orig_value_size = loc->xl_entry->xe_value_size; ++ rc = ocfs2_xa_reuse_entry(loc, xi, ctxt); ++ if (rc) ++ goto out; ++ goto alloc_value; ++ } ++ ++ if (!ocfs2_xattr_is_local(loc->xl_entry)) { ++ orig_clusters = ocfs2_xa_value_clusters(loc); ++ rc = ocfs2_xa_value_truncate(loc, 0, ctxt); ++ if (rc) { ++ mlog_errno(rc); ++ ocfs2_xa_cleanup_value_truncate(loc, ++ "overwriting", ++ orig_clusters); ++ goto out; + } +- ocfs2_xa_wipe_namevalue(loc); +- } else +- ocfs2_xa_add_entry(loc, name_hash); ++ } ++ ocfs2_xa_wipe_namevalue(loc); + + /* + * If we get here, we have a blank entry. Fill it. We grow our +-- +2.20.1 + diff --git a/queue-4.14/gpio-max77620-use-correct-unit-for-debounce-times.patch b/queue-4.14/gpio-max77620-use-correct-unit-for-debounce-times.patch new file mode 100644 index 00000000000..a9325ec0019 --- /dev/null +++ b/queue-4.14/gpio-max77620-use-correct-unit-for-debounce-times.patch @@ -0,0 +1,45 @@ +From 7ffafb3e33ae3f4b0e63f7cc3569852d85006a23 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Oct 2019 14:28:23 +0200 +Subject: gpio: max77620: Use correct unit for debounce times + +From: Thierry Reding + +[ Upstream commit fffa6af94894126994a7600c6f6f09b892e89fa9 ] + +The gpiod_set_debounce() function takes the debounce time in +microseconds. Adjust the switch/case values in the MAX77620 GPIO to use +the correct unit. + +Signed-off-by: Thierry Reding +Link: https://lore.kernel.org/r/20191002122825.3948322-1-thierry.reding@gmail.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-max77620.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpio/gpio-max77620.c b/drivers/gpio/gpio-max77620.c +index 538bce4b5b427..ac6c1c0548b69 100644 +--- a/drivers/gpio/gpio-max77620.c ++++ b/drivers/gpio/gpio-max77620.c +@@ -163,13 +163,13 @@ static int max77620_gpio_set_debounce(struct max77620_gpio *mgpio, + case 0: + val = MAX77620_CNFG_GPIO_DBNC_None; + break; +- case 1 ... 8: ++ case 1000 ... 8000: + val = MAX77620_CNFG_GPIO_DBNC_8ms; + break; +- case 9 ... 16: ++ case 9000 ... 16000: + val = MAX77620_CNFG_GPIO_DBNC_16ms; + break; +- case 17 ... 32: ++ case 17000 ... 32000: + val = MAX77620_CNFG_GPIO_DBNC_32ms; + break; + default: +-- +2.20.1 + diff --git a/queue-4.14/hid-add-asus-t100chi-keyboard-dock-battery-quirks.patch b/queue-4.14/hid-add-asus-t100chi-keyboard-dock-battery-quirks.patch new file mode 100644 index 00000000000..05de1468a7f --- /dev/null +++ b/queue-4.14/hid-add-asus-t100chi-keyboard-dock-battery-quirks.patch @@ -0,0 +1,36 @@ +From c866a63009d0a49a2f0fd5c34de4107d983b2094 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 29 Jan 2019 13:31:05 +0900 +Subject: HID: Add ASUS T100CHI keyboard dock battery quirks + +From: NOGUCHI Hiroshi + +[ Upstream commit a767ffea05d2737f6542cd78458a84a157fa216d ] + +Add ASUS Transbook T100CHI/T90CHI keyboard dock into battery quirk list, in +order to add specific implementation in hid-asus. + +Signed-off-by: NOGUCHI Hiroshi +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-input.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c +index d723185de3ba2..9d24fb0715ba3 100644 +--- a/drivers/hid/hid-input.c ++++ b/drivers/hid/hid-input.c +@@ -328,6 +328,9 @@ static const struct hid_device_id hid_battery_quirks[] = { + { HID_USB_DEVICE(USB_VENDOR_ID_SYMBOL, + USB_DEVICE_ID_SYMBOL_SCANNER_3), + HID_BATTERY_QUIRK_IGNORE }, ++ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_ASUSTEK, ++ USB_DEVICE_ID_ASUSTEK_T100CHI_KEYBOARD), ++ HID_BATTERY_QUIRK_IGNORE }, + {} + }; + +-- +2.20.1 + diff --git a/queue-4.14/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch b/queue-4.14/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch new file mode 100644 index 00000000000..8be553e1700 --- /dev/null +++ b/queue-4.14/hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch @@ -0,0 +1,99 @@ +From 8a77f9b1fffb6559344b7d3912657a4b84c22129 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Aug 2019 02:56:34 +0000 +Subject: HID: hyperv: Use in-place iterator API in the channel callback + +From: Dexuan Cui + +[ Upstream commit 6a297c90efa68b2864483193b8bfb0d19478600c ] + +Simplify the ring buffer handling with the in-place API. + +Also avoid the dynamic allocation and the memory leak in the channel +callback function. + +Signed-off-by: Dexuan Cui +Acked-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-hyperv.c | 56 +++++++--------------------------------- + 1 file changed, 10 insertions(+), 46 deletions(-) + +diff --git a/drivers/hid/hid-hyperv.c b/drivers/hid/hid-hyperv.c +index 5f1de24206ab2..220b3e5c9c39d 100644 +--- a/drivers/hid/hid-hyperv.c ++++ b/drivers/hid/hid-hyperv.c +@@ -322,60 +322,24 @@ static void mousevsc_on_receive(struct hv_device *device, + + static void mousevsc_on_channel_callback(void *context) + { +- const int packet_size = 0x100; +- int ret; + struct hv_device *device = context; +- u32 bytes_recvd; +- u64 req_id; + struct vmpacket_descriptor *desc; +- unsigned char *buffer; +- int bufferlen = packet_size; +- +- buffer = kmalloc(bufferlen, GFP_ATOMIC); +- if (!buffer) +- return; +- +- do { +- ret = vmbus_recvpacket_raw(device->channel, buffer, +- bufferlen, &bytes_recvd, &req_id); +- +- switch (ret) { +- case 0: +- if (bytes_recvd <= 0) { +- kfree(buffer); +- return; +- } +- desc = (struct vmpacket_descriptor *)buffer; +- +- switch (desc->type) { +- case VM_PKT_COMP: +- break; +- +- case VM_PKT_DATA_INBAND: +- mousevsc_on_receive(device, desc); +- break; +- +- default: +- pr_err("unhandled packet type %d, tid %llx len %d\n", +- desc->type, req_id, bytes_recvd); +- break; +- } + ++ foreach_vmbus_pkt(desc, device->channel) { ++ switch (desc->type) { ++ case VM_PKT_COMP: + break; + +- case -ENOBUFS: +- kfree(buffer); +- /* Handle large packet */ +- bufferlen = bytes_recvd; +- buffer = kmalloc(bytes_recvd, GFP_ATOMIC); +- +- if (!buffer) +- return; ++ case VM_PKT_DATA_INBAND: ++ mousevsc_on_receive(device, desc); ++ break; + ++ default: ++ pr_err("Unhandled packet type %d, tid %llx len %d\n", ++ desc->type, desc->trans_id, desc->len8 * 8); + break; + } +- } while (1); +- ++ } + } + + static int mousevsc_connect_to_vsp(struct hv_device *device) +-- +2.20.1 + diff --git a/queue-4.14/hid-i2c-hid-add-direkt-tek-dtlapy133-1-to-descriptor.patch b/queue-4.14/hid-i2c-hid-add-direkt-tek-dtlapy133-1-to-descriptor.patch new file mode 100644 index 00000000000..283688ef50c --- /dev/null +++ b/queue-4.14/hid-i2c-hid-add-direkt-tek-dtlapy133-1-to-descriptor.patch @@ -0,0 +1,42 @@ +From 3ca0cf6fdd78c18c3445b240ab4d4f0c576c1a01 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Oct 2018 22:40:26 +0200 +Subject: HID: i2c-hid: add Direkt-Tek DTLAPY133-1 to descriptor override + +From: Julian Sax + +[ Upstream commit 399474e4c1100bca264ed14fa3ad0d68fab484d8 ] + +This device uses the SIPODEV SP1064 touchpad, which does not +supply descriptors, so it has to be added to the override list. + +Reported-by: Tim Aldridge +Signed-off-by: Julian Sax +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c +index cac262a912c12..89f2976f9c534 100644 +--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c ++++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c +@@ -330,6 +330,14 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = { + }, + .driver_data = (void *)&sipodev_desc + }, ++ { ++ .ident = "Direkt-Tek DTLAPY133-1", ++ .matches = { ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Direkt-Tek"), ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "DTLAPY133-1"), ++ }, ++ .driver_data = (void *)&sipodev_desc ++ }, + { + .ident = "Mediacom Flexbook Edge 11", + .matches = { +-- +2.20.1 + diff --git a/queue-4.14/hid-i2c-hid-add-odys-winbook-13-to-descriptor-overri.patch b/queue-4.14/hid-i2c-hid-add-odys-winbook-13-to-descriptor-overri.patch new file mode 100644 index 00000000000..f92b8e39846 --- /dev/null +++ b/queue-4.14/hid-i2c-hid-add-odys-winbook-13-to-descriptor-overri.patch @@ -0,0 +1,44 @@ +From b0a9d31828d2e78d6e97a0617a9a0c7cc43ec640 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Dec 2018 15:31:56 +0100 +Subject: HID: i2c-hid: Add Odys Winbook 13 to descriptor override + +From: Hans de Goede + +[ Upstream commit f8f807441eefddc3c6d8a378421f0ede6361d565 ] + +The Odys Winbook 13 uses a SIPODEV SP1064 touchpad, which does not +supply descriptors, add this to the DMI descriptor override list, fixing +the touchpad not working. + +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1526312 +Reported-by: Rene Wagner +Signed-off-by: Hans de Goede +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c +index 89f2976f9c534..fd1b6eea6d2fd 100644 +--- a/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c ++++ b/drivers/hid/i2c-hid/i2c-hid-dmi-quirks.c +@@ -346,6 +346,14 @@ static const struct dmi_system_id i2c_hid_dmi_desc_override_table[] = { + }, + .driver_data = (void *)&sipodev_desc + }, ++ { ++ .ident = "Odys Winbook 13", ++ .matches = { ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "AXDIA International GmbH"), ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "WINBOOK 13"), ++ }, ++ .driver_data = (void *)&sipodev_desc ++ }, + { } /* Terminate list */ + }; + +-- +2.20.1 + diff --git a/queue-4.14/iio-adc-meson_saradc-fix-memory-allocation-order.patch b/queue-4.14/iio-adc-meson_saradc-fix-memory-allocation-order.patch new file mode 100644 index 00000000000..c5691be69a2 --- /dev/null +++ b/queue-4.14/iio-adc-meson_saradc-fix-memory-allocation-order.patch @@ -0,0 +1,60 @@ +From dd2a9129a4feabc31814a5d2416997f8c642233f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 1 Sep 2019 12:54:10 +0200 +Subject: iio: adc: meson_saradc: Fix memory allocation order + +From: Remi Pommarel + +[ Upstream commit de10ac47597e7a3596b27631d0d5ce5f48d2c099 ] + +meson_saradc's irq handler uses priv->regmap so make sure that it is +allocated before the irq get enabled. + +This also fixes crash when CONFIG_DEBUG_SHIRQ is enabled, as device +managed resources are freed in the inverted order they had been +allocated, priv->regmap was freed before the spurious fake irq that +CONFIG_DEBUG_SHIRQ adds called the handler. + +Fixes: 3af109131b7eb8 ("iio: adc: meson-saradc: switch from polling to interrupt mode") +Reported-by: Elie Roudninski +Signed-off-by: Remi Pommarel +Reviewed-by: Martin Blumenstingl +Tested-by: Elie ROUDNINSKI +Reviewed-by: Kevin Hilman +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/adc/meson_saradc.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/iio/adc/meson_saradc.c b/drivers/iio/adc/meson_saradc.c +index 2515badf8b280..9b2121f249263 100644 +--- a/drivers/iio/adc/meson_saradc.c ++++ b/drivers/iio/adc/meson_saradc.c +@@ -976,6 +976,11 @@ static int meson_sar_adc_probe(struct platform_device *pdev) + if (IS_ERR(base)) + return PTR_ERR(base); + ++ priv->regmap = devm_regmap_init_mmio(&pdev->dev, base, ++ priv->data->regmap_config); ++ if (IS_ERR(priv->regmap)) ++ return PTR_ERR(priv->regmap); ++ + irq = irq_of_parse_and_map(pdev->dev.of_node, 0); + if (!irq) + return -EINVAL; +@@ -985,11 +990,6 @@ static int meson_sar_adc_probe(struct platform_device *pdev) + if (ret) + return ret; + +- priv->regmap = devm_regmap_init_mmio(&pdev->dev, base, +- priv->data->regmap_config); +- if (IS_ERR(priv->regmap)) +- return PTR_ERR(priv->regmap); +- + priv->clkin = devm_clk_get(&pdev->dev, "clkin"); + if (IS_ERR(priv->clkin)) { + dev_err(&pdev->dev, "failed to get clkin\n"); +-- +2.20.1 + diff --git a/queue-4.14/iio-fix-center-temperature-of-bmc150-accel-core.patch b/queue-4.14/iio-fix-center-temperature-of-bmc150-accel-core.patch new file mode 100644 index 00000000000..ecc180186a6 --- /dev/null +++ b/queue-4.14/iio-fix-center-temperature-of-bmc150-accel-core.patch @@ -0,0 +1,39 @@ +From 5ba5d200db0686dcb29477665035ad8fb9ac73bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Aug 2019 07:29:41 +0200 +Subject: iio: fix center temperature of bmc150-accel-core + +From: Pascal Bouwmann + +[ Upstream commit 6c59a962e081df6d8fe43325bbfabec57e0d4751 ] + +The center temperature of the supported devices stored in the constant +BMC150_ACCEL_TEMP_CENTER_VAL is not 24 degrees but 23 degrees. + +It seems that some datasheets were inconsistent on this value leading +to the error. For most usecases will only make minor difference so +not queued for stable. + +Signed-off-by: Pascal Bouwmann +Signed-off-by: Jonathan Cameron +Signed-off-by: Sasha Levin +--- + drivers/iio/accel/bmc150-accel-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/accel/bmc150-accel-core.c b/drivers/iio/accel/bmc150-accel-core.c +index 807299dd45ebf..7e86a5b7ec4e8 100644 +--- a/drivers/iio/accel/bmc150-accel-core.c ++++ b/drivers/iio/accel/bmc150-accel-core.c +@@ -125,7 +125,7 @@ + #define BMC150_ACCEL_SLEEP_1_SEC 0x0F + + #define BMC150_ACCEL_REG_TEMP 0x08 +-#define BMC150_ACCEL_TEMP_CENTER_VAL 24 ++#define BMC150_ACCEL_TEMP_CENTER_VAL 23 + + #define BMC150_ACCEL_AXIS_TO_REG(axis) (BMC150_ACCEL_REG_XOUT_L + (axis * 2)) + #define BMC150_AUTO_SUSPEND_DELAY_MS 2000 +-- +2.20.1 + diff --git a/queue-4.14/libsubcmd-make-_fortify_source-defines-dependent-on-.patch b/queue-4.14/libsubcmd-make-_fortify_source-defines-dependent-on-.patch new file mode 100644 index 00000000000..020836880e0 --- /dev/null +++ b/queue-4.14/libsubcmd-make-_fortify_source-defines-dependent-on-.patch @@ -0,0 +1,52 @@ +From 8cce408279dcdb7f4026b175686c1d5d40c85c56 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 12:59:23 -0700 +Subject: libsubcmd: Make _FORTIFY_SOURCE defines dependent on the feature + +From: Ian Rogers + +[ Upstream commit 4b0b2b096da9d296e0e5668cdfba8613bd6f5bc8 ] + +Unconditionally defining _FORTIFY_SOURCE can break tools that don't work +with it, such as memory sanitizers: + + https://github.com/google/sanitizers/wiki/AddressSanitizer#faq + +Fixes: 4b6ab94eabe4 ("perf subcmd: Create subcmd library") +Signed-off-by: Ian Rogers +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Josh Poimboeuf +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Link: http://lore.kernel.org/lkml/20190925195924.152834-1-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/lib/subcmd/Makefile | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/tools/lib/subcmd/Makefile b/tools/lib/subcmd/Makefile +index ed61fb3a46c08..5b2cd5e58df09 100644 +--- a/tools/lib/subcmd/Makefile ++++ b/tools/lib/subcmd/Makefile +@@ -20,7 +20,13 @@ MAKEFLAGS += --no-print-directory + LIBFILE = $(OUTPUT)libsubcmd.a + + CFLAGS := $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) +-CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIC ++CFLAGS += -ggdb3 -Wall -Wextra -std=gnu99 -fPIC ++ ++ifeq ($(DEBUG),0) ++ ifeq ($(feature-fortify-source), 1) ++ CFLAGS += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 ++ endif ++endif + + ifeq ($(CC_NO_CLANG), 0) + CFLAGS += -O3 +-- +2.20.1 + diff --git a/queue-4.14/media-vimc-remove-unused-but-set-variables.patch b/queue-4.14/media-vimc-remove-unused-but-set-variables.patch new file mode 100644 index 00000000000..f8cf1b55df1 --- /dev/null +++ b/queue-4.14/media-vimc-remove-unused-but-set-variables.patch @@ -0,0 +1,44 @@ +From 6fcff5eff0cbe78d879a77ac7b9059b5d7fe36f8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 7 Feb 2019 18:59:41 -0500 +Subject: media: vimc: Remove unused but set variables +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Lucas A. M. Magalhães + +[ Upstream commit 5515e414f42bf2769caae15b634004d456658284 ] + +Remove unused but set variables to clean up the code and avoid +warning. + +Signed-off-by: Lucas A. M. Magalhães +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Sasha Levin +--- + drivers/media/platform/vimc/vimc-sensor.c | 7 ------- + 1 file changed, 7 deletions(-) + +diff --git a/drivers/media/platform/vimc/vimc-sensor.c b/drivers/media/platform/vimc/vimc-sensor.c +index 70cee5c0c89a5..29a16f8a4123c 100644 +--- a/drivers/media/platform/vimc/vimc-sensor.c ++++ b/drivers/media/platform/vimc/vimc-sensor.c +@@ -200,13 +200,6 @@ static void *vimc_sen_process_frame(struct vimc_ent_device *ved, + { + struct vimc_sen_device *vsen = container_of(ved, struct vimc_sen_device, + ved); +- const struct vimc_pix_map *vpix; +- unsigned int frame_size; +- +- /* Calculate the frame size */ +- vpix = vimc_pix_map_by_code(vsen->mbus_format.code); +- frame_size = vsen->mbus_format.width * vpix->bpp * +- vsen->mbus_format.height; + + tpg_fill_plane_buffer(&vsen->tpg, 0, 0, vsen->frame); + return vsen->frame; +-- +2.20.1 + diff --git a/queue-4.14/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch b/queue-4.14/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch new file mode 100644 index 00000000000..2773e06cec2 --- /dev/null +++ b/queue-4.14/mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch @@ -0,0 +1,38 @@ +From 6cfc7d1a4aae8bdebf4a73850506c8ccde01a00f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2019 17:10:56 +0200 +Subject: MIPS: fw: sni: Fix out of bounds init of o32 stack + +From: Thomas Bogendoerfer + +[ Upstream commit efcb529694c3b707dc0471b312944337ba16e4dd ] + +Use ARRAY_SIZE to caluculate the top of the o32 stack. + +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/fw/sni/sniprom.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/mips/fw/sni/sniprom.c b/arch/mips/fw/sni/sniprom.c +index 6aa264b9856ac..7c6151d412bd7 100644 +--- a/arch/mips/fw/sni/sniprom.c ++++ b/arch/mips/fw/sni/sniprom.c +@@ -42,7 +42,7 @@ + + /* O32 stack has to be 8-byte aligned. */ + static u64 o32_stk[4096]; +-#define O32_STK &o32_stk[sizeof(o32_stk)] ++#define O32_STK (&o32_stk[ARRAY_SIZE(o32_stk)]) + + #define __PROM_O32(fun, arg) fun arg __asm__(#fun); \ + __asm__(#fun " = call_o32") +-- +2.20.1 + diff --git a/queue-4.14/mips-include-mark-__cmpxchg-as-__always_inline.patch b/queue-4.14/mips-include-mark-__cmpxchg-as-__always_inline.patch new file mode 100644 index 00000000000..cd887930cc6 --- /dev/null +++ b/queue-4.14/mips-include-mark-__cmpxchg-as-__always_inline.patch @@ -0,0 +1,47 @@ +From 07f44940bcf6edce85118d51544fcde67d9e9fe6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 15:12:32 +0200 +Subject: MIPS: include: Mark __cmpxchg as __always_inline + +From: Thomas Bogendoerfer + +[ Upstream commit 88356d09904bc606182c625575237269aeece22e ] + +Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING +forcibly") allows compiler to uninline functions marked as 'inline'. +In cace of cmpxchg this would cause to reference function +__cmpxchg_called_with_bad_pointer, which is a error case +for catching bugs and will not happen for correct code, if +__cmpxchg is inlined. + +Signed-off-by: Thomas Bogendoerfer +[paul.burton@mips.com: s/__cmpxchd/__cmpxchg in subject] +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/cmpxchg.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h +index 89e9fb7976fe6..895f91b9e89c3 100644 +--- a/arch/mips/include/asm/cmpxchg.h ++++ b/arch/mips/include/asm/cmpxchg.h +@@ -146,8 +146,9 @@ static inline unsigned long __xchg(volatile void *ptr, unsigned long x, + extern unsigned long __cmpxchg_small(volatile void *ptr, unsigned long old, + unsigned long new, unsigned int size); + +-static inline unsigned long __cmpxchg(volatile void *ptr, unsigned long old, +- unsigned long new, unsigned int size) ++static __always_inline ++unsigned long __cmpxchg(volatile void *ptr, unsigned long old, ++ unsigned long new, unsigned int size) + { + switch (size) { + case 1: +-- +2.20.1 + diff --git a/queue-4.14/mips-include-mark-__xchg-as-__always_inline.patch b/queue-4.14/mips-include-mark-__xchg-as-__always_inline.patch new file mode 100644 index 00000000000..f3b8bb73fa3 --- /dev/null +++ b/queue-4.14/mips-include-mark-__xchg-as-__always_inline.patch @@ -0,0 +1,49 @@ +From cdfba07b47301536fa62014d74e3b7f08f8b06e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Oct 2019 12:06:00 +0200 +Subject: MIPS: include: Mark __xchg as __always_inline +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Bogendoerfer + +[ Upstream commit 46f1619500d022501a4f0389f9f4c349ab46bb86 ] + +Commit ac7c3e4ff401 ("compiler: enable CONFIG_OPTIMIZE_INLINING +forcibly") allows compiler to uninline functions marked as 'inline'. +In cace of __xchg this would cause to reference function +__xchg_called_with_bad_pointer, which is an error case +for catching bugs and will not happen for correct code, if +__xchg is inlined. + +Signed-off-by: Thomas Bogendoerfer +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Paul Burton +Cc: Ralf Baechle +Cc: James Hogan +Cc: linux-mips@vger.kernel.org +Cc: linux-kernel@vger.kernel.org +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/cmpxchg.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/include/asm/cmpxchg.h b/arch/mips/include/asm/cmpxchg.h +index 895f91b9e89c3..520ca166cbed5 100644 +--- a/arch/mips/include/asm/cmpxchg.h ++++ b/arch/mips/include/asm/cmpxchg.h +@@ -73,8 +73,8 @@ extern unsigned long __xchg_called_with_bad_pointer(void) + extern unsigned long __xchg_small(volatile void *ptr, unsigned long val, + unsigned int size); + +-static inline unsigned long __xchg(volatile void *ptr, unsigned long x, +- int size) ++static __always_inline ++unsigned long __xchg(volatile void *ptr, unsigned long x, int size) + { + switch (size) { + case 1: +-- +2.20.1 + diff --git a/queue-4.14/mlxsw-spectrum-set-lag-port-collector-only-when-acti.patch b/queue-4.14/mlxsw-spectrum-set-lag-port-collector-only-when-acti.patch new file mode 100644 index 00000000000..474a6aed1d2 --- /dev/null +++ b/queue-4.14/mlxsw-spectrum-set-lag-port-collector-only-when-acti.patch @@ -0,0 +1,134 @@ +From 3ed7d80234dc0814f1d9deaf94a396cb2b19c069 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Feb 2019 16:29:51 +0000 +Subject: mlxsw: spectrum: Set LAG port collector only when active + +From: Nir Dotan + +[ Upstream commit 48ebab31d424fbdb8ede8914923bec671a933246 ] + +The LAG port collecting (receive) function was mistakenly set when the +port was registered as a LAG member, while it should be set only when +the port collection state is set to true. Set LAG port to collecting +when it is set to distributing, as described in the IEEE link +aggregation standard coupled control mux machine state diagram. + +Signed-off-by: Nir Dotan +Acked-by: Jiri Pirko +Signed-off-by: Ido Schimmel +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + .../net/ethernet/mellanox/mlxsw/spectrum.c | 62 ++++++++++++++----- + 1 file changed, 45 insertions(+), 17 deletions(-) + +diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +index 5c74787f903b7..a909aa315a92a 100644 +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum.c ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum.c +@@ -4077,9 +4077,6 @@ static int mlxsw_sp_port_lag_join(struct mlxsw_sp_port *mlxsw_sp_port, + err = mlxsw_sp_lag_col_port_add(mlxsw_sp_port, lag_id, port_index); + if (err) + goto err_col_port_add; +- err = mlxsw_sp_lag_col_port_enable(mlxsw_sp_port, lag_id); +- if (err) +- goto err_col_port_enable; + + mlxsw_core_lag_mapping_set(mlxsw_sp->core, lag_id, port_index, + mlxsw_sp_port->local_port); +@@ -4094,8 +4091,6 @@ static int mlxsw_sp_port_lag_join(struct mlxsw_sp_port *mlxsw_sp_port, + + return 0; + +-err_col_port_enable: +- mlxsw_sp_lag_col_port_remove(mlxsw_sp_port, lag_id); + err_col_port_add: + if (!lag->ref_count) + mlxsw_sp_lag_destroy(mlxsw_sp, lag_id); +@@ -4114,7 +4109,6 @@ static void mlxsw_sp_port_lag_leave(struct mlxsw_sp_port *mlxsw_sp_port, + lag = mlxsw_sp_lag_get(mlxsw_sp, lag_id); + WARN_ON(lag->ref_count == 0); + +- mlxsw_sp_lag_col_port_disable(mlxsw_sp_port, lag_id); + mlxsw_sp_lag_col_port_remove(mlxsw_sp_port, lag_id); + + /* Any VLANs configured on the port are no longer valid */ +@@ -4159,21 +4153,56 @@ static int mlxsw_sp_lag_dist_port_remove(struct mlxsw_sp_port *mlxsw_sp_port, + return mlxsw_reg_write(mlxsw_sp->core, MLXSW_REG(sldr), sldr_pl); + } + +-static int mlxsw_sp_port_lag_tx_en_set(struct mlxsw_sp_port *mlxsw_sp_port, +- bool lag_tx_enabled) ++static int ++mlxsw_sp_port_lag_col_dist_enable(struct mlxsw_sp_port *mlxsw_sp_port) + { +- if (lag_tx_enabled) +- return mlxsw_sp_lag_dist_port_add(mlxsw_sp_port, +- mlxsw_sp_port->lag_id); +- else +- return mlxsw_sp_lag_dist_port_remove(mlxsw_sp_port, +- mlxsw_sp_port->lag_id); ++ int err; ++ ++ err = mlxsw_sp_lag_col_port_enable(mlxsw_sp_port, ++ mlxsw_sp_port->lag_id); ++ if (err) ++ return err; ++ ++ err = mlxsw_sp_lag_dist_port_add(mlxsw_sp_port, mlxsw_sp_port->lag_id); ++ if (err) ++ goto err_dist_port_add; ++ ++ return 0; ++ ++err_dist_port_add: ++ mlxsw_sp_lag_col_port_disable(mlxsw_sp_port, mlxsw_sp_port->lag_id); ++ return err; ++} ++ ++static int ++mlxsw_sp_port_lag_col_dist_disable(struct mlxsw_sp_port *mlxsw_sp_port) ++{ ++ int err; ++ ++ err = mlxsw_sp_lag_dist_port_remove(mlxsw_sp_port, ++ mlxsw_sp_port->lag_id); ++ if (err) ++ return err; ++ ++ err = mlxsw_sp_lag_col_port_disable(mlxsw_sp_port, ++ mlxsw_sp_port->lag_id); ++ if (err) ++ goto err_col_port_disable; ++ ++ return 0; ++ ++err_col_port_disable: ++ mlxsw_sp_lag_dist_port_add(mlxsw_sp_port, mlxsw_sp_port->lag_id); ++ return err; + } + + static int mlxsw_sp_port_lag_changed(struct mlxsw_sp_port *mlxsw_sp_port, + struct netdev_lag_lower_state_info *info) + { +- return mlxsw_sp_port_lag_tx_en_set(mlxsw_sp_port, info->tx_enabled); ++ if (info->tx_enabled) ++ return mlxsw_sp_port_lag_col_dist_enable(mlxsw_sp_port); ++ else ++ return mlxsw_sp_port_lag_col_dist_disable(mlxsw_sp_port); + } + + static int mlxsw_sp_port_stp_set(struct mlxsw_sp_port *mlxsw_sp_port, +@@ -4309,8 +4338,7 @@ static int mlxsw_sp_netdevice_port_upper_event(struct net_device *lower_dev, + err = mlxsw_sp_port_lag_join(mlxsw_sp_port, + upper_dev); + } else { +- mlxsw_sp_port_lag_tx_en_set(mlxsw_sp_port, +- false); ++ mlxsw_sp_port_lag_col_dist_disable(mlxsw_sp_port); + mlxsw_sp_port_lag_leave(mlxsw_sp_port, + upper_dev); + } +-- +2.20.1 + diff --git a/queue-4.14/nbd-fix-possible-sysfs-duplicate-warning.patch b/queue-4.14/nbd-fix-possible-sysfs-duplicate-warning.patch new file mode 100644 index 00000000000..1848369b5f8 --- /dev/null +++ b/queue-4.14/nbd-fix-possible-sysfs-duplicate-warning.patch @@ -0,0 +1,49 @@ +From aaee5fa3769f0d6462dd95c79361a968caa7a389 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Sep 2019 11:44:27 +0530 +Subject: nbd: fix possible sysfs duplicate warning + +From: Xiubo Li + +[ Upstream commit 862488105b84ca744b3d8ff131e0fcfe10644be1 ] + +1. nbd_put takes the mutex and drops nbd->ref to 0. It then does +idr_remove and drops the mutex. + +2. nbd_genl_connect takes the mutex. idr_find/idr_for_each fails +to find an existing device, so it does nbd_dev_add. + +3. just before the nbd_put could call nbd_dev_remove or not finished +totally, but if nbd_dev_add try to add_disk, we can hit: + +debugfs: Directory 'nbd1' with parent 'block' already present! + +This patch will make sure all the disk add/remove stuff are done +by holding the nbd_index_mutex lock. + +Reported-by: Mike Christie +Reviewed-by: Josef Bacik +Signed-off-by: Xiubo Li +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/block/nbd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c +index a234600849558..3e45004407963 100644 +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -228,8 +228,8 @@ static void nbd_put(struct nbd_device *nbd) + if (refcount_dec_and_mutex_lock(&nbd->refs, + &nbd_index_mutex)) { + idr_remove(&nbd_index_idr, nbd->index); +- mutex_unlock(&nbd_index_mutex); + nbd_dev_remove(nbd); ++ mutex_unlock(&nbd_index_mutex); + } + } + +-- +2.20.1 + diff --git a/queue-4.14/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch b/queue-4.14/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch new file mode 100644 index 00000000000..313bebb0d07 --- /dev/null +++ b/queue-4.14/nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch @@ -0,0 +1,91 @@ +From 0230030b379fbdb03b8a70bf166f2f078441ea0b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Sep 2019 14:29:38 +0800 +Subject: nfs: Fix nfsi->nrequests count error on nfs_inode_remove_request + +From: ZhangXiaoxu + +[ Upstream commit 33ea5aaa87cdae0f9af4d6b7ee4f650a1a36fd1d ] + +When xfstests testing, there are some WARNING as below: + +WARNING: CPU: 0 PID: 6235 at fs/nfs/inode.c:122 nfs_clear_inode+0x9c/0xd8 +Modules linked in: +CPU: 0 PID: 6235 Comm: umount.nfs +Hardware name: linux,dummy-virt (DT) +pstate: 60000005 (nZCv daif -PAN -UAO) +pc : nfs_clear_inode+0x9c/0xd8 +lr : nfs_evict_inode+0x60/0x78 +sp : fffffc000f68fc00 +x29: fffffc000f68fc00 x28: fffffe00c53155c0 +x27: fffffe00c5315000 x26: fffffc0009a63748 +x25: fffffc000f68fd18 x24: fffffc000bfaaf40 +x23: fffffc000936d3c0 x22: fffffe00c4ff5e20 +x21: fffffc000bfaaf40 x20: fffffe00c4ff5d10 +x19: fffffc000c056000 x18: 000000000000003c +x17: 0000000000000000 x16: 0000000000000000 +x15: 0000000000000040 x14: 0000000000000228 +x13: fffffc000c3a2000 x12: 0000000000000045 +x11: 0000000000000000 x10: 0000000000000000 +x9 : 0000000000000000 x8 : 0000000000000000 +x7 : 0000000000000000 x6 : fffffc00084b027c +x5 : fffffc0009a64000 x4 : fffffe00c0e77400 +x3 : fffffc000c0563a8 x2 : fffffffffffffffb +x1 : 000000000000764e x0 : 0000000000000001 +Call trace: + nfs_clear_inode+0x9c/0xd8 + nfs_evict_inode+0x60/0x78 + evict+0x108/0x380 + dispose_list+0x70/0xa0 + evict_inodes+0x194/0x210 + generic_shutdown_super+0xb0/0x220 + nfs_kill_super+0x40/0x88 + deactivate_locked_super+0xb4/0x120 + deactivate_super+0x144/0x160 + cleanup_mnt+0x98/0x148 + __cleanup_mnt+0x38/0x50 + task_work_run+0x114/0x160 + do_notify_resume+0x2f8/0x308 + work_pending+0x8/0x14 + +The nrequest should be increased/decreased only if PG_INODE_REF flag +was setted. + +But in the nfs_inode_remove_request function, it maybe decrease when +no PG_INODE_REF flag, this maybe lead nrequests count error. + +Reported-by: Hulk Robot +Signed-off-by: ZhangXiaoxu +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/write.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/fs/nfs/write.c b/fs/nfs/write.c +index 3c1e46f4bce32..01b9d9341b541 100644 +--- a/fs/nfs/write.c ++++ b/fs/nfs/write.c +@@ -783,7 +783,6 @@ static void nfs_inode_remove_request(struct nfs_page *req) + struct nfs_inode *nfsi = NFS_I(inode); + struct nfs_page *head; + +- atomic_long_dec(&nfsi->nrequests); + if (nfs_page_group_sync_on_bit(req, PG_REMOVE)) { + head = req->wb_head; + +@@ -796,8 +795,10 @@ static void nfs_inode_remove_request(struct nfs_page *req) + spin_unlock(&mapping->private_lock); + } + +- if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) ++ if (test_and_clear_bit(PG_INODE_REF, &req->wb_flags)) { + nfs_release_request(req); ++ atomic_long_dec(&nfsi->nrequests); ++ } + } + + static void +-- +2.20.1 + diff --git a/queue-4.14/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch b/queue-4.14/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch new file mode 100644 index 00000000000..3fb1ab12079 --- /dev/null +++ b/queue-4.14/nfsv4-fix-leak-of-clp-cl_acceptor-string.patch @@ -0,0 +1,60 @@ +From ce3f8a9180700605e5a38476eb787cb988f75c22 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 4 Oct 2019 09:58:54 -0400 +Subject: NFSv4: Fix leak of clp->cl_acceptor string + +From: Chuck Lever + +[ Upstream commit 1047ec868332034d1fbcb2fae19fe6d4cb869ff2 ] + +Our client can issue multiple SETCLIENTID operations to the same +server in some circumstances. Ensure that calls to +nfs4_proc_setclientid() after the first one do not overwrite the +previously allocated cl_acceptor string. + +unreferenced object 0xffff888461031800 (size 32): + comm "mount.nfs", pid 2227, jiffies 4294822467 (age 1407.749s) + hex dump (first 32 bytes): + 6e 66 73 40 6b 6c 69 6d 74 2e 69 62 2e 31 30 31 nfs@klimt.ib.101 + 35 67 72 61 6e 67 65 72 2e 6e 65 74 00 00 00 00 5granger.net.... + backtrace: + [<00000000ab820188>] __kmalloc+0x128/0x176 + [<00000000eeaf4ec8>] gss_stringify_acceptor+0xbd/0x1a7 [auth_rpcgss] + [<00000000e85e3382>] nfs4_proc_setclientid+0x34e/0x46c [nfsv4] + [<000000003d9cf1fa>] nfs40_discover_server_trunking+0x7a/0xed [nfsv4] + [<00000000b81c3787>] nfs4_discover_server_trunking+0x81/0x244 [nfsv4] + [<000000000801b55f>] nfs4_init_client+0x1b0/0x238 [nfsv4] + [<00000000977daf7f>] nfs4_set_client+0xfe/0x14d [nfsv4] + [<0000000053a68a2a>] nfs4_create_server+0x107/0x1db [nfsv4] + [<0000000088262019>] nfs4_remote_mount+0x2c/0x59 [nfsv4] + [<00000000e84a2fd0>] legacy_get_tree+0x2d/0x4c + [<00000000797e947c>] vfs_get_tree+0x20/0xc7 + [<00000000ecabaaa8>] fc_mount+0xe/0x36 + [<00000000f15fafc2>] vfs_kern_mount+0x74/0x8d + [<00000000a3ff4e26>] nfs_do_root_mount+0x8a/0xa3 [nfsv4] + [<00000000d1c2b337>] nfs4_try_mount+0x58/0xad [nfsv4] + [<000000004c9bddee>] nfs_fs_mount+0x820/0x869 [nfs] + +Fixes: f11b2a1cfbf5 ("nfs4: copy acceptor name from context ... ") +Signed-off-by: Chuck Lever +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 6409ff4876cb5..af062e9f45803 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5655,6 +5655,7 @@ int nfs4_proc_setclientid(struct nfs_client *clp, u32 program, + } + status = task->tk_status; + if (setclientid.sc_cred) { ++ kfree(clp->cl_acceptor); + clp->cl_acceptor = rpcauth_stringify_acceptor(setclientid.sc_cred); + put_rpccred(setclientid.sc_cred); + } +-- +2.20.1 + diff --git a/queue-4.14/ocfs2-clear-zero-in-unaligned-direct-io.patch b/queue-4.14/ocfs2-clear-zero-in-unaligned-direct-io.patch new file mode 100644 index 00000000000..431b7f0b17f --- /dev/null +++ b/queue-4.14/ocfs2-clear-zero-in-unaligned-direct-io.patch @@ -0,0 +1,93 @@ +From 4b7fb7340b7656e205f4bdee5fc25279fe234160 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 17:57:47 -0700 +Subject: ocfs2: clear zero in unaligned direct IO + +From: Jia Guo + +[ Upstream commit 7a243c82ea527cd1da47381ad9cd646844f3b693 ] + +Unused portion of a part-written fs-block-sized block is not set to zero +in unaligned append direct write.This can lead to serious data +inconsistencies. + +Ocfs2 manage disk with cluster size(for example, 1M), part-written in +one cluster will change the cluster state from UN-WRITTEN to WRITTEN, +VFS(function dio_zero_block) doesn't do the cleaning because bh's state +is not set to NEW in function ocfs2_dio_wr_get_block when we write a +WRITTEN cluster. For example, the cluster size is 1M, file size is 8k +and we direct write from 14k to 15k, then 12k~14k and 15k~16k will +contain dirty data. + +We have to deal with two cases: + 1.The starting position of direct write is outside the file. + 2.The starting position of direct write is located in the file. + +We need set bh's state to NEW in the first case. In the second case, we +need mapped twice because bh's state of area out file should be set to +NEW while area in file not. + +[akpm@linux-foundation.org: coding style fixes] +Link: http://lkml.kernel.org/r/5292e287-8f1a-fd4a-1a14-661e555e0bed@huawei.com +Signed-off-by: Jia Guo +Reviewed-by: Yiwen Jiang +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Joseph Qi +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/ocfs2/aops.c | 22 +++++++++++++++++++++- + 1 file changed, 21 insertions(+), 1 deletion(-) + +diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c +index 99550f4bd159a..ebeec7530cb60 100644 +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2151,13 +2151,30 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock, + struct ocfs2_dio_write_ctxt *dwc = NULL; + struct buffer_head *di_bh = NULL; + u64 p_blkno; +- loff_t pos = iblock << inode->i_sb->s_blocksize_bits; ++ unsigned int i_blkbits = inode->i_sb->s_blocksize_bits; ++ loff_t pos = iblock << i_blkbits; ++ sector_t endblk = (i_size_read(inode) - 1) >> i_blkbits; + unsigned len, total_len = bh_result->b_size; + int ret = 0, first_get_block = 0; + + len = osb->s_clustersize - (pos & (osb->s_clustersize - 1)); + len = min(total_len, len); + ++ /* ++ * bh_result->b_size is count in get_more_blocks according to write ++ * "pos" and "end", we need map twice to return different buffer state: ++ * 1. area in file size, not set NEW; ++ * 2. area out file size, set NEW. ++ * ++ * iblock endblk ++ * |--------|---------|---------|--------- ++ * |<-------area in file------->| ++ */ ++ ++ if ((iblock <= endblk) && ++ ((iblock + ((len - 1) >> i_blkbits)) > endblk)) ++ len = (endblk - iblock + 1) << i_blkbits; ++ + mlog(0, "get block of %lu at %llu:%u req %u\n", + inode->i_ino, pos, len, total_len); + +@@ -2241,6 +2258,9 @@ static int ocfs2_dio_wr_get_block(struct inode *inode, sector_t iblock, + if (desc->c_needs_zero) + set_buffer_new(bh_result); + ++ if (iblock > endblk) ++ set_buffer_new(bh_result); ++ + /* May sleep in end_io. It should not happen in a irq context. So defer + * it to dio work queue. */ + set_buffer_defer_completion(bh_result); +-- +2.20.1 + diff --git a/queue-4.14/pci-pme-fix-possible-use-after-free-on-remove.patch b/queue-4.14/pci-pme-fix-possible-use-after-free-on-remove.patch new file mode 100644 index 00000000000..94e338d2899 --- /dev/null +++ b/queue-4.14/pci-pme-fix-possible-use-after-free-on-remove.patch @@ -0,0 +1,41 @@ +From 567a8dce78742c3e8bd0ebf921bf3db4347a573d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 1 Mar 2019 11:54:19 -0500 +Subject: PCI/PME: Fix possible use-after-free on remove + +From: Sven Van Asbroeck + +[ Upstream commit 7cf58b79b3072029af127ae865ffc6f00f34b1f8 ] + +In remove(), ensure that the PME work cannot run after kfree() is called. +Otherwise, this could result in a use-after-free. + +This issue was detected with the help of Coccinelle. + +Signed-off-by: Sven Van Asbroeck +Signed-off-by: Bjorn Helgaas +Cc: Sinan Kaya +Cc: Frederick Lawler +Cc: Mika Westerberg +Cc: Keith Busch +Cc: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/pme.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/pci/pcie/pme.c b/drivers/pci/pcie/pme.c +index c2e6e3d1073f8..5500660bbb104 100644 +--- a/drivers/pci/pcie/pme.c ++++ b/drivers/pci/pcie/pme.c +@@ -441,6 +441,7 @@ static void pcie_pme_remove(struct pcie_device *srv) + + pcie_pme_disable_interrupt(srv->port, data); + free_irq(srv->irq, srv); ++ cancel_work_sync(&data->work); + kfree(data); + } + +-- +2.20.1 + diff --git a/queue-4.14/perf-jevents-fix-period-for-intel-fixed-counters.patch b/queue-4.14/perf-jevents-fix-period-for-intel-fixed-counters.patch new file mode 100644 index 00000000000..650ef22fd56 --- /dev/null +++ b/queue-4.14/perf-jevents-fix-period-for-intel-fixed-counters.patch @@ -0,0 +1,53 @@ +From 078b0c8c696c4059695d934be967d6bf70588962 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 16:35:45 -0700 +Subject: perf jevents: Fix period for Intel fixed counters + +From: Andi Kleen + +[ Upstream commit 6bdfd9f118bd59cf0f85d3bf4b72b586adea17c1 ] + +The Intel fixed counters use a special table to override the JSON +information. + +During this override the period information from the JSON file got +dropped, which results in inst_retired.any and similar running with +frequency mode instead of a period. + +Just specify the expected period in the table. + +Signed-off-by: Andi Kleen +Cc: Jiri Olsa +Link: http://lore.kernel.org/lkml/20190927233546.11533-2-andi@firstfloor.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/pmu-events/jevents.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/tools/perf/pmu-events/jevents.c b/tools/perf/pmu-events/jevents.c +index 94a7cabe9b824..6f9f247b45162 100644 +--- a/tools/perf/pmu-events/jevents.c ++++ b/tools/perf/pmu-events/jevents.c +@@ -342,12 +342,12 @@ static struct fixed { + const char *name; + const char *event; + } fixed[] = { +- { "inst_retired.any", "event=0xc0" }, +- { "inst_retired.any_p", "event=0xc0" }, +- { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03" }, +- { "cpu_clk_unhalted.thread", "event=0x3c" }, +- { "cpu_clk_unhalted.core", "event=0x3c" }, +- { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1" }, ++ { "inst_retired.any", "event=0xc0,period=2000003" }, ++ { "inst_retired.any_p", "event=0xc0,period=2000003" }, ++ { "cpu_clk_unhalted.ref", "event=0x0,umask=0x03,period=2000003" }, ++ { "cpu_clk_unhalted.thread", "event=0x3c,period=2000003" }, ++ { "cpu_clk_unhalted.core", "event=0x3c,period=2000003" }, ++ { "cpu_clk_unhalted.thread_any", "event=0x3c,any=1,period=2000003" }, + { NULL, NULL}, + }; + +-- +2.20.1 + diff --git a/queue-4.14/perf-map-fix-overlapped-map-handling.patch b/queue-4.14/perf-map-fix-overlapped-map-handling.patch new file mode 100644 index 00000000000..c00270d34dd --- /dev/null +++ b/queue-4.14/perf-map-fix-overlapped-map-handling.patch @@ -0,0 +1,120 @@ +From 3eae4e6beb56d2d897ea02ca0cb2d7e7a58bab2f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 28 Sep 2019 01:39:00 +0000 +Subject: perf map: Fix overlapped map handling + +From: Steve MacLean + +[ Upstream commit ee212d6ea20887c0ef352be8563ca13dbf965906 ] + +Whenever an mmap/mmap2 event occurs, the map tree must be updated to add a new +entry. If a new map overlaps a previous map, the overlapped section of the +previous map is effectively unmapped, but the non-overlapping sections are +still valid. + +maps__fixup_overlappings() is responsible for creating any new map entries from +the previously overlapped map. It optionally creates a before and an after map. + +When creating the after map the existing code failed to adjust the map.pgoff. +This meant the new after map would incorrectly calculate the file offset +for the ip. This results in incorrect symbol name resolution for any ip in the +after region. + +Make maps__fixup_overlappings() correctly populate map.pgoff. + +Add an assert that new mapping matches old mapping at the beginning of +the after map. + +Committer-testing: + +Validated correct parsing of libcoreclr.so symbols from .NET Core 3.0 preview9 +(which didn't strip symbols). + +Preparation: + + ~/dotnet3.0-preview9/dotnet new webapi -o perfSymbol + cd perfSymbol + ~/dotnet3.0-preview9/dotnet publish + perf record ~/dotnet3.0-preview9/dotnet \ + bin/Debug/netcoreapp3.0/publish/perfSymbol.dll + ^C + +Before: + + perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\ + grep libcoreclr.so | head -n 4 + dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \ + r-xp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.705249: 250000 cpu-clock: \ + 7fe6159a1f99 [unknown] \ + (.../3.0.0-preview9-19423-09/libcoreclr.so) + +After: + + perf script --show-mmap-events 2>&1 | grep -e MMAP -e unknown |\ + grep libcoreclr.so | head -n 4 + dotnet 1907 373352.698780: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615726000(0x768000) @ 0 08:02 5510620 765057155]: \ + r-xp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701091: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615974000(0x1000) @ 0x24e000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + dotnet 1907 373352.701241: PERF_RECORD_MMAP2 1907/1907: \ + [0x7fe615c42000(0x1000) @ 0x51c000 08:02 5510620 765057155]: \ + rwxp .../3.0.0-preview9-19423-09/libcoreclr.so + +All the [unknown] symbols were resolved. + +Signed-off-by: Steve MacLean +Tested-by: Brian Robbins +Acked-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Davidlohr Bueso +Cc: Eric Saint-Etienne +Cc: John Keeping +Cc: John Salem +Cc: Leo Yan +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Song Liu +Cc: Stephane Eranian +Cc: Tom McDonald +Link: http://lore.kernel.org/lkml/BN8PR21MB136270949F22A6A02335C238F7800@BN8PR21MB1362.namprd21.prod.outlook.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/util/map.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/perf/util/map.c b/tools/perf/util/map.c +index 4e7bd27501224..63db9872c8808 100644 +--- a/tools/perf/util/map.c ++++ b/tools/perf/util/map.c +@@ -1,5 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + #include "symbol.h" ++#include + #include + #include + #include +@@ -737,6 +738,8 @@ static int maps__fixup_overlappings(struct maps *maps, struct map *map, FILE *fp + } + + after->start = map->end; ++ after->pgoff += map->end - pos->start; ++ assert(pos->map_ip(pos, map->end) == after->map_ip(after, map->end)); + __map_groups__insert(pos->groups, after); + if (verbose >= 2 && !use_browser) + map__fprintf(after, fp); +-- +2.20.1 + diff --git a/queue-4.14/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch b/queue-4.14/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch new file mode 100644 index 00000000000..49835beb2f8 --- /dev/null +++ b/queue-4.14/perf-tests-avoid-raising-segv-using-an-obvious-null-.patch @@ -0,0 +1,90 @@ +From 96676d4cb0ced73597a1f75ae44bbf40d382a056 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 12:59:24 -0700 +Subject: perf tests: Avoid raising SEGV using an obvious NULL dereference + +From: Ian Rogers + +[ Upstream commit e3e2cf3d5b1fe800b032e14c0fdcd9a6fb20cf3b ] + +An optimized build such as: + + make -C tools/perf CLANG=1 CC=clang EXTRA_CFLAGS="-O3 + +will turn the dereference operation into a ud2 instruction, raising a +SIGILL rather than a SIGSEGV. Use raise(..) for correctness and clarity. + +Similar issues were addressed in Numfor Mbiziwo-Tiapo's patch: + + https://lkml.org/lkml/2019/7/8/1234 + +Committer testing: + +Before: + + [root@quaco ~]# perf test hooks + 55: perf hooks : Ok + [root@quaco ~]# perf test -v hooks + 55: perf hooks : + --- start --- + test child forked, pid 17092 + SIGSEGV is observed as expected, try to recover. + Fatal error (SEGFAULT) in perf hook 'test' + test child finished with 0 + ---- end ---- + perf hooks: Ok + [root@quaco ~]# + +After: + + [root@quaco ~]# perf test hooks + 55: perf hooks : Ok + [root@quaco ~]# perf test -v hooks + 55: perf hooks : + --- start --- + test child forked, pid 17909 + SIGSEGV is observed as expected, try to recover. + Fatal error (SEGFAULT) in perf hook 'test' + test child finished with 0 + ---- end ---- + perf hooks: Ok + [root@quaco ~]# + +Fixes: a074865e60ed ("perf tools: Introduce perf hooks") +Signed-off-by: Ian Rogers +Tested-by: Arnaldo Carvalho de Melo +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Jiri Olsa +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Stephane Eranian +Cc: Wang Nan +Link: http://lore.kernel.org/lkml/20190925195924.152834-2-irogers@google.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/tests/perf-hooks.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/tools/perf/tests/perf-hooks.c b/tools/perf/tests/perf-hooks.c +index a693bcf017ea2..44c16fd11bf6e 100644 +--- a/tools/perf/tests/perf-hooks.c ++++ b/tools/perf/tests/perf-hooks.c +@@ -20,12 +20,11 @@ static void sigsegv_handler(int sig __maybe_unused) + static void the_hook(void *_hook_flags) + { + int *hook_flags = _hook_flags; +- int *p = NULL; + + *hook_flags = 1234; + + /* Generate a segfault, test perf_hooks__recover */ +- *p = 0; ++ raise(SIGSEGV); + } + + int test__perf_hooks(struct test *test __maybe_unused, int subtest __maybe_unused) +-- +2.20.1 + diff --git a/queue-4.14/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch b/queue-4.14/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch new file mode 100644 index 00000000000..0943f62189c --- /dev/null +++ b/queue-4.14/perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch @@ -0,0 +1,131 @@ +From 6fff9d8db7a5e1515dbd0e955828cf98c0079b09 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Aug 2019 18:57:41 +0000 +Subject: perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp + +From: Tom Lendacky + +[ Upstream commit df4d29732fdad43a51284f826bec3e6ded177540 ] + +It turns out that the NMI latency workaround from commit: + + 6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs") + +ends up being too conservative and results in the perf NMI handler claiming +NMIs too easily on AMD hardware when the NMI watchdog is active. + +This has an impact, for example, on the hpwdt (HPE watchdog timer) module. +This module can produce an NMI that is used to reset the system. It +registers an NMI handler for the NMI_UNKNOWN type and relies on the fact +that nothing has claimed an NMI so that its handler will be invoked when +the watchdog device produces an NMI. After the referenced commit, the +hpwdt module is unable to process its generated NMI if the NMI watchdog is +active, because the current NMI latency mitigation results in the NMI +being claimed by the perf NMI handler. + +Update the AMD perf NMI latency mitigation workaround to, instead, use a +window of time. Whenever a PMC is handled in the perf NMI handler, set a +timestamp which will act as a perf NMI window. Any NMIs arriving within +that window will be claimed by perf. Anything outside that window will +not be claimed by perf. The value for the NMI window is set to 100 msecs. +This is a conservative value that easily covers any NMI latency in the +hardware. While this still results in a window in which the hpwdt module +will not receive its NMI, the window is now much, much smaller. + +Signed-off-by: Tom Lendacky +Signed-off-by: Peter Zijlstra (Intel) +Cc: Alexander Shishkin +Cc: Arnaldo Carvalho de Melo +Cc: Borislav Petkov +Cc: Jerry Hoemann +Cc: Jiri Olsa +Cc: Linus Torvalds +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Fixes: 6d3edaae16c6 ("x86/perf/amd: Resolve NMI latency issues for active PMCs") +Link: https://lkml.kernel.org/r/Message-ID: +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + arch/x86/events/amd/core.c | 30 +++++++++++++++++------------- + 1 file changed, 17 insertions(+), 13 deletions(-) + +diff --git a/arch/x86/events/amd/core.c b/arch/x86/events/amd/core.c +index 27ade3cb6482c..defb536aebce2 100644 +--- a/arch/x86/events/amd/core.c ++++ b/arch/x86/events/amd/core.c +@@ -4,12 +4,14 @@ + #include + #include + #include ++#include + #include + #include + + #include "../perf_event.h" + +-static DEFINE_PER_CPU(unsigned int, perf_nmi_counter); ++static DEFINE_PER_CPU(unsigned long, perf_nmi_tstamp); ++static unsigned long perf_nmi_window; + + static __initconst const u64 amd_hw_cache_event_ids + [PERF_COUNT_HW_CACHE_MAX] +@@ -640,11 +642,12 @@ static void amd_pmu_disable_event(struct perf_event *event) + * handler when multiple PMCs are active or PMC overflow while handling some + * other source of an NMI. + * +- * Attempt to mitigate this by using the number of active PMCs to determine +- * whether to return NMI_HANDLED if the perf NMI handler did not handle/reset +- * any PMCs. The per-CPU perf_nmi_counter variable is set to a minimum of the +- * number of active PMCs or 2. The value of 2 is used in case an NMI does not +- * arrive at the LAPIC in time to be collapsed into an already pending NMI. ++ * Attempt to mitigate this by creating an NMI window in which un-handled NMIs ++ * received during this window will be claimed. This prevents extending the ++ * window past when it is possible that latent NMIs should be received. The ++ * per-CPU perf_nmi_tstamp will be set to the window end time whenever perf has ++ * handled a counter. When an un-handled NMI is received, it will be claimed ++ * only if arriving within that window. + */ + static int amd_pmu_handle_irq(struct pt_regs *regs) + { +@@ -662,21 +665,19 @@ static int amd_pmu_handle_irq(struct pt_regs *regs) + handled = x86_pmu_handle_irq(regs); + + /* +- * If a counter was handled, record the number of possible remaining +- * NMIs that can occur. ++ * If a counter was handled, record a timestamp such that un-handled ++ * NMIs will be claimed if arriving within that window. + */ + if (handled) { +- this_cpu_write(perf_nmi_counter, +- min_t(unsigned int, 2, active)); ++ this_cpu_write(perf_nmi_tstamp, ++ jiffies + perf_nmi_window); + + return handled; + } + +- if (!this_cpu_read(perf_nmi_counter)) ++ if (time_after(jiffies, this_cpu_read(perf_nmi_tstamp))) + return NMI_DONE; + +- this_cpu_dec(perf_nmi_counter); +- + return NMI_HANDLED; + } + +@@ -908,6 +909,9 @@ static int __init amd_core_pmu_init(void) + if (!boot_cpu_has(X86_FEATURE_PERFCTR_CORE)) + return 0; + ++ /* Avoid calulating the value each time in the NMI handler */ ++ perf_nmi_window = msecs_to_jiffies(100); ++ + switch (boot_cpu_data.x86) { + case 0x15: + pr_cont("Fam15h "); +-- +2.20.1 + diff --git a/queue-4.14/power-supply-max14656-fix-potential-use-after-free.patch b/queue-4.14/power-supply-max14656-fix-potential-use-after-free.patch new file mode 100644 index 00000000000..43fffeb6198 --- /dev/null +++ b/queue-4.14/power-supply-max14656-fix-potential-use-after-free.patch @@ -0,0 +1,71 @@ +From 05c9406717a5ae87b469f1ef9f664edbd8008bcf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Feb 2019 16:43:03 -0500 +Subject: power: supply: max14656: fix potential use-after-free + +From: Sven Van Asbroeck + +[ Upstream commit 252fbeb86ceffa549af9842cefca2412d53a7653 ] + +Explicitly cancel/sync the irq_work delayed work, otherwise +there's a chance that it will run after the device is removed, +which would result in a use-after-free. + +Note that cancel/sync should happen: +- after irq's have been disabled, as the isr re-schedules the work +- before the power supply is unregistered, because the work func + uses the power supply handle. + +Cc: Alexander Kurz +Signed-off-by: Sven Van Asbroeck +Signed-off-by: Sebastian Reichel +Signed-off-by: Sasha Levin +--- + .../power/supply/max14656_charger_detector.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/drivers/power/supply/max14656_charger_detector.c b/drivers/power/supply/max14656_charger_detector.c +index d19307f791c68..9e6472834e373 100644 +--- a/drivers/power/supply/max14656_charger_detector.c ++++ b/drivers/power/supply/max14656_charger_detector.c +@@ -240,6 +240,14 @@ static enum power_supply_property max14656_battery_props[] = { + POWER_SUPPLY_PROP_MANUFACTURER, + }; + ++static void stop_irq_work(void *data) ++{ ++ struct max14656_chip *chip = data; ++ ++ cancel_delayed_work_sync(&chip->irq_work); ++} ++ ++ + static int max14656_probe(struct i2c_client *client, + const struct i2c_device_id *id) + { +@@ -278,8 +286,6 @@ static int max14656_probe(struct i2c_client *client, + if (ret) + return -ENODEV; + +- INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker); +- + chip->detect_psy = devm_power_supply_register(dev, + &chip->psy_desc, &psy_cfg); + if (IS_ERR(chip->detect_psy)) { +@@ -287,6 +293,13 @@ static int max14656_probe(struct i2c_client *client, + return -EINVAL; + } + ++ INIT_DELAYED_WORK(&chip->irq_work, max14656_irq_worker); ++ ret = devm_add_action(dev, stop_irq_work, chip); ++ if (ret) { ++ dev_err(dev, "devm_add_action %d failed\n", ret); ++ return ret; ++ } ++ + ret = devm_request_irq(dev, chip->irq, max14656_irq, + IRQF_TRIGGER_FALLING, + MAX14656_NAME, chip); +-- +2.20.1 + diff --git a/queue-4.14/powerpc-powernv-hold-device_hotplug_lock-when-callin.patch b/queue-4.14/powerpc-powernv-hold-device_hotplug_lock-when-callin.patch new file mode 100644 index 00000000000..4941faec1a4 --- /dev/null +++ b/queue-4.14/powerpc-powernv-hold-device_hotplug_lock-when-callin.patch @@ -0,0 +1,96 @@ +From b3b8e1db9156713875b348e57a40292b039fa8af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 30 Oct 2018 15:10:39 -0700 +Subject: powerpc/powernv: hold device_hotplug_lock when calling + memtrace_offline_pages() + +From: David Hildenbrand + +[ Upstream commit 5666848774ef43d3db5151ec518f1deb63515c20 ] + +Let's perform all checking + offlining + removing under +device_hotplug_lock, so nobody can mess with these devices via sysfs +concurrently. + +[david@redhat.com: take device_hotplug_lock outside of loop] + Link: http://lkml.kernel.org/r/20180927092554.13567-6-david@redhat.com +Link: http://lkml.kernel.org/r/20180925091457.28651-6-david@redhat.com +Signed-off-by: David Hildenbrand +Reviewed-by: Pavel Tatashin +Reviewed-by: Rashmica Gupta +Acked-by: Balbir Singh +Cc: Benjamin Herrenschmidt +Cc: Paul Mackerras +Cc: Michael Ellerman +Cc: Rashmica Gupta +Cc: Michael Neuling +Cc: Boris Ostrovsky +Cc: Dan Williams +Cc: Greg Kroah-Hartman +Cc: Haiyang Zhang +Cc: Heiko Carstens +Cc: John Allen +Cc: Jonathan Corbet +Cc: Joonsoo Kim +Cc: Juergen Gross +Cc: Kate Stewart +Cc: "K. Y. Srinivasan" +Cc: Len Brown +Cc: Martin Schwidefsky +Cc: Mathieu Malaterre +Cc: Michal Hocko +Cc: Nathan Fontenot +Cc: Oscar Salvador +Cc: Philippe Ombredanne +Cc: Rafael J. Wysocki +Cc: "Rafael J. Wysocki" +Cc: Stephen Hemminger +Cc: Thomas Gleixner +Cc: Vlastimil Babka +Cc: YASUAKI ISHIMATSU +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/powerpc/platforms/powernv/memtrace.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/platforms/powernv/memtrace.c b/arch/powerpc/platforms/powernv/memtrace.c +index c9a6d4f3403ce..cfbd242c3e011 100644 +--- a/arch/powerpc/platforms/powernv/memtrace.c ++++ b/arch/powerpc/platforms/powernv/memtrace.c +@@ -99,6 +99,7 @@ static int change_memblock_state(struct memory_block *mem, void *arg) + return 0; + } + ++/* called with device_hotplug_lock held */ + static bool memtrace_offline_pages(u32 nid, u64 start_pfn, u64 nr_pages) + { + u64 end_pfn = start_pfn + nr_pages - 1; +@@ -139,6 +140,7 @@ static u64 memtrace_alloc_node(u32 nid, u64 size) + /* Trace memory needs to be aligned to the size */ + end_pfn = round_down(end_pfn - nr_pages, nr_pages); + ++ lock_device_hotplug(); + for (base_pfn = end_pfn; base_pfn > start_pfn; base_pfn -= nr_pages) { + if (memtrace_offline_pages(nid, base_pfn, nr_pages) == true) { + /* +@@ -147,7 +149,6 @@ static u64 memtrace_alloc_node(u32 nid, u64 size) + * we never try to remove memory that spans two iomem + * resources. + */ +- lock_device_hotplug(); + end_pfn = base_pfn + nr_pages; + for (pfn = base_pfn; pfn < end_pfn; pfn += bytes>> PAGE_SHIFT) { + remove_memory(nid, pfn << PAGE_SHIFT, bytes); +@@ -156,6 +157,7 @@ static u64 memtrace_alloc_node(u32 nid, u64 size) + return base_pfn << PAGE_SHIFT; + } + } ++ unlock_device_hotplug(); + + return 0; + } +-- +2.20.1 + diff --git a/queue-4.14/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch b/queue-4.14/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch new file mode 100644 index 00000000000..9971e3f00df --- /dev/null +++ b/queue-4.14/rdma-hfi1-prevent-memory-leak-in-sdma_init.patch @@ -0,0 +1,42 @@ +From 484038c5e9950e2f152688da6bbf01bfb0f4463f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 09:45:42 -0500 +Subject: RDMA/hfi1: Prevent memory leak in sdma_init + +From: Navid Emamdoost + +[ Upstream commit 34b3be18a04ecdc610aae4c48e5d1b799d8689f6 ] + +In sdma_init if rhashtable_init fails the allocated memory for +tmp_sdma_rht should be released. + +Fixes: 5a52a7acf7e2 ("IB/hfi1: NULL pointer dereference when freeing rhashtable") +Link: https://lore.kernel.org/r/20190925144543.10141-1-navid.emamdoost@gmail.com +Signed-off-by: Navid Emamdoost +Acked-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/hfi1/sdma.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/hw/hfi1/sdma.c b/drivers/infiniband/hw/hfi1/sdma.c +index 6781bcdb10b31..741938409f8e3 100644 +--- a/drivers/infiniband/hw/hfi1/sdma.c ++++ b/drivers/infiniband/hw/hfi1/sdma.c +@@ -1529,8 +1529,11 @@ int sdma_init(struct hfi1_devdata *dd, u8 port) + } + + ret = rhashtable_init(tmp_sdma_rht, &sdma_rht_params); +- if (ret < 0) ++ if (ret < 0) { ++ kfree(tmp_sdma_rht); + goto bail; ++ } ++ + dd->sdma_rht = tmp_sdma_rht; + + dd_dev_info(dd, "SDMA num_sdma: %u\n", dd->num_sdma); +-- +2.20.1 + diff --git a/queue-4.14/rdma-iwcm-fix-a-lock-inversion-issue.patch b/queue-4.14/rdma-iwcm-fix-a-lock-inversion-issue.patch new file mode 100644 index 00000000000..7dae5e04fa9 --- /dev/null +++ b/queue-4.14/rdma-iwcm-fix-a-lock-inversion-issue.patch @@ -0,0 +1,87 @@ +From 8db7f807877c43bbe36d0b6fdc3f4324f00e6ce3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 16:16:54 -0700 +Subject: RDMA/iwcm: Fix a lock inversion issue + +From: Bart Van Assche + +[ Upstream commit b66f31efbdad95ec274345721d99d1d835e6de01 ] + +This patch fixes the lock inversion complaint: + +============================================ +WARNING: possible recursive locking detected +5.3.0-rc7-dbg+ #1 Not tainted +-------------------------------------------- +kworker/u16:6/171 is trying to acquire lock: +00000000035c6e6c (&id_priv->handler_mutex){+.+.}, at: rdma_destroy_id+0x78/0x4a0 [rdma_cm] + +but task is already holding lock: +00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm] + +other info that might help us debug this: + Possible unsafe locking scenario: + + CPU0 + ---- + lock(&id_priv->handler_mutex); + lock(&id_priv->handler_mutex); + + *** DEADLOCK *** + + May be due to missing lock nesting notation + +3 locks held by kworker/u16:6/171: + #0: 00000000e2eaa773 ((wq_completion)iw_cm_wq){+.+.}, at: process_one_work+0x472/0xac0 + #1: 000000001efd357b ((work_completion)(&work->work)#3){+.+.}, at: process_one_work+0x476/0xac0 + #2: 00000000bc7c307d (&id_priv->handler_mutex){+.+.}, at: iw_conn_req_handler+0x151/0x680 [rdma_cm] + +stack backtrace: +CPU: 3 PID: 171 Comm: kworker/u16:6 Not tainted 5.3.0-rc7-dbg+ #1 +Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 +Workqueue: iw_cm_wq cm_work_handler [iw_cm] +Call Trace: + dump_stack+0x8a/0xd6 + __lock_acquire.cold+0xe1/0x24d + lock_acquire+0x106/0x240 + __mutex_lock+0x12e/0xcb0 + mutex_lock_nested+0x1f/0x30 + rdma_destroy_id+0x78/0x4a0 [rdma_cm] + iw_conn_req_handler+0x5c9/0x680 [rdma_cm] + cm_work_handler+0xe62/0x1100 [iw_cm] + process_one_work+0x56d/0xac0 + worker_thread+0x7a/0x5d0 + kthread+0x1bc/0x210 + ret_from_fork+0x24/0x30 + +This is not a bug as there are actually two lock classes here. + +Link: https://lore.kernel.org/r/20190930231707.48259-3-bvanassche@acm.org +Fixes: de910bd92137 ("RDMA/cma: Simplify locking needed for serialization of callbacks") +Signed-off-by: Bart Van Assche +Reviewed-by: Jason Gunthorpe +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/cma.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c +index 7c5eca312aa88..f698c6a28c142 100644 +--- a/drivers/infiniband/core/cma.c ++++ b/drivers/infiniband/core/cma.c +@@ -2212,9 +2212,10 @@ static int iw_conn_req_handler(struct iw_cm_id *cm_id, + conn_id->cm_id.iw = NULL; + cma_exch(conn_id, RDMA_CM_DESTROYING); + mutex_unlock(&conn_id->handler_mutex); ++ mutex_unlock(&listen_id->handler_mutex); + cma_deref_id(conn_id); + rdma_destroy_id(&conn_id->id); +- goto out; ++ return ret; + } + + mutex_unlock(&conn_id->handler_mutex); +-- +2.20.1 + diff --git a/queue-4.14/rtc-pcf8523-set-xtal-load-capacitance-from-dt.patch b/queue-4.14/rtc-pcf8523-set-xtal-load-capacitance-from-dt.patch new file mode 100644 index 00000000000..d24619127ff --- /dev/null +++ b/queue-4.14/rtc-pcf8523-set-xtal-load-capacitance-from-dt.patch @@ -0,0 +1,90 @@ +From 6ff64eb49bc81824a1bf5d8d6a7fb18aaab39d10 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 19 Jan 2019 10:00:30 +0100 +Subject: rtc: pcf8523: set xtal load capacitance from DT + +From: Sam Ravnborg + +[ Upstream commit 189927e719e36ceefbb8037f23d3849e47833aef ] + +Add support for specifying the xtal load capacitance in the DT node. +The pcf8523 supports xtal load capacitance of 7pF or 12.5pF. +If the rtc has the wrong configuration the time will +drift several hours/week. + +The driver use the default value 12.5pF. + +The DT may specify either 7000fF or 12500fF. +(The DT uses femto Farad to avoid decimal numbers). +Other values are warned and the driver uses the default value. + +Signed-off-by: Sam Ravnborg +Cc: Alessandro Zummo +Cc: Alexandre Belloni +Signed-off-by: Alexandre Belloni +Signed-off-by: Sasha Levin +--- + drivers/rtc/rtc-pcf8523.c | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/drivers/rtc/rtc-pcf8523.c b/drivers/rtc/rtc-pcf8523.c +index 3c8c6f942e67f..a06792966ea90 100644 +--- a/drivers/rtc/rtc-pcf8523.c ++++ b/drivers/rtc/rtc-pcf8523.c +@@ -94,8 +94,9 @@ static int pcf8523_voltage_low(struct i2c_client *client) + return !!(value & REG_CONTROL3_BLF); + } + +-static int pcf8523_select_capacitance(struct i2c_client *client, bool high) ++static int pcf8523_load_capacitance(struct i2c_client *client) + { ++ u32 load; + u8 value; + int err; + +@@ -103,14 +104,24 @@ static int pcf8523_select_capacitance(struct i2c_client *client, bool high) + if (err < 0) + return err; + +- if (!high) +- value &= ~REG_CONTROL1_CAP_SEL; +- else ++ load = 12500; ++ of_property_read_u32(client->dev.of_node, "quartz-load-femtofarads", ++ &load); ++ ++ switch (load) { ++ default: ++ dev_warn(&client->dev, "Unknown quartz-load-femtofarads value: %d. Assuming 12500", ++ load); ++ /* fall through */ ++ case 12500: + value |= REG_CONTROL1_CAP_SEL; ++ break; ++ case 7000: ++ value &= ~REG_CONTROL1_CAP_SEL; ++ break; ++ } + + err = pcf8523_write(client, REG_CONTROL1, value); +- if (err < 0) +- return err; + + return err; + } +@@ -307,9 +318,10 @@ static int pcf8523_probe(struct i2c_client *client, + if (!pcf) + return -ENOMEM; + +- err = pcf8523_select_capacitance(client, true); ++ err = pcf8523_load_capacitance(client); + if (err < 0) +- return err; ++ dev_warn(&client->dev, "failed to set xtal load capacitance: %d", ++ err); + + err = pcf8523_set_pm(client, 0); + if (err < 0) +-- +2.20.1 + diff --git a/queue-4.14/s390-uaccess-avoid-false-positive-compiler-warnings.patch b/queue-4.14/s390-uaccess-avoid-false-positive-compiler-warnings.patch new file mode 100644 index 00000000000..d8596252073 --- /dev/null +++ b/queue-4.14/s390-uaccess-avoid-false-positive-compiler-warnings.patch @@ -0,0 +1,60 @@ +From ee7b38b7bab77f8537e4acea249d2e825fda6953 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Oct 2019 17:02:32 +0200 +Subject: s390/uaccess: avoid (false positive) compiler warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian Borntraeger + +[ Upstream commit 062795fcdcb2d22822fb42644b1d76a8ad8439b3 ] + +Depending on inlining decisions by the compiler, __get/put_user_fn +might become out of line. Then the compiler is no longer able to tell +that size can only be 1,2,4 or 8 due to the check in __get/put_user +resulting in false positives like + +./arch/s390/include/asm/uaccess.h: In function ‘__put_user_fn’: +./arch/s390/include/asm/uaccess.h:113:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized] + 113 | return rc; + | ^~ +./arch/s390/include/asm/uaccess.h: In function ‘__get_user_fn’: +./arch/s390/include/asm/uaccess.h:143:9: warning: ‘rc’ may be used uninitialized in this function [-Wmaybe-uninitialized] + 143 | return rc; + | ^~ + +These functions are supposed to be always inlined. Mark it as such. + +Signed-off-by: Christian Borntraeger +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/include/asm/uaccess.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h +index 689eae8d38591..bd7a19a0aecf7 100644 +--- a/arch/s390/include/asm/uaccess.h ++++ b/arch/s390/include/asm/uaccess.h +@@ -95,7 +95,7 @@ raw_copy_to_user(void __user *to, const void *from, unsigned long n); + __rc; \ + }) + +-static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) ++static __always_inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) + { + unsigned long spec = 0x810000UL; + int rc; +@@ -125,7 +125,7 @@ static inline int __put_user_fn(void *x, void __user *ptr, unsigned long size) + return rc; + } + +-static inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size) ++static __always_inline int __get_user_fn(void *x, const void __user *ptr, unsigned long size) + { + unsigned long spec = 0x81UL; + int rc; +-- +2.20.1 + diff --git a/queue-4.14/sc16is7xx-fix-for-unexpected-interrupt-8.patch b/queue-4.14/sc16is7xx-fix-for-unexpected-interrupt-8.patch new file mode 100644 index 00000000000..34cc4f8eb95 --- /dev/null +++ b/queue-4.14/sc16is7xx-fix-for-unexpected-interrupt-8.patch @@ -0,0 +1,121 @@ +From 419c567274555a9705962df37294fdd3c3fc6ec6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 12 Sep 2018 15:31:56 +0100 +Subject: sc16is7xx: Fix for "Unexpected interrupt: 8" + +From: Phil Elwell + +[ Upstream commit 30ec514d440cf2c472c8e4b0079af2c731f71a3e ] + +The SC16IS752 has an Enhanced Feature Register which is aliased at the +same address as the Interrupt Identification Register; accessing it +requires that a magic value is written to the Line Configuration +Register. If an interrupt is raised while the EFR is mapped in then +the ISR won't be able to access the IIR, leading to the "Unexpected +interrupt" error messages. + +Avoid the problem by claiming a mutex around accesses to the EFR +register, also claiming the mutex in the interrupt handler work +item (this is equivalent to disabling interrupts to interlock against +a non-threaded interrupt handler). + +See: https://github.com/raspberrypi/linux/issues/2529 + +Signed-off-by: Phil Elwell +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/sc16is7xx.c | 28 ++++++++++++++++++++++++++++ + 1 file changed, 28 insertions(+) + +diff --git a/drivers/tty/serial/sc16is7xx.c b/drivers/tty/serial/sc16is7xx.c +index e48523da47ac9..c1655aba131f6 100644 +--- a/drivers/tty/serial/sc16is7xx.c ++++ b/drivers/tty/serial/sc16is7xx.c +@@ -333,6 +333,7 @@ struct sc16is7xx_port { + struct kthread_worker kworker; + struct task_struct *kworker_task; + struct kthread_work irq_work; ++ struct mutex efr_lock; + struct sc16is7xx_one p[0]; + }; + +@@ -504,6 +505,21 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) + div /= 4; + } + ++ /* In an amazing feat of design, the Enhanced Features Register shares ++ * the address of the Interrupt Identification Register, and is ++ * switched in by writing a magic value (0xbf) to the Line Control ++ * Register. Any interrupt firing during this time will see the EFR ++ * where it expects the IIR to be, leading to "Unexpected interrupt" ++ * messages. ++ * ++ * Prevent this possibility by claiming a mutex while accessing the ++ * EFR, and claiming the same mutex from within the interrupt handler. ++ * This is similar to disabling the interrupt, but that doesn't work ++ * because the bulk of the interrupt processing is run as a workqueue ++ * job in thread context. ++ */ ++ mutex_lock(&s->efr_lock); ++ + lcr = sc16is7xx_port_read(port, SC16IS7XX_LCR_REG); + + /* Open the LCR divisors for configuration */ +@@ -519,6 +535,8 @@ static int sc16is7xx_set_baud(struct uart_port *port, int baud) + /* Put LCR back to the normal mode */ + sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); + ++ mutex_unlock(&s->efr_lock); ++ + sc16is7xx_port_update(port, SC16IS7XX_MCR_REG, + SC16IS7XX_MCR_CLKSEL_BIT, + prescaler); +@@ -701,6 +719,8 @@ static void sc16is7xx_ist(struct kthread_work *ws) + { + struct sc16is7xx_port *s = to_sc16is7xx_port(ws, irq_work); + ++ mutex_lock(&s->efr_lock); ++ + while (1) { + bool keep_polling = false; + int i; +@@ -710,6 +730,8 @@ static void sc16is7xx_ist(struct kthread_work *ws) + if (!keep_polling) + break; + } ++ ++ mutex_unlock(&s->efr_lock); + } + + static irqreturn_t sc16is7xx_irq(int irq, void *dev_id) +@@ -904,6 +926,9 @@ static void sc16is7xx_set_termios(struct uart_port *port, + if (!(termios->c_cflag & CREAD)) + port->ignore_status_mask |= SC16IS7XX_LSR_BRK_ERROR_MASK; + ++ /* As above, claim the mutex while accessing the EFR. */ ++ mutex_lock(&s->efr_lock); ++ + sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, + SC16IS7XX_LCR_CONF_MODE_B); + +@@ -925,6 +950,8 @@ static void sc16is7xx_set_termios(struct uart_port *port, + /* Update LCR register */ + sc16is7xx_port_write(port, SC16IS7XX_LCR_REG, lcr); + ++ mutex_unlock(&s->efr_lock); ++ + /* Get baud rate generator configuration */ + baud = uart_get_baud_rate(port, termios, old, + port->uartclk / 16 / 4 / 0xffff, +@@ -1187,6 +1214,7 @@ static int sc16is7xx_probe(struct device *dev, + s->regmap = regmap; + s->devtype = devtype; + dev_set_drvdata(dev, s); ++ mutex_init(&s->efr_lock); + + kthread_init_worker(&s->kworker); + kthread_init_work(&s->irq_work, sc16is7xx_ist); +-- +2.20.1 + diff --git a/queue-4.14/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch b/queue-4.14/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch new file mode 100644 index 00000000000..72b20ef1681 --- /dev/null +++ b/queue-4.14/sched-vtime-fix-guest-system-mis-accounting-on-task-.patch @@ -0,0 +1,79 @@ +From 9d9e37c312c289df4c43a12ec71096dcba3535d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Sep 2019 23:42:42 +0200 +Subject: sched/vtime: Fix guest/system mis-accounting on task switch + +From: Frederic Weisbecker + +[ Upstream commit 68e7a4d66b0ce04bf18ff2ffded5596ab3618585 ] + +vtime_account_system() assumes that the target task to account cputime +to is always the current task. This is most often true indeed except on +task switch where we call: + + vtime_common_task_switch(prev) + vtime_account_system(prev) + +Here prev is the scheduling-out task where we account the cputime to. It +doesn't match current that is already the scheduling-in task at this +stage of the context switch. + +So we end up checking the wrong task flags to determine if we are +accounting guest or system time to the previous task. + +As a result the wrong task is used to check if the target is running in +guest mode. We may then spuriously account or leak either system or +guest time on task switch. + +Fix this assumption and also turn vtime_guest_enter/exit() to use the +task passed in parameter as well to avoid future similar issues. + +Signed-off-by: Frederic Weisbecker +Signed-off-by: Peter Zijlstra (Intel) +Cc: Linus Torvalds +Cc: Peter Zijlstra +Cc: Rik van Riel +Cc: Thomas Gleixner +Cc: Wanpeng Li +Fixes: 2a42eb9594a1 ("sched/cputime: Accumulate vtime on top of nsec clocksource") +Link: https://lkml.kernel.org/r/20190925214242.21873-1-frederic@kernel.org +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/sched/cputime.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/sched/cputime.c b/kernel/sched/cputime.c +index 14d2dbf97c531..45c2cd37fe6b0 100644 +--- a/kernel/sched/cputime.c ++++ b/kernel/sched/cputime.c +@@ -738,7 +738,7 @@ void vtime_account_system(struct task_struct *tsk) + + write_seqcount_begin(&vtime->seqcount); + /* We might have scheduled out from guest path */ +- if (current->flags & PF_VCPU) ++ if (tsk->flags & PF_VCPU) + vtime_account_guest(tsk, vtime); + else + __vtime_account_system(tsk, vtime); +@@ -781,7 +781,7 @@ void vtime_guest_enter(struct task_struct *tsk) + */ + write_seqcount_begin(&vtime->seqcount); + __vtime_account_system(tsk, vtime); +- current->flags |= PF_VCPU; ++ tsk->flags |= PF_VCPU; + write_seqcount_end(&vtime->seqcount); + } + EXPORT_SYMBOL_GPL(vtime_guest_enter); +@@ -792,7 +792,7 @@ void vtime_guest_exit(struct task_struct *tsk) + + write_seqcount_begin(&vtime->seqcount); + vtime_account_guest(tsk, vtime); +- current->flags &= ~PF_VCPU; ++ tsk->flags &= ~PF_VCPU; + write_seqcount_end(&vtime->seqcount); + } + EXPORT_SYMBOL_GPL(vtime_guest_exit); +-- +2.20.1 + diff --git a/queue-4.14/scripts-setlocalversion-improve-dirty-check-with-git.patch b/queue-4.14/scripts-setlocalversion-improve-dirty-check-with-git.patch new file mode 100644 index 00000000000..abc7fcf6776 --- /dev/null +++ b/queue-4.14/scripts-setlocalversion-improve-dirty-check-with-git.patch @@ -0,0 +1,69 @@ +From 45c9d3fcf2f8543a8376fc3622ebc35e313f9d3e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Nov 2018 18:11:18 -0800 +Subject: scripts/setlocalversion: Improve -dirty check with git-status + --no-optional-locks + +From: Brian Norris + +[ Upstream commit ff64dd4857303dd5550faed9fd598ac90f0f2238 ] + +git-diff-index does not refresh the index for you, so using it for a +"-dirty" check can give misleading results. Commit 6147b1cf19651 +("scripts/setlocalversion: git: Make -dirty check more robust") tried to +fix this by switching to git-status, but it overlooked the fact that +git-status also writes to the .git directory of the source tree, which +is definitely not kosher for an out-of-tree (O=) build. That is getting +reverted. + +Fortunately, git-status now supports avoiding writing to the index via +the --no-optional-locks flag, as of git 2.14. It still calculates an +up-to-date index, but it avoids writing it out to the .git directory. + +So, let's retry the solution from commit 6147b1cf19651 using this new +flag first, and if it fails, we assume this is an older version of git +and just use the old git-diff-index method. + +It's hairy to get the 'grep -vq' (inverted matching) correct by stashing +the output of git-status (you have to be careful about the difference +betwen "empty stdin" and "blank line on stdin"), so just pipe the output +directly to grep and use a regex that's good enough for both the +git-status and git-diff-index version. + +Cc: Christian Kujau +Cc: Guenter Roeck +Suggested-by: Alexander Kapshuk +Signed-off-by: Brian Norris +Tested-by: Genki Sky +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + scripts/setlocalversion | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/scripts/setlocalversion b/scripts/setlocalversion +index 71f39410691b6..365b3c2b8f431 100755 +--- a/scripts/setlocalversion ++++ b/scripts/setlocalversion +@@ -73,8 +73,16 @@ scm_version() + printf -- '-svn%s' "`git svn find-rev $head`" + fi + +- # Check for uncommitted changes +- if git diff-index --name-only HEAD | grep -qv "^scripts/package"; then ++ # Check for uncommitted changes. ++ # First, with git-status, but --no-optional-locks is only ++ # supported in git >= 2.14, so fall back to git-diff-index if ++ # it fails. Note that git-diff-index does not refresh the ++ # index, so it may give misleading results. See ++ # git-update-index(1), git-diff-index(1), and git-status(1). ++ if { ++ git --no-optional-locks status -uno --porcelain 2>/dev/null || ++ git diff-index --name-only HEAD ++ } | grep -qvE '^(.. )?scripts/package'; then + printf '%s' -dirty + fi + +-- +2.20.1 + diff --git a/queue-4.14/scsi-lpfc-fix-a-duplicate-0711-log-message-number.patch b/queue-4.14/scsi-lpfc-fix-a-duplicate-0711-log-message-number.patch new file mode 100644 index 00000000000..8b7ec662fb5 --- /dev/null +++ b/queue-4.14/scsi-lpfc-fix-a-duplicate-0711-log-message-number.patch @@ -0,0 +1,35 @@ +From 83481d37594febfb84324b463810549fe6e4db8c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 29 Nov 2018 16:09:31 -0800 +Subject: scsi: lpfc: Fix a duplicate 0711 log message number. + +From: James Smart + +[ Upstream commit 2c4c91415a05677acc5c8131a5eb472d4aa96ae1 ] + +Renumber one of the 0711 log messages so there isn't a duplication. + +Signed-off-by: Dick Kennedy +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_scsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c +index 4ade13d72deb3..07cb671bb8550 100644 +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -4152,7 +4152,7 @@ lpfc_scsi_cmd_iocb_cmpl(struct lpfc_hba *phba, struct lpfc_iocbq *pIocbIn, + /* If pCmd was set to NULL from abort path, do not call scsi_done */ + if (xchg(&lpfc_cmd->pCmd, NULL) == NULL) { + lpfc_printf_vlog(vport, KERN_INFO, LOG_FCP, +- "0711 FCP cmd already NULL, sid: 0x%06x, " ++ "5688 FCP cmd already NULL, sid: 0x%06x, " + "did: 0x%06x, oxid: 0x%04x\n", + vport->fc_myDID, + (pnode) ? pnode->nlp_DID : 0, +-- +2.20.1 + diff --git a/queue-4.14/serial-mctrl_gpio-check-for-null-pointer.patch b/queue-4.14/serial-mctrl_gpio-check-for-null-pointer.patch new file mode 100644 index 00000000000..2f8bb393117 --- /dev/null +++ b/queue-4.14/serial-mctrl_gpio-check-for-null-pointer.patch @@ -0,0 +1,40 @@ +From b6ef32c62b318dad57d96b4256a9e1d734497cfb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Oct 2019 11:33:11 -0500 +Subject: serial: mctrl_gpio: Check for NULL pointer + +From: Adam Ford + +[ Upstream commit 37e3ab00e4734acc15d96b2926aab55c894f4d9c ] + +When using mctrl_gpio_to_gpiod, it dereferences gpios into a single +requested GPIO. This dereferencing can break if gpios is NULL, +so this patch adds a NULL check before dereferencing it. If +gpios is NULL, this function will also return NULL. + +Signed-off-by: Adam Ford +Reviewed-by: Yegor Yefremov +Link: https://lore.kernel.org/r/20191006163314.23191-1-aford173@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/serial_mctrl_gpio.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/tty/serial/serial_mctrl_gpio.c b/drivers/tty/serial/serial_mctrl_gpio.c +index 42e42e3e7a6e6..388f710468490 100644 +--- a/drivers/tty/serial/serial_mctrl_gpio.c ++++ b/drivers/tty/serial/serial_mctrl_gpio.c +@@ -69,6 +69,9 @@ EXPORT_SYMBOL_GPL(mctrl_gpio_set); + struct gpio_desc *mctrl_gpio_to_gpiod(struct mctrl_gpios *gpios, + enum mctrl_gpio_idx gidx) + { ++ if (gpios == NULL) ++ return NULL; ++ + return gpios->gpio[gidx]; + } + EXPORT_SYMBOL_GPL(mctrl_gpio_to_gpiod); +-- +2.20.1 + diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..a161588497c --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,56 @@ +zram-fix-race-between-backing_dev_show-and-backing_d.patch +dm-snapshot-use-mutex-instead-of-rw_semaphore.patch +dm-snapshot-introduce-account_start_copy-and-account.patch +dm-snapshot-rework-cow-throttling-to-fix-deadlock.patch +dm-use-kzalloc-for-all-structs-with-embedded-biosets.patch +f2fs-flush-quota-blocks-after-turnning-it-off.patch +scsi-lpfc-fix-a-duplicate-0711-log-message-number.patch +sc16is7xx-fix-for-unexpected-interrupt-8.patch +powerpc-powernv-hold-device_hotplug_lock-when-callin.patch +hid-i2c-hid-add-direkt-tek-dtlapy133-1-to-descriptor.patch +x86-cpu-add-atom-tremont-jacobsville.patch +hid-i2c-hid-add-odys-winbook-13-to-descriptor-overri.patch +clk-boston-unregister-clks-on-failure-in-clk_boston_.patch +scripts-setlocalversion-improve-dirty-check-with-git.patch +hid-add-asus-t100chi-keyboard-dock-battery-quirks.patch +usb-handle-warm-reset-port-requests-on-hub-resume.patch +rtc-pcf8523-set-xtal-load-capacitance-from-dt.patch +mlxsw-spectrum-set-lag-port-collector-only-when-acti.patch +alsa-hda-realtek-apply-alc294-hp-init-also-for-s4-re.patch +media-vimc-remove-unused-but-set-variables.patch +exec-load_script-do-not-exec-truncated-interpreter-p.patch +pci-pme-fix-possible-use-after-free-on-remove.patch +power-supply-max14656-fix-potential-use-after-free.patch +iio-adc-meson_saradc-fix-memory-allocation-order.patch +iio-fix-center-temperature-of-bmc150-accel-core.patch +libsubcmd-make-_fortify_source-defines-dependent-on-.patch +perf-tests-avoid-raising-segv-using-an-obvious-null-.patch +perf-map-fix-overlapped-map-handling.patch +perf-jevents-fix-period-for-intel-fixed-counters.patch +staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch +rdma-hfi1-prevent-memory-leak-in-sdma_init.patch +rdma-iwcm-fix-a-lock-inversion-issue.patch +hid-hyperv-use-in-place-iterator-api-in-the-channel-.patch +nfs-fix-nfsi-nrequests-count-error-on-nfs_inode_remo.patch +arm64-ftrace-ensure-synchronisation-in-plt-setup-for.patch +tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch +tty-n_hdlc-fix-build-on-sparc.patch +gpio-max77620-use-correct-unit-for-debounce-times.patch +fs-cifs-mute-wunused-const-variable-message.patch +serial-mctrl_gpio-check-for-null-pointer.patch +efi-cper-fix-endianness-of-pcie-class-code.patch +efi-x86-do-not-clean-dummy-variable-in-kexec-path.patch +mips-include-mark-__cmpxchg-as-__always_inline.patch +x86-xen-return-from-panic-notifier.patch +ocfs2-clear-zero-in-unaligned-direct-io.patch +fs-ocfs2-fix-possible-null-pointer-dereferences-in-o.patch +fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch +fs-ocfs2-fix-a-possible-null-pointer-dereference-in-.patch-2862 +sched-vtime-fix-guest-system-mis-accounting-on-task-.patch +perf-x86-amd-change-fix-nmi-latency-mitigation-to-us.patch +mips-include-mark-__xchg-as-__always_inline.patch +mips-fw-sni-fix-out-of-bounds-init-of-o32-stack.patch +nbd-fix-possible-sysfs-duplicate-warning.patch +nfsv4-fix-leak-of-clp-cl_acceptor-string.patch +s390-uaccess-avoid-false-positive-compiler-warnings.patch +tracing-initialize-iter-seq-after-zeroing-in-tracing.patch diff --git a/queue-4.14/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch b/queue-4.14/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch new file mode 100644 index 00000000000..d6b523f8efa --- /dev/null +++ b/queue-4.14/staging-rtl8188eu-fix-null-dereference-when-kzalloc-.patch @@ -0,0 +1,48 @@ +From 83bf1c3fa40fd08885c458049fd8eeac928440f3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Sep 2019 14:44:15 -0700 +Subject: staging: rtl8188eu: fix null dereference when kzalloc fails + +From: Connor Kuehl + +[ Upstream commit 955c1532a34305f2f780b47f0c40cc7c65500810 ] + +If kzalloc() returns NULL, the error path doesn't stop the flow of +control from entering rtw_hal_read_chip_version() which dereferences the +null pointer. Fix this by adding a 'goto' to the error path to more +gracefully handle the issue and avoid proceeding with initialization +steps that we're no longer prepared to handle. + +Also update the debug message to be more consistent with the other debug +messages in this function. + +Addresses-Coverity: ("Dereference after null check") + +Signed-off-by: Connor Kuehl +Link: https://lore.kernel.org/r/20190927214415.899-1-connor.kuehl@canonical.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/staging/rtl8188eu/os_dep/usb_intf.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/staging/rtl8188eu/os_dep/usb_intf.c b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +index 2fc7056cbff74..77c339a935258 100644 +--- a/drivers/staging/rtl8188eu/os_dep/usb_intf.c ++++ b/drivers/staging/rtl8188eu/os_dep/usb_intf.c +@@ -357,8 +357,10 @@ static struct adapter *rtw_usb_if1_init(struct dvobj_priv *dvobj, + } + + padapter->HalData = kzalloc(sizeof(struct hal_data_8188e), GFP_KERNEL); +- if (!padapter->HalData) +- DBG_88E("cant not alloc memory for HAL DATA\n"); ++ if (!padapter->HalData) { ++ DBG_88E("Failed to allocate memory for HAL data\n"); ++ goto free_adapter; ++ } + + /* step read_chip_version */ + rtw_hal_read_chip_version(padapter); +-- +2.20.1 + diff --git a/queue-4.14/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch b/queue-4.14/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch new file mode 100644 index 00000000000..189b7b409a7 --- /dev/null +++ b/queue-4.14/tracing-initialize-iter-seq-after-zeroing-in-tracing.patch @@ -0,0 +1,82 @@ +From 901432a25b1bdad567a36df273c48c3faf9f552e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Oct 2019 16:21:34 +0200 +Subject: tracing: Initialize iter->seq after zeroing in tracing_read_pipe() + +From: Petr Mladek + +[ Upstream commit d303de1fcf344ff7c15ed64c3f48a991c9958775 ] + +A customer reported the following softlockup: + +[899688.160002] NMI watchdog: BUG: soft lockup - CPU#0 stuck for 22s! [test.sh:16464] +[899688.160002] CPU: 0 PID: 16464 Comm: test.sh Not tainted 4.12.14-6.23-azure #1 SLE12-SP4 +[899688.160002] RIP: 0010:up_write+0x1a/0x30 +[899688.160002] Kernel panic - not syncing: softlockup: hung tasks +[899688.160002] RIP: 0010:up_write+0x1a/0x30 +[899688.160002] RSP: 0018:ffffa86784d4fde8 EFLAGS: 00000257 ORIG_RAX: ffffffffffffff12 +[899688.160002] RAX: ffffffff970fea00 RBX: 0000000000000001 RCX: 0000000000000000 +[899688.160002] RDX: ffffffff00000001 RSI: 0000000000000080 RDI: ffffffff970fea00 +[899688.160002] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 +[899688.160002] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8b59014720d8 +[899688.160002] R13: ffff8b59014720c0 R14: ffff8b5901471090 R15: ffff8b5901470000 +[899688.160002] tracing_read_pipe+0x336/0x3c0 +[899688.160002] __vfs_read+0x26/0x140 +[899688.160002] vfs_read+0x87/0x130 +[899688.160002] SyS_read+0x42/0x90 +[899688.160002] do_syscall_64+0x74/0x160 + +It caught the process in the middle of trace_access_unlock(). There is +no loop. So, it must be looping in the caller tracing_read_pipe() +via the "waitagain" label. + +Crashdump analyze uncovered that iter->seq was completely zeroed +at this point, including iter->seq.seq.size. It means that +print_trace_line() was never able to print anything and +there was no forward progress. + +The culprit seems to be in the code: + + /* reset all but tr, trace, and overruns */ + memset(&iter->seq, 0, + sizeof(struct trace_iterator) - + offsetof(struct trace_iterator, seq)); + +It was added by the commit 53d0aa773053ab182877 ("ftrace: +add logic to record overruns"). It was v2.6.27-rc1. +It was the time when iter->seq looked like: + + struct trace_seq { + unsigned char buffer[PAGE_SIZE]; + unsigned int len; + }; + +There was no "size" variable and zeroing was perfectly fine. + +The solution is to reinitialize the structure after or without +zeroing. + +Link: http://lkml.kernel.org/r/20191011142134.11997-1-pmladek@suse.com + +Signed-off-by: Petr Mladek +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index bbe5a857c082a..286bbad7681bf 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5764,6 +5764,7 @@ waitagain: + sizeof(struct trace_iterator) - + offsetof(struct trace_iterator, seq)); + cpumask_clear(iter->started); ++ trace_seq_init(&iter->seq); + iter->pos = -1; + + trace_event_read_lock(); +-- +2.20.1 + diff --git a/queue-4.14/tty-n_hdlc-fix-build-on-sparc.patch b/queue-4.14/tty-n_hdlc-fix-build-on-sparc.patch new file mode 100644 index 00000000000..3fbc52ef94c --- /dev/null +++ b/queue-4.14/tty-n_hdlc-fix-build-on-sparc.patch @@ -0,0 +1,52 @@ +From 21d883a79aca63451357cd3efa64b2fe2a283558 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 19:15:12 -0700 +Subject: tty: n_hdlc: fix build on SPARC + +From: Randy Dunlap + +[ Upstream commit 47a7e5e97d4edd7b14974d34f0e5a5560fad2915 ] + +Fix tty driver build on SPARC by not using __exitdata. +It appears that SPARC does not support section .exit.data. + +Fixes these build errors: + +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o +`.exit.data' referenced in section `.exit.text' of drivers/tty/n_hdlc.o: defined in discarded section `.exit.data' of drivers/tty/n_hdlc.o + +Reported-by: kbuild test robot +Fixes: 063246641d4a ("format-security: move static strings to const") +Signed-off-by: Randy Dunlap +Cc: Kees Cook +Cc: Greg Kroah-Hartman +Cc: "David S. Miller" +Cc: Andrew Morton +Link: https://lore.kernel.org/r/675e7bd9-955b-3ff3-1101-a973b58b5b75@infradead.org +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/n_hdlc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/tty/n_hdlc.c b/drivers/tty/n_hdlc.c +index 08bd6b965847f..e83dea8d6633a 100644 +--- a/drivers/tty/n_hdlc.c ++++ b/drivers/tty/n_hdlc.c +@@ -969,6 +969,11 @@ static int __init n_hdlc_init(void) + + } /* end of init_module() */ + ++#ifdef CONFIG_SPARC ++#undef __exitdata ++#define __exitdata ++#endif ++ + static const char hdlc_unregister_ok[] __exitdata = + KERN_INFO "N_HDLC: line discipline unregistered\n"; + static const char hdlc_unregister_fail[] __exitdata = +-- +2.20.1 + diff --git a/queue-4.14/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch b/queue-4.14/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch new file mode 100644 index 00000000000..50e888f6c61 --- /dev/null +++ b/queue-4.14/tty-serial-owl-fix-the-link-time-qualifier-of-owl_ua.patch @@ -0,0 +1,36 @@ +From 1366d1acd9e87d65684d5dc1706dc71e1121ef1e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Sep 2019 06:11:29 +0200 +Subject: tty: serial: owl: Fix the link time qualifier of 'owl_uart_exit()' + +From: Christophe JAILLET + +[ Upstream commit 6264dab6efd6069f0387efb078a9960b5642377b ] + +'exit' functions should be marked as __exit, not __init. + +Fixes: fc60a8b675bd ("tty: serial: owl: Implement console driver") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/20190910041129.6978-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/serial/owl-uart.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/serial/owl-uart.c b/drivers/tty/serial/owl-uart.c +index b9c8593653347..d774f6013d7b6 100644 +--- a/drivers/tty/serial/owl-uart.c ++++ b/drivers/tty/serial/owl-uart.c +@@ -754,7 +754,7 @@ static int __init owl_uart_init(void) + return ret; + } + +-static void __init owl_uart_exit(void) ++static void __exit owl_uart_exit(void) + { + platform_driver_unregister(&owl_uart_platform_driver); + uart_unregister_driver(&owl_uart_driver); +-- +2.20.1 + diff --git a/queue-4.14/usb-handle-warm-reset-port-requests-on-hub-resume.patch b/queue-4.14/usb-handle-warm-reset-port-requests-on-hub-resume.patch new file mode 100644 index 00000000000..310aeb60d01 --- /dev/null +++ b/queue-4.14/usb-handle-warm-reset-port-requests-on-hub-resume.patch @@ -0,0 +1,55 @@ +From a20b9b4333849e4400af5f14227727b8f6027497 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 1 Feb 2019 13:52:31 +0100 +Subject: usb: handle warm-reset port requests on hub resume + +From: Jan-Marek Glogowski + +[ Upstream commit 4fdc1790e6a9ef22399c6bc6e63b80f4609f3b7e ] + +On plug-in of my USB-C device, its USB_SS_PORT_LS_SS_INACTIVE +link state bit is set. Greping all the kernel for this bit shows +that the port status requests a warm-reset this way. + +This just happens, if its the only device on the root hub, the hub +therefore resumes and the HCDs status_urb isn't yet available. +If a warm-reset request is detected, this sets the hubs event_bits, +which will prevent any auto-suspend and allows the hubs workqueue +to warm-reset the port later in port_event. + +Signed-off-by: Jan-Marek Glogowski +Acked-by: Alan Stern +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/core/hub.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index b543a4730ef24..bb20aa433e984 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -104,6 +104,8 @@ EXPORT_SYMBOL_GPL(ehci_cf_port_reset_rwsem); + static void hub_release(struct kref *kref); + static int usb_reset_and_verify_device(struct usb_device *udev); + static int hub_port_disable(struct usb_hub *hub, int port1, int set_state); ++static bool hub_port_warm_reset_required(struct usb_hub *hub, int port1, ++ u16 portstatus); + + static inline char *portspeed(struct usb_hub *hub, int portstatus) + { +@@ -1110,6 +1112,11 @@ static void hub_activate(struct usb_hub *hub, enum hub_activation_type type) + USB_PORT_FEAT_ENABLE); + } + ++ /* Make sure a warm-reset request is handled by port_event */ ++ if (type == HUB_RESUME && ++ hub_port_warm_reset_required(hub, port1, portstatus)) ++ set_bit(port1, hub->event_bits); ++ + /* + * Add debounce if USB3 link is in polling/link training state. + * Link will automatically transition to Enabled state after +-- +2.20.1 + diff --git a/queue-4.14/x86-cpu-add-atom-tremont-jacobsville.patch b/queue-4.14/x86-cpu-add-atom-tremont-jacobsville.patch new file mode 100644 index 00000000000..9ee542762e3 --- /dev/null +++ b/queue-4.14/x86-cpu-add-atom-tremont-jacobsville.patch @@ -0,0 +1,60 @@ +From 8a700a5396cebca3346ed4557dca2bc798ce5605 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Jan 2019 11:59:01 -0800 +Subject: x86/cpu: Add Atom Tremont (Jacobsville) + +From: Kan Liang + +[ Upstream commit 00ae831dfe4474ef6029558f5eb3ef0332d80043 ] + +Add the Atom Tremont model number to the Intel family list. + +[ Tony: Also update comment at head of file to say "_X" suffix is + also used for microserver parts. ] + +Signed-off-by: Kan Liang +Signed-off-by: Qiuxu Zhuo +Signed-off-by: Tony Luck +Signed-off-by: Borislav Petkov +Cc: Andy Shevchenko +Cc: Aristeu Rozanski +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: Mauro Carvalho Chehab +Cc: Megha Dey +Cc: Peter Zijlstra +Cc: Qiuxu Zhuo +Cc: Rajneesh Bhardwaj +Cc: Thomas Gleixner +Cc: x86-ml +Link: https://lkml.kernel.org/r/20190125195902.17109-4-tony.luck@intel.com +Signed-off-by: Sasha Levin +--- + arch/x86/include/asm/intel-family.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/x86/include/asm/intel-family.h b/arch/x86/include/asm/intel-family.h +index 038e4b63b56b5..5cd7d4e1579d0 100644 +--- a/arch/x86/include/asm/intel-family.h ++++ b/arch/x86/include/asm/intel-family.h +@@ -6,7 +6,7 @@ + * "Big Core" Processors (Branded as Core, Xeon, etc...) + * + * The "_X" parts are generally the EP and EX Xeons, or the +- * "Extreme" ones, like Broadwell-E. ++ * "Extreme" ones, like Broadwell-E, or Atom microserver. + * + * Things ending in "2" are usually because we have no better + * name for them. There's no processor called "SILVERMONT2". +@@ -68,6 +68,7 @@ + #define INTEL_FAM6_ATOM_GOLDMONT 0x5C /* Apollo Lake */ + #define INTEL_FAM6_ATOM_GOLDMONT_X 0x5F /* Denverton */ + #define INTEL_FAM6_ATOM_GOLDMONT_PLUS 0x7A /* Gemini Lake */ ++#define INTEL_FAM6_ATOM_TREMONT_X 0x86 /* Jacobsville */ + + /* Xeon Phi */ + +-- +2.20.1 + diff --git a/queue-4.14/x86-xen-return-from-panic-notifier.patch b/queue-4.14/x86-xen-return-from-panic-notifier.patch new file mode 100644 index 00000000000..582cadf4582 --- /dev/null +++ b/queue-4.14/x86-xen-return-from-panic-notifier.patch @@ -0,0 +1,102 @@ +From 02b966295545dfa7d09c9e39a165ec3aaf5405fd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Sep 2019 16:44:41 -0400 +Subject: x86/xen: Return from panic notifier + +From: Boris Ostrovsky + +[ Upstream commit c6875f3aacf2a5a913205accddabf0bfb75cac76 ] + +Currently execution of panic() continues until Xen's panic notifier +(xen_panic_event()) is called at which point we make a hypercall that +never returns. + +This means that any notifier that is supposed to be called later as +well as significant part of panic() code (such as pstore writes from +kmsg_dump()) is never executed. + +There is no reason for xen_panic_event() to be this last point in +execution since panic()'s emergency_restart() will call into +xen_emergency_restart() from where we can perform our hypercall. + +Nevertheless, we will provide xen_legacy_crash boot option that will +preserve original behavior during crash. This option could be used, +for example, if running kernel dumper (which happens after panic +notifiers) is undesirable. + +Reported-by: James Dingwall +Signed-off-by: Boris Ostrovsky +Reviewed-by: Juergen Gross +Signed-off-by: Sasha Levin +--- + .../admin-guide/kernel-parameters.txt | 4 +++ + arch/x86/xen/enlighten.c | 28 +++++++++++++++++-- + 2 files changed, 29 insertions(+), 3 deletions(-) + +diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt +index b67a6cd08ca16..671f518b09eeb 100644 +--- a/Documentation/admin-guide/kernel-parameters.txt ++++ b/Documentation/admin-guide/kernel-parameters.txt +@@ -4875,6 +4875,10 @@ + the unplug protocol + never -- do not unplug even if version check succeeds + ++ xen_legacy_crash [X86,XEN] ++ Crash from Xen panic notifier, without executing late ++ panic() code such as dumping handler. ++ + xen_nopvspin [X86,XEN] + Disables the ticketlock slowpath using Xen PV + optimizations. +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index 515d5e4414c29..00fc683a20110 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -259,19 +259,41 @@ void xen_reboot(int reason) + BUG(); + } + ++static int reboot_reason = SHUTDOWN_reboot; ++static bool xen_legacy_crash; + void xen_emergency_restart(void) + { +- xen_reboot(SHUTDOWN_reboot); ++ xen_reboot(reboot_reason); + } + + static int + xen_panic_event(struct notifier_block *this, unsigned long event, void *ptr) + { +- if (!kexec_crash_loaded()) +- xen_reboot(SHUTDOWN_crash); ++ if (!kexec_crash_loaded()) { ++ if (xen_legacy_crash) ++ xen_reboot(SHUTDOWN_crash); ++ ++ reboot_reason = SHUTDOWN_crash; ++ ++ /* ++ * If panic_timeout==0 then we are supposed to wait forever. ++ * However, to preserve original dom0 behavior we have to drop ++ * into hypervisor. (domU behavior is controlled by its ++ * config file) ++ */ ++ if (panic_timeout == 0) ++ panic_timeout = -1; ++ } + return NOTIFY_DONE; + } + ++static int __init parse_xen_legacy_crash(char *arg) ++{ ++ xen_legacy_crash = true; ++ return 0; ++} ++early_param("xen_legacy_crash", parse_xen_legacy_crash); ++ + static struct notifier_block xen_panic_block = { + .notifier_call = xen_panic_event, + .priority = INT_MIN +-- +2.20.1 + diff --git a/queue-4.14/zram-fix-race-between-backing_dev_show-and-backing_d.patch b/queue-4.14/zram-fix-race-between-backing_dev_show-and-backing_d.patch new file mode 100644 index 00000000000..82f4dba0ee8 --- /dev/null +++ b/queue-4.14/zram-fix-race-between-backing_dev_show-and-backing_d.patch @@ -0,0 +1,68 @@ +From 9dbec61fa20e9201d030ba5117662203e7e7c137 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 28 Oct 2019 04:59:17 -0400 +Subject: zram: fix race between backing_dev_show and backing_dev_store + +[ Upstream commit f7daefe4231e57381d92c2e2ad905a899c28e402 ] + +CPU0: CPU1: +backing_dev_show backing_dev_store + ...... ...... + file = zram->backing_dev; + down_read(&zram->init_lock); down_read(&zram->init_init_lock) + file_path(file, ...); zram->backing_dev = backing_dev; + up_read(&zram->init_lock); up_read(&zram->init_lock); + +gets the value of zram->backing_dev too early in backing_dev_show, which +resultin the value being NULL at the beginning, and not NULL later. + +backtrace: + d_path+0xcc/0x174 + file_path+0x10/0x18 + backing_dev_show+0x40/0xb4 + dev_attr_show+0x20/0x54 + sysfs_kf_seq_show+0x9c/0x10c + kernfs_seq_show+0x28/0x30 + seq_read+0x184/0x488 + kernfs_fop_read+0x5c/0x1a4 + __vfs_read+0x44/0x128 + vfs_read+0xa0/0x138 + SyS_read+0x54/0xb4 + +Link: http://lkml.kernel.org/r/1571046839-16814-1-git-send-email-chenwandun@huawei.com +Signed-off-by: Chenwandun +Acked-by: Minchan Kim +Cc: Sergey Senozhatsky +Cc: Jens Axboe +Cc: [4.14+] +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + drivers/block/zram/zram_drv.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c +index 133178c9b2cf3..1b4e195c0d3c9 100644 +--- a/drivers/block/zram/zram_drv.c ++++ b/drivers/block/zram/zram_drv.c +@@ -291,13 +291,14 @@ static void reset_bdev(struct zram *zram) + static ssize_t backing_dev_show(struct device *dev, + struct device_attribute *attr, char *buf) + { ++ struct file *file; + struct zram *zram = dev_to_zram(dev); +- struct file *file = zram->backing_dev; + char *p; + ssize_t ret; + + down_read(&zram->init_lock); +- if (!zram_wb_enabled(zram)) { ++ file = zram->backing_dev; ++ if (!file) { + memcpy(buf, "none\n", 5); + up_read(&zram->init_lock); + return 5; +-- +2.20.1 + -- 2.47.2