From c4f5946f065c56dac519459e77e14ac5f5dc85f6 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 18 Jan 2021 11:11:10 +0100 Subject: [PATCH] 5.10-stable patches added patches: alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch asoc-intel-fix-error-code-cnl_set_dsp_d0.patch asoc-meson-axg-tdm-interface-fix-loopback.patch asoc-meson-axg-tdmin-fix-axg-skew-offset.patch bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch dm-zoned-select-config_crc32.patch drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch dump_common_audit_data-fix-racy-accesses-to-d_name.patch ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch nfs-adjust-fs_context-error-logging.patch nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch nvme-don-t-intialize-hwmon-for-discovery-controllers.patch nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch nvme-tcp-fix-warning-with-config_debug_preempt.patch nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch perf-intel-pt-fix-cpu-too-large-error.patch pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch riscv-trace-irq-on-only-interrupt-is-enabled.patch scsi-ufs-fix-possible-power-drain-during-system-suspend.patch selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch umount-2-move-the-flag-validity-checks-first.patch --- ...nteger-overflow-in-transmit_midi_msg.patch | 41 ++++++ ...x-integer-overflow-in-midi_port_work.patch | 41 ++++++ ...-intel-fix-error-code-cnl_set_dsp_d0.patch | 33 +++++ ...meson-axg-tdm-interface-fix-loopback.patch | 62 ++++++++ ...-meson-axg-tdmin-fix-axg-skew-offset.patch | 56 ++++++++ ...e-accounting-with-rdma-driver-loaded.patch | 52 +++++++ ...source-of-excessive-kernel-log-noise.patch | 35 +++++ queue-5.10/dm-zoned-select-config_crc32.patch | 36 +++++ ...e-is-no-reset-deassert-mipi-sequence.patch | 75 ++++++++++ ...l-mitigations-for-ivybridge-baytrail.patch | 40 ++++++ ...dsc-power-refcount-during-hw-readout.patch | 41 ++++++ ...dit_data-fix-racy-accesses-to-d_name.patch | 45 ++++++ ...m-failure-when-setting-password-salt.patch | 38 +++++ ...unwinding-when-set_has_smi_cap-fails.patch | 34 +++++ ...resses-for-intel_flush_svm_range_dev.patch | 72 ++++++++++ ...put-pinned-pages-into-the-swap-cache.patch | 10 +- ...f-partial-list-if-acquire_slab-fails.patch | 47 +++++++ ...-return-value-of-kstrtou32-correctly.patch | 47 +++++++ ...ack-fix-reading-nf_conntrack_buckets.patch | 47 +++++++ ...er-nf_nat-fix-memleak-in-nf_nat_init.patch | 33 +++++ .../nfs-adjust-fs_context-error-logging.patch | 95 +++++++++++++ ...-must-first-reference-the-superblock.patch | 53 +++++++ ...-must-first-reference-the-superblock.patch | 43 ++++++ ...ket_lseg-before-removing-the-request.patch | 52 +++++++ ...commits-in-pnfs_generic_retry_commit.patch | 53 +++++++ ...f-the-layout-plh_outstanding-counter.patch | 30 ++++ ...-trace_event_raw_event_nfs4_set_lock.patch | 34 +++++ ...lize-hwmon-for-discovery-controllers.patch | 69 +++++++++ ...ible-data-corruption-with-bio-merges.patch | 42 ++++++ ...ix-warning-with-config_debug_preempt.patch | 35 +++++ ...ting-pi_enable-and-traddr-inaddr_any.patch | 57 ++++++++ ...erf-intel-pt-fix-cpu-too-large-error.patch | 75 ++++++++++ ...turn-if-return-on-close-was-not-sent.patch | 41 ++++++ ...dering-of-layoutget-and-layoutreturn.patch | 79 +++++++++++ ...-to-complete-when-evicting-the-inode.patch | 132 ++++++++++++++++++ ...free-of-blue-flame-register-on-error.patch | 36 +++++ ...t-as-an-error-allocation-id-wrapping.patch | 37 +++++ ...ak-in-find_free_vf_and_create_qp_grp.patch | 42 ++++++ ...ace-irq-on-only-interrupt-is-enabled.patch | 61 ++++++++ ...le-power-drain-during-system-suspend.patch | 52 +++++++ ...family-parameter-f-to-conntrack-tool.patch | 72 ++++++++++ queue-5.10/series | 41 ++++++ ...-move-the-flag-validity-checks-first.patch | 54 +++++++ 43 files changed, 2163 insertions(+), 7 deletions(-) create mode 100644 queue-5.10/alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch create mode 100644 queue-5.10/alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch create mode 100644 queue-5.10/asoc-intel-fix-error-code-cnl_set_dsp_d0.patch create mode 100644 queue-5.10/asoc-meson-axg-tdm-interface-fix-loopback.patch create mode 100644 queue-5.10/asoc-meson-axg-tdmin-fix-axg-skew-offset.patch create mode 100644 queue-5.10/bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch create mode 100644 queue-5.10/dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch create mode 100644 queue-5.10/dm-zoned-select-config_crc32.patch create mode 100644 queue-5.10/drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch create mode 100644 queue-5.10/drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch create mode 100644 queue-5.10/drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch create mode 100644 queue-5.10/dump_common_audit_data-fix-racy-accesses-to-d_name.patch create mode 100644 queue-5.10/ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch create mode 100644 queue-5.10/ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch create mode 100644 queue-5.10/iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch create mode 100644 queue-5.10/mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch create mode 100644 queue-5.10/net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch create mode 100644 queue-5.10/netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch create mode 100644 queue-5.10/netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch create mode 100644 queue-5.10/nfs-adjust-fs_context-error-logging.patch create mode 100644 queue-5.10/nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch create mode 100644 queue-5.10/nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch create mode 100644 queue-5.10/nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch create mode 100644 queue-5.10/nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch create mode 100644 queue-5.10/nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch create mode 100644 queue-5.10/nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch create mode 100644 queue-5.10/nvme-don-t-intialize-hwmon-for-discovery-controllers.patch create mode 100644 queue-5.10/nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch create mode 100644 queue-5.10/nvme-tcp-fix-warning-with-config_debug_preempt.patch create mode 100644 queue-5.10/nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch create mode 100644 queue-5.10/perf-intel-pt-fix-cpu-too-large-error.patch create mode 100644 queue-5.10/pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch create mode 100644 queue-5.10/pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch create mode 100644 queue-5.10/pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch create mode 100644 queue-5.10/rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch create mode 100644 queue-5.10/rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch create mode 100644 queue-5.10/rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch create mode 100644 queue-5.10/riscv-trace-irq-on-only-interrupt-is-enabled.patch create mode 100644 queue-5.10/scsi-ufs-fix-possible-power-drain-during-system-suspend.patch create mode 100644 queue-5.10/selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch create mode 100644 queue-5.10/umount-2-move-the-flag-validity-checks-first.patch diff --git a/queue-5.10/alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch b/queue-5.10/alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch new file mode 100644 index 00000000000..d7ad0ae2075 --- /dev/null +++ b/queue-5.10/alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch @@ -0,0 +1,41 @@ +From e7c22eeaff8565d9a8374f320238c251ca31480b Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Mon, 11 Jan 2021 14:02:50 +0100 +Subject: ALSA: fireface: Fix integer overflow in transmit_midi_msg() + +From: Geert Uytterhoeven + +commit e7c22eeaff8565d9a8374f320238c251ca31480b upstream. + +As snd_ff.rx_bytes[] is unsigned int, and NSEC_PER_SEC is 1000000000L, +the second multiplication in + + ff->rx_bytes[port] * 8 * NSEC_PER_SEC / 31250 + +always overflows on 32-bit platforms, truncating the result. Fix this +by precalculating "NSEC_PER_SEC / 31250", which is an integer constant. + +Note that this assumes ff->rx_bytes[port] <= 16777. + +Fixes: 19174295788de77d ("ALSA: fireface: add transaction support") +Reviewed-by: Takashi Sakamoto +Signed-off-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20210111130251.361335-2-geert+renesas@glider.be +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/fireface/ff-transaction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/firewire/fireface/ff-transaction.c ++++ b/sound/firewire/fireface/ff-transaction.c +@@ -88,7 +88,7 @@ static void transmit_midi_msg(struct snd + + /* Set interval to next transaction. */ + ff->next_ktime[port] = ktime_add_ns(ktime_get(), +- ff->rx_bytes[port] * 8 * NSEC_PER_SEC / 31250); ++ ff->rx_bytes[port] * 8 * (NSEC_PER_SEC / 31250)); + + if (quad_count == 1) + tcode = TCODE_WRITE_QUADLET_REQUEST; diff --git a/queue-5.10/alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch b/queue-5.10/alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch new file mode 100644 index 00000000000..be8d0a95bc6 --- /dev/null +++ b/queue-5.10/alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch @@ -0,0 +1,41 @@ +From 9f65df9c589f249435255da37a5dd11f1bc86f4d Mon Sep 17 00:00:00 2001 +From: Geert Uytterhoeven +Date: Mon, 11 Jan 2021 14:02:51 +0100 +Subject: ALSA: firewire-tascam: Fix integer overflow in midi_port_work() + +From: Geert Uytterhoeven + +commit 9f65df9c589f249435255da37a5dd11f1bc86f4d upstream. + +As snd_fw_async_midi_port.consume_bytes is unsigned int, and +NSEC_PER_SEC is 1000000000L, the second multiplication in + + port->consume_bytes * 8 * NSEC_PER_SEC / 31250 + +always overflows on 32-bit platforms, truncating the result. Fix this +by precalculating "NSEC_PER_SEC / 31250", which is an integer constant. + +Note that this assumes port->consume_bytes <= 16777. + +Fixes: 531f471834227d03 ("ALSA: firewire-lib/firewire-tascam: localize async midi port") +Reviewed-by: Takashi Sakamoto +Signed-off-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20210111130251.361335-3-geert+renesas@glider.be +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/firewire/tascam/tascam-transaction.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/firewire/tascam/tascam-transaction.c ++++ b/sound/firewire/tascam/tascam-transaction.c +@@ -209,7 +209,7 @@ static void midi_port_work(struct work_s + + /* Set interval to next transaction. */ + port->next_ktime = ktime_add_ns(ktime_get(), +- port->consume_bytes * 8 * NSEC_PER_SEC / 31250); ++ port->consume_bytes * 8 * (NSEC_PER_SEC / 31250)); + + /* Start this transaction. */ + port->idling = false; diff --git a/queue-5.10/asoc-intel-fix-error-code-cnl_set_dsp_d0.patch b/queue-5.10/asoc-intel-fix-error-code-cnl_set_dsp_d0.patch new file mode 100644 index 00000000000..76c84ed1ecf --- /dev/null +++ b/queue-5.10/asoc-intel-fix-error-code-cnl_set_dsp_d0.patch @@ -0,0 +1,33 @@ +From f373a811fd9a69fc8bafb9bcb41d2cfa36c62665 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 11 Dec 2020 13:06:52 +0300 +Subject: ASoC: Intel: fix error code cnl_set_dsp_D0() + +From: Dan Carpenter + +commit f373a811fd9a69fc8bafb9bcb41d2cfa36c62665 upstream. + +Return -ETIMEDOUT if the dsp boot times out instead of returning +success. + +Fixes: cb6a55284629 ("ASoC: Intel: cnl: Add sst library functions for cnl platform") +Signed-off-by: Dan Carpenter +Reviewed-by: Cezary Rojewski +Link: https://lore.kernel.org/r/X9NEvCzuN+IObnTN@mwanda +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/intel/skylake/cnl-sst.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/soc/intel/skylake/cnl-sst.c ++++ b/sound/soc/intel/skylake/cnl-sst.c +@@ -224,6 +224,7 @@ static int cnl_set_dsp_D0(struct sst_dsp + "dsp boot timeout, status=%#x error=%#x\n", + sst_dsp_shim_read(ctx, CNL_ADSP_FW_STATUS), + sst_dsp_shim_read(ctx, CNL_ADSP_ERROR_CODE)); ++ ret = -ETIMEDOUT; + goto err; + } + } else { diff --git a/queue-5.10/asoc-meson-axg-tdm-interface-fix-loopback.patch b/queue-5.10/asoc-meson-axg-tdm-interface-fix-loopback.patch new file mode 100644 index 00000000000..210b12c683d --- /dev/null +++ b/queue-5.10/asoc-meson-axg-tdm-interface-fix-loopback.patch @@ -0,0 +1,62 @@ +From 671ee4db952449acde126965bf76817a3159040d Mon Sep 17 00:00:00 2001 +From: Jerome Brunet +Date: Thu, 17 Dec 2020 16:08:12 +0100 +Subject: ASoC: meson: axg-tdm-interface: fix loopback + +From: Jerome Brunet + +commit 671ee4db952449acde126965bf76817a3159040d upstream. + +When the axg-tdm-interface was introduced, the backend DAI was marked as an +endpoint when DPCM was walking the DAPM graph to find a its BE. + +It is no longer the case since this +commit 8dd26dff00c0 ("ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks") +Because of this, when DPCM finds a BE it does everything it needs on the +DAIs but it won't power up the widgets between the FE and the BE if there +is no actual endpoint after the BE. + +On meson-axg HWs, the loopback is a special DAI of the tdm-interface BE. +It is only linked to the dummy codec since there no actual HW after it. +>From the DAPM perspective, the DAI has no endpoint. Because of this, the TDM +decoder, which is a widget between the FE and BE is not powered up. + +>From the user perspective, everything seems fine but no data is produced. + +Connecting the Loopback DAI to a dummy DAPM endpoint solves the problem. + +Fixes: 8dd26dff00c0 ("ASoC: dapm: Fix handling of custom_stop_condition on DAPM graph walks") +Cc: Charles Keepax +Signed-off-by: Jerome Brunet +Link: https://lore.kernel.org/r/20201217150812.3247405-1-jbrunet@baylibre.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/meson/axg-tdm-interface.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/sound/soc/meson/axg-tdm-interface.c ++++ b/sound/soc/meson/axg-tdm-interface.c +@@ -467,8 +467,20 @@ static int axg_tdm_iface_set_bias_level( + return ret; + } + ++static const struct snd_soc_dapm_widget axg_tdm_iface_dapm_widgets[] = { ++ SND_SOC_DAPM_SIGGEN("Playback Signal"), ++}; ++ ++static const struct snd_soc_dapm_route axg_tdm_iface_dapm_routes[] = { ++ { "Loopback", NULL, "Playback Signal" }, ++}; ++ + static const struct snd_soc_component_driver axg_tdm_iface_component_drv = { +- .set_bias_level = axg_tdm_iface_set_bias_level, ++ .dapm_widgets = axg_tdm_iface_dapm_widgets, ++ .num_dapm_widgets = ARRAY_SIZE(axg_tdm_iface_dapm_widgets), ++ .dapm_routes = axg_tdm_iface_dapm_routes, ++ .num_dapm_routes = ARRAY_SIZE(axg_tdm_iface_dapm_routes), ++ .set_bias_level = axg_tdm_iface_set_bias_level, + }; + + static const struct of_device_id axg_tdm_iface_of_match[] = { diff --git a/queue-5.10/asoc-meson-axg-tdmin-fix-axg-skew-offset.patch b/queue-5.10/asoc-meson-axg-tdmin-fix-axg-skew-offset.patch new file mode 100644 index 00000000000..faae6882f7e --- /dev/null +++ b/queue-5.10/asoc-meson-axg-tdmin-fix-axg-skew-offset.patch @@ -0,0 +1,56 @@ +From a84dfb3d55934253de6aed38ad75990278a2d21e Mon Sep 17 00:00:00 2001 +From: Jerome Brunet +Date: Thu, 17 Dec 2020 16:08:34 +0100 +Subject: ASoC: meson: axg-tdmin: fix axg skew offset + +From: Jerome Brunet + +commit a84dfb3d55934253de6aed38ad75990278a2d21e upstream. + +The signal captured on from tdm decoder of the AXG SoC is incorrect. It +appears amplified. The skew offset of the decoder is wrong. + +Setting the skew offset to 3, like the g12 and sm1 SoCs, solves and gives +correct data. + +Fixes: 13a22e6a98f8 ("ASoC: meson: add tdm input driver") +Signed-off-by: Jerome Brunet +Link: https://lore.kernel.org/r/20201217150834.3247526-1-jbrunet@baylibre.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/meson/axg-tdmin.c | 13 ++----------- + 1 file changed, 2 insertions(+), 11 deletions(-) + +--- a/sound/soc/meson/axg-tdmin.c ++++ b/sound/soc/meson/axg-tdmin.c +@@ -228,15 +228,6 @@ static const struct axg_tdm_formatter_dr + .regmap_cfg = &axg_tdmin_regmap_cfg, + .ops = &axg_tdmin_ops, + .quirks = &(const struct axg_tdm_formatter_hw) { +- .skew_offset = 2, +- }, +-}; +- +-static const struct axg_tdm_formatter_driver g12a_tdmin_drv = { +- .component_drv = &axg_tdmin_component_drv, +- .regmap_cfg = &axg_tdmin_regmap_cfg, +- .ops = &axg_tdmin_ops, +- .quirks = &(const struct axg_tdm_formatter_hw) { + .skew_offset = 3, + }, + }; +@@ -247,10 +238,10 @@ static const struct of_device_id axg_tdm + .data = &axg_tdmin_drv, + }, { + .compatible = "amlogic,g12a-tdmin", +- .data = &g12a_tdmin_drv, ++ .data = &axg_tdmin_drv, + }, { + .compatible = "amlogic,sm1-tdmin", +- .data = &g12a_tdmin_drv, ++ .data = &axg_tdmin_drv, + }, {} + }; + MODULE_DEVICE_TABLE(of, axg_tdmin_of_match); diff --git a/queue-5.10/bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch b/queue-5.10/bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch new file mode 100644 index 00000000000..c07f9442fd5 --- /dev/null +++ b/queue-5.10/bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch @@ -0,0 +1,52 @@ +From 869c4d5eb1e6fbda66aa790c48bdb946d71494a0 Mon Sep 17 00:00:00 2001 +From: Michael Chan +Date: Mon, 11 Jan 2021 04:26:39 -0500 +Subject: bnxt_en: Improve stats context resource accounting with RDMA driver loaded. + +From: Michael Chan + +commit 869c4d5eb1e6fbda66aa790c48bdb946d71494a0 upstream. + +The function bnxt_get_ulp_stat_ctxs() does not count the stats contexts +used by the RDMA driver correctly when the RDMA driver is freeing the +MSIX vectors. It assumes that if the RDMA driver is registered, the +additional stats contexts will be needed. This is not true when the +RDMA driver is about to unregister and frees the MSIX vectors. + +This slight error leads to over accouting of the stats contexts needed +after the RDMA driver has unloaded. This will cause some firmware +warning and error messages in dmesg during subsequent config. changes +or ifdown/ifup. + +Fix it by properly accouting for extra stats contexts only if the +RDMA driver is registered and MSIX vectors have been successfully +requested. + +Fixes: c027c6b4e91f ("bnxt_en: get rid of num_stat_ctxs variable") +Reviewed-by: Yongping Zhang +Reviewed-by: Pavan Chebbi +Signed-off-by: Michael Chan +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c ++++ b/drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c +@@ -222,8 +222,12 @@ int bnxt_get_ulp_msix_base(struct bnxt * + + int bnxt_get_ulp_stat_ctxs(struct bnxt *bp) + { +- if (bnxt_ulp_registered(bp->edev, BNXT_ROCE_ULP)) +- return BNXT_MIN_ROCE_STAT_CTXS; ++ if (bnxt_ulp_registered(bp->edev, BNXT_ROCE_ULP)) { ++ struct bnxt_en_dev *edev = bp->edev; ++ ++ if (edev->ulp_tbl[BNXT_ROCE_ULP].msix_requested) ++ return BNXT_MIN_ROCE_STAT_CTXS; ++ } + + return 0; + } diff --git a/queue-5.10/dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch b/queue-5.10/dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch new file mode 100644 index 00000000000..bb3dbd46ff0 --- /dev/null +++ b/queue-5.10/dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch @@ -0,0 +1,35 @@ +From 0378c625afe80eb3f212adae42cc33c9f6f31abf Mon Sep 17 00:00:00 2001 +From: Mike Snitzer +Date: Wed, 6 Jan 2021 18:19:05 -0500 +Subject: dm: eliminate potential source of excessive kernel log noise + +From: Mike Snitzer + +commit 0378c625afe80eb3f212adae42cc33c9f6f31abf upstream. + +There wasn't ever a real need to log an error in the kernel log for +ioctls issued with insufficient permissions. Simply return an error +and if an admin/user is sufficiently motivated they can enable DM's +dynamic debugging to see an explanation for why the ioctls were +disallowed. + +Reported-by: Nir Soffer +Fixes: e980f62353c6 ("dm: don't allow ioctls to targets that don't map to whole devices") +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/dm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -562,7 +562,7 @@ static int dm_blk_ioctl(struct block_dev + * subset of the parent bdev; require extra privileges. + */ + if (!capable(CAP_SYS_RAWIO)) { +- DMWARN_LIMIT( ++ DMDEBUG_LIMIT( + "%s: sending ioctl %x to DM device without required privilege.", + current->comm, cmd); + r = -ENOIOCTLCMD; diff --git a/queue-5.10/dm-zoned-select-config_crc32.patch b/queue-5.10/dm-zoned-select-config_crc32.patch new file mode 100644 index 00000000000..749a117b6d3 --- /dev/null +++ b/queue-5.10/dm-zoned-select-config_crc32.patch @@ -0,0 +1,36 @@ +From b690bd546b227c32b860dae985a18bed8aa946fe Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Sun, 3 Jan 2021 22:40:51 +0100 +Subject: dm zoned: select CONFIG_CRC32 + +From: Arnd Bergmann + +commit b690bd546b227c32b860dae985a18bed8aa946fe upstream. + +Without crc32 support, this driver fails to link: + +arm-linux-gnueabi-ld: drivers/md/dm-zoned-metadata.o: in function `dmz_write_sb': +dm-zoned-metadata.c:(.text+0xe98): undefined reference to `crc32_le' +arm-linux-gnueabi-ld: drivers/md/dm-zoned-metadata.o: in function `dmz_check_sb': +dm-zoned-metadata.c:(.text+0x7978): undefined reference to `crc32_le' + +Fixes: 3b1a94c88b79 ("dm zoned: drive-managed zoned block device target") +Signed-off-by: Arnd Bergmann +Reviewed-by: Damien Le Moal +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/md/Kconfig ++++ b/drivers/md/Kconfig +@@ -602,6 +602,7 @@ config DM_ZONED + tristate "Drive-managed zoned block device target support" + depends on BLK_DEV_DM + depends on BLK_DEV_ZONED ++ select CRC32 + help + This device-mapper target takes a host-managed or host-aware zoned + block device and exposes most of its capacity as a regular block diff --git a/queue-5.10/drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch b/queue-5.10/drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch new file mode 100644 index 00000000000..8cacb2c24ef --- /dev/null +++ b/queue-5.10/drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch @@ -0,0 +1,75 @@ +From 00cb645fd7e29bdd20967cd20fa8f77bcdf422f9 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Wed, 18 Nov 2020 13:40:58 +0100 +Subject: drm/i915/dsi: Use unconditional msleep for the panel_on_delay when there is no reset-deassert MIPI-sequence +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hans de Goede + +commit 00cb645fd7e29bdd20967cd20fa8f77bcdf422f9 upstream. + +Commit 25b4620ee822 ("drm/i915/dsi: Skip delays for v3 VBTs in vid-mode") +added an intel_dsi_msleep() helper which skips sleeping if the +MIPI-sequences have a version of 3 or newer and the panel is in vid-mode; +and it moved a bunch of msleep-s over to this new helper. + +This was based on my reading of the big comment around line 730 which +starts with "Panel enable/disable sequences from the VBT spec.", +where the "v3 video mode seq" column does not have any wait t# entries. + +Given that this code has been used on a lot of different devices without +issues until now, it seems that my interpretation of the spec here is +mostly correct. + +But now I have encountered one device, an Acer Aspire Switch 10 E +SW3-016, where the panel will not light up unless we do actually honor the +panel_on_delay after exexuting the MIPI_SEQ_PANEL_ON sequence. + +What seems to set this model apart is that it is lacking a +MIPI_SEQ_DEASSERT_RESET sequence, which is where the power-on +delay usually happens. + +Fix the panel not lighting up on this model by using an unconditional +msleep(panel_on_delay) instead of intel_dsi_msleep() when there is +no MIPI_SEQ_DEASSERT_RESET sequence. + +Fixes: 25b4620ee822 ("drm/i915/dsi: Skip delays for v3 VBTs in vid-mode") +Signed-off-by: Hans de Goede +Reviewed-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20201118124058.26021-1-hdegoede@redhat.com +(cherry picked from commit 6fdb335f1c9c0845b50625de1624d8445c4c4a07) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/display/vlv_dsi.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/i915/display/vlv_dsi.c ++++ b/drivers/gpu/drm/i915/display/vlv_dsi.c +@@ -812,10 +812,20 @@ static void intel_dsi_pre_enable(struct + intel_dsi_prepare(encoder, pipe_config); + + intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_POWER_ON); +- intel_dsi_msleep(intel_dsi, intel_dsi->panel_on_delay); + +- /* Deassert reset */ +- intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DEASSERT_RESET); ++ /* ++ * Give the panel time to power-on and then deassert its reset. ++ * Depending on the VBT MIPI sequences version the deassert-seq ++ * may contain the necessary delay, intel_dsi_msleep() will skip ++ * the delay in that case. If there is no deassert-seq, then an ++ * unconditional msleep is used to give the panel time to power-on. ++ */ ++ if (dev_priv->vbt.dsi.sequence[MIPI_SEQ_DEASSERT_RESET]) { ++ intel_dsi_msleep(intel_dsi, intel_dsi->panel_on_delay); ++ intel_dsi_vbt_exec_sequence(intel_dsi, MIPI_SEQ_DEASSERT_RESET); ++ } else { ++ msleep(intel_dsi->panel_on_delay); ++ } + + if (IS_GEMINILAKE(dev_priv)) { + glk_cold_boot = glk_dsi_enable_io(encoder); diff --git a/queue-5.10/drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch b/queue-5.10/drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch new file mode 100644 index 00000000000..2a8be6c82f5 --- /dev/null +++ b/queue-5.10/drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch @@ -0,0 +1,40 @@ +From 09aa9e45863e9e25dfbf350bae89fc3c2964482c Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Mon, 11 Jan 2021 22:52:19 +0000 +Subject: drm/i915/gt: Restore clear-residual mitigations for Ivybridge, Baytrail + +From: Chris Wilson + +commit 09aa9e45863e9e25dfbf350bae89fc3c2964482c upstream. + +The mitigation is required for all gen7 platforms, now that it does not +cause GPU hangs, restore it for Ivybridge and Baytrail. + +Fixes: 47f8253d2b89 ("drm/i915/gen7: Clear all EU/L3 residual contexts") +Signed-off-by: Chris Wilson +Cc: Mika Kuoppala +Cc: Prathap Kumar Valsan +Cc: Akeem G Abodunrin +Cc: Bloomfield Jon +Reviewed-by: Akeem G Abodunrin +Reviewed-by: Rodrigo Vivi +Link: https://patchwork.freedesktop.org/patch/msgid/20210111225220.3483-2-chris@chris-wilson.co.uk +(cherry picked from commit 008ead6ef8f588a8c832adfe9db201d9be5fd410) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/gt/intel_ring_submission.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/i915/gt/intel_ring_submission.c ++++ b/drivers/gpu/drm/i915/gt/intel_ring_submission.c +@@ -1291,7 +1291,7 @@ int intel_ring_submission_setup(struct i + + GEM_BUG_ON(timeline->hwsp_ggtt != engine->status_page.vma); + +- if (IS_HASWELL(engine->i915) && engine->class == RENDER_CLASS) { ++ if (IS_GEN(engine->i915, 7) && engine->class == RENDER_CLASS) { + err = gen7_ctx_switch_bb_init(engine); + if (err) + goto err_ring_unpin; diff --git a/queue-5.10/drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch b/queue-5.10/drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch new file mode 100644 index 00000000000..ebf1b6312be --- /dev/null +++ b/queue-5.10/drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch @@ -0,0 +1,41 @@ +From 2af5268180410b874fc06be91a1b2fbb22b1be0c Mon Sep 17 00:00:00 2001 +From: Imre Deak +Date: Wed, 9 Dec 2020 17:39:52 +0200 +Subject: drm/i915/icl: Fix initing the DSI DSC power refcount during HW readout + +From: Imre Deak + +commit 2af5268180410b874fc06be91a1b2fbb22b1be0c upstream. + +For an enabled DSC during HW readout the corresponding power reference +is taken along the CRTC power domain references in +get_crtc_power_domains(). Remove the incorrect get ref from the DSI +encoder hook. + +Fixes: 2b68392e638d ("drm/i915/dsi: add support for DSC") +Cc: Vandita Kulkarni +Cc: Jani Nikula +Signed-off-by: Imre Deak +Reviewed-by: Anshuman Gupta +Link: https://patchwork.freedesktop.org/patch/msgid/20201209153952.3397959-1-imre.deak@intel.com +(cherry picked from commit 3a9ec563a4ff770ae647f6ee539810f1866866c9) +Signed-off-by: Jani Nikula +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/gpu/drm/i915/display/icl_dsi.c | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/drivers/gpu/drm/i915/display/icl_dsi.c ++++ b/drivers/gpu/drm/i915/display/icl_dsi.c +@@ -1585,10 +1585,6 @@ static void gen11_dsi_get_power_domains( + + get_dsi_io_power_domains(i915, + enc_to_intel_dsi(encoder)); +- +- if (crtc_state->dsc.compression_enable) +- intel_display_power_get(i915, +- intel_dsc_power_domain(crtc_state)); + } + + static bool gen11_dsi_get_hw_state(struct intel_encoder *encoder, diff --git a/queue-5.10/dump_common_audit_data-fix-racy-accesses-to-d_name.patch b/queue-5.10/dump_common_audit_data-fix-racy-accesses-to-d_name.patch new file mode 100644 index 00000000000..cfbcaa406ec --- /dev/null +++ b/queue-5.10/dump_common_audit_data-fix-racy-accesses-to-d_name.patch @@ -0,0 +1,45 @@ +From d36a1dd9f77ae1e72da48f4123ed35627848507d Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Tue, 5 Jan 2021 14:43:46 -0500 +Subject: dump_common_audit_data(): fix racy accesses to ->d_name + +From: Al Viro + +commit d36a1dd9f77ae1e72da48f4123ed35627848507d upstream. + +We are not guaranteed the locking environment that would prevent +dentry getting renamed right under us. And it's possible for +old long name to be freed after rename, leading to UAF here. + +Cc: stable@kernel.org # v2.6.2+ +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + security/lsm_audit.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/security/lsm_audit.c ++++ b/security/lsm_audit.c +@@ -278,7 +278,9 @@ static void dump_common_audit_data(struc + struct inode *inode; + + audit_log_format(ab, " name="); ++ spin_lock(&a->u.dentry->d_lock); + audit_log_untrustedstring(ab, a->u.dentry->d_name.name); ++ spin_unlock(&a->u.dentry->d_lock); + + inode = d_backing_inode(a->u.dentry); + if (inode) { +@@ -297,8 +299,9 @@ static void dump_common_audit_data(struc + dentry = d_find_alias(inode); + if (dentry) { + audit_log_format(ab, " name="); +- audit_log_untrustedstring(ab, +- dentry->d_name.name); ++ spin_lock(&dentry->d_lock); ++ audit_log_untrustedstring(ab, dentry->d_name.name); ++ spin_unlock(&dentry->d_lock); + dput(dentry); + } + audit_log_format(ab, " dev="); diff --git a/queue-5.10/ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch b/queue-5.10/ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch new file mode 100644 index 00000000000..860b57b0cc4 --- /dev/null +++ b/queue-5.10/ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch @@ -0,0 +1,38 @@ +From dfd56c2c0c0dbb11be939b804ddc8d5395ab3432 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Wed, 16 Dec 2020 11:18:43 +0100 +Subject: ext4: fix superblock checksum failure when setting password salt + +From: Jan Kara + +commit dfd56c2c0c0dbb11be939b804ddc8d5395ab3432 upstream. + +When setting password salt in the superblock, we forget to recompute the +superblock checksum so it will not match until the next superblock +modification which recomputes the checksum. Fix it. + +CC: Michael Halcrow +Reported-by: Andreas Dilger +Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support") +Signed-off-by: Jan Kara +Link: https://lore.kernel.org/r/20201216101844.22917-8-jack@suse.cz +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/ioctl.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/fs/ext4/ioctl.c ++++ b/fs/ext4/ioctl.c +@@ -1157,7 +1157,10 @@ resizefs_out: + err = ext4_journal_get_write_access(handle, sbi->s_sbh); + if (err) + goto pwsalt_err_journal; ++ lock_buffer(sbi->s_sbh); + generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); ++ ext4_superblock_csum_set(sb); ++ unlock_buffer(sbi->s_sbh); + err = ext4_handle_dirty_metadata(handle, NULL, + sbi->s_sbh); + pwsalt_err_journal: diff --git a/queue-5.10/ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch b/queue-5.10/ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch new file mode 100644 index 00000000000..1eb7f3b9c03 --- /dev/null +++ b/queue-5.10/ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch @@ -0,0 +1,34 @@ +From 2cb091f6293df898b47f4e0f2e54324e2bbaf816 Mon Sep 17 00:00:00 2001 +From: Parav Pandit +Date: Wed, 13 Jan 2021 14:17:00 +0200 +Subject: IB/mlx5: Fix error unwinding when set_has_smi_cap fails + +From: Parav Pandit + +commit 2cb091f6293df898b47f4e0f2e54324e2bbaf816 upstream. + +When set_has_smi_cap() fails, multiport master cleanup is missed. Fix it +by doing the correct error unwinding goto. + +Fixes: a989ea01cb10 ("RDMA/mlx5: Move SMI caps logic") +Link: https://lore.kernel.org/r/20210113121703.559778-3-leon@kernel.org +Signed-off-by: Parav Pandit +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/mlx5/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/hw/mlx5/main.c ++++ b/drivers/infiniband/hw/mlx5/main.c +@@ -3950,7 +3950,7 @@ static int mlx5_ib_stage_init_init(struc + + err = set_has_smi_cap(dev); + if (err) +- return err; ++ goto err_mp; + + if (!mlx5_core_mp_enabled(mdev)) { + for (i = 1; i <= dev->num_ports; i++) { diff --git a/queue-5.10/iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch b/queue-5.10/iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch new file mode 100644 index 00000000000..99efa654151 --- /dev/null +++ b/queue-5.10/iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch @@ -0,0 +1,72 @@ +From 2d6ffc63f12417b979955a5b22ad9a76d2af5de9 Mon Sep 17 00:00:00 2001 +From: Lu Baolu +Date: Thu, 31 Dec 2020 08:53:20 +0800 +Subject: iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() + +From: Lu Baolu + +commit 2d6ffc63f12417b979955a5b22ad9a76d2af5de9 upstream. + +The VT-d hardware will ignore those Addr bits which have been masked by +the AM field in the PASID-based-IOTLB invalidation descriptor. As the +result, if the starting address in the descriptor is not aligned with +the address mask, some IOTLB caches might not invalidate. Hence people +will see below errors. + +[ 1093.704661] dmar_fault: 29 callbacks suppressed +[ 1093.704664] DMAR: DRHD: handling fault status reg 3 +[ 1093.712738] DMAR: [DMA Read] Request device [7a:02.0] PASID 2 + fault addr 7f81c968d000 [fault reason 113] + SM: Present bit in first-level paging entry is clear + +Fix this by using aligned address for PASID-based-IOTLB invalidation. + +Fixes: 1c4f88b7f1f9 ("iommu/vt-d: Shared virtual address in scalable mode") +Reported-and-tested-by: Guo Kaijie +Signed-off-by: Lu Baolu +Link: https://lore.kernel.org/r/20201231005323.2178523-2-baolu.lu@linux.intel.com +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/iommu/intel/svm.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +--- a/drivers/iommu/intel/svm.c ++++ b/drivers/iommu/intel/svm.c +@@ -118,8 +118,10 @@ void intel_svm_check(struct intel_iommu + iommu->flags |= VTD_FLAG_SVM_CAPABLE; + } + +-static void intel_flush_svm_range_dev (struct intel_svm *svm, struct intel_svm_dev *sdev, +- unsigned long address, unsigned long pages, int ih) ++static void __flush_svm_range_dev(struct intel_svm *svm, ++ struct intel_svm_dev *sdev, ++ unsigned long address, ++ unsigned long pages, int ih) + { + struct qi_desc desc; + +@@ -170,6 +172,22 @@ static void intel_flush_svm_range_dev (s + } + } + ++static void intel_flush_svm_range_dev(struct intel_svm *svm, ++ struct intel_svm_dev *sdev, ++ unsigned long address, ++ unsigned long pages, int ih) ++{ ++ unsigned long shift = ilog2(__roundup_pow_of_two(pages)); ++ unsigned long align = (1ULL << (VTD_PAGE_SHIFT + shift)); ++ unsigned long start = ALIGN_DOWN(address, align); ++ unsigned long end = ALIGN(address + (pages << VTD_PAGE_SHIFT), align); ++ ++ while (start < end) { ++ __flush_svm_range_dev(svm, sdev, start, align >> VTD_PAGE_SHIFT, ih); ++ start += align; ++ } ++} ++ + static void intel_flush_svm_range(struct intel_svm *svm, unsigned long address, + unsigned long pages, int ih) + { diff --git a/queue-5.10/mm-don-t-put-pinned-pages-into-the-swap-cache.patch b/queue-5.10/mm-don-t-put-pinned-pages-into-the-swap-cache.patch index c370431cb3c..5589923d902 100644 --- a/queue-5.10/mm-don-t-put-pinned-pages-into-the-swap-cache.patch +++ b/queue-5.10/mm-don-t-put-pinned-pages-into-the-swap-cache.patch @@ -56,15 +56,14 @@ Cc: Jens Axboe Cc: Peter Xu Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin +Signed-off-by: Greg Kroah-Hartman --- - mm/vmscan.c | 2 ++ + mm/vmscan.c | 2 ++ 1 file changed, 2 insertions(+) -diff --git a/mm/vmscan.c b/mm/vmscan.c -index 0ec6321e98878..4c5a9b2286bf5 100644 --- a/mm/vmscan.c +++ b/mm/vmscan.c -@@ -1240,6 +1240,8 @@ static unsigned int shrink_page_list(struct list_head *page_list, +@@ -1240,6 +1240,8 @@ static unsigned int shrink_page_list(str if (!PageSwapCache(page)) { if (!(sc->gfp_mask & __GFP_IO)) goto keep_locked; @@ -73,6 +72,3 @@ index 0ec6321e98878..4c5a9b2286bf5 100644 if (PageTransHuge(page)) { /* cannot split THP, skip it */ if (!can_split_huge_page(page, NULL)) --- -2.27.0 - diff --git a/queue-5.10/mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch b/queue-5.10/mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch new file mode 100644 index 00000000000..72120be10cd --- /dev/null +++ b/queue-5.10/mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch @@ -0,0 +1,47 @@ +From 8ff60eb052eeba95cfb3efe16b08c9199f8121cf Mon Sep 17 00:00:00 2001 +From: Jann Horn +Date: Tue, 12 Jan 2021 15:49:04 -0800 +Subject: mm, slub: consider rest of partial list if acquire_slab() fails + +From: Jann Horn + +commit 8ff60eb052eeba95cfb3efe16b08c9199f8121cf upstream. + +acquire_slab() fails if there is contention on the freelist of the page +(probably because some other CPU is concurrently freeing an object from +the page). In that case, it might make sense to look for a different page +(since there might be more remote frees to the page from other CPUs, and +we don't want contention on struct page). + +However, the current code accidentally stops looking at the partial list +completely in that case. Especially on kernels without CONFIG_NUMA set, +this means that get_partial() fails and new_slab_objects() falls back to +new_slab(), allocating new pages. This could lead to an unnecessary +increase in memory fragmentation. + +Link: https://lkml.kernel.org/r/20201228130853.1871516-1-jannh@google.com +Fixes: 7ced37197196 ("slub: Acquire_slab() avoid loop") +Signed-off-by: Jann Horn +Acked-by: David Rientjes +Acked-by: Joonsoo Kim +Cc: Christoph Lameter +Cc: Pekka Enberg +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/slub.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/slub.c ++++ b/mm/slub.c +@@ -1971,7 +1971,7 @@ static void *get_partial_node(struct kme + + t = acquire_slab(s, n, page, object == NULL, &objects); + if (!t) +- break; ++ continue; /* cmpxchg raced */ + + available += objects; + if (!object) { diff --git a/queue-5.10/net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch b/queue-5.10/net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch new file mode 100644 index 00000000000..e967120fa88 --- /dev/null +++ b/queue-5.10/net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch @@ -0,0 +1,47 @@ +From 86b53fbf08f48d353a86a06aef537e78e82ba721 Mon Sep 17 00:00:00 2001 +From: "j.nixdorf@avm.de" +Date: Tue, 5 Jan 2021 15:17:01 +0100 +Subject: net: sunrpc: interpret the return value of kstrtou32 correctly + +From: j.nixdorf@avm.de + +commit 86b53fbf08f48d353a86a06aef537e78e82ba721 upstream. + +A return value of 0 means success. This is documented in lib/kstrtox.c. + +This was found by trying to mount an NFS share from a link-local IPv6 +address with the interface specified by its index: + + mount("[fe80::1%1]:/srv/nfs", "/mnt", "nfs", 0, "nolock,addr=fe80::1%1") + +Before this commit this failed with EINVAL and also caused the following +message in dmesg: + + [...] NFS: bad IP address specified: addr=fe80::1%1 + +The syscall using the same address based on the interface name instead +of its index succeeds. + +Credits for this patch go to my colleague Christian Speich, who traced +the origin of this bug to this line of code. + +Signed-off-by: Johannes Nixdorf +Fixes: 00cfaa943ec3 ("replace strict_strto calls") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + net/sunrpc/addr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/sunrpc/addr.c ++++ b/net/sunrpc/addr.c +@@ -185,7 +185,7 @@ static int rpc_parse_scope_id(struct net + scope_id = dev->ifindex; + dev_put(dev); + } else { +- if (kstrtou32(p, 10, &scope_id) == 0) { ++ if (kstrtou32(p, 10, &scope_id) != 0) { + kfree(p); + return 0; + } diff --git a/queue-5.10/netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch b/queue-5.10/netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch new file mode 100644 index 00000000000..bf15fc91964 --- /dev/null +++ b/queue-5.10/netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch @@ -0,0 +1,47 @@ +From f6351c3f1c27c80535d76cac2299aec44c36291e Mon Sep 17 00:00:00 2001 +From: Jesper Dangaard Brouer +Date: Fri, 8 Jan 2021 12:44:33 +0100 +Subject: netfilter: conntrack: fix reading nf_conntrack_buckets + +From: Jesper Dangaard Brouer + +commit f6351c3f1c27c80535d76cac2299aec44c36291e upstream. + +The old way of changing the conntrack hashsize runtime was through changing +the module param via file /sys/module/nf_conntrack/parameters/hashsize. This +was extended to sysctl change in commit 3183ab8997a4 ("netfilter: conntrack: +allow increasing bucket size via sysctl too"). + +The commit introduced second "user" variable nf_conntrack_htable_size_user +which shadow actual variable nf_conntrack_htable_size. When hashsize is +changed via module param this "user" variable isn't updated. This results in +sysctl net/netfilter/nf_conntrack_buckets shows the wrong value when users +update via the old way. + +This patch fix the issue by always updating "user" variable when reading the +proc file. This will take care of changes to the actual variable without +sysctl need to be aware. + +Fixes: 3183ab8997a4 ("netfilter: conntrack: allow increasing bucket size via sysctl too") +Reported-by: Yoel Caspersen +Signed-off-by: Jesper Dangaard Brouer +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_conntrack_standalone.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -523,6 +523,9 @@ nf_conntrack_hash_sysctl(struct ctl_tabl + { + int ret; + ++ /* module_param hashsize could have changed value */ ++ nf_conntrack_htable_size_user = nf_conntrack_htable_size; ++ + ret = proc_dointvec(table, write, buffer, lenp, ppos); + if (ret < 0 || !write) + return ret; diff --git a/queue-5.10/netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch b/queue-5.10/netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch new file mode 100644 index 00000000000..9e1c2e9d6ca --- /dev/null +++ b/queue-5.10/netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch @@ -0,0 +1,33 @@ +From 869f4fdaf4ca7bb6e0d05caf6fa1108dddc346a7 Mon Sep 17 00:00:00 2001 +From: Dinghao Liu +Date: Sat, 9 Jan 2021 20:01:21 +0800 +Subject: netfilter: nf_nat: Fix memleak in nf_nat_init + +From: Dinghao Liu + +commit 869f4fdaf4ca7bb6e0d05caf6fa1108dddc346a7 upstream. + +When register_pernet_subsys() fails, nf_nat_bysource +should be freed just like when nf_ct_extend_register() +fails. + +Fixes: 1cd472bf036ca ("netfilter: nf_nat: add nat hook register functions to nf_nat") +Signed-off-by: Dinghao Liu +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + net/netfilter/nf_nat_core.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/netfilter/nf_nat_core.c ++++ b/net/netfilter/nf_nat_core.c +@@ -1174,6 +1174,7 @@ static int __init nf_nat_init(void) + ret = register_pernet_subsys(&nat_net_ops); + if (ret < 0) { + nf_ct_extend_unregister(&nat_extend); ++ kvfree(nf_nat_bysource); + return ret; + } + diff --git a/queue-5.10/nfs-adjust-fs_context-error-logging.patch b/queue-5.10/nfs-adjust-fs_context-error-logging.patch new file mode 100644 index 00000000000..b6876ed1dfe --- /dev/null +++ b/queue-5.10/nfs-adjust-fs_context-error-logging.patch @@ -0,0 +1,95 @@ +From c98e9daa59a611ff4e163689815f40380c912415 Mon Sep 17 00:00:00 2001 +From: Scott Mayhew +Date: Tue, 5 Jan 2021 08:54:32 -0500 +Subject: NFS: Adjust fs_context error logging + +From: Scott Mayhew + +commit c98e9daa59a611ff4e163689815f40380c912415 upstream. + +Several existing dprink()/dfprintk() calls were converted to use the new +mount API logging macros by commit ce8866f0913f ("NFS: Attach +supplementary error information to fs_context"). If the fs_context was +not created using fsopen() then it will not have had a log buffer +allocated for it, and the new mount API logging macros will wind up +calling printk(). + +This can result in syslog messages being logged where previously there +were none... most notably "NFS4: Couldn't follow remote path", which can +happen if the client is auto-negotiating a protocol version with an NFS +server that doesn't support the higher v4.x versions. + +Convert the nfs_errorf(), nfs_invalf(), and nfs_warnf() macros to check +for the existence of the fs_context's log buffer and call dprintk() if +it doesn't exist. Add nfs_ferrorf(), nfs_finvalf(), and nfs_warnf(), +which do the same thing but take an NFS debug flag as an argument and +call dfprintk(). Finally, modify the "NFS4: Couldn't follow remote +path" message to use nfs_ferrorf(). + +Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=207385 +Signed-off-by: Scott Mayhew +Reviewed-by: Benjamin Coddington +Fixes: ce8866f0913f ("NFS: Attach supplementary error information to fs_context.") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/internal.h | 26 +++++++++++++++++++++++--- + fs/nfs/nfs4super.c | 4 ++-- + 2 files changed, 25 insertions(+), 5 deletions(-) + +--- a/fs/nfs/internal.h ++++ b/fs/nfs/internal.h +@@ -142,9 +142,29 @@ struct nfs_fs_context { + } clone_data; + }; + +-#define nfs_errorf(fc, fmt, ...) errorf(fc, fmt, ## __VA_ARGS__) +-#define nfs_invalf(fc, fmt, ...) invalf(fc, fmt, ## __VA_ARGS__) +-#define nfs_warnf(fc, fmt, ...) warnf(fc, fmt, ## __VA_ARGS__) ++#define nfs_errorf(fc, fmt, ...) ((fc)->log.log ? \ ++ errorf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dprintk(fmt "\n", ## __VA_ARGS__); })) ++ ++#define nfs_ferrorf(fc, fac, fmt, ...) ((fc)->log.log ? \ ++ errorf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dfprintk(fac, fmt "\n", ## __VA_ARGS__); })) ++ ++#define nfs_invalf(fc, fmt, ...) ((fc)->log.log ? \ ++ invalf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dprintk(fmt "\n", ## __VA_ARGS__); -EINVAL; })) ++ ++#define nfs_finvalf(fc, fac, fmt, ...) ((fc)->log.log ? \ ++ invalf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dfprintk(fac, fmt "\n", ## __VA_ARGS__); -EINVAL; })) ++ ++#define nfs_warnf(fc, fmt, ...) ((fc)->log.log ? \ ++ warnf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dprintk(fmt "\n", ## __VA_ARGS__); })) ++ ++#define nfs_fwarnf(fc, fac, fmt, ...) ((fc)->log.log ? \ ++ warnf(fc, fmt, ## __VA_ARGS__) : \ ++ ({ dfprintk(fac, fmt "\n", ## __VA_ARGS__); })) + + static inline struct nfs_fs_context *nfs_fc2context(const struct fs_context *fc) + { +--- a/fs/nfs/nfs4super.c ++++ b/fs/nfs/nfs4super.c +@@ -227,7 +227,7 @@ int nfs4_try_get_tree(struct fs_context + fc, ctx->nfs_server.hostname, + ctx->nfs_server.export_path); + if (err) { +- nfs_errorf(fc, "NFS4: Couldn't follow remote path"); ++ nfs_ferrorf(fc, MOUNT, "NFS4: Couldn't follow remote path"); + dfprintk(MOUNT, "<-- nfs4_try_get_tree() = %d [error]\n", err); + } else { + dfprintk(MOUNT, "<-- nfs4_try_get_tree() = 0\n"); +@@ -250,7 +250,7 @@ int nfs4_get_referral_tree(struct fs_con + fc, ctx->nfs_server.hostname, + ctx->nfs_server.export_path); + if (err) { +- nfs_errorf(fc, "NFS4: Couldn't follow remote path"); ++ nfs_ferrorf(fc, MOUNT, "NFS4: Couldn't follow remote path"); + dfprintk(MOUNT, "<-- nfs4_get_referral_tree() = %d [error]\n", err); + } else { + dfprintk(MOUNT, "<-- nfs4_get_referral_tree() = 0\n"); diff --git a/queue-5.10/nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch b/queue-5.10/nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch new file mode 100644 index 00000000000..38641001295 --- /dev/null +++ b/queue-5.10/nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch @@ -0,0 +1,53 @@ +From 113aac6d567bda783af36d08f73bfda47d8e9a40 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 10 Jan 2021 15:46:06 -0500 +Subject: NFS: nfs_delegation_find_inode_server must first reference the superblock + +From: Trond Myklebust + +commit 113aac6d567bda783af36d08f73bfda47d8e9a40 upstream. + +Before referencing the inode, we must ensure that the superblock can be +referenced. Otherwise, we can end up with iput() calling superblock +operations that are no longer valid or accessible. + +Fixes: e39d8a186ed0 ("NFSv4: Fix an Oops during delegation callbacks") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/delegation.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/nfs/delegation.c ++++ b/fs/nfs/delegation.c +@@ -1011,22 +1011,24 @@ nfs_delegation_find_inode_server(struct + const struct nfs_fh *fhandle) + { + struct nfs_delegation *delegation; +- struct inode *freeme, *res = NULL; ++ struct super_block *freeme = NULL; ++ struct inode *res = NULL; + + list_for_each_entry_rcu(delegation, &server->delegations, super_list) { + spin_lock(&delegation->lock); + if (delegation->inode != NULL && + !test_bit(NFS_DELEGATION_REVOKED, &delegation->flags) && + nfs_compare_fh(fhandle, &NFS_I(delegation->inode)->fh) == 0) { +- freeme = igrab(delegation->inode); +- if (freeme && nfs_sb_active(freeme->i_sb)) +- res = freeme; ++ if (nfs_sb_active(server->super)) { ++ freeme = server->super; ++ res = igrab(delegation->inode); ++ } + spin_unlock(&delegation->lock); + if (res != NULL) + return res; + if (freeme) { + rcu_read_unlock(); +- iput(freeme); ++ nfs_sb_deactive(freeme); + rcu_read_lock(); + } + return ERR_PTR(-EAGAIN); diff --git a/queue-5.10/nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch b/queue-5.10/nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch new file mode 100644 index 00000000000..adcd577980a --- /dev/null +++ b/queue-5.10/nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch @@ -0,0 +1,43 @@ +From 896567ee7f17a8a736cda8a28cc987228410a2ac Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Sun, 10 Jan 2021 15:58:08 -0500 +Subject: NFS: nfs_igrab_and_active must first reference the superblock + +From: Trond Myklebust + +commit 896567ee7f17a8a736cda8a28cc987228410a2ac upstream. + +Before referencing the inode, we must ensure that the superblock can be +referenced. Otherwise, we can end up with iput() calling superblock +operations that are no longer valid or accessible. + +Fixes: ea7c38fef0b7 ("NFSv4: Ensure we reference the inode for return-on-close in delegreturn") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/internal.h | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/fs/nfs/internal.h ++++ b/fs/nfs/internal.h +@@ -605,12 +605,14 @@ extern void nfs4_test_session_trunk(stru + + static inline struct inode *nfs_igrab_and_active(struct inode *inode) + { +- inode = igrab(inode); +- if (inode != NULL && !nfs_sb_active(inode->i_sb)) { +- iput(inode); +- inode = NULL; ++ struct super_block *sb = inode->i_sb; ++ ++ if (sb && nfs_sb_active(sb)) { ++ if (igrab(inode)) ++ return inode; ++ nfs_sb_deactive(sb); + } +- return inode; ++ return NULL; + } + + static inline void nfs_iput_and_deactive(struct inode *inode) diff --git a/queue-5.10/nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch b/queue-5.10/nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch new file mode 100644 index 00000000000..8fe006375be --- /dev/null +++ b/queue-5.10/nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch @@ -0,0 +1,52 @@ +From 1757655d780d9d29bc4b60e708342e94924f7ef3 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 6 Jan 2021 11:28:30 -0500 +Subject: NFS/pNFS: Don't call pnfs_free_bucket_lseg() before removing the request + +From: Trond Myklebust + +commit 1757655d780d9d29bc4b60e708342e94924f7ef3 upstream. + +In pnfs_generic_clear_request_commit(), we try calling +pnfs_free_bucket_lseg() before we remove the request from the DS bucket. +That will always fail, since the point is to test for whether or not +that bucket is empty. + +Fixes: c84bea59449a ("NFS/pNFS: Simplify bucket layout segment reference counting") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs_nfs.c | 14 +++++--------- + 1 file changed, 5 insertions(+), 9 deletions(-) + +--- a/fs/nfs/pnfs_nfs.c ++++ b/fs/nfs/pnfs_nfs.c +@@ -78,22 +78,18 @@ void + pnfs_generic_clear_request_commit(struct nfs_page *req, + struct nfs_commit_info *cinfo) + { +- struct pnfs_layout_segment *freeme = NULL; ++ struct pnfs_commit_bucket *bucket = NULL; + + if (!test_and_clear_bit(PG_COMMIT_TO_DS, &req->wb_flags)) + goto out; + cinfo->ds->nwritten--; +- if (list_is_singular(&req->wb_list)) { +- struct pnfs_commit_bucket *bucket; +- ++ if (list_is_singular(&req->wb_list)) + bucket = list_first_entry(&req->wb_list, +- struct pnfs_commit_bucket, +- written); +- freeme = pnfs_free_bucket_lseg(bucket); +- } ++ struct pnfs_commit_bucket, written); + out: + nfs_request_remove_commit_list(req, cinfo); +- pnfs_put_lseg(freeme); ++ if (bucket) ++ pnfs_put_lseg(pnfs_free_bucket_lseg(bucket)); + } + EXPORT_SYMBOL_GPL(pnfs_generic_clear_request_commit); + diff --git a/queue-5.10/nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch b/queue-5.10/nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch new file mode 100644 index 00000000000..515cd185129 --- /dev/null +++ b/queue-5.10/nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch @@ -0,0 +1,53 @@ +From 46c9ea1d4fee4cf1f8cc6001b9c14aae61b3d502 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 6 Jan 2021 11:54:57 -0500 +Subject: NFS/pNFS: Don't leak DS commits in pnfs_generic_retry_commit() + +From: Trond Myklebust + +commit 46c9ea1d4fee4cf1f8cc6001b9c14aae61b3d502 upstream. + +We must ensure that we pass a layout segment to nfs_retry_commit() when +we're cleaning up after pnfs_bucket_alloc_ds_commits(). Otherwise, +requests that should be committed to the DS will get committed to the +MDS. +Do so by ensuring that pnfs_bucket_get_committing() always tries to +return a layout segment when it returns a non-empty page list. + +Fixes: c84bea59449a ("NFS/pNFS: Simplify bucket layout segment reference counting") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs_nfs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/fs/nfs/pnfs_nfs.c ++++ b/fs/nfs/pnfs_nfs.c +@@ -403,12 +403,16 @@ pnfs_bucket_get_committing(struct list_h + struct pnfs_commit_bucket *bucket, + struct nfs_commit_info *cinfo) + { ++ struct pnfs_layout_segment *lseg; + struct list_head *pos; + + list_for_each(pos, &bucket->committing) + cinfo->ds->ncommitting--; + list_splice_init(&bucket->committing, head); +- return pnfs_free_bucket_lseg(bucket); ++ lseg = pnfs_free_bucket_lseg(bucket); ++ if (!lseg) ++ lseg = pnfs_get_lseg(bucket->lseg); ++ return lseg; + } + + static struct nfs_commit_data * +@@ -420,8 +424,6 @@ pnfs_bucket_fetch_commitdata(struct pnfs + if (!data) + return NULL; + data->lseg = pnfs_bucket_get_committing(&data->pages, bucket, cinfo); +- if (!data->lseg) +- data->lseg = pnfs_get_lseg(bucket->lseg); + return data; + } + diff --git a/queue-5.10/nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch b/queue-5.10/nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch new file mode 100644 index 00000000000..7f8c06c990f --- /dev/null +++ b/queue-5.10/nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch @@ -0,0 +1,30 @@ +From cb2856c5971723910a86b7d1d0cf623d6919cbc4 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Wed, 6 Jan 2021 14:13:22 -0500 +Subject: NFS/pNFS: Fix a leak of the layout 'plh_outstanding' counter + +From: Trond Myklebust + +commit cb2856c5971723910a86b7d1d0cf623d6919cbc4 upstream. + +If we exit _lgopen_prepare_attached() without setting a layout, we will +currently leak the plh_outstanding counter. + +Fixes: 411ae722d10a ("pNFS: Wait for stale layoutget calls to complete in pnfs_update_layout()") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -2245,6 +2245,7 @@ static void _lgopen_prepare_attached(str + &rng, GFP_KERNEL); + if (!lgp) { + pnfs_clear_first_layoutget(lo); ++ nfs_layoutget_end(lo); + pnfs_put_layout_hdr(lo); + return; + } diff --git a/queue-5.10/nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch b/queue-5.10/nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch new file mode 100644 index 00000000000..d3fea8f1c02 --- /dev/null +++ b/queue-5.10/nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch @@ -0,0 +1,34 @@ +From 3d1a90ab0ed93362ec8ac85cf291243c87260c21 Mon Sep 17 00:00:00 2001 +From: Dave Wysochanski +Date: Fri, 11 Dec 2020 05:12:51 -0500 +Subject: NFS4: Fix use-after-free in trace_event_raw_event_nfs4_set_lock + +From: Dave Wysochanski + +commit 3d1a90ab0ed93362ec8ac85cf291243c87260c21 upstream. + +It is only safe to call the tracepoint before rpc_put_task() because +'data' is freed inside nfs4_lock_release (rpc_release). + +Fixes: 48c9579a1afe ("Adding stateid information to tracepoints") +Signed-off-by: Dave Wysochanski +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -7106,9 +7106,9 @@ static int _nfs4_do_setlk(struct nfs4_st + data->arg.new_lock_owner, ret); + } else + data->cancelled = true; ++ trace_nfs4_set_lock(fl, state, &data->res.stateid, cmd, ret); + rpc_put_task(task); + dprintk("%s: done, ret = %d!\n", __func__, ret); +- trace_nfs4_set_lock(fl, state, &data->res.stateid, cmd, ret); + return ret; + } + diff --git a/queue-5.10/nvme-don-t-intialize-hwmon-for-discovery-controllers.patch b/queue-5.10/nvme-don-t-intialize-hwmon-for-discovery-controllers.patch new file mode 100644 index 00000000000..3a4d956e01b --- /dev/null +++ b/queue-5.10/nvme-don-t-intialize-hwmon-for-discovery-controllers.patch @@ -0,0 +1,69 @@ +From 5ab25a32cd90ce561ac28b9302766e565d61304c Mon Sep 17 00:00:00 2001 +From: Sagi Grimberg +Date: Wed, 13 Jan 2021 16:00:22 -0800 +Subject: nvme: don't intialize hwmon for discovery controllers + +From: Sagi Grimberg + +commit 5ab25a32cd90ce561ac28b9302766e565d61304c upstream. + +Discovery controllers usually don't support smart log page command. +So when we connect to the discovery controller we see this warning: +nvme nvme0: Failed to read smart log (error 24577) +nvme nvme0: new ctrl: NQN "nqn.2014-08.org.nvmexpress.discovery", addr 192.168.123.1:8009 +nvme nvme0: Removing ctrl: NQN "nqn.2014-08.org.nvmexpress.discovery" + +Introduce a new helper to understand if the controller is a discovery +controller and use this helper to skip nvme_init_hwmon (also use it in +other places that we check if the controller is a discovery controller). + +Fixes: 400b6a7b13a3 ("nvme: Add hardware monitoring support") +Signed-off-by: Sagi Grimberg +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/host/core.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -2802,6 +2802,11 @@ static const struct attribute_group *nvm + NULL, + }; + ++static inline bool nvme_discovery_ctrl(struct nvme_ctrl *ctrl) ++{ ++ return ctrl->opts && ctrl->opts->discovery_nqn; ++} ++ + static bool nvme_validate_cntlid(struct nvme_subsystem *subsys, + struct nvme_ctrl *ctrl, struct nvme_id_ctrl *id) + { +@@ -2821,7 +2826,7 @@ static bool nvme_validate_cntlid(struct + } + + if ((id->cmic & NVME_CTRL_CMIC_MULTI_CTRL) || +- (ctrl->opts && ctrl->opts->discovery_nqn)) ++ nvme_discovery_ctrl(ctrl)) + continue; + + dev_err(ctrl->device, +@@ -3090,7 +3095,7 @@ int nvme_init_identify(struct nvme_ctrl + goto out_free; + } + +- if (!ctrl->opts->discovery_nqn && !ctrl->kas) { ++ if (!nvme_discovery_ctrl(ctrl) && !ctrl->kas) { + dev_err(ctrl->device, + "keep-alive support is mandatory for fabrics\n"); + ret = -EINVAL; +@@ -3130,7 +3135,7 @@ int nvme_init_identify(struct nvme_ctrl + if (ret < 0) + return ret; + +- if (!ctrl->identified) { ++ if (!ctrl->identified && !nvme_discovery_ctrl(ctrl)) { + ret = nvme_hwmon_init(ctrl); + if (ret < 0) + return ret; diff --git a/queue-5.10/nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch b/queue-5.10/nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch new file mode 100644 index 00000000000..466642b5048 --- /dev/null +++ b/queue-5.10/nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch @@ -0,0 +1,42 @@ +From ca1ff67d0fb14f39cf0cc5102b1fbcc3b14f6fb9 Mon Sep 17 00:00:00 2001 +From: Sagi Grimberg +Date: Wed, 13 Jan 2021 13:56:57 -0800 +Subject: nvme-tcp: fix possible data corruption with bio merges + +From: Sagi Grimberg + +commit ca1ff67d0fb14f39cf0cc5102b1fbcc3b14f6fb9 upstream. + +When a bio merges, we can get a request that spans multiple +bios, and the overall request payload size is the sum of +all bios. When we calculate how much we need to send +from the existing bio (and bvec), we did not take into +account the iov_iter byte count cap. + +Since multipage bvecs support, bvecs can split in the middle +which means that when we account for the last bvec send we +should also take the iov_iter byte count cap as it might be +lower than the last bvec size. + +Reported-by: Hao Wang +Fixes: 3f2304f8c6d6 ("nvme-tcp: add NVMe over TCP host driver") +Tested-by: Hao Wang +Signed-off-by: Sagi Grimberg +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/host/tcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvme/host/tcp.c ++++ b/drivers/nvme/host/tcp.c +@@ -201,7 +201,7 @@ static inline size_t nvme_tcp_req_cur_of + + static inline size_t nvme_tcp_req_cur_length(struct nvme_tcp_request *req) + { +- return min_t(size_t, req->iter.bvec->bv_len - req->iter.iov_offset, ++ return min_t(size_t, iov_iter_single_seg_count(&req->iter), + req->pdu_len - req->pdu_sent); + } + diff --git a/queue-5.10/nvme-tcp-fix-warning-with-config_debug_preempt.patch b/queue-5.10/nvme-tcp-fix-warning-with-config_debug_preempt.patch new file mode 100644 index 00000000000..5f6cccb14be --- /dev/null +++ b/queue-5.10/nvme-tcp-fix-warning-with-config_debug_preempt.patch @@ -0,0 +1,35 @@ +From ada831772188192243f9ea437c46e37e97a5975d Mon Sep 17 00:00:00 2001 +From: Sagi Grimberg +Date: Wed, 13 Jan 2021 14:03:04 -0800 +Subject: nvme-tcp: Fix warning with CONFIG_DEBUG_PREEMPT + +From: Sagi Grimberg + +commit ada831772188192243f9ea437c46e37e97a5975d upstream. + +We shouldn't call smp_processor_id() in a preemptible +context, but this is advisory at best, so instead +call __smp_processor_id(). + +Fixes: db5ad6b7f8cd ("nvme-tcp: try to send request in queue_rq context") +Reported-by: Or Gerlitz +Reported-by: Yi Zhang +Signed-off-by: Sagi Grimberg +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/host/tcp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/nvme/host/tcp.c ++++ b/drivers/nvme/host/tcp.c +@@ -286,7 +286,7 @@ static inline void nvme_tcp_queue_reques + * directly, otherwise queue io_work. Also, only do that if we + * are on the same cpu, so we don't introduce contention. + */ +- if (queue->io_cpu == smp_processor_id() && ++ if (queue->io_cpu == __smp_processor_id() && + sync && empty && mutex_trylock(&queue->send_mutex)) { + queue->more_requests = !last; + nvme_tcp_send_all(queue); diff --git a/queue-5.10/nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch b/queue-5.10/nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch new file mode 100644 index 00000000000..c6d97c94a11 --- /dev/null +++ b/queue-5.10/nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch @@ -0,0 +1,57 @@ +From 7a84665619bb5da8c8b6517157875a1fd7632014 Mon Sep 17 00:00:00 2001 +From: Israel Rukshin +Date: Sun, 10 Jan 2021 14:09:05 +0200 +Subject: nvmet-rdma: Fix NULL deref when setting pi_enable and traddr INADDR_ANY + +From: Israel Rukshin + +commit 7a84665619bb5da8c8b6517157875a1fd7632014 upstream. + +When setting port traddr to INADDR_ANY, the listening cm_id->device +is NULL. The associate IB device is known only when a connect request +event arrives, so checking T10-PI device capability should be done +at this stage. + +Fixes: b09160c3996c ("nvmet-rdma: add metadata/T10-PI support") +Signed-off-by: Israel Rukshin +Reviewed-by: Sagi Grimberg +Reviewed-by: Max Gurtovoy +Signed-off-by: Christoph Hellwig +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/nvme/target/rdma.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/nvme/target/rdma.c ++++ b/drivers/nvme/target/rdma.c +@@ -1220,6 +1220,14 @@ nvmet_rdma_find_get_device(struct rdma_c + } + ndev->inline_data_size = nport->inline_data_size; + ndev->inline_page_count = inline_page_count; ++ ++ if (nport->pi_enable && !(cm_id->device->attrs.device_cap_flags & ++ IB_DEVICE_INTEGRITY_HANDOVER)) { ++ pr_warn("T10-PI is not supported by device %s. Disabling it\n", ++ cm_id->device->name); ++ nport->pi_enable = false; ++ } ++ + ndev->device = cm_id->device; + kref_init(&ndev->ref); + +@@ -1855,14 +1863,6 @@ static int nvmet_rdma_enable_port(struct + goto out_destroy_id; + } + +- if (port->nport->pi_enable && +- !(cm_id->device->attrs.device_cap_flags & +- IB_DEVICE_INTEGRITY_HANDOVER)) { +- pr_err("T10-PI is not supported for %pISpcs\n", addr); +- ret = -EINVAL; +- goto out_destroy_id; +- } +- + port->cm_id = cm_id; + return 0; + diff --git a/queue-5.10/perf-intel-pt-fix-cpu-too-large-error.patch b/queue-5.10/perf-intel-pt-fix-cpu-too-large-error.patch new file mode 100644 index 00000000000..f71fc5ad61c --- /dev/null +++ b/queue-5.10/perf-intel-pt-fix-cpu-too-large-error.patch @@ -0,0 +1,75 @@ +From 5501e9229a80d95a1ea68609f44c447a75d23ed5 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Thu, 7 Jan 2021 19:41:59 +0200 +Subject: perf intel-pt: Fix 'CPU too large' error + +From: Adrian Hunter + +commit 5501e9229a80d95a1ea68609f44c447a75d23ed5 upstream. + +In some cases, the number of cpus (nr_cpus_online) is confused with the +maximum cpu number (nr_cpus_avail), which results in the error in the +example below: + +Example on system with 8 cpus: + + Before: + # echo 0 > /sys/devices/system/cpu/cpu2/online + # ./perf record --kcore -e intel_pt// taskset --cpu-list 7 uname + Linux + [ perf record: Woken up 1 times to write data ] + [ perf record: Captured and wrote 0.147 MB perf.data ] + # ./perf script --itrace=e + Requested CPU 7 too large. Consider raising MAX_NR_CPUS + 0x25908 [0x8]: failed to process type: 68 [Invalid argument] + + After: + # ./perf script --itrace=e + # + +Fixes: 8c7274691f0d ("perf machine: Replace MAX_NR_CPUS with perf_env::nr_cpus_online") +Fixes: 7df4e36a4785 ("perf session: Replace MAX_NR_CPUS with perf_env::nr_cpus_online") +Signed-off-by: Adrian Hunter +Tested-by: Kan Liang +Cc: Jiri Olsa +Cc: stable@vger.kernel.org +Link: http://lore.kernel.org/lkml/20210107174159.24897-1-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman + +--- + tools/perf/util/machine.c | 4 ++-- + tools/perf/util/session.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +--- a/tools/perf/util/machine.c ++++ b/tools/perf/util/machine.c +@@ -2973,7 +2973,7 @@ int machines__for_each_thread(struct mac + + pid_t machine__get_current_tid(struct machine *machine, int cpu) + { +- int nr_cpus = min(machine->env->nr_cpus_online, MAX_NR_CPUS); ++ int nr_cpus = min(machine->env->nr_cpus_avail, MAX_NR_CPUS); + + if (cpu < 0 || cpu >= nr_cpus || !machine->current_tid) + return -1; +@@ -2985,7 +2985,7 @@ int machine__set_current_tid(struct mach + pid_t tid) + { + struct thread *thread; +- int nr_cpus = min(machine->env->nr_cpus_online, MAX_NR_CPUS); ++ int nr_cpus = min(machine->env->nr_cpus_avail, MAX_NR_CPUS); + + if (cpu < 0) + return -EINVAL; +--- a/tools/perf/util/session.c ++++ b/tools/perf/util/session.c +@@ -2397,7 +2397,7 @@ int perf_session__cpu_bitmap(struct perf + { + int i, err = -1; + struct perf_cpu_map *map; +- int nr_cpus = min(session->header.env.nr_cpus_online, MAX_NR_CPUS); ++ int nr_cpus = min(session->header.env.nr_cpus_avail, MAX_NR_CPUS); + + for (i = 0; i < PERF_TYPE_MAX; ++i) { + struct evsel *evsel; diff --git a/queue-5.10/pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch b/queue-5.10/pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch new file mode 100644 index 00000000000..70887294b08 --- /dev/null +++ b/queue-5.10/pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch @@ -0,0 +1,41 @@ +From 67bbceedc9bb8ad48993a8bd6486054756d711f4 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 4 Jan 2021 13:35:46 -0500 +Subject: pNFS: Mark layout for return if return-on-close was not sent + +From: Trond Myklebust + +commit 67bbceedc9bb8ad48993a8bd6486054756d711f4 upstream. + +If the layout return-on-close failed because the layoutreturn was never +sent, then we should mark the layout for return again. + +Fixes: 9c47b18cf722 ("pNFS: Ensure we do clear the return-on-close layout stateid on fatal errors") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -1558,12 +1558,18 @@ void pnfs_roc_release(struct nfs4_layout + int ret) + { + struct pnfs_layout_hdr *lo = args->layout; ++ struct inode *inode = args->inode; + const nfs4_stateid *arg_stateid = NULL; + const nfs4_stateid *res_stateid = NULL; + struct nfs4_xdr_opaque_data *ld_private = args->ld_private; + + switch (ret) { + case -NFS4ERR_NOMATCHING_LAYOUT: ++ spin_lock(&inode->i_lock); ++ if (pnfs_layout_is_valid(lo) && ++ nfs4_stateid_match_other(&args->stateid, &lo->plh_stateid)) ++ pnfs_set_plh_return_info(lo, args->range.iomode, 0); ++ spin_unlock(&inode->i_lock); + break; + case 0: + if (res->lrs_present) diff --git a/queue-5.10/pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch b/queue-5.10/pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch new file mode 100644 index 00000000000..d436c58c728 --- /dev/null +++ b/queue-5.10/pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch @@ -0,0 +1,79 @@ +From 2c8d5fc37fe2384a9bdb6965443ab9224d46f704 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 5 Jan 2021 06:43:45 -0500 +Subject: pNFS: Stricter ordering of layoutget and layoutreturn + +From: Trond Myklebust + +commit 2c8d5fc37fe2384a9bdb6965443ab9224d46f704 upstream. + +If a layout return is in progress, we should wait for it to complete, +in case the layout segment we are picking up gets returned too. + +Fixes: 30cb3ee299cb ("pNFS: Handle NFS4ERR_OLD_STATEID on layoutreturn by bumping the state seqid") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/pnfs.c | 43 +++++++++++++++++++++---------------------- + 1 file changed, 21 insertions(+), 22 deletions(-) + +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -2019,6 +2019,27 @@ lookup_again: + goto lookup_again; + } + ++ /* ++ * Because we free lsegs when sending LAYOUTRETURN, we need to wait ++ * for LAYOUTRETURN. ++ */ ++ if (test_bit(NFS_LAYOUT_RETURN, &lo->plh_flags)) { ++ spin_unlock(&ino->i_lock); ++ dprintk("%s wait for layoutreturn\n", __func__); ++ lseg = ERR_PTR(pnfs_prepare_to_retry_layoutget(lo)); ++ if (!IS_ERR(lseg)) { ++ pnfs_put_layout_hdr(lo); ++ dprintk("%s retrying\n", __func__); ++ trace_pnfs_update_layout(ino, pos, count, iomode, lo, ++ lseg, ++ PNFS_UPDATE_LAYOUT_RETRY); ++ goto lookup_again; ++ } ++ trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg, ++ PNFS_UPDATE_LAYOUT_RETURN); ++ goto out_put_layout_hdr; ++ } ++ + lseg = pnfs_find_lseg(lo, &arg, strict_iomode); + if (lseg) { + trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg, +@@ -2071,28 +2092,6 @@ lookup_again: + nfs4_stateid_copy(&stateid, &lo->plh_stateid); + } + +- /* +- * Because we free lsegs before sending LAYOUTRETURN, we need to wait +- * for LAYOUTRETURN even if first is true. +- */ +- if (test_bit(NFS_LAYOUT_RETURN, &lo->plh_flags)) { +- spin_unlock(&ino->i_lock); +- dprintk("%s wait for layoutreturn\n", __func__); +- lseg = ERR_PTR(pnfs_prepare_to_retry_layoutget(lo)); +- if (!IS_ERR(lseg)) { +- if (first) +- pnfs_clear_first_layoutget(lo); +- pnfs_put_layout_hdr(lo); +- dprintk("%s retrying\n", __func__); +- trace_pnfs_update_layout(ino, pos, count, iomode, lo, +- lseg, PNFS_UPDATE_LAYOUT_RETRY); +- goto lookup_again; +- } +- trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg, +- PNFS_UPDATE_LAYOUT_RETURN); +- goto out_put_layout_hdr; +- } +- + if (pnfs_layoutgets_blocked(lo)) { + trace_pnfs_update_layout(ino, pos, count, iomode, lo, lseg, + PNFS_UPDATE_LAYOUT_BLOCKED); diff --git a/queue-5.10/pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch b/queue-5.10/pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch new file mode 100644 index 00000000000..3c8521023b1 --- /dev/null +++ b/queue-5.10/pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch @@ -0,0 +1,132 @@ +From 078000d02d57f02dde61de4901f289672e98c8bc Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Mon, 4 Jan 2021 13:18:03 -0500 +Subject: pNFS: We want return-on-close to complete when evicting the inode + +From: Trond Myklebust + +commit 078000d02d57f02dde61de4901f289672e98c8bc upstream. + +If the inode is being evicted, it should be safe to run return-on-close, +so we should do it to ensure we don't inadvertently leak layout segments. + +Fixes: 1c5bd76d17cc ("pNFS: Enable layoutreturn operation for return-on-close") +Signed-off-by: Trond Myklebust +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfs/nfs4proc.c | 26 ++++++++++---------------- + fs/nfs/pnfs.c | 8 +++----- + fs/nfs/pnfs.h | 8 +++----- + 3 files changed, 16 insertions(+), 26 deletions(-) + +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -3534,10 +3534,8 @@ static void nfs4_close_done(struct rpc_t + trace_nfs4_close(state, &calldata->arg, &calldata->res, task->tk_status); + + /* Handle Layoutreturn errors */ +- if (pnfs_roc_done(task, calldata->inode, +- &calldata->arg.lr_args, +- &calldata->res.lr_res, +- &calldata->res.lr_ret) == -EAGAIN) ++ if (pnfs_roc_done(task, &calldata->arg.lr_args, &calldata->res.lr_res, ++ &calldata->res.lr_ret) == -EAGAIN) + goto out_restart; + + /* hmm. we are done with the inode, and in the process of freeing +@@ -6379,10 +6377,8 @@ static void nfs4_delegreturn_done(struct + trace_nfs4_delegreturn_exit(&data->args, &data->res, task->tk_status); + + /* Handle Layoutreturn errors */ +- if (pnfs_roc_done(task, data->inode, +- &data->args.lr_args, +- &data->res.lr_res, +- &data->res.lr_ret) == -EAGAIN) ++ if (pnfs_roc_done(task, &data->args.lr_args, &data->res.lr_res, ++ &data->res.lr_ret) == -EAGAIN) + goto out_restart; + + switch (task->tk_status) { +@@ -6436,10 +6432,10 @@ static void nfs4_delegreturn_release(voi + struct nfs4_delegreturndata *data = calldata; + struct inode *inode = data->inode; + ++ if (data->lr.roc) ++ pnfs_roc_release(&data->lr.arg, &data->lr.res, ++ data->res.lr_ret); + if (inode) { +- if (data->lr.roc) +- pnfs_roc_release(&data->lr.arg, &data->lr.res, +- data->res.lr_ret); + nfs_post_op_update_inode_force_wcc(inode, &data->fattr); + nfs_iput_and_deactive(inode); + } +@@ -6515,16 +6511,14 @@ static int _nfs4_proc_delegreturn(struct + nfs_fattr_init(data->res.fattr); + data->timestamp = jiffies; + data->rpc_status = 0; +- data->lr.roc = pnfs_roc(inode, &data->lr.arg, &data->lr.res, cred); + data->inode = nfs_igrab_and_active(inode); +- if (data->inode) { ++ if (data->inode || issync) { ++ data->lr.roc = pnfs_roc(inode, &data->lr.arg, &data->lr.res, ++ cred); + if (data->lr.roc) { + data->args.lr_args = &data->lr.arg; + data->res.lr_res = &data->lr.res; + } +- } else if (data->lr.roc) { +- pnfs_roc_release(&data->lr.arg, &data->lr.res, 0); +- data->lr.roc = false; + } + + task_setup_data.callback_data = data; +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -1509,10 +1509,8 @@ out_noroc: + return false; + } + +-int pnfs_roc_done(struct rpc_task *task, struct inode *inode, +- struct nfs4_layoutreturn_args **argpp, +- struct nfs4_layoutreturn_res **respp, +- int *ret) ++int pnfs_roc_done(struct rpc_task *task, struct nfs4_layoutreturn_args **argpp, ++ struct nfs4_layoutreturn_res **respp, int *ret) + { + struct nfs4_layoutreturn_args *arg = *argpp; + int retval = -EAGAIN; +@@ -1545,7 +1543,7 @@ int pnfs_roc_done(struct rpc_task *task, + return 0; + case -NFS4ERR_OLD_STATEID: + if (!nfs4_layout_refresh_old_stateid(&arg->stateid, +- &arg->range, inode)) ++ &arg->range, arg->inode)) + break; + *ret = -NFS4ERR_NOMATCHING_LAYOUT; + return -EAGAIN; +--- a/fs/nfs/pnfs.h ++++ b/fs/nfs/pnfs.h +@@ -295,10 +295,8 @@ bool pnfs_roc(struct inode *ino, + struct nfs4_layoutreturn_args *args, + struct nfs4_layoutreturn_res *res, + const struct cred *cred); +-int pnfs_roc_done(struct rpc_task *task, struct inode *inode, +- struct nfs4_layoutreturn_args **argpp, +- struct nfs4_layoutreturn_res **respp, +- int *ret); ++int pnfs_roc_done(struct rpc_task *task, struct nfs4_layoutreturn_args **argpp, ++ struct nfs4_layoutreturn_res **respp, int *ret); + void pnfs_roc_release(struct nfs4_layoutreturn_args *args, + struct nfs4_layoutreturn_res *res, + int ret); +@@ -770,7 +768,7 @@ pnfs_roc(struct inode *ino, + } + + static inline int +-pnfs_roc_done(struct rpc_task *task, struct inode *inode, ++pnfs_roc_done(struct rpc_task *task, + struct nfs4_layoutreturn_args **argpp, + struct nfs4_layoutreturn_res **respp, + int *ret) diff --git a/queue-5.10/rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch b/queue-5.10/rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch new file mode 100644 index 00000000000..f088de46d54 --- /dev/null +++ b/queue-5.10/rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch @@ -0,0 +1,36 @@ +From 1c3aa6bd0b823105c2030af85d92d158e815d669 Mon Sep 17 00:00:00 2001 +From: Mark Bloch +Date: Wed, 13 Jan 2021 14:17:03 +0200 +Subject: RDMA/mlx5: Fix wrong free of blue flame register on error + +From: Mark Bloch + +commit 1c3aa6bd0b823105c2030af85d92d158e815d669 upstream. + +If the allocation of the fast path blue flame register fails, the driver +should free the regular blue flame register allocated a statement above, +not the one that it just failed to allocate. + +Fixes: 16c1975f1032 ("IB/mlx5: Create profile infrastructure to add and remove stages") +Link: https://lore.kernel.org/r/20210113121703.559778-6-leon@kernel.org +Reported-by: Hans Petter Selasky +Signed-off-by: Mark Bloch +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/mlx5/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/hw/mlx5/main.c ++++ b/drivers/infiniband/hw/mlx5/main.c +@@ -4362,7 +4362,7 @@ static int mlx5_ib_stage_bfrag_init(stru + + err = mlx5_alloc_bfreg(dev->mdev, &dev->fp_bfreg, false, true); + if (err) +- mlx5_free_bfreg(dev->mdev, &dev->fp_bfreg); ++ mlx5_free_bfreg(dev->mdev, &dev->bfreg); + + return err; + } diff --git a/queue-5.10/rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch b/queue-5.10/rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch new file mode 100644 index 00000000000..9876c05f8bb --- /dev/null +++ b/queue-5.10/rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch @@ -0,0 +1,37 @@ +From 3c638cdb8ecc0442552156e0fed8708dd2c7f35b Mon Sep 17 00:00:00 2001 +From: Leon Romanovsky +Date: Wed, 16 Dec 2020 12:07:53 +0200 +Subject: RDMA/restrack: Don't treat as an error allocation ID wrapping + +From: Leon Romanovsky + +commit 3c638cdb8ecc0442552156e0fed8708dd2c7f35b upstream. + +xa_alloc_cyclic() call returns positive number if ID allocation +succeeded but wrapped. It is not an error, so normalize the "ret" +variable to zero as marker of not-an-error. + + drivers/infiniband/core/restrack.c:261 rdma_restrack_add() + warn: 'ret' can be either negative or positive + +Fixes: fd47c2f99f04 ("RDMA/restrack: Convert internal DB from hash to XArray") +Link: https://lore.kernel.org/r/20201216100753.1127638-1-leon@kernel.org +Reported-by: Dan Carpenter +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/restrack.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/infiniband/core/restrack.c ++++ b/drivers/infiniband/core/restrack.c +@@ -244,6 +244,7 @@ void rdma_restrack_add(struct rdma_restr + } else { + ret = xa_alloc_cyclic(&rt->xa, &res->id, res, xa_limit_32b, + &rt->next_id, GFP_KERNEL); ++ ret = (ret < 0) ? ret : 0; + } + + if (!ret) diff --git a/queue-5.10/rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch b/queue-5.10/rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch new file mode 100644 index 00000000000..67a235dba2d --- /dev/null +++ b/queue-5.10/rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch @@ -0,0 +1,42 @@ +From a306aba9c8d869b1fdfc8ad9237f1ed718ea55e6 Mon Sep 17 00:00:00 2001 +From: Dinghao Liu +Date: Sat, 26 Dec 2020 15:42:48 +0800 +Subject: RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp + +From: Dinghao Liu + +commit a306aba9c8d869b1fdfc8ad9237f1ed718ea55e6 upstream. + +If usnic_ib_qp_grp_create() fails at the first call, dev_list +will not be freed on error, which leads to memleak. + +Fixes: e3cf00d0a87f ("IB/usnic: Add Cisco VIC low-level hardware driver") +Link: https://lore.kernel.org/r/20201226074248.2893-1-dinghao.liu@zju.edu.cn +Signed-off-by: Dinghao Liu +Reviewed-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/infiniband/hw/usnic/usnic_ib_verbs.c ++++ b/drivers/infiniband/hw/usnic/usnic_ib_verbs.c +@@ -214,6 +214,7 @@ find_free_vf_and_create_qp_grp(struct us + + } + usnic_uiom_free_dev_list(dev_list); ++ dev_list = NULL; + } + + /* Try to find resources on an unused vf */ +@@ -239,6 +240,8 @@ find_free_vf_and_create_qp_grp(struct us + qp_grp_check: + if (IS_ERR_OR_NULL(qp_grp)) { + usnic_err("Failed to allocate qp_grp\n"); ++ if (usnic_ib_share_vf) ++ usnic_uiom_free_dev_list(dev_list); + return ERR_PTR(qp_grp ? PTR_ERR(qp_grp) : -ENOMEM); + } + return qp_grp; diff --git a/queue-5.10/riscv-trace-irq-on-only-interrupt-is-enabled.patch b/queue-5.10/riscv-trace-irq-on-only-interrupt-is-enabled.patch new file mode 100644 index 00000000000..cce8014c31e --- /dev/null +++ b/queue-5.10/riscv-trace-irq-on-only-interrupt-is-enabled.patch @@ -0,0 +1,61 @@ +From 7cd1af107a92eb63b93a96dc07406dcbc5269436 Mon Sep 17 00:00:00 2001 +From: Atish Patra +Date: Fri, 18 Dec 2020 16:20:51 -0800 +Subject: riscv: Trace irq on only interrupt is enabled + +From: Atish Patra + +commit 7cd1af107a92eb63b93a96dc07406dcbc5269436 upstream. + +We should call irq trace only if interrupt is going to be enabled during +excecption handling. Otherwise, it results in following warning during +boot with lock debugging enabled. + +[ 0.000000] ------------[ cut here ]------------ +[ 0.000000] DEBUG_LOCKS_WARN_ON(early_boot_irqs_disabled) +[ 0.000000] WARNING: CPU: 0 PID: 0 at kernel/locking/lockdep.c:4085 lockdep_hardirqs_on_prepare+0x22a/0x22e +[ 0.000000] Modules linked in: +[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.10.0-00022-ge20097fb37e2-dirty #548 +[ 0.000000] epc: c005d5d4 ra : c005d5d4 sp : c1c01e80 +[ 0.000000] gp : c1d456e0 tp : c1c0a980 t0 : 00000000 +[ 0.000000] t1 : ffffffff t2 : 00000000 s0 : c1c01ea0 +[ 0.000000] s1 : c100f360 a0 : 0000002d a1 : c00666ee +[ 0.000000] a2 : 00000000 a3 : 00000000 a4 : 00000000 +[ 0.000000] a5 : 00000000 a6 : c1c6b390 a7 : 3ffff00e +[ 0.000000] s2 : c2384fe8 s3 : 00000000 s4 : 00000001 +[ 0.000000] s5 : c1c0a980 s6 : c1d48000 s7 : c1613b4c +[ 0.000000] s8 : 00000fff s9 : 80000200 s10: c1613b40 +[ 0.000000] s11: 00000000 t3 : 00000000 t4 : 00000000 +[ 0.000000] t5 : 00000001 t6 : 00000000 + +Fixes: 3c4697982982 ("riscv:Enable LOCKDEP_SUPPORT & fixup TRACE_IRQFLAGS_SUPPORT") + +Signed-off-by: Atish Patra +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman + +--- + arch/riscv/kernel/entry.S | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/riscv/kernel/entry.S ++++ b/arch/riscv/kernel/entry.S +@@ -124,15 +124,15 @@ skip_context_tracking: + REG_L a1, (a1) + jr a1 + 1: +-#ifdef CONFIG_TRACE_IRQFLAGS +- call trace_hardirqs_on +-#endif + /* + * Exceptions run with interrupts enabled or disabled depending on the + * state of SR_PIE in m/sstatus. + */ + andi t0, s1, SR_PIE + beqz t0, 1f ++#ifdef CONFIG_TRACE_IRQFLAGS ++ call trace_hardirqs_on ++#endif + csrs CSR_STATUS, SR_IE + + 1: diff --git a/queue-5.10/scsi-ufs-fix-possible-power-drain-during-system-suspend.patch b/queue-5.10/scsi-ufs-fix-possible-power-drain-during-system-suspend.patch new file mode 100644 index 00000000000..331f39f0688 --- /dev/null +++ b/queue-5.10/scsi-ufs-fix-possible-power-drain-during-system-suspend.patch @@ -0,0 +1,52 @@ +From 1d53864c3617f5235f891ca0fbe9347c4cd35d46 Mon Sep 17 00:00:00 2001 +From: Stanley Chu +Date: Tue, 22 Dec 2020 15:29:04 +0800 +Subject: scsi: ufs: Fix possible power drain during system suspend + +From: Stanley Chu + +commit 1d53864c3617f5235f891ca0fbe9347c4cd35d46 upstream. + +Currently if device needs to do flush or BKOP operations, the device VCC +power is kept during runtime-suspend period. + +However, if system suspend is happening while device is runtime-suspended, +such power may not be disabled successfully. + +The reasons may be, + +1. If current PM level is the same as SPM level, device will keep + runtime-suspended by ufshcd_system_suspend(). + +2. Flush recheck work may not be scheduled successfully during system + suspend period. If it can wake up the system, this is also not the + intention of the recheck work. + +To fix this issue, simply runtime-resume the device if the flush is allowed +during runtime suspend period. Flush capability will be disabled while +leaving runtime suspend, and also not be allowed in system suspend period. + +Link: https://lore.kernel.org/r/20201222072905.32221-2-stanley.chu@mediatek.com +Fixes: 51dd905bd2f6 ("scsi: ufs: Fix WriteBooster flush during runtime suspend") +Reviewed-by: Chaotian Jing +Reviewed-by: Can Guo +Signed-off-by: Stanley Chu +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/ufs/ufshcd.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -8818,7 +8818,8 @@ int ufshcd_system_suspend(struct ufs_hba + if ((ufs_get_pm_lvl_to_dev_pwr_mode(hba->spm_lvl) == + hba->curr_dev_pwr_mode) && + (ufs_get_pm_lvl_to_link_pwr_state(hba->spm_lvl) == +- hba->uic_link_state)) ++ hba->uic_link_state) && ++ !hba->dev_info.b_rpm_dev_flush_capable) + goto out; + + if (pm_runtime_suspended(hba->dev)) { diff --git a/queue-5.10/selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch b/queue-5.10/selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch new file mode 100644 index 00000000000..dc88e10c35a --- /dev/null +++ b/queue-5.10/selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch @@ -0,0 +1,72 @@ +From fab336b42441e0b2eb1d81becedb45fbdf99606e Mon Sep 17 00:00:00 2001 +From: Chen Yi +Date: Tue, 5 Jan 2021 23:31:20 +0800 +Subject: selftests: netfilter: Pass family parameter "-f" to conntrack tool + +From: Chen Yi + +commit fab336b42441e0b2eb1d81becedb45fbdf99606e upstream. + +Fix nft_conntrack_helper.sh false fail report: + +1) Conntrack tool need "-f ipv6" parameter to show out ipv6 traffic items. + +2) Sleep 1 second after background nc send packet, to make sure check +is after this statement executed. + +False report: +FAIL: ns1-lkjUemYw did not show attached helper ip set via ruleset +PASS: ns1-lkjUemYw connection on port 2121 has ftp helper attached +... + +After fix: +PASS: ns1-2hUniwU2 connection on port 2121 has ftp helper attached +PASS: ns2-2hUniwU2 connection on port 2121 has ftp helper attached +... + +Fixes: 619ae8e0697a6 ("selftests: netfilter: add test case for conntrack helper assignment") +Signed-off-by: Chen Yi +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman + +--- + tools/testing/selftests/netfilter/nft_conntrack_helper.sh | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +--- a/tools/testing/selftests/netfilter/nft_conntrack_helper.sh ++++ b/tools/testing/selftests/netfilter/nft_conntrack_helper.sh +@@ -94,7 +94,13 @@ check_for_helper() + local message=$2 + local port=$3 + +- ip netns exec ${netns} conntrack -L -p tcp --dport $port 2> /dev/null |grep -q 'helper=ftp' ++ if echo $message |grep -q 'ipv6';then ++ local family="ipv6" ++ else ++ local family="ipv4" ++ fi ++ ++ ip netns exec ${netns} conntrack -L -f $family -p tcp --dport $port 2> /dev/null |grep -q 'helper=ftp' + if [ $? -ne 0 ] ; then + echo "FAIL: ${netns} did not show attached helper $message" 1>&2 + ret=1 +@@ -111,8 +117,8 @@ test_helper() + + sleep 3 | ip netns exec ${ns2} nc -w 2 -l -p $port > /dev/null & + +- sleep 1 + sleep 1 | ip netns exec ${ns1} nc -w 2 10.0.1.2 $port > /dev/null & ++ sleep 1 + + check_for_helper "$ns1" "ip $msg" $port + check_for_helper "$ns2" "ip $msg" $port +@@ -128,8 +134,8 @@ test_helper() + + sleep 3 | ip netns exec ${ns2} nc -w 2 -6 -l -p $port > /dev/null & + +- sleep 1 + sleep 1 | ip netns exec ${ns1} nc -w 2 -6 dead:1::2 $port > /dev/null & ++ sleep 1 + + check_for_helper "$ns1" "ipv6 $msg" $port + check_for_helper "$ns2" "ipv6 $msg" $port diff --git a/queue-5.10/series b/queue-5.10/series index d0e8f4caec9..ff99c8a9cd8 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -109,3 +109,44 @@ blk-mq-debugfs-add-decode-for-blk_mq_f_tag_hctx_shar.patch mm-fix-clear_refs_write-locking.patch mm-don-t-play-games-with-pinned-pages-in-clear_page_.patch mm-don-t-put-pinned-pages-into-the-swap-cache.patch +perf-intel-pt-fix-cpu-too-large-error.patch +dump_common_audit_data-fix-racy-accesses-to-d_name.patch +asoc-meson-axg-tdm-interface-fix-loopback.patch +asoc-meson-axg-tdmin-fix-axg-skew-offset.patch +asoc-intel-fix-error-code-cnl_set_dsp_d0.patch +nvmet-rdma-fix-null-deref-when-setting-pi_enable-and-traddr-inaddr_any.patch +nvme-don-t-intialize-hwmon-for-discovery-controllers.patch +nvme-tcp-fix-possible-data-corruption-with-bio-merges.patch +nvme-tcp-fix-warning-with-config_debug_preempt.patch +nfs4-fix-use-after-free-in-trace_event_raw_event_nfs4_set_lock.patch +pnfs-we-want-return-on-close-to-complete-when-evicting-the-inode.patch +pnfs-mark-layout-for-return-if-return-on-close-was-not-sent.patch +pnfs-stricter-ordering-of-layoutget-and-layoutreturn.patch +nfs-adjust-fs_context-error-logging.patch +nfs-pnfs-don-t-call-pnfs_free_bucket_lseg-before-removing-the-request.patch +nfs-pnfs-don-t-leak-ds-commits-in-pnfs_generic_retry_commit.patch +nfs-pnfs-fix-a-leak-of-the-layout-plh_outstanding-counter.patch +nfs-nfs_delegation_find_inode_server-must-first-reference-the-superblock.patch +nfs-nfs_igrab_and_active-must-first-reference-the-superblock.patch +scsi-ufs-fix-possible-power-drain-during-system-suspend.patch +ext4-fix-superblock-checksum-failure-when-setting-password-salt.patch +rdma-restrack-don-t-treat-as-an-error-allocation-id-wrapping.patch +rdma-usnic-fix-memleak-in-find_free_vf_and_create_qp_grp.patch +bnxt_en-improve-stats-context-resource-accounting-with-rdma-driver-loaded.patch +rdma-mlx5-fix-wrong-free-of-blue-flame-register-on-error.patch +ib-mlx5-fix-error-unwinding-when-set_has_smi_cap-fails.patch +umount-2-move-the-flag-validity-checks-first.patch +dm-zoned-select-config_crc32.patch +drm-i915-dsi-use-unconditional-msleep-for-the-panel_on_delay-when-there-is-no-reset-deassert-mipi-sequence.patch +drm-i915-icl-fix-initing-the-dsi-dsc-power-refcount-during-hw-readout.patch +drm-i915-gt-restore-clear-residual-mitigations-for-ivybridge-baytrail.patch +mm-slub-consider-rest-of-partial-list-if-acquire_slab-fails.patch +riscv-trace-irq-on-only-interrupt-is-enabled.patch +iommu-vt-d-fix-unaligned-addresses-for-intel_flush_svm_range_dev.patch +net-sunrpc-interpret-the-return-value-of-kstrtou32-correctly.patch +selftests-netfilter-pass-family-parameter-f-to-conntrack-tool.patch +dm-eliminate-potential-source-of-excessive-kernel-log-noise.patch +alsa-fireface-fix-integer-overflow-in-transmit_midi_msg.patch +alsa-firewire-tascam-fix-integer-overflow-in-midi_port_work.patch +netfilter-conntrack-fix-reading-nf_conntrack_buckets.patch +netfilter-nf_nat-fix-memleak-in-nf_nat_init.patch diff --git a/queue-5.10/umount-2-move-the-flag-validity-checks-first.patch b/queue-5.10/umount-2-move-the-flag-validity-checks-first.patch new file mode 100644 index 00000000000..0b364a3d8f8 --- /dev/null +++ b/queue-5.10/umount-2-move-the-flag-validity-checks-first.patch @@ -0,0 +1,54 @@ +From a0a6df9afcaf439a6b4c88a3b522e3d05fdef46f Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 4 Jan 2021 15:25:34 -0500 +Subject: umount(2): move the flag validity checks first + +From: Al Viro + +commit a0a6df9afcaf439a6b4c88a3b522e3d05fdef46f upstream. + +Unfortunately, there's userland code that used to rely upon these +checks being done before anything else to check for UMOUNT_NOFOLLOW +support. That broke in 41525f56e256 ("fs: refactor ksys_umount"). +Separate those from the rest of checks and move them to ksys_umount(); +unlike everything else in there, this can be sanely done there. + +Reported-by: Sargun Dhillon +Fixes: 41525f56e256 ("fs: refactor ksys_umount") +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman + +--- + fs/namespace.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@ -1713,8 +1713,6 @@ static int can_umount(const struct path + { + struct mount *mnt = real_mount(path->mnt); + +- if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) +- return -EINVAL; + if (!may_mount()) + return -EPERM; + if (path->dentry != path->mnt->mnt_root) +@@ -1728,6 +1726,7 @@ static int can_umount(const struct path + return 0; + } + ++// caller is responsible for flags being sane + int path_umount(struct path *path, int flags) + { + struct mount *mnt = real_mount(path->mnt); +@@ -1749,6 +1748,10 @@ static int ksys_umount(char __user *name + struct path path; + int ret; + ++ // basic validity checks done first ++ if (flags & ~(MNT_FORCE | MNT_DETACH | MNT_EXPIRE | UMOUNT_NOFOLLOW)) ++ return -EINVAL; ++ + if (!(flags & UMOUNT_NOFOLLOW)) + lookup_flags |= LOOKUP_FOLLOW; + ret = user_path_at(AT_FDCWD, name, lookup_flags, &path); -- 2.47.3