From ce9a44c1d7682864cabe43047e06dac16d3d1186 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Wed, 19 Aug 2020 14:55:27 +0200 Subject: [PATCH] 5.4-stable patches added patches: appletalk-fix-atalk_proc_init-return-path.patch bcache-allocate-meta-data-pages-as-compound-pages.patch bcache-fix-overflow-in-offset_to_stripe.patch ceph-handle-zero-length-feature-mask-in-session-messages.patch ceph-set-sec_context-xattr-on-symlink-creation.patch driver-core-avoid-binding-drivers-to-dead-devices.patch ext2-fix-missing-percpu_counter_inc.patch ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch mac80211-fix-misplaced-while-instead-of-if.patch md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch mips-cpu-0-is-not-hotpluggable.patch mips-qi_lb60-fix-routing-to-audio-amplifier.patch mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch mm-page_counter.c-fix-protection-usage-propagation.patch net-compat-add-missing-sock-updates-for-scm_rights.patch net-ethernet-stmmac-disable-hardware-multicast-filter.patch net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch ocfs2-change-slot-number-type-s16-to-u16.patch pseries-fix-64-bit-logical-memory-block-panic.patch tracing-hwlat-honor-the-tracing_cpumask.patch tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch --- ...talk-fix-atalk_proc_init-return-path.patch | 40 ++++++ ...te-meta-data-pages-as-compound-pages.patch | 80 +++++++++++ ...che-fix-overflow-in-offset_to_stripe.patch | 136 ++++++++++++++++++ ...gth-feature-mask-in-session-messages.patch | 47 ++++++ ...ec_context-xattr-on-symlink-creation.patch | 38 +++++ ...void-binding-drivers-to-dead-devices.patch | 57 ++++++++ .../ext2-fix-missing-percpu_counter_inc.patch | 46 ++++++ ...rect-ftrace_fl_regs-flags-for-module.patch | 58 ++++++++ ...pte_mapped_thp-flush-the-right-range.patch | 50 +++++++ ..._pte_mapped_thp-protect-the-pmd-lock.patch | 132 +++++++++++++++++ ...dereference-at-kprobe_ftrace_handler.patch | 94 ++++++++++++ ...11-fix-misplaced-while-instead-of-if.patch | 37 +++++ ...uct-write-io-stuck-in-degraded-raid5.patch | 55 +++++++ .../mips-cpu-0-is-not-hotpluggable.patch | 32 +++++ ..._lb60-fix-routing-to-audio-amplifier.patch | 34 +++++ ...-fix-unpaired-mem_hotplug_begin-done.patch | 92 ++++++++++++ ...r.c-fix-protection-usage-propagation.patch | 78 ++++++++++ ...-missing-sock-updates-for-scm_rights.patch | 89 ++++++++++++ ...ac-disable-hardware-multicast-filter.patch | 39 +++++ ...00-provide-multicast-filter-fallback.patch | 35 +++++ ...2-change-slot-number-type-s16-to-u16.patch | 87 +++++++++++ ...ix-64-bit-logical-memory-block-panic.patch | 37 +++++ queue-5.4/series | 28 ++++ ...cing-hwlat-honor-the-tracing_cpumask.patch | 54 +++++++ ...race-array-instead-of-current_tracer.patch | 106 ++++++++++++++ ...free-instead-of-exit-for-pid-tracing.patch | 72 ++++++++++ ...clear-watchdog-timeout-occurred-flag.patch | 51 +++++++ ...set-support-in-watchdog_info.options.patch | 38 +++++ ...ve-use-of-wrong-watchdog_info-option.patch | 48 +++++++ 29 files changed, 1790 insertions(+) create mode 100644 queue-5.4/appletalk-fix-atalk_proc_init-return-path.patch create mode 100644 queue-5.4/bcache-allocate-meta-data-pages-as-compound-pages.patch create mode 100644 queue-5.4/bcache-fix-overflow-in-offset_to_stripe.patch create mode 100644 queue-5.4/ceph-handle-zero-length-feature-mask-in-session-messages.patch create mode 100644 queue-5.4/ceph-set-sec_context-xattr-on-symlink-creation.patch create mode 100644 queue-5.4/driver-core-avoid-binding-drivers-to-dead-devices.patch create mode 100644 queue-5.4/ext2-fix-missing-percpu_counter_inc.patch create mode 100644 queue-5.4/ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch create mode 100644 queue-5.4/khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch create mode 100644 queue-5.4/khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch create mode 100644 queue-5.4/kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch create mode 100644 queue-5.4/mac80211-fix-misplaced-while-instead-of-if.patch create mode 100644 queue-5.4/md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch create mode 100644 queue-5.4/mips-cpu-0-is-not-hotpluggable.patch create mode 100644 queue-5.4/mips-qi_lb60-fix-routing-to-audio-amplifier.patch create mode 100644 queue-5.4/mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch create mode 100644 queue-5.4/mm-page_counter.c-fix-protection-usage-propagation.patch create mode 100644 queue-5.4/net-compat-add-missing-sock-updates-for-scm_rights.patch create mode 100644 queue-5.4/net-ethernet-stmmac-disable-hardware-multicast-filter.patch create mode 100644 queue-5.4/net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch create mode 100644 queue-5.4/ocfs2-change-slot-number-type-s16-to-u16.patch create mode 100644 queue-5.4/pseries-fix-64-bit-logical-memory-block-panic.patch create mode 100644 queue-5.4/tracing-hwlat-honor-the-tracing_cpumask.patch create mode 100644 queue-5.4/tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch create mode 100644 queue-5.4/tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch create mode 100644 queue-5.4/watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch create mode 100644 queue-5.4/watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch create mode 100644 queue-5.4/watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch diff --git a/queue-5.4/appletalk-fix-atalk_proc_init-return-path.patch b/queue-5.4/appletalk-fix-atalk_proc_init-return-path.patch new file mode 100644 index 00000000000..39000e7b1c4 --- /dev/null +++ b/queue-5.4/appletalk-fix-atalk_proc_init-return-path.patch @@ -0,0 +1,40 @@ +From d0f6ba2ef2c1c95069509e71402e7d6d43452512 Mon Sep 17 00:00:00 2001 +From: Vincent Duvert +Date: Sun, 2 Aug 2020 07:06:51 +0200 +Subject: appletalk: Fix atalk_proc_init() return path + +From: Vincent Duvert + +commit d0f6ba2ef2c1c95069509e71402e7d6d43452512 upstream. + +Add a missing return statement to atalk_proc_init so it doesn't return +-ENOMEM when successful. This allows the appletalk module to load +properly. + +Fixes: e2bcd8b0ce6e ("appletalk: use remove_proc_subtree to simplify procfs code") +Link: https://www.downtowndougbrown.com/2020/08/hacking-up-a-fix-for-the-broken-appletalk-kernel-module-in-linux-5-1-and-newer/ +Reported-by: Christopher KOBAYASHI +Reported-by: Doug Brown +Signed-off-by: Vincent Duvert +[lukas: add missing tags] +Signed-off-by: Lukas Wunner +Cc: stable@vger.kernel.org # v5.1+ +Cc: Yue Haibing +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + net/appletalk/atalk_proc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/net/appletalk/atalk_proc.c ++++ b/net/appletalk/atalk_proc.c +@@ -231,6 +231,8 @@ int __init atalk_proc_init(void) + + return 0; + ++ return 0; ++ + out: + remove_proc_subtree("atalk", init_net.proc_net); + return -ENOMEM; diff --git a/queue-5.4/bcache-allocate-meta-data-pages-as-compound-pages.patch b/queue-5.4/bcache-allocate-meta-data-pages-as-compound-pages.patch new file mode 100644 index 00000000000..3494757d612 --- /dev/null +++ b/queue-5.4/bcache-allocate-meta-data-pages-as-compound-pages.patch @@ -0,0 +1,80 @@ +From 5fe48867856367142d91a82f2cbf7a57a24cbb70 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Sat, 25 Jul 2020 20:00:16 +0800 +Subject: bcache: allocate meta data pages as compound pages + +From: Coly Li + +commit 5fe48867856367142d91a82f2cbf7a57a24cbb70 upstream. + +There are some meta data of bcache are allocated by multiple pages, +and they are used as bio bv_page for I/Os to the cache device. for +example cache_set->uuids, cache->disk_buckets, journal_write->data, +bset_tree->data. + +For such meta data memory, all the allocated pages should be treated +as a single memory block. Then the memory management and underlying I/O +code can treat them more clearly. + +This patch adds __GFP_COMP flag to all the location allocating >0 order +pages for the above mentioned meta data. Then their pages are treated +as compound pages now. + +Signed-off-by: Coly Li +Cc: stable@vger.kernel.org +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/bset.c | 2 +- + drivers/md/bcache/btree.c | 2 +- + drivers/md/bcache/journal.c | 4 ++-- + drivers/md/bcache/super.c | 2 +- + 4 files changed, 5 insertions(+), 5 deletions(-) + +--- a/drivers/md/bcache/bset.c ++++ b/drivers/md/bcache/bset.c +@@ -321,7 +321,7 @@ int bch_btree_keys_alloc(struct btree_ke + + b->page_order = page_order; + +- t->data = (void *) __get_free_pages(gfp, b->page_order); ++ t->data = (void *) __get_free_pages(__GFP_COMP|gfp, b->page_order); + if (!t->data) + goto err; + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -840,7 +840,7 @@ int bch_btree_cache_alloc(struct cache_s + mutex_init(&c->verify_lock); + + c->verify_ondisk = (void *) +- __get_free_pages(GFP_KERNEL, ilog2(bucket_pages(c))); ++ __get_free_pages(GFP_KERNEL|__GFP_COMP, ilog2(bucket_pages(c))); + + c->verify_data = mca_bucket_alloc(c, &ZERO_KEY, GFP_KERNEL); + +--- a/drivers/md/bcache/journal.c ++++ b/drivers/md/bcache/journal.c +@@ -1002,8 +1002,8 @@ int bch_journal_alloc(struct cache_set * + j->w[1].c = c; + + if (!(init_fifo(&j->pin, JOURNAL_PIN, GFP_KERNEL)) || +- !(j->w[0].data = (void *) __get_free_pages(GFP_KERNEL, JSET_BITS)) || +- !(j->w[1].data = (void *) __get_free_pages(GFP_KERNEL, JSET_BITS))) ++ !(j->w[0].data = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP, JSET_BITS)) || ++ !(j->w[1].data = (void *) __get_free_pages(GFP_KERNEL|__GFP_COMP, JSET_BITS))) + return -ENOMEM; + + return 0; +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1754,7 +1754,7 @@ void bch_cache_set_unregister(struct cac + } + + #define alloc_bucket_pages(gfp, c) \ +- ((void *) __get_free_pages(__GFP_ZERO|gfp, ilog2(bucket_pages(c)))) ++ ((void *) __get_free_pages(__GFP_ZERO|__GFP_COMP|gfp, ilog2(bucket_pages(c)))) + + struct cache_set *bch_cache_set_alloc(struct cache_sb *sb) + { diff --git a/queue-5.4/bcache-fix-overflow-in-offset_to_stripe.patch b/queue-5.4/bcache-fix-overflow-in-offset_to_stripe.patch new file mode 100644 index 00000000000..ce1f80b1193 --- /dev/null +++ b/queue-5.4/bcache-fix-overflow-in-offset_to_stripe.patch @@ -0,0 +1,136 @@ +From 7a1481267999c02abf4a624515c1b5c7c1fccbd6 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Sat, 25 Jul 2020 20:00:22 +0800 +Subject: bcache: fix overflow in offset_to_stripe() + +From: Coly Li + +commit 7a1481267999c02abf4a624515c1b5c7c1fccbd6 upstream. + +offset_to_stripe() returns the stripe number (in type unsigned int) from +an offset (in type uint64_t) by the following calculation, + do_div(offset, d->stripe_size); +For large capacity backing device (e.g. 18TB) with small stripe size +(e.g. 4KB), the result is 4831838208 and exceeds UINT_MAX. The actual +returned value which caller receives is 536870912, due to the overflow. + +Indeed in bcache_device_init(), bcache_device->nr_stripes is limited in +range [1, INT_MAX]. Therefore all valid stripe numbers in bcache are +in range [0, bcache_dev->nr_stripes - 1]. + +This patch adds a upper limition check in offset_to_stripe(): the max +valid stripe number should be less than bcache_device->nr_stripes. If +the calculated stripe number from do_div() is equal to or larger than +bcache_device->nr_stripe, -EINVAL will be returned. (Normally nr_stripes +is less than INT_MAX, exceeding upper limitation doesn't mean overflow, +therefore -EOVERFLOW is not used as error code.) + +This patch also changes nr_stripes' type of struct bcache_device from +'unsigned int' to 'int', and return value type of offset_to_stripe() +from 'unsigned int' to 'int', to match their exact data ranges. + +All locations where bcache_device->nr_stripes and offset_to_stripe() are +referenced also get updated for the above type change. + +Reported-and-tested-by: Ken Raeburn +Signed-off-by: Coly Li +Cc: stable@vger.kernel.org +Link: https://bugzilla.redhat.com/show_bug.cgi?id=1783075 +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/bcache/bcache.h | 2 +- + drivers/md/bcache/writeback.c | 14 +++++++++----- + drivers/md/bcache/writeback.h | 19 +++++++++++++++++-- + 3 files changed, 27 insertions(+), 8 deletions(-) + +--- a/drivers/md/bcache/bcache.h ++++ b/drivers/md/bcache/bcache.h +@@ -264,7 +264,7 @@ struct bcache_device { + #define BCACHE_DEV_UNLINK_DONE 2 + #define BCACHE_DEV_WB_RUNNING 3 + #define BCACHE_DEV_RATE_DW_RUNNING 4 +- unsigned int nr_stripes; ++ int nr_stripes; + unsigned int stripe_size; + atomic_t *stripe_sectors_dirty; + unsigned long *full_dirty_stripes; +--- a/drivers/md/bcache/writeback.c ++++ b/drivers/md/bcache/writeback.c +@@ -519,15 +519,19 @@ void bcache_dev_sectors_dirty_add(struct + uint64_t offset, int nr_sectors) + { + struct bcache_device *d = c->devices[inode]; +- unsigned int stripe_offset, stripe, sectors_dirty; ++ unsigned int stripe_offset, sectors_dirty; ++ int stripe; + + if (!d) + return; + ++ stripe = offset_to_stripe(d, offset); ++ if (stripe < 0) ++ return; ++ + if (UUID_FLASH_ONLY(&c->uuids[inode])) + atomic_long_add(nr_sectors, &c->flash_dev_dirty_sectors); + +- stripe = offset_to_stripe(d, offset); + stripe_offset = offset & (d->stripe_size - 1); + + while (nr_sectors) { +@@ -567,12 +571,12 @@ static bool dirty_pred(struct keybuf *bu + static void refill_full_stripes(struct cached_dev *dc) + { + struct keybuf *buf = &dc->writeback_keys; +- unsigned int start_stripe, stripe, next_stripe; ++ unsigned int start_stripe, next_stripe; ++ int stripe; + bool wrapped = false; + + stripe = offset_to_stripe(&dc->disk, KEY_OFFSET(&buf->last_scanned)); +- +- if (stripe >= dc->disk.nr_stripes) ++ if (stripe < 0) + stripe = 0; + + start_stripe = stripe; +--- a/drivers/md/bcache/writeback.h ++++ b/drivers/md/bcache/writeback.h +@@ -33,10 +33,22 @@ static inline uint64_t bcache_dev_sector + return ret; + } + +-static inline unsigned int offset_to_stripe(struct bcache_device *d, ++static inline int offset_to_stripe(struct bcache_device *d, + uint64_t offset) + { + do_div(offset, d->stripe_size); ++ ++ /* d->nr_stripes is in range [1, INT_MAX] */ ++ if (unlikely(offset >= d->nr_stripes)) { ++ pr_err("Invalid stripe %llu (>= nr_stripes %d).\n", ++ offset, d->nr_stripes); ++ return -EINVAL; ++ } ++ ++ /* ++ * Here offset is definitly smaller than INT_MAX, ++ * return it as int will never overflow. ++ */ + return offset; + } + +@@ -44,7 +56,10 @@ static inline bool bcache_dev_stripe_dir + uint64_t offset, + unsigned int nr_sectors) + { +- unsigned int stripe = offset_to_stripe(&dc->disk, offset); ++ int stripe = offset_to_stripe(&dc->disk, offset); ++ ++ if (stripe < 0) ++ return false; + + while (1) { + if (atomic_read(dc->disk.stripe_sectors_dirty + stripe)) diff --git a/queue-5.4/ceph-handle-zero-length-feature-mask-in-session-messages.patch b/queue-5.4/ceph-handle-zero-length-feature-mask-in-session-messages.patch new file mode 100644 index 00000000000..d69c360a7c8 --- /dev/null +++ b/queue-5.4/ceph-handle-zero-length-feature-mask-in-session-messages.patch @@ -0,0 +1,47 @@ +From 02e37571f9e79022498fd0525c073b07e9d9ac69 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 4 Aug 2020 12:31:56 -0400 +Subject: ceph: handle zero-length feature mask in session messages + +From: Jeff Layton + +commit 02e37571f9e79022498fd0525c073b07e9d9ac69 upstream. + +Most session messages contain a feature mask, but the MDS will +routinely send a REJECT message with one that is zero-length. + +Commit 0fa8263367db ("ceph: fix endianness bug when handling MDS +session feature bits") fixed the decoding of the feature mask, +but failed to account for the MDS sending a zero-length feature +mask. This causes REJECT message decoding to fail. + +Skip trying to decode a feature mask if the word count is zero. + +Cc: stable@vger.kernel.org +URL: https://tracker.ceph.com/issues/46823 +Fixes: 0fa8263367db ("ceph: fix endianness bug when handling MDS session feature bits") +Signed-off-by: Jeff Layton +Reviewed-by: Ilya Dryomov +Tested-by: Patrick Donnelly +Signed-off-by: Ilya Dryomov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ceph/mds_client.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/ceph/mds_client.c ++++ b/fs/ceph/mds_client.c +@@ -3091,8 +3091,10 @@ static void handle_session(struct ceph_m + goto bad; + /* version >= 3, feature bits */ + ceph_decode_32_safe(&p, end, len, bad); +- ceph_decode_64_safe(&p, end, features, bad); +- p += len - sizeof(features); ++ if (len) { ++ ceph_decode_64_safe(&p, end, features, bad); ++ p += len - sizeof(features); ++ } + } + + mutex_lock(&mdsc->mutex); diff --git a/queue-5.4/ceph-set-sec_context-xattr-on-symlink-creation.patch b/queue-5.4/ceph-set-sec_context-xattr-on-symlink-creation.patch new file mode 100644 index 00000000000..6f334268714 --- /dev/null +++ b/queue-5.4/ceph-set-sec_context-xattr-on-symlink-creation.patch @@ -0,0 +1,38 @@ +From b748fc7a8763a5b3f8149f12c45711cd73ef8176 Mon Sep 17 00:00:00 2001 +From: Jeff Layton +Date: Tue, 28 Jul 2020 10:34:20 -0400 +Subject: ceph: set sec_context xattr on symlink creation + +From: Jeff Layton + +commit b748fc7a8763a5b3f8149f12c45711cd73ef8176 upstream. + +Symlink inodes should have the security context set in their xattrs on +creation. We already set the context on creation, but we don't attach +the pagelist. The effect is that symlink inodes don't get an SELinux +context set on them at creation, so they end up unlabeled instead of +inheriting the proper context. Make it do so. + +Cc: stable@vger.kernel.org +Signed-off-by: Jeff Layton +Reviewed-by: Ilya Dryomov +Signed-off-by: Ilya Dryomov +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ceph/dir.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/ceph/dir.c ++++ b/fs/ceph/dir.c +@@ -920,6 +920,10 @@ static int ceph_symlink(struct inode *di + req->r_num_caps = 2; + req->r_dentry_drop = CEPH_CAP_FILE_SHARED | CEPH_CAP_AUTH_EXCL; + req->r_dentry_unless = CEPH_CAP_FILE_EXCL; ++ if (as_ctx.pagelist) { ++ req->r_pagelist = as_ctx.pagelist; ++ as_ctx.pagelist = NULL; ++ } + err = ceph_mdsc_do_request(mdsc, dir, req); + if (!err && !req->r_reply_info.head->is_dentry) + err = ceph_handle_notrace_create(dir, dentry); diff --git a/queue-5.4/driver-core-avoid-binding-drivers-to-dead-devices.patch b/queue-5.4/driver-core-avoid-binding-drivers-to-dead-devices.patch new file mode 100644 index 00000000000..3b9285ecd32 --- /dev/null +++ b/queue-5.4/driver-core-avoid-binding-drivers-to-dead-devices.patch @@ -0,0 +1,57 @@ +From 654888327e9f655a9d55ad477a9583e90e8c9b5c Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Wed, 8 Jul 2020 15:27:01 +0200 +Subject: driver core: Avoid binding drivers to dead devices + +From: Lukas Wunner + +commit 654888327e9f655a9d55ad477a9583e90e8c9b5c upstream. + +Commit 3451a495ef24 ("driver core: Establish order of operations for +device_add and device_del via bitflag") sought to prevent asynchronous +driver binding to a device which is being removed. It added a +per-device "dead" flag which is checked in the following code paths: + +* asynchronous binding in __driver_attach_async_helper() +* synchronous binding in device_driver_attach() +* asynchronous binding in __device_attach_async_helper() + +It did *not* check the flag upon: + +* synchronous binding in __device_attach() + +However __device_attach() may also be called asynchronously from: + +deferred_probe_work_func() + bus_probe_device() + device_initial_probe() + __device_attach() + +So if the commit's intention was to check the "dead" flag in all +asynchronous code paths, then a check is also necessary in +__device_attach(). Add the missing check. + +Fixes: 3451a495ef24 ("driver core: Establish order of operations for device_add and device_del via bitflag") +Signed-off-by: Lukas Wunner +Cc: stable@vger.kernel.org # v5.1+ +Cc: Alexander Duyck +Link: https://lore.kernel.org/r/de88a23a6fe0ef70f7cfd13c8aea9ab51b4edab6.1594214103.git.lukas@wunner.de +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/dd.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/base/dd.c ++++ b/drivers/base/dd.c +@@ -872,7 +872,9 @@ static int __device_attach(struct device + int ret = 0; + + device_lock(dev); +- if (dev->driver) { ++ if (dev->p->dead) { ++ goto out_unlock; ++ } else if (dev->driver) { + if (device_is_bound(dev)) { + ret = 1; + goto out_unlock; diff --git a/queue-5.4/ext2-fix-missing-percpu_counter_inc.patch b/queue-5.4/ext2-fix-missing-percpu_counter_inc.patch new file mode 100644 index 00000000000..8501a47315a --- /dev/null +++ b/queue-5.4/ext2-fix-missing-percpu_counter_inc.patch @@ -0,0 +1,46 @@ +From bc2fbaa4d3808aef82dd1064a8e61c16549fe956 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 20 Apr 2020 16:02:21 -0400 +Subject: ext2: fix missing percpu_counter_inc + +From: Mikulas Patocka + +commit bc2fbaa4d3808aef82dd1064a8e61c16549fe956 upstream. + +sbi->s_freeinodes_counter is only decreased by the ext2 code, it is never +increased. This patch fixes it. + +Note that sbi->s_freeinodes_counter is only used in the algorithm that +tries to find the group for new allocations, so this bug is not easily +visible (the only visibility is that the group finding algorithm selects +inoptinal result). + +Link: https://lore.kernel.org/r/alpine.LRH.2.02.2004201538300.19436@file01.intranet.prod.int.rdu2.redhat.com +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext2/ialloc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/ext2/ialloc.c ++++ b/fs/ext2/ialloc.c +@@ -80,6 +80,7 @@ static void ext2_release_inode(struct su + if (dir) + le16_add_cpu(&desc->bg_used_dirs_count, -1); + spin_unlock(sb_bgl_lock(EXT2_SB(sb), group)); ++ percpu_counter_inc(&EXT2_SB(sb)->s_freeinodes_counter); + if (dir) + percpu_counter_dec(&EXT2_SB(sb)->s_dirs_counter); + mark_buffer_dirty(bh); +@@ -528,7 +529,7 @@ got: + goto fail; + } + +- percpu_counter_add(&sbi->s_freeinodes_counter, -1); ++ percpu_counter_dec(&sbi->s_freeinodes_counter); + if (S_ISDIR(mode)) + percpu_counter_inc(&sbi->s_dirs_counter); + diff --git a/queue-5.4/ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch b/queue-5.4/ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch new file mode 100644 index 00000000000..92fd5f06eda --- /dev/null +++ b/queue-5.4/ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch @@ -0,0 +1,58 @@ +From 8a224ffb3f52b0027f6b7279854c71a31c48fc97 Mon Sep 17 00:00:00 2001 +From: Chengming Zhou +Date: Wed, 29 Jul 2020 02:05:53 +0800 +Subject: ftrace: Setup correct FTRACE_FL_REGS flags for module + +From: Chengming Zhou + +commit 8a224ffb3f52b0027f6b7279854c71a31c48fc97 upstream. + +When module loaded and enabled, we will use __ftrace_replace_code +for module if any ftrace_ops referenced it found. But we will get +wrong ftrace_addr for module rec in ftrace_get_addr_new, because +rec->flags has not been setup correctly. It can cause the callback +function of a ftrace_ops has FTRACE_OPS_FL_SAVE_REGS to be called +with pt_regs set to NULL. +So setup correct FTRACE_FL_REGS flags for rec when we call +referenced_filters to find ftrace_ops references it. + +Link: https://lkml.kernel.org/r/20200728180554.65203-1-zhouchengming@bytedance.com + +Cc: stable@vger.kernel.org +Fixes: 8c4f3c3fa9681 ("ftrace: Check module functions being traced on reload") +Signed-off-by: Chengming Zhou +Signed-off-by: Muchun Song +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ftrace.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -5699,8 +5699,11 @@ static int referenced_filters(struct dyn + int cnt = 0; + + for (ops = ftrace_ops_list; ops != &ftrace_list_end; ops = ops->next) { +- if (ops_references_rec(ops, rec)) +- cnt++; ++ if (ops_references_rec(ops, rec)) { ++ cnt++; ++ if (ops->flags & FTRACE_OPS_FL_SAVE_REGS) ++ rec->flags |= FTRACE_FL_REGS; ++ } + } + + return cnt; +@@ -5877,8 +5880,8 @@ void ftrace_module_enable(struct module + if (ftrace_start_up) + cnt += referenced_filters(rec); + +- /* This clears FTRACE_FL_DISABLED */ +- rec->flags = cnt; ++ rec->flags &= ~FTRACE_FL_DISABLED; ++ rec->flags += cnt; + + if (ftrace_start_up && cnt) { + int failed = __ftrace_replace_code(rec, 1); diff --git a/queue-5.4/khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch b/queue-5.4/khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch new file mode 100644 index 00000000000..62352958bf0 --- /dev/null +++ b/queue-5.4/khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch @@ -0,0 +1,50 @@ +From 723a80dafed5c95889d48baab9aa433a6ffa0b4e Mon Sep 17 00:00:00 2001 +From: Hugh Dickins +Date: Thu, 6 Aug 2020 23:26:15 -0700 +Subject: khugepaged: collapse_pte_mapped_thp() flush the right range + +From: Hugh Dickins + +commit 723a80dafed5c95889d48baab9aa433a6ffa0b4e upstream. + +pmdp_collapse_flush() should be given the start address at which the huge +page is mapped, haddr: it was given addr, which at that point has been +used as a local variable, incremented to the end address of the extent. + +Found by source inspection while chasing a hugepage locking bug, which I +then could not explain by this. At first I thought this was very bad; +then saw that all of the page translations that were not flushed would +actually still point to the right pages afterwards, so harmless; then +realized that I know nothing of how different architectures and models +cache intermediate paging structures, so maybe it matters after all - +particularly since the page table concerned is immediately freed. + +Much easier to fix than to think about. + +Fixes: 27e1f8273113 ("khugepaged: enable collapse pmd for pte-mapped THP") +Signed-off-by: Hugh Dickins +Signed-off-by: Andrew Morton +Acked-by: Kirill A. Shutemov +Cc: Andrea Arcangeli +Cc: Mike Kravetz +Cc: Song Liu +Cc: [5.4+] +Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008021204390.27773@eggly.anvils +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/khugepaged.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/khugepaged.c ++++ b/mm/khugepaged.c +@@ -1384,7 +1384,7 @@ void collapse_pte_mapped_thp(struct mm_s + + /* step 4: collapse pmd */ + ptl = pmd_lock(vma->vm_mm, pmd); +- _pmd = pmdp_collapse_flush(vma, addr, pmd); ++ _pmd = pmdp_collapse_flush(vma, haddr, pmd); + spin_unlock(ptl); + mm_dec_nr_ptes(mm); + pte_free(mm, pmd_pgtable(_pmd)); diff --git a/queue-5.4/khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch b/queue-5.4/khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch new file mode 100644 index 00000000000..5a51bb838fc --- /dev/null +++ b/queue-5.4/khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch @@ -0,0 +1,132 @@ +From 119a5fc16105b2b9383a6e2a7800b2ef861b2975 Mon Sep 17 00:00:00 2001 +From: Hugh Dickins +Date: Thu, 6 Aug 2020 23:26:18 -0700 +Subject: khugepaged: collapse_pte_mapped_thp() protect the pmd lock + +From: Hugh Dickins + +commit 119a5fc16105b2b9383a6e2a7800b2ef861b2975 upstream. + +When retract_page_tables() removes a page table to make way for a huge +pmd, it holds huge page lock, i_mmap_lock_write, mmap_write_trylock and +pmd lock; but when collapse_pte_mapped_thp() does the same (to handle the +case when the original mmap_write_trylock had failed), only +mmap_write_trylock and pmd lock are held. + +That's not enough. One machine has twice crashed under load, with "BUG: +spinlock bad magic" and GPF on 6b6b6b6b6b6b6b6b. Examining the second +crash, page_vma_mapped_walk_done()'s spin_unlock of pvmw->ptl (serving +page_referenced() on a file THP, that had found a page table at *pmd) +discovers that the page table page and its lock have already been freed by +the time it comes to unlock. + +Follow the example of retract_page_tables(), but we only need one of huge +page lock or i_mmap_lock_write to secure against this: because it's the +narrower lock, and because it simplifies collapse_pte_mapped_thp() to know +the hpage earlier, choose to rely on huge page lock here. + +Fixes: 27e1f8273113 ("khugepaged: enable collapse pmd for pte-mapped THP") +Signed-off-by: Hugh Dickins +Signed-off-by: Andrew Morton +Acked-by: Kirill A. Shutemov +Cc: Andrea Arcangeli +Cc: Mike Kravetz +Cc: Song Liu +Cc: [5.4+] +Link: http://lkml.kernel.org/r/alpine.LSU.2.11.2008021213070.27773@eggly.anvils +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/khugepaged.c | 44 +++++++++++++++++++------------------------- + 1 file changed, 19 insertions(+), 25 deletions(-) + +--- a/mm/khugepaged.c ++++ b/mm/khugepaged.c +@@ -1294,7 +1294,7 @@ void collapse_pte_mapped_thp(struct mm_s + { + unsigned long haddr = addr & HPAGE_PMD_MASK; + struct vm_area_struct *vma = find_vma(mm, haddr); +- struct page *hpage = NULL; ++ struct page *hpage; + pte_t *start_pte, *pte; + pmd_t *pmd, _pmd; + spinlock_t *ptl; +@@ -1314,9 +1314,17 @@ void collapse_pte_mapped_thp(struct mm_s + if (!hugepage_vma_check(vma, vma->vm_flags | VM_HUGEPAGE)) + return; + ++ hpage = find_lock_page(vma->vm_file->f_mapping, ++ linear_page_index(vma, haddr)); ++ if (!hpage) ++ return; ++ ++ if (!PageHead(hpage)) ++ goto drop_hpage; ++ + pmd = mm_find_pmd(mm, haddr); + if (!pmd) +- return; ++ goto drop_hpage; + + start_pte = pte_offset_map_lock(mm, pmd, haddr, &ptl); + +@@ -1335,30 +1343,11 @@ void collapse_pte_mapped_thp(struct mm_s + + page = vm_normal_page(vma, addr, *pte); + +- if (!page || !PageCompound(page)) +- goto abort; +- +- if (!hpage) { +- hpage = compound_head(page); +- /* +- * The mapping of the THP should not change. +- * +- * Note that uprobe, debugger, or MAP_PRIVATE may +- * change the page table, but the new page will +- * not pass PageCompound() check. +- */ +- if (WARN_ON(hpage->mapping != vma->vm_file->f_mapping)) +- goto abort; +- } +- + /* +- * Confirm the page maps to the correct subpage. +- * +- * Note that uprobe, debugger, or MAP_PRIVATE may change +- * the page table, but the new page will not pass +- * PageCompound() check. ++ * Note that uprobe, debugger, or MAP_PRIVATE may change the ++ * page table, but the new page will not be a subpage of hpage. + */ +- if (WARN_ON(hpage + i != page)) ++ if (hpage + i != page) + goto abort; + count++; + } +@@ -1377,7 +1366,7 @@ void collapse_pte_mapped_thp(struct mm_s + pte_unmap_unlock(start_pte, ptl); + + /* step 3: set proper refcount and mm_counters. */ +- if (hpage) { ++ if (count) { + page_ref_sub(hpage, count); + add_mm_counter(vma->vm_mm, mm_counter_file(hpage), -count); + } +@@ -1388,10 +1377,15 @@ void collapse_pte_mapped_thp(struct mm_s + spin_unlock(ptl); + mm_dec_nr_ptes(mm); + pte_free(mm, pmd_pgtable(_pmd)); ++ ++drop_hpage: ++ unlock_page(hpage); ++ put_page(hpage); + return; + + abort: + pte_unmap_unlock(start_pte, ptl); ++ goto drop_hpage; + } + + static int khugepaged_collapse_pte_mapped_thps(struct mm_slot *mm_slot) diff --git a/queue-5.4/kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch b/queue-5.4/kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch new file mode 100644 index 00000000000..ae9aeca480e --- /dev/null +++ b/queue-5.4/kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch @@ -0,0 +1,94 @@ +From 0cb2f1372baa60af8456388a574af6133edd7d80 Mon Sep 17 00:00:00 2001 +From: Muchun Song +Date: Tue, 28 Jul 2020 14:45:36 +0800 +Subject: kprobes: Fix NULL pointer dereference at kprobe_ftrace_handler + +From: Muchun Song + +commit 0cb2f1372baa60af8456388a574af6133edd7d80 upstream. + +We found a case of kernel panic on our server. The stack trace is as +follows(omit some irrelevant information): + + BUG: kernel NULL pointer dereference, address: 0000000000000080 + RIP: 0010:kprobe_ftrace_handler+0x5e/0xe0 + RSP: 0018:ffffb512c6550998 EFLAGS: 00010282 + RAX: 0000000000000000 RBX: ffff8e9d16eea018 RCX: 0000000000000000 + RDX: ffffffffbe1179c0 RSI: ffffffffc0535564 RDI: ffffffffc0534ec0 + RBP: ffffffffc0534ec1 R08: ffff8e9d1bbb0f00 R09: 0000000000000004 + R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 + R13: ffff8e9d1f797060 R14: 000000000000bacc R15: ffff8e9ce13eca00 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000080 CR3: 00000008453d0005 CR4: 00000000003606e0 + DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + Call Trace: + + ftrace_ops_assist_func+0x56/0xe0 + ftrace_call+0x5/0x34 + tcpa_statistic_send+0x5/0x130 [ttcp_engine] + +The tcpa_statistic_send is the function being kprobed. After analysis, +the root cause is that the fourth parameter regs of kprobe_ftrace_handler +is NULL. Why regs is NULL? We use the crash tool to analyze the kdump. + + crash> dis tcpa_statistic_send -r + : callq 0xffffffffbd8018c0 + +The tcpa_statistic_send calls ftrace_caller instead of ftrace_regs_caller. +So it is reasonable that the fourth parameter regs of kprobe_ftrace_handler +is NULL. In theory, we should call the ftrace_regs_caller instead of the +ftrace_caller. After in-depth analysis, we found a reproducible path. + + Writing a simple kernel module which starts a periodic timer. The + timer's handler is named 'kprobe_test_timer_handler'. The module + name is kprobe_test.ko. + + 1) insmod kprobe_test.ko + 2) bpftrace -e 'kretprobe:kprobe_test_timer_handler {}' + 3) echo 0 > /proc/sys/kernel/ftrace_enabled + 4) rmmod kprobe_test + 5) stop step 2) kprobe + 6) insmod kprobe_test.ko + 7) bpftrace -e 'kretprobe:kprobe_test_timer_handler {}' + +We mark the kprobe as GONE but not disarm the kprobe in the step 4). +The step 5) also do not disarm the kprobe when unregister kprobe. So +we do not remove the ip from the filter. In this case, when the module +loads again in the step 6), we will replace the code to ftrace_caller +via the ftrace_module_enable(). When we register kprobe again, we will +not replace ftrace_caller to ftrace_regs_caller because the ftrace is +disabled in the step 3). So the step 7) will trigger kernel panic. Fix +this problem by disarming the kprobe when the module is going away. + +Link: https://lkml.kernel.org/r/20200728064536.24405-1-songmuchun@bytedance.com + +Cc: stable@vger.kernel.org +Fixes: ae6aa16fdc16 ("kprobes: introduce ftrace based optimization") +Acked-by: Masami Hiramatsu +Signed-off-by: Muchun Song +Co-developed-by: Chengming Zhou +Signed-off-by: Chengming Zhou +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/kprobes.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -2104,6 +2104,13 @@ static void kill_kprobe(struct kprobe *p + * the original probed function (which will be freed soon) any more. + */ + arch_remove_kprobe(p); ++ ++ /* ++ * The module is going away. We should disarm the kprobe which ++ * is using ftrace. ++ */ ++ if (kprobe_ftrace(p)) ++ disarm_kprobe_ftrace(p); + } + + /* Disable one kprobe */ diff --git a/queue-5.4/mac80211-fix-misplaced-while-instead-of-if.patch b/queue-5.4/mac80211-fix-misplaced-while-instead-of-if.patch new file mode 100644 index 00000000000..52dee5a3784 --- /dev/null +++ b/queue-5.4/mac80211-fix-misplaced-while-instead-of-if.patch @@ -0,0 +1,37 @@ +From 5981fe5b0529ba25d95f37d7faa434183ad618c5 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Mon, 3 Aug 2020 11:02:10 +0200 +Subject: mac80211: fix misplaced while instead of if + +From: Johannes Berg + +commit 5981fe5b0529ba25d95f37d7faa434183ad618c5 upstream. + +This never was intended to be a 'while' loop, it should've +just been an 'if' instead of 'while'. Fix this. + +I noticed this while applying another patch from Ben that +intended to fix a busy loop at this spot. + +Cc: stable@vger.kernel.org +Fixes: b16798f5b907 ("mac80211: mark station unauthorized before key removal") +Reported-by: Ben Greear +Link: https://lore.kernel.org/r/20200803110209.253009ae41ff.I3522aad099392b31d5cf2dcca34cbac7e5832dde@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + net/mac80211/sta_info.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/mac80211/sta_info.c ++++ b/net/mac80211/sta_info.c +@@ -1033,7 +1033,7 @@ static void __sta_info_destroy_part2(str + might_sleep(); + lockdep_assert_held(&local->sta_mtx); + +- while (sta->sta_state == IEEE80211_STA_AUTHORIZED) { ++ if (sta->sta_state == IEEE80211_STA_AUTHORIZED) { + ret = sta_info_move_state(sta, IEEE80211_STA_ASSOC); + WARN_ON_ONCE(ret); + } diff --git a/queue-5.4/md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch b/queue-5.4/md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch new file mode 100644 index 00000000000..f650889845a --- /dev/null +++ b/queue-5.4/md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch @@ -0,0 +1,55 @@ +From a1c6ae3d9f3dd6aa5981a332a6f700cf1c25edef Mon Sep 17 00:00:00 2001 +From: ChangSyun Peng +Date: Fri, 31 Jul 2020 17:50:17 +0800 +Subject: md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 + +From: ChangSyun Peng + +commit a1c6ae3d9f3dd6aa5981a332a6f700cf1c25edef upstream. + +In degraded raid5, we need to read parity to do reconstruct-write when +data disks fail. However, we can not read parity from +handle_stripe_dirtying() in force reconstruct-write mode. + +Reproducible Steps: + +1. Create degraded raid5 +mdadm -C /dev/md2 --assume-clean -l5 -n3 /dev/sda2 /dev/sdb2 missing +2. Set rmw_level to 0 +echo 0 > /sys/block/md2/md/rmw_level +3. IO to raid5 + +Now some io may be stuck in raid5. We can use handle_stripe_fill() to read +the parity in this situation. + +Cc: # v4.4+ +Reviewed-by: Alex Wu +Reviewed-by: BingJing Chang +Reviewed-by: Danny Shih +Signed-off-by: ChangSyun Peng +Signed-off-by: Song Liu +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/md/raid5.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/md/raid5.c ++++ b/drivers/md/raid5.c +@@ -3604,6 +3604,7 @@ static int need_this_block(struct stripe + * is missing/faulty, then we need to read everything we can. + */ + if (sh->raid_conf->level != 6 && ++ sh->raid_conf->rmw_level != PARITY_DISABLE_RMW && + sh->sector < sh->raid_conf->mddev->recovery_cp) + /* reconstruct-write isn't being forced */ + return 0; +@@ -4839,7 +4840,7 @@ static void handle_stripe(struct stripe_ + * or to load a block that is being partially written. + */ + if (s.to_read || s.non_overwrite +- || (conf->level == 6 && s.to_write && s.failed) ++ || (s.to_write && s.failed) + || (s.syncing && (s.uptodate + s.compute < disks)) + || s.replacing + || s.expanding) diff --git a/queue-5.4/mips-cpu-0-is-not-hotpluggable.patch b/queue-5.4/mips-cpu-0-is-not-hotpluggable.patch new file mode 100644 index 00000000000..f58ea01fc47 --- /dev/null +++ b/queue-5.4/mips-cpu-0-is-not-hotpluggable.patch @@ -0,0 +1,32 @@ +From 9cce844abf07b683cff5f0273977d5f8d0af94c7 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Thu, 16 Jul 2020 18:40:23 +0800 +Subject: MIPS: CPU#0 is not hotpluggable + +From: Huacai Chen + +commit 9cce844abf07b683cff5f0273977d5f8d0af94c7 upstream. + +Now CPU#0 is not hotpluggable on MIPS, so prevent to create /sys/devices +/system/cpu/cpu0/online which confuses some user-space tools. + +Cc: stable@vger.kernel.org +Signed-off-by: Huacai Chen +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/kernel/topology.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/kernel/topology.c ++++ b/arch/mips/kernel/topology.c +@@ -20,7 +20,7 @@ static int __init topology_init(void) + for_each_present_cpu(i) { + struct cpu *c = &per_cpu(cpu_devices, i); + +- c->hotpluggable = 1; ++ c->hotpluggable = !!i; + ret = register_cpu(c, i); + if (ret) + printk(KERN_WARNING "topology_init: register_cpu %d " diff --git a/queue-5.4/mips-qi_lb60-fix-routing-to-audio-amplifier.patch b/queue-5.4/mips-qi_lb60-fix-routing-to-audio-amplifier.patch new file mode 100644 index 00000000000..26a1e8fb113 --- /dev/null +++ b/queue-5.4/mips-qi_lb60-fix-routing-to-audio-amplifier.patch @@ -0,0 +1,34 @@ +From 0889a67a9e7a56ba39af223d536630b20b877fda Mon Sep 17 00:00:00 2001 +From: Paul Cercueil +Date: Mon, 27 Jul 2020 20:11:28 +0200 +Subject: MIPS: qi_lb60: Fix routing to audio amplifier + +From: Paul Cercueil + +commit 0889a67a9e7a56ba39af223d536630b20b877fda upstream. + +The ROUT (right channel output of audio codec) was connected to INL +(left channel of audio amplifier) instead of INR (right channel of audio +amplifier). + +Fixes: 8ddebad15e9b ("MIPS: qi_lb60: Migrate to devicetree") +Cc: stable@vger.kernel.org # v5.3 +Signed-off-by: Paul Cercueil +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/boot/dts/ingenic/qi_lb60.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/mips/boot/dts/ingenic/qi_lb60.dts ++++ b/arch/mips/boot/dts/ingenic/qi_lb60.dts +@@ -69,7 +69,7 @@ + "Speaker", "OUTL", + "Speaker", "OUTR", + "INL", "LOUT", +- "INL", "ROUT"; ++ "INR", "ROUT"; + + simple-audio-card,aux-devs = <&>; + diff --git a/queue-5.4/mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch b/queue-5.4/mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch new file mode 100644 index 00000000000..3206db7c718 --- /dev/null +++ b/queue-5.4/mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch @@ -0,0 +1,92 @@ +From b4223a510e2ab1bf0f971d50af7c1431014b25ad Mon Sep 17 00:00:00 2001 +From: Jia He +Date: Tue, 11 Aug 2020 18:32:20 -0700 +Subject: mm/memory_hotplug: fix unpaired mem_hotplug_begin/done + +From: Jia He + +commit b4223a510e2ab1bf0f971d50af7c1431014b25ad upstream. + +When check_memblock_offlined_cb() returns failed rc(e.g. the memblock is +online at that time), mem_hotplug_begin/done is unpaired in such case. + +Therefore a warning: + Call Trace: + percpu_up_write+0x33/0x40 + try_remove_memory+0x66/0x120 + ? _cond_resched+0x19/0x30 + remove_memory+0x2b/0x40 + dev_dax_kmem_remove+0x36/0x72 [kmem] + device_release_driver_internal+0xf0/0x1c0 + device_release_driver+0x12/0x20 + bus_remove_device+0xe1/0x150 + device_del+0x17b/0x3e0 + unregister_dev_dax+0x29/0x60 + devm_action_release+0x15/0x20 + release_nodes+0x19a/0x1e0 + devres_release_all+0x3f/0x50 + device_release_driver_internal+0x100/0x1c0 + driver_detach+0x4c/0x8f + bus_remove_driver+0x5c/0xd0 + driver_unregister+0x31/0x50 + dax_pmem_exit+0x10/0xfe0 [dax_pmem] + +Fixes: f1037ec0cc8a ("mm/memory_hotplug: fix remove_memory() lockdep splat") +Signed-off-by: Jia He +Signed-off-by: Andrew Morton +Reviewed-by: David Hildenbrand +Acked-by: Michal Hocko +Acked-by: Dan Williams +Cc: [5.6+] +Cc: Andy Lutomirski +Cc: Baoquan He +Cc: Borislav Petkov +Cc: Catalin Marinas +Cc: Chuhong Yuan +Cc: Dave Hansen +Cc: Dave Jiang +Cc: Fenghua Yu +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: Jonathan Cameron +Cc: Kaly Xin +Cc: Logan Gunthorpe +Cc: Masahiro Yamada +Cc: Mike Rapoport +Cc: Peter Zijlstra +Cc: Rich Felker +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: Vishal Verma +Cc: Will Deacon +Cc: Yoshinori Sato +Link: http://lkml.kernel.org/r/20200710031619.18762-3-justin.he@arm.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/memory_hotplug.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/mm/memory_hotplug.c ++++ b/mm/memory_hotplug.c +@@ -1751,7 +1751,7 @@ static int __ref try_remove_memory(int n + */ + rc = walk_memory_blocks(start, size, NULL, check_memblock_offlined_cb); + if (rc) +- goto done; ++ return rc; + + /* remove memmap entry */ + firmware_map_remove(start, start + size, "System RAM"); +@@ -1771,9 +1771,8 @@ static int __ref try_remove_memory(int n + + try_offline_node(nid); + +-done: + mem_hotplug_done(); +- return rc; ++ return 0; + } + + /** diff --git a/queue-5.4/mm-page_counter.c-fix-protection-usage-propagation.patch b/queue-5.4/mm-page_counter.c-fix-protection-usage-propagation.patch new file mode 100644 index 00000000000..e1dedaac86a --- /dev/null +++ b/queue-5.4/mm-page_counter.c-fix-protection-usage-propagation.patch @@ -0,0 +1,78 @@ +From a6f23d14ec7d7d02220ad8bb2774be3322b9aeec Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Michal=20Koutn=C3=BD?= +Date: Thu, 6 Aug 2020 23:22:18 -0700 +Subject: mm/page_counter.c: fix protection usage propagation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Michal Koutný + +commit a6f23d14ec7d7d02220ad8bb2774be3322b9aeec upstream. + +When workload runs in cgroups that aren't directly below root cgroup and +their parent specifies reclaim protection, it may end up ineffective. + +The reason is that propagate_protected_usage() is not called in all +hierarchy up. All the protected usage is incorrectly accumulated in the +workload's parent. This means that siblings_low_usage is overestimated +and effective protection underestimated. Even though it is transitional +phenomenon (uncharge path does correct propagation and fixes the wrong +children_low_usage), it can undermine the intended protection +unexpectedly. + +We have noticed this problem while seeing a swap out in a descendant of a +protected memcg (intermediate node) while the parent was conveniently +under its protection limit and the memory pressure was external to that +hierarchy. Michal has pinpointed this down to the wrong +siblings_low_usage which led to the unwanted reclaim. + +The fix is simply updating children_low_usage in respective ancestors also +in the charging path. + +Fixes: 230671533d64 ("mm: memory.low hierarchical behavior") +Signed-off-by: Michal Koutný +Signed-off-by: Michal Hocko +Signed-off-by: Andrew Morton +Acked-by: Michal Hocko +Acked-by: Roman Gushchin +Cc: Johannes Weiner +Cc: Tejun Heo +Cc: [4.18+] +Link: http://lkml.kernel.org/r/20200803153231.15477-1-mhocko@kernel.org +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + mm/page_counter.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/page_counter.c ++++ b/mm/page_counter.c +@@ -77,7 +77,7 @@ void page_counter_charge(struct page_cou + long new; + + new = atomic_long_add_return(nr_pages, &c->usage); +- propagate_protected_usage(counter, new); ++ propagate_protected_usage(c, new); + /* + * This is indeed racy, but we can live with some + * inaccuracy in the watermark. +@@ -121,7 +121,7 @@ bool page_counter_try_charge(struct page + new = atomic_long_add_return(nr_pages, &c->usage); + if (new > c->max) { + atomic_long_sub(nr_pages, &c->usage); +- propagate_protected_usage(counter, new); ++ propagate_protected_usage(c, new); + /* + * This is racy, but we can live with some + * inaccuracy in the failcnt. +@@ -130,7 +130,7 @@ bool page_counter_try_charge(struct page + *fail = c; + goto failed; + } +- propagate_protected_usage(counter, new); ++ propagate_protected_usage(c, new); + /* + * Just like with failcnt, we can live with some + * inaccuracy in the watermark. diff --git a/queue-5.4/net-compat-add-missing-sock-updates-for-scm_rights.patch b/queue-5.4/net-compat-add-missing-sock-updates-for-scm_rights.patch new file mode 100644 index 00000000000..72b80dcf08d --- /dev/null +++ b/queue-5.4/net-compat-add-missing-sock-updates-for-scm_rights.patch @@ -0,0 +1,89 @@ +From d9539752d23283db4692384a634034f451261e29 Mon Sep 17 00:00:00 2001 +From: Kees Cook +Date: Tue, 9 Jun 2020 16:11:29 -0700 +Subject: net/compat: Add missing sock updates for SCM_RIGHTS + +From: Kees Cook + +commit d9539752d23283db4692384a634034f451261e29 upstream. + +Add missed sock updates to compat path via a new helper, which will be +used more in coming patches. (The net/core/scm.c code is left as-is here +to assist with -stable backports for the compat path.) + +Cc: Christoph Hellwig +Cc: Sargun Dhillon +Cc: Jakub Kicinski +Cc: stable@vger.kernel.org +Fixes: 48a87cc26c13 ("net: netprio: fd passed in SCM_RIGHTS datagram not set correctly") +Fixes: d84295067fc7 ("net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly") +Acked-by: Christian Brauner +Signed-off-by: Kees Cook +Signed-off-by: Greg Kroah-Hartman + +--- + include/net/sock.h | 4 ++++ + net/compat.c | 1 + + net/core/sock.c | 21 +++++++++++++++++++++ + 3 files changed, 26 insertions(+) + +--- a/include/net/sock.h ++++ b/include/net/sock.h +@@ -849,6 +849,8 @@ static inline int sk_memalloc_socks(void + { + return static_branch_unlikely(&memalloc_socks_key); + } ++ ++void __receive_sock(struct file *file); + #else + + static inline int sk_memalloc_socks(void) +@@ -856,6 +858,8 @@ static inline int sk_memalloc_socks(void + return 0; + } + ++static inline void __receive_sock(struct file *file) ++{ } + #endif + + static inline gfp_t sk_gfp_mask(const struct sock *sk, gfp_t gfp_mask) +--- a/net/compat.c ++++ b/net/compat.c +@@ -291,6 +291,7 @@ void scm_detach_fds_compat(struct msghdr + break; + } + /* Bump the usage count and install the file. */ ++ __receive_sock(fp[i]); + fd_install(new_fd, get_file(fp[i])); + } + +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -2736,6 +2736,27 @@ int sock_no_mmap(struct file *file, stru + } + EXPORT_SYMBOL(sock_no_mmap); + ++/* ++ * When a file is received (via SCM_RIGHTS, etc), we must bump the ++ * various sock-based usage counts. ++ */ ++void __receive_sock(struct file *file) ++{ ++ struct socket *sock; ++ int error; ++ ++ /* ++ * The resulting value of "error" is ignored here since we only ++ * need to take action when the file is a socket and testing ++ * "sock" for NULL is sufficient. ++ */ ++ sock = sock_from_file(file, &error); ++ if (sock) { ++ sock_update_netprioidx(&sock->sk->sk_cgrp_data); ++ sock_update_classid(&sock->sk->sk_cgrp_data); ++ } ++} ++ + ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags) + { + ssize_t res; diff --git a/queue-5.4/net-ethernet-stmmac-disable-hardware-multicast-filter.patch b/queue-5.4/net-ethernet-stmmac-disable-hardware-multicast-filter.patch new file mode 100644 index 00000000000..c67dd470999 --- /dev/null +++ b/queue-5.4/net-ethernet-stmmac-disable-hardware-multicast-filter.patch @@ -0,0 +1,39 @@ +From df43dd526e6609769ae513a81443c7aa727c8ca3 Mon Sep 17 00:00:00 2001 +From: Jonathan McDowell +Date: Wed, 12 Aug 2020 20:37:23 +0100 +Subject: net: ethernet: stmmac: Disable hardware multicast filter + +From: Jonathan McDowell + +commit df43dd526e6609769ae513a81443c7aa727c8ca3 upstream. + +The IPQ806x does not appear to have a functional multicast ethernet +address filter. This was observed as a failure to correctly receive IPv6 +packets on a LAN to the all stations address. Checking the vendor driver +shows that it does not attempt to enable the multicast filter and +instead falls back to receiving all multicast packets, internally +setting ALLMULTI. + +Use the new fallback support in the dwmac1000 driver to correctly +achieve the same with the mainline IPQ806x driver. Confirmed to fix IPv6 +functionality on an RB3011 router. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan McDowell +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-ipq806x.c +@@ -350,6 +350,7 @@ static int ipq806x_gmac_probe(struct pla + plat_dat->has_gmac = true; + plat_dat->bsp_priv = gmac; + plat_dat->fix_mac_speed = ipq806x_gmac_fix_mac_speed; ++ plat_dat->multicast_filter_bins = 0; + + err = stmmac_dvr_probe(&pdev->dev, plat_dat, &stmmac_res); + if (err) diff --git a/queue-5.4/net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch b/queue-5.4/net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch new file mode 100644 index 00000000000..ef33ad5c0a8 --- /dev/null +++ b/queue-5.4/net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch @@ -0,0 +1,35 @@ +From 592d751c1e174df5ff219946908b005eb48934b3 Mon Sep 17 00:00:00 2001 +From: Jonathan McDowell +Date: Wed, 12 Aug 2020 20:37:01 +0100 +Subject: net: stmmac: dwmac1000: provide multicast filter fallback + +From: Jonathan McDowell + +commit 592d751c1e174df5ff219946908b005eb48934b3 upstream. + +If we don't have a hardware multicast filter available then instead of +silently failing to listen for the requested ethernet broadcast +addresses fall back to receiving all multicast packets, in a similar +fashion to other drivers with no multicast filter. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan McDowell +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c +@@ -166,6 +166,9 @@ static void dwmac1000_set_filter(struct + value = GMAC_FRAME_FILTER_PR | GMAC_FRAME_FILTER_PCF; + } else if (dev->flags & IFF_ALLMULTI) { + value = GMAC_FRAME_FILTER_PM; /* pass all multi */ ++ } else if (!netdev_mc_empty(dev) && (mcbitslog2 == 0)) { ++ /* Fall back to all multicast if we've no filter */ ++ value = GMAC_FRAME_FILTER_PM; + } else if (!netdev_mc_empty(dev)) { + struct netdev_hw_addr *ha; + diff --git a/queue-5.4/ocfs2-change-slot-number-type-s16-to-u16.patch b/queue-5.4/ocfs2-change-slot-number-type-s16-to-u16.patch new file mode 100644 index 00000000000..c9078a5dad3 --- /dev/null +++ b/queue-5.4/ocfs2-change-slot-number-type-s16-to-u16.patch @@ -0,0 +1,87 @@ +From 38d51b2dd171ad973afc1f5faab825ed05a2d5e9 Mon Sep 17 00:00:00 2001 +From: Junxiao Bi +Date: Thu, 6 Aug 2020 23:18:02 -0700 +Subject: ocfs2: change slot number type s16 to u16 + +From: Junxiao Bi + +commit 38d51b2dd171ad973afc1f5faab825ed05a2d5e9 upstream. + +Dan Carpenter reported the following static checker warning. + + fs/ocfs2/super.c:1269 ocfs2_parse_options() warn: '(-1)' 65535 can't fit into 32767 'mopt->slot' + fs/ocfs2/suballoc.c:859 ocfs2_init_inode_steal_slot() warn: '(-1)' 65535 can't fit into 32767 'osb->s_inode_steal_slot' + fs/ocfs2/suballoc.c:867 ocfs2_init_meta_steal_slot() warn: '(-1)' 65535 can't fit into 32767 'osb->s_meta_steal_slot' + +That's because OCFS2_INVALID_SLOT is (u16)-1. Slot number in ocfs2 can be +never negative, so change s16 to u16. + +Fixes: 9277f8334ffc ("ocfs2: fix value of OCFS2_INVALID_SLOT") +Reported-by: Dan Carpenter +Signed-off-by: Junxiao Bi +Signed-off-by: Andrew Morton +Reviewed-by: Joseph Qi +Reviewed-by: Gang He +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Jun Piao +Cc: +Link: http://lkml.kernel.org/r/20200627001259.19757-1-junxiao.bi@oracle.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ocfs2/ocfs2.h | 4 ++-- + fs/ocfs2/suballoc.c | 4 ++-- + fs/ocfs2/super.c | 4 ++-- + 3 files changed, 6 insertions(+), 6 deletions(-) + +--- a/fs/ocfs2/ocfs2.h ++++ b/fs/ocfs2/ocfs2.h +@@ -326,8 +326,8 @@ struct ocfs2_super + spinlock_t osb_lock; + u32 s_next_generation; + unsigned long osb_flags; +- s16 s_inode_steal_slot; +- s16 s_meta_steal_slot; ++ u16 s_inode_steal_slot; ++ u16 s_meta_steal_slot; + atomic_t s_num_inodes_stolen; + atomic_t s_num_meta_stolen; + +--- a/fs/ocfs2/suballoc.c ++++ b/fs/ocfs2/suballoc.c +@@ -879,9 +879,9 @@ static void __ocfs2_set_steal_slot(struc + { + spin_lock(&osb->osb_lock); + if (type == INODE_ALLOC_SYSTEM_INODE) +- osb->s_inode_steal_slot = slot; ++ osb->s_inode_steal_slot = (u16)slot; + else if (type == EXTENT_ALLOC_SYSTEM_INODE) +- osb->s_meta_steal_slot = slot; ++ osb->s_meta_steal_slot = (u16)slot; + spin_unlock(&osb->osb_lock); + } + +--- a/fs/ocfs2/super.c ++++ b/fs/ocfs2/super.c +@@ -78,7 +78,7 @@ struct mount_options + unsigned long commit_interval; + unsigned long mount_opt; + unsigned int atime_quantum; +- signed short slot; ++ unsigned short slot; + int localalloc_opt; + unsigned int resv_level; + int dir_resv_level; +@@ -1334,7 +1334,7 @@ static int ocfs2_parse_options(struct su + goto bail; + } + if (option) +- mopt->slot = (s16)option; ++ mopt->slot = (u16)option; + break; + case Opt_commit: + if (match_int(&args[0], &option)) { diff --git a/queue-5.4/pseries-fix-64-bit-logical-memory-block-panic.patch b/queue-5.4/pseries-fix-64-bit-logical-memory-block-panic.patch new file mode 100644 index 00000000000..fbe509d6cbf --- /dev/null +++ b/queue-5.4/pseries-fix-64-bit-logical-memory-block-panic.patch @@ -0,0 +1,37 @@ +From 89c140bbaeee7a55ed0360a88f294ead2b95201b Mon Sep 17 00:00:00 2001 +From: Anton Blanchard +Date: Wed, 15 Jul 2020 10:08:20 +1000 +Subject: pseries: Fix 64 bit logical memory block panic + +From: Anton Blanchard + +commit 89c140bbaeee7a55ed0360a88f294ead2b95201b upstream. + +Booting with a 4GB LMB size causes us to panic: + + qemu-system-ppc64: OS terminated: OS panic: + Memory block size not suitable: 0x0 + +Fix pseries_memory_block_size() to handle 64 bit LMBs. + +Cc: stable@vger.kernel.org +Signed-off-by: Anton Blanchard +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20200715000820.1255764-1-anton@ozlabs.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/platforms/pseries/hotplug-memory.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/powerpc/platforms/pseries/hotplug-memory.c ++++ b/arch/powerpc/platforms/pseries/hotplug-memory.c +@@ -27,7 +27,7 @@ static bool rtas_hp_event; + unsigned long pseries_memory_block_size(void) + { + struct device_node *np; +- unsigned int memblock_size = MIN_MEMORY_BLOCK_SIZE; ++ u64 memblock_size = MIN_MEMORY_BLOCK_SIZE; + struct resource r; + + np = of_find_node_by_path("/ibm,dynamic-reconfiguration-memory"); diff --git a/queue-5.4/series b/queue-5.4/series index b37ae117c1a..8347c09ecb2 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -38,4 +38,32 @@ powerpc-allow-4224-bytes-of-stack-expansion-for-the-signal-frame.patch powerpc-fix-circular-dependency-between-percpu.h-and-mmu.h.patch pinctrl-ingenic-enhance-support-for-irq_type_edge_both.patch media-vsp1-dl-fix-null-pointer-dereference-on-unbind.patch +net-ethernet-stmmac-disable-hardware-multicast-filter.patch +net-stmmac-dwmac1000-provide-multicast-filter-fallback.patch +net-compat-add-missing-sock-updates-for-scm_rights.patch +md-raid5-fix-force-reconstruct-write-io-stuck-in-degraded-raid5.patch +bcache-allocate-meta-data-pages-as-compound-pages.patch +bcache-fix-overflow-in-offset_to_stripe.patch +mac80211-fix-misplaced-while-instead-of-if.patch +appletalk-fix-atalk_proc_init-return-path.patch +driver-core-avoid-binding-drivers-to-dead-devices.patch +mips-cpu-0-is-not-hotpluggable.patch +mips-qi_lb60-fix-routing-to-audio-amplifier.patch +ext2-fix-missing-percpu_counter_inc.patch +khugepaged-collapse_pte_mapped_thp-flush-the-right-range.patch +khugepaged-collapse_pte_mapped_thp-protect-the-pmd-lock.patch +ocfs2-change-slot-number-type-s16-to-u16.patch +mm-page_counter.c-fix-protection-usage-propagation.patch +mm-memory_hotplug-fix-unpaired-mem_hotplug_begin-done.patch +ftrace-setup-correct-ftrace_fl_regs-flags-for-module.patch +kprobes-fix-null-pointer-dereference-at-kprobe_ftrace_handler.patch +tracing-hwlat-honor-the-tracing_cpumask.patch +tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch +tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch +watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch +watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch +watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch +ceph-set-sec_context-xattr-on-symlink-creation.patch +ceph-handle-zero-length-feature-mask-in-session-messages.patch +pseries-fix-64-bit-logical-memory-block-panic.patch iio-imu-st_lsm6dsx-reset-hw-ts-after-resume.patch diff --git a/queue-5.4/tracing-hwlat-honor-the-tracing_cpumask.patch b/queue-5.4/tracing-hwlat-honor-the-tracing_cpumask.patch new file mode 100644 index 00000000000..6ab2f9b6cf0 --- /dev/null +++ b/queue-5.4/tracing-hwlat-honor-the-tracing_cpumask.patch @@ -0,0 +1,54 @@ +From 96b4833b6827a62c295b149213c68b559514c929 Mon Sep 17 00:00:00 2001 +From: Kevin Hao +Date: Thu, 30 Jul 2020 16:23:18 +0800 +Subject: tracing/hwlat: Honor the tracing_cpumask + +From: Kevin Hao + +commit 96b4833b6827a62c295b149213c68b559514c929 upstream. + +In calculation of the cpu mask for the hwlat kernel thread, the wrong +cpu mask is used instead of the tracing_cpumask, this causes the +tracing/tracing_cpumask useless for hwlat tracer. Fixes it. + +Link: https://lkml.kernel.org/r/20200730082318.42584-2-haokexin@gmail.com + +Cc: Ingo Molnar +Cc: stable@vger.kernel.org +Fixes: 0330f7aa8ee6 ("tracing: Have hwlat trace migrate across tracing_cpumask CPUs") +Signed-off-by: Kevin Hao +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_hwlat.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/kernel/trace/trace_hwlat.c ++++ b/kernel/trace/trace_hwlat.c +@@ -270,6 +270,7 @@ static bool disable_migrate; + static void move_to_next_cpu(void) + { + struct cpumask *current_mask = &save_cpumask; ++ struct trace_array *tr = hwlat_trace; + int next_cpu; + + if (disable_migrate) +@@ -283,7 +284,7 @@ static void move_to_next_cpu(void) + goto disable; + + get_online_cpus(); +- cpumask_and(current_mask, cpu_online_mask, tracing_buffer_mask); ++ cpumask_and(current_mask, cpu_online_mask, tr->tracing_cpumask); + next_cpu = cpumask_next(smp_processor_id(), current_mask); + put_online_cpus(); + +@@ -360,7 +361,7 @@ static int start_kthread(struct trace_ar + /* Just pick the first CPU on first iteration */ + current_mask = &save_cpumask; + get_online_cpus(); +- cpumask_and(current_mask, cpu_online_mask, tracing_buffer_mask); ++ cpumask_and(current_mask, cpu_online_mask, tr->tracing_cpumask); + put_online_cpus(); + next_cpu = cpumask_first(current_mask); + diff --git a/queue-5.4/tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch b/queue-5.4/tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch new file mode 100644 index 00000000000..9221005a53a --- /dev/null +++ b/queue-5.4/tracing-move-pipe-reference-to-trace-array-instead-of-current_tracer.patch @@ -0,0 +1,106 @@ +From 7ef282e05132d56b6f6b71e3873f317664bea78b Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Mon, 29 Jun 2020 23:45:56 -0400 +Subject: tracing: Move pipe reference to trace array instead of current_tracer + +From: Steven Rostedt (VMware) + +commit 7ef282e05132d56b6f6b71e3873f317664bea78b upstream. + +If a process has the trace_pipe open on a trace_array, the current tracer +for that trace array should not be changed. This was original enforced by a +global lock, but when instances were introduced, it was moved to the +current_trace. But this structure is shared by all instances, and a +trace_pipe is for a single instance. There's no reason that a process that +has trace_pipe open on one instance should prevent another instance from +changing its current tracer. Move the reference counter to the trace_array +instead. + +This is marked as "Fixes" but is more of a clean up than a true fix. +Backport if you want, but its not critical. + +Fixes: cf6ab6d9143b1 ("tracing: Add ref count to tracer for when they are being read by pipe") +Signed-off-by: Steven Rostedt (VMware) +[Resolved conflict in __remove_instance()] +Signed-off-by: dann frazier +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace.c | 12 ++++++------ + kernel/trace/trace.h | 2 +- + 2 files changed, 7 insertions(+), 7 deletions(-) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5686,7 +5686,7 @@ static int tracing_set_tracer(struct tra + } + + /* If trace pipe files are being read, we can't change the tracer */ +- if (tr->current_trace->ref) { ++ if (tr->trace_ref) { + ret = -EBUSY; + goto out; + } +@@ -5902,7 +5902,7 @@ static int tracing_open_pipe(struct inod + + nonseekable_open(inode, filp); + +- tr->current_trace->ref++; ++ tr->trace_ref++; + out: + mutex_unlock(&trace_types_lock); + return ret; +@@ -5921,7 +5921,7 @@ static int tracing_release_pipe(struct i + + mutex_lock(&trace_types_lock); + +- tr->current_trace->ref--; ++ tr->trace_ref--; + + if (iter->trace->pipe_close) + iter->trace->pipe_close(iter); +@@ -7230,7 +7230,7 @@ static int tracing_buffers_open(struct i + + filp->private_data = info; + +- tr->current_trace->ref++; ++ tr->trace_ref++; + + mutex_unlock(&trace_types_lock); + +@@ -7331,7 +7331,7 @@ static int tracing_buffers_release(struc + + mutex_lock(&trace_types_lock); + +- iter->tr->current_trace->ref--; ++ iter->tr->trace_ref--; + + __trace_array_put(iter->tr); + +@@ -8470,7 +8470,7 @@ static int __remove_instance(struct trac + { + int i; + +- if (tr->ref || (tr->current_trace && tr->current_trace->ref)) ++ if (tr->ref || (tr->current_trace && tr->trace_ref)) + return -EBUSY; + + list_del(&tr->list); +--- a/kernel/trace/trace.h ++++ b/kernel/trace/trace.h +@@ -309,6 +309,7 @@ struct trace_array { + struct trace_event_file *trace_marker_file; + cpumask_var_t tracing_cpumask; /* only trace on set CPUs */ + int ref; ++ int trace_ref; + #ifdef CONFIG_FUNCTION_TRACER + struct ftrace_ops *ops; + struct trace_pid_list __rcu *function_pids; +@@ -498,7 +499,6 @@ struct tracer { + struct tracer *next; + struct tracer_flags *flags; + int enabled; +- int ref; + bool print_max; + bool allow_instances; + #ifdef CONFIG_TRACER_MAX_TRACE diff --git a/queue-5.4/tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch b/queue-5.4/tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch new file mode 100644 index 00000000000..d32eb86dca5 --- /dev/null +++ b/queue-5.4/tracing-use-trace_sched_process_free-instead-of-exit-for-pid-tracing.patch @@ -0,0 +1,72 @@ +From afcab636657421f7ebfa0783a91f90256bba0091 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (VMware)" +Date: Tue, 4 Aug 2020 20:00:02 -0400 +Subject: tracing: Use trace_sched_process_free() instead of exit() for pid tracing + +From: Steven Rostedt (VMware) + +commit afcab636657421f7ebfa0783a91f90256bba0091 upstream. + +On exit, if a process is preempted after the trace_sched_process_exit() +tracepoint but before the process is done exiting, then when it gets +scheduled in, the function tracers will not filter it properly against the +function tracing pid filters. + +That is because the function tracing pid filters hooks to the +sched_process_exit() tracepoint to remove the exiting task's pid from the +filter list. Because the filtering happens at the sched_switch tracepoint, +when the exiting task schedules back in to finish up the exit, it will no +longer be in the function pid filtering tables. + +This was noticeable in the notrace self tests on a preemptable kernel, as +the tests would fail as it exits and preempted after being taken off the +notrace filter table and on scheduling back in it would not be in the +notrace list, and then the ending of the exit function would trace. The test +detected this and would fail. + +Cc: stable@vger.kernel.org +Cc: Namhyung Kim +Fixes: 1e10486ffee0a ("ftrace: Add 'function-fork' trace option") +Fixes: c37775d57830a ("tracing: Add infrastructure to allow set_event_pid to follow children" +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/ftrace.c | 4 ++-- + kernel/trace/trace_events.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -6462,12 +6462,12 @@ void ftrace_pid_follow_fork(struct trace + if (enable) { + register_trace_sched_process_fork(ftrace_pid_follow_sched_process_fork, + tr); +- register_trace_sched_process_exit(ftrace_pid_follow_sched_process_exit, ++ register_trace_sched_process_free(ftrace_pid_follow_sched_process_exit, + tr); + } else { + unregister_trace_sched_process_fork(ftrace_pid_follow_sched_process_fork, + tr); +- unregister_trace_sched_process_exit(ftrace_pid_follow_sched_process_exit, ++ unregister_trace_sched_process_free(ftrace_pid_follow_sched_process_exit, + tr); + } + } +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -527,12 +527,12 @@ void trace_event_follow_fork(struct trac + if (enable) { + register_trace_prio_sched_process_fork(event_filter_pid_sched_process_fork, + tr, INT_MIN); +- register_trace_prio_sched_process_exit(event_filter_pid_sched_process_exit, ++ register_trace_prio_sched_process_free(event_filter_pid_sched_process_exit, + tr, INT_MAX); + } else { + unregister_trace_sched_process_fork(event_filter_pid_sched_process_fork, + tr); +- unregister_trace_sched_process_exit(event_filter_pid_sched_process_exit, ++ unregister_trace_sched_process_free(event_filter_pid_sched_process_exit, + tr); + } + } diff --git a/queue-5.4/watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch b/queue-5.4/watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch new file mode 100644 index 00000000000..e2bffdec29f --- /dev/null +++ b/queue-5.4/watchdog-f71808e_wdt-clear-watchdog-timeout-occurred-flag.patch @@ -0,0 +1,51 @@ +From 4f39d575844148fbf3081571a1f3b4ae04150958 Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Thu, 11 Jun 2020 21:17:45 +0200 +Subject: watchdog: f71808e_wdt: clear watchdog timeout occurred flag + +From: Ahmad Fatoum + +commit 4f39d575844148fbf3081571a1f3b4ae04150958 upstream. + +The flag indicating a watchdog timeout having occurred normally persists +till Power-On Reset of the Fintek Super I/O chip. The user can clear it +by writing a `1' to the bit. + +The driver doesn't offer a restart method, so regular system reboot +might not reset the Super I/O and if the watchdog isn't enabled, we +won't touch the register containing the bit on the next boot. +In this case all subsequent regular reboots will be wrongly flagged +by the driver as being caused by the watchdog. + +Fix this by having the flag cleared after read. This is also done by +other drivers like those for the i6300esb and mpc8xxx_wdt. + +Fixes: b97cb21a4634 ("watchdog: f71808e_wdt: Fix WDTMOUT_STS register read") +Cc: stable@vger.kernel.org +Signed-off-by: Ahmad Fatoum +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/20200611191750.28096-5-a.fatoum@pengutronix.de +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/watchdog/f71808e_wdt.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/watchdog/f71808e_wdt.c ++++ b/drivers/watchdog/f71808e_wdt.c +@@ -705,6 +705,13 @@ static int __init watchdog_init(int sioa + wdt_conf = superio_inb(sioaddr, F71808FG_REG_WDT_CONF); + watchdog.caused_reboot = wdt_conf & BIT(F71808FG_FLAG_WDTMOUT_STS); + ++ /* ++ * We don't want WDTMOUT_STS to stick around till regular reboot. ++ * Write 1 to the bit to clear it to zero. ++ */ ++ superio_outb(sioaddr, F71808FG_REG_WDT_CONF, ++ wdt_conf | BIT(F71808FG_FLAG_WDTMOUT_STS)); ++ + superio_exit(sioaddr); + + err = watchdog_set_timeout(timeout); diff --git a/queue-5.4/watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch b/queue-5.4/watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch new file mode 100644 index 00000000000..6f27d26ab78 --- /dev/null +++ b/queue-5.4/watchdog-f71808e_wdt-indicate-wdiof_cardreset-support-in-watchdog_info.options.patch @@ -0,0 +1,38 @@ +From e871e93fb08a619dfc015974a05768ed6880fd82 Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Thu, 11 Jun 2020 21:17:43 +0200 +Subject: watchdog: f71808e_wdt: indicate WDIOF_CARDRESET support in watchdog_info.options + +From: Ahmad Fatoum + +commit e871e93fb08a619dfc015974a05768ed6880fd82 upstream. + +The driver supports populating bootstatus with WDIOF_CARDRESET, but so +far userspace couldn't portably determine whether absence of this flag +meant no watchdog reset or no driver support. Or-in the bit to fix this. + +Fixes: b97cb21a4634 ("watchdog: f71808e_wdt: Fix WDTMOUT_STS register read") +Cc: stable@vger.kernel.org +Signed-off-by: Ahmad Fatoum +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/20200611191750.28096-3-a.fatoum@pengutronix.de +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/watchdog/f71808e_wdt.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/watchdog/f71808e_wdt.c ++++ b/drivers/watchdog/f71808e_wdt.c +@@ -691,7 +691,8 @@ static int __init watchdog_init(int sioa + watchdog.sioaddr = sioaddr; + watchdog.ident.options = WDIOC_SETTIMEOUT + | WDIOF_MAGICCLOSE +- | WDIOF_KEEPALIVEPING; ++ | WDIOF_KEEPALIVEPING ++ | WDIOF_CARDRESET; + + snprintf(watchdog.ident.identity, + sizeof(watchdog.ident.identity), "%s watchdog", diff --git a/queue-5.4/watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch b/queue-5.4/watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch new file mode 100644 index 00000000000..2ac89e18478 --- /dev/null +++ b/queue-5.4/watchdog-f71808e_wdt-remove-use-of-wrong-watchdog_info-option.patch @@ -0,0 +1,48 @@ +From 802141462d844f2e6a4d63a12260d79b7afc4c34 Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Thu, 11 Jun 2020 21:17:44 +0200 +Subject: watchdog: f71808e_wdt: remove use of wrong watchdog_info option + +From: Ahmad Fatoum + +commit 802141462d844f2e6a4d63a12260d79b7afc4c34 upstream. + +The flags that should be or-ed into the watchdog_info.options by drivers +all start with WDIOF_, e.g. WDIOF_SETTIMEOUT, which indicates that the +driver's watchdog_ops has a usable set_timeout. + +WDIOC_SETTIMEOUT was used instead, which expands to 0xc0045706, which +equals: + + WDIOF_FANFAULT | WDIOF_EXTERN1 | WDIOF_PRETIMEOUT | WDIOF_ALARMONLY | + WDIOF_MAGICCLOSE | 0xc0045000 + +These were so far indicated to userspace on WDIOC_GETSUPPORT. +As the driver has not yet been migrated to the new watchdog kernel API, +the constant can just be dropped without substitute. + +Fixes: 96cb4eb019ce ("watchdog: f71808e_wdt: new watchdog driver for Fintek F71808E and F71882FG") +Cc: stable@vger.kernel.org +Signed-off-by: Ahmad Fatoum +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/20200611191750.28096-4-a.fatoum@pengutronix.de +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/watchdog/f71808e_wdt.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/watchdog/f71808e_wdt.c ++++ b/drivers/watchdog/f71808e_wdt.c +@@ -689,8 +689,7 @@ static int __init watchdog_init(int sioa + * into the module have been registered yet. + */ + watchdog.sioaddr = sioaddr; +- watchdog.ident.options = WDIOC_SETTIMEOUT +- | WDIOF_MAGICCLOSE ++ watchdog.ident.options = WDIOF_MAGICCLOSE + | WDIOF_KEEPALIVEPING + | WDIOF_CARDRESET; + -- 2.47.3