From d8732bd622908895998eda37e510eef5337a49d5 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 9 Feb 2020 18:21:16 +0100 Subject: [PATCH] 5.4-stable patches added patches: ib-core-fix-odp-get-user-pages-flow.patch ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch nfsd-fix-delay-timer-on-32-bit-architectures.patch nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch --- .../ib-core-fix-odp-get-user-pages-flow.patch | 37 +++++++++++++ ...fix-outstanding_pi-index-for-gsi-qps.patch | 40 ++++++++++++++ ...-delay-timer-on-32-bit-architectures.patch | 40 ++++++++++++++ ...fix-jiffies-time_t-mixup-in-lru-list.patch | 53 +++++++++++++++++++ ...l-pointer-derefering-in-copy-offload.patch | 34 ++++++++++++ ...-number-of-bytes-written-to-the-file.patch | 31 +++++++++++ queue-5.4/series | 6 +++ 7 files changed, 241 insertions(+) create mode 100644 queue-5.4/ib-core-fix-odp-get-user-pages-flow.patch create mode 100644 queue-5.4/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch create mode 100644 queue-5.4/nfsd-fix-delay-timer-on-32-bit-architectures.patch create mode 100644 queue-5.4/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch create mode 100644 queue-5.4/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch create mode 100644 queue-5.4/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch diff --git a/queue-5.4/ib-core-fix-odp-get-user-pages-flow.patch b/queue-5.4/ib-core-fix-odp-get-user-pages-flow.patch new file mode 100644 index 00000000000..55e35c843bb --- /dev/null +++ b/queue-5.4/ib-core-fix-odp-get-user-pages-flow.patch @@ -0,0 +1,37 @@ +From d07de8bd1709a80a282963ad7b2535148678a9e4 Mon Sep 17 00:00:00 2001 +From: Yishai Hadas +Date: Sun, 22 Dec 2019 14:46:48 +0200 +Subject: IB/core: Fix ODP get user pages flow + +From: Yishai Hadas + +commit d07de8bd1709a80a282963ad7b2535148678a9e4 upstream. + +The nr_pages argument of get_user_pages_remote() should always be in terms +of the system page size, not the MR page size. Use PAGE_SIZE instead of +umem_odp->page_shift. + +Fixes: 403cd12e2cf7 ("IB/umem: Add contiguous ODP support") +Link: https://lore.kernel.org/r/20191222124649.52300-3-leon@kernel.org +Signed-off-by: Yishai Hadas +Reviewed-by: Artemy Kovalyov +Reviewed-by: Jason Gunthorpe +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/core/umem_odp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/infiniband/core/umem_odp.c ++++ b/drivers/infiniband/core/umem_odp.c +@@ -632,7 +632,7 @@ int ib_umem_odp_map_dma_pages(struct ib_ + + while (bcnt > 0) { + const size_t gup_num_pages = min_t(size_t, +- (bcnt + BIT(page_shift) - 1) >> page_shift, ++ ALIGN(bcnt, PAGE_SIZE) / PAGE_SIZE, + PAGE_SIZE / sizeof(struct page *)); + + down_read(&owning_mm->mmap_sem); diff --git a/queue-5.4/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch b/queue-5.4/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch new file mode 100644 index 00000000000..f4ef1bd4b98 --- /dev/null +++ b/queue-5.4/ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch @@ -0,0 +1,40 @@ +From b5671afe5e39ed71e94eae788bacdcceec69db09 Mon Sep 17 00:00:00 2001 +From: Prabhath Sajeepa +Date: Thu, 12 Dec 2019 17:11:29 -0700 +Subject: IB/mlx5: Fix outstanding_pi index for GSI qps + +From: Prabhath Sajeepa + +commit b5671afe5e39ed71e94eae788bacdcceec69db09 upstream. + +Commit b0ffeb537f3a ("IB/mlx5: Fix iteration overrun in GSI qps") changed +the way outstanding WRs are tracked for the GSI QP. But the fix did not +cover the case when a call to ib_post_send() fails and updates index to +track outstanding. + +Since the prior commmit outstanding_pi should not be bounded otherwise the +loop generate_completions() will fail. + +Fixes: b0ffeb537f3a ("IB/mlx5: Fix iteration overrun in GSI qps") +Link: https://lore.kernel.org/r/1576195889-23527-1-git-send-email-psajeepa@purestorage.com +Signed-off-by: Prabhath Sajeepa +Acked-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/mlx5/gsi.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/mlx5/gsi.c ++++ b/drivers/infiniband/hw/mlx5/gsi.c +@@ -507,8 +507,7 @@ int mlx5_ib_gsi_post_send(struct ib_qp * + ret = ib_post_send(tx_qp, &cur_wr.wr, bad_wr); + if (ret) { + /* Undo the effect of adding the outstanding wr */ +- gsi->outstanding_pi = (gsi->outstanding_pi - 1) % +- gsi->cap.max_send_wr; ++ gsi->outstanding_pi--; + goto err; + } + spin_unlock_irqrestore(&gsi->lock, flags); diff --git a/queue-5.4/nfsd-fix-delay-timer-on-32-bit-architectures.patch b/queue-5.4/nfsd-fix-delay-timer-on-32-bit-architectures.patch new file mode 100644 index 00000000000..c45e2d1df13 --- /dev/null +++ b/queue-5.4/nfsd-fix-delay-timer-on-32-bit-architectures.patch @@ -0,0 +1,40 @@ +From 2561c92b12f4f4e386d453556685f75775c0938b Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Sun, 3 Nov 2019 22:32:20 +0100 +Subject: nfsd: fix delay timer on 32-bit architectures + +From: Arnd Bergmann + +commit 2561c92b12f4f4e386d453556685f75775c0938b upstream. + +The nfsd4_cb_layout_done() function takes a 'time_t' value, +multiplied by NSEC_PER_SEC*2 to get a nanosecond value. + +This works fine on 64-bit architectures, but on 32-bit, any +value over 1 second results in a signed integer overflow +with unexpected results. + +Cast one input to a 64-bit type in order to produce the +same result that we have on 64-bit architectures, regarless +of the type of nfsd4_lease. + +Fixes: 6b9b21073d3b ("nfsd: give up on CB_LAYOUTRECALLs after two lease periods") +Signed-off-by: Arnd Bergmann +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4layouts.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4layouts.c ++++ b/fs/nfsd/nfs4layouts.c +@@ -675,7 +675,7 @@ nfsd4_cb_layout_done(struct nfsd4_callba + + /* Client gets 2 lease periods to return it */ + cutoff = ktime_add_ns(task->tk_start, +- nn->nfsd4_lease * NSEC_PER_SEC * 2); ++ (u64)nn->nfsd4_lease * NSEC_PER_SEC * 2); + + if (ktime_before(now, cutoff)) { + rpc_delay(task, HZ/100); /* 10 mili-seconds */ diff --git a/queue-5.4/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch b/queue-5.4/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch new file mode 100644 index 00000000000..a9f9fe073f2 --- /dev/null +++ b/queue-5.4/nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch @@ -0,0 +1,53 @@ +From 9594497f2c78993cb66b696122f7c65528ace985 Mon Sep 17 00:00:00 2001 +From: Arnd Bergmann +Date: Mon, 4 Nov 2019 14:43:17 +0100 +Subject: nfsd: fix jiffies/time_t mixup in LRU list + +From: Arnd Bergmann + +commit 9594497f2c78993cb66b696122f7c65528ace985 upstream. + +The nfsd4_blocked_lock->nbl_time timestamp is recorded in jiffies, +but then compared to a CLOCK_REALTIME timestamp later on, which makes +no sense. + +For consistency with the other timestamps, change this to use a time_t. + +This is a change in behavior, which may cause regressions, but the +current code is not sensible. On a system with CONFIG_HZ=1000, +the 'time_after((unsigned long)nbl->nbl_time, (unsigned long)cutoff))' +check is false for roughly the first 18 days of uptime and then true +for the next 49 days. + +Fixes: 7919d0a27f1e ("nfsd: add a LRU list for blocked locks") +Signed-off-by: Arnd Bergmann +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4state.c | 2 +- + fs/nfsd/state.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -6550,7 +6550,7 @@ nfsd4_lock(struct svc_rqst *rqstp, struc + } + + if (fl_flags & FL_SLEEP) { +- nbl->nbl_time = jiffies; ++ nbl->nbl_time = get_seconds(); + spin_lock(&nn->blocked_locks_lock); + list_add_tail(&nbl->nbl_list, &lock_sop->lo_blocked); + list_add_tail(&nbl->nbl_lru, &nn->blocked_locks_lru); +--- a/fs/nfsd/state.h ++++ b/fs/nfsd/state.h +@@ -605,7 +605,7 @@ static inline bool nfsd4_stateid_generat + struct nfsd4_blocked_lock { + struct list_head nbl_list; + struct list_head nbl_lru; +- unsigned long nbl_time; ++ time_t nbl_time; + struct file_lock nbl_lock; + struct knfsd_fh nbl_fh; + struct nfsd4_callback nbl_cb; diff --git a/queue-5.4/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch b/queue-5.4/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch new file mode 100644 index 00000000000..21d80011bbf --- /dev/null +++ b/queue-5.4/nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch @@ -0,0 +1,34 @@ +From 2e577f0faca4640348c398cb85d60a1eedac4b1e Mon Sep 17 00:00:00 2001 +From: Olga Kornievskaia +Date: Wed, 4 Dec 2019 15:13:54 -0500 +Subject: NFSD fixing possible null pointer derefering in copy offload + +From: Olga Kornievskaia + +commit 2e577f0faca4640348c398cb85d60a1eedac4b1e upstream. + +Static checker revealed possible error path leading to possible +NULL pointer dereferencing. + +Reported-by: Dan Carpenter +Fixes: e0639dc5805a: ("NFSD introduce async copy feature") +Signed-off-by: Olga Kornievskaia +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/nfs4proc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1223,7 +1223,8 @@ static void cleanup_async_copy(struct nf + { + nfs4_free_cp_state(copy); + nfsd_file_put(copy->nf_dst); +- nfsd_file_put(copy->nf_src); ++ if (copy->cp_intra) ++ nfsd_file_put(copy->nf_src); + spin_lock(©->cp_clp->async_lock); + list_del(©->copies); + spin_unlock(©->cp_clp->async_lock); diff --git a/queue-5.4/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch b/queue-5.4/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch new file mode 100644 index 00000000000..c7e328f3bd2 --- /dev/null +++ b/queue-5.4/nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch @@ -0,0 +1,31 @@ +From 09a80f2aef06b7c86143f5c14efd3485e0d2c139 Mon Sep 17 00:00:00 2001 +From: Trond Myklebust +Date: Tue, 17 Dec 2019 12:33:33 -0500 +Subject: nfsd: Return the correct number of bytes written to the file + +From: Trond Myklebust + +commit 09a80f2aef06b7c86143f5c14efd3485e0d2c139 upstream. + +We must allow for the fact that iov_iter_write() could have returned +a short write (e.g. if there was an ENOSPC issue). + +Fixes: d890be159a71 "nfsd: Add I/O trace points in the NFSv4 write path" +Signed-off-by: Trond Myklebust +Signed-off-by: J. Bruce Fields +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nfsd/vfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -975,6 +975,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, s + host_err = vfs_iter_write(file, &iter, &pos, flags); + if (host_err < 0) + goto out_nfserr; ++ *cnt = host_err; + nfsdstats.io_write += *cnt; + fsnotify_modify(file); + diff --git a/queue-5.4/series b/queue-5.4/series index 09a750576e4..894ce1cd22b 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -248,3 +248,9 @@ nfc-pn544-adjust-indentation-in-pn544_hci_check_presence.patch ppp-adjust-indentation-into-ppp_async_input.patch net-smc911x-adjust-indentation-in-smc911x_phy_configure.patch net-tulip-adjust-indentation-in-dmfe-uli526x-_init_module.patch +ib-mlx5-fix-outstanding_pi-index-for-gsi-qps.patch +ib-core-fix-odp-get-user-pages-flow.patch +nfsd-fix-delay-timer-on-32-bit-architectures.patch +nfsd-fix-jiffies-time_t-mixup-in-lru-list.patch +nfsd-fixing-possible-null-pointer-derefering-in-copy-offload.patch +nfsd-return-the-correct-number-of-bytes-written-to-the-file.patch -- 2.47.3