--- /dev/null
+From df41872b68601059dd4a84858952dcae58acd331 Mon Sep 17 00:00:00 2001
+From: Jack Qiu <jack.qiu@huawei.com>
+Date: Fri, 9 Apr 2021 13:27:35 -0700
+Subject: fs: direct-io: fix missing sdio->boundary
+
+From: Jack Qiu <jack.qiu@huawei.com>
+
+commit df41872b68601059dd4a84858952dcae58acd331 upstream.
+
+I encountered a hung task issue, but not a performance one. I run DIO
+on a device (need lba continuous, for example open channel ssd), maybe
+hungtask in below case:
+
+ DIO: Checkpoint:
+ get addr A(at boundary), merge into BIO,
+ no submit because boundary missing
+ flush dirty data(get addr A+1), wait IO(A+1)
+ writeback timeout, because DIO(A) didn't submit
+ get addr A+2 fail, because checkpoint is doing
+
+dio_send_cur_page() may clear sdio->boundary, so prevent it from missing
+a boundary.
+
+Link: https://lkml.kernel.org/r/20210322042253.38312-1-jack.qiu@huawei.com
+Fixes: b1058b981272 ("direct-io: submit bio after boundary buffer is added to it")
+Signed-off-by: Jack Qiu <jack.qiu@huawei.com>
+Reviewed-by: Jan Kara <jack@suse.cz>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/direct-io.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -793,6 +793,7 @@ submit_page_section(struct dio *dio, str
+ struct buffer_head *map_bh)
+ {
+ int ret = 0;
++ int boundary = sdio->boundary; /* dio_send_cur_page may clear it */
+
+ if (dio->op == REQ_OP_WRITE) {
+ /*
+@@ -831,10 +832,10 @@ submit_page_section(struct dio *dio, str
+ sdio->cur_page_fs_offset = sdio->block_in_file << sdio->blkbits;
+ out:
+ /*
+- * If sdio->boundary then we want to schedule the IO now to
++ * If boundary then we want to schedule the IO now to
+ * avoid metadata seeks.
+ */
+- if (sdio->boundary) {
++ if (boundary) {
+ ret = dio_send_cur_page(dio, sdio, map_bh);
+ if (sdio->bio)
+ dio_bio_submit(dio, sdio);
--- /dev/null
+From 7ad1e366167837daeb93d0bacb57dee820b0b898 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Fri, 9 Apr 2021 13:27:32 -0700
+Subject: ia64: fix user_stack_pointer() for ptrace()
+
+From: Sergei Trofimovich <slyfox@gentoo.org>
+
+commit 7ad1e366167837daeb93d0bacb57dee820b0b898 upstream.
+
+ia64 has two stacks:
+
+ - memory stack (or stack), pointed at by by r12
+
+ - register backing store (register stack), pointed at by
+ ar.bsp/ar.bspstore with complications around dirty
+ register frame on CPU.
+
+In [1] Dmitry noticed that PTRACE_GET_SYSCALL_INFO returns the register
+stack instead memory stack.
+
+The bug comes from the fact that user_stack_pointer() and
+current_user_stack_pointer() don't return the same register:
+
+ ulong user_stack_pointer(struct pt_regs *regs) { return regs->ar_bspstore; }
+ #define current_user_stack_pointer() (current_pt_regs()->r12)
+
+The change gets both back in sync.
+
+I think ptrace(PTRACE_GET_SYSCALL_INFO) is the only affected user by
+this bug on ia64.
+
+The change fixes 'rt_sigreturn.gen.test' strace test where it was
+observed initially.
+
+Link: https://bugs.gentoo.org/769614 [1]
+Link: https://lkml.kernel.org/r/20210331084447.2561532-1-slyfox@gentoo.org
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Reported-by: Dmitry V. Levin <ldv@altlinux.org>
+Cc: Oleg Nesterov <oleg@redhat.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/ia64/include/asm/ptrace.h | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+--- a/arch/ia64/include/asm/ptrace.h
++++ b/arch/ia64/include/asm/ptrace.h
+@@ -53,8 +53,7 @@
+
+ static inline unsigned long user_stack_pointer(struct pt_regs *regs)
+ {
+- /* FIXME: should this be bspstore + nr_dirty regs? */
+- return regs->ar_bspstore;
++ return regs->r12;
+ }
+
+ static inline int is_syscall_success(struct pt_regs *regs)
+@@ -78,11 +77,6 @@ static inline long regs_return_value(str
+ unsigned long __ip = instruction_pointer(regs); \
+ (__ip & ~3UL) + ((__ip & 3UL) << 2); \
+ })
+-/*
+- * Why not default? Because user_stack_pointer() on ia64 gives register
+- * stack backing store instead...
+- */
+-#define current_user_stack_pointer() (current_pt_regs()->r12)
+
+ /* given a pointer to a task_struct, return the user's pt_regs */
+ # define task_pt_regs(t) (((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1)
--- /dev/null
+From 864db232dc7036aa2de19749c3d5be0143b24f8f Mon Sep 17 00:00:00 2001
+From: Muhammad Usama Anjum <musamaanjum@gmail.com>
+Date: Fri, 9 Apr 2021 03:01:29 +0500
+Subject: net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh
+
+From: Muhammad Usama Anjum <musamaanjum@gmail.com>
+
+commit 864db232dc7036aa2de19749c3d5be0143b24f8f upstream.
+
+nlh is being checked for validtity two times when it is dereferenced in
+this function. Check for validity again when updating the flags through
+nlh pointer to make the dereferencing safe.
+
+CC: <stable@vger.kernel.org>
+Addresses-Coverity: ("NULL pointer dereference")
+Signed-off-by: Muhammad Usama Anjum <musamaanjum@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/route.c | 8 +++++---
+ 1 file changed, 5 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/route.c
++++ b/net/ipv6/route.c
+@@ -3069,9 +3069,11 @@ static int ip6_route_multipath_add(struc
+ * nexthops have been replaced by first new, the rest should
+ * be added to it.
+ */
+- cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
+- NLM_F_REPLACE);
+- cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
++ if (cfg->fc_nlinfo.nlh) {
++ cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL |
++ NLM_F_REPLACE);
++ cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE;
++ }
+ nhn++;
+ }
+
--- /dev/null
+From 90bd070aae6c4fb5d302f9c4b9c88be60c8197ec Mon Sep 17 00:00:00 2001
+From: Wengang Wang <wen.gang.wang@oracle.com>
+Date: Fri, 9 Apr 2021 13:27:29 -0700
+Subject: ocfs2: fix deadlock between setattr and dio_end_io_write
+
+From: Wengang Wang <wen.gang.wang@oracle.com>
+
+commit 90bd070aae6c4fb5d302f9c4b9c88be60c8197ec upstream.
+
+The following deadlock is detected:
+
+ truncate -> setattr path is waiting for pending direct IO to be done (inode->i_dio_count become zero) with inode->i_rwsem held (down_write).
+
+ PID: 14827 TASK: ffff881686a9af80 CPU: 20 COMMAND: "ora_p005_hrltd9"
+ #0 __schedule at ffffffff818667cc
+ #1 schedule at ffffffff81866de6
+ #2 inode_dio_wait at ffffffff812a2d04
+ #3 ocfs2_setattr at ffffffffc05f322e [ocfs2]
+ #4 notify_change at ffffffff812a5a09
+ #5 do_truncate at ffffffff812808f5
+ #6 do_sys_ftruncate.constprop.18 at ffffffff81280cf2
+ #7 sys_ftruncate at ffffffff81280d8e
+ #8 do_syscall_64 at ffffffff81003949
+ #9 entry_SYSCALL_64_after_hwframe at ffffffff81a001ad
+
+dio completion path is going to complete one direct IO (decrement
+inode->i_dio_count), but before that it hung at locking inode->i_rwsem:
+
+ #0 __schedule+700 at ffffffff818667cc
+ #1 schedule+54 at ffffffff81866de6
+ #2 rwsem_down_write_failed+536 at ffffffff8186aa28
+ #3 call_rwsem_down_write_failed+23 at ffffffff8185a1b7
+ #4 down_write+45 at ffffffff81869c9d
+ #5 ocfs2_dio_end_io_write+180 at ffffffffc05d5444 [ocfs2]
+ #6 ocfs2_dio_end_io+85 at ffffffffc05d5a85 [ocfs2]
+ #7 dio_complete+140 at ffffffff812c873c
+ #8 dio_aio_complete_work+25 at ffffffff812c89f9
+ #9 process_one_work+361 at ffffffff810b1889
+ #10 worker_thread+77 at ffffffff810b233d
+ #11 kthread+261 at ffffffff810b7fd5
+ #12 ret_from_fork+62 at ffffffff81a0035e
+
+Thus above forms ABBA deadlock. The same deadlock was mentioned in
+upstream commit 28f5a8a7c033 ("ocfs2: should wait dio before inode lock
+in ocfs2_setattr()"). It seems that that commit only removed the
+cluster lock (the victim of above dead lock) from the ABBA deadlock
+party.
+
+End-user visible effects: Process hang in truncate -> ocfs2_setattr path
+and other processes hang at ocfs2_dio_end_io_write path.
+
+This is to fix the deadlock itself. It removes inode_lock() call from
+dio completion path to remove the deadlock and add ip_alloc_sem lock in
+setattr path to synchronize the inode modifications.
+
+[wen.gang.wang@oracle.com: remove the "had_alloc_lock" as suggested]
+ Link: https://lkml.kernel.org/r/20210402171344.1605-1-wen.gang.wang@oracle.com
+
+Link: https://lkml.kernel.org/r/20210331203654.3911-1-wen.gang.wang@oracle.com
+Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
+Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
+Cc: Mark Fasheh <mark@fasheh.com>
+Cc: Joel Becker <jlbec@evilplan.org>
+Cc: Junxiao Bi <junxiao.bi@oracle.com>
+Cc: Changwei Ge <gechangwei@live.cn>
+Cc: Gang He <ghe@suse.com>
+Cc: Jun Piao <piaojun@huawei.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ocfs2/aops.c | 11 +----------
+ fs/ocfs2/file.c | 8 ++++++--
+ 2 files changed, 7 insertions(+), 12 deletions(-)
+
+--- a/fs/ocfs2/aops.c
++++ b/fs/ocfs2/aops.c
+@@ -2301,7 +2301,7 @@ static void ocfs2_dio_end_io_write(struc
+ struct ocfs2_alloc_context *meta_ac = NULL;
+ handle_t *handle = NULL;
+ loff_t end = offset + bytes;
+- int ret = 0, credits = 0, locked = 0;
++ int ret = 0, credits = 0;
+
+ ocfs2_init_dealloc_ctxt(&dealloc);
+
+@@ -2312,13 +2312,6 @@ static void ocfs2_dio_end_io_write(struc
+ !dwc->dw_orphaned)
+ goto out;
+
+- /* ocfs2_file_write_iter will get i_mutex, so we need not lock if we
+- * are in that context. */
+- if (dwc->dw_writer_pid != task_pid_nr(current)) {
+- inode_lock(inode);
+- locked = 1;
+- }
+-
+ ret = ocfs2_inode_lock(inode, &di_bh, 1);
+ if (ret < 0) {
+ mlog_errno(ret);
+@@ -2393,8 +2386,6 @@ out:
+ if (meta_ac)
+ ocfs2_free_alloc_context(meta_ac);
+ ocfs2_run_deallocs(osb, &dealloc);
+- if (locked)
+- inode_unlock(inode);
+ ocfs2_dio_free_write_ctx(inode, dwc);
+ }
+
+--- a/fs/ocfs2/file.c
++++ b/fs/ocfs2/file.c
+@@ -1236,22 +1236,24 @@ int ocfs2_setattr(struct dentry *dentry,
+ goto bail_unlock;
+ }
+ }
++ down_write(&OCFS2_I(inode)->ip_alloc_sem);
+ handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS +
+ 2 * ocfs2_quota_trans_credits(sb));
+ if (IS_ERR(handle)) {
+ status = PTR_ERR(handle);
+ mlog_errno(status);
+- goto bail_unlock;
++ goto bail_unlock_alloc;
+ }
+ status = __dquot_transfer(inode, transfer_to);
+ if (status < 0)
+ goto bail_commit;
+ } else {
++ down_write(&OCFS2_I(inode)->ip_alloc_sem);
+ handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS);
+ if (IS_ERR(handle)) {
+ status = PTR_ERR(handle);
+ mlog_errno(status);
+- goto bail_unlock;
++ goto bail_unlock_alloc;
+ }
+ }
+
+@@ -1264,6 +1266,8 @@ int ocfs2_setattr(struct dentry *dentry,
+
+ bail_commit:
+ ocfs2_commit_trans(osb, handle);
++bail_unlock_alloc:
++ up_write(&OCFS2_I(inode)->ip_alloc_sem);
+ bail_unlock:
+ if (status) {
+ ocfs2_inode_unlock(inode, 1);
--- /dev/null
+From 4d752e5af63753ab5140fc282929b98eaa4bd12e Mon Sep 17 00:00:00 2001
+From: Gao Xiang <hsiangkao@redhat.com>
+Date: Tue, 6 Apr 2021 12:59:29 +0800
+Subject: parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers
+
+From: Gao Xiang <hsiangkao@redhat.com>
+
+commit 4d752e5af63753ab5140fc282929b98eaa4bd12e upstream.
+
+commit b344d6a83d01 ("parisc: add support for cmpxchg on u8 pointers")
+can generate a sparse warning ("cast truncates bits from constant
+value"), which has been reported several times [1] [2] [3].
+
+The original code worked as expected, but anyway, let silence such
+sparse warning as what others did [4].
+
+[1] https://lore.kernel.org/r/202104061220.nRMBwCXw-lkp@intel.com
+[2] https://lore.kernel.org/r/202012291914.T5Agcn99-lkp@intel.com
+[3] https://lore.kernel.org/r/202008210829.KVwn7Xeh%25lkp@intel.com
+[4] https://lore.kernel.org/r/20210315131512.133720-2-jacopo+renesas@jmondi.org
+Cc: Liam Beguin <liambeguin@gmail.com>
+Cc: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org # v5.8+
+Signed-off-by: Gao Xiang <hsiangkao@redhat.com>
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/parisc/include/asm/cmpxchg.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/parisc/include/asm/cmpxchg.h
++++ b/arch/parisc/include/asm/cmpxchg.h
+@@ -71,7 +71,7 @@ __cmpxchg(volatile void *ptr, unsigned l
+ #endif
+ case 4: return __cmpxchg_u32((unsigned int *)ptr,
+ (unsigned int)old, (unsigned int)new_);
+- case 1: return __cmpxchg_u8((u8 *)ptr, (u8)old, (u8)new_);
++ case 1: return __cmpxchg_u8((u8 *)ptr, old & 0xff, new_ & 0xff);
+ }
+ __cmpxchg_called_with_bad_pointer();
+ return old;
--- /dev/null
+From 9054284e8846b0105aad43a4e7174ca29fffbc44 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Tue, 6 Apr 2021 11:32:52 +0200
+Subject: parisc: parisc-agp requires SBA IOMMU driver
+
+From: Helge Deller <deller@gmx.de>
+
+commit 9054284e8846b0105aad43a4e7174ca29fffbc44 upstream.
+
+Add a dependency to the SBA IOMMU driver to avoid:
+ERROR: modpost: "sba_list" [drivers/char/agp/parisc-agp.ko] undefined!
+
+Reported-by: kernel test robot <lkp@intel.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Helge Deller <deller@gmx.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/char/agp/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/char/agp/Kconfig
++++ b/drivers/char/agp/Kconfig
+@@ -124,7 +124,7 @@ config AGP_HP_ZX1
+
+ config AGP_PARISC
+ tristate "HP Quicksilver AGP support"
+- depends on AGP && PARISC && 64BIT
++ depends on AGP && PARISC && 64BIT && IOMMU_SBA
+ help
+ This option gives you AGP GART support for the HP Quicksilver
+ AGP bus adapter on HP PA-RISC machines (Ok, just on the C8000
nfc-fix-memory-leak-in-llcp_sock_connect.patch
nfc-avoid-endless-loops-caused-by-repeated-llcp_sock_connect.patch
xen-evtchn-change-irq_info-lock-to-raw_spinlock_t.patch
+net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch
+ia64-fix-user_stack_pointer-for-ptrace.patch
+ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch
+fs-direct-io-fix-missing-sdio-boundary.patch
+parisc-parisc-agp-requires-sba-iommu-driver.patch
+parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
