From: Greg Kroah-Hartman Date: Tue, 28 Mar 2023 12:03:44 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.15.105~34 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=04c225fb1b2147d4af1a83ffe6323d01a98e7399;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: dm-thin-fix-deadlock-when-swapping-to-thin-device.patch igb-revert-rtnl_lock-that-causes-deadlock.patch usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch --- diff --git a/queue-4.19/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch b/queue-4.19/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch new file mode 100644 index 00000000000..60bf34f8142 --- /dev/null +++ b/queue-4.19/dm-thin-fix-deadlock-when-swapping-to-thin-device.patch @@ -0,0 +1,70 @@ +From 9bbf5feecc7eab2c370496c1c161bbfe62084028 Mon Sep 17 00:00:00 2001 +From: Coly Li +Date: Mon, 27 Feb 2023 23:23:17 +0800 +Subject: dm thin: fix deadlock when swapping to thin device + +From: Coly Li + +commit 9bbf5feecc7eab2c370496c1c161bbfe62084028 upstream. + +This is an already known issue that dm-thin volume cannot be used as +swap, otherwise a deadlock may happen when dm-thin internal memory +demand triggers swap I/O on the dm-thin volume itself. + +But thanks to commit a666e5c05e7c ("dm: fix deadlock when swapping to +encrypted device"), the limit_swap_bios target flag can also be used +for dm-thin to avoid the recursive I/O when it is used as swap. + +Fix is to simply set ti->limit_swap_bios to true in both pool_ctr() +and thin_ctr(). + +In my test, I create a dm-thin volume /dev/vg/swap and use it as swap +device. Then I run fio on another dm-thin volume /dev/vg/main and use +large --blocksize to trigger swap I/O onto /dev/vg/swap. + +The following fio command line is used in my test, + fio --name recursive-swap-io --lockmem 1 --iodepth 128 \ + --ioengine libaio --filename /dev/vg/main --rw randrw \ + --blocksize 1M --numjobs 32 --time_based --runtime=12h + +Without this fix, the whole system can be locked up within 15 seconds. + +With this fix, there is no any deadlock or hung task observed after +2 hours of running fio. + +Furthermore, if blocksize is changed from 1M to 128M, after around 30 +seconds fio has no visible I/O, and the out-of-memory killer message +shows up in kernel message. After around 20 minutes all fio processes +are killed and the whole system is back to being alive. + +This is exactly what is expected when recursive I/O happens on dm-thin +volume when it is used as swap. + +Depends-on: a666e5c05e7c ("dm: fix deadlock when swapping to encrypted device") +Cc: stable@vger.kernel.org +Signed-off-by: Coly Li +Acked-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/dm-thin.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/md/dm-thin.c ++++ b/drivers/md/dm-thin.c +@@ -3365,6 +3365,7 @@ static int pool_ctr(struct dm_target *ti + pt->low_water_blocks = low_water_blocks; + pt->adjusted_pf = pt->requested_pf = pf; + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + + /* + * Only need to enable discards if the pool should pass +@@ -4245,6 +4246,7 @@ static int thin_ctr(struct dm_target *ti + goto bad; + + ti->num_flush_bios = 1; ++ ti->limit_swap_bios = true; + ti->flush_supported = true; + ti->per_io_data_size = sizeof(struct dm_thin_endio_hook); + diff --git a/queue-4.19/igb-revert-rtnl_lock-that-causes-deadlock.patch b/queue-4.19/igb-revert-rtnl_lock-that-causes-deadlock.patch new file mode 100644 index 00000000000..3c1395aaf42 --- /dev/null +++ b/queue-4.19/igb-revert-rtnl_lock-that-causes-deadlock.patch @@ -0,0 +1,87 @@ +From 65f69851e44d71248b952a687e44759a7abb5016 Mon Sep 17 00:00:00 2001 +From: Lin Ma +Date: Tue, 7 Mar 2023 23:29:17 +0800 +Subject: igb: revert rtnl_lock() that causes deadlock + +From: Lin Ma + +commit 65f69851e44d71248b952a687e44759a7abb5016 upstream. + +The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds +rtnl_lock to eliminate a false data race shown below + + (FREE from device detaching) | (USE from netdev core) +igb_remove | igb_ndo_get_vf_config + igb_disable_sriov | vf >= adapter->vfs_allocated_count? + kfree(adapter->vf_data) | + adapter->vfs_allocated_count = 0 | + | memcpy(... adapter->vf_data[vf] + +The above race will never happen and the extra rtnl_lock causes deadlock +below + +[ 141.420169] +[ 141.420672] __schedule+0x2dd/0x840 +[ 141.421427] schedule+0x50/0xc0 +[ 141.422041] schedule_preempt_disabled+0x11/0x20 +[ 141.422678] __mutex_lock.isra.13+0x431/0x6b0 +[ 141.423324] unregister_netdev+0xe/0x20 +[ 141.423578] igbvf_remove+0x45/0xe0 [igbvf] +[ 141.423791] pci_device_remove+0x36/0xb0 +[ 141.423990] device_release_driver_internal+0xc1/0x160 +[ 141.424270] pci_stop_bus_device+0x6d/0x90 +[ 141.424507] pci_stop_and_remove_bus_device+0xe/0x20 +[ 141.424789] pci_iov_remove_virtfn+0xba/0x120 +[ 141.425452] sriov_disable+0x2f/0xf0 +[ 141.425679] igb_disable_sriov+0x4e/0x100 [igb] +[ 141.426353] igb_remove+0xa0/0x130 [igb] +[ 141.426599] pci_device_remove+0x36/0xb0 +[ 141.426796] device_release_driver_internal+0xc1/0x160 +[ 141.427060] driver_detach+0x44/0x90 +[ 141.427253] bus_remove_driver+0x55/0xe0 +[ 141.427477] pci_unregister_driver+0x2a/0xa0 +[ 141.428296] __x64_sys_delete_module+0x141/0x2b0 +[ 141.429126] ? mntput_no_expire+0x4a/0x240 +[ 141.429363] ? syscall_trace_enter.isra.19+0x126/0x1a0 +[ 141.429653] do_syscall_64+0x5b/0x80 +[ 141.429847] ? exit_to_user_mode_prepare+0x14d/0x1c0 +[ 141.430109] ? syscall_exit_to_user_mode+0x12/0x30 +[ 141.430849] ? do_syscall_64+0x67/0x80 +[ 141.431083] ? syscall_exit_to_user_mode_prepare+0x183/0x1b0 +[ 141.431770] ? syscall_exit_to_user_mode+0x12/0x30 +[ 141.432482] ? do_syscall_64+0x67/0x80 +[ 141.432714] ? exc_page_fault+0x64/0x140 +[ 141.432911] entry_SYSCALL_64_after_hwframe+0x72/0xdc + +Since the igb_disable_sriov() will call pci_disable_sriov() before +releasing any resources, the netdev core will synchronize the cleanup to +avoid any races. This patch removes the useless rtnl_(un)lock to guarantee +correctness. + +CC: stable@vger.kernel.org +Fixes: 6faee3d4ee8b ("igb: Add lock to avoid data race") +Reported-by: Corinna Vinschen +Link: https://lore.kernel.org/intel-wired-lan/ZAcJvkEPqWeJHO2r@calimero.vinschen.de/ +Signed-off-by: Lin Ma +Tested-by: Corinna Vinschen +Reviewed-by: Jacob Keller +Reviewed-by: Simon Horman +Tested-by: Rafal Romanowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/igb/igb_main.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -3700,9 +3700,7 @@ static void igb_remove(struct pci_dev *p + igb_release_hw_control(adapter); + + #ifdef CONFIG_PCI_IOV +- rtnl_lock(); + igb_disable_sriov(pdev); +- rtnl_unlock(); + #endif + + unregister_netdev(netdev); diff --git a/queue-4.19/series b/queue-4.19/series index 29976524836..5e76996ba42 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -36,3 +36,7 @@ sh-sanitize-the-flags-on-sigreturn.patch cifs-empty-interface-list-when-server-doesn-t-support-query-interfaces.patch scsi-core-add-blist_skip_vpd_pages-for-skhynix-h28u74301amr.patch usb-gadget-u_audio-don-t-let-userspace-block-driver-unbind.patch +igb-revert-rtnl_lock-that-causes-deadlock.patch +dm-thin-fix-deadlock-when-swapping-to-thin-device.patch +usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch +usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch diff --git a/queue-4.19/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch b/queue-4.19/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch new file mode 100644 index 00000000000..bbed38d8ce5 --- /dev/null +++ b/queue-4.19/usb-chipdea-core-fix-return-einval-if-request-role-is-the-same-with-current-role.patch @@ -0,0 +1,38 @@ +From 3670de80678961eda7fa2220883fc77c16868951 Mon Sep 17 00:00:00 2001 +From: Xu Yang +Date: Fri, 17 Mar 2023 14:15:15 +0800 +Subject: usb: chipdea: core: fix return -EINVAL if request role is the same with current role + +From: Xu Yang + +commit 3670de80678961eda7fa2220883fc77c16868951 upstream. + +It should not return -EINVAL if the request role is the same with current +role, return non-error and without do anything instead. + +Fixes: a932a8041ff9 ("usb: chipidea: core: add sysfs group") +cc: +Acked-by: Peter Chen +Signed-off-by: Xu Yang +Link: https://lore.kernel.org/r/20230317061516.2451728-1-xu.yang_2@nxp.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/usb/chipidea/core.c ++++ b/drivers/usb/chipidea/core.c +@@ -872,9 +872,12 @@ static ssize_t role_store(struct device + strlen(ci->roles[role]->name))) + break; + +- if (role == CI_ROLE_END || role == ci->role) ++ if (role == CI_ROLE_END) + return -EINVAL; + ++ if (role == ci->role) ++ return n; ++ + pm_runtime_get_sync(dev); + disable_irq(ci->irq); + ci_role_stop(ci); diff --git a/queue-4.19/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch b/queue-4.19/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch new file mode 100644 index 00000000000..eadbff83e71 --- /dev/null +++ b/queue-4.19/usb-chipidea-core-fix-possible-concurrent-when-switch-role.patch @@ -0,0 +1,98 @@ +From 451b15ed138ec15bffbebb58a00ebdd884c3e659 Mon Sep 17 00:00:00 2001 +From: Xu Yang +Date: Fri, 17 Mar 2023 14:15:16 +0800 +Subject: usb: chipidea: core: fix possible concurrent when switch role + +From: Xu Yang + +commit 451b15ed138ec15bffbebb58a00ebdd884c3e659 upstream. + +The user may call role_store() when driver is handling +ci_handle_id_switch() which is triggerred by otg event or power lost +event. Unfortunately, the controller may go into chaos in this case. +Fix this by protecting it with mutex lock. + +Fixes: a932a8041ff9 ("usb: chipidea: core: add sysfs group") +cc: +Acked-by: Peter Chen +Signed-off-by: Xu Yang +Link: https://lore.kernel.org/r/20230317061516.2451728-2-xu.yang_2@nxp.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/chipidea/ci.h | 2 ++ + drivers/usb/chipidea/core.c | 8 +++++++- + drivers/usb/chipidea/otg.c | 5 ++++- + 3 files changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/usb/chipidea/ci.h ++++ b/drivers/usb/chipidea/ci.h +@@ -202,6 +202,7 @@ struct hw_bank { + * @in_lpm: if the core in low power mode + * @wakeup_int: if wakeup interrupt occur + * @rev: The revision number for controller ++ * @mutex: protect code from concorrent running when doing role switch + */ + struct ci_hdrc { + struct device *dev; +@@ -254,6 +255,7 @@ struct ci_hdrc { + bool in_lpm; + bool wakeup_int; + enum ci_revision rev; ++ struct mutex mutex; + }; + + static inline struct ci_role_driver *ci_role(struct ci_hdrc *ci) +--- a/drivers/usb/chipidea/core.c ++++ b/drivers/usb/chipidea/core.c +@@ -875,8 +875,12 @@ static ssize_t role_store(struct device + if (role == CI_ROLE_END) + return -EINVAL; + +- if (role == ci->role) ++ mutex_lock(&ci->mutex); ++ ++ if (role == ci->role) { ++ mutex_unlock(&ci->mutex); + return n; ++ } + + pm_runtime_get_sync(dev); + disable_irq(ci->irq); +@@ -886,6 +890,7 @@ static ssize_t role_store(struct device + ci_handle_vbus_change(ci); + enable_irq(ci->irq); + pm_runtime_put_sync(dev); ++ mutex_unlock(&ci->mutex); + + return (ret == 0) ? n : ret; + } +@@ -924,6 +929,7 @@ static int ci_hdrc_probe(struct platform + return -ENOMEM; + + spin_lock_init(&ci->lock); ++ mutex_init(&ci->mutex); + ci->dev = dev; + ci->platdata = dev_get_platdata(dev); + ci->imx28_write_fix = !!(ci->platdata->flags & +--- a/drivers/usb/chipidea/otg.c ++++ b/drivers/usb/chipidea/otg.c +@@ -164,8 +164,10 @@ static int hw_wait_vbus_lower_bsv(struct + + static void ci_handle_id_switch(struct ci_hdrc *ci) + { +- enum ci_role role = ci_otg_role(ci); ++ enum ci_role role; + ++ mutex_lock(&ci->mutex); ++ role = ci_otg_role(ci); + if (role != ci->role) { + dev_dbg(ci->dev, "switching from %s to %s\n", + ci_role(ci)->name, ci->roles[role]->name); +@@ -188,6 +190,7 @@ static void ci_handle_id_switch(struct c + if (role == CI_ROLE_GADGET) + ci_handle_vbus_change(ci); + } ++ mutex_unlock(&ci->mutex); + } + /** + * ci_otg_work - perform otg (vbus/id) event handle