From: Sasha Levin Date: Mon, 16 Nov 2020 13:58:17 +0000 (-0500) Subject: Fixes for 4.9 X-Git-Tag: v4.4.244~53 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=201987ebf458a4951c52e57a256c27177b4656ed;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/cosa-add-missing-kfree-in-error-path-of-cosa_write.patch b/queue-4.9/cosa-add-missing-kfree-in-error-path-of-cosa_write.patch new file mode 100644 index 00000000000..70e4fb233c0 --- /dev/null +++ b/queue-4.9/cosa-add-missing-kfree-in-error-path-of-cosa_write.patch @@ -0,0 +1,39 @@ +From c14594bdcf9e99097536c834c85d5ceef2143ccb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Nov 2020 22:46:14 +0800 +Subject: cosa: Add missing kfree in error path of cosa_write + +From: Wang Hai + +[ Upstream commit 52755b66ddcef2e897778fac5656df18817b59ab ] + +If memory allocation for 'kbuf' succeed, cosa_write() doesn't have a +corresponding kfree() in exception handling. Thus add kfree() for this +function implementation. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-by: Hulk Robot +Signed-off-by: Wang Hai +Acked-by: Jan "Yenya" Kasprzak +Link: https://lore.kernel.org/r/20201110144614.43194-1-wanghai38@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/wan/cosa.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wan/cosa.c b/drivers/net/wan/cosa.c +index b87fe0a01c69f..3c02473a20f21 100644 +--- a/drivers/net/wan/cosa.c ++++ b/drivers/net/wan/cosa.c +@@ -903,6 +903,7 @@ static ssize_t cosa_write(struct file *file, + chan->tx_status = 1; + spin_unlock_irqrestore(&cosa->lock, flags); + up(&chan->wsem); ++ kfree(kbuf); + return -ERESTARTSYS; + } + } +-- +2.27.0 + diff --git a/queue-4.9/of-address-fix-of_node-memory-leak-in-of_dma_is_cohe.patch b/queue-4.9/of-address-fix-of_node-memory-leak-in-of_dma_is_cohe.patch new file mode 100644 index 00000000000..0c455cd5d8c --- /dev/null +++ b/queue-4.9/of-address-fix-of_node-memory-leak-in-of_dma_is_cohe.patch @@ -0,0 +1,47 @@ +From 38468a5a4c95f5debd6b64ecd35f9447fded43c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 10 Nov 2020 15:28:25 +1300 +Subject: of/address: Fix of_node memory leak in of_dma_is_coherent + +From: Evan Nimmo + +[ Upstream commit a5bea04fcc0b3c0aec71ee1fd58fd4ff7ee36177 ] + +Commit dabf6b36b83a ("of: Add OF_DMA_DEFAULT_COHERENT & select it on +powerpc") added a check to of_dma_is_coherent which returns early +if OF_DMA_DEFAULT_COHERENT is enabled. This results in the of_node_put() +being skipped causing a memory leak. Moved the of_node_get() below this +check so we now we only get the node if OF_DMA_DEFAULT_COHERENT is not +enabled. + +Fixes: dabf6b36b83a ("of: Add OF_DMA_DEFAULT_COHERENT & select it on powerpc") +Signed-off-by: Evan Nimmo +Link: https://lore.kernel.org/r/20201110022825.30895-1-evan.nimmo@alliedtelesis.co.nz +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/address.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/of/address.c b/drivers/of/address.c +index 37619bb2c97ad..d188eacbd3b80 100644 +--- a/drivers/of/address.c ++++ b/drivers/of/address.c +@@ -901,11 +901,13 @@ EXPORT_SYMBOL_GPL(of_dma_get_range); + */ + bool of_dma_is_coherent(struct device_node *np) + { +- struct device_node *node = of_node_get(np); ++ struct device_node *node; + + if (IS_ENABLED(CONFIG_OF_DMA_DEFAULT_COHERENT)) + return true; + ++ node = of_node_get(np); ++ + while (node) { + if (of_property_read_bool(node, "dma-coherent")) { + of_node_put(node); +-- +2.27.0 + diff --git a/queue-4.9/perf-fix-get_recursion_context.patch b/queue-4.9/perf-fix-get_recursion_context.patch new file mode 100644 index 00000000000..fd9d3cf41cc --- /dev/null +++ b/queue-4.9/perf-fix-get_recursion_context.patch @@ -0,0 +1,35 @@ +From 3588d09d164b386df153092892ec1b1fda1e4dbd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Oct 2020 12:49:45 +0100 +Subject: perf: Fix get_recursion_context() + +From: Peter Zijlstra + +[ Upstream commit ce0f17fc93f63ee91428af10b7b2ddef38cd19e5 ] + +One should use in_serving_softirq() to detect SoftIRQ context. + +Fixes: 96f6d4444302 ("perf_counter: avoid recursion") +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20201030151955.120572175@infradead.org +Signed-off-by: Sasha Levin +--- + kernel/events/internal.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/events/internal.h b/kernel/events/internal.h +index 486fd78eb8d5e..c8c1c3db5d065 100644 +--- a/kernel/events/internal.h ++++ b/kernel/events/internal.h +@@ -212,7 +212,7 @@ static inline int get_recursion_context(int *recursion) + rctx = 3; + else if (in_irq()) + rctx = 2; +- else if (in_softirq()) ++ else if (in_serving_softirq()) + rctx = 1; + else + rctx = 0; +-- +2.27.0 + diff --git a/queue-4.9/pinctrl-aspeed-fix-gpi-only-function-problem.patch b/queue-4.9/pinctrl-aspeed-fix-gpi-only-function-problem.patch new file mode 100644 index 00000000000..6a8449f03de --- /dev/null +++ b/queue-4.9/pinctrl-aspeed-fix-gpi-only-function-problem.patch @@ -0,0 +1,50 @@ +From 5ce9145336388148c1e717f9c8c61932dc2b8f48 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Oct 2020 13:54:50 +0800 +Subject: pinctrl: aspeed: Fix GPI only function problem. + +From: Billy Tsai + +[ Upstream commit 9b92f5c51e9a41352d665f6f956bd95085a56a83 ] + +Some gpio pin at aspeed soc is input only and the prefix name of these +pin is "GPI" only. +This patch fine-tune the condition of GPIO check from "GPIO" to "GPI" +and it will fix the usage error of banks D and E in the AST2400/AST2500 +and banks T and U in the AST2600. + +Fixes: 4d3d0e4272d8 ("pinctrl: Add core support for Aspeed SoCs") +Signed-off-by: Billy Tsai +Reviewed-by: Andrew Jeffery +Link: https://lore.kernel.org/r/20201030055450.29613-1-billy_tsai@aspeedtech.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/aspeed/pinctrl-aspeed.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/pinctrl/aspeed/pinctrl-aspeed.c b/drivers/pinctrl/aspeed/pinctrl-aspeed.c +index 49aeba9125319..23d2f0ba12db5 100644 +--- a/drivers/pinctrl/aspeed/pinctrl-aspeed.c ++++ b/drivers/pinctrl/aspeed/pinctrl-aspeed.c +@@ -387,13 +387,14 @@ int aspeed_pinmux_set_mux(struct pinctrl_dev *pctldev, unsigned int function, + static bool aspeed_expr_is_gpio(const struct aspeed_sig_expr *expr) + { + /* +- * The signal type is GPIO if the signal name has "GPIO" as a prefix. ++ * The signal type is GPIO if the signal name has "GPI" as a prefix. + * strncmp (rather than strcmp) is used to implement the prefix + * requirement. + * +- * expr->signal might look like "GPIOT3" in the GPIO case. ++ * expr->signal might look like "GPIOB1" in the GPIO case. ++ * expr->signal might look like "GPIT0" in the GPI case. + */ +- return strncmp(expr->signal, "GPIO", 4) == 0; ++ return strncmp(expr->signal, "GPI", 3) == 0; + } + + static bool aspeed_gpio_in_exprs(const struct aspeed_sig_expr **exprs) +-- +2.27.0 + diff --git a/queue-4.9/series b/queue-4.9/series index e5560f95daa..fe18ac32bc0 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -33,3 +33,10 @@ mac80211-always-wind-down-sta-state.patch cfg80211-regulatory-fix-inconsistent-format-argument.patch scsi-scsi_dh_alua-avoid-crash-during-alua_bus_detach.patch iommu-amd-increase-interrupt-remapping-table-limit-t.patch +pinctrl-aspeed-fix-gpi-only-function-problem.patch +xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch +xfs-fix-rmap-key-and-record-comparison-functions.patch +xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch +of-address-fix-of_node-memory-leak-in-of_dma_is_cohe.patch +cosa-add-missing-kfree-in-error-path-of-cosa_write.patch +perf-fix-get_recursion_context.patch diff --git a/queue-4.9/xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch b/queue-4.9/xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch new file mode 100644 index 00000000000..98d28353f88 --- /dev/null +++ b/queue-4.9/xfs-fix-a-missing-unlock-on-error-in-xfs_fs_map_bloc.patch @@ -0,0 +1,37 @@ +From a8b1faf0c6d20df22e1a24b26ab5992e6d64d182 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 11 Nov 2020 08:07:37 -0800 +Subject: xfs: fix a missing unlock on error in xfs_fs_map_blocks + +From: Christoph Hellwig + +[ Upstream commit 2bd3fa793aaa7e98b74e3653fdcc72fa753913b5 ] + +We also need to drop the iolock when invalidate_inode_pages2 fails, not +only on all other error or successful cases. + +Fixes: 527851124d10 ("xfs: implement pNFS export operations") +Signed-off-by: Christoph Hellwig +Reviewed-by: Darrick J. Wong +Signed-off-by: Darrick J. Wong +Signed-off-by: Sasha Levin +--- + fs/xfs/xfs_pnfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/xfs/xfs_pnfs.c b/fs/xfs/xfs_pnfs.c +index cecd37569ddb3..353bfe9c5cdd9 100644 +--- a/fs/xfs/xfs_pnfs.c ++++ b/fs/xfs/xfs_pnfs.c +@@ -144,7 +144,7 @@ xfs_fs_map_blocks( + goto out_unlock; + error = invalidate_inode_pages2(inode->i_mapping); + if (WARN_ON_ONCE(error)) +- return error; ++ goto out_unlock; + + end_fsb = XFS_B_TO_FSB(mp, (xfs_ufsize_t)offset + length); + offset_fsb = XFS_B_TO_FSBT(mp, offset); +-- +2.27.0 + diff --git a/queue-4.9/xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch b/queue-4.9/xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch new file mode 100644 index 00000000000..d940524b281 --- /dev/null +++ b/queue-4.9/xfs-fix-flags-argument-to-rmap-lookup-when-convertin.patch @@ -0,0 +1,39 @@ +From 7bb1622fc11e2d3651626b28cff07876065f7038 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 8 Nov 2020 16:32:43 -0800 +Subject: xfs: fix flags argument to rmap lookup when converting shared file + rmaps + +From: Darrick J. Wong + +[ Upstream commit ea8439899c0b15a176664df62aff928010fad276 ] + +Pass the same oldext argument (which contains the existing rmapping's +unwritten state) to xfs_rmap_lookup_le_range at the start of +xfs_rmap_convert_shared. At this point in the code, flags is zero, +which means that we perform lookups using the wrong key. + +Fixes: 3f165b334e51 ("xfs: convert unwritten status of reverse mappings for shared files") +Signed-off-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + fs/xfs/libxfs/xfs_rmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/xfs/libxfs/xfs_rmap.c b/fs/xfs/libxfs/xfs_rmap.c +index 3a8cc7139912b..89fdcc641715f 100644 +--- a/fs/xfs/libxfs/xfs_rmap.c ++++ b/fs/xfs/libxfs/xfs_rmap.c +@@ -1318,7 +1318,7 @@ xfs_rmap_convert_shared( + * record for our insertion point. This will also give us the record for + * start block contiguity tests. + */ +- error = xfs_rmap_lookup_le_range(cur, bno, owner, offset, flags, ++ error = xfs_rmap_lookup_le_range(cur, bno, owner, offset, oldext, + &PREV, &i); + XFS_WANT_CORRUPTED_GOTO(mp, i == 1, done); + +-- +2.27.0 + diff --git a/queue-4.9/xfs-fix-rmap-key-and-record-comparison-functions.patch b/queue-4.9/xfs-fix-rmap-key-and-record-comparison-functions.patch new file mode 100644 index 00000000000..6cc02eff940 --- /dev/null +++ b/queue-4.9/xfs-fix-rmap-key-and-record-comparison-functions.patch @@ -0,0 +1,92 @@ +From 92f2e03186f3a28d8322fff1d88a529541d2a07b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 8 Nov 2020 16:32:44 -0800 +Subject: xfs: fix rmap key and record comparison functions + +From: Darrick J. Wong + +[ Upstream commit 6ff646b2ceb0eec916101877f38da0b73e3a5b7f ] + +Keys for extent interval records in the reverse mapping btree are +supposed to be computed as follows: + +(physical block, owner, fork, is_btree, is_unwritten, offset) + +This provides users the ability to look up a reverse mapping from a bmbt +record -- start with the physical block; then if there are multiple +records for the same block, move on to the owner; then the inode fork +type; and so on to the file offset. + +However, the key comparison functions incorrectly remove the +fork/btree/unwritten information that's encoded in the on-disk offset. +This means that lookup comparisons are only done with: + +(physical block, owner, offset) + +This means that queries can return incorrect results. On consistent +filesystems this hasn't been an issue because blocks are never shared +between forks or with bmbt blocks; and are never unwritten. However, +this bug means that online repair cannot always detect corruption in the +key information in internal rmapbt nodes. + +Found by fuzzing keys[1].attrfork = ones on xfs/371. + +Fixes: 4b8ed67794fe ("xfs: add rmap btree operations") +Signed-off-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + fs/xfs/libxfs/xfs_rmap_btree.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/fs/xfs/libxfs/xfs_rmap_btree.c b/fs/xfs/libxfs/xfs_rmap_btree.c +index 33a28efc3085b..c5a24b80c7f72 100644 +--- a/fs/xfs/libxfs/xfs_rmap_btree.c ++++ b/fs/xfs/libxfs/xfs_rmap_btree.c +@@ -262,8 +262,8 @@ xfs_rmapbt_key_diff( + else if (y > x) + return -1; + +- x = XFS_RMAP_OFF(be64_to_cpu(kp->rm_offset)); +- y = rec->rm_offset; ++ x = be64_to_cpu(kp->rm_offset); ++ y = xfs_rmap_irec_offset_pack(rec); + if (x > y) + return 1; + else if (y > x) +@@ -294,8 +294,8 @@ xfs_rmapbt_diff_two_keys( + else if (y > x) + return -1; + +- x = XFS_RMAP_OFF(be64_to_cpu(kp1->rm_offset)); +- y = XFS_RMAP_OFF(be64_to_cpu(kp2->rm_offset)); ++ x = be64_to_cpu(kp1->rm_offset); ++ y = be64_to_cpu(kp2->rm_offset); + if (x > y) + return 1; + else if (y > x) +@@ -401,8 +401,8 @@ xfs_rmapbt_keys_inorder( + return 1; + else if (a > b) + return 0; +- a = XFS_RMAP_OFF(be64_to_cpu(k1->rmap.rm_offset)); +- b = XFS_RMAP_OFF(be64_to_cpu(k2->rmap.rm_offset)); ++ a = be64_to_cpu(k1->rmap.rm_offset); ++ b = be64_to_cpu(k2->rmap.rm_offset); + if (a <= b) + return 1; + return 0; +@@ -431,8 +431,8 @@ xfs_rmapbt_recs_inorder( + return 1; + else if (a > b) + return 0; +- a = XFS_RMAP_OFF(be64_to_cpu(r1->rmap.rm_offset)); +- b = XFS_RMAP_OFF(be64_to_cpu(r2->rmap.rm_offset)); ++ a = be64_to_cpu(r1->rmap.rm_offset); ++ b = be64_to_cpu(r2->rmap.rm_offset); + if (a <= b) + return 1; + return 0; +-- +2.27.0 +