From: Greg Kroah-Hartman Date: Mon, 20 Apr 2020 09:15:52 +0000 (+0200) Subject: 5.6-stable patches X-Git-Tag: v4.19.117~9 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2339e1da27ffd4162d8ea5c7bcc613f209b22769;p=thirdparty%2Fkernel%2Fstable-queue.git 5.6-stable patches added patches: ext4-do-not-zeroout-extents-beyond-i_disksize.patch irqchip-ti-sci-inta-fix-processing-of-masked-irqs.patch proc-time-namespace-show-clock-symbolic-names-in-proc-pid-timens_offsets.patch rcu-don-t-acquire-lock-in-nmi-handler-in-rcu_nmi_enter_common.patch x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch --- diff --git a/queue-5.6/ext4-do-not-zeroout-extents-beyond-i_disksize.patch b/queue-5.6/ext4-do-not-zeroout-extents-beyond-i_disksize.patch new file mode 100644 index 00000000000..f24df21ded5 --- /dev/null +++ b/queue-5.6/ext4-do-not-zeroout-extents-beyond-i_disksize.patch @@ -0,0 +1,63 @@ +From 801674f34ecfed033b062a0f217506b93c8d5e8a Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Tue, 31 Mar 2020 12:50:16 +0200 +Subject: ext4: do not zeroout extents beyond i_disksize + +From: Jan Kara + +commit 801674f34ecfed033b062a0f217506b93c8d5e8a upstream. + +We do not want to create initialized extents beyond end of file because +for e2fsck it is impossible to distinguish them from a case of corrupted +file size / extent tree and so it complains like: + +Inode 12, i_size is 147456, should be 163840. Fix? no + +Code in ext4_ext_convert_to_initialized() and +ext4_split_convert_extents() try to make sure it does not create +initialized extents beyond inode size however they check against +inode->i_size which is wrong. They should instead check against +EXT4_I(inode)->i_disksize which is the current inode size on disk. +That's what e2fsck is going to see in case of crash before all dirty +data is written. This bug manifests as generic/456 test failure (with +recent enough fstests where fsx got fixed to properly pass +FALLOC_KEEP_SIZE_FL flags to the kernel) when run with dioread_lock +mount option. + +CC: stable@vger.kernel.org +Fixes: 21ca087a3891 ("ext4: Do not zero out uninitialized extents beyond i_size") +Reviewed-by: Lukas Czerner +Signed-off-by: Jan Kara +Signed-off-by: Theodore Ts'o +Link: https://lore.kernel.org/r/20200331105016.8674-1-jack@suse.cz +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -3532,8 +3532,8 @@ static int ext4_ext_convert_to_initializ + (unsigned long long)map->m_lblk, map_len); + + sbi = EXT4_SB(inode->i_sb); +- eof_block = (inode->i_size + inode->i_sb->s_blocksize - 1) >> +- inode->i_sb->s_blocksize_bits; ++ eof_block = (EXT4_I(inode)->i_disksize + inode->i_sb->s_blocksize - 1) ++ >> inode->i_sb->s_blocksize_bits; + if (eof_block < map->m_lblk + map_len) + eof_block = map->m_lblk + map_len; + +@@ -3785,8 +3785,8 @@ static int ext4_split_convert_extents(ha + __func__, inode->i_ino, + (unsigned long long)map->m_lblk, map->m_len); + +- eof_block = (inode->i_size + inode->i_sb->s_blocksize - 1) >> +- inode->i_sb->s_blocksize_bits; ++ eof_block = (EXT4_I(inode)->i_disksize + inode->i_sb->s_blocksize - 1) ++ >> inode->i_sb->s_blocksize_bits; + if (eof_block < map->m_lblk + map->m_len) + eof_block = map->m_lblk + map->m_len; + /* diff --git a/queue-5.6/irqchip-ti-sci-inta-fix-processing-of-masked-irqs.patch b/queue-5.6/irqchip-ti-sci-inta-fix-processing-of-masked-irqs.patch new file mode 100644 index 00000000000..88ee9e6e684 --- /dev/null +++ b/queue-5.6/irqchip-ti-sci-inta-fix-processing-of-masked-irqs.patch @@ -0,0 +1,51 @@ +From 3688b0db5c331f4ec3fa5eb9f670a4b04f530700 Mon Sep 17 00:00:00 2001 +From: Grygorii Strashko +Date: Wed, 8 Apr 2020 22:15:32 +0300 +Subject: irqchip/ti-sci-inta: Fix processing of masked irqs + +From: Grygorii Strashko + +commit 3688b0db5c331f4ec3fa5eb9f670a4b04f530700 upstream. + +The ti_sci_inta_irq_handler() does not take into account INTA IRQs state +(masked/unmasked) as it uses INTA_STATUS_CLEAR_j register to get INTA IRQs +status, which provides raw status value. +This causes hard IRQ handlers to be called or threaded handlers to be +scheduled many times even if corresponding INTA IRQ is masked. +Above, first of all, affects the LEVEL interrupts processing and causes +unexpected behavior up the system stack or crash. + +Fix it by using the Interrupt Masked Status INTA_STATUSM_j register which +provides masked INTA IRQs status. + +Fixes: 9f1463b86c13 ("irqchip/ti-sci-inta: Add support for Interrupt Aggregator driver") +Signed-off-by: Grygorii Strashko +Signed-off-by: Marc Zyngier +Reviewed-by: Lokesh Vutla +Link: https://lore.kernel.org/r/20200408191532.31252-1-grygorii.strashko@ti.com +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-ti-sci-inta.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/irqchip/irq-ti-sci-inta.c ++++ b/drivers/irqchip/irq-ti-sci-inta.c +@@ -37,6 +37,7 @@ + #define VINT_ENABLE_SET_OFFSET 0x0 + #define VINT_ENABLE_CLR_OFFSET 0x8 + #define VINT_STATUS_OFFSET 0x18 ++#define VINT_STATUS_MASKED_OFFSET 0x20 + + /** + * struct ti_sci_inta_event_desc - Description of an event coming to +@@ -116,7 +117,7 @@ static void ti_sci_inta_irq_handler(stru + chained_irq_enter(irq_desc_get_chip(desc), desc); + + val = readq_relaxed(inta->base + vint_desc->vint_id * 0x1000 + +- VINT_STATUS_OFFSET); ++ VINT_STATUS_MASKED_OFFSET); + + for_each_set_bit(bit, &val, MAX_EVENTS_PER_VINT) { + virq = irq_find_mapping(domain, vint_desc->events[bit].hwirq); diff --git a/queue-5.6/proc-time-namespace-show-clock-symbolic-names-in-proc-pid-timens_offsets.patch b/queue-5.6/proc-time-namespace-show-clock-symbolic-names-in-proc-pid-timens_offsets.patch new file mode 100644 index 00000000000..358b65ff2a5 --- /dev/null +++ b/queue-5.6/proc-time-namespace-show-clock-symbolic-names-in-proc-pid-timens_offsets.patch @@ -0,0 +1,102 @@ +From 94d440d618467806009c8edc70b094d64e12ee5a Mon Sep 17 00:00:00 2001 +From: Andrei Vagin +Date: Sat, 11 Apr 2020 08:40:31 -0700 +Subject: proc, time/namespace: Show clock symbolic names in /proc/pid/timens_offsets + +From: Andrei Vagin + +commit 94d440d618467806009c8edc70b094d64e12ee5a upstream. + +Michael Kerrisk suggested to replace numeric clock IDs with symbolic names. + +Now the content of these files looks like this: +$ cat /proc/774/timens_offsets +monotonic 864000 0 +boottime 1728000 0 + +For setting offsets, both representations of clocks (numeric and symbolic) +can be used. + +As for compatibility, it is acceptable to change things as long as +userspace doesn't care. The format of timens_offsets files is very new and +there are no userspace tools yet which rely on this format. + +But three projects crun, util-linux and criu rely on the interface of +setting time offsets and this is why it's required to continue supporting +the numeric clock IDs on write. + +Fixes: 04a8682a71be ("fs/proc: Introduce /proc/pid/timens_offsets") +Suggested-by: Michael Kerrisk +Signed-off-by: Andrei Vagin +Signed-off-by: Thomas Gleixner +Tested-by: Michael Kerrisk +Acked-by: Michael Kerrisk +Cc: Andrew Morton +Cc: Eric W. Biederman +Cc: Dmitry Safonov <0x7f454c46@gmail.com> +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20200411154031.642557-1-avagin@gmail.com +Signed-off-by: Greg Kroah-Hartman + +--- + fs/proc/base.c | 14 +++++++++++++- + kernel/time/namespace.c | 15 ++++++++++++++- + 2 files changed, 27 insertions(+), 2 deletions(-) + +--- a/fs/proc/base.c ++++ b/fs/proc/base.c +@@ -1573,6 +1573,7 @@ static ssize_t timens_offsets_write(stru + noffsets = 0; + for (pos = kbuf; pos; pos = next_line) { + struct proc_timens_offset *off = &offsets[noffsets]; ++ char clock[10]; + int err; + + /* Find the end of line and ensure we don't look past it */ +@@ -1584,10 +1585,21 @@ static ssize_t timens_offsets_write(stru + next_line = NULL; + } + +- err = sscanf(pos, "%u %lld %lu", &off->clockid, ++ err = sscanf(pos, "%9s %lld %lu", clock, + &off->val.tv_sec, &off->val.tv_nsec); + if (err != 3 || off->val.tv_nsec >= NSEC_PER_SEC) + goto out; ++ ++ clock[sizeof(clock) - 1] = 0; ++ if (strcmp(clock, "monotonic") == 0 || ++ strcmp(clock, __stringify(CLOCK_MONOTONIC)) == 0) ++ off->clockid = CLOCK_MONOTONIC; ++ else if (strcmp(clock, "boottime") == 0 || ++ strcmp(clock, __stringify(CLOCK_BOOTTIME)) == 0) ++ off->clockid = CLOCK_BOOTTIME; ++ else ++ goto out; ++ + noffsets++; + if (noffsets == ARRAY_SIZE(offsets)) { + if (next_line) +--- a/kernel/time/namespace.c ++++ b/kernel/time/namespace.c +@@ -337,7 +337,20 @@ static struct user_namespace *timens_own + + static void show_offset(struct seq_file *m, int clockid, struct timespec64 *ts) + { +- seq_printf(m, "%d %lld %ld\n", clockid, ts->tv_sec, ts->tv_nsec); ++ char *clock; ++ ++ switch (clockid) { ++ case CLOCK_BOOTTIME: ++ clock = "boottime"; ++ break; ++ case CLOCK_MONOTONIC: ++ clock = "monotonic"; ++ break; ++ default: ++ clock = "unknown"; ++ break; ++ } ++ seq_printf(m, "%-10s %10lld %9ld\n", clock, ts->tv_sec, ts->tv_nsec); + } + + void proc_timens_show_offsets(struct task_struct *p, struct seq_file *m) diff --git a/queue-5.6/rcu-don-t-acquire-lock-in-nmi-handler-in-rcu_nmi_enter_common.patch b/queue-5.6/rcu-don-t-acquire-lock-in-nmi-handler-in-rcu_nmi_enter_common.patch new file mode 100644 index 00000000000..38dec3775d2 --- /dev/null +++ b/queue-5.6/rcu-don-t-acquire-lock-in-nmi-handler-in-rcu_nmi_enter_common.patch @@ -0,0 +1,42 @@ +From bf37da98c51825c90432d340e135cced37a7460d Mon Sep 17 00:00:00 2001 +From: "Paul E. McKenney" +Date: Thu, 12 Mar 2020 16:55:07 -0700 +Subject: rcu: Don't acquire lock in NMI handler in rcu_nmi_enter_common() + +From: Paul E. McKenney + +commit bf37da98c51825c90432d340e135cced37a7460d upstream. + +The rcu_nmi_enter_common() function can be invoked both in interrupt +and NMI handlers. If it is invoked from process context (as opposed +to userspace or idle context) on a nohz_full CPU, it might acquire the +CPU's leaf rcu_node structure's ->lock. Because this lock is held only +with interrupts disabled, this is safe from an interrupt handler, but +doing so from an NMI handler can result in self-deadlock. + +This commit therefore adds "irq" to the "if" condition so as to only +acquire the ->lock from irq handlers or process context, never from +an NMI handler. + +Fixes: 5b14557b073c ("rcu: Avoid tick_dep_set_cpu() misordering") +Reported-by: Thomas Gleixner +Signed-off-by: Paul E. McKenney +Reviewed-by: Joel Fernandes (Google) +Cc: # 5.5.x +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/rcu/tree.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -816,7 +816,7 @@ static __always_inline void rcu_nmi_ente + rcu_cleanup_after_idle(); + + incby = 1; +- } else if (tick_nohz_full_cpu(rdp->cpu) && ++ } else if (irq && tick_nohz_full_cpu(rdp->cpu) && + rdp->dynticks_nmi_nesting == DYNTICK_IRQ_NONIDLE && + READ_ONCE(rdp->rcu_urgent_qs) && !rdp->rcu_forced_tick) { + raw_spin_lock_rcu_node(rdp->mynode); diff --git a/queue-5.6/series b/queue-5.6/series index cb4c4332703..05eedd9aeca 100644 --- a/queue-5.6/series +++ b/queue-5.6/series @@ -61,3 +61,9 @@ drm-amdgpu-fix-the-hw-hang-during-perform-system-reboot-and-reset.patch i2c-designware-platdrv-remove-dpm_flag_smart_suspend-flag-on-byt-and-cht.patch drm-nouveau-sec2-gv100-add-missing-module_firmware.patch drm-i915-perf-do-not-clear-pollin-for-small-user-read-buffers.patch +rcu-don-t-acquire-lock-in-nmi-handler-in-rcu_nmi_enter_common.patch +ext4-do-not-zeroout-extents-beyond-i_disksize.patch +irqchip-ti-sci-inta-fix-processing-of-masked-irqs.patch +proc-time-namespace-show-clock-symbolic-names-in-proc-pid-timens_offsets.patch +x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch +x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch diff --git a/queue-5.6/x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch b/queue-5.6/x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch new file mode 100644 index 00000000000..c94e22224b2 --- /dev/null +++ b/queue-5.6/x86-resctrl-fix-invalid-attempt-at-removing-the-default-resource-group.patch @@ -0,0 +1,71 @@ +From b0151da52a6d4f3951ea24c083e7a95977621436 Mon Sep 17 00:00:00 2001 +From: Reinette Chatre +Date: Tue, 17 Mar 2020 09:26:45 -0700 +Subject: x86/resctrl: Fix invalid attempt at removing the default resource group + +From: Reinette Chatre + +commit b0151da52a6d4f3951ea24c083e7a95977621436 upstream. + +The default resource group ("rdtgroup_default") is associated with the +root of the resctrl filesystem and should never be removed. New resource +groups can be created as subdirectories of the resctrl filesystem and +they can be removed from user space. + +There exists a safeguard in the directory removal code +(rdtgroup_rmdir()) that ensures that only subdirectories can be removed +by testing that the directory to be removed has to be a child of the +root directory. + +A possible deadlock was recently fixed with + + 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference"). + +This fix involved associating the private data of the "mon_groups" +and "mon_data" directories to the resource group to which they belong +instead of NULL as before. A consequence of this change was that +the original safeguard code preventing removal of "mon_groups" and +"mon_data" found in the root directory failed resulting in attempts to +remove the default resource group that ends in a BUG: + + kernel BUG at mm/slub.c:3969! + invalid opcode: 0000 [#1] SMP PTI + + Call Trace: + rdtgroup_rmdir+0x16b/0x2c0 + kernfs_iop_rmdir+0x5c/0x90 + vfs_rmdir+0x7a/0x160 + do_rmdir+0x17d/0x1e0 + do_syscall_64+0x55/0x1d0 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + +Fix this by improving the directory removal safeguard to ensure that +subdirectories of the resctrl root directory can only be removed if they +are a child of the resctrl filesystem's root _and_ not associated with +the default resource group. + +Fixes: 334b0f4e9b1b ("x86/resctrl: Fix a deadlock due to inaccurate reference") +Reported-by: Sai Praneeth Prakhya +Signed-off-by: Reinette Chatre +Signed-off-by: Borislav Petkov +Tested-by: Sai Praneeth Prakhya +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/884cbe1773496b5dbec1b6bd11bb50cffa83603d.1584461853.git.reinette.chatre@intel.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/resctrl/rdtgroup.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c ++++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c +@@ -3085,7 +3085,8 @@ static int rdtgroup_rmdir(struct kernfs_ + * If the rdtgroup is a mon group and parent directory + * is a valid "mon_groups" directory, remove the mon group. + */ +- if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn) { ++ if (rdtgrp->type == RDTCTRL_GROUP && parent_kn == rdtgroup_default.kn && ++ rdtgrp != &rdtgroup_default) { + if (rdtgrp->mode == RDT_MODE_PSEUDO_LOCKSETUP || + rdtgrp->mode == RDT_MODE_PSEUDO_LOCKED) { + ret = rdtgroup_ctrl_remove(kn, rdtgrp); diff --git a/queue-5.6/x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch b/queue-5.6/x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch new file mode 100644 index 00000000000..a6f08c451ff --- /dev/null +++ b/queue-5.6/x86-resctrl-preserve-cdp-enable-over-cpu-hotplug.patch @@ -0,0 +1,74 @@ +From 9fe0450785abbc04b0ed5d3cf61fcdb8ab656b4b Mon Sep 17 00:00:00 2001 +From: James Morse +Date: Fri, 21 Feb 2020 16:21:05 +0000 +Subject: x86/resctrl: Preserve CDP enable over CPU hotplug + +From: James Morse + +commit 9fe0450785abbc04b0ed5d3cf61fcdb8ab656b4b upstream. + +Resctrl assumes that all CPUs are online when the filesystem is mounted, +and that CPUs remember their CDP-enabled state over CPU hotplug. + +This goes wrong when resctrl's CDP-enabled state changes while all the +CPUs in a domain are offline. + +When a domain comes online, enable (or disable!) CDP to match resctrl's +current setting. + +Fixes: 5ff193fbde20 ("x86/intel_rdt: Add basic resctrl filesystem support") +Suggested-by: Reinette Chatre +Signed-off-by: James Morse +Signed-off-by: Borislav Petkov +Cc: +Link: https://lkml.kernel.org/r/20200221162105.154163-1-james.morse@arm.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/resctrl/core.c | 2 ++ + arch/x86/kernel/cpu/resctrl/internal.h | 1 + + arch/x86/kernel/cpu/resctrl/rdtgroup.c | 13 +++++++++++++ + 3 files changed, 16 insertions(+) + +--- a/arch/x86/kernel/cpu/resctrl/core.c ++++ b/arch/x86/kernel/cpu/resctrl/core.c +@@ -578,6 +578,8 @@ static void domain_add_cpu(int cpu, stru + d->id = id; + cpumask_set_cpu(cpu, &d->cpu_mask); + ++ rdt_domain_reconfigure_cdp(r); ++ + if (r->alloc_capable && domain_setup_ctrlval(r, d)) { + kfree(d); + return; +--- a/arch/x86/kernel/cpu/resctrl/internal.h ++++ b/arch/x86/kernel/cpu/resctrl/internal.h +@@ -601,5 +601,6 @@ bool has_busy_rmid(struct rdt_resource * + void __check_limbo(struct rdt_domain *d, bool force_free); + bool cbm_validate_intel(char *buf, u32 *data, struct rdt_resource *r); + bool cbm_validate_amd(char *buf, u32 *data, struct rdt_resource *r); ++void rdt_domain_reconfigure_cdp(struct rdt_resource *r); + + #endif /* _ASM_X86_RESCTRL_INTERNAL_H */ +--- a/arch/x86/kernel/cpu/resctrl/rdtgroup.c ++++ b/arch/x86/kernel/cpu/resctrl/rdtgroup.c +@@ -1859,6 +1859,19 @@ static int set_cache_qos_cfg(int level, + return 0; + } + ++/* Restore the qos cfg state when a domain comes online */ ++void rdt_domain_reconfigure_cdp(struct rdt_resource *r) ++{ ++ if (!r->alloc_capable) ++ return; ++ ++ if (r == &rdt_resources_all[RDT_RESOURCE_L2DATA]) ++ l2_qos_cfg_update(&r->alloc_enabled); ++ ++ if (r == &rdt_resources_all[RDT_RESOURCE_L3DATA]) ++ l3_qos_cfg_update(&r->alloc_enabled); ++} ++ + /* + * Enable or disable the MBA software controller + * which helps user specify bandwidth in MBps.