From: Greg Kroah-Hartman Date: Thu, 30 Apr 2020 09:47:47 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v5.4.37~50 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=44140ed3e1573367b1743c8abec81b531dd3d072;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch mtd-cfi-fix-deadloop-in-cfi_cmdset_0002.c-do_write_buffer.patch --- diff --git a/queue-4.19/binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch b/queue-4.19/binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch new file mode 100644 index 00000000000..9c2b57e69bc --- /dev/null +++ b/queue-4.19/binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch @@ -0,0 +1,64 @@ +From 60d4885710836595192c42d3e04b27551d30ec91 Mon Sep 17 00:00:00 2001 +From: Tyler Hicks +Date: Fri, 12 Apr 2019 21:59:25 +0000 +Subject: binder: take read mode of mmap_sem in binder_alloc_free_page() + +From: Tyler Hicks + +commit 60d4885710836595192c42d3e04b27551d30ec91 upstream. + +Restore the behavior of locking mmap_sem for reading in +binder_alloc_free_page(), as was first done in commit 3013bf62b67a +("binder: reduce mmap_sem write-side lock"). That change was +inadvertently reverted by commit 5cec2d2e5839 ("binder: fix race between +munmap() and direct reclaim"). + +In addition, change the name of the label for the error path to +accurately reflect that we're taking the lock for reading. + +Backporting note: This fix is only needed when *both* of the commits +mentioned above are applied. That's an unlikely situation since they +both landed during the development of v5.1 but only one of them is +targeted for stable. + +Fixes: 5cec2d2e5839 ("binder: fix race between munmap() and direct reclaim") +Signed-off-by: Tyler Hicks +Acked-by: Todd Kjos +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/android/binder_alloc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/android/binder_alloc.c ++++ b/drivers/android/binder_alloc.c +@@ -970,8 +970,8 @@ enum lru_status binder_alloc_free_page(s + mm = alloc->vma_vm_mm; + if (!mmget_not_zero(mm)) + goto err_mmget; +- if (!down_write_trylock(&mm->mmap_sem)) +- goto err_down_write_mmap_sem_failed; ++ if (!down_read_trylock(&mm->mmap_sem)) ++ goto err_down_read_mmap_sem_failed; + vma = binder_alloc_get_vma(alloc); + + list_lru_isolate(lru, item); +@@ -986,7 +986,7 @@ enum lru_status binder_alloc_free_page(s + + trace_binder_unmap_user_end(alloc, index); + } +- up_write(&mm->mmap_sem); ++ up_read(&mm->mmap_sem); + mmput(mm); + + trace_binder_unmap_kernel_start(alloc, index); +@@ -1001,7 +1001,7 @@ enum lru_status binder_alloc_free_page(s + mutex_unlock(&alloc->mutex); + return LRU_REMOVED_RETRY; + +-err_down_write_mmap_sem_failed: ++err_down_read_mmap_sem_failed: + mmput_async(mm); + err_mmget: + err_page_already_freed: diff --git a/queue-4.19/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch b/queue-4.19/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch new file mode 100644 index 00000000000..b6678c7304a --- /dev/null +++ b/queue-4.19/include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch @@ -0,0 +1,72 @@ +From 467d12f5c7842896d2de3ced74e4147ee29e97c8 Mon Sep 17 00:00:00 2001 +From: Christian Borntraeger +Date: Thu, 20 Feb 2020 20:04:03 -0800 +Subject: include/uapi/linux/swab.h: fix userspace breakage, use __BITS_PER_LONG for swap + +From: Christian Borntraeger + +commit 467d12f5c7842896d2de3ced74e4147ee29e97c8 upstream. + +QEMU has a funny new build error message when I use the upstream kernel +headers: + + CC block/file-posix.o + In file included from /home/cborntra/REPOS/qemu/include/qemu/timer.h:4, + from /home/cborntra/REPOS/qemu/include/qemu/timed-average.h:29, + from /home/cborntra/REPOS/qemu/include/block/accounting.h:28, + from /home/cborntra/REPOS/qemu/include/block/block_int.h:27, + from /home/cborntra/REPOS/qemu/block/file-posix.c:30: + /usr/include/linux/swab.h: In function `__swab': + /home/cborntra/REPOS/qemu/include/qemu/bitops.h:20:34: error: "sizeof" is not defined, evaluates to 0 [-Werror=undef] + 20 | #define BITS_PER_LONG (sizeof (unsigned long) * BITS_PER_BYTE) + | ^~~~~~ + /home/cborntra/REPOS/qemu/include/qemu/bitops.h:20:41: error: missing binary operator before token "(" + 20 | #define BITS_PER_LONG (sizeof (unsigned long) * BITS_PER_BYTE) + | ^ + cc1: all warnings being treated as errors + make: *** [/home/cborntra/REPOS/qemu/rules.mak:69: block/file-posix.o] Error 1 + rm tests/qemu-iotests/socket_scm_helper.o + +This was triggered by commit d5767057c9a ("uapi: rename ext2_swab() to +swab() and share globally in swab.h"). That patch is doing + + #include + +but it uses BITS_PER_LONG. + +The kernel file asm/bitsperlong.h provide only __BITS_PER_LONG. + +Let us use the __ variant in swap.h + +Link: http://lkml.kernel.org/r/20200213142147.17604-1-borntraeger@de.ibm.com +Fixes: d5767057c9a ("uapi: rename ext2_swab() to swab() and share globally in swab.h") +Signed-off-by: Christian Borntraeger +Cc: Yury Norov +Cc: Allison Randal +Cc: Joe Perches +Cc: Thomas Gleixner +Cc: William Breathitt Gray +Cc: Torsten Hilbrich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + include/uapi/linux/swab.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/uapi/linux/swab.h ++++ b/include/uapi/linux/swab.h +@@ -135,9 +135,9 @@ static inline __attribute_const__ __u32 + + static __always_inline unsigned long __swab(const unsigned long y) + { +-#if BITS_PER_LONG == 64 ++#if __BITS_PER_LONG == 64 + return __swab64(y); +-#else /* BITS_PER_LONG == 32 */ ++#else /* __BITS_PER_LONG == 32 */ + return __swab32(y); + #endif + } diff --git a/queue-4.19/mtd-cfi-fix-deadloop-in-cfi_cmdset_0002.c-do_write_buffer.patch b/queue-4.19/mtd-cfi-fix-deadloop-in-cfi_cmdset_0002.c-do_write_buffer.patch new file mode 100644 index 00000000000..d884ddbd07f --- /dev/null +++ b/queue-4.19/mtd-cfi-fix-deadloop-in-cfi_cmdset_0002.c-do_write_buffer.patch @@ -0,0 +1,42 @@ +From d9b8a67b3b95a5c5aae6422b8113adc1c2485f2b Mon Sep 17 00:00:00 2001 +From: Liu Jian +Date: Sun, 3 Mar 2019 15:04:18 +0800 +Subject: mtd: cfi: fix deadloop in cfi_cmdset_0002.c do_write_buffer + +From: Liu Jian + +commit d9b8a67b3b95a5c5aae6422b8113adc1c2485f2b upstream. + +In function do_write_buffer(), in the for loop, there is a case +chip_ready() returns 1 while chip_good() returns 0, so it never +break the loop. +To fix this, chip_good() is enough and it should timeout if it stay +bad for a while. + +Fixes: dfeae1073583("mtd: cfi_cmdset_0002: Change write buffer to check correct value") +Signed-off-by: Yi Huaijie +Signed-off-by: Liu Jian +Reviewed-by: Tokunori Ikegami +Signed-off-by: Richard Weinberger +Cc: Guenter Roeck +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mtd/chips/cfi_cmdset_0002.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/chips/cfi_cmdset_0002.c ++++ b/drivers/mtd/chips/cfi_cmdset_0002.c +@@ -1882,7 +1882,11 @@ static int __xipram do_write_buffer(stru + continue; + } + +- if (time_after(jiffies, timeo) && !chip_ready(map, adr)) ++ /* ++ * We check "time_after" and "!chip_good" before checking "chip_good" to avoid ++ * the failure due to scheduling. ++ */ ++ if (time_after(jiffies, timeo) && !chip_good(map, adr, datum)) + break; + + if (chip_good(map, adr, datum)) { diff --git a/queue-4.19/series b/queue-4.19/series index 30560c0a71f..9bfc7f1db84 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -1 +1,4 @@ remoteproc-fix-wrong-rvring-index-computation.patch +mtd-cfi-fix-deadloop-in-cfi_cmdset_0002.c-do_write_buffer.patch +include-uapi-linux-swab.h-fix-userspace-breakage-use-__bits_per_long-for-swap.patch +binder-take-read-mode-of-mmap_sem-in-binder_alloc_free_page.patch