From: Greg Kroah-Hartman Date: Sat, 18 Apr 2020 10:54:32 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v4.19.117~27 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=69bd51203d9ea41e69241c9e67e1740553cf1cc8;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: alsa-usb-audio-check-mapping-at-creating-connector-controls-too.patch alsa-usb-audio-don-t-create-jack-controls-for-pcm-terminals.patch alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch alsa-usb-audio-filter-error-from-connector-kctl-ops-too.patch asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch btrfs-check-commit-root-generation-in-should_ignore_root.patch ext4-fix-incorrect-group-count-in-ext4_fill_super-error-message.patch ext4-fix-incorrect-inodes-per-group-in-error-message.patch jbd2-improve-comments-about-freeing-data-buffers-whose-page-mapping-is-null.patch keys-fix-proc_keys_next-to-increase-position-index.patch mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch ovl-fix-value-of-i_ino-for-lower-hardlink-corner-case.patch pwm-pca9685-fix-pwm-gpio-inter-operation.patch scsi-ufs-fix-ufshcd_hold-caused-scheduling-while-atomic.patch tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch --- diff --git a/queue-4.19/alsa-usb-audio-check-mapping-at-creating-connector-controls-too.patch b/queue-4.19/alsa-usb-audio-check-mapping-at-creating-connector-controls-too.patch new file mode 100644 index 00000000000..290b1f4f7c9 --- /dev/null +++ b/queue-4.19/alsa-usb-audio-check-mapping-at-creating-connector-controls-too.patch @@ -0,0 +1,105 @@ +From 934b96594ed66b07dbc7e576d28814466df3a494 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sun, 12 Apr 2020 10:13:31 +0200 +Subject: ALSA: usb-audio: Check mapping at creating connector controls, too + +From: Takashi Iwai + +commit 934b96594ed66b07dbc7e576d28814466df3a494 upstream. + +Add the mapping check to build_connector_control() so that the device +specific quirk can provide the node to skip for the badly behaving +connector controls. As an example, ALC1220-VB-based codec implements +the skip entry for the broken SPDIF connector detection. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206873 +Cc: +Link: https://lore.kernel.org/r/20200412081331.4742-5-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer.c | 18 +++++++++++------- + sound/usb/mixer_maps.c | 4 +++- + 2 files changed, 14 insertions(+), 8 deletions(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -1765,11 +1765,15 @@ static void get_connector_control_name(s + + /* Build a mixer control for a UAC connector control (jack-detect) */ + static void build_connector_control(struct usb_mixer_interface *mixer, ++ const struct usbmix_name_map *imap, + struct usb_audio_term *term, bool is_input) + { + struct snd_kcontrol *kctl; + struct usb_mixer_elem_info *cval; + ++ if (check_ignored_ctl(find_map(imap, term->id, 0))) ++ return; ++ + cval = kzalloc(sizeof(*cval), GFP_KERNEL); + if (!cval) + return; +@@ -2109,7 +2113,7 @@ static int parse_audio_input_terminal(st + /* Check for jack detection. */ + if ((iterm.type & 0xff00) != 0x0100 && + uac_v2v3_control_is_readable(bmctls, control)) +- build_connector_control(state->mixer, &iterm, true); ++ build_connector_control(state->mixer, state->map, &iterm, true); + + return 0; + } +@@ -3070,13 +3074,13 @@ static int snd_usb_mixer_controls_badd(s + memset(&iterm, 0, sizeof(iterm)); + iterm.id = UAC3_BADD_IT_ID4; + iterm.type = UAC_BIDIR_TERMINAL_HEADSET; +- build_connector_control(mixer, &iterm, true); ++ build_connector_control(mixer, map->map, &iterm, true); + + /* Output Term - Insertion control */ + memset(&oterm, 0, sizeof(oterm)); + oterm.id = UAC3_BADD_OT_ID3; + oterm.type = UAC_BIDIR_TERMINAL_HEADSET; +- build_connector_control(mixer, &oterm, false); ++ build_connector_control(mixer, map->map, &oterm, false); + } + + return 0; +@@ -3151,8 +3155,8 @@ static int snd_usb_mixer_controls(struct + if ((state.oterm.type & 0xff00) != 0x0100 && + uac_v2v3_control_is_readable(le16_to_cpu(desc->bmControls), + UAC2_TE_CONNECTOR)) { +- build_connector_control(state.mixer, &state.oterm, +- false); ++ build_connector_control(state.mixer, state.map, ++ &state.oterm, false); + } + } else { /* UAC_VERSION_3 */ + struct uac3_output_terminal_descriptor *desc = p; +@@ -3177,8 +3181,8 @@ static int snd_usb_mixer_controls(struct + if ((state.oterm.type & 0xff00) != 0x0100 && + uac_v2v3_control_is_readable(le32_to_cpu(desc->bmControls), + UAC3_TE_INSERTION)) { +- build_connector_control(state.mixer, &state.oterm, +- false); ++ build_connector_control(state.mixer, state.map, ++ &state.oterm, false); + } + } + } +--- a/sound/usb/mixer_maps.c ++++ b/sound/usb/mixer_maps.c +@@ -364,9 +364,11 @@ static const struct usbmix_name_map dell + }; + + /* Some mobos shipped with a dummy HD-audio show the invalid GET_MIN/GET_MAX +- * response for Input Gain Pad (id=19, control=12). Skip it. ++ * response for Input Gain Pad (id=19, control=12) and the connector status ++ * for SPDIF terminal (id=18). Skip them. + */ + static const struct usbmix_name_map asus_rog_map[] = { ++ { 18, NULL }, /* OT, connector control */ + { 19, NULL, 12 }, /* FU, Input Gain Pad */ + {} + }; diff --git a/queue-4.19/alsa-usb-audio-don-t-create-jack-controls-for-pcm-terminals.patch b/queue-4.19/alsa-usb-audio-don-t-create-jack-controls-for-pcm-terminals.patch new file mode 100644 index 00000000000..042cbe6c86f --- /dev/null +++ b/queue-4.19/alsa-usb-audio-don-t-create-jack-controls-for-pcm-terminals.patch @@ -0,0 +1,56 @@ +From 7dc3c5a0172e6c0449502103356c3628d05bc0e0 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sun, 12 Apr 2020 10:13:30 +0200 +Subject: ALSA: usb-audio: Don't create jack controls for PCM terminals + +From: Takashi Iwai + +commit 7dc3c5a0172e6c0449502103356c3628d05bc0e0 upstream. + +Some funky firmwares set the connector flag even on PCM terminals +although it doesn't make sense (and even actually the firmware doesn't +react properly!). Let's skip creation of jack controls in such a +case. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206873 +Cc: +Link: https://lore.kernel.org/r/20200412081331.4742-4-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -2107,7 +2107,8 @@ static int parse_audio_input_terminal(st + check_input_term(state, term_id, &iterm); + + /* Check for jack detection. */ +- if (uac_v2v3_control_is_readable(bmctls, control)) ++ if ((iterm.type & 0xff00) != 0x0100 && ++ uac_v2v3_control_is_readable(bmctls, control)) + build_connector_control(state->mixer, &iterm, true); + + return 0; +@@ -3147,7 +3148,8 @@ static int snd_usb_mixer_controls(struct + if (err < 0 && err != -EINVAL) + return err; + +- if (uac_v2v3_control_is_readable(le16_to_cpu(desc->bmControls), ++ if ((state.oterm.type & 0xff00) != 0x0100 && ++ uac_v2v3_control_is_readable(le16_to_cpu(desc->bmControls), + UAC2_TE_CONNECTOR)) { + build_connector_control(state.mixer, &state.oterm, + false); +@@ -3172,7 +3174,8 @@ static int snd_usb_mixer_controls(struct + if (err < 0 && err != -EINVAL) + return err; + +- if (uac_v2v3_control_is_readable(le32_to_cpu(desc->bmControls), ++ if ((state.oterm.type & 0xff00) != 0x0100 && ++ uac_v2v3_control_is_readable(le32_to_cpu(desc->bmControls), + UAC3_TE_INSERTION)) { + build_connector_control(state.mixer, &state.oterm, + false); diff --git a/queue-4.19/alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch b/queue-4.19/alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch new file mode 100644 index 00000000000..fe06a6d24ee --- /dev/null +++ b/queue-4.19/alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch @@ -0,0 +1,36 @@ +From 3507245b82b4362dc9721cbc328644905a3efa22 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sun, 12 Apr 2020 10:13:29 +0200 +Subject: ALSA: usb-audio: Don't override ignore_ctl_error value from the map + +From: Takashi Iwai + +commit 3507245b82b4362dc9721cbc328644905a3efa22 upstream. + +The mapping table may contain also ignore_ctl_error flag for devices +that are known to behave wild. Since this flag always writes the +card's own ignore_ctl_error flag, it overrides the value already set +by the module option, so it doesn't follow user's expectation. +Let's fix the code not to clear the flag that has been set by user. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206873 +Cc: +Link: https://lore.kernel.org/r/20200412081331.4742-3-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -3104,7 +3104,7 @@ static int snd_usb_mixer_controls(struct + if (map->id == state.chip->usb_id) { + state.map = map->map; + state.selector_map = map->selector_map; +- mixer->ignore_ctl_error = map->ignore_ctl_error; ++ mixer->ignore_ctl_error |= map->ignore_ctl_error; + break; + } + } diff --git a/queue-4.19/alsa-usb-audio-filter-error-from-connector-kctl-ops-too.patch b/queue-4.19/alsa-usb-audio-filter-error-from-connector-kctl-ops-too.patch new file mode 100644 index 00000000000..34cb485c85b --- /dev/null +++ b/queue-4.19/alsa-usb-audio-filter-error-from-connector-kctl-ops-too.patch @@ -0,0 +1,38 @@ +From 48cc42973509afac24e83d6edc23901d102872d1 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Sun, 12 Apr 2020 10:13:28 +0200 +Subject: ALSA: usb-audio: Filter error from connector kctl ops, too + +From: Takashi Iwai + +commit 48cc42973509afac24e83d6edc23901d102872d1 upstream. + +The ignore_ctl_error option should filter the error at kctl accesses, +but there was an overlook: mixer_ctl_connector_get() returns an error +from the request. + +This patch covers the forgotten code path and apply filter_error() +properly. The locking error is still returned since this is a fatal +error that has to be reported even with ignore_ctl_error option. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=206873 +Cc: +Link: https://lore.kernel.org/r/20200412081331.4742-2-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman + +--- + sound/usb/mixer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/usb/mixer.c ++++ b/sound/usb/mixer.c +@@ -1461,7 +1461,7 @@ error: + usb_audio_err(chip, + "cannot get connectors status: req = %#x, wValue = %#x, wIndex = %#x, type = %d\n", + UAC_GET_CUR, validx, idx, cval->val_type); +- return ret; ++ return filter_error(cval, ret); + } + + ucontrol->value.integer.value[0] = val; diff --git a/queue-4.19/asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch b/queue-4.19/asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch new file mode 100644 index 00000000000..6298ba9699c --- /dev/null +++ b/queue-4.19/asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch @@ -0,0 +1,35 @@ +From f5e056e1e46fcbb5f74ce560792aeb7d57ce79e6 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Tue, 19 Nov 2019 11:36:40 +0000 +Subject: ASoC: Intel: mrfld: fix incorrect check on p->sink + +From: Colin Ian King + +commit f5e056e1e46fcbb5f74ce560792aeb7d57ce79e6 upstream. + +The check on p->sink looks bogus, I believe it should be p->source +since the following code blocks are related to p->source. Fix +this by replacing p->sink with p->source. + +Fixes: 24c8d14192cc ("ASoC: Intel: mrfld: add DSP core controls") +Signed-off-by: Colin Ian King +Addresses-Coverity: ("Copy-paste error") +Link: https://lore.kernel.org/r/20191119113640.166940-1-colin.king@canonical.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/intel/atom/sst-atom-controls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/intel/atom/sst-atom-controls.c ++++ b/sound/soc/intel/atom/sst-atom-controls.c +@@ -1341,7 +1341,7 @@ int sst_send_pipe_gains(struct snd_soc_d + dai->capture_widget->name); + w = dai->capture_widget; + snd_soc_dapm_widget_for_each_source_path(w, p) { +- if (p->connected && !p->connected(w, p->sink)) ++ if (p->connected && !p->connected(w, p->source)) + continue; + + if (p->connect && p->source->power && diff --git a/queue-4.19/asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch b/queue-4.19/asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch new file mode 100644 index 00000000000..945ffba6160 --- /dev/null +++ b/queue-4.19/asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch @@ -0,0 +1,38 @@ +From 3025571edd9df653e1ad649f0638368a39d1bbb5 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Sat, 8 Feb 2020 22:07:20 +0000 +Subject: ASoC: Intel: mrfld: return error codes when an error occurs + +From: Colin Ian King + +commit 3025571edd9df653e1ad649f0638368a39d1bbb5 upstream. + +Currently function sst_platform_get_resources always returns zero and +error return codes set by the function are never returned. Fix this +by returning the error return code in variable ret rather than the +hard coded zero. + +Addresses-Coverity: ("Unused value") +Fixes: f533a035e4da ("ASoC: Intel: mrfld - create separate module for pci part") +Signed-off-by: Colin Ian King +Acked-by: Cezary Rojewski +Acked-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20200208220720.36657-1-colin.king@canonical.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + sound/soc/intel/atom/sst/sst_pci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/intel/atom/sst/sst_pci.c ++++ b/sound/soc/intel/atom/sst/sst_pci.c +@@ -107,7 +107,7 @@ static int sst_platform_get_resources(st + dev_dbg(ctx->dev, "DRAM Ptr %p\n", ctx->dram); + do_release_regions: + pci_release_regions(pci); +- return 0; ++ return ret; + } + + /* diff --git a/queue-4.19/btrfs-check-commit-root-generation-in-should_ignore_root.patch b/queue-4.19/btrfs-check-commit-root-generation-in-should_ignore_root.patch new file mode 100644 index 00000000000..c2bc026aaf1 --- /dev/null +++ b/queue-4.19/btrfs-check-commit-root-generation-in-should_ignore_root.patch @@ -0,0 +1,54 @@ +From 4d4225fc228e46948486d8b8207955f0c031b92e Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Thu, 2 Apr 2020 15:51:18 -0400 +Subject: btrfs: check commit root generation in should_ignore_root + +From: Josef Bacik + +commit 4d4225fc228e46948486d8b8207955f0c031b92e upstream. + +Previously we would set the reloc root's last snapshot to transid - 1. +However there was a problem with doing this, and we changed it to +setting the last snapshot to the generation of the commit node of the fs +root. + +This however broke should_ignore_root(). The assumption is that if we +are in a generation newer than when the reloc root was created, then we +would find the reloc root through normal backref lookups, and thus can +ignore any fs roots we find with an old enough reloc root. + +Now that the last snapshot could be considerably further in the past +than before, we'd end up incorrectly ignoring an fs root. Thus we'd +find no nodes for the bytenr we were searching for, and we'd fail to +relocate anything. We'd loop through the relocate code again and see +that there were still used space in that block group, attempt to +relocate those bytenr's again, fail in the same way, and just loop like +this forever. This is tricky in that we have to not modify the fs root +at all during this time, so we need to have a block group that has data +in this fs root that is not shared by any other root, which is why this +has been difficult to reproduce. + +Fixes: 054570a1dc94 ("Btrfs: fix relocation incorrectly dropping data references") +CC: stable@vger.kernel.org # 4.9+ +Reviewed-by: Filipe Manana +Signed-off-by: Josef Bacik +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman + +--- + fs/btrfs/relocation.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/relocation.c ++++ b/fs/btrfs/relocation.c +@@ -525,8 +525,8 @@ static int should_ignore_root(struct btr + if (!reloc_root) + return 0; + +- if (btrfs_root_last_snapshot(&reloc_root->root_item) == +- root->fs_info->running_transaction->transid - 1) ++ if (btrfs_header_generation(reloc_root->commit_root) == ++ root->fs_info->running_transaction->transid) + return 0; + /* + * if there is reloc tree and it was created in previous diff --git a/queue-4.19/ext4-fix-incorrect-group-count-in-ext4_fill_super-error-message.patch b/queue-4.19/ext4-fix-incorrect-group-count-in-ext4_fill_super-error-message.patch new file mode 100644 index 00000000000..1f93bfcd479 --- /dev/null +++ b/queue-4.19/ext4-fix-incorrect-group-count-in-ext4_fill_super-error-message.patch @@ -0,0 +1,39 @@ +From df41460a21b06a76437af040d90ccee03888e8e5 Mon Sep 17 00:00:00 2001 +From: Josh Triplett +Date: Sat, 28 Mar 2020 14:54:01 -0700 +Subject: ext4: fix incorrect group count in ext4_fill_super error message + +From: Josh Triplett + +commit df41460a21b06a76437af040d90ccee03888e8e5 upstream. + +ext4_fill_super doublechecks the number of groups before mounting; if +that check fails, the resulting error message prints the group count +from the ext4_sb_info sbi, which hasn't been set yet. Print the freshly +computed group count instead (which at that point has just been computed +in "blocks_count"). + +Signed-off-by: Josh Triplett +Fixes: 4ec1102813798 ("ext4: Add sanity checks for the superblock before mounting the filesystem") +Link: https://lore.kernel.org/r/8b957cd1513fcc4550fe675c10bcce2175c33a49.1585431964.git.josh@joshtriplett.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -4162,9 +4162,9 @@ static int ext4_fill_super(struct super_ + EXT4_BLOCKS_PER_GROUP(sb) - 1); + do_div(blocks_count, EXT4_BLOCKS_PER_GROUP(sb)); + if (blocks_count > ((uint64_t)1<<32) - EXT4_DESC_PER_BLOCK(sb)) { +- ext4_msg(sb, KERN_WARNING, "groups count too large: %u " ++ ext4_msg(sb, KERN_WARNING, "groups count too large: %llu " + "(block count %llu, first data block %u, " +- "blocks per group %lu)", sbi->s_groups_count, ++ "blocks per group %lu)", blocks_count, + ext4_blocks_count(es), + le32_to_cpu(es->s_first_data_block), + EXT4_BLOCKS_PER_GROUP(sb)); diff --git a/queue-4.19/ext4-fix-incorrect-inodes-per-group-in-error-message.patch b/queue-4.19/ext4-fix-incorrect-inodes-per-group-in-error-message.patch new file mode 100644 index 00000000000..176daf989c0 --- /dev/null +++ b/queue-4.19/ext4-fix-incorrect-inodes-per-group-in-error-message.patch @@ -0,0 +1,35 @@ +From b9c538da4e52a7b79dfcf4cfa487c46125066dfb Mon Sep 17 00:00:00 2001 +From: Josh Triplett +Date: Sat, 28 Mar 2020 15:34:15 -0700 +Subject: ext4: fix incorrect inodes per group in error message + +From: Josh Triplett + +commit b9c538da4e52a7b79dfcf4cfa487c46125066dfb upstream. + +If ext4_fill_super detects an invalid number of inodes per group, the +resulting error message printed the number of blocks per group, rather +than the number of inodes per group. Fix it to print the correct value. + +Fixes: cd6bb35bf7f6d ("ext4: use more strict checks for inodes_per_block on mount") +Link: https://lore.kernel.org/r/8be03355983a08e5d4eed480944613454d7e2550.1585434649.git.josh@joshtriplett.org +Reviewed-by: Andreas Dilger +Signed-off-by: Josh Triplett +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -4031,7 +4031,7 @@ static int ext4_fill_super(struct super_ + if (sbi->s_inodes_per_group < sbi->s_inodes_per_block || + sbi->s_inodes_per_group > blocksize * 8) { + ext4_msg(sb, KERN_ERR, "invalid inodes per group: %lu\n", +- sbi->s_blocks_per_group); ++ sbi->s_inodes_per_group); + goto failed_mount; + } + sbi->s_itb_per_group = sbi->s_inodes_per_group / diff --git a/queue-4.19/jbd2-improve-comments-about-freeing-data-buffers-whose-page-mapping-is-null.patch b/queue-4.19/jbd2-improve-comments-about-freeing-data-buffers-whose-page-mapping-is-null.patch new file mode 100644 index 00000000000..de4565de796 --- /dev/null +++ b/queue-4.19/jbd2-improve-comments-about-freeing-data-buffers-whose-page-mapping-is-null.patch @@ -0,0 +1,41 @@ +From 780f66e59231fcf882f36c63f287252ee47cc75a Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Mon, 17 Feb 2020 19:27:06 +0800 +Subject: jbd2: improve comments about freeing data buffers whose page mapping is NULL + +From: zhangyi (F) + +commit 780f66e59231fcf882f36c63f287252ee47cc75a upstream. + +Improve comments in jbd2_journal_commit_transaction() to describe why +we don't need to clear the buffer_mapped bit for freeing file mapping +buffers whose page mapping is NULL. + +Link: https://lore.kernel.org/r/20200217112706.20085-1-yi.zhang@huawei.com +Fixes: c96dceeabf76 ("jbd2: do not clear the BH_Mapped flag when forgetting a metadata buffer") +Suggested-by: Jan Kara +Reviewed-by: Jan Kara +Signed-off-by: zhangyi (F) +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/jbd2/commit.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/jbd2/commit.c ++++ b/fs/jbd2/commit.c +@@ -992,9 +992,10 @@ restart_loop: + * journalled data) we need to unmap buffer and clear + * more bits. We also need to be careful about the check + * because the data page mapping can get cleared under +- * out hands, which alse need not to clear more bits +- * because the page and buffers will be freed and can +- * never be reused once we are done with them. ++ * our hands. Note that if mapping == NULL, we don't ++ * need to make buffer unmapped because the page is ++ * already detached from the mapping and buffers cannot ++ * get reused. + */ + mapping = READ_ONCE(bh->b_page->mapping); + if (mapping && !sb_is_blkdev_sb(mapping->host->i_sb)) { diff --git a/queue-4.19/keys-fix-proc_keys_next-to-increase-position-index.patch b/queue-4.19/keys-fix-proc_keys_next-to-increase-position-index.patch new file mode 100644 index 00000000000..da070845bca --- /dev/null +++ b/queue-4.19/keys-fix-proc_keys_next-to-increase-position-index.patch @@ -0,0 +1,70 @@ +From 86d32f9a7c54ad74f4514d7fef7c847883207291 Mon Sep 17 00:00:00 2001 +From: Vasily Averin +Date: Tue, 14 Apr 2020 21:33:16 +0100 +Subject: keys: Fix proc_keys_next to increase position index + +From: Vasily Averin + +commit 86d32f9a7c54ad74f4514d7fef7c847883207291 upstream. + +If seq_file .next function does not change position index, +read after some lseek can generate unexpected output: + + $ dd if=/proc/keys bs=1 # full usual output + 0f6bfdf5 I--Q--- 2 perm 3f010000 1000 1000 user 4af2f79ab8848d0a: 740 + 1fb91b32 I--Q--- 3 perm 1f3f0000 1000 65534 keyring _uid.1000: 2 + 27589480 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16 + 2f33ab67 I--Q--- 152 perm 3f030000 0 0 keyring _ses: 2 + 33f1d8fa I--Q--- 4 perm 3f030000 1000 1000 keyring _ses: 1 + 3d427fda I--Q--- 2 perm 3f010000 1000 1000 user 69ec44aec7678e5a: 740 + 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 + 521+0 records in + 521+0 records out + 521 bytes copied, 0,00123769 s, 421 kB/s + +But a read after lseek in middle of last line results in the partial +last line and then a repeat of the final line: + + $ dd if=/proc/keys bs=500 skip=1 + dd: /proc/keys: cannot skip to specified offset + g _uid_ses.1000: 1 + 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 + 0+1 records in + 0+1 records out + 97 bytes copied, 0,000135035 s, 718 kB/s + +and a read after lseek beyond end of file results in the last line being +shown: + + $ dd if=/proc/keys bs=1000 skip=1 # read after lseek beyond end of file + dd: /proc/keys: cannot skip to specified offset + 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 + 0+1 records in + 0+1 records out + 76 bytes copied, 0,000119981 s, 633 kB/s + +See https://bugzilla.kernel.org/show_bug.cgi?id=206283 + +Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...") +Signed-off-by: Vasily Averin +Signed-off-by: David Howells +Reviewed-by: Jarkko Sakkinen +Cc: stable@vger.kernel.org +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + security/keys/proc.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/security/keys/proc.c ++++ b/security/keys/proc.c +@@ -144,6 +144,8 @@ static void *proc_keys_next(struct seq_f + n = key_serial_next(p, v); + if (n) + *_pos = key_node_serial(n); ++ else ++ (*_pos)++; + return n; + } + diff --git a/queue-4.19/mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch b/queue-4.19/mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch new file mode 100644 index 00000000000..2702b1f0be4 --- /dev/null +++ b/queue-4.19/mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch @@ -0,0 +1,68 @@ +From 7ea862048317aa76d0f22334202779a25530980c Mon Sep 17 00:00:00 2001 +From: Tuomas Tynkkynen +Date: Fri, 10 Apr 2020 15:32:57 +0300 +Subject: mac80211_hwsim: Use kstrndup() in place of kasprintf() + +From: Tuomas Tynkkynen + +commit 7ea862048317aa76d0f22334202779a25530980c upstream. + +syzbot reports a warning: + +precision 33020 too large +WARNING: CPU: 0 PID: 9618 at lib/vsprintf.c:2471 set_precision+0x150/0x180 lib/vsprintf.c:2471 + vsnprintf+0xa7b/0x19a0 lib/vsprintf.c:2547 + kvasprintf+0xb2/0x170 lib/kasprintf.c:22 + kasprintf+0xbb/0xf0 lib/kasprintf.c:59 + hwsim_del_radio_nl+0x63a/0x7e0 drivers/net/wireless/mac80211_hwsim.c:3625 + genl_family_rcv_msg_doit net/netlink/genetlink.c:672 [inline] + ... + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +Thus it seems that kasprintf() with "%.*s" format can not be used for +duplicating a string with arbitrary length. Replace it with kstrndup(). + +Note that later this string is limited to NL80211_WIPHY_NAME_MAXLEN == 64, +but the code is simpler this way. + +Reported-by: syzbot+6693adf1698864d21734@syzkaller.appspotmail.com +Reported-by: syzbot+a4aee3f42d7584d76761@syzkaller.appspotmail.com +Cc: stable@kernel.org +Signed-off-by: Tuomas Tynkkynen +Link: https://lore.kernel.org/r/20200410123257.14559-1-tuomas.tynkkynen@iki.fi +[johannes: add note about length limit] +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/wireless/mac80211_hwsim.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -3327,9 +3327,9 @@ static int hwsim_new_radio_nl(struct sk_ + param.no_vif = true; + + if (info->attrs[HWSIM_ATTR_RADIO_NAME]) { +- hwname = kasprintf(GFP_KERNEL, "%.*s", +- nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), +- (char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME])); ++ hwname = kstrndup((char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]), ++ nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), ++ GFP_KERNEL); + if (!hwname) + return -ENOMEM; + param.hwname = hwname; +@@ -3385,9 +3385,9 @@ static int hwsim_del_radio_nl(struct sk_ + if (info->attrs[HWSIM_ATTR_RADIO_ID]) { + idx = nla_get_u32(info->attrs[HWSIM_ATTR_RADIO_ID]); + } else if (info->attrs[HWSIM_ATTR_RADIO_NAME]) { +- hwname = kasprintf(GFP_KERNEL, "%.*s", +- nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), +- (char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME])); ++ hwname = kstrndup((char *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]), ++ nla_len(info->attrs[HWSIM_ATTR_RADIO_NAME]), ++ GFP_KERNEL); + if (!hwname) + return -ENOMEM; + } else diff --git a/queue-4.19/ovl-fix-value-of-i_ino-for-lower-hardlink-corner-case.patch b/queue-4.19/ovl-fix-value-of-i_ino-for-lower-hardlink-corner-case.patch new file mode 100644 index 00000000000..d26f52c3f1b --- /dev/null +++ b/queue-4.19/ovl-fix-value-of-i_ino-for-lower-hardlink-corner-case.patch @@ -0,0 +1,51 @@ +From 300b124fcf6ad2cd99a7b721e0f096785e0a3134 Mon Sep 17 00:00:00 2001 +From: Amir Goldstein +Date: Tue, 19 Nov 2019 15:36:14 +0200 +Subject: ovl: fix value of i_ino for lower hardlink corner case + +From: Amir Goldstein + +commit 300b124fcf6ad2cd99a7b721e0f096785e0a3134 upstream. + +Commit 6dde1e42f497 ("ovl: make i_ino consistent with st_ino in more +cases"), relaxed the condition nfs_export=on in order to set the value of +i_ino to xino map of real ino. + +Specifically, it also relaxed the pre-condition that index=on for +consistent i_ino. This opened the corner case of lower hardlink in +ovl_get_inode(), which calls ovl_fill_inode() with ino=0 and then +ovl_init_inode() is called to set i_ino to lower real ino without the xino +mapping. + +Pass the correct values of ino;fsid in this case to ovl_fill_inode(), so it +can initialize i_ino correctly. + +Fixes: 6dde1e42f497 ("ovl: make i_ino consistent with st_ino in more ...") +Signed-off-by: Amir Goldstein +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman + +--- + fs/overlayfs/inode.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -884,7 +884,7 @@ struct inode *ovl_get_inode(struct super + struct dentry *lowerdentry = lowerpath ? lowerpath->dentry : NULL; + bool bylower = ovl_hash_bylower(sb, upperdentry, lowerdentry, + oip->index); +- int fsid = bylower ? oip->lowerpath->layer->fsid : 0; ++ int fsid = bylower ? lowerpath->layer->fsid : 0; + bool is_dir, metacopy = false; + unsigned long ino = 0; + int err = oip->newinode ? -EEXIST : -ENOMEM; +@@ -934,6 +934,8 @@ struct inode *ovl_get_inode(struct super + err = -ENOMEM; + goto out_err; + } ++ ino = realinode->i_ino; ++ fsid = lowerpath->layer->fsid; + } + ovl_fill_inode(inode, realinode->i_mode, realinode->i_rdev, ino, fsid); + ovl_inode_init(inode, upperdentry, lowerdentry, oip->lowerdata); diff --git a/queue-4.19/pwm-pca9685-fix-pwm-gpio-inter-operation.patch b/queue-4.19/pwm-pca9685-fix-pwm-gpio-inter-operation.patch new file mode 100644 index 00000000000..18285caadd4 --- /dev/null +++ b/queue-4.19/pwm-pca9685-fix-pwm-gpio-inter-operation.patch @@ -0,0 +1,204 @@ +From 9cc5f232a4b6a0ef6e9b57876d61b88f61bdd7c2 Mon Sep 17 00:00:00 2001 +From: Sven Van Asbroeck +Date: Wed, 1 Apr 2020 19:01:06 +0200 +Subject: pwm: pca9685: Fix PWM/GPIO inter-operation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Sven Van Asbroeck + +commit 9cc5f232a4b6a0ef6e9b57876d61b88f61bdd7c2 upstream. + +This driver allows pwms to be requested as gpios via gpiolib. Obviously, +it should not be allowed to request a GPIO when its corresponding PWM is +already requested (and vice versa). So it requires some exclusion code. + +Given that the PWMm and GPIO cores are not synchronized with respect to +each other, this exclusion code will also require proper +synchronization. + +Such a mechanism was in place, but was inadvertently removed by Uwe's +clean-up in commit e926b12c611c ("pwm: Clear chip_data in pwm_put()"). + +Upon revisiting the synchronization mechanism, we found that +theoretically, it could allow two threads to successfully request +conflicting PWMs/GPIOs. + +Replace with a bitmap which tracks PWMs in-use, plus a mutex. As long as +PWM and GPIO's respective request/free functions modify the in-use +bitmap while holding the mutex, proper synchronization will be +guaranteed. + +Reported-by: YueHaibing +Fixes: e926b12c611c ("pwm: Clear chip_data in pwm_put()") +Cc: Mika Westerberg +Cc: Uwe Kleine-König +Cc: YueHaibing +Link: https://lkml.org/lkml/2019/5/31/963 +Signed-off-by: Sven Van Asbroeck +Reviewed-by: Mika Westerberg +[cg: Tested on an i.MX6Q board with two NXP PCA9685 chips] +Tested-by: Clemens Gruber +Reviewed-by: Sven Van Asbroeck # cg's rebase +Link: https://lore.kernel.org/lkml/20200330160238.GD2817345@ulmo/ +Signed-off-by: Thierry Reding +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/pwm/pwm-pca9685.c | 85 +++++++++++++++++++++++++--------------------- + 1 file changed, 48 insertions(+), 37 deletions(-) + +--- a/drivers/pwm/pwm-pca9685.c ++++ b/drivers/pwm/pwm-pca9685.c +@@ -31,6 +31,7 @@ + #include + #include + #include ++#include + + /* + * Because the PCA9685 has only one prescaler per chip, changing the period of +@@ -85,6 +86,7 @@ struct pca9685 { + #if IS_ENABLED(CONFIG_GPIOLIB) + struct mutex lock; + struct gpio_chip gpio; ++ DECLARE_BITMAP(pwms_inuse, PCA9685_MAXCHAN + 1); + #endif + }; + +@@ -94,51 +96,51 @@ static inline struct pca9685 *to_pca(str + } + + #if IS_ENABLED(CONFIG_GPIOLIB) +-static int pca9685_pwm_gpio_request(struct gpio_chip *gpio, unsigned int offset) ++static bool pca9685_pwm_test_and_set_inuse(struct pca9685 *pca, int pwm_idx) + { +- struct pca9685 *pca = gpiochip_get_data(gpio); +- struct pwm_device *pwm; ++ bool is_inuse; + + mutex_lock(&pca->lock); +- +- pwm = &pca->chip.pwms[offset]; +- +- if (pwm->flags & (PWMF_REQUESTED | PWMF_EXPORTED)) { +- mutex_unlock(&pca->lock); +- return -EBUSY; ++ if (pwm_idx >= PCA9685_MAXCHAN) { ++ /* ++ * "all LEDs" channel: ++ * pretend already in use if any of the PWMs are requested ++ */ ++ if (!bitmap_empty(pca->pwms_inuse, PCA9685_MAXCHAN)) { ++ is_inuse = true; ++ goto out; ++ } ++ } else { ++ /* ++ * regular channel: ++ * pretend already in use if the "all LEDs" channel is requested ++ */ ++ if (test_bit(PCA9685_MAXCHAN, pca->pwms_inuse)) { ++ is_inuse = true; ++ goto out; ++ } + } +- +- pwm_set_chip_data(pwm, (void *)1); +- ++ is_inuse = test_and_set_bit(pwm_idx, pca->pwms_inuse); ++out: + mutex_unlock(&pca->lock); +- pm_runtime_get_sync(pca->chip.dev); +- return 0; ++ return is_inuse; + } + +-static bool pca9685_pwm_is_gpio(struct pca9685 *pca, struct pwm_device *pwm) ++static void pca9685_pwm_clear_inuse(struct pca9685 *pca, int pwm_idx) + { +- bool is_gpio = false; +- + mutex_lock(&pca->lock); ++ clear_bit(pwm_idx, pca->pwms_inuse); ++ mutex_unlock(&pca->lock); ++} + +- if (pwm->hwpwm >= PCA9685_MAXCHAN) { +- unsigned int i; +- +- /* +- * Check if any of the GPIOs are requested and in that case +- * prevent using the "all LEDs" channel. +- */ +- for (i = 0; i < pca->gpio.ngpio; i++) +- if (gpiochip_is_requested(&pca->gpio, i)) { +- is_gpio = true; +- break; +- } +- } else if (pwm_get_chip_data(pwm)) { +- is_gpio = true; +- } ++static int pca9685_pwm_gpio_request(struct gpio_chip *gpio, unsigned int offset) ++{ ++ struct pca9685 *pca = gpiochip_get_data(gpio); + +- mutex_unlock(&pca->lock); +- return is_gpio; ++ if (pca9685_pwm_test_and_set_inuse(pca, offset)) ++ return -EBUSY; ++ pm_runtime_get_sync(pca->chip.dev); ++ return 0; + } + + static int pca9685_pwm_gpio_get(struct gpio_chip *gpio, unsigned int offset) +@@ -173,6 +175,7 @@ static void pca9685_pwm_gpio_free(struct + + pca9685_pwm_gpio_set(gpio, offset, 0); + pm_runtime_put(pca->chip.dev); ++ pca9685_pwm_clear_inuse(pca, offset); + } + + static int pca9685_pwm_gpio_get_direction(struct gpio_chip *chip, +@@ -224,12 +227,17 @@ static int pca9685_pwm_gpio_probe(struct + return devm_gpiochip_add_data(dev, &pca->gpio, pca); + } + #else +-static inline bool pca9685_pwm_is_gpio(struct pca9685 *pca, +- struct pwm_device *pwm) ++static inline bool pca9685_pwm_test_and_set_inuse(struct pca9685 *pca, ++ int pwm_idx) + { + return false; + } + ++static inline void ++pca9685_pwm_clear_inuse(struct pca9685 *pca, int pwm_idx) ++{ ++} ++ + static inline int pca9685_pwm_gpio_probe(struct pca9685 *pca) + { + return 0; +@@ -413,7 +421,7 @@ static int pca9685_pwm_request(struct pw + { + struct pca9685 *pca = to_pca(chip); + +- if (pca9685_pwm_is_gpio(pca, pwm)) ++ if (pca9685_pwm_test_and_set_inuse(pca, pwm->hwpwm)) + return -EBUSY; + pm_runtime_get_sync(chip->dev); + +@@ -422,8 +430,11 @@ static int pca9685_pwm_request(struct pw + + static void pca9685_pwm_free(struct pwm_chip *chip, struct pwm_device *pwm) + { ++ struct pca9685 *pca = to_pca(chip); ++ + pca9685_pwm_disable(chip, pwm); + pm_runtime_put(chip->dev); ++ pca9685_pwm_clear_inuse(pca, pwm->hwpwm); + } + + static const struct pwm_ops pca9685_pwm_ops = { diff --git a/queue-4.19/scsi-ufs-fix-ufshcd_hold-caused-scheduling-while-atomic.patch b/queue-4.19/scsi-ufs-fix-ufshcd_hold-caused-scheduling-while-atomic.patch new file mode 100644 index 00000000000..359cd1e2e12 --- /dev/null +++ b/queue-4.19/scsi-ufs-fix-ufshcd_hold-caused-scheduling-while-atomic.patch @@ -0,0 +1,43 @@ +From c63d6099a7959ecc919b2549dc6b71f53521f819 Mon Sep 17 00:00:00 2001 +From: Can Guo +Date: Mon, 10 Feb 2020 19:40:48 -0800 +Subject: scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic + +From: Can Guo + +commit c63d6099a7959ecc919b2549dc6b71f53521f819 upstream. + +The async version of ufshcd_hold(async == true), which is only called in +queuecommand path as for now, is expected to work in atomic context, thus +it should not sleep or schedule out. When it runs into the condition that +clocks are ON but link is still in hibern8 state, it should bail out +without flushing the clock ungate work. + +Fixes: f2a785ac2312 ("scsi: ufshcd: Fix race between clk scaling and ungate work") +Link: https://lore.kernel.org/r/1581392451-28743-6-git-send-email-cang@codeaurora.org +Reviewed-by: Hongwu Su +Reviewed-by: Asutosh Das +Reviewed-by: Bean Huo +Reviewed-by: Stanley Chu +Signed-off-by: Can Guo +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/ufs/ufshcd.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/scsi/ufs/ufshcd.c ++++ b/drivers/scsi/ufs/ufshcd.c +@@ -1563,6 +1563,11 @@ start: + */ + if (ufshcd_can_hibern8_during_gating(hba) && + ufshcd_is_link_hibern8(hba)) { ++ if (async) { ++ rc = -EAGAIN; ++ hba->clk_gating.active_reqs--; ++ break; ++ } + spin_unlock_irqrestore(hba->host->host_lock, flags); + flush_work(&hba->clk_gating.ungate_work); + spin_lock_irqsave(hba->host->host_lock, flags); diff --git a/queue-4.19/series b/queue-4.19/series index be1992eb567..9a45846c3e5 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -6,3 +6,19 @@ net-qrtr-send-msgs-from-local-of-same-id-as-broadcast.patch net-revert-default-napi-poll-timeout-to-2-jiffies.patch net-stmmac-dwmac-sunxi-provide-tx-and-rx-fifo-sizes.patch net-dsa-mt7530-fix-tagged-frames-pass-through-in-vlan-unaware-mode.patch +ovl-fix-value-of-i_ino-for-lower-hardlink-corner-case.patch +scsi-ufs-fix-ufshcd_hold-caused-scheduling-while-atomic.patch +jbd2-improve-comments-about-freeing-data-buffers-whose-page-mapping-is-null.patch +pwm-pca9685-fix-pwm-gpio-inter-operation.patch +ext4-fix-incorrect-group-count-in-ext4_fill_super-error-message.patch +ext4-fix-incorrect-inodes-per-group-in-error-message.patch +asoc-intel-mrfld-fix-incorrect-check-on-p-sink.patch +asoc-intel-mrfld-return-error-codes-when-an-error-occurs.patch +alsa-usb-audio-filter-error-from-connector-kctl-ops-too.patch +alsa-usb-audio-don-t-override-ignore_ctl_error-value-from-the-map.patch +alsa-usb-audio-don-t-create-jack-controls-for-pcm-terminals.patch +alsa-usb-audio-check-mapping-at-creating-connector-controls-too.patch +keys-fix-proc_keys_next-to-increase-position-index.patch +tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch +btrfs-check-commit-root-generation-in-should_ignore_root.patch +mac80211_hwsim-use-kstrndup-in-place-of-kasprintf.patch diff --git a/queue-4.19/tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch b/queue-4.19/tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch new file mode 100644 index 00000000000..217a4ec151e --- /dev/null +++ b/queue-4.19/tracing-fix-the-race-between-registering-snapshot-event-trigger-and-triggering-snapshot-operation.patch @@ -0,0 +1,56 @@ +From 0bbe7f719985efd9adb3454679ecef0984cb6800 Mon Sep 17 00:00:00 2001 +From: Xiao Yang +Date: Tue, 14 Apr 2020 09:51:45 +0800 +Subject: tracing: Fix the race between registering 'snapshot' event trigger and triggering 'snapshot' operation + +From: Xiao Yang + +commit 0bbe7f719985efd9adb3454679ecef0984cb6800 upstream. + +Traced event can trigger 'snapshot' operation(i.e. calls snapshot_trigger() +or snapshot_count_trigger()) when register_snapshot_trigger() has completed +registration but doesn't allocate buffer for 'snapshot' event trigger. In +the rare case, 'snapshot' operation always detects the lack of allocated +buffer so make register_snapshot_trigger() allocate buffer first. + +trigger-snapshot.tc in kselftest reproduces the issue on slow vm: +----------------------------------------------------------- +cat trace +... +ftracetest-3028 [002] .... 236.784290: sched_process_fork: comm=ftracetest pid=3028 child_comm=ftracetest child_pid=3036 + <...>-2875 [003] .... 240.460335: tracing_snapshot_instance_cond: *** SNAPSHOT NOT ALLOCATED *** + <...>-2875 [003] .... 240.460338: tracing_snapshot_instance_cond: *** stopping trace here! *** +----------------------------------------------------------- + +Link: http://lkml.kernel.org/r/20200414015145.66236-1-yangx.jy@cn.fujitsu.com + +Cc: stable@vger.kernel.org +Fixes: 93e31ffbf417a ("tracing: Add 'snapshot' event trigger command") +Signed-off-by: Xiao Yang +Signed-off-by: Steven Rostedt (VMware) +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/trace/trace_events_trigger.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +--- a/kernel/trace/trace_events_trigger.c ++++ b/kernel/trace/trace_events_trigger.c +@@ -1081,14 +1081,10 @@ register_snapshot_trigger(char *glob, st + struct event_trigger_data *data, + struct trace_event_file *file) + { +- int ret = register_trigger(glob, ops, data, file); ++ if (tracing_alloc_snapshot_instance(file->tr) != 0) ++ return 0; + +- if (ret > 0 && tracing_alloc_snapshot_instance(file->tr) != 0) { +- unregister_trigger(glob, ops, data, file); +- ret = 0; +- } +- +- return ret; ++ return register_trigger(glob, ops, data, file); + } + + static int