From: Greg Kroah-Hartman Date: Sun, 29 Dec 2019 16:10:13 +0000 (+0100) Subject: 4.19-stable patches X-Git-Tag: v4.14.161~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=87d43dcdc42cf73674875ec4eacd17dd2f2473c5;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ext4-check-for-directory-entries-too-close-to-block-end.patch ext4-fix-ext4_empty_dir-for-directories-with-holes.patch ext4-unlock-on-error-in-ext4_expand_extra_isize.patch kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch nbd-fix-shutdown-and-recv-work-deadlock-v2.patch powerpc-irq-fix-stack-overflow-verification.patch powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch --- diff --git a/queue-4.19/ext4-check-for-directory-entries-too-close-to-block-end.patch b/queue-4.19/ext4-check-for-directory-entries-too-close-to-block-end.patch new file mode 100644 index 00000000000..ecfa4a7e0f5 --- /dev/null +++ b/queue-4.19/ext4-check-for-directory-entries-too-close-to-block-end.patch @@ -0,0 +1,39 @@ +From 109ba779d6cca2d519c5dd624a3276d03e21948e Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Mon, 2 Dec 2019 18:02:13 +0100 +Subject: ext4: check for directory entries too close to block end + +From: Jan Kara + +commit 109ba779d6cca2d519c5dd624a3276d03e21948e upstream. + +ext4_check_dir_entry() currently does not catch a case when a directory +entry ends so close to the block end that the header of the next +directory entry would not fit in the remaining space. This can lead to +directory iteration code trying to access address beyond end of current +buffer head leading to oops. + +CC: stable@vger.kernel.org +Signed-off-by: Jan Kara +Link: https://lore.kernel.org/r/20191202170213.4761-3-jack@suse.cz +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/dir.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/fs/ext4/dir.c ++++ b/fs/ext4/dir.c +@@ -77,6 +77,11 @@ int __ext4_check_dir_entry(const char *f + error_msg = "rec_len is too small for name_len"; + else if (unlikely(((char *) de - buf) + rlen > size)) + error_msg = "directory entry overrun"; ++ else if (unlikely(((char *) de - buf) + rlen > ++ size - EXT4_DIR_REC_LEN(1) && ++ ((char *) de - buf) + rlen != size)) { ++ error_msg = "directory entry too close to block end"; ++ } + else if (unlikely(le32_to_cpu(de->inode) > + le32_to_cpu(EXT4_SB(dir->i_sb)->s_es->s_inodes_count))) + error_msg = "inode out of bounds"; diff --git a/queue-4.19/ext4-fix-ext4_empty_dir-for-directories-with-holes.patch b/queue-4.19/ext4-fix-ext4_empty_dir-for-directories-with-holes.patch new file mode 100644 index 00000000000..4545fb83ba7 --- /dev/null +++ b/queue-4.19/ext4-fix-ext4_empty_dir-for-directories-with-holes.patch @@ -0,0 +1,97 @@ +From 64d4ce892383b2ad6d782e080d25502f91bf2a38 Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Mon, 2 Dec 2019 18:02:12 +0100 +Subject: ext4: fix ext4_empty_dir() for directories with holes + +From: Jan Kara + +commit 64d4ce892383b2ad6d782e080d25502f91bf2a38 upstream. + +Function ext4_empty_dir() doesn't correctly handle directories with +holes and crashes on bh->b_data dereference when bh is NULL. Reorganize +the loop to use 'offset' variable all the times instead of comparing +pointers to current direntry with bh->b_data pointer. Also add more +strict checking of '.' and '..' directory entries to avoid entering loop +in possibly invalid state on corrupted filesystems. + +References: CVE-2019-19037 +CC: stable@vger.kernel.org +Fixes: 4e19d6b65fb4 ("ext4: allow directory holes") +Signed-off-by: Jan Kara +Link: https://lore.kernel.org/r/20191202170213.4761-2-jack@suse.cz +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/namei.c | 32 ++++++++++++++++++-------------- + 1 file changed, 18 insertions(+), 14 deletions(-) + +--- a/fs/ext4/namei.c ++++ b/fs/ext4/namei.c +@@ -2693,7 +2693,7 @@ bool ext4_empty_dir(struct inode *inode) + { + unsigned int offset; + struct buffer_head *bh; +- struct ext4_dir_entry_2 *de, *de1; ++ struct ext4_dir_entry_2 *de; + struct super_block *sb; + + if (ext4_has_inline_data(inode)) { +@@ -2718,19 +2718,25 @@ bool ext4_empty_dir(struct inode *inode) + return true; + + de = (struct ext4_dir_entry_2 *) bh->b_data; +- de1 = ext4_next_entry(de, sb->s_blocksize); +- if (le32_to_cpu(de->inode) != inode->i_ino || +- le32_to_cpu(de1->inode) == 0 || +- strcmp(".", de->name) || strcmp("..", de1->name)) { +- ext4_warning_inode(inode, "directory missing '.' and/or '..'"); ++ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, ++ 0) || ++ le32_to_cpu(de->inode) != inode->i_ino || strcmp(".", de->name)) { ++ ext4_warning_inode(inode, "directory missing '.'"); + brelse(bh); + return true; + } +- offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize) + +- ext4_rec_len_from_disk(de1->rec_len, sb->s_blocksize); +- de = ext4_next_entry(de1, sb->s_blocksize); ++ offset = ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); ++ de = ext4_next_entry(de, sb->s_blocksize); ++ if (ext4_check_dir_entry(inode, NULL, de, bh, bh->b_data, bh->b_size, ++ offset) || ++ le32_to_cpu(de->inode) == 0 || strcmp("..", de->name)) { ++ ext4_warning_inode(inode, "directory missing '..'"); ++ brelse(bh); ++ return true; ++ } ++ offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); + while (offset < inode->i_size) { +- if ((void *) de >= (void *) (bh->b_data+sb->s_blocksize)) { ++ if (!(offset & (sb->s_blocksize - 1))) { + unsigned int lblock; + brelse(bh); + lblock = offset >> EXT4_BLOCK_SIZE_BITS(sb); +@@ -2741,12 +2747,11 @@ bool ext4_empty_dir(struct inode *inode) + } + if (IS_ERR(bh)) + return true; +- de = (struct ext4_dir_entry_2 *) bh->b_data; + } ++ de = (struct ext4_dir_entry_2 *) (bh->b_data + ++ (offset & (sb->s_blocksize - 1))); + if (ext4_check_dir_entry(inode, NULL, de, bh, + bh->b_data, bh->b_size, offset)) { +- de = (struct ext4_dir_entry_2 *)(bh->b_data + +- sb->s_blocksize); + offset = (offset | (sb->s_blocksize - 1)) + 1; + continue; + } +@@ -2755,7 +2760,6 @@ bool ext4_empty_dir(struct inode *inode) + return false; + } + offset += ext4_rec_len_from_disk(de->rec_len, sb->s_blocksize); +- de = ext4_next_entry(de, sb->s_blocksize); + } + brelse(bh); + return true; diff --git a/queue-4.19/ext4-unlock-on-error-in-ext4_expand_extra_isize.patch b/queue-4.19/ext4-unlock-on-error-in-ext4_expand_extra_isize.patch new file mode 100644 index 00000000000..10d9dcaec43 --- /dev/null +++ b/queue-4.19/ext4-unlock-on-error-in-ext4_expand_extra_isize.patch @@ -0,0 +1,43 @@ +From 7f420d64a08c1dcd65b27be82a27cf2bdb2e7847 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 13 Dec 2019 21:50:11 +0300 +Subject: ext4: unlock on error in ext4_expand_extra_isize() + +From: Dan Carpenter + +commit 7f420d64a08c1dcd65b27be82a27cf2bdb2e7847 upstream. + +We need to unlock the xattr before returning on this error path. + +Cc: stable@kernel.org # 4.13 +Fixes: c03b45b853f5 ("ext4, project: expand inode extra size if possible") +Signed-off-by: Dan Carpenter +Link: https://lore.kernel.org/r/20191213185010.6k7yl2tck3wlsdkt@kili.mountain +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/inode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -6027,7 +6027,7 @@ int ext4_expand_extra_isize(struct inode + error = ext4_journal_get_write_access(handle, iloc->bh); + if (error) { + brelse(iloc->bh); +- goto out_stop; ++ goto out_unlock; + } + + error = __ext4_expand_extra_isize(inode, new_extra_isize, iloc, +@@ -6037,8 +6037,8 @@ int ext4_expand_extra_isize(struct inode + if (!error) + error = rc; + ++out_unlock: + ext4_write_unlock_xattr(inode, &no_expand); +-out_stop: + ext4_journal_stop(handle); + return error; + } diff --git a/queue-4.19/kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch b/queue-4.19/kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch new file mode 100644 index 00000000000..2416bb5654a --- /dev/null +++ b/queue-4.19/kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch @@ -0,0 +1,58 @@ +From 1ce74e96c2407df2b5867e5d45a70aacb8923c14 Mon Sep 17 00:00:00 2001 +From: Will Deacon +Date: Thu, 12 Dec 2019 09:40:49 +0000 +Subject: KVM: arm64: Ensure 'params' is initialised when looking up sys register +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Will Deacon + +commit 1ce74e96c2407df2b5867e5d45a70aacb8923c14 upstream. + +Commit 4b927b94d5df ("KVM: arm/arm64: vgic: Introduce find_reg_by_id()") +introduced 'find_reg_by_id()', which looks up a system register only if +the 'id' index parameter identifies a valid system register. As part of +the patch, existing callers of 'find_reg()' were ported over to the new +interface, but this breaks 'index_to_sys_reg_desc()' in the case that the +initial lookup in the vCPU target table fails because we will then call +into 'find_reg()' for the system register table with an uninitialised +'param' as the key to the lookup. + +GCC 10 is bright enough to spot this (amongst a tonne of false positives, +but hey!): + + | arch/arm64/kvm/sys_regs.c: In function ‘index_to_sys_reg_desc.part.0.isra’: + | arch/arm64/kvm/sys_regs.c:983:33: warning: ‘params.Op2’ may be used uninitialized in this function [-Wmaybe-uninitialized] + | 983 | (u32)(x)->CRn, (u32)(x)->CRm, (u32)(x)->Op2); + | [...] + +Revert the hunk of 4b927b94d5df which breaks 'index_to_sys_reg_desc()' so +that the old behaviour of checking the index upfront is restored. + +Fixes: 4b927b94d5df ("KVM: arm/arm64: vgic: Introduce find_reg_by_id()") +Signed-off-by: Will Deacon +Signed-off-by: Marc Zyngier +Cc: +Link: https://lore.kernel.org/r/20191212094049.12437-1-will@kernel.org +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/kvm/sys_regs.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/arm64/kvm/sys_regs.c ++++ b/arch/arm64/kvm/sys_regs.c +@@ -2174,8 +2174,11 @@ static const struct sys_reg_desc *index_ + if ((id & KVM_REG_ARM_COPROC_MASK) != KVM_REG_ARM64_SYSREG) + return NULL; + ++ if (!index_to_params(id, ¶ms)) ++ return NULL; ++ + table = get_target_table(vcpu->arch.target, true, &num); +- r = find_reg_by_id(id, ¶ms, table, num); ++ r = find_reg(¶ms, table, num); + if (!r) + r = find_reg(¶ms, sys_reg_descs, ARRAY_SIZE(sys_reg_descs)); + diff --git a/queue-4.19/mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch b/queue-4.19/mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch new file mode 100644 index 00000000000..1669c7e99ed --- /dev/null +++ b/queue-4.19/mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch @@ -0,0 +1,51 @@ +From 75d27ea1abf7af3cc2cdec3513e74f52191605c8 Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Tue, 17 Dec 2019 11:53:49 +0200 +Subject: mmc: sdhci: Add a quirk for broken command queuing + +From: Adrian Hunter + +commit 75d27ea1abf7af3cc2cdec3513e74f52191605c8 upstream. + +Command queuing has been reported broken on some systems based on Intel +GLK. A separate patch disables command queuing in some cases. + +This patch adds a quirk for broken command queuing, which enables users +with problems to disable command queuing using sdhci module parameters for +quirks. + +Fixes: 8ee82bda230f ("mmc: sdhci-pci: Add CQHCI support for Intel GLK") +Signed-off-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20191217095349.14592-2-adrian.hunter@intel.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci.c | 3 +++ + drivers/mmc/host/sdhci.h | 2 ++ + 2 files changed, 5 insertions(+) + +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -3549,6 +3549,9 @@ int sdhci_setup_host(struct sdhci_host * + mmc_hostname(mmc), host->version); + } + ++ if (host->quirks & SDHCI_QUIRK_BROKEN_CQE) ++ mmc->caps2 &= ~MMC_CAP2_CQE; ++ + if (host->quirks & SDHCI_QUIRK_FORCE_DMA) + host->flags |= SDHCI_USE_SDMA; + else if (!(host->caps & SDHCI_CAN_DO_SDMA)) +--- a/drivers/mmc/host/sdhci.h ++++ b/drivers/mmc/host/sdhci.h +@@ -391,6 +391,8 @@ struct sdhci_host { + #define SDHCI_QUIRK_BROKEN_CARD_DETECTION (1<<15) + /* Controller reports inverted write-protect state */ + #define SDHCI_QUIRK_INVERTED_WRITE_PROTECT (1<<16) ++/* Controller has unusable command queue engine */ ++#define SDHCI_QUIRK_BROKEN_CQE (1<<17) + /* Controller does not like fast PIO transfers */ + #define SDHCI_QUIRK_PIO_NEEDS_DELAY (1<<18) + /* Controller has to be forced to use block size of 2048 bytes */ diff --git a/queue-4.19/mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch b/queue-4.19/mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch new file mode 100644 index 00000000000..3fbd3d3ca79 --- /dev/null +++ b/queue-4.19/mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch @@ -0,0 +1,116 @@ +From fa56ac9792265354b565f28def7164e7d7db2b1e Mon Sep 17 00:00:00 2001 +From: Veerabhadrarao Badiganti +Date: Tue, 26 Nov 2019 10:19:16 +0000 +Subject: mmc: sdhci-msm: Correct the offset and value for DDR_CONFIG register + +From: Veerabhadrarao Badiganti + +commit fa56ac9792265354b565f28def7164e7d7db2b1e upstream. + +The DDR_CONFIG register offset got updated after a specific +minor version of sdcc V4. This offset change has not been properly +taken care of while updating register changes for sdcc V5. + +Correcting proper offset for this register. +Also updating this register value to reflect the recommended RCLK +delay. + +Signed-off-by: Veerabhadrarao Badiganti +Link: https://lore.kernel.org/r/0101016ea738ec72-fa0f852d-20f8-474a-80b2-4b0ef63b132c-000000@us-west-2.amazonses.com +Fixes: f15358885dda ("mmc: sdhci-msm: Define new Register address map") +Cc: stable@vger.kernel.org +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-msm.c | 28 +++++++++++++++++++--------- + 1 file changed, 19 insertions(+), 9 deletions(-) + +--- a/drivers/mmc/host/sdhci-msm.c ++++ b/drivers/mmc/host/sdhci-msm.c +@@ -108,7 +108,7 @@ + + #define CORE_PWRSAVE_DLL BIT(3) + +-#define DDR_CONFIG_POR_VAL 0x80040853 ++#define DDR_CONFIG_POR_VAL 0x80040873 + + + #define INVALID_TUNING_PHASE -1 +@@ -157,8 +157,9 @@ struct sdhci_msm_offset { + u32 core_ddr_200_cfg; + u32 core_vendor_spec3; + u32 core_dll_config_2; ++ u32 core_dll_config_3; ++ u32 core_ddr_config_old; /* Applicable to sdcc minor ver < 0x49 */ + u32 core_ddr_config; +- u32 core_ddr_config_2; + }; + + static const struct sdhci_msm_offset sdhci_msm_v5_offset = { +@@ -186,8 +187,8 @@ static const struct sdhci_msm_offset sdh + .core_ddr_200_cfg = 0x224, + .core_vendor_spec3 = 0x250, + .core_dll_config_2 = 0x254, +- .core_ddr_config = 0x258, +- .core_ddr_config_2 = 0x25c, ++ .core_dll_config_3 = 0x258, ++ .core_ddr_config = 0x25c, + }; + + static const struct sdhci_msm_offset sdhci_msm_mci_offset = { +@@ -216,8 +217,8 @@ static const struct sdhci_msm_offset sdh + .core_ddr_200_cfg = 0x184, + .core_vendor_spec3 = 0x1b0, + .core_dll_config_2 = 0x1b4, +- .core_ddr_config = 0x1b8, +- .core_ddr_config_2 = 0x1bc, ++ .core_ddr_config_old = 0x1b8, ++ .core_ddr_config = 0x1bc, + }; + + struct sdhci_msm_variant_ops { +@@ -260,6 +261,7 @@ struct sdhci_msm_host { + const struct sdhci_msm_offset *offset; + bool use_cdr; + u32 transfer_mode; ++ bool updated_ddr_cfg; + }; + + static const struct sdhci_msm_offset *sdhci_priv_msm_offset(struct sdhci_host *host) +@@ -931,8 +933,10 @@ out: + static int sdhci_msm_cm_dll_sdc4_calibration(struct sdhci_host *host) + { + struct mmc_host *mmc = host->mmc; +- u32 dll_status, config; ++ u32 dll_status, config, ddr_cfg_offset; + int ret; ++ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); ++ struct sdhci_msm_host *msm_host = sdhci_pltfm_priv(pltfm_host); + const struct sdhci_msm_offset *msm_offset = + sdhci_priv_msm_offset(host); + +@@ -945,8 +949,11 @@ static int sdhci_msm_cm_dll_sdc4_calibra + * bootloaders. In the future, if this changes, then the desired + * values will need to be programmed appropriately. + */ +- writel_relaxed(DDR_CONFIG_POR_VAL, host->ioaddr + +- msm_offset->core_ddr_config); ++ if (msm_host->updated_ddr_cfg) ++ ddr_cfg_offset = msm_offset->core_ddr_config; ++ else ++ ddr_cfg_offset = msm_offset->core_ddr_config_old; ++ writel_relaxed(DDR_CONFIG_POR_VAL, host->ioaddr + ddr_cfg_offset); + + if (mmc->ios.enhanced_strobe) { + config = readl_relaxed(host->ioaddr + +@@ -1862,6 +1869,9 @@ static int sdhci_msm_probe(struct platfo + msm_offset->core_vendor_spec_capabilities0); + } + ++ if (core_major == 1 && core_minor >= 0x49) ++ msm_host->updated_ddr_cfg = true; ++ + /* + * Power on reset state may trigger power irq if previous status of + * PWRCTL was either BUS_ON or IO_HIGH_V. So before enabling pwr irq diff --git a/queue-4.19/mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch b/queue-4.19/mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch new file mode 100644 index 00000000000..59a19e29a1e --- /dev/null +++ b/queue-4.19/mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch @@ -0,0 +1,47 @@ +From fe0acab448f68c3146235afe03fb932e242ec94c Mon Sep 17 00:00:00 2001 +From: Yangbo Lu +Date: Mon, 16 Dec 2019 11:18:42 +0800 +Subject: mmc: sdhci-of-esdhc: fix P2020 errata handling + +From: Yangbo Lu + +commit fe0acab448f68c3146235afe03fb932e242ec94c upstream. + +Two previous patches introduced below quirks for P2020 platforms. +- SDHCI_QUIRK_RESET_AFTER_REQUEST +- SDHCI_QUIRK_BROKEN_TIMEOUT_VAL + +The patches made a mistake to add them in quirks2 of sdhci_host +structure, while they were defined for quirks. + host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST; + host->quirks2 |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL; + +This patch is to fix them. + host->quirks |= SDHCI_QUIRK_RESET_AFTER_REQUEST; + host->quirks |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL; + +Fixes: 05cb6b2a66fa ("mmc: sdhci-of-esdhc: add erratum eSDHC-A001 and A-008358 support") +Fixes: a46e42712596 ("mmc: sdhci-of-esdhc: add erratum eSDHC5 support") +Signed-off-by: Yangbo Lu +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20191216031842.40068-1-yangbo.lu@nxp.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-of-esdhc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/mmc/host/sdhci-of-esdhc.c ++++ b/drivers/mmc/host/sdhci-of-esdhc.c +@@ -923,8 +923,8 @@ static int sdhci_esdhc_probe(struct plat + host->quirks &= ~SDHCI_QUIRK_NO_BUSY_IRQ; + + if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc")) { +- host->quirks2 |= SDHCI_QUIRK_RESET_AFTER_REQUEST; +- host->quirks2 |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL; ++ host->quirks |= SDHCI_QUIRK_RESET_AFTER_REQUEST; ++ host->quirks |= SDHCI_QUIRK_BROKEN_TIMEOUT_VAL; + } + + if (of_device_is_compatible(np, "fsl,p5040-esdhc") || diff --git a/queue-4.19/mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch b/queue-4.19/mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch new file mode 100644 index 00000000000..14cb6dc5543 --- /dev/null +++ b/queue-4.19/mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch @@ -0,0 +1,50 @@ +From 8b6dc6b2d60221e90703babbc141f063b8a07e72 Mon Sep 17 00:00:00 2001 +From: Rasmus Villemoes +Date: Wed, 4 Dec 2019 09:54:46 +0100 +Subject: mmc: sdhci-of-esdhc: Revert "mmc: sdhci-of-esdhc: add erratum A-009204 support" + +From: Rasmus Villemoes + +commit 8b6dc6b2d60221e90703babbc141f063b8a07e72 upstream. + +This reverts commit 5dd195522562542bc6ebe6e7bd47890d8b7ca93c. + +First, the fix seems to be plain wrong, since the erratum suggests +waiting 5ms before setting setting SYSCTL[RSTD], but this msleep() +happens after the call of sdhci_reset() which is where that bit gets +set (if SDHCI_RESET_DATA is in mask). + +Second, walking the whole device tree to figure out if some node has a +"fsl,p2020-esdhc" compatible string is hugely expensive - about 70 to +100 us on our mpc8309 board. Walking the device tree is done under a +raw_spin_lock, so this is obviously really bad on an -rt system, and a +waste of time on all. + +In fact, since esdhc_reset() seems to get called around 100 times per +second, that mpc8309 now spends 0.8% of its time determining that +it is not a p2020. Whether those 100 calls/s are normal or due to some +other bug or misconfiguration, regularly hitting a 100 us +non-preemptible window is unacceptable. + +Signed-off-by: Rasmus Villemoes +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20191204085447.27491-1-linux@rasmusvillemoes.dk +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-of-esdhc.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/mmc/host/sdhci-of-esdhc.c ++++ b/drivers/mmc/host/sdhci-of-esdhc.c +@@ -648,9 +648,6 @@ static void esdhc_reset(struct sdhci_hos + sdhci_writel(host, host->ier, SDHCI_INT_ENABLE); + sdhci_writel(host, host->ier, SDHCI_SIGNAL_ENABLE); + +- if (of_find_compatible_node(NULL, NULL, "fsl,p2020-esdhc")) +- mdelay(5); +- + if (mask & SDHCI_RESET_ALL) { + val = sdhci_readl(host, ESDHC_TBCTL); + val &= ~ESDHC_TB_EN; diff --git a/queue-4.19/mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch b/queue-4.19/mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch new file mode 100644 index 00000000000..45752bfe9ae --- /dev/null +++ b/queue-4.19/mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch @@ -0,0 +1,43 @@ +From 2c92dd20304f505b6ef43d206fff21bda8f1f0ae Mon Sep 17 00:00:00 2001 +From: Faiz Abbas +Date: Fri, 6 Dec 2019 17:13:26 +0530 +Subject: mmc: sdhci: Update the tuning failed messages to pr_debug level + +From: Faiz Abbas + +commit 2c92dd20304f505b6ef43d206fff21bda8f1f0ae upstream. + +Tuning support in DDR50 speed mode was added in SD Specifications Part1 +Physical Layer Specification v3.01. Its not possible to distinguish +between v3.00 and v3.01 from the SCR and that is why since +commit 4324f6de6d2e ("mmc: core: enable CMD19 tuning for DDR50 mode") +tuning failures are ignored in DDR50 speed mode. + +Cards compatible with v3.00 don't respond to CMD19 in DDR50 and this +error gets printed during enumeration and also if retune is triggered at +any time during operation. Update the printk level to pr_debug so that +these errors don't lead to false error reports. + +Signed-off-by: Faiz Abbas +Cc: stable@vger.kernel.org # v4.4+ +Link: https://lore.kernel.org/r/20191206114326.15856-1-faiz_abbas@ti.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/mmc/host/sdhci.c ++++ b/drivers/mmc/host/sdhci.c +@@ -2244,8 +2244,8 @@ static void __sdhci_execute_tuning(struc + sdhci_send_tuning(host, opcode); + + if (!host->tuning_done) { +- pr_info("%s: Tuning timeout, falling back to fixed sampling clock\n", +- mmc_hostname(host->mmc)); ++ pr_debug("%s: Tuning timeout, falling back to fixed sampling clock\n", ++ mmc_hostname(host->mmc)); + sdhci_abort_tuning(host, opcode); + return; + } diff --git a/queue-4.19/mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch b/queue-4.19/mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch new file mode 100644 index 00000000000..abf9948c3ce --- /dev/null +++ b/queue-4.19/mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch @@ -0,0 +1,54 @@ +From bedf9fc01ff1f40cfd1a79ccacedd9f3cd8e652a Mon Sep 17 00:00:00 2001 +From: Adrian Hunter +Date: Tue, 17 Dec 2019 11:53:48 +0200 +Subject: mmc: sdhci: Workaround broken command queuing on Intel GLK + +From: Adrian Hunter + +commit bedf9fc01ff1f40cfd1a79ccacedd9f3cd8e652a upstream. + +Command queuing has been reported broken on some Lenovo systems based on +Intel GLK. This is likely a BIOS issue, so disable command queuing for +Intel GLK if the BIOS vendor string is "LENOVO". + +Fixes: 8ee82bda230f ("mmc: sdhci-pci: Add CQHCI support for Intel GLK") +Signed-off-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20191217095349.14592-1-adrian.hunter@intel.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/sdhci-pci-core.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/drivers/mmc/host/sdhci-pci-core.c ++++ b/drivers/mmc/host/sdhci-pci-core.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + + #include "cqhci.h" + +@@ -732,11 +733,18 @@ static int byt_emmc_probe_slot(struct sd + return 0; + } + ++static bool glk_broken_cqhci(struct sdhci_pci_slot *slot) ++{ ++ return slot->chip->pdev->device == PCI_DEVICE_ID_INTEL_GLK_EMMC && ++ dmi_match(DMI_BIOS_VENDOR, "LENOVO"); ++} ++ + static int glk_emmc_probe_slot(struct sdhci_pci_slot *slot) + { + int ret = byt_emmc_probe_slot(slot); + +- slot->host->mmc->caps2 |= MMC_CAP2_CQE; ++ if (!glk_broken_cqhci(slot)) ++ slot->host->mmc->caps2 |= MMC_CAP2_CQE; + + if (slot->chip->pdev->device != PCI_DEVICE_ID_INTEL_GLK_EMMC) { + slot->host->mmc->caps2 |= MMC_CAP2_HS400_ES, diff --git a/queue-4.19/nbd-fix-shutdown-and-recv-work-deadlock-v2.patch b/queue-4.19/nbd-fix-shutdown-and-recv-work-deadlock-v2.patch new file mode 100644 index 00000000000..fa187016000 --- /dev/null +++ b/queue-4.19/nbd-fix-shutdown-and-recv-work-deadlock-v2.patch @@ -0,0 +1,55 @@ +From 1c05839aa973cfae8c3db964a21f9c0eef8fcc21 Mon Sep 17 00:00:00 2001 +From: Mike Christie +Date: Sun, 8 Dec 2019 16:51:50 -0600 +Subject: nbd: fix shutdown and recv work deadlock v2 + +From: Mike Christie + +commit 1c05839aa973cfae8c3db964a21f9c0eef8fcc21 upstream. + +This fixes a regression added with: + +commit e9e006f5fcf2bab59149cb38a48a4817c1b538b4 +Author: Mike Christie +Date: Sun Aug 4 14:10:06 2019 -0500 + + nbd: fix max number of supported devs + +where we can deadlock during device shutdown. The problem occurs if +the recv_work's nbd_config_put occurs after nbd_start_device_ioctl has +returned and the userspace app has droppped its reference via closing +the device and running nbd_release. The recv_work nbd_config_put call +would then drop the refcount to zero and try to destroy the config which +would try to do destroy_workqueue from the recv work. + +This patch just has nbd_start_device_ioctl do a flush_workqueue when it +wakes so we know after the ioctl returns running works have exited. This +also fixes a possible race where we could try to reuse the device while +old recv_works are still running. + +Cc: stable@vger.kernel.org +Fixes: e9e006f5fcf2 ("nbd: fix max number of supported devs") +Signed-off-by: Mike Christie +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/nbd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/block/nbd.c ++++ b/drivers/block/nbd.c +@@ -1247,10 +1247,10 @@ static int nbd_start_device_ioctl(struct + mutex_unlock(&nbd->config_lock); + ret = wait_event_interruptible(config->recv_wq, + atomic_read(&config->recv_threads) == 0); +- if (ret) { ++ if (ret) + sock_shutdown(nbd); +- flush_workqueue(nbd->recv_workq); +- } ++ flush_workqueue(nbd->recv_workq); ++ + mutex_lock(&nbd->config_lock); + nbd_bdev_reset(bdev); + /* user requested, ignore socket errors */ diff --git a/queue-4.19/powerpc-irq-fix-stack-overflow-verification.patch b/queue-4.19/powerpc-irq-fix-stack-overflow-verification.patch new file mode 100644 index 00000000000..586a0730c85 --- /dev/null +++ b/queue-4.19/powerpc-irq-fix-stack-overflow-verification.patch @@ -0,0 +1,50 @@ +From 099bc4812f09155da77eeb960a983470249c9ce1 Mon Sep 17 00:00:00 2001 +From: Christophe Leroy +Date: Mon, 9 Dec 2019 06:19:08 +0000 +Subject: powerpc/irq: fix stack overflow verification + +From: Christophe Leroy + +commit 099bc4812f09155da77eeb960a983470249c9ce1 upstream. + +Before commit 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of +the irq stack"), check_stack_overflow() was called by do_IRQ(), before +switching to the irq stack. +In that commit, do_IRQ() was renamed __do_irq(), and is now executing +on the irq stack, so check_stack_overflow() has just become almost +useless. + +Move check_stack_overflow() call in do_IRQ() to do the check while +still on the current stack. + +Fixes: 0366a1c70b89 ("powerpc/irq: Run softirqs off the top of the irq stack") +Cc: stable@vger.kernel.org +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/e033aa8116ab12b7ca9a9c75189ad0741e3b9b5f.1575872340.git.christophe.leroy@c-s.fr +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/kernel/irq.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/powerpc/kernel/irq.c ++++ b/arch/powerpc/kernel/irq.c +@@ -634,8 +634,6 @@ void __do_irq(struct pt_regs *regs) + + trace_irq_entry(regs); + +- check_stack_overflow(); +- + /* + * Query the platform PIC for the interrupt & ack it. + * +@@ -667,6 +665,8 @@ void do_IRQ(struct pt_regs *regs) + irqtp = hardirq_ctx[raw_smp_processor_id()]; + sirqtp = softirq_ctx[raw_smp_processor_id()]; + ++ check_stack_overflow(); ++ + /* Already there ? */ + if (unlikely(curtp == irqtp || curtp == sirqtp)) { + __do_irq(regs); diff --git a/queue-4.19/powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch b/queue-4.19/powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch new file mode 100644 index 00000000000..efd769f0e6f --- /dev/null +++ b/queue-4.19/powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch @@ -0,0 +1,160 @@ +From 14c73bd344da60abaf7da3ea2e7733ddda35bbac Mon Sep 17 00:00:00 2001 +From: Srikar Dronamraju +Date: Thu, 5 Dec 2019 14:02:17 +0530 +Subject: powerpc/vcpu: Assume dedicated processors as non-preempt + +From: Srikar Dronamraju + +commit 14c73bd344da60abaf7da3ea2e7733ddda35bbac upstream. + +With commit 247f2f6f3c70 ("sched/core: Don't schedule threads on +pre-empted vCPUs"), the scheduler avoids preempted vCPUs to schedule +tasks on wakeup. This leads to wrong choice of CPU, which in-turn +leads to larger wakeup latencies. Eventually, it leads to performance +regression in latency sensitive benchmarks like soltp, schbench etc. + +On Powerpc, vcpu_is_preempted() only looks at yield_count. If the +yield_count is odd, the vCPU is assumed to be preempted. However +yield_count is increased whenever the LPAR enters CEDE state (idle). +So any CPU that has entered CEDE state is assumed to be preempted. + +Even if vCPU of dedicated LPAR is preempted/donated, it should have +right of first-use since they are supposed to own the vCPU. + +On a Power9 System with 32 cores: + # lscpu + Architecture: ppc64le + Byte Order: Little Endian + CPU(s): 128 + On-line CPU(s) list: 0-127 + Thread(s) per core: 8 + Core(s) per socket: 1 + Socket(s): 16 + NUMA node(s): 2 + Model: 2.2 (pvr 004e 0202) + Model name: POWER9 (architected), altivec supported + Hypervisor vendor: pHyp + Virtualization type: para + L1d cache: 32K + L1i cache: 32K + L2 cache: 512K + L3 cache: 10240K + NUMA node0 CPU(s): 0-63 + NUMA node1 CPU(s): 64-127 + + # perf stat -a -r 5 ./schbench + v5.4 v5.4 + patch + Latency percentiles (usec) Latency percentiles (usec) + 50.0000th: 45 50.0th: 45 + 75.0000th: 62 75.0th: 63 + 90.0000th: 71 90.0th: 74 + 95.0000th: 77 95.0th: 78 + *99.0000th: 91 *99.0th: 82 + 99.5000th: 707 99.5th: 83 + 99.9000th: 6920 99.9th: 86 + min=0, max=10048 min=0, max=96 + Latency percentiles (usec) Latency percentiles (usec) + 50.0000th: 45 50.0th: 46 + 75.0000th: 61 75.0th: 64 + 90.0000th: 72 90.0th: 75 + 95.0000th: 79 95.0th: 79 + *99.0000th: 691 *99.0th: 83 + 99.5000th: 3972 99.5th: 85 + 99.9000th: 8368 99.9th: 91 + min=0, max=16606 min=0, max=117 + Latency percentiles (usec) Latency percentiles (usec) + 50.0000th: 45 50.0th: 46 + 75.0000th: 61 75.0th: 64 + 90.0000th: 71 90.0th: 75 + 95.0000th: 77 95.0th: 79 + *99.0000th: 106 *99.0th: 83 + 99.5000th: 2364 99.5th: 84 + 99.9000th: 7480 99.9th: 90 + min=0, max=10001 min=0, max=95 + Latency percentiles (usec) Latency percentiles (usec) + 50.0000th: 45 50.0th: 47 + 75.0000th: 62 75.0th: 65 + 90.0000th: 72 90.0th: 75 + 95.0000th: 78 95.0th: 79 + *99.0000th: 93 *99.0th: 84 + 99.5000th: 108 99.5th: 85 + 99.9000th: 6792 99.9th: 90 + min=0, max=17681 min=0, max=117 + Latency percentiles (usec) Latency percentiles (usec) + 50.0000th: 46 50.0th: 45 + 75.0000th: 62 75.0th: 64 + 90.0000th: 73 90.0th: 75 + 95.0000th: 79 95.0th: 79 + *99.0000th: 113 *99.0th: 82 + 99.5000th: 2724 99.5th: 83 + 99.9000th: 6184 99.9th: 93 + min=0, max=9887 min=0, max=111 + + Performance counter stats for 'system wide' (5 runs): + + context-switches 43,373 ( +- 0.40% ) 44,597 ( +- 0.55% ) + cpu-migrations 1,211 ( +- 5.04% ) 220 ( +- 6.23% ) + page-faults 15,983 ( +- 5.21% ) 15,360 ( +- 3.38% ) + +Waiman Long suggested using static_keys. + +Fixes: 247f2f6f3c70 ("sched/core: Don't schedule threads on pre-empted vCPUs") +Cc: stable@vger.kernel.org # v4.18+ +Reported-by: Parth Shah +Reported-by: Ihor Pasichnyk +Tested-by: Juri Lelli +Acked-by: Waiman Long +Reviewed-by: Gautham R. Shenoy +Signed-off-by: Srikar Dronamraju +Acked-by: Phil Auld +Reviewed-by: Vaidyanathan Srinivasan +Tested-by: Parth Shah +[mpe: Move the key and setting of the key to pseries/setup.c] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20191213035036.6913-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman + +--- + arch/powerpc/include/asm/spinlock.h | 4 +++- + arch/powerpc/platforms/pseries/setup.c | 7 +++++++ + 2 files changed, 10 insertions(+), 1 deletion(-) + +--- a/arch/powerpc/include/asm/spinlock.h ++++ b/arch/powerpc/include/asm/spinlock.h +@@ -53,10 +53,12 @@ + #endif + + #ifdef CONFIG_PPC_PSERIES ++DECLARE_STATIC_KEY_FALSE(shared_processor); ++ + #define vcpu_is_preempted vcpu_is_preempted + static inline bool vcpu_is_preempted(int cpu) + { +- if (!firmware_has_feature(FW_FEATURE_SPLPAR)) ++ if (!static_branch_unlikely(&shared_processor)) + return false; + return !!(be32_to_cpu(lppaca_of(cpu).yield_count) & 1); + } +--- a/arch/powerpc/platforms/pseries/setup.c ++++ b/arch/powerpc/platforms/pseries/setup.c +@@ -75,6 +75,9 @@ + #include "pseries.h" + #include "../../../../drivers/pci/pci.h" + ++DEFINE_STATIC_KEY_FALSE(shared_processor); ++EXPORT_SYMBOL_GPL(shared_processor); ++ + int CMO_PrPSP = -1; + int CMO_SecPSP = -1; + unsigned long CMO_PageSize = (ASM_CONST(1) << IOMMU_PAGE_SHIFT_4K); +@@ -761,6 +764,10 @@ static void __init pSeries_setup_arch(vo + + if (firmware_has_feature(FW_FEATURE_LPAR)) { + vpa_init(boot_cpuid); ++ ++ if (lppaca_shared_proc(get_lppaca())) ++ static_branch_enable(&shared_processor); ++ + ppc_md.power_save = pseries_lpar_idle; + ppc_md.enable_pmcs = pseries_lpar_enable_pmcs; + #ifdef CONFIG_PCI_IOV diff --git a/queue-4.19/series b/queue-4.19/series index 93ee2b36c69..9fa20bfb458 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -202,3 +202,18 @@ intel_th-pci-add-comet-lake-pch-v-support.patch intel_th-pci-add-elkhart-lake-soc-support.patch platform-x86-hp-wmi-make-buffer-for-hpwmi_feature2_query-128-bytes.patch staging-comedi-gsc_hpdi-check-dma_alloc_coherent-return-value.patch +ext4-fix-ext4_empty_dir-for-directories-with-holes.patch +ext4-check-for-directory-entries-too-close-to-block-end.patch +ext4-unlock-on-error-in-ext4_expand_extra_isize.patch +kvm-arm64-ensure-params-is-initialised-when-looking-up-sys-register.patch +x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch +x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch +powerpc-vcpu-assume-dedicated-processors-as-non-preempt.patch +powerpc-irq-fix-stack-overflow-verification.patch +mmc-sdhci-msm-correct-the-offset-and-value-for-ddr_config-register.patch +mmc-sdhci-of-esdhc-revert-mmc-sdhci-of-esdhc-add-erratum-a-009204-support.patch +mmc-sdhci-update-the-tuning-failed-messages-to-pr_debug-level.patch +mmc-sdhci-of-esdhc-fix-p2020-errata-handling.patch +mmc-sdhci-workaround-broken-command-queuing-on-intel-glk.patch +mmc-sdhci-add-a-quirk-for-broken-command-queuing.patch +nbd-fix-shutdown-and-recv-work-deadlock-v2.patch diff --git a/queue-4.19/x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch b/queue-4.19/x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch new file mode 100644 index 00000000000..b24c076058d --- /dev/null +++ b/queue-4.19/x86-mce-amd-allow-reserved-types-to-be-overwritten-in-smca_banks.patch @@ -0,0 +1,96 @@ +From 966af20929ac24360ba3fac5533eb2ab003747da Mon Sep 17 00:00:00 2001 +From: Yazen Ghannam +Date: Thu, 21 Nov 2019 08:15:08 -0600 +Subject: x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks[] + +From: Yazen Ghannam + +commit 966af20929ac24360ba3fac5533eb2ab003747da upstream. + +Each logical CPU in Scalable MCA systems controls a unique set of MCA +banks in the system. These banks are not shared between CPUs. The bank +types and ordering will be the same across CPUs on currently available +systems. + +However, some CPUs may see a bank as Reserved/Read-as-Zero (RAZ) while +other CPUs do not. In this case, the bank seen as Reserved on one CPU is +assumed to be the same type as the bank seen as a known type on another +CPU. + +In general, this occurs when the hardware represented by the MCA bank +is disabled, e.g. disabled memory controllers on certain models, etc. +The MCA bank is disabled in the hardware, so there is no possibility of +getting an MCA/MCE from it even if it is assumed to have a known type. + +For example: + +Full system: + Bank | Type seen on CPU0 | Type seen on CPU1 + ------------------------------------------------ + 0 | LS | LS + 1 | UMC | UMC + 2 | CS | CS + +System with hardware disabled: + Bank | Type seen on CPU0 | Type seen on CPU1 + ------------------------------------------------ + 0 | LS | LS + 1 | UMC | RAZ + 2 | CS | CS + +For this reason, there is a single, global struct smca_banks[] that is +initialized at boot time. This array is initialized on each CPU as it +comes online. However, the array will not be updated if an entry already +exists. + +This works as expected when the first CPU (usually CPU0) has all +possible MCA banks enabled. But if the first CPU has a subset, then it +will save a "Reserved" type in smca_banks[]. Successive CPUs will then +not be able to update smca_banks[] even if they encounter a known bank +type. + +This may result in unexpected behavior. Depending on the system +configuration, a user may observe issues enumerating the MCA +thresholding sysfs interface. The issues may be as trivial as sysfs +entries not being available, or as severe as system hangs. + +For example: + + Bank | Type seen on CPU0 | Type seen on CPU1 + ------------------------------------------------ + 0 | LS | LS + 1 | RAZ | UMC + 2 | CS | CS + +Extend the smca_banks[] entry check to return if the entry is a +non-reserved type. Otherwise, continue so that CPUs that encounter a +known bank type can update smca_banks[]. + +Fixes: 68627a697c19 ("x86/mce/AMD, EDAC/mce_amd: Enumerate Reserved SMCA bank type") +Signed-off-by: Yazen Ghannam +Signed-off-by: Borislav Petkov +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: x86-ml +Link: https://lkml.kernel.org/r/20191121141508.141273-1-Yazen.Ghannam@amd.com +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -228,7 +228,7 @@ static void smca_configure(unsigned int + } + + /* Return early if this bank was already initialized. */ +- if (smca_banks[bank].hwid) ++ if (smca_banks[bank].hwid && smca_banks[bank].hwid->hwid_mcatype != 0) + return; + + if (rdmsr_safe(MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) { diff --git a/queue-4.19/x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch b/queue-4.19/x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch new file mode 100644 index 00000000000..a077651acb2 --- /dev/null +++ b/queue-4.19/x86-mce-amd-do-not-use-rdmsr_safe_on_cpu-in-smca_configure.patch @@ -0,0 +1,73 @@ +From 246ff09f89e54fdf740a8d496176c86743db3ec7 Mon Sep 17 00:00:00 2001 +From: Konstantin Khlebnikov +Date: Thu, 31 Oct 2019 16:04:48 +0300 +Subject: x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() + +From: Konstantin Khlebnikov + +commit 246ff09f89e54fdf740a8d496176c86743db3ec7 upstream. + +... because interrupts are disabled that early and sending IPIs can +deadlock: + + BUG: sleeping function called from invalid context at kernel/sched/completion.c:99 + in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 + no locks held by swapper/1/0. + irq event stamp: 0 + hardirqs last enabled at (0): [<0000000000000000>] 0x0 + hardirqs last disabled at (0): [] copy_process+0x8b9/0x1ca0 + softirqs last enabled at (0): [] copy_process+0x8b9/0x1ca0 + softirqs last disabled at (0): [<0000000000000000>] 0x0 + Preemption disabled at: + [] start_secondary+0x3b/0x190 + CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.5.0-rc2+ #1 + Hardware name: GIGABYTE MZ01-CE1-00/MZ01-CE1-00, BIOS F02 08/29/2018 + Call Trace: + dump_stack + ___might_sleep.cold.92 + wait_for_completion + ? generic_exec_single + rdmsr_safe_on_cpu + ? wrmsr_on_cpus + mce_amd_feature_init + mcheck_cpu_init + identify_cpu + identify_secondary_cpu + smp_store_cpu_info + start_secondary + secondary_startup_64 + +The function smca_configure() is called only on the current CPU anyway, +therefore replace rdmsr_safe_on_cpu() with atomic rdmsr_safe() and avoid +the IPI. + + [ bp: Update commit message. ] + +Signed-off-by: Konstantin Khlebnikov +Signed-off-by: Borislav Petkov +Reviewed-by: Yazen Ghannam +Cc: "H. Peter Anvin" +Cc: Ingo Molnar +Cc: linux-edac +Cc: +Cc: Thomas Gleixner +Cc: Tony Luck +Cc: x86-ml +Link: https://lkml.kernel.org/r/157252708836.3876.4604398213417262402.stgit@buzz +Signed-off-by: Greg Kroah-Hartman + +--- + arch/x86/kernel/cpu/mcheck/mce_amd.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/x86/kernel/cpu/mcheck/mce_amd.c ++++ b/arch/x86/kernel/cpu/mcheck/mce_amd.c +@@ -231,7 +231,7 @@ static void smca_configure(unsigned int + if (smca_banks[bank].hwid) + return; + +- if (rdmsr_safe_on_cpu(cpu, MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) { ++ if (rdmsr_safe(MSR_AMD64_SMCA_MCx_IPID(bank), &low, &high)) { + pr_warn("Failed to read MCA_IPID for bank %d\n", bank); + return; + }