From: Sasha Levin Date: Fri, 1 May 2020 04:38:56 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v5.4.37~18 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9b197a7edcd17af5cb1a735f551138e0585a0696;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm64-delete-the-space-separator-in-__emit_inst.patch b/queue-4.14/arm64-delete-the-space-separator-in-__emit_inst.patch new file mode 100644 index 00000000000..71ed3374ee0 --- /dev/null +++ b/queue-4.14/arm64-delete-the-space-separator-in-__emit_inst.patch @@ -0,0 +1,69 @@ +From 1f6e1fca89a173045c8621c4b8604d2b9bca0d69 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Apr 2020 09:32:55 -0700 +Subject: arm64: Delete the space separator in __emit_inst + +From: Fangrui Song + +[ Upstream commit c9a4ef66450145a356a626c833d3d7b1668b3ded ] + +In assembly, many instances of __emit_inst(x) expand to a directive. In +a few places __emit_inst(x) is used as an assembler macro argument. For +example, in arch/arm64/kvm/hyp/entry.S + + ALTERNATIVE(nop, SET_PSTATE_PAN(1), ARM64_HAS_PAN, CONFIG_ARM64_PAN) + +expands to the following by the C preprocessor: + + alternative_insn nop, .inst (0xd500401f | ((0) << 16 | (4) << 5) | ((!!1) << 8)), 4, 1 + +Both comma and space are separators, with an exception that content +inside a pair of parentheses/quotes is not split, so the clang +integrated assembler splits the arguments to: + + nop, .inst, (0xd500401f | ((0) << 16 | (4) << 5) | ((!!1) << 8)), 4, 1 + +GNU as preprocesses the input with do_scrub_chars(). Its arm64 backend +(along with many other non-x86 backends) sees: + + alternative_insn nop,.inst(0xd500401f|((0)<<16|(4)<<5)|((!!1)<<8)),4,1 + # .inst(...) is parsed as one argument + +while its x86 backend sees: + + alternative_insn nop,.inst (0xd500401f|((0)<<16|(4)<<5)|((!!1)<<8)),4,1 + # The extra space before '(' makes the whole .inst (...) parsed as two arguments + +The non-x86 backend's behavior is considered unintentional +(https://sourceware.org/bugzilla/show_bug.cgi?id=25750). +So drop the space separator inside `.inst (...)` to make the clang +integrated assembler work. + +Suggested-by: Ilie Halip +Signed-off-by: Fangrui Song +Reviewed-by: Mark Rutland +Link: https://github.com/ClangBuiltLinux/linux/issues/939 +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/sysreg.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/sysreg.h b/arch/arm64/include/asm/sysreg.h +index 50a89bcf9072e..2564dd429ab68 100644 +--- a/arch/arm64/include/asm/sysreg.h ++++ b/arch/arm64/include/asm/sysreg.h +@@ -60,7 +60,9 @@ + #ifndef CONFIG_BROKEN_GAS_INST + + #ifdef __ASSEMBLY__ +-#define __emit_inst(x) .inst (x) ++// The space separator is omitted so that __emit_inst(x) can be parsed as ++// either an assembler directive or an assembler macro argument. ++#define __emit_inst(x) .inst(x) + #else + #define __emit_inst(x) ".inst " __stringify((x)) "\n\t" + #endif +-- +2.20.1 + diff --git a/queue-4.14/bpf-x86-fix-encoding-for-lower-8-bit-registers-in-bp.patch b/queue-4.14/bpf-x86-fix-encoding-for-lower-8-bit-registers-in-bp.patch new file mode 100644 index 00000000000..7b9c8f9fe51 --- /dev/null +++ b/queue-4.14/bpf-x86-fix-encoding-for-lower-8-bit-registers-in-bp.patch @@ -0,0 +1,79 @@ +From d7277844a3b4d99883e6c3b391bc28883aaf0452 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 18 Apr 2020 16:26:53 -0700 +Subject: bpf, x86: Fix encoding for lower 8-bit registers in BPF_STX BPF_B + +From: Luke Nelson + +[ Upstream commit aee194b14dd2b2bde6252b3acf57d36dccfc743a ] + +This patch fixes an encoding bug in emit_stx for BPF_B when the source +register is BPF_REG_FP. + +The current implementation for BPF_STX BPF_B in emit_stx saves one REX +byte when the operands can be encoded using Mod-R/M alone. The lower 8 +bits of registers %rax, %rbx, %rcx, and %rdx can be accessed without using +a REX prefix via %al, %bl, %cl, and %dl, respectively. Other registers, +(e.g., %rsi, %rdi, %rbp, %rsp) require a REX prefix to use their 8-bit +equivalents (%sil, %dil, %bpl, %spl). + +The current code checks if the source for BPF_STX BPF_B is BPF_REG_1 +or BPF_REG_2 (which map to %rdi and %rsi), in which case it emits the +required REX prefix. However, it misses the case when the source is +BPF_REG_FP (mapped to %rbp). + +The result is that BPF_STX BPF_B with BPF_REG_FP as the source operand +will read from register %ch instead of the correct %bpl. This patch fixes +the problem by fixing and refactoring the check on which registers need +the extra REX byte. Since no BPF registers map to %rsp, there is no need +to handle %spl. + +Fixes: 622582786c9e0 ("net: filter: x86: internal BPF JIT") +Signed-off-by: Xi Wang +Signed-off-by: Luke Nelson +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20200418232655.23870-1-luke.r.nels@gmail.com +Signed-off-by: Sasha Levin +--- + arch/x86/net/bpf_jit_comp.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c +index cdb386fa71013..0415c0cd4a191 100644 +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -153,6 +153,19 @@ static bool is_ereg(u32 reg) + BIT(BPF_REG_AX)); + } + ++/* ++ * is_ereg_8l() == true if BPF register 'reg' is mapped to access x86-64 ++ * lower 8-bit registers dil,sil,bpl,spl,r8b..r15b, which need extra byte ++ * of encoding. al,cl,dl,bl have simpler encoding. ++ */ ++static bool is_ereg_8l(u32 reg) ++{ ++ return is_ereg(reg) || ++ (1 << reg) & (BIT(BPF_REG_1) | ++ BIT(BPF_REG_2) | ++ BIT(BPF_REG_FP)); ++} ++ + /* add modifiers if 'reg' maps to x64 registers r8..r15 */ + static u8 add_1mod(u8 byte, u32 reg) + { +@@ -770,9 +783,8 @@ st: if (is_imm8(insn->off)) + /* STX: *(u8*)(dst_reg + off) = src_reg */ + case BPF_STX | BPF_MEM | BPF_B: + /* emit 'mov byte ptr [rax + off], al' */ +- if (is_ereg(dst_reg) || is_ereg(src_reg) || +- /* have to add extra byte for x86 SIL, DIL regs */ +- src_reg == BPF_REG_1 || src_reg == BPF_REG_2) ++ if (is_ereg(dst_reg) || is_ereg_8l(src_reg)) ++ /* Add extra byte for eregs or SIL,DIL,BPL in src_reg */ + EMIT2(add_2mod(0x40, dst_reg, src_reg), 0x88); + else + EMIT1(0x88); +-- +2.20.1 + diff --git a/queue-4.14/ext4-convert-bug_on-s-to-warn_on-s-in-mballoc.c.patch b/queue-4.14/ext4-convert-bug_on-s-to-warn_on-s-in-mballoc.c.patch new file mode 100644 index 00000000000..874c684fbd0 --- /dev/null +++ b/queue-4.14/ext4-convert-bug_on-s-to-warn_on-s-in-mballoc.c.patch @@ -0,0 +1,52 @@ +From db2f7cb0280cf5c3f90ed6bc100764a0bc888622 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Apr 2020 23:33:05 -0400 +Subject: ext4: convert BUG_ON's to WARN_ON's in mballoc.c + +From: Theodore Ts'o + +[ Upstream commit 907ea529fc4c3296701d2bfc8b831dd2a8121a34 ] + +If the in-core buddy bitmap gets corrupted (or out of sync with the +block bitmap), issue a WARN_ON and try to recover. In most cases this +involves skipping trying to allocate out of a particular block group. +We can end up declaring the file system corrupted, which is fair, +since the file system probably should be checked before we proceed any +further. + +Link: https://lore.kernel.org/r/20200414035649.293164-1-tytso@mit.edu +Google-Bug-Id: 34811296 +Google-Bug-Id: 34639169 +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/mballoc.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c +index 745a89d30a57a..d7cedfaa1cc08 100644 +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -1952,7 +1952,8 @@ void ext4_mb_complex_scan_group(struct ext4_allocation_context *ac, + int free; + + free = e4b->bd_info->bb_free; +- BUG_ON(free <= 0); ++ if (WARN_ON(free <= 0)) ++ return; + + i = e4b->bd_info->bb_first_free; + +@@ -1973,7 +1974,8 @@ void ext4_mb_complex_scan_group(struct ext4_allocation_context *ac, + } + + mb_find_extent(e4b, i, ac->ac_g_ex.fe_len, &ex); +- BUG_ON(ex.fe_len <= 0); ++ if (WARN_ON(ex.fe_len <= 0)) ++ break; + if (free < ex.fe_len) { + ext4_grp_locked_error(sb, e4b->bd_group, 0, 0, + "%d free clusters as per " +-- +2.20.1 + diff --git a/queue-4.14/ext4-increase-wait-time-needed-before-reuse-of-delet.patch b/queue-4.14/ext4-increase-wait-time-needed-before-reuse-of-delet.patch new file mode 100644 index 00000000000..afbcbe369bd --- /dev/null +++ b/queue-4.14/ext4-increase-wait-time-needed-before-reuse-of-delet.patch @@ -0,0 +1,40 @@ +From 78e45f0d4434b368a84f377f47f312876ac76b0f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Apr 2020 22:30:52 -0400 +Subject: ext4: increase wait time needed before reuse of deleted inode numbers + +From: Theodore Ts'o + +[ Upstream commit a17a9d935dc4a50acefaf319d58030f1da7f115a ] + +Current wait times have proven to be too short to protect against inode +reuses that lead to metadata inconsistencies. + +Now that we will retry the inode allocation if we can't find any +recently deleted inodes, it's a lot safer to increase the recently +deleted time from 5 seconds to a minute. + +Link: https://lore.kernel.org/r/20200414023925.273867-1-tytso@mit.edu +Google-Bug-Id: 36602237 +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/ialloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c +index 2a480c0ef1bc1..96efe53855a0b 100644 +--- a/fs/ext4/ialloc.c ++++ b/fs/ext4/ialloc.c +@@ -673,7 +673,7 @@ static int find_group_other(struct super_block *sb, struct inode *parent, + * block has been written back to disk. (Yes, these values are + * somewhat arbitrary...) + */ +-#define RECENTCY_MIN 5 ++#define RECENTCY_MIN 60 + #define RECENTCY_DIRTY 300 + + static int recently_deleted(struct super_block *sb, ext4_group_t group, int ino) +-- +2.20.1 + diff --git a/queue-4.14/ext4-use-matching-invalidatepage-in-ext4_writepage.patch b/queue-4.14/ext4-use-matching-invalidatepage-in-ext4_writepage.patch new file mode 100644 index 00000000000..6c793abcd5b --- /dev/null +++ b/queue-4.14/ext4-use-matching-invalidatepage-in-ext4_writepage.patch @@ -0,0 +1,40 @@ +From 55c84801a528e4528e33a95d1fa605149f0d7f2c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Feb 2020 12:10:02 +0800 +Subject: ext4: use matching invalidatepage in ext4_writepage + +From: yangerkun + +[ Upstream commit c2a559bc0e7ed5a715ad6b947025b33cb7c05ea7 ] + +Run generic/388 with journal data mode sometimes may trigger the warning +in ext4_invalidatepage. Actually, we should use the matching invalidatepage +in ext4_writepage. + +Signed-off-by: yangerkun +Signed-off-by: Theodore Ts'o +Reviewed-by: Ritesh Harjani +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20200226041002.13914-1-yangerkun@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 5b0d5ca2c2b2a..0cbb241488ec3 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -2123,7 +2123,7 @@ static int ext4_writepage(struct page *page, + bool keep_towrite = false; + + if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb)))) { +- ext4_invalidatepage(page, 0, PAGE_SIZE); ++ inode->i_mapping->a_ops->invalidatepage(page, 0, PAGE_SIZE); + unlock_page(page); + return -EIO; + } +-- +2.20.1 + diff --git a/queue-4.14/hwmon-jc42-fix-name-to-have-no-illegal-characters.patch b/queue-4.14/hwmon-jc42-fix-name-to-have-no-illegal-characters.patch new file mode 100644 index 00000000000..a0a1ccecc48 --- /dev/null +++ b/queue-4.14/hwmon-jc42-fix-name-to-have-no-illegal-characters.patch @@ -0,0 +1,43 @@ +From f82968adfeaf85970fa6810a9532cc3fcdafccdb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Apr 2020 11:28:53 +0200 +Subject: hwmon: (jc42) Fix name to have no illegal characters + +From: Sascha Hauer + +[ Upstream commit c843b382e61b5f28a3d917712c69a344f632387c ] + +The jc42 driver passes I2C client's name as hwmon device name. In case +of device tree probed devices this ends up being part of the compatible +string, "jc-42.4-temp". This name contains hyphens and the hwmon core +doesn't like this: + +jc42 2-0018: hwmon: 'jc-42.4-temp' is not a valid name attribute, please fix + +This changes the name to "jc42" which doesn't have any illegal +characters. + +Signed-off-by: Sascha Hauer +Link: https://lore.kernel.org/r/20200417092853.31206-1-s.hauer@pengutronix.de +Signed-off-by: Guenter Roeck +Signed-off-by: Sasha Levin +--- + drivers/hwmon/jc42.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/hwmon/jc42.c b/drivers/hwmon/jc42.c +index e5234f953a6d1..b6e5aaa54963d 100644 +--- a/drivers/hwmon/jc42.c ++++ b/drivers/hwmon/jc42.c +@@ -527,7 +527,7 @@ static int jc42_probe(struct i2c_client *client, const struct i2c_device_id *id) + } + data->config = config; + +- hwmon_dev = devm_hwmon_device_register_with_info(dev, client->name, ++ hwmon_dev = devm_hwmon_device_register_with_info(dev, "jc42", + data, &jc42_chip_info, + NULL); + return PTR_ERR_OR_ZERO(hwmon_dev); +-- +2.20.1 + diff --git a/queue-4.14/objtool-fix-config_ubsan_trap-unreachable-warnings.patch b/queue-4.14/objtool-fix-config_ubsan_trap-unreachable-warnings.patch new file mode 100644 index 00000000000..1de9a088ac6 --- /dev/null +++ b/queue-4.14/objtool-fix-config_ubsan_trap-unreachable-warnings.patch @@ -0,0 +1,69 @@ +From 6c524b4ed8bddce5822bda738b1774eff8a61052 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Apr 2020 13:23:25 -0500 +Subject: objtool: Fix CONFIG_UBSAN_TRAP unreachable warnings + +From: Josh Poimboeuf + +[ Upstream commit bd841d6154f5f41f8a32d3c1b0bc229e326e640a ] + +CONFIG_UBSAN_TRAP causes GCC to emit a UD2 whenever it encounters an +unreachable code path. This includes __builtin_unreachable(). Because +the BUG() macro uses __builtin_unreachable() after it emits its own UD2, +this results in a double UD2. In this case objtool rightfully detects +that the second UD2 is unreachable: + + init/main.o: warning: objtool: repair_env_string()+0x1c8: unreachable instruction + +We weren't able to figure out a way to get rid of the double UD2s, so +just silence the warning. + +Reported-by: Randy Dunlap +Signed-off-by: Josh Poimboeuf +Signed-off-by: Borislav Petkov +Reviewed-by: Kees Cook +Reviewed-by: Miroslav Benes +Acked-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/6653ad73c6b59c049211bd7c11ed3809c20ee9f5.1585761021.git.jpoimboe@redhat.com +Signed-off-by: Sasha Levin +--- + tools/objtool/check.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) + +diff --git a/tools/objtool/check.c b/tools/objtool/check.c +index ccd5319d1284c..04fc04b4ab67e 100644 +--- a/tools/objtool/check.c ++++ b/tools/objtool/check.c +@@ -2062,14 +2062,27 @@ static bool ignore_unreachable_insn(struct instruction *insn) + !strcmp(insn->sec->name, ".altinstr_aux")) + return true; + ++ if (!insn->func) ++ return false; ++ ++ /* ++ * CONFIG_UBSAN_TRAP inserts a UD2 when it sees ++ * __builtin_unreachable(). The BUG() macro has an unreachable() after ++ * the UD2, which causes GCC's undefined trap logic to emit another UD2 ++ * (or occasionally a JMP to UD2). ++ */ ++ if (list_prev_entry(insn, list)->dead_end && ++ (insn->type == INSN_BUG || ++ (insn->type == INSN_JUMP_UNCONDITIONAL && ++ insn->jump_dest && insn->jump_dest->type == INSN_BUG))) ++ return true; ++ + /* + * Check if this (or a subsequent) instruction is related to + * CONFIG_UBSAN or CONFIG_KASAN. + * + * End the search at 5 instructions to avoid going into the weeds. + */ +- if (!insn->func) +- return false; + for (i = 0; i < 5; i++) { + + if (is_kasan_insn(insn) || is_ubsan_insn(insn)) +-- +2.20.1 + diff --git a/queue-4.14/objtool-support-clang-non-section-symbols-in-orc-dum.patch b/queue-4.14/objtool-support-clang-non-section-symbols-in-orc-dum.patch new file mode 100644 index 00000000000..d5a484a289d --- /dev/null +++ b/queue-4.14/objtool-support-clang-non-section-symbols-in-orc-dum.patch @@ -0,0 +1,111 @@ +From e5fe0a681309ce5c219278dd99766cfdc4ca0019 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Apr 2020 13:23:26 -0500 +Subject: objtool: Support Clang non-section symbols in ORC dump + +From: Josh Poimboeuf + +[ Upstream commit 8782e7cab51b6bf01a5a86471dd82228af1ac185 ] + +Historically, the relocation symbols for ORC entries have only been +section symbols: + + .text+0: sp:sp+8 bp:(und) type:call end:0 + +However, the Clang assembler is aggressive about stripping section +symbols. In that case we will need to use function symbols: + + freezing_slow_path+0: sp:sp+8 bp:(und) type:call end:0 + +In preparation for the generation of such entries in "objtool orc +generate", add support for reading them in "objtool orc dump". + +Signed-off-by: Josh Poimboeuf +Signed-off-by: Borislav Petkov +Reviewed-by: Miroslav Benes +Acked-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/b811b5eb1a42602c3b523576dc5efab9ad1c174d.1585761021.git.jpoimboe@redhat.com +Signed-off-by: Sasha Levin +--- + tools/objtool/orc_dump.c | 44 ++++++++++++++++++++++++---------------- + 1 file changed, 27 insertions(+), 17 deletions(-) + +diff --git a/tools/objtool/orc_dump.c b/tools/objtool/orc_dump.c +index c3343820916a6..7cbbbdd932f1d 100644 +--- a/tools/objtool/orc_dump.c ++++ b/tools/objtool/orc_dump.c +@@ -78,7 +78,7 @@ int orc_dump(const char *_objname) + char *name; + size_t nr_sections; + Elf64_Addr orc_ip_addr = 0; +- size_t shstrtab_idx; ++ size_t shstrtab_idx, strtab_idx = 0; + Elf *elf; + Elf_Scn *scn; + GElf_Shdr sh; +@@ -139,6 +139,8 @@ int orc_dump(const char *_objname) + + if (!strcmp(name, ".symtab")) { + symtab = data; ++ } else if (!strcmp(name, ".strtab")) { ++ strtab_idx = i; + } else if (!strcmp(name, ".orc_unwind")) { + orc = data->d_buf; + orc_size = sh.sh_size; +@@ -150,7 +152,7 @@ int orc_dump(const char *_objname) + } + } + +- if (!symtab || !orc || !orc_ip) ++ if (!symtab || !strtab_idx || !orc || !orc_ip) + return 0; + + if (orc_size % sizeof(*orc) != 0) { +@@ -171,21 +173,29 @@ int orc_dump(const char *_objname) + return -1; + } + +- scn = elf_getscn(elf, sym.st_shndx); +- if (!scn) { +- WARN_ELF("elf_getscn"); +- return -1; +- } +- +- if (!gelf_getshdr(scn, &sh)) { +- WARN_ELF("gelf_getshdr"); +- return -1; +- } +- +- name = elf_strptr(elf, shstrtab_idx, sh.sh_name); +- if (!name || !*name) { +- WARN_ELF("elf_strptr"); +- return -1; ++ if (GELF_ST_TYPE(sym.st_info) == STT_SECTION) { ++ scn = elf_getscn(elf, sym.st_shndx); ++ if (!scn) { ++ WARN_ELF("elf_getscn"); ++ return -1; ++ } ++ ++ if (!gelf_getshdr(scn, &sh)) { ++ WARN_ELF("gelf_getshdr"); ++ return -1; ++ } ++ ++ name = elf_strptr(elf, shstrtab_idx, sh.sh_name); ++ if (!name) { ++ WARN_ELF("elf_strptr"); ++ return -1; ++ } ++ } else { ++ name = elf_strptr(elf, strtab_idx, sym.st_name); ++ if (!name) { ++ WARN_ELF("elf_strptr"); ++ return -1; ++ } + } + + printf("%s+%llx:", name, (unsigned long long)rela.r_addend); +-- +2.20.1 + diff --git a/queue-4.14/of-unittest-kmemleak-on-changeset-destroy.patch b/queue-4.14/of-unittest-kmemleak-on-changeset-destroy.patch new file mode 100644 index 00000000000..c3070d537bb --- /dev/null +++ b/queue-4.14/of-unittest-kmemleak-on-changeset-destroy.patch @@ -0,0 +1,44 @@ +From 3cc24c9f756b3c6cf053671d0a108bc8736abe7e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Apr 2020 16:42:46 -0500 +Subject: of: unittest: kmemleak on changeset destroy + +From: Frank Rowand + +[ Upstream commit b3fb36ed694b05738d45218ea72cf7feb10ce2b1 ] + +kmemleak reports several memory leaks from devicetree unittest. +This is the fix for problem 1 of 5. + +of_unittest_changeset() reaches deeply into the dynamic devicetree +functions. Several nodes were left with an elevated reference +count and thus were not properly cleaned up. Fix the reference +counts so that the memory will be freed. + +Fixes: 201c910bd689 ("of: Transactional DT support.") +Reported-by: Erhard F. +Signed-off-by: Frank Rowand +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/unittest.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c +index 55c98f119df22..e7e6dd07f2150 100644 +--- a/drivers/of/unittest.c ++++ b/drivers/of/unittest.c +@@ -605,6 +605,10 @@ static void __init of_unittest_changeset(void) + unittest(!of_changeset_revert(&chgset), "revert failed\n"); + + of_changeset_destroy(&chgset); ++ ++ of_node_put(n1); ++ of_node_put(n2); ++ of_node_put(n21); + #endif + } + +-- +2.20.1 + diff --git a/queue-4.14/scsi-target-fix-pr-in-read-full-status-for-fc.patch b/queue-4.14/scsi-target-fix-pr-in-read-full-status-for-fc.patch new file mode 100644 index 00000000000..a6aa9deb7ed --- /dev/null +++ b/queue-4.14/scsi-target-fix-pr-in-read-full-status-for-fc.patch @@ -0,0 +1,41 @@ +From 66f05f862358294158d981abe6a9e3344a048119 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Apr 2020 15:26:10 +0200 +Subject: scsi: target: fix PR IN / READ FULL STATUS for FC + +From: Bodo Stroesser + +[ Upstream commit 8fed04eb79a74cbf471dfaa755900a51b37273ab ] + +Creation of the response to READ FULL STATUS fails for FC based +reservations. Reason is the too high loop limit (< 24) in +fc_get_pr_transport_id(). The string representation of FC WWPN is 23 chars +long only ("11:22:33:44:55:66:77:88"). So when i is 23, the loop body is +executed a last time for the ending '\0' of the string and thus hex2bin() +reports an error. + +Link: https://lore.kernel.org/r/20200408132610.14623-3-bstroesser@ts.fujitsu.com +Signed-off-by: Bodo Stroesser +Reviewed-by: Mike Christie +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_fabric_lib.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/target/target_core_fabric_lib.c b/drivers/target/target_core_fabric_lib.c +index 95aa47ac4dcd2..f8621fe673767 100644 +--- a/drivers/target/target_core_fabric_lib.c ++++ b/drivers/target/target_core_fabric_lib.c +@@ -76,7 +76,7 @@ static int fc_get_pr_transport_id( + * encoded TransportID. + */ + ptr = &se_nacl->initiatorname[0]; +- for (i = 0; i < 24; ) { ++ for (i = 0; i < 23; ) { + if (!strncmp(&ptr[i], ":", 1)) { + i++; + continue; +-- +2.20.1 + diff --git a/queue-4.14/series b/queue-4.14/series index fcb40ce69b9..832e22886e0 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -95,3 +95,16 @@ net-cxgb4-check-the-return-from-t4_query_params-properly.patch arm-dts-bcm283x-disable-dsi0-node.patch perf-core-fix-parent-pid-tid-in-task-exit-events.patch mm-shmem-disable-interrupt-when-acquiring-info-lock-in-userfaultfd_copy-path.patch +bpf-x86-fix-encoding-for-lower-8-bit-registers-in-bp.patch +x86-hyperv-report-value-of-misc_features.patch +xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch +scsi-target-fix-pr-in-read-full-status-for-fc.patch +objtool-fix-config_ubsan_trap-unreachable-warnings.patch +objtool-support-clang-non-section-symbols-in-orc-dum.patch +xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch +arm64-delete-the-space-separator-in-__emit_inst.patch +ext4-use-matching-invalidatepage-in-ext4_writepage.patch +ext4-increase-wait-time-needed-before-reuse-of-delet.patch +ext4-convert-bug_on-s-to-warn_on-s-in-mballoc.c.patch +of-unittest-kmemleak-on-changeset-destroy.patch +hwmon-jc42-fix-name-to-have-no-illegal-characters.patch diff --git a/queue-4.14/x86-hyperv-report-value-of-misc_features.patch b/queue-4.14/x86-hyperv-report-value-of-misc_features.patch new file mode 100644 index 00000000000..a512fbce9b6 --- /dev/null +++ b/queue-4.14/x86-hyperv-report-value-of-misc_features.patch @@ -0,0 +1,38 @@ +From 6b5f0fa9ed39832ceea89b9cce463ae0a8d6ad0e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Apr 2020 19:27:39 +0200 +Subject: x86: hyperv: report value of misc_features + +From: Olaf Hering + +[ Upstream commit 97d9f1c43bedd400301d6f1eff54d46e8c636e47 ] + +A few kernel features depend on ms_hyperv.misc_features, but unlike its +siblings ->features and ->hints, the value was never reported during boot. + +Signed-off-by: Olaf Hering +Link: https://lore.kernel.org/r/20200407172739.31371-1-olaf@aepfle.de +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/cpu/mshyperv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c +index c0201b11e9e2a..a6b323a3a6304 100644 +--- a/arch/x86/kernel/cpu/mshyperv.c ++++ b/arch/x86/kernel/cpu/mshyperv.c +@@ -178,8 +178,8 @@ static void __init ms_hyperv_init_platform(void) + ms_hyperv.misc_features = cpuid_edx(HYPERV_CPUID_FEATURES); + ms_hyperv.hints = cpuid_eax(HYPERV_CPUID_ENLIGHTMENT_INFO); + +- pr_info("Hyper-V: features 0x%x, hints 0x%x\n", +- ms_hyperv.features, ms_hyperv.hints); ++ pr_info("Hyper-V: features 0x%x, hints 0x%x, misc 0x%x\n", ++ ms_hyperv.features, ms_hyperv.hints, ms_hyperv.misc_features); + + ms_hyperv.max_vp_index = cpuid_eax(HVCPUID_IMPLEMENTATION_LIMITS); + ms_hyperv.max_lp_index = cpuid_ebx(HVCPUID_IMPLEMENTATION_LIMITS); +-- +2.20.1 + diff --git a/queue-4.14/xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch b/queue-4.14/xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch new file mode 100644 index 00000000000..8db636481f4 --- /dev/null +++ b/queue-4.14/xen-xenbus-ensure-xenbus_map_ring_valloc-returns-pro.patch @@ -0,0 +1,56 @@ +From bb3b49a2034547d397defd458b21af75595868a9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Mar 2020 09:03:58 +0100 +Subject: xen/xenbus: ensure xenbus_map_ring_valloc() returns proper grant + status + +From: Juergen Gross + +[ Upstream commit 6b51fd3f65a22e3d1471b18a1d56247e246edd46 ] + +xenbus_map_ring_valloc() maps a ring page and returns the status of the +used grant (0 meaning success). + +There are Xen hypervisors which might return the value 1 for the status +of a failed grant mapping due to a bug. Some callers of +xenbus_map_ring_valloc() test for errors by testing the returned status +to be less than zero, resulting in no error detected and crashing later +due to a not available ring page. + +Set the return value of xenbus_map_ring_valloc() to GNTST_general_error +in case the grant status reported by Xen is greater than zero. + +This is part of XSA-316. + +Signed-off-by: Juergen Gross +Reviewed-by: Wei Liu +Link: https://lore.kernel.org/r/20200326080358.1018-1-jgross@suse.com +Signed-off-by: Juergen Gross +Signed-off-by: Sasha Levin +--- + drivers/xen/xenbus/xenbus_client.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/xen/xenbus/xenbus_client.c b/drivers/xen/xenbus/xenbus_client.c +index a1c17000129ba..e94a61eaeceb0 100644 +--- a/drivers/xen/xenbus/xenbus_client.c ++++ b/drivers/xen/xenbus/xenbus_client.c +@@ -450,7 +450,14 @@ EXPORT_SYMBOL_GPL(xenbus_free_evtchn); + int xenbus_map_ring_valloc(struct xenbus_device *dev, grant_ref_t *gnt_refs, + unsigned int nr_grefs, void **vaddr) + { +- return ring_ops->map(dev, gnt_refs, nr_grefs, vaddr); ++ int err; ++ ++ err = ring_ops->map(dev, gnt_refs, nr_grefs, vaddr); ++ /* Some hypervisors are buggy and can return 1. */ ++ if (err > 0) ++ err = GNTST_general_error; ++ ++ return err; + } + EXPORT_SYMBOL_GPL(xenbus_map_ring_valloc); + +-- +2.20.1 + diff --git a/queue-4.14/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch b/queue-4.14/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch new file mode 100644 index 00000000000..cd8bc6ecc82 --- /dev/null +++ b/queue-4.14/xfs-fix-partially-uninitialized-structure-in-xfs_ref.patch @@ -0,0 +1,39 @@ +From 225a82600f15550379bca56873833af10e0a915f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 12 Apr 2020 13:11:11 -0700 +Subject: xfs: fix partially uninitialized structure in + xfs_reflink_remap_extent + +From: Darrick J. Wong + +[ Upstream commit c142932c29e533ee892f87b44d8abc5719edceec ] + +In the reflink extent remap function, it turns out that uirec (the block +mapping corresponding only to the part of the passed-in mapping that got +unmapped) was not fully initialized. Specifically, br_state was not +being copied from the passed-in struct to the uirec. This could lead to +unpredictable results such as the reflinked mapping being marked +unwritten in the destination file. + +Signed-off-by: Darrick J. Wong +Reviewed-by: Brian Foster +Signed-off-by: Sasha Levin +--- + fs/xfs/xfs_reflink.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/xfs/xfs_reflink.c b/fs/xfs/xfs_reflink.c +index 37e603bf15913..db7f9fdd20a30 100644 +--- a/fs/xfs/xfs_reflink.c ++++ b/fs/xfs/xfs_reflink.c +@@ -1125,6 +1125,7 @@ xfs_reflink_remap_extent( + uirec.br_startblock = irec->br_startblock + rlen; + uirec.br_startoff = irec->br_startoff + rlen; + uirec.br_blockcount = unmap_len - rlen; ++ uirec.br_state = irec->br_state; + unmap_len = rlen; + + /* If this isn't a real mapping, we're done. */ +-- +2.20.1 +