From: Greg Kroah-Hartman Date: Mon, 26 Jul 2021 09:08:01 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v4.4.277~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cdded29f4359a5a131af9fd2016854df9f4f5456;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: drm-return-enotty-for-non-drm-ioctls.patch hugetlbfs-fix-mount-mode-command-line-processing.patch nds32-fix-up-stack-guard-gap.patch rbd-always-kick-acquire-on-acquired-and-released-notifications.patch rbd-don-t-hold-lock_rwsem-while-running_list-is-being-drained.patch --- diff --git a/queue-5.4/drm-return-enotty-for-non-drm-ioctls.patch b/queue-5.4/drm-return-enotty-for-non-drm-ioctls.patch new file mode 100644 index 00000000000..764acb0101a --- /dev/null +++ b/queue-5.4/drm-return-enotty-for-non-drm-ioctls.patch @@ -0,0 +1,56 @@ +From 3abab27c322e0f2acf981595aa8040c9164dc9fb Mon Sep 17 00:00:00 2001 +From: Charles Baylis +Date: Fri, 16 Jul 2021 17:43:12 +0100 +Subject: drm: Return -ENOTTY for non-drm ioctls + +From: Charles Baylis + +commit 3abab27c322e0f2acf981595aa8040c9164dc9fb upstream. + +drm: Return -ENOTTY for non-drm ioctls + +Return -ENOTTY from drm_ioctl() when userspace passes in a cmd number +which doesn't relate to the drm subsystem. + +Glibc uses the TCGETS ioctl to implement isatty(), and without this +change isatty() returns it incorrectly returns true for drm devices. + +To test run this command: +$ if [ -t 0 ]; then echo is a tty; fi < /dev/dri/card0 +which shows "is a tty" without this patch. + +This may also modify memory which the userspace application is not +expecting. + +Signed-off-by: Charles Baylis +Cc: stable@vger.kernel.org +Signed-off-by: Daniel Vetter +Link: https://patchwork.freedesktop.org/patch/msgid/YPG3IBlzaMhfPqCr@stando.fishzet.co.uk +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_ioctl.c | 3 +++ + include/drm/drm_ioctl.h | 1 + + 2 files changed, 4 insertions(+) + +--- a/drivers/gpu/drm/drm_ioctl.c ++++ b/drivers/gpu/drm/drm_ioctl.c +@@ -826,6 +826,9 @@ long drm_ioctl(struct file *filp, + if (drm_dev_is_unplugged(dev)) + return -ENODEV; + ++ if (DRM_IOCTL_TYPE(cmd) != DRM_IOCTL_BASE) ++ return -ENOTTY; ++ + is_driver_ioctl = nr >= DRM_COMMAND_BASE && nr < DRM_COMMAND_END; + + if (is_driver_ioctl) { +--- a/include/drm/drm_ioctl.h ++++ b/include/drm/drm_ioctl.h +@@ -68,6 +68,7 @@ typedef int drm_ioctl_compat_t(struct fi + unsigned long arg); + + #define DRM_IOCTL_NR(n) _IOC_NR(n) ++#define DRM_IOCTL_TYPE(n) _IOC_TYPE(n) + #define DRM_MAJOR 226 + + /** diff --git a/queue-5.4/hugetlbfs-fix-mount-mode-command-line-processing.patch b/queue-5.4/hugetlbfs-fix-mount-mode-command-line-processing.patch new file mode 100644 index 00000000000..bb3f49594cc --- /dev/null +++ b/queue-5.4/hugetlbfs-fix-mount-mode-command-line-processing.patch @@ -0,0 +1,43 @@ +From e0f7e2b2f7e7864238a4eea05cc77ae1be2bf784 Mon Sep 17 00:00:00 2001 +From: Mike Kravetz +Date: Fri, 23 Jul 2021 15:50:44 -0700 +Subject: hugetlbfs: fix mount mode command line processing + +From: Mike Kravetz + +commit e0f7e2b2f7e7864238a4eea05cc77ae1be2bf784 upstream. + +In commit 32021982a324 ("hugetlbfs: Convert to fs_context") processing +of the mount mode string was changed from match_octal() to fsparam_u32. + +This changed existing behavior as match_octal does not require octal +values to have a '0' prefix, but fsparam_u32 does. + +Use fsparam_u32oct which provides the same behavior as match_octal. + +Link: https://lkml.kernel.org/r/20210721183326.102716-1-mike.kravetz@oracle.com +Fixes: 32021982a324 ("hugetlbfs: Convert to fs_context") +Signed-off-by: Mike Kravetz +Reported-by: Dennis Camera +Reviewed-by: Matthew Wilcox (Oracle) +Cc: David Howells +Cc: Al Viro +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/hugetlbfs/inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/hugetlbfs/inode.c ++++ b/fs/hugetlbfs/inode.c +@@ -76,7 +76,7 @@ enum hugetlb_param { + static const struct fs_parameter_spec hugetlb_param_specs[] = { + fsparam_u32 ("gid", Opt_gid), + fsparam_string("min_size", Opt_min_size), +- fsparam_u32 ("mode", Opt_mode), ++ fsparam_u32oct("mode", Opt_mode), + fsparam_string("nr_inodes", Opt_nr_inodes), + fsparam_string("pagesize", Opt_pagesize), + fsparam_string("size", Opt_size), diff --git a/queue-5.4/nds32-fix-up-stack-guard-gap.patch b/queue-5.4/nds32-fix-up-stack-guard-gap.patch new file mode 100644 index 00000000000..e373002b395 --- /dev/null +++ b/queue-5.4/nds32-fix-up-stack-guard-gap.patch @@ -0,0 +1,42 @@ +From c453db6cd96418c79702eaf38259002755ab23ff Mon Sep 17 00:00:00 2001 +From: Greg Kroah-Hartman +Date: Tue, 29 Jun 2021 12:40:24 +0200 +Subject: nds32: fix up stack guard gap + +From: Greg Kroah-Hartman + +commit c453db6cd96418c79702eaf38259002755ab23ff upstream. + +Commit 1be7107fbe18 ("mm: larger stack guard gap, between vmas") fixed +up all architectures to deal with the stack guard gap. But when nds32 +was added to the tree, it forgot to do the same thing. + +Resolve this by properly fixing up the nsd32's version of +arch_get_unmapped_area() + +Cc: Nick Hu +Cc: Greentime Hu +Cc: Vincent Chen +Cc: Michal Hocko +Cc: Hugh Dickins +Cc: Qiang Liu +Cc: stable +Reported-by: iLifetruth +Acked-by: Hugh Dickins +Link: https://lore.kernel.org/r/20210629104024.2293615-1-gregkh@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/nds32/mm/mmap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nds32/mm/mmap.c ++++ b/arch/nds32/mm/mmap.c +@@ -59,7 +59,7 @@ arch_get_unmapped_area(struct file *filp + + vma = find_vma(mm, addr); + if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ (!vma || addr + len <= vm_start_gap(vma))) + return addr; + } + diff --git a/queue-5.4/rbd-always-kick-acquire-on-acquired-and-released-notifications.patch b/queue-5.4/rbd-always-kick-acquire-on-acquired-and-released-notifications.patch new file mode 100644 index 00000000000..17686665213 --- /dev/null +++ b/queue-5.4/rbd-always-kick-acquire-on-acquired-and-released-notifications.patch @@ -0,0 +1,71 @@ +From 8798d070d416d18a75770fc19787e96705073f43 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Sat, 3 Jul 2021 11:56:55 +0200 +Subject: rbd: always kick acquire on "acquired" and "released" notifications + +From: Ilya Dryomov + +commit 8798d070d416d18a75770fc19787e96705073f43 upstream. + +Skipping the "lock has been released" notification if the lock owner +is not what we expect based on owner_cid can lead to I/O hangs. +One example is our own notifications: because owner_cid is cleared +in rbd_unlock(), when we get our own notification it is processed as +unexpected/duplicate and maybe_kick_acquire() isn't called. If a peer +that requested the lock then doesn't go through with acquiring it, +I/O requests that came in while the lock was being quiesced would +be stalled until another I/O request is submitted and kicks acquire +from rbd_img_exclusive_lock(). + +This makes the comment in rbd_release_lock() actually true: prior to +this change the canceled work was being requeued in response to the +"lock has been acquired" notification from rbd_handle_acquired_lock(). + +Cc: stable@vger.kernel.org # 5.3+ +Signed-off-by: Ilya Dryomov +Tested-by: Robin Geuze +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/rbd.c | 20 +++++++------------- + 1 file changed, 7 insertions(+), 13 deletions(-) + +--- a/drivers/block/rbd.c ++++ b/drivers/block/rbd.c +@@ -4340,15 +4340,11 @@ static void rbd_handle_acquired_lock(str + if (!rbd_cid_equal(&cid, &rbd_empty_cid)) { + down_write(&rbd_dev->lock_rwsem); + if (rbd_cid_equal(&cid, &rbd_dev->owner_cid)) { +- /* +- * we already know that the remote client is +- * the owner +- */ +- up_write(&rbd_dev->lock_rwsem); +- return; ++ dout("%s rbd_dev %p cid %llu-%llu == owner_cid\n", ++ __func__, rbd_dev, cid.gid, cid.handle); ++ } else { ++ rbd_set_owner_cid(rbd_dev, &cid); + } +- +- rbd_set_owner_cid(rbd_dev, &cid); + downgrade_write(&rbd_dev->lock_rwsem); + } else { + down_read(&rbd_dev->lock_rwsem); +@@ -4373,14 +4369,12 @@ static void rbd_handle_released_lock(str + if (!rbd_cid_equal(&cid, &rbd_empty_cid)) { + down_write(&rbd_dev->lock_rwsem); + if (!rbd_cid_equal(&cid, &rbd_dev->owner_cid)) { +- dout("%s rbd_dev %p unexpected owner, cid %llu-%llu != owner_cid %llu-%llu\n", ++ dout("%s rbd_dev %p cid %llu-%llu != owner_cid %llu-%llu\n", + __func__, rbd_dev, cid.gid, cid.handle, + rbd_dev->owner_cid.gid, rbd_dev->owner_cid.handle); +- up_write(&rbd_dev->lock_rwsem); +- return; ++ } else { ++ rbd_set_owner_cid(rbd_dev, &rbd_empty_cid); + } +- +- rbd_set_owner_cid(rbd_dev, &rbd_empty_cid); + downgrade_write(&rbd_dev->lock_rwsem); + } else { + down_read(&rbd_dev->lock_rwsem); diff --git a/queue-5.4/rbd-don-t-hold-lock_rwsem-while-running_list-is-being-drained.patch b/queue-5.4/rbd-don-t-hold-lock_rwsem-while-running_list-is-being-drained.patch new file mode 100644 index 00000000000..cd0679f8a0e --- /dev/null +++ b/queue-5.4/rbd-don-t-hold-lock_rwsem-while-running_list-is-being-drained.patch @@ -0,0 +1,75 @@ +From ed9eb71085ecb7ded9a5118cec2ab70667cc7350 Mon Sep 17 00:00:00 2001 +From: Ilya Dryomov +Date: Sat, 3 Jul 2021 11:31:26 +0200 +Subject: rbd: don't hold lock_rwsem while running_list is being drained + +From: Ilya Dryomov + +commit ed9eb71085ecb7ded9a5118cec2ab70667cc7350 upstream. + +Currently rbd_quiesce_lock() holds lock_rwsem for read while blocking +on releasing_wait completion. On the I/O completion side, each image +request also needs to take lock_rwsem for read. Because rw_semaphore +implementation doesn't allow new readers after a writer has indicated +interest in the lock, this can result in a deadlock if something that +needs to take lock_rwsem for write gets involved. For example: + +1. watch error occurs +2. rbd_watch_errcb() takes lock_rwsem for write, clears owner_cid and + releases lock_rwsem +3. after reestablishing the watch, rbd_reregister_watch() takes + lock_rwsem for write and calls rbd_reacquire_lock() +4. rbd_quiesce_lock() downgrades lock_rwsem to for read and blocks on + releasing_wait until running_list becomes empty +5. another watch error occurs +6. rbd_watch_errcb() blocks trying to take lock_rwsem for write +7. no in-flight image request can complete and delete itself from + running_list because lock_rwsem won't be granted anymore + +A similar scenario can occur with "lock has been acquired" and "lock +has been released" notification handers which also take lock_rwsem for +write to update owner_cid. + +We don't actually get anything useful from sitting on lock_rwsem in +rbd_quiesce_lock() -- owner_cid updates certainly don't need to be +synchronized with. In fact the whole owner_cid tracking logic could +probably be removed from the kernel client because we don't support +proxied maintenance operations. + +Cc: stable@vger.kernel.org # 5.3+ +URL: https://tracker.ceph.com/issues/42757 +Signed-off-by: Ilya Dryomov +Tested-by: Robin Geuze +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/rbd.c | 12 +++++------- + 1 file changed, 5 insertions(+), 7 deletions(-) + +--- a/drivers/block/rbd.c ++++ b/drivers/block/rbd.c +@@ -4239,8 +4239,6 @@ again: + + static bool rbd_quiesce_lock(struct rbd_device *rbd_dev) + { +- bool need_wait; +- + dout("%s rbd_dev %p\n", __func__, rbd_dev); + lockdep_assert_held_write(&rbd_dev->lock_rwsem); + +@@ -4252,11 +4250,11 @@ static bool rbd_quiesce_lock(struct rbd_ + */ + rbd_dev->lock_state = RBD_LOCK_STATE_RELEASING; + rbd_assert(!completion_done(&rbd_dev->releasing_wait)); +- need_wait = !list_empty(&rbd_dev->running_list); +- downgrade_write(&rbd_dev->lock_rwsem); +- if (need_wait) +- wait_for_completion(&rbd_dev->releasing_wait); +- up_read(&rbd_dev->lock_rwsem); ++ if (list_empty(&rbd_dev->running_list)) ++ return true; ++ ++ up_write(&rbd_dev->lock_rwsem); ++ wait_for_completion(&rbd_dev->releasing_wait); + + down_write(&rbd_dev->lock_rwsem); + if (rbd_dev->lock_state != RBD_LOCK_STATE_RELEASING) diff --git a/queue-5.4/series b/queue-5.4/series index 5a72f71c8c3..4d9454bbc73 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -94,3 +94,8 @@ media-ngene-fix-out-of-bounds-bug-in-ngene_command_config_free_buf.patch ixgbe-fix-packet-corruption-due-to-missing-dma-sync.patch selftest-use-mmap-instead-of-posix_memalign-to-allocate-memory.patch userfaultfd-do-not-untag-user-pointers.patch +hugetlbfs-fix-mount-mode-command-line-processing.patch +rbd-don-t-hold-lock_rwsem-while-running_list-is-being-drained.patch +rbd-always-kick-acquire-on-acquired-and-released-notifications.patch +nds32-fix-up-stack-guard-gap.patch +drm-return-enotty-for-non-drm-ioctls.patch