From: Sasha Levin Date: Wed, 14 Apr 2021 15:54:23 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v5.11.15~19 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e0f5ad1bb6658d2b6462ccb913a3f191e6f74038;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/block-only-update-parent-bi_status-when-bio-fail.patch b/queue-4.14/block-only-update-parent-bi_status-when-bio-fail.patch new file mode 100644 index 00000000000..2ae87957ba0 --- /dev/null +++ b/queue-4.14/block-only-update-parent-bi_status-when-bio-fail.patch @@ -0,0 +1,79 @@ +From 627ded0522bd040f20ae105b85d03f3d42c84f35 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Mar 2021 07:53:59 -0400 +Subject: block: only update parent bi_status when bio fail + +From: Yufen Yu + +[ Upstream commit 3edf5346e4f2ce2fa0c94651a90a8dda169565ee ] + +For multiple split bios, if one of the bio is fail, the whole +should return error to application. But we found there is a race +between bio_integrity_verify_fn and bio complete, which return +io success to application after one of the bio fail. The race as +following: + +split bio(READ) kworker + +nvme_complete_rq +blk_update_request //split error=0 + bio_endio + bio_integrity_endio + queue_work(kintegrityd_wq, &bip->bip_work); + + bio_integrity_verify_fn + bio_endio //split bio + __bio_chain_endio + if (!parent->bi_status) + + + nvme_irq + blk_update_request //parent error=7 + req_bio_endio + bio->bi_status = 7 //parent bio + + + parent->bi_status = 0 + parent->bi_end_io() // return bi_status=0 + +The bio has been split as two: split and parent. When split +bio completed, it depends on kworker to do endio, while +bio_integrity_verify_fn have been interrupted by parent bio +complete irq handler. Then, parent bio->bi_status which have +been set in irq handler will overwrite by kworker. + +In fact, even without the above race, we also need to conside +the concurrency beteen mulitple split bio complete and update +the same parent bi_status. Normally, multiple split bios will +be issued to the same hctx and complete from the same irq +vector. But if we have updated queue map between multiple split +bios, these bios may complete on different hw queue and different +irq vector. Then the concurrency update parent bi_status may +cause the final status error. + +Suggested-by: Keith Busch +Signed-off-by: Yufen Yu +Reviewed-by: Ming Lei +Link: https://lore.kernel.org/r/20210331115359.1125679-1-yuyufen@huawei.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/bio.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/bio.c b/block/bio.c +index 1384f9790882..30df1b45dde8 100644 +--- a/block/bio.c ++++ b/block/bio.c +@@ -312,7 +312,7 @@ static struct bio *__bio_chain_endio(struct bio *bio) + { + struct bio *parent = bio->bi_private; + +- if (!parent->bi_status) ++ if (bio->bi_status && !parent->bi_status) + parent->bi_status = bio->bi_status; + bio_put(bio); + return parent; +-- +2.30.2 + diff --git a/queue-4.14/drm-imx-imx-ldb-fix-out-of-bounds-array-access-warni.patch b/queue-4.14/drm-imx-imx-ldb-fix-out-of-bounds-array-access-warni.patch new file mode 100644 index 00000000000..3c0abee3205 --- /dev/null +++ b/queue-4.14/drm-imx-imx-ldb-fix-out-of-bounds-array-access-warni.patch @@ -0,0 +1,62 @@ +From 876fcab13e15ffeeb75c15d631ae14e20c378edb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 17:47:41 +0100 +Subject: drm/imx: imx-ldb: fix out of bounds array access warning + +From: Arnd Bergmann + +[ Upstream commit 33ce7f2f95cabb5834cf0906308a5cb6103976da ] + +When CONFIG_OF is disabled, building with 'make W=1' produces warnings +about out of bounds array access: + +drivers/gpu/drm/imx/imx-ldb.c: In function 'imx_ldb_set_clock.constprop': +drivers/gpu/drm/imx/imx-ldb.c:186:8: error: array subscript -22 is below array bounds of 'struct clk *[4]' [-Werror=array-bounds] + +Add an error check before the index is used, which helps with the +warning, as well as any possible other error condition that may be +triggered at runtime. + +The warning could be fixed by adding a Kconfig depedency on CONFIG_OF, +but Liu Ying points out that the driver may hit the out-of-bounds +problem at runtime anyway. + +Signed-off-by: Arnd Bergmann +Reviewed-by: Liu Ying +Signed-off-by: Philipp Zabel +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/imx/imx-ldb.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/gpu/drm/imx/imx-ldb.c b/drivers/gpu/drm/imx/imx-ldb.c +index d38648a7ef2d..d88ac6f2222a 100644 +--- a/drivers/gpu/drm/imx/imx-ldb.c ++++ b/drivers/gpu/drm/imx/imx-ldb.c +@@ -206,6 +206,11 @@ static void imx_ldb_encoder_enable(struct drm_encoder *encoder) + int dual = ldb->ldb_ctrl & LDB_SPLIT_MODE_EN; + int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder); + ++ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { ++ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); ++ return; ++ } ++ + drm_panel_prepare(imx_ldb_ch->panel); + + if (dual) { +@@ -264,6 +269,11 @@ imx_ldb_encoder_atomic_mode_set(struct drm_encoder *encoder, + int mux = drm_of_encoder_active_port_id(imx_ldb_ch->child, encoder); + u32 bus_format = imx_ldb_ch->bus_format; + ++ if (mux < 0 || mux >= ARRAY_SIZE(ldb->clk_sel)) { ++ dev_warn(ldb->dev, "%s: invalid mux %d\n", __func__, mux); ++ return; ++ } ++ + if (mode->clock > 170000) { + dev_warn(ldb->dev, + "%s: mode exceeds 170 MHz pixel clock\n", __func__); +-- +2.30.2 + diff --git a/queue-4.14/gfs2-report-already-frozen-thawed-errors.patch b/queue-4.14/gfs2-report-already-frozen-thawed-errors.patch new file mode 100644 index 00000000000..fefcfb0b79d --- /dev/null +++ b/queue-4.14/gfs2-report-already-frozen-thawed-errors.patch @@ -0,0 +1,61 @@ +From b8217a0e23a9b6f0d70b5cbb0a27522e0f32de64 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 08:51:13 -0400 +Subject: gfs2: report "already frozen/thawed" errors + +From: Bob Peterson + +[ Upstream commit ff132c5f93c06bd4432bbab5c369e468653bdec4 ] + +Before this patch, gfs2's freeze function failed to report an error +when the target file system was already frozen as it should (and as +generic vfs function freeze_super does. Similarly, gfs2's thaw function +failed to report an error when trying to thaw a file system that is not +frozen, as vfs function thaw_super does. The errors were checked, but +it always returned a 0 return code. + +This patch adds the missing error return codes to gfs2 freeze and thaw. + +Signed-off-by: Bob Peterson +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Sasha Levin +--- + fs/gfs2/super.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/fs/gfs2/super.c b/fs/gfs2/super.c +index bcf95ec1bc31..56bfed0a5873 100644 +--- a/fs/gfs2/super.c ++++ b/fs/gfs2/super.c +@@ -989,11 +989,13 @@ void gfs2_freeze_func(struct work_struct *work) + static int gfs2_freeze(struct super_block *sb) + { + struct gfs2_sbd *sdp = sb->s_fs_info; +- int error = 0; ++ int error; + + mutex_lock(&sdp->sd_freeze_mutex); +- if (atomic_read(&sdp->sd_freeze_state) != SFS_UNFROZEN) ++ if (atomic_read(&sdp->sd_freeze_state) != SFS_UNFROZEN) { ++ error = -EBUSY; + goto out; ++ } + + if (test_bit(SDF_SHUTDOWN, &sdp->sd_flags)) { + error = -EINVAL; +@@ -1035,10 +1037,10 @@ static int gfs2_unfreeze(struct super_block *sb) + struct gfs2_sbd *sdp = sb->s_fs_info; + + mutex_lock(&sdp->sd_freeze_mutex); +- if (atomic_read(&sdp->sd_freeze_state) != SFS_FROZEN || ++ if (atomic_read(&sdp->sd_freeze_state) != SFS_FROZEN || + !gfs2_holder_initialized(&sdp->sd_freeze_gh)) { + mutex_unlock(&sdp->sd_freeze_mutex); +- return 0; ++ return -EINVAL; + } + + gfs2_glock_dq_uninit(&sdp->sd_freeze_gh); +-- +2.30.2 + diff --git a/queue-4.14/kvm-arm64-disable-guest-access-to-trace-filter-contr.patch b/queue-4.14/kvm-arm64-disable-guest-access-to-trace-filter-contr.patch new file mode 100644 index 00000000000..9cebff2da29 --- /dev/null +++ b/queue-4.14/kvm-arm64-disable-guest-access-to-trace-filter-contr.patch @@ -0,0 +1,65 @@ +From c8037c5b0f309b7ed6a9ad1b784e9746c3a83e7a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 12:06:30 +0000 +Subject: KVM: arm64: Disable guest access to trace filter controls + +From: Suzuki K Poulose + +[ Upstream commit a354a64d91eec3e0f8ef0eed575b480fd75b999c ] + +Disable guest access to the Trace Filter control registers. +We do not advertise the Trace filter feature to the guest +(ID_AA64DFR0_EL1: TRACE_FILT is cleared) already, but the guest +can still access the TRFCR_EL1 unless we trap it. + +This will also make sure that the guest cannot fiddle with +the filtering controls set by a nvhe host. + +Cc: Marc Zyngier +Cc: Will Deacon +Cc: Mark Rutland +Cc: Catalin Marinas +Signed-off-by: Suzuki K Poulose +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20210323120647.454211-3-suzuki.poulose@arm.com +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/kvm_arm.h | 1 + + arch/arm64/kvm/debug.c | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/arch/arm64/include/asm/kvm_arm.h b/arch/arm64/include/asm/kvm_arm.h +index f88611e241f0..72ed11292df3 100644 +--- a/arch/arm64/include/asm/kvm_arm.h ++++ b/arch/arm64/include/asm/kvm_arm.h +@@ -191,6 +191,7 @@ + #define CPTR_EL2_DEFAULT 0x000033ff + + /* Hyp Debug Configuration Register bits */ ++#define MDCR_EL2_TTRF (1 << 19) + #define MDCR_EL2_TPMS (1 << 14) + #define MDCR_EL2_E2PB_MASK (UL(0x3)) + #define MDCR_EL2_E2PB_SHIFT (UL(12)) +diff --git a/arch/arm64/kvm/debug.c b/arch/arm64/kvm/debug.c +index dbadfaf850a7..2da4f45ab0bb 100644 +--- a/arch/arm64/kvm/debug.c ++++ b/arch/arm64/kvm/debug.c +@@ -96,6 +96,7 @@ void kvm_arm_reset_debug_ptr(struct kvm_vcpu *vcpu) + * - Debug ROM Address (MDCR_EL2_TDRA) + * - OS related registers (MDCR_EL2_TDOSA) + * - Statistical profiler (MDCR_EL2_TPMS/MDCR_EL2_E2PB) ++ * - Self-hosted Trace Filter controls (MDCR_EL2_TTRF) + * + * Additionally, KVM only traps guest accesses to the debug registers if + * the guest is not actively using them (see the KVM_ARM64_DEBUG_DIRTY +@@ -118,6 +119,7 @@ void kvm_arm_setup_debug(struct kvm_vcpu *vcpu) + vcpu->arch.mdcr_el2 = __this_cpu_read(mdcr_el2) & MDCR_EL2_HPMN_MASK; + vcpu->arch.mdcr_el2 |= (MDCR_EL2_TPM | + MDCR_EL2_TPMS | ++ MDCR_EL2_TTRF | + MDCR_EL2_TPMCR | + MDCR_EL2_TDRA | + MDCR_EL2_TDOSA); +-- +2.30.2 + diff --git a/queue-4.14/kvm-arm64-hide-system-instruction-access-to-trace-re.patch b/queue-4.14/kvm-arm64-hide-system-instruction-access-to-trace-re.patch new file mode 100644 index 00000000000..aa1a8de293e --- /dev/null +++ b/queue-4.14/kvm-arm64-hide-system-instruction-access-to-trace-re.patch @@ -0,0 +1,48 @@ +From 10a5e395b9f7cdda7f321e8b8780d83db811bb9b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 12:06:29 +0000 +Subject: KVM: arm64: Hide system instruction access to Trace registers + +From: Suzuki K Poulose + +[ Upstream commit 1d676673d665fd2162e7e466dcfbe5373bfdb73e ] + +Currently we advertise the ID_AA6DFR0_EL1.TRACEVER for the guest, +when the trace register accesses are trapped (CPTR_EL2.TTA == 1). +So, the guest will get an undefined instruction, if trusts the +ID registers and access one of the trace registers. +Lets be nice to the guest and hide the feature to avoid +unexpected behavior. + +Even though this can be done at KVM sysreg emulation layer, +we do this by removing the TRACEVER from the sanitised feature +register field. This is fine as long as the ETM drivers +can handle the individual trace units separately, even +when there are differences among the CPUs. + +Cc: Will Deacon +Cc: Catalin Marinas +Cc: Mark Rutland +Signed-off-by: Suzuki K Poulose +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20210323120647.454211-2-suzuki.poulose@arm.com +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/cpufeature.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c +index 174aa12fb8b1..1481e18aa5ca 100644 +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -230,7 +230,6 @@ static const struct arm64_ftr_bits ftr_id_aa64dfr0[] = { + * of support. + */ + S_ARM64_FTR_BITS(FTR_HIDDEN, FTR_NONSTRICT, FTR_EXACT, ID_AA64DFR0_PMUVER_SHIFT, 4, 0), +- ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64DFR0_TRACEVER_SHIFT, 4, 0), + ARM64_FTR_BITS(FTR_HIDDEN, FTR_STRICT, FTR_EXACT, ID_AA64DFR0_DEBUGVER_SHIFT, 4, 0x6), + ARM64_FTR_END, + }; +-- +2.30.2 + diff --git a/queue-4.14/net-phy-broadcom-only-advertise-eee-for-supported-mo.patch b/queue-4.14/net-phy-broadcom-only-advertise-eee-for-supported-mo.patch new file mode 100644 index 00000000000..b663dccc365 --- /dev/null +++ b/queue-4.14/net-phy-broadcom-only-advertise-eee-for-supported-mo.patch @@ -0,0 +1,55 @@ +From 7a23002d948e3ecb40455cf66280428ed870c8c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Apr 2021 16:31:01 -0700 +Subject: net: phy: broadcom: Only advertise EEE for supported modes + +From: Florian Fainelli + +commit c056d480b40a68f2520ccc156c7fae672d69d57d upstream + +We should not be advertising EEE for modes that we do not support, +correct that oversight by looking at the PHY device supported linkmodes. + +Fixes: 99cec8a4dda2 ("net: phy: broadcom: Allow enabling or disabling of EEE") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Florian Fainelli +Signed-off-by: Sasha Levin +--- + drivers/net/phy/bcm-phy-lib.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/phy/bcm-phy-lib.c b/drivers/net/phy/bcm-phy-lib.c +index d5e0833d69b9..66e4ef8ed345 100644 +--- a/drivers/net/phy/bcm-phy-lib.c ++++ b/drivers/net/phy/bcm-phy-lib.c +@@ -198,7 +198,7 @@ EXPORT_SYMBOL_GPL(bcm_phy_enable_apd); + + int bcm_phy_set_eee(struct phy_device *phydev, bool enable) + { +- int val; ++ int val, mask = 0; + + /* Enable EEE at PHY level */ + val = phy_read_mmd(phydev, MDIO_MMD_AN, BRCM_CL45VEN_EEE_CONTROL); +@@ -217,10 +217,15 @@ int bcm_phy_set_eee(struct phy_device *phydev, bool enable) + if (val < 0) + return val; + ++ if (phydev->supported & SUPPORTED_1000baseT_Full) ++ mask |= MDIO_EEE_1000T; ++ if (phydev->supported & SUPPORTED_100baseT_Full) ++ mask |= MDIO_EEE_100TX; ++ + if (enable) +- val |= (MDIO_EEE_100TX | MDIO_EEE_1000T); ++ val |= mask; + else +- val &= ~(MDIO_EEE_100TX | MDIO_EEE_1000T); ++ val &= ~mask; + + phy_write_mmd(phydev, MDIO_MMD_AN, BCM_CL45VEN_EEE_ADV, (u32)val); + +-- +2.30.2 + diff --git a/queue-4.14/series b/queue-4.14/series index e91d938c7b3..49fa993a084 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -57,3 +57,9 @@ net-ieee802154-forbid-monitor-for-set-llsec-params.patch net-ieee802154-forbid-monitor-for-del-llsec-seclevel.patch net-ieee802154-stop-dump-llsec-params-for-monitors.patch revert-cifs-set-cifs_mount_use_prefix_path-flag-on-setting-cifs_sb-prepath.patch +kvm-arm64-hide-system-instruction-access-to-trace-re.patch +kvm-arm64-disable-guest-access-to-trace-filter-contr.patch +drm-imx-imx-ldb-fix-out-of-bounds-array-access-warni.patch +gfs2-report-already-frozen-thawed-errors.patch +block-only-update-parent-bi_status-when-bio-fail.patch +net-phy-broadcom-only-advertise-eee-for-supported-mo.patch