From: Greg Kroah-Hartman Date: Sun, 16 Jul 2023 09:23:53 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v6.1.39~88 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=efc73ddb3505c972f6558e5c39a896ed50a76f1a;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: bcache-remove-unnecessary-null-point-check-in-node-allocations.patch integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch mmc-core-disable-trim-on-kingston-emmc04g-m627.patch mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch --- diff --git a/queue-4.19/bcache-remove-unnecessary-null-point-check-in-node-allocations.patch b/queue-4.19/bcache-remove-unnecessary-null-point-check-in-node-allocations.patch new file mode 100644 index 00000000000..0fd0e40c180 --- /dev/null +++ b/queue-4.19/bcache-remove-unnecessary-null-point-check-in-node-allocations.patch @@ -0,0 +1,92 @@ +From 028ddcac477b691dd9205c92f991cc15259d033e Mon Sep 17 00:00:00 2001 +From: Zheng Wang +Date: Thu, 15 Jun 2023 20:12:21 +0800 +Subject: bcache: Remove unnecessary NULL point check in node allocations + +From: Zheng Wang + +commit 028ddcac477b691dd9205c92f991cc15259d033e upstream. + +Due to the previous fix of __bch_btree_node_alloc, the return value will +never be a NULL pointer. So IS_ERR is enough to handle the failure +situation. Fix it by replacing IS_ERR_OR_NULL check by an IS_ERR check. + +Fixes: cafe56359144 ("bcache: A block layer cache") +Cc: stable@vger.kernel.org +Signed-off-by: Zheng Wang +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20230615121223.22502-5-colyli@suse.de +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/bcache/btree.c | 10 +++++----- + drivers/md/bcache/super.c | 4 ++-- + 2 files changed, 7 insertions(+), 7 deletions(-) + +--- a/drivers/md/bcache/btree.c ++++ b/drivers/md/bcache/btree.c +@@ -1174,7 +1174,7 @@ static struct btree *btree_node_alloc_re + { + struct btree *n = bch_btree_node_alloc(b->c, op, b->level, b->parent); + +- if (!IS_ERR_OR_NULL(n)) { ++ if (!IS_ERR(n)) { + mutex_lock(&n->write_lock); + bch_btree_sort_into(&b->keys, &n->keys, &b->c->sort); + bkey_copy_key(&n->key, &b->key); +@@ -1377,7 +1377,7 @@ static int btree_gc_coalesce(struct btre + memset(new_nodes, 0, sizeof(new_nodes)); + closure_init_stack(&cl); + +- while (nodes < GC_MERGE_NODES && !IS_ERR_OR_NULL(r[nodes].b)) ++ while (nodes < GC_MERGE_NODES && !IS_ERR(r[nodes].b)) + keys += r[nodes++].keys; + + blocks = btree_default_blocks(b->c) * 2 / 3; +@@ -1389,7 +1389,7 @@ static int btree_gc_coalesce(struct btre + + for (i = 0; i < nodes; i++) { + new_nodes[i] = btree_node_alloc_replacement(r[i].b, NULL); +- if (IS_ERR_OR_NULL(new_nodes[i])) ++ if (IS_ERR(new_nodes[i])) + goto out_nocoalesce; + } + +@@ -1524,7 +1524,7 @@ out_nocoalesce: + atomic_dec(&b->c->prio_blocked); + + for (i = 0; i < nodes; i++) +- if (!IS_ERR_OR_NULL(new_nodes[i])) { ++ if (!IS_ERR(new_nodes[i])) { + btree_node_free(new_nodes[i]); + rw_unlock(true, new_nodes[i]); + } +@@ -1706,7 +1706,7 @@ static int bch_btree_gc_root(struct btre + if (should_rewrite) { + n = btree_node_alloc_replacement(b, NULL); + +- if (!IS_ERR_OR_NULL(n)) { ++ if (!IS_ERR(n)) { + bch_btree_node_write_sync(n); + + bch_btree_set_root(n); +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1576,7 +1576,7 @@ static void cache_set_flush(struct closu + if (!IS_ERR_OR_NULL(c->gc_thread)) + kthread_stop(c->gc_thread); + +- if (!IS_ERR_OR_NULL(c->root)) ++ if (!IS_ERR(c->root)) + list_add(&c->root->list, &c->btree_cache); + + /* Should skip this if we're unregistering because of an error */ +@@ -1921,7 +1921,7 @@ static int run_cache_set(struct cache_se + + err = "cannot allocate new btree root"; + c->root = __bch_btree_node_alloc(c, NULL, 0, true, NULL); +- if (IS_ERR_OR_NULL(c->root)) ++ if (IS_ERR(c->root)) + goto err; + + mutex_lock(&c->root->write_lock); diff --git a/queue-4.19/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch b/queue-4.19/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch new file mode 100644 index 00000000000..d9c79567954 --- /dev/null +++ b/queue-4.19/integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch @@ -0,0 +1,62 @@ +From 9df6a4870dc371136e90330cfbbc51464ee66993 Mon Sep 17 00:00:00 2001 +From: Tianjia Zhang +Date: Thu, 1 Jun 2023 14:42:44 +0800 +Subject: integrity: Fix possible multiple allocation in integrity_inode_get() + +From: Tianjia Zhang + +commit 9df6a4870dc371136e90330cfbbc51464ee66993 upstream. + +When integrity_inode_get() is querying and inserting the cache, there +is a conditional race in the concurrent environment. + +The race condition is the result of not properly implementing +"double-checked locking". In this case, it first checks to see if the +iint cache record exists before taking the lock, but doesn't check +again after taking the integrity_iint_lock. + +Fixes: bf2276d10ce5 ("ima: allocating iint improvements") +Signed-off-by: Tianjia Zhang +Cc: Dmitry Kasatkin +Cc: # v3.10+ +Signed-off-by: Mimi Zohar +Signed-off-by: Greg Kroah-Hartman +--- + security/integrity/iint.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +--- a/security/integrity/iint.c ++++ b/security/integrity/iint.c +@@ -46,12 +46,10 @@ static struct integrity_iint_cache *__in + else if (inode > iint->inode) + n = n->rb_right; + else +- break; ++ return iint; + } +- if (!n) +- return NULL; + +- return iint; ++ return NULL; + } + + /* +@@ -116,10 +114,15 @@ struct integrity_iint_cache *integrity_i + parent = *p; + test_iint = rb_entry(parent, struct integrity_iint_cache, + rb_node); +- if (inode < test_iint->inode) ++ if (inode < test_iint->inode) { + p = &(*p)->rb_left; +- else ++ } else if (inode > test_iint->inode) { + p = &(*p)->rb_right; ++ } else { ++ write_unlock(&integrity_iint_lock); ++ kmem_cache_free(iint_cache, iint); ++ return test_iint; ++ } + } + + iint->inode = inode; diff --git a/queue-4.19/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch b/queue-4.19/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch new file mode 100644 index 00000000000..7ffa2036cfa --- /dev/null +++ b/queue-4.19/jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch @@ -0,0 +1,128 @@ +From 1168f095417643f663caa341211e117db552989f Mon Sep 17 00:00:00 2001 +From: Fabian Frederick +Date: Sat, 6 May 2023 06:56:12 +0200 +Subject: jffs2: reduce stack usage in jffs2_build_xattr_subsystem() + +From: Fabian Frederick + +commit 1168f095417643f663caa341211e117db552989f upstream. + +Use kcalloc() for allocation/flush of 128 pointers table to +reduce stack usage. + +Function now returns -ENOMEM or 0 on success. + +stackusage +Before: +./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 1208 +dynamic,bounded + +After: +./fs/jffs2/xattr.c:775 jffs2_build_xattr_subsystem 192 +dynamic,bounded + +Also update definition when CONFIG_JFFS2_FS_XATTR is not enabled + +Tested with an MTD mount point and some user set/getfattr. + +Many current target on OpenWRT also suffer from a compilation warning +(that become an error with CONFIG_WERROR) with the following output: + +fs/jffs2/xattr.c: In function 'jffs2_build_xattr_subsystem': +fs/jffs2/xattr.c:887:1: error: the frame size of 1088 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] + 887 | } + | ^ + +Using dynamic allocation fix this compilation warning. + +Fixes: c9f700f840bd ("[JFFS2][XATTR] using 'delete marker' for xdatum/xref deletion") +Reported-by: Tim Gardner +Reported-by: kernel test robot +Reported-by: Ron Economos +Reported-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Fabian Frederick +Signed-off-by: Christian Marangi +Cc: stable@vger.kernel.org +Message-Id: <20230506045612.16616-1-ansuelsmth@gmail.com> +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + fs/jffs2/build.c | 5 ++++- + fs/jffs2/xattr.c | 13 +++++++++---- + fs/jffs2/xattr.h | 4 ++-- + 3 files changed, 15 insertions(+), 7 deletions(-) + +--- a/fs/jffs2/build.c ++++ b/fs/jffs2/build.c +@@ -211,7 +211,10 @@ static int jffs2_build_filesystem(struct + ic->scan_dents = NULL; + cond_resched(); + } +- jffs2_build_xattr_subsystem(c); ++ ret = jffs2_build_xattr_subsystem(c); ++ if (ret) ++ goto exit; ++ + c->flags &= ~JFFS2_SB_FLAG_BUILDING; + + dbg_fsbuild("FS build complete\n"); +--- a/fs/jffs2/xattr.c ++++ b/fs/jffs2/xattr.c +@@ -772,10 +772,10 @@ void jffs2_clear_xattr_subsystem(struct + } + + #define XREF_TMPHASH_SIZE (128) +-void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c) ++int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c) + { + struct jffs2_xattr_ref *ref, *_ref; +- struct jffs2_xattr_ref *xref_tmphash[XREF_TMPHASH_SIZE]; ++ struct jffs2_xattr_ref **xref_tmphash; + struct jffs2_xattr_datum *xd, *_xd; + struct jffs2_inode_cache *ic; + struct jffs2_raw_node_ref *raw; +@@ -784,9 +784,12 @@ void jffs2_build_xattr_subsystem(struct + + BUG_ON(!(c->flags & JFFS2_SB_FLAG_BUILDING)); + ++ xref_tmphash = kcalloc(XREF_TMPHASH_SIZE, ++ sizeof(struct jffs2_xattr_ref *), GFP_KERNEL); ++ if (!xref_tmphash) ++ return -ENOMEM; ++ + /* Phase.1 : Merge same xref */ +- for (i=0; i < XREF_TMPHASH_SIZE; i++) +- xref_tmphash[i] = NULL; + for (ref=c->xref_temp; ref; ref=_ref) { + struct jffs2_xattr_ref *tmp; + +@@ -884,6 +887,8 @@ void jffs2_build_xattr_subsystem(struct + "%u of xref (%u dead, %u orphan) found.\n", + xdatum_count, xdatum_unchecked_count, xdatum_orphan_count, + xref_count, xref_dead_count, xref_orphan_count); ++ kfree(xref_tmphash); ++ return 0; + } + + struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c, +--- a/fs/jffs2/xattr.h ++++ b/fs/jffs2/xattr.h +@@ -71,7 +71,7 @@ static inline int is_xattr_ref_dead(stru + #ifdef CONFIG_JFFS2_FS_XATTR + + extern void jffs2_init_xattr_subsystem(struct jffs2_sb_info *c); +-extern void jffs2_build_xattr_subsystem(struct jffs2_sb_info *c); ++extern int jffs2_build_xattr_subsystem(struct jffs2_sb_info *c); + extern void jffs2_clear_xattr_subsystem(struct jffs2_sb_info *c); + + extern struct jffs2_xattr_datum *jffs2_setup_xattr_datum(struct jffs2_sb_info *c, +@@ -103,7 +103,7 @@ extern ssize_t jffs2_listxattr(struct de + #else + + #define jffs2_init_xattr_subsystem(c) +-#define jffs2_build_xattr_subsystem(c) ++#define jffs2_build_xattr_subsystem(c) (0) + #define jffs2_clear_xattr_subsystem(c) + + #define jffs2_xattr_do_crccheck_inode(c, ic) diff --git a/queue-4.19/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch b/queue-4.19/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch new file mode 100644 index 00000000000..c77405ac358 --- /dev/null +++ b/queue-4.19/mmc-core-disable-trim-on-kingston-emmc04g-m627.patch @@ -0,0 +1,46 @@ +From f1738a1f816233e6dfc2407f24a31d596643fd90 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Mon, 19 Jun 2023 21:35:58 +0200 +Subject: mmc: core: disable TRIM on Kingston EMMC04G-M627 + +From: Robert Marko + +commit f1738a1f816233e6dfc2407f24a31d596643fd90 upstream. + +It seems that Kingston EMMC04G-M627 despite advertising TRIM support does +not work when the core is trying to use REQ_OP_WRITE_ZEROES. + +We are seeing I/O errors in OpenWrt under 6.1 on Zyxel NBG7815 that we did +not previously have and tracked it down to REQ_OP_WRITE_ZEROES. + +Trying to use fstrim seems to also throw errors like: +[93010.835112] I/O error, dev loop0, sector 16902 op 0x3:(DISCARD) flags 0x800 phys_seg 1 prio class 2 + +Disabling TRIM makes the error go away, so lets add a quirk for this eMMC +to disable TRIM. + +Signed-off-by: Robert Marko +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230619193621.437358-1-robimarko@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/quirks.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/mmc/core/quirks.h ++++ b/drivers/mmc/core/quirks.h +@@ -91,6 +91,13 @@ static const struct mmc_fixup mmc_blk_fi + MMC_QUIRK_SEC_ERASE_TRIM_BROKEN), + + /* ++ * Kingston EMMC04G-M627 advertises TRIM but it does not seems to ++ * support being used to offload WRITE_ZEROES. ++ */ ++ MMC_FIXUP("M62704", CID_MANFID_KINGSTON, 0x0100, add_quirk_mmc, ++ MMC_QUIRK_TRIM_BROKEN), ++ ++ /* + * On Some Kingston eMMCs, performing trim can result in + * unrecoverable data conrruption occasionally due to a firmware bug. + */ diff --git a/queue-4.19/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch b/queue-4.19/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch new file mode 100644 index 00000000000..6730eea968d --- /dev/null +++ b/queue-4.19/mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch @@ -0,0 +1,44 @@ +From dbfbddcddcebc9ce8a08757708d4e4a99d238e44 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Tue, 30 May 2023 23:32:59 +0200 +Subject: mmc: core: disable TRIM on Micron MTFC4GACAJCN-1M + +From: Robert Marko + +commit dbfbddcddcebc9ce8a08757708d4e4a99d238e44 upstream. + +It seems that Micron MTFC4GACAJCN-1M despite advertising TRIM support does +not work when the core is trying to use REQ_OP_WRITE_ZEROES. + +We are seeing the following errors in OpenWrt under 6.1 on Qnap Qhora 301W +that we did not previously have and tracked it down to REQ_OP_WRITE_ZEROES: +[ 18.085950] I/O error, dev loop0, sector 596 op 0x9:(WRITE_ZEROES) flags 0x800 phys_seg 0 prio class 2 + +Disabling TRIM makes the error go away, so lets add a quirk for this eMMC +to disable TRIM. + +Signed-off-by: Robert Marko +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230530213259.1776512-1-robimarko@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/quirks.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/drivers/mmc/core/quirks.h ++++ b/drivers/mmc/core/quirks.h +@@ -98,6 +98,13 @@ static const struct mmc_fixup mmc_blk_fi + MMC_QUIRK_TRIM_BROKEN), + + /* ++ * Micron MTFC4GACAJCN-1M advertises TRIM but it does not seems to ++ * support being used to offload WRITE_ZEROES. ++ */ ++ MMC_FIXUP("Q2J54A", CID_MANFID_MICRON, 0x014e, add_quirk_mmc, ++ MMC_QUIRK_TRIM_BROKEN), ++ ++ /* + * On Some Kingston eMMCs, performing trim can result in + * unrecoverable data conrruption occasionally due to a firmware bug. + */ diff --git a/queue-4.19/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch b/queue-4.19/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch new file mode 100644 index 00000000000..2b26b53577f --- /dev/null +++ b/queue-4.19/nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch @@ -0,0 +1,32 @@ +From 58f5d894006d82ed7335e1c37182fbc5f08c2f51 Mon Sep 17 00:00:00 2001 +From: Dai Ngo +Date: Tue, 6 Jun 2023 16:41:02 -0700 +Subject: NFSD: add encoding of op_recall flag for write delegation + +From: Dai Ngo + +commit 58f5d894006d82ed7335e1c37182fbc5f08c2f51 upstream. + +Modified nfsd4_encode_open to encode the op_recall flag properly +for OPEN result with write delegation granted. + +Signed-off-by: Dai Ngo +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4xdr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -3403,7 +3403,7 @@ nfsd4_encode_open(struct nfsd4_compoundr + p = xdr_reserve_space(xdr, 32); + if (!p) + return nfserr_resource; +- *p++ = cpu_to_be32(0); ++ *p++ = cpu_to_be32(open->op_recall); + + /* + * TODO: space_limit's in delegations diff --git a/queue-4.19/series b/queue-4.19/series index b43901372c8..830384a0fe2 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -111,3 +111,9 @@ sh-dma-fix-dma-channel-offset-calculation.patch i2c-xiic-defer-xiic_wakeup-and-__xiic_start_xfer-in-.patch i2c-xiic-don-t-try-to-handle-more-interrupt-events-a.patch alsa-jack-fix-mutex-call-in-snd_jack_report.patch +nfsd-add-encoding-of-op_recall-flag-for-write-delegation.patch +mmc-core-disable-trim-on-kingston-emmc04g-m627.patch +mmc-core-disable-trim-on-micron-mtfc4gacajcn-1m.patch +bcache-remove-unnecessary-null-point-check-in-node-allocations.patch +integrity-fix-possible-multiple-allocation-in-integrity_inode_get.patch +jffs2-reduce-stack-usage-in-jffs2_build_xattr_subsystem.patch