From: Greg Kroah-Hartman Date: Wed, 4 Oct 2023 16:04:12 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v6.5.6~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=efccfa5e67a961cefe50113599ffe900050f21a8;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: ata-libata-core-fix-ata_port_request_pm-locking.patch ata-libata-core-fix-port-and-device-removal.patch ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch btrfs-properly-report-0-avail-for-very-full-file-systems.patch fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch --- diff --git a/queue-4.14/ata-libata-core-fix-ata_port_request_pm-locking.patch b/queue-4.14/ata-libata-core-fix-ata_port_request_pm-locking.patch new file mode 100644 index 00000000000..4cc51cfcd61 --- /dev/null +++ b/queue-4.14/ata-libata-core-fix-ata_port_request_pm-locking.patch @@ -0,0 +1,75 @@ +From 3b8e0af4a7a331d1510e963b8fd77e2fca0a77f1 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Mon, 4 Sep 2023 20:38:13 +0900 +Subject: ata: libata-core: Fix ata_port_request_pm() locking + +From: Damien Le Moal + +commit 3b8e0af4a7a331d1510e963b8fd77e2fca0a77f1 upstream. + +The function ata_port_request_pm() checks the port flag +ATA_PFLAG_PM_PENDING and calls ata_port_wait_eh() if this flag is set to +ensure that power management operations for a port are not scheduled +simultaneously. However, this flag check is done without holding the +port lock. + +Fix this by taking the port lock on entry to the function and checking +the flag under this lock. The lock is released and re-taken if +ata_port_wait_eh() needs to be called. The two WARN_ON() macros checking +that the ATA_PFLAG_PM_PENDING flag was cleared are removed as the first +call is racy and the second one done without holding the port lock. + +Fixes: 5ef41082912b ("ata: add ata port system PM callbacks") +Cc: stable@vger.kernel.org +Signed-off-by: Damien Le Moal +Reviewed-by: Hannes Reinecke +Tested-by: Chia-Lin Kao (AceLan) +Reviewed-by: Niklas Cassel +Tested-by: Geert Uytterhoeven +Reviewed-by: Martin K. Petersen +Reviewed-by: Bart Van Assche +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -5708,17 +5708,19 @@ static void ata_port_request_pm(struct a + struct ata_link *link; + unsigned long flags; + +- /* Previous resume operation might still be in +- * progress. Wait for PM_PENDING to clear. ++ spin_lock_irqsave(ap->lock, flags); ++ ++ /* ++ * A previous PM operation might still be in progress. Wait for ++ * ATA_PFLAG_PM_PENDING to clear. + */ + if (ap->pflags & ATA_PFLAG_PM_PENDING) { ++ spin_unlock_irqrestore(ap->lock, flags); + ata_port_wait_eh(ap); +- WARN_ON(ap->pflags & ATA_PFLAG_PM_PENDING); ++ spin_lock_irqsave(ap->lock, flags); + } + +- /* request PM ops to EH */ +- spin_lock_irqsave(ap->lock, flags); +- ++ /* Request PM operation to EH */ + ap->pm_mesg = mesg; + ap->pflags |= ATA_PFLAG_PM_PENDING; + ata_for_each_link(link, ap, HOST_FIRST) { +@@ -5730,10 +5732,8 @@ static void ata_port_request_pm(struct a + + spin_unlock_irqrestore(ap->lock, flags); + +- if (!async) { ++ if (!async) + ata_port_wait_eh(ap); +- WARN_ON(ap->pflags & ATA_PFLAG_PM_PENDING); +- } + } + + /* diff --git a/queue-4.14/ata-libata-core-fix-port-and-device-removal.patch b/queue-4.14/ata-libata-core-fix-port-and-device-removal.patch new file mode 100644 index 00000000000..538309ffebf --- /dev/null +++ b/queue-4.14/ata-libata-core-fix-port-and-device-removal.patch @@ -0,0 +1,81 @@ +From 84d76529c650f887f1e18caee72d6f0589e1baf9 Mon Sep 17 00:00:00 2001 +From: Damien Le Moal +Date: Sat, 26 Aug 2023 13:07:36 +0900 +Subject: ata: libata-core: Fix port and device removal + +From: Damien Le Moal + +commit 84d76529c650f887f1e18caee72d6f0589e1baf9 upstream. + +Whenever an ATA adapter driver is removed (e.g. rmmod), +ata_port_detach() is called repeatedly for all the adapter ports to +remove (unload) the devices attached to the port and delete the port +device itself. Removing of devices is done using libata EH with the +ATA_PFLAG_UNLOADING port flag set. This causes libata EH to execute +ata_eh_unload() which disables all devices attached to the port. + +ata_port_detach() finishes by calling scsi_remove_host() to remove the +scsi host associated with the port. This function will trigger the +removal of all scsi devices attached to the host and in the case of +disks, calls to sd_shutdown() which will flush the device write cache +and stop the device. However, given that the devices were already +disabled by ata_eh_unload(), the synchronize write cache command and +start stop unit commands fail. E.g. running "rmmod ahci" with first +removing sd_mod results in error messages like: + +ata13.00: disable device +sd 0:0:0:0: [sda] Synchronizing SCSI cache +sd 0:0:0:0: [sda] Synchronize Cache(10) failed: Result: hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK +sd 0:0:0:0: [sda] Stopping disk +sd 0:0:0:0: [sda] Start/Stop Unit failed: Result: hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK + +Fix this by removing all scsi devices of the ata devices connected to +the port before scheduling libata EH to disable the ATA devices. + +Fixes: 720ba12620ee ("[PATCH] libata-hp: update unload-unplug") +Cc: stable@vger.kernel.org +Signed-off-by: Damien Le Moal +Reviewed-by: Hannes Reinecke +Reviewed-by: Niklas Cassel +Tested-by: Chia-Lin Kao (AceLan) +Tested-by: Geert Uytterhoeven +Reviewed-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ata/libata-core.c | 21 ++++++++++++++++++++- + 1 file changed, 20 insertions(+), 1 deletion(-) + +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -6672,11 +6672,30 @@ static void ata_port_detach(struct ata_p + if (!ap->ops->error_handler) + goto skip_eh; + +- /* tell EH we're leaving & flush EH */ ++ /* Wait for any ongoing EH */ ++ ata_port_wait_eh(ap); ++ ++ mutex_lock(&ap->scsi_scan_mutex); + spin_lock_irqsave(ap->lock, flags); ++ ++ /* Remove scsi devices */ ++ ata_for_each_link(link, ap, HOST_FIRST) { ++ ata_for_each_dev(dev, link, ALL) { ++ if (dev->sdev) { ++ spin_unlock_irqrestore(ap->lock, flags); ++ scsi_remove_device(dev->sdev); ++ spin_lock_irqsave(ap->lock, flags); ++ dev->sdev = NULL; ++ } ++ } ++ } ++ ++ /* Tell EH to disable all devices */ + ap->pflags |= ATA_PFLAG_UNLOADING; + ata_port_schedule_eh(ap); ++ + spin_unlock_irqrestore(ap->lock, flags); ++ mutex_unlock(&ap->scsi_scan_mutex); + + /* wait till EH commits suicide */ + ata_port_wait_eh(ap); diff --git a/queue-4.14/ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch b/queue-4.14/ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch new file mode 100644 index 00000000000..4a4971dd322 --- /dev/null +++ b/queue-4.14/ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch @@ -0,0 +1,50 @@ +From 753a4d531bc518633ea88ac0ed02b25a16823d51 Mon Sep 17 00:00:00 2001 +From: Matthias Schiffer +Date: Fri, 22 Sep 2023 22:55:16 +0200 +Subject: ata: libata-sata: increase PMP SRST timeout to 10s + +From: Matthias Schiffer + +commit 753a4d531bc518633ea88ac0ed02b25a16823d51 upstream. + +On certain SATA controllers, softreset fails after wakeup from S2RAM with +the message "softreset failed (1st FIS failed)", sometimes resulting in +drives not being detected again. With the increased timeout, this issue +is avoided. Instead, "softreset failed (device not ready)" is now +logged 1-2 times; this later failure seems to cause fewer problems +however, and the drives are detected reliably once they've spun up and +the probe is retried. + +The issue was observed with the primary SATA controller of the QNAP +TS-453B, which is an "Intel Corporation Celeron/Pentium Silver Processor +SATA Controller [8086:31e3] (rev 06)" integrated in the Celeron J4125 CPU, +and the following drives: + +- Seagate IronWolf ST12000VN0008 +- Seagate IronWolf ST8000NE0004 + +The SATA controller seems to be more relevant to this issue than the +drives, as the same drives are always detected reliably on the secondary +SATA controller on the same board (an ASMedia 106x) without any "softreset +failed" errors even without the increased timeout. + +Fixes: e7d3ef13d52a ("libata: change drive ready wait after hard reset to 5s") +Cc: stable@vger.kernel.org +Signed-off-by: Matthias Schiffer +Signed-off-by: Damien Le Moal +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/libata.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/linux/libata.h ++++ b/include/linux/libata.h +@@ -312,7 +312,7 @@ enum { + * advised to wait only for the following duration before + * doing SRST. + */ +- ATA_TMOUT_PMP_SRST_WAIT = 5000, ++ ATA_TMOUT_PMP_SRST_WAIT = 10000, + + /* When the LPM policy is set to ATA_LPM_MAX_POWER, there might + * be a spurious PHY event, so ignore the first PHY event that diff --git a/queue-4.14/btrfs-properly-report-0-avail-for-very-full-file-systems.patch b/queue-4.14/btrfs-properly-report-0-avail-for-very-full-file-systems.patch new file mode 100644 index 00000000000..290123580d1 --- /dev/null +++ b/queue-4.14/btrfs-properly-report-0-avail-for-very-full-file-systems.patch @@ -0,0 +1,43 @@ +From 58bfe2ccec5f9f137b41dd38f335290dcc13cd5c Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Mon, 18 Sep 2023 10:34:51 -0400 +Subject: btrfs: properly report 0 avail for very full file systems + +From: Josef Bacik + +commit 58bfe2ccec5f9f137b41dd38f335290dcc13cd5c upstream. + +A user reported some issues with smaller file systems that get very +full. While investigating this issue I noticed that df wasn't showing +100% full, despite having 0 chunk space and having < 1MiB of available +metadata space. + +This turns out to be an overflow issue, we're doing: + + total_available_metadata_space - SZ_4M < global_block_rsv_size + +to determine if there's not enough space to make metadata allocations, +which overflows if total_available_metadata_space is < 4M. Fix this by +checking to see if our available space is greater than the 4M threshold. +This makes df properly report 100% usage on the file system. + +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -2138,7 +2138,7 @@ static int btrfs_statfs(struct dentry *d + * calculated f_bavail. + */ + if (!mixed && block_rsv->space_info->full && +- total_free_meta - thresh < block_rsv->size) ++ (total_free_meta < thresh || total_free_meta - thresh < block_rsv->size)) + buf->f_bavail = 0; + + buf->f_type = BTRFS_SUPER_MAGIC; diff --git a/queue-4.14/fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch b/queue-4.14/fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch new file mode 100644 index 00000000000..2bdb71a7115 --- /dev/null +++ b/queue-4.14/fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch @@ -0,0 +1,63 @@ +From 7c3151585730b7095287be8162b846d31e6eee61 Mon Sep 17 00:00:00 2001 +From: Greg Ungerer +Date: Thu, 7 Sep 2023 11:18:08 +1000 +Subject: fs: binfmt_elf_efpic: fix personality for ELF-FDPIC + +From: Greg Ungerer + +commit 7c3151585730b7095287be8162b846d31e6eee61 upstream. + +The elf-fdpic loader hard sets the process personality to either +PER_LINUX_FDPIC for true elf-fdpic binaries or to PER_LINUX for normal ELF +binaries (in this case they would be constant displacement compiled with +-pie for example). The problem with that is that it will lose any other +bits that may be in the ELF header personality (such as the "bug +emulation" bits). + +On the ARM architecture the ADDR_LIMIT_32BIT flag is used to signify a +normal 32bit binary - as opposed to a legacy 26bit address binary. This +matters since start_thread() will set the ARM CPSR register as required +based on this flag. If the elf-fdpic loader loses this bit the process +will be mis-configured and crash out pretty quickly. + +Modify elf-fdpic loader personality setting so that it preserves the upper +three bytes by using the SET_PERSONALITY macro to set it. This macro in +the generic case sets PER_LINUX and preserves the upper bytes. +Architectures can override this for their specific use case, and ARM does +exactly this. + +The problem shows up quite easily running under qemu using the ARM +architecture, but not necessarily on all types of real ARM hardware. If +the underlying ARM processor does not support the legacy 26-bit addressing +mode then everything will work as expected. + +Link: https://lkml.kernel.org/r/20230907011808.2985083-1-gerg@kernel.org +Fixes: 1bde925d23547 ("fs/binfmt_elf_fdpic.c: provide NOMMU loader for regular ELF binaries") +Signed-off-by: Greg Ungerer +Cc: Al Viro +Cc: Christian Brauner +Cc: Eric W. Biederman +Cc: Greg Ungerer +Cc: Kees Cook +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/binfmt_elf_fdpic.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/fs/binfmt_elf_fdpic.c ++++ b/fs/binfmt_elf_fdpic.c +@@ -349,10 +349,9 @@ static int load_elf_fdpic_binary(struct + /* there's now no turning back... the old userspace image is dead, + * defunct, deceased, etc. + */ ++ SET_PERSONALITY(exec_params.hdr); + if (elf_check_fdpic(&exec_params.hdr)) +- set_personality(PER_LINUX_FDPIC); +- else +- set_personality(PER_LINUX); ++ current->personality |= PER_LINUX_FDPIC; + if (elf_read_implies_exec(&exec_params.hdr, executable_stack)) + current->personality |= READ_IMPLIES_EXEC; + diff --git a/queue-4.14/series b/queue-4.14/series index 1d780702442..476681d3d29 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -23,3 +23,8 @@ serial-8250_port-check-irq-data-before-use.patch nilfs2-fix-potential-use-after-free-in-nilfs_gccache_submit_read_data.patch ata-libata-scsi-ignore-reserved-bits-for-report-supported-operation-codes.patch i2c-i801-unregister-tco_pdev-in-i801_probe-error-path.patch +btrfs-properly-report-0-avail-for-very-full-file-systems.patch +ata-libata-core-fix-ata_port_request_pm-locking.patch +ata-libata-core-fix-port-and-device-removal.patch +ata-libata-sata-increase-pmp-srst-timeout-to-10s.patch +fs-binfmt_elf_efpic-fix-personality-for-elf-fdpic.patch