From 0dbdfaf4de98f1a7bd5641de98fc03539cb71cee Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 14 Apr 2020 14:26:53 +0200 Subject: [PATCH] 5.5-stable patches added patches: cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch irqchip-versatile-fpga-apply-clear-mask-earlier.patch mips-octeon-irq-fix-potential-null-pointer-dereference.patch mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch pstore-pstore_ftrace_seq_next-should-increase-position-index.patch rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch --- ...eup_pending-for-disable_nonboot_cpus.patch | 77 +++++++++++ ...sanity-checks-to-interrupt-injection.patch | 43 ++++++ ...it_nofile-check-in-file-registration.patch | 38 ++++++ ...satile-fpga-apply-clear-mask-earlier.patch | 52 ++++++++ ...x-potential-null-pointer-dereference.patch | 38 ++++++ ...dir-usage-in-setup_pw-for-loongson-3.patch | 55 ++++++++ ...es-dt-property-in-genpd-when-parsing.patch | 41 ++++++ ..._sysfs_remove-if-device-is-not-there.patch | 37 ++++++ ..._next-should-increase-position-index.patch | 81 ++++++++++++ ...rier-account-for-offline-no-cbs-cpus.patch | 122 ++++++++++++++++++ ...-tegra-specific-set_timeout-callback.patch | 91 +++++++++++++ queue-5.5/series | 11 ++ 12 files changed, 686 insertions(+) create mode 100644 queue-5.5/cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch create mode 100644 queue-5.5/genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch create mode 100644 queue-5.5/io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch create mode 100644 queue-5.5/irqchip-versatile-fpga-apply-clear-mask-earlier.patch create mode 100644 queue-5.5/mips-octeon-irq-fix-potential-null-pointer-dereference.patch create mode 100644 queue-5.5/mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch create mode 100644 queue-5.5/pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch create mode 100644 queue-5.5/pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch create mode 100644 queue-5.5/pstore-pstore_ftrace_seq_next-should-increase-position-index.patch create mode 100644 queue-5.5/rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch create mode 100644 queue-5.5/sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch diff --git a/queue-5.5/cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch b/queue-5.5/cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch new file mode 100644 index 00000000000..6b4c05880f4 --- /dev/null +++ b/queue-5.5/cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch @@ -0,0 +1,77 @@ +From e98eac6ff1b45e4e73f2e6031b37c256ccb5d36b Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 27 Mar 2020 12:06:44 +0100 +Subject: cpu/hotplug: Ignore pm_wakeup_pending() for disable_nonboot_cpus() + +From: Thomas Gleixner + +commit e98eac6ff1b45e4e73f2e6031b37c256ccb5d36b upstream. + +A recent change to freeze_secondary_cpus() which added an early abort if a +wakeup is pending missed the fact that the function is also invoked for +shutdown, reboot and kexec via disable_nonboot_cpus(). + +In case of disable_nonboot_cpus() the wakeup event needs to be ignored as +the purpose is to terminate the currently running kernel. + +Add a 'suspend' argument which is only set when the freeze is in context of +a suspend operation. If not set then an eventually pending wakeup event is +ignored. + +Fixes: a66d955e910a ("cpu/hotplug: Abort disabling secondary CPUs if wakeup is pending") +Reported-by: Boqun Feng +Signed-off-by: Thomas Gleixner +Cc: Pavankumar Kondeti +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/874kuaxdiz.fsf@nanos.tec.linutronix.de +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/cpu.h | 12 +++++++++--- + kernel/cpu.c | 4 ++-- + 2 files changed, 11 insertions(+), 5 deletions(-) + +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -138,12 +138,18 @@ static inline void get_online_cpus(void) + static inline void put_online_cpus(void) { cpus_read_unlock(); } + + #ifdef CONFIG_PM_SLEEP_SMP +-extern int freeze_secondary_cpus(int primary); ++int __freeze_secondary_cpus(int primary, bool suspend); ++static inline int freeze_secondary_cpus(int primary) ++{ ++ return __freeze_secondary_cpus(primary, true); ++} ++ + static inline int disable_nonboot_cpus(void) + { +- return freeze_secondary_cpus(0); ++ return __freeze_secondary_cpus(0, false); + } +-extern void enable_nonboot_cpus(void); ++ ++void enable_nonboot_cpus(void); + + static inline int suspend_disable_secondary_cpus(void) + { +--- a/kernel/cpu.c ++++ b/kernel/cpu.c +@@ -1212,7 +1212,7 @@ EXPORT_SYMBOL_GPL(cpu_up); + #ifdef CONFIG_PM_SLEEP_SMP + static cpumask_var_t frozen_cpus; + +-int freeze_secondary_cpus(int primary) ++int __freeze_secondary_cpus(int primary, bool suspend) + { + int cpu, error = 0; + +@@ -1237,7 +1237,7 @@ int freeze_secondary_cpus(int primary) + if (cpu == primary) + continue; + +- if (pm_wakeup_pending()) { ++ if (suspend && pm_wakeup_pending()) { + pr_info("Wakeup pending. Abort CPU freeze\n"); + error = -EBUSY; + break; diff --git a/queue-5.5/genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch b/queue-5.5/genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch new file mode 100644 index 00000000000..c3c22bfaab4 --- /dev/null +++ b/queue-5.5/genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch @@ -0,0 +1,43 @@ +From a740a423c36932695b01a3e920f697bc55b05fec Mon Sep 17 00:00:00 2001 +From: Thomas Gleixner +Date: Fri, 6 Mar 2020 14:03:42 +0100 +Subject: genirq/debugfs: Add missing sanity checks to interrupt injection + +From: Thomas Gleixner + +commit a740a423c36932695b01a3e920f697bc55b05fec upstream. + +Interrupts cannot be injected when the interrupt is not activated and when +a replay is already in progress. + +Fixes: 536e2e34bd00 ("genirq/debugfs: Triggering of interrupts from userspace") +Signed-off-by: Thomas Gleixner +Acked-by: Marc Zyngier +Cc: stable@vger.kernel.org +Link: https://lkml.kernel.org/r/20200306130623.500019114@linutronix.de +Signed-off-by: Greg Kroah-Hartman + +--- + kernel/irq/debugfs.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/kernel/irq/debugfs.c ++++ b/kernel/irq/debugfs.c +@@ -206,8 +206,15 @@ static ssize_t irq_debug_write(struct fi + chip_bus_lock(desc); + raw_spin_lock_irqsave(&desc->lock, flags); + +- if (irq_settings_is_level(desc) || desc->istate & IRQS_NMI) { +- /* Can't do level nor NMIs, sorry */ ++ /* ++ * Don't allow injection when the interrupt is: ++ * - Level or NMI type ++ * - not activated ++ * - replaying already ++ */ ++ if (irq_settings_is_level(desc) || ++ !irqd_is_activated(&desc->irq_data) || ++ (desc->istate & (IRQS_NMI | IRQS_REPLAY))) { + err = -EINVAL; + } else { + desc->istate |= IRQS_PENDING; diff --git a/queue-5.5/io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch b/queue-5.5/io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch new file mode 100644 index 00000000000..802c18eb210 --- /dev/null +++ b/queue-5.5/io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch @@ -0,0 +1,38 @@ +From c336e992cb1cb1db9ee608dfb30342ae781057ab Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Fri, 3 Apr 2020 13:54:26 -0600 +Subject: io_uring: remove bogus RLIMIT_NOFILE check in file registration + +From: Jens Axboe + +commit c336e992cb1cb1db9ee608dfb30342ae781057ab upstream. + +We already checked this limit when the file was opened, and we keep it +open in the file table. Hence when we added unit_inflight to the count +we want to register, we're doubly accounting these files. This results +in -EMFILE for file registration, if we're at half the limit. + +Cc: stable@vger.kernel.org # v5.1+ +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 7 ------- + 1 file changed, 7 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -4162,13 +4162,6 @@ static int __io_sqe_files_scm(struct io_ + struct sk_buff *skb; + int i, nr_files; + +- if (!capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN)) { +- unsigned long inflight = ctx->user->unix_inflight + nr; +- +- if (inflight > task_rlimit(current, RLIMIT_NOFILE)) +- return -EMFILE; +- } +- + fpl = kzalloc(sizeof(*fpl), GFP_KERNEL); + if (!fpl) + return -ENOMEM; diff --git a/queue-5.5/irqchip-versatile-fpga-apply-clear-mask-earlier.patch b/queue-5.5/irqchip-versatile-fpga-apply-clear-mask-earlier.patch new file mode 100644 index 00000000000..1e2a7dc9d2f --- /dev/null +++ b/queue-5.5/irqchip-versatile-fpga-apply-clear-mask-earlier.patch @@ -0,0 +1,52 @@ +From 6a214a28132f19ace3d835a6d8f6422ec80ad200 Mon Sep 17 00:00:00 2001 +From: Sungbo Eo +Date: Sat, 21 Mar 2020 22:38:42 +0900 +Subject: irqchip/versatile-fpga: Apply clear-mask earlier + +From: Sungbo Eo + +commit 6a214a28132f19ace3d835a6d8f6422ec80ad200 upstream. + +Clear its own IRQs before the parent IRQ get enabled, so that the +remaining IRQs do not accidentally interrupt the parent IRQ controller. + +This patch also fixes a reboot bug on OX820 SoC, where the remaining +rps-timer IRQ raises a GIC interrupt that is left pending. After that, +the rps-timer IRQ is cleared during driver initialization, and there's +no IRQ left in rps-irq when local_irq_enable() is called, which evokes +an error message "unexpected IRQ trap". + +Fixes: bdd272cbb97a ("irqchip: versatile FPGA: support cascaded interrupts from DT") +Signed-off-by: Sungbo Eo +Signed-off-by: Marc Zyngier +Reviewed-by: Linus Walleij +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200321133842.2408823-1-mans0n@gorani.run +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/irqchip/irq-versatile-fpga.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/irqchip/irq-versatile-fpga.c ++++ b/drivers/irqchip/irq-versatile-fpga.c +@@ -212,6 +212,9 @@ int __init fpga_irq_of_init(struct devic + if (of_property_read_u32(node, "valid-mask", &valid_mask)) + valid_mask = 0; + ++ writel(clear_mask, base + IRQ_ENABLE_CLEAR); ++ writel(clear_mask, base + FIQ_ENABLE_CLEAR); ++ + /* Some chips are cascaded from a parent IRQ */ + parent_irq = irq_of_parse_and_map(node, 0); + if (!parent_irq) { +@@ -221,9 +224,6 @@ int __init fpga_irq_of_init(struct devic + + fpga_irq_init(base, node->name, 0, parent_irq, valid_mask, node); + +- writel(clear_mask, base + IRQ_ENABLE_CLEAR); +- writel(clear_mask, base + FIQ_ENABLE_CLEAR); +- + /* + * On Versatile AB/PB, some secondary interrupts have a direct + * pass-thru to the primary controller for IRQs 20 and 22-31 which need diff --git a/queue-5.5/mips-octeon-irq-fix-potential-null-pointer-dereference.patch b/queue-5.5/mips-octeon-irq-fix-potential-null-pointer-dereference.patch new file mode 100644 index 00000000000..acf1b431ad9 --- /dev/null +++ b/queue-5.5/mips-octeon-irq-fix-potential-null-pointer-dereference.patch @@ -0,0 +1,38 @@ +From 792a402c2840054533ef56279c212ef6da87d811 Mon Sep 17 00:00:00 2001 +From: "Gustavo A. R. Silva" +Date: Tue, 22 Jan 2019 14:18:42 -0600 +Subject: MIPS: OCTEON: irq: Fix potential NULL pointer dereference + +From: Gustavo A. R. Silva + +commit 792a402c2840054533ef56279c212ef6da87d811 upstream. + +There is a potential NULL pointer dereference in case kzalloc() +fails and returns NULL. + +Fix this by adding a NULL check on *cd* + +This bug was detected with the help of Coccinelle. + +Fixes: 64b139f97c01 ("MIPS: OCTEON: irq: add CIB and other fixes") +Cc: stable@vger.kernel.org +Signed-off-by: Gustavo A. R. Silva +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/cavium-octeon/octeon-irq.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/mips/cavium-octeon/octeon-irq.c ++++ b/arch/mips/cavium-octeon/octeon-irq.c +@@ -2199,6 +2199,9 @@ static int octeon_irq_cib_map(struct irq + } + + cd = kzalloc(sizeof(*cd), GFP_KERNEL); ++ if (!cd) ++ return -ENOMEM; ++ + cd->host_data = host_data; + cd->bit = hw; + diff --git a/queue-5.5/mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch b/queue-5.5/mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch new file mode 100644 index 00000000000..10b24d63f24 --- /dev/null +++ b/queue-5.5/mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch @@ -0,0 +1,55 @@ +From d191aaffe3687d1e73e644c185f5f0550ec242b5 Mon Sep 17 00:00:00 2001 +From: Huacai Chen +Date: Wed, 25 Mar 2020 11:44:54 +0800 +Subject: MIPS/tlbex: Fix LDDIR usage in setup_pw() for Loongson-3 + +From: Huacai Chen + +commit d191aaffe3687d1e73e644c185f5f0550ec242b5 upstream. + +LDDIR/LDPTE is Loongson-3's acceleration for Page Table Walking. If BD +(Base Directory, the 4th page directory) is not enabled, then GDOffset +is biased by BadVAddr[63:62]. So, if GDOffset (aka. BadVAddr[47:36] for +Loongson-3) is big enough, "0b11(BadVAddr[63:62])|BadVAddr[47:36]|...." +can far beyond pg_swapper_dir. This means the pg_swapper_dir may NOT be +accessed by LDDIR correctly, so fix it by set PWDirExt in CP0_PWCtl. + +Cc: +Signed-off-by: Pei Huang +Signed-off-by: Huacai Chen +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Greg Kroah-Hartman + +--- + arch/mips/mm/tlbex.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/arch/mips/mm/tlbex.c ++++ b/arch/mips/mm/tlbex.c +@@ -1480,6 +1480,7 @@ static void build_r4000_tlb_refill_handl + + static void setup_pw(void) + { ++ unsigned int pwctl; + unsigned long pgd_i, pgd_w; + #ifndef __PAGETABLE_PMD_FOLDED + unsigned long pmd_i, pmd_w; +@@ -1506,6 +1507,7 @@ static void setup_pw(void) + + pte_i = ilog2(_PAGE_GLOBAL); + pte_w = 0; ++ pwctl = 1 << 30; /* Set PWDirExt */ + + #ifndef __PAGETABLE_PMD_FOLDED + write_c0_pwfield(pgd_i << 24 | pmd_i << 12 | pt_i << 6 | pte_i); +@@ -1516,8 +1518,9 @@ static void setup_pw(void) + #endif + + #ifdef CONFIG_MIPS_HUGE_TLB_SUPPORT +- write_c0_pwctl(1 << 6 | psn); ++ pwctl |= (1 << 6 | psn); + #endif ++ write_c0_pwctl(pwctl); + write_c0_kpgd((long)swapper_pg_dir); + kscratch_used_mask |= (1 << 7); /* KScratch6 is used for KPGD */ + } diff --git a/queue-5.5/pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch b/queue-5.5/pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch new file mode 100644 index 00000000000..63262315ceb --- /dev/null +++ b/queue-5.5/pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch @@ -0,0 +1,41 @@ +From 56cb26891ea4180121265dc6b596015772c4a4b8 Mon Sep 17 00:00:00 2001 +From: Ulf Hansson +Date: Tue, 10 Mar 2020 11:40:23 +0100 +Subject: PM / Domains: Allow no domain-idle-states DT property in genpd when parsing + +From: Ulf Hansson + +commit 56cb26891ea4180121265dc6b596015772c4a4b8 upstream. + +Commit 2c361684803e ("PM / Domains: Don't treat zero found compatible idle +states as an error"), moved of_genpd_parse_idle_states() towards allowing +none compatible idle state to be found for the device node, rather than +returning an error code. + +However, it didn't consider that the "domain-idle-states" DT property may +be missing as it's optional, which makes of_count_phandle_with_args() to +return -ENOENT. Let's fix this to make the behaviour consistent. + +Fixes: 2c361684803e ("PM / Domains: Don't treat zero found compatible idle states as an error") +Reported-by: Benjamin Gaignard +Cc: 4.20+ # 4.20+ +Reviewed-by: Sudeep Holla +Signed-off-by: Ulf Hansson +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/domain.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/base/power/domain.c ++++ b/drivers/base/power/domain.c +@@ -2615,7 +2615,7 @@ static int genpd_iterate_idle_states(str + + ret = of_count_phandle_with_args(dn, "domain-idle-states", NULL); + if (ret <= 0) +- return ret; ++ return ret == -ENOENT ? 0 : ret; + + /* Loop over the phandles until all the requested entry is found */ + of_for_each_phandle(&it, ret, dn, "domain-idle-states", NULL, 0) { diff --git a/queue-5.5/pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch b/queue-5.5/pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch new file mode 100644 index 00000000000..87992f0a85e --- /dev/null +++ b/queue-5.5/pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch @@ -0,0 +1,37 @@ +From 87de6594dc45dbf6819f3e0ef92f9331c5a9444c Mon Sep 17 00:00:00 2001 +From: Neeraj Upadhyay +Date: Mon, 23 Mar 2020 10:38:51 +0530 +Subject: PM: sleep: wakeup: Skip wakeup_source_sysfs_remove() if device is not there + +From: Neeraj Upadhyay + +commit 87de6594dc45dbf6819f3e0ef92f9331c5a9444c upstream. + +Skip wakeup_source_sysfs_remove() to fix a NULL pinter dereference via +ws->dev, if the wakeup source is unregistered before registering the +wakeup class from device_add(). + +Fixes: 2ca3d1ecb8c4 ("PM / wakeup: Register wakeup class kobj after device is added") +Signed-off-by: Neeraj Upadhyay +Cc: 5.4+ # 5.4+ +[ rjw: Subject & changelog, white space ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/base/power/wakeup.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/base/power/wakeup.c ++++ b/drivers/base/power/wakeup.c +@@ -241,7 +241,9 @@ void wakeup_source_unregister(struct wak + { + if (ws) { + wakeup_source_remove(ws); +- wakeup_source_sysfs_remove(ws); ++ if (ws->dev) ++ wakeup_source_sysfs_remove(ws); ++ + wakeup_source_destroy(ws); + } + } diff --git a/queue-5.5/pstore-pstore_ftrace_seq_next-should-increase-position-index.patch b/queue-5.5/pstore-pstore_ftrace_seq_next-should-increase-position-index.patch new file mode 100644 index 00000000000..28ccf30a1da --- /dev/null +++ b/queue-5.5/pstore-pstore_ftrace_seq_next-should-increase-position-index.patch @@ -0,0 +1,81 @@ +From 6c871b7314dde9ab64f20de8f5aa3d01be4518e8 Mon Sep 17 00:00:00 2001 +From: Vasily Averin +Date: Tue, 25 Feb 2020 11:11:20 +0300 +Subject: pstore: pstore_ftrace_seq_next should increase position index + +From: Vasily Averin + +commit 6c871b7314dde9ab64f20de8f5aa3d01be4518e8 upstream. + +In Aug 2018 NeilBrown noticed +commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") +"Some ->next functions do not increment *pos when they return NULL... +Note that such ->next functions are buggy and should be fixed. +A simple demonstration is + + dd if=/proc/swaps bs=1000 skip=1 + +Choose any block size larger than the size of /proc/swaps. This will +always show the whole last line of /proc/swaps" + +/proc/swaps output was fixed recently, however there are lot of other +affected files, and one of them is related to pstore subsystem. + +If .next function does not change position index, following .show function +will repeat output related to current position index. + +There are at least 2 related problems: +- read after lseek beyond end of file, described above by NeilBrown + "dd if= bs=1000 skip=1" will generate whole last list +- read after lseek on in middle of last line will output expected rest of + last line but then repeat whole last line once again. + +If .show() function generates multy-line output (like +pstore_ftrace_seq_show() does ?) following bash script cycles endlessly + + $ q=;while read -r r;do echo "$((++q)) $r";done < AFFECTED_FILE + +Unfortunately I'm not familiar enough to pstore subsystem and was unable +to find affected pstore-related file on my test node. + +If .next function does not change position index, following .show function +will repeat output related to current position index. + +Cc: stable@vger.kernel.org +Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...") +Link: https://bugzilla.kernel.org/show_bug.cgi?id=206283 +Signed-off-by: Vasily Averin +Link: https://lore.kernel.org/r/4e49830d-4c88-0171-ee24-1ee540028dad@virtuozzo.com +[kees: with robustness tweak from Joel Fernandes ] +Signed-off-by: Kees Cook +Signed-off-by: Greg Kroah-Hartman + +--- + fs/pstore/inode.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/pstore/inode.c ++++ b/fs/pstore/inode.c +@@ -87,11 +87,11 @@ static void *pstore_ftrace_seq_next(stru + struct pstore_private *ps = s->private; + struct pstore_ftrace_seq_data *data = v; + ++ (*pos)++; + data->off += REC_SIZE; + if (data->off + REC_SIZE > ps->total_size) + return NULL; + +- (*pos)++; + return data; + } + +@@ -101,6 +101,9 @@ static int pstore_ftrace_seq_show(struct + struct pstore_ftrace_seq_data *data = v; + struct pstore_ftrace_record *rec; + ++ if (!data) ++ return 0; ++ + rec = (struct pstore_ftrace_record *)(ps->record->buf + data->off); + + seq_printf(s, "CPU:%d ts:%llu %08lx %08lx %ps <- %pS\n", diff --git a/queue-5.5/rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch b/queue-5.5/rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch new file mode 100644 index 00000000000..6c14e21da59 --- /dev/null +++ b/queue-5.5/rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch @@ -0,0 +1,122 @@ +From 127e29815b4b2206c0a97ac1d83f92ffc0e25c34 Mon Sep 17 00:00:00 2001 +From: "Paul E. McKenney" +Date: Tue, 11 Feb 2020 06:17:33 -0800 +Subject: rcu: Make rcu_barrier() account for offline no-CBs CPUs + +From: Paul E. McKenney + +commit 127e29815b4b2206c0a97ac1d83f92ffc0e25c34 upstream. + +Currently, rcu_barrier() ignores offline CPUs, However, it is possible +for an offline no-CBs CPU to have callbacks queued, and rcu_barrier() +must wait for those callbacks. This commit therefore makes rcu_barrier() +directly invoke the rcu_barrier_func() with interrupts disabled for such +CPUs. This requires passing the CPU number into this function so that +it can entrain the rcu_barrier() callback onto the correct CPU's callback +list, given that the code must instead execute on the current CPU. + +While in the area, this commit fixes a bug where the first CPU's callback +might have been invoked before rcu_segcblist_entrain() returned, which +would also result in an early wakeup. + +Fixes: 5d6742b37727 ("rcu/nocb: Use rcu_segcblist for no-CBs CPUs") +Signed-off-by: Paul E. McKenney +[ paulmck: Apply optimization feedback from Boqun Feng. ] +Cc: # 5.5.x +Signed-off-by: Greg Kroah-Hartman + +--- + include/trace/events/rcu.h | 1 + + kernel/rcu/tree.c | 36 ++++++++++++++++++++++++------------ + 2 files changed, 25 insertions(+), 12 deletions(-) + +--- a/include/trace/events/rcu.h ++++ b/include/trace/events/rcu.h +@@ -720,6 +720,7 @@ TRACE_EVENT_RCU(rcu_torture_read, + * "Begin": rcu_barrier() started. + * "EarlyExit": rcu_barrier() piggybacked, thus early exit. + * "Inc1": rcu_barrier() piggyback check counter incremented. ++ * "OfflineNoCBQ": rcu_barrier() found offline no-CBs CPU with callbacks. + * "OnlineQ": rcu_barrier() found online CPU with callbacks. + * "OnlineNQ": rcu_barrier() found online CPU, no callbacks. + * "IRQ": An rcu_barrier_callback() callback posted on remote CPU. +--- a/kernel/rcu/tree.c ++++ b/kernel/rcu/tree.c +@@ -2888,9 +2888,10 @@ static void rcu_barrier_callback(struct + /* + * Called with preemption disabled, and from cross-cpu IRQ context. + */ +-static void rcu_barrier_func(void *unused) ++static void rcu_barrier_func(void *cpu_in) + { +- struct rcu_data *rdp = raw_cpu_ptr(&rcu_data); ++ uintptr_t cpu = (uintptr_t)cpu_in; ++ struct rcu_data *rdp = per_cpu_ptr(&rcu_data, cpu); + + rcu_barrier_trace(TPS("IRQ"), -1, rcu_state.barrier_sequence); + rdp->barrier_head.func = rcu_barrier_callback; +@@ -2917,7 +2918,7 @@ static void rcu_barrier_func(void *unuse + */ + void rcu_barrier(void) + { +- int cpu; ++ uintptr_t cpu; + struct rcu_data *rdp; + unsigned long s = rcu_seq_snap(&rcu_state.barrier_sequence); + +@@ -2940,13 +2941,14 @@ void rcu_barrier(void) + rcu_barrier_trace(TPS("Inc1"), -1, rcu_state.barrier_sequence); + + /* +- * Initialize the count to one rather than to zero in order to +- * avoid a too-soon return to zero in case of a short grace period +- * (or preemption of this task). Exclude CPU-hotplug operations +- * to ensure that no offline CPU has callbacks queued. ++ * Initialize the count to two rather than to zero in order ++ * to avoid a too-soon return to zero in case of an immediate ++ * invocation of the just-enqueued callback (or preemption of ++ * this task). Exclude CPU-hotplug operations to ensure that no ++ * offline non-offloaded CPU has callbacks queued. + */ + init_completion(&rcu_state.barrier_completion); +- atomic_set(&rcu_state.barrier_cpu_count, 1); ++ atomic_set(&rcu_state.barrier_cpu_count, 2); + get_online_cpus(); + + /* +@@ -2956,13 +2958,23 @@ void rcu_barrier(void) + */ + for_each_possible_cpu(cpu) { + rdp = per_cpu_ptr(&rcu_data, cpu); +- if (!cpu_online(cpu) && ++ if (cpu_is_offline(cpu) && + !rcu_segcblist_is_offloaded(&rdp->cblist)) + continue; +- if (rcu_segcblist_n_cbs(&rdp->cblist)) { ++ if (rcu_segcblist_n_cbs(&rdp->cblist) && cpu_online(cpu)) { + rcu_barrier_trace(TPS("OnlineQ"), cpu, + rcu_state.barrier_sequence); +- smp_call_function_single(cpu, rcu_barrier_func, NULL, 1); ++ smp_call_function_single(cpu, rcu_barrier_func, (void *)cpu, 1); ++ } else if (rcu_segcblist_n_cbs(&rdp->cblist) && ++ cpu_is_offline(cpu)) { ++ rcu_barrier_trace(TPS("OfflineNoCBQ"), cpu, ++ rcu_state.barrier_sequence); ++ local_irq_disable(); ++ rcu_barrier_func((void *)cpu); ++ local_irq_enable(); ++ } else if (cpu_is_offline(cpu)) { ++ rcu_barrier_trace(TPS("OfflineNoCBNoQ"), cpu, ++ rcu_state.barrier_sequence); + } else { + rcu_barrier_trace(TPS("OnlineNQ"), cpu, + rcu_state.barrier_sequence); +@@ -2974,7 +2986,7 @@ void rcu_barrier(void) + * Now that we have an rcu_barrier_callback() callback on each + * CPU, and thus each counted, remove the initial count. + */ +- if (atomic_dec_and_test(&rcu_state.barrier_cpu_count)) ++ if (atomic_sub_and_test(2, &rcu_state.barrier_cpu_count)) + complete(&rcu_state.barrier_completion); + + /* Wait for all rcu_barrier_callback() callbacks to be invoked. */ diff --git a/queue-5.5/sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch b/queue-5.5/sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch new file mode 100644 index 00000000000..6aacd8ae82a --- /dev/null +++ b/queue-5.5/sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch @@ -0,0 +1,91 @@ +From 5e958e4aacf44e1cc98b0d88d8e66e98f03bbf66 Mon Sep 17 00:00:00 2001 +From: Sowjanya Komatineni +Date: Wed, 11 Mar 2020 08:47:54 -0700 +Subject: sdhci: tegra: Implement Tegra specific set_timeout callback + +From: Sowjanya Komatineni + +commit 5e958e4aacf44e1cc98b0d88d8e66e98f03bbf66 upstream. + +Tegra host supports HW busy detection and timeouts based on the +count programmed in SDHCI_TIMEOUT_CONTROL register and max busy +timeout it supports is 11s in finite busy wait mode. + +Some operations like SLEEP_AWAKE, ERASE and flush cache through +SWITCH commands take longer than 11s and Tegra host supports +infinite HW busy wait mode where HW waits forever till the card +is busy without HW timeout. + +This patch implements Tegra specific set_timeout sdhci_ops to allow +switching between finite and infinite HW busy detection wait modes +based on the device command expected operation time. + +Signed-off-by: Sowjanya Komatineni +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/1583941675-9884-1-git-send-email-skomatineni@nvidia.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +diff --git a/drivers/mmc/host/sdhci-tegra.c b/drivers/mmc/host/sdhci-tegra.c +index a25c3a4d3f6c..fa8f6a4dcc7c 100644 +--- a/drivers/mmc/host/sdhci-tegra.c ++++ b/drivers/mmc/host/sdhci-tegra.c +@@ -45,6 +45,7 @@ + #define SDHCI_TEGRA_CAP_OVERRIDES_DQS_TRIM_SHIFT 8 + + #define SDHCI_TEGRA_VENDOR_MISC_CTRL 0x120 ++#define SDHCI_MISC_CTRL_ERASE_TIMEOUT_LIMIT BIT(0) + #define SDHCI_MISC_CTRL_ENABLE_SDR104 0x8 + #define SDHCI_MISC_CTRL_ENABLE_SDR50 0x10 + #define SDHCI_MISC_CTRL_ENABLE_SDHCI_SPEC_300 0x20 +@@ -1227,6 +1228,34 @@ static u32 sdhci_tegra_cqhci_irq(struct sdhci_host *host, u32 intmask) + return 0; + } + ++static void tegra_sdhci_set_timeout(struct sdhci_host *host, ++ struct mmc_command *cmd) ++{ ++ u32 val; ++ ++ /* ++ * HW busy detection timeout is based on programmed data timeout ++ * counter and maximum supported timeout is 11s which may not be ++ * enough for long operations like cache flush, sleep awake, erase. ++ * ++ * ERASE_TIMEOUT_LIMIT bit of VENDOR_MISC_CTRL register allows ++ * host controller to wait for busy state until the card is busy ++ * without HW timeout. ++ * ++ * So, use infinite busy wait mode for operations that may take ++ * more than maximum HW busy timeout of 11s otherwise use finite ++ * busy wait mode. ++ */ ++ val = sdhci_readl(host, SDHCI_TEGRA_VENDOR_MISC_CTRL); ++ if (cmd && cmd->busy_timeout >= 11 * HZ) ++ val |= SDHCI_MISC_CTRL_ERASE_TIMEOUT_LIMIT; ++ else ++ val &= ~SDHCI_MISC_CTRL_ERASE_TIMEOUT_LIMIT; ++ sdhci_writel(host, val, SDHCI_TEGRA_VENDOR_MISC_CTRL); ++ ++ __sdhci_set_timeout(host, cmd); ++} ++ + static const struct cqhci_host_ops sdhci_tegra_cqhci_ops = { + .write_l = tegra_cqhci_writel, + .enable = sdhci_tegra_cqe_enable, +@@ -1366,6 +1395,7 @@ static const struct sdhci_ops tegra210_sdhci_ops = { + .set_uhs_signaling = tegra_sdhci_set_uhs_signaling, + .voltage_switch = tegra_sdhci_voltage_switch, + .get_max_clock = tegra_sdhci_get_max_clock, ++ .set_timeout = tegra_sdhci_set_timeout, + }; + + static const struct sdhci_pltfm_data sdhci_tegra210_pdata = { +@@ -1403,6 +1433,7 @@ static const struct sdhci_ops tegra186_sdhci_ops = { + .voltage_switch = tegra_sdhci_voltage_switch, + .get_max_clock = tegra_sdhci_get_max_clock, + .irq = sdhci_tegra_cqhci_irq, ++ .set_timeout = tegra_sdhci_set_timeout, + }; + + static const struct sdhci_pltfm_data sdhci_tegra186_pdata = { diff --git a/queue-5.5/series b/queue-5.5/series index d36905496b0..f8bd2889517 100644 --- a/queue-5.5/series +++ b/queue-5.5/series @@ -122,3 +122,14 @@ tpm-tpm1_bios_measurements_next-should-increase-position-index.patch tpm-tpm2_bios_measurements_next-should-increase-position-index.patch keys-reaching-the-keys-quotas-correctly.patch mmc-mmci_sdmmc-fix-clear-busyd0end-irq-flag.patch +rcu-make-rcu_barrier-account-for-offline-no-cbs-cpus.patch +cpu-hotplug-ignore-pm_wakeup_pending-for-disable_nonboot_cpus.patch +genirq-debugfs-add-missing-sanity-checks-to-interrupt-injection.patch +irqchip-versatile-fpga-apply-clear-mask-earlier.patch +io_uring-remove-bogus-rlimit_nofile-check-in-file-registration.patch +pstore-pstore_ftrace_seq_next-should-increase-position-index.patch +mips-tlbex-fix-lddir-usage-in-setup_pw-for-loongson-3.patch +mips-octeon-irq-fix-potential-null-pointer-dereference.patch +pm-domains-allow-no-domain-idle-states-dt-property-in-genpd-when-parsing.patch +pm-sleep-wakeup-skip-wakeup_source_sysfs_remove-if-device-is-not-there.patch +sdhci-tegra-implement-tegra-specific-set_timeout-callback.patch -- 2.47.3