From 278474d93d22a69b87e3cc0c82b0fdccb011e493 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 22 Jun 2020 20:01:45 +0200 Subject: [PATCH] 5.7-stable patches added patches: arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch ext4-avoid-utf8_strncasecmp-with-unstable-name.patch ext4-fix-partial-cluster-initialization-when-splitting-extent.patch ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch sh-convert-iounmap-macros-to-inline-functions.patch --- ...d129x-carve-out-boot-rom-from-memory.patch | 152 ++++++++++++++++ ...-use-reserved-memory-for-rpc-regions.patch | 98 +++++++++++ ...-utf8_strncasecmp-with-unstable-name.patch | 65 +++++++ ...initialization-when-splitting-extent.patch | 118 +++++++++++++ ...n-jbd2-abort-and-ext4-error-handlers.patch | 162 ++++++++++++++++++ ...inks-for-eagain-error-in-iopoll-mode.patch | 33 ++++ ...condition-against-req_f_need_cleanup.patch | 60 +++++++ queue-5.7/series | 8 + ...t-iounmap-macros-to-inline-functions.patch | 40 +++++ 9 files changed, 736 insertions(+) create mode 100644 queue-5.7/arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch create mode 100644 queue-5.7/arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch create mode 100644 queue-5.7/ext4-avoid-utf8_strncasecmp-with-unstable-name.patch create mode 100644 queue-5.7/ext4-fix-partial-cluster-initialization-when-splitting-extent.patch create mode 100644 queue-5.7/ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch create mode 100644 queue-5.7/io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch create mode 100644 queue-5.7/io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch create mode 100644 queue-5.7/sh-convert-iounmap-macros-to-inline-functions.patch diff --git a/queue-5.7/arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch b/queue-5.7/arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch new file mode 100644 index 00000000000..560d7176398 --- /dev/null +++ b/queue-5.7/arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch @@ -0,0 +1,152 @@ +From 3040e132beda2aee56e6ea9be8db69889bcb2e7a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Sat, 30 Nov 2019 19:20:53 +0100 +Subject: arm64: dts: realtek: rtd129x: Carve out boot ROM from memory +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Andreas Färber + +commit 3040e132beda2aee56e6ea9be8db69889bcb2e7a upstream. + +Update DS418j, MeLE V9, PROBOX2 AVA, Zidoo X9S and DS418 /memory nodes +to exclude 0..0x1efff from reg entry and update unit address to match. +Add this region to /soc ranges and for now just update the /memreserve/s. + +Suggested-by: Rob Herring +Fixes: 72a7786c0a0d ("ARM64: dts: Add Realtek RTD1295 and Zidoo X9S") +Fixes: d938a964a966 ("arm64: dts: realtek: Add ProBox2 Ava") +Fixes: a9ce6f854581 ("arm64: dts: realtek: Add MeLE V9") +Fixes: cf976f660ee8 ("arm64: dts: realtek: Add RTD1293 and Synology DS418j") +Fixes: 5133636e41a2 ("arm64: dts: realtek: Add RTD1296 and Synology DS418") +Cc: James Tai +Signed-off-by: Andreas Färber +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/realtek/rtd1293-ds418j.dts | 6 +++--- + arch/arm64/boot/dts/realtek/rtd1295-mele-v9.dts | 6 +++--- + arch/arm64/boot/dts/realtek/rtd1295-probox2-ava.dts | 6 +++--- + arch/arm64/boot/dts/realtek/rtd1295-zidoo-x9s.dts | 4 ++-- + arch/arm64/boot/dts/realtek/rtd1296-ds418.dts | 4 ++-- + arch/arm64/boot/dts/realtek/rtd129x.dtsi | 9 +++++---- + 6 files changed, 18 insertions(+), 17 deletions(-) + +--- a/arch/arm64/boot/dts/realtek/rtd1293-ds418j.dts ++++ b/arch/arm64/boot/dts/realtek/rtd1293-ds418j.dts +@@ -1,6 +1,6 @@ + // SPDX-License-Identifier: (GPL-2.0-or-later OR BSD-2-Clause) + /* +- * Copyright (c) 2017 Andreas Färber ++ * Copyright (c) 2017-2019 Andreas Färber + */ + + /dts-v1/; +@@ -11,9 +11,9 @@ + compatible = "synology,ds418j", "realtek,rtd1293"; + model = "Synology DiskStation DS418j"; + +- memory@0 { ++ memory@1f000 { + device_type = "memory"; +- reg = <0x0 0x40000000>; ++ reg = <0x1f000 0x3ffe1000>; /* boot ROM to 1 GiB */ + }; + + aliases { +--- a/arch/arm64/boot/dts/realtek/rtd1295-mele-v9.dts ++++ b/arch/arm64/boot/dts/realtek/rtd1295-mele-v9.dts +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2017 Andreas Färber ++ * Copyright (c) 2017-2019 Andreas Färber + * + * SPDX-License-Identifier: (GPL-2.0+ OR MIT) + */ +@@ -12,9 +12,9 @@ + compatible = "mele,v9", "realtek,rtd1295"; + model = "MeLE V9"; + +- memory@0 { ++ memory@1f000 { + device_type = "memory"; +- reg = <0x0 0x80000000>; ++ reg = <0x1f000 0x7ffe1000>; /* boot ROM to 2 GiB */ + }; + + aliases { +--- a/arch/arm64/boot/dts/realtek/rtd1295-probox2-ava.dts ++++ b/arch/arm64/boot/dts/realtek/rtd1295-probox2-ava.dts +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2017 Andreas Färber ++ * Copyright (c) 2017-2019 Andreas Färber + * + * SPDX-License-Identifier: (GPL-2.0+ OR MIT) + */ +@@ -12,9 +12,9 @@ + compatible = "probox2,ava", "realtek,rtd1295"; + model = "PROBOX2 AVA"; + +- memory@0 { ++ memory@1f000 { + device_type = "memory"; +- reg = <0x0 0x80000000>; ++ reg = <0x1f000 0x7ffe1000>; /* boot ROM to 2 GiB */ + }; + + aliases { +--- a/arch/arm64/boot/dts/realtek/rtd1295-zidoo-x9s.dts ++++ b/arch/arm64/boot/dts/realtek/rtd1295-zidoo-x9s.dts +@@ -11,9 +11,9 @@ + compatible = "zidoo,x9s", "realtek,rtd1295"; + model = "Zidoo X9S"; + +- memory@0 { ++ memory@1f000 { + device_type = "memory"; +- reg = <0x0 0x80000000>; ++ reg = <0x1f000 0x7ffe1000>; /* boot ROM to 2 GiB */ + }; + + aliases { +--- a/arch/arm64/boot/dts/realtek/rtd1296-ds418.dts ++++ b/arch/arm64/boot/dts/realtek/rtd1296-ds418.dts +@@ -11,9 +11,9 @@ + compatible = "synology,ds418", "realtek,rtd1296"; + model = "Synology DiskStation DS418"; + +- memory@0 { ++ memory@1f000 { + device_type = "memory"; +- reg = <0x0 0x80000000>; ++ reg = <0x1f000 0x7ffe1000>; /* boot ROM to 2 GiB */ + }; + + aliases { +--- a/arch/arm64/boot/dts/realtek/rtd129x.dtsi ++++ b/arch/arm64/boot/dts/realtek/rtd129x.dtsi +@@ -5,8 +5,8 @@ + * Copyright (c) 2016-2019 Andreas Färber + */ + +-/memreserve/ 0x0000000000000000 0x0000000000030000; +-/memreserve/ 0x0000000000030000 0x00000000000d0000; ++/memreserve/ 0x0000000000000000 0x000000000001f000; ++/memreserve/ 0x000000000001f000 0x00000000000e1000; + /memreserve/ 0x0000000001b00000 0x00000000004be000; + + #include +@@ -52,8 +52,9 @@ + compatible = "simple-bus"; + #address-cells = <1>; + #size-cells = <1>; +- /* Exclude up to 2 GiB of RAM */ +- ranges = <0x80000000 0x80000000 0x80000000>; ++ ranges = <0x00000000 0x00000000 0x0001f000>, /* boot ROM */ ++ /* Exclude up to 2 GiB of RAM */ ++ <0x80000000 0x80000000 0x80000000>; + + reset1: reset-controller@98000000 { + compatible = "snps,dw-low-reset"; diff --git a/queue-5.7/arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch b/queue-5.7/arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch new file mode 100644 index 00000000000..8970a54604c --- /dev/null +++ b/queue-5.7/arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch @@ -0,0 +1,98 @@ +From 690677c22d5fa5dfdaa609a1739b75fdfb1c4a24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Andreas=20F=C3=A4rber?= +Date: Sun, 10 Nov 2019 07:02:43 +0100 +Subject: arm64: dts: realtek: rtd129x: Use reserved-memory for RPC regions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Andreas Färber + +commit 690677c22d5fa5dfdaa609a1739b75fdfb1c4a24 upstream. + +Move /reserved-memory node from RTD1295 to RTD129x DT. +Convert RPC /memreserve/s into /reserved-memory nodes. + +Fixes: 72a7786c0a0d ("ARM64: dts: Add Realtek RTD1295 and Zidoo X9S") +Fixes: f8b3436dad5c ("arm64: dts: realtek: Factor out common RTD129x parts") +Signed-off-by: Andreas Färber +Signed-off-by: Greg Kroah-Hartman + +--- + arch/arm64/boot/dts/realtek/rtd1295.dtsi | 13 +------------ + arch/arm64/boot/dts/realtek/rtd129x.dtsi | 23 ++++++++++++++++++++--- + 2 files changed, 21 insertions(+), 15 deletions(-) + +--- a/arch/arm64/boot/dts/realtek/rtd1295.dtsi ++++ b/arch/arm64/boot/dts/realtek/rtd1295.dtsi +@@ -2,7 +2,7 @@ + /* + * Realtek RTD1295 SoC + * +- * Copyright (c) 2016-2017 Andreas Färber ++ * Copyright (c) 2016-2019 Andreas Färber + */ + + #include "rtd129x.dtsi" +@@ -47,17 +47,6 @@ + }; + }; + +- reserved-memory { +- #address-cells = <1>; +- #size-cells = <1>; +- ranges; +- +- tee@10100000 { +- reg = <0x10100000 0xf00000>; +- no-map; +- }; +- }; +- + timer { + compatible = "arm,armv8-timer"; + interrupts = + #include +@@ -19,6 +17,25 @@ + #address-cells = <1>; + #size-cells = <1>; + ++ reserved-memory { ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ranges; ++ ++ rpc_comm: rpc@1f000 { ++ reg = <0x1f000 0x1000>; ++ }; ++ ++ rpc_ringbuf: rpc@1ffe000 { ++ reg = <0x1ffe000 0x4000>; ++ }; ++ ++ tee: tee@10100000 { ++ reg = <0x10100000 0xf00000>; ++ no-map; ++ }; ++ }; ++ + arm_pmu: arm-pmu { + compatible = "arm,cortex-a53-pmu"; + interrupts = ; diff --git a/queue-5.7/ext4-avoid-utf8_strncasecmp-with-unstable-name.patch b/queue-5.7/ext4-avoid-utf8_strncasecmp-with-unstable-name.patch new file mode 100644 index 00000000000..7f8629a94c3 --- /dev/null +++ b/queue-5.7/ext4-avoid-utf8_strncasecmp-with-unstable-name.patch @@ -0,0 +1,65 @@ +From 2ce3ee931a097e9720310db3f09c01c825a4580c Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 1 Jun 2020 13:05:43 -0700 +Subject: ext4: avoid utf8_strncasecmp() with unstable name + +From: Eric Biggers + +commit 2ce3ee931a097e9720310db3f09c01c825a4580c upstream. + +If the dentry name passed to ->d_compare() fits in dentry::d_iname, then +it may be concurrently modified by a rename. This can cause undefined +behavior (possibly out-of-bounds memory accesses or crashes) in +utf8_strncasecmp(), since fs/unicode/ isn't written to handle strings +that may be concurrently modified. + +Fix this by first copying the filename to a stack buffer if needed. +This way we get a stable snapshot of the filename. + +Fixes: b886ee3e778e ("ext4: Support case-insensitive file name lookups") +Cc: # v5.2+ +Cc: Al Viro +Cc: Daniel Rosenberg +Cc: Gabriel Krisman Bertazi +Signed-off-by: Eric Biggers +Reviewed-by: Andreas Dilger +Link: https://lore.kernel.org/r/20200601200543.59417-1-ebiggers@kernel.org +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/dir.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/fs/ext4/dir.c ++++ b/fs/ext4/dir.c +@@ -675,6 +675,7 @@ static int ext4_d_compare(const struct d + struct qstr qstr = {.name = str, .len = len }; + const struct dentry *parent = READ_ONCE(dentry->d_parent); + const struct inode *inode = READ_ONCE(parent->d_inode); ++ char strbuf[DNAME_INLINE_LEN]; + + if (!inode || !IS_CASEFOLDED(inode) || + !EXT4_SB(inode->i_sb)->s_encoding) { +@@ -683,6 +684,21 @@ static int ext4_d_compare(const struct d + return memcmp(str, name->name, len); + } + ++ /* ++ * If the dentry name is stored in-line, then it may be concurrently ++ * modified by a rename. If this happens, the VFS will eventually retry ++ * the lookup, so it doesn't matter what ->d_compare() returns. ++ * However, it's unsafe to call utf8_strncasecmp() with an unstable ++ * string. Therefore, we have to copy the name into a temporary buffer. ++ */ ++ if (len <= DNAME_INLINE_LEN - 1) { ++ memcpy(strbuf, str, len); ++ strbuf[len] = 0; ++ qstr.name = strbuf; ++ /* prevent compiler from optimizing out the temporary buffer */ ++ barrier(); ++ } ++ + return ext4_ci_compare(inode, name, &qstr, false); + } + diff --git a/queue-5.7/ext4-fix-partial-cluster-initialization-when-splitting-extent.patch b/queue-5.7/ext4-fix-partial-cluster-initialization-when-splitting-extent.patch new file mode 100644 index 00000000000..2f6dcdb29b8 --- /dev/null +++ b/queue-5.7/ext4-fix-partial-cluster-initialization-when-splitting-extent.patch @@ -0,0 +1,118 @@ +From cfb3c85a600c6aa25a2581b3c1c4db3460f14e46 Mon Sep 17 00:00:00 2001 +From: Jeffle Xu +Date: Fri, 22 May 2020 12:18:44 +0800 +Subject: ext4: fix partial cluster initialization when splitting extent + +From: Jeffle Xu + +commit cfb3c85a600c6aa25a2581b3c1c4db3460f14e46 upstream. + +Fix the bug when calculating the physical block number of the first +block in the split extent. + +This bug will cause xfstests shared/298 failure on ext4 with bigalloc +enabled occasionally. Ext4 error messages indicate that previously freed +blocks are being freed again, and the following fsck will fail due to +the inconsistency of block bitmap and bg descriptor. + +The following is an example case: + +1. First, Initialize a ext4 filesystem with cluster size '16K', block size +'4K', in which case, one cluster contains four blocks. + +2. Create one file (e.g., xxx.img) on this ext4 filesystem. Now the extent +tree of this file is like: + +... +36864:[0]4:220160 +36868:[0]14332:145408 +51200:[0]2:231424 +... + +3. Then execute PUNCH_HOLE fallocate on this file. The hole range is +like: + +.. +ext4_ext_remove_space: dev 254,16 ino 12 since 49506 end 49506 depth 1 +ext4_ext_remove_space: dev 254,16 ino 12 since 49544 end 49546 depth 1 +ext4_ext_remove_space: dev 254,16 ino 12 since 49605 end 49607 depth 1 +... + +4. Then the extent tree of this file after punching is like + +... +49507:[0]37:158047 +49547:[0]58:158087 +... + +5. Detailed procedure of punching hole [49544, 49546] + +5.1. The block address space: +``` +lblk ~49505 49506 49507~49543 49544~49546 49547~ + ---------+------+-------------+----------------+-------- + extent | hole | extent | hole | extent + ---------+------+-------------+----------------+-------- +pblk ~158045 158046 158047~158083 158084~158086 158087~ +``` + +5.2. The detailed layout of cluster 39521: +``` + cluster 39521 + <-------------------------------> + + hole extent + <----------------------><-------- + +lblk 49544 49545 49546 49547 + +-------+-------+-------+-------+ + | | | | | + +-------+-------+-------+-------+ +pblk 158084 1580845 158086 158087 +``` + +5.3. The ftrace output when punching hole [49544, 49546]: +- ext4_ext_remove_space (start 49544, end 49546) + - ext4_ext_rm_leaf (start 49544, end 49546, last_extent [49507(158047), 40], partial [pclu 39522 lblk 0 state 2]) + - ext4_remove_blocks (extent [49507(158047), 40], from 49544 to 49546, partial [pclu 39522 lblk 0 state 2] + - ext4_free_blocks: (block 158084 count 4) + - ext4_mballoc_free (extent 1/6753/1) + +5.4. Ext4 error message in dmesg: +EXT4-fs error (device vdb): mb_free_blocks:1457: group 1, block 158084:freeing already freed block (bit 6753); block bitmap corrupt. +EXT4-fs error (device vdb): ext4_mb_generate_buddy:747: group 1, block bitmap and bg descriptor inconsistent: 19550 vs 19551 free clusters + +In this case, the whole cluster 39521 is freed mistakenly when freeing +pblock 158084~158086 (i.e., the first three blocks of this cluster), +although pblock 158087 (the last remaining block of this cluster) has +not been freed yet. + +The root cause of this isuue is that, the pclu of the partial cluster is +calculated mistakenly in ext4_ext_remove_space(). The correct +partial_cluster.pclu (i.e., the cluster number of the first block in the +next extent, that is, lblock 49597 (pblock 158086)) should be 39521 rather +than 39522. + +Fixes: f4226d9ea400 ("ext4: fix partial cluster initialization") +Signed-off-by: Jeffle Xu +Reviewed-by: Eric Whitney +Cc: stable@kernel.org # v3.19+ +Link: https://lore.kernel.org/r/1590121124-37096-1-git-send-email-jefflexu@linux.alibaba.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/extents.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/ext4/extents.c ++++ b/fs/ext4/extents.c +@@ -2827,7 +2827,7 @@ again: + * in use to avoid freeing it when removing blocks. + */ + if (sbi->s_cluster_ratio > 1) { +- pblk = ext4_ext_pblock(ex) + end - ee_block + 2; ++ pblk = ext4_ext_pblock(ex) + end - ee_block + 1; + partial.pclu = EXT4_B2C(sbi, pblk); + partial.state = nofree; + } diff --git a/queue-5.7/ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch b/queue-5.7/ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch new file mode 100644 index 00000000000..019fbe4c5a4 --- /dev/null +++ b/queue-5.7/ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch @@ -0,0 +1,162 @@ +From 7b97d868b7ab2448859668de9222b8af43f76e78 Mon Sep 17 00:00:00 2001 +From: "zhangyi (F)" +Date: Tue, 9 Jun 2020 15:35:40 +0800 +Subject: ext4, jbd2: ensure panic by fix a race between jbd2 abort and ext4 error handlers + +From: zhangyi (F) + +commit 7b97d868b7ab2448859668de9222b8af43f76e78 upstream. + +In the ext4 filesystem with errors=panic, if one process is recording +errno in the superblock when invoking jbd2_journal_abort() due to some +error cases, it could be raced by another __ext4_abort() which is +setting the SB_RDONLY flag but missing panic because errno has not been +recorded. + +jbd2_journal_commit_transaction() + jbd2_journal_abort() + journal->j_flags |= JBD2_ABORT; + jbd2_journal_update_sb_errno() + | ext4_journal_check_start() + | __ext4_abort() + | sb->s_flags |= SB_RDONLY; + | if (!JBD2_REC_ERR) + | return; + journal->j_flags |= JBD2_REC_ERR; + +Finally, it will no longer trigger panic because the filesystem has +already been set read-only. Fix this by introduce j_abort_mutex to make +sure journal abort is completed before panic, and remove JBD2_REC_ERR +flag. + +Fixes: 4327ba52afd03 ("ext4, jbd2: ensure entering into panic after recording an error in superblock") +Signed-off-by: zhangyi (F) +Reviewed-by: Jan Kara +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20200609073540.3810702-1-yi.zhang@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman + +--- + fs/ext4/super.c | 16 +++++----------- + fs/jbd2/journal.c | 17 ++++++++++++----- + include/linux/jbd2.h | 6 +++++- + 3 files changed, 22 insertions(+), 17 deletions(-) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -522,9 +522,6 @@ static void ext4_handle_error(struct sup + smp_wmb(); + sb->s_flags |= SB_RDONLY; + } else if (test_opt(sb, ERRORS_PANIC)) { +- if (EXT4_SB(sb)->s_journal && +- !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) +- return; + panic("EXT4-fs (device %s): panic forced after error\n", + sb->s_id); + } +@@ -725,23 +722,20 @@ void __ext4_abort(struct super_block *sb + va_end(args); + + if (sb_rdonly(sb) == 0) { +- ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); + EXT4_SB(sb)->s_mount_flags |= EXT4_MF_FS_ABORTED; ++ if (EXT4_SB(sb)->s_journal) ++ jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); ++ ++ ext4_msg(sb, KERN_CRIT, "Remounting filesystem read-only"); + /* + * Make sure updated value of ->s_mount_flags will be visible + * before ->s_flags update + */ + smp_wmb(); + sb->s_flags |= SB_RDONLY; +- if (EXT4_SB(sb)->s_journal) +- jbd2_journal_abort(EXT4_SB(sb)->s_journal, -EIO); + } +- if (test_opt(sb, ERRORS_PANIC) && !system_going_down()) { +- if (EXT4_SB(sb)->s_journal && +- !(EXT4_SB(sb)->s_journal->j_flags & JBD2_REC_ERR)) +- return; ++ if (test_opt(sb, ERRORS_PANIC) && !system_going_down()) + panic("EXT4-fs panic from previous error\n"); +- } + } + + void __ext4_msg(struct super_block *sb, +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -1140,6 +1140,7 @@ static journal_t *journal_init_common(st + init_waitqueue_head(&journal->j_wait_commit); + init_waitqueue_head(&journal->j_wait_updates); + init_waitqueue_head(&journal->j_wait_reserved); ++ mutex_init(&journal->j_abort_mutex); + mutex_init(&journal->j_barrier); + mutex_init(&journal->j_checkpoint_mutex); + spin_lock_init(&journal->j_revoke_lock); +@@ -1402,7 +1403,8 @@ static int jbd2_write_superblock(journal + printk(KERN_ERR "JBD2: Error %d detected when updating " + "journal superblock for %s.\n", ret, + journal->j_devname); +- jbd2_journal_abort(journal, ret); ++ if (!is_journal_aborted(journal)) ++ jbd2_journal_abort(journal, ret); + } + + return ret; +@@ -2154,6 +2156,13 @@ void jbd2_journal_abort(journal_t *journ + transaction_t *transaction; + + /* ++ * Lock the aborting procedure until everything is done, this avoid ++ * races between filesystem's error handling flow (e.g. ext4_abort()), ++ * ensure panic after the error info is written into journal's ++ * superblock. ++ */ ++ mutex_lock(&journal->j_abort_mutex); ++ /* + * ESHUTDOWN always takes precedence because a file system check + * caused by any other journal abort error is not required after + * a shutdown triggered. +@@ -2167,6 +2176,7 @@ void jbd2_journal_abort(journal_t *journ + journal->j_errno = errno; + jbd2_journal_update_sb_errno(journal); + } ++ mutex_unlock(&journal->j_abort_mutex); + return; + } + +@@ -2188,10 +2198,7 @@ void jbd2_journal_abort(journal_t *journ + * layer could realise that a filesystem check is needed. + */ + jbd2_journal_update_sb_errno(journal); +- +- write_lock(&journal->j_state_lock); +- journal->j_flags |= JBD2_REC_ERR; +- write_unlock(&journal->j_state_lock); ++ mutex_unlock(&journal->j_abort_mutex); + } + + /** +--- a/include/linux/jbd2.h ++++ b/include/linux/jbd2.h +@@ -766,6 +766,11 @@ struct journal_s + int j_errno; + + /** ++ * @j_abort_mutex: Lock the whole aborting procedure. ++ */ ++ struct mutex j_abort_mutex; ++ ++ /** + * @j_sb_buffer: The first part of the superblock buffer. + */ + struct buffer_head *j_sb_buffer; +@@ -1247,7 +1252,6 @@ JBD2_FEATURE_INCOMPAT_FUNCS(csum3, CSUM + #define JBD2_ABORT_ON_SYNCDATA_ERR 0x040 /* Abort the journal on file + * data write error in ordered + * mode */ +-#define JBD2_REC_ERR 0x080 /* The errno in the sb has been recorded */ + + /* + * Function declarations for the journaling transaction and buffer diff --git a/queue-5.7/io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch b/queue-5.7/io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch new file mode 100644 index 00000000000..3b5cf6f732d --- /dev/null +++ b/queue-5.7/io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch @@ -0,0 +1,33 @@ +From 2d7d67920e5c8e0854df23ca77da2dd5880ce5dd Mon Sep 17 00:00:00 2001 +From: Xiaoguang Wang +Date: Tue, 16 Jun 2020 02:06:37 +0800 +Subject: io_uring: don't fail links for EAGAIN error in IOPOLL mode + +From: Xiaoguang Wang + +commit 2d7d67920e5c8e0854df23ca77da2dd5880ce5dd upstream. + +In IOPOLL mode, for EAGAIN error, we'll try to submit io request +again using io-wq, so don't fail rest of links if this io request +has links. + +Cc: stable@vger.kernel.org +Signed-off-by: Xiaoguang Wang +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -1937,7 +1937,7 @@ static void io_complete_rw_iopoll(struct + if (kiocb->ki_flags & IOCB_WRITE) + kiocb_end_write(req); + +- if (res != req->result) ++ if (res != -EAGAIN && res != req->result) + req_set_fail_links(req); + req->result = res; + if (res != -EAGAIN) diff --git a/queue-5.7/io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch b/queue-5.7/io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch new file mode 100644 index 00000000000..df8ca34199a --- /dev/null +++ b/queue-5.7/io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch @@ -0,0 +1,60 @@ +From 6f2cc1664db20676069cff27a461ccc97dbfd114 Mon Sep 17 00:00:00 2001 +From: Xiaoguang Wang +Date: Thu, 18 Jun 2020 15:01:56 +0800 +Subject: io_uring: fix possible race condition against REQ_F_NEED_CLEANUP + +From: Xiaoguang Wang + +commit 6f2cc1664db20676069cff27a461ccc97dbfd114 upstream. + +In io_read() or io_write(), when io request is submitted successfully, +it'll go through the below sequence: + + kfree(iovec); + req->flags &= ~REQ_F_NEED_CLEANUP; + return ret; + +But clearing REQ_F_NEED_CLEANUP might be unsafe. The io request may +already have been completed, and then io_complete_rw_iopoll() +and io_complete_rw() will be called, both of which will also modify +req->flags if needed. This causes a race condition, with concurrent +non-atomic modification of req->flags. + +To eliminate this race, in io_read() or io_write(), if io request is +submitted successfully, we don't remove REQ_F_NEED_CLEANUP flag. If +REQ_F_NEED_CLEANUP is set, we'll leave __io_req_aux_free() to the +iovec cleanup work correspondingly. + +Cc: stable@vger.kernel.org +Signed-off-by: Xiaoguang Wang +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -2609,8 +2609,8 @@ copy_iov: + } + } + out_free: +- kfree(iovec); +- req->flags &= ~REQ_F_NEED_CLEANUP; ++ if (!(req->flags & REQ_F_NEED_CLEANUP)) ++ kfree(iovec); + return ret; + } + +@@ -2732,8 +2732,8 @@ copy_iov: + } + } + out_free: +- req->flags &= ~REQ_F_NEED_CLEANUP; +- kfree(iovec); ++ if (!(req->flags & REQ_F_NEED_CLEANUP)) ++ kfree(iovec); + return ret; + } + diff --git a/queue-5.7/series b/queue-5.7/series index d523fc819e2..9b29a20287f 100644 --- a/queue-5.7/series +++ b/queue-5.7/series @@ -414,3 +414,11 @@ arm64-hw_breakpoint-don-t-invoke-overflow-handler-on.patch libata-use-per-port-sync-for-detach.patch drm-encoder_slave-fix-refcouting-error-for-modules.patch pinctrl-qcom-ipq6018-add-missing-pins-in-qpic-pin-gr.patch +io_uring-don-t-fail-links-for-eagain-error-in-iopoll-mode.patch +io_uring-fix-possible-race-condition-against-req_f_need_cleanup.patch +ext4-fix-partial-cluster-initialization-when-splitting-extent.patch +ext4-avoid-utf8_strncasecmp-with-unstable-name.patch +ext4-jbd2-ensure-panic-by-fix-a-race-between-jbd2-abort-and-ext4-error-handlers.patch +arm64-dts-realtek-rtd129x-use-reserved-memory-for-rpc-regions.patch +arm64-dts-realtek-rtd129x-carve-out-boot-rom-from-memory.patch +sh-convert-iounmap-macros-to-inline-functions.patch diff --git a/queue-5.7/sh-convert-iounmap-macros-to-inline-functions.patch b/queue-5.7/sh-convert-iounmap-macros-to-inline-functions.patch new file mode 100644 index 00000000000..8bb564e2ad7 --- /dev/null +++ b/queue-5.7/sh-convert-iounmap-macros-to-inline-functions.patch @@ -0,0 +1,40 @@ +From 4580ba4ad2e6b8ddaada3db61d179d4dfac12047 Mon Sep 17 00:00:00 2001 +From: Kuninori Morimoto +Date: Mon, 20 Jan 2020 10:22:17 +0900 +Subject: sh: Convert iounmap() macros to inline functions + +From: Kuninori Morimoto + +commit 4580ba4ad2e6b8ddaada3db61d179d4dfac12047 upstream. + +Macro iounmap() do nothing, but that results in +unused variable warnings all over the place. +This patch convert it to inline to avoid warning + +We will get this warning without this patch + + ${LINUX}/drivers/thermal/broadcom/ns-thermal.c:78:21: \ + warning: unused variable 'ns_thermal' [-Wunused-variable] + struct ns_thermal *ns_thermal = platform_get_drvdata(pdev); + ^~~~~~~~~~ + +Fixes: 98c90e5ea34e9 ("sh: remove __iounmap") +Signed-off-by: Kuninori Morimoto +Signed-off-by: Rich Felker +Signed-off-by: Greg Kroah-Hartman + +--- + arch/sh/include/asm/io.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sh/include/asm/io.h ++++ b/arch/sh/include/asm/io.h +@@ -328,7 +328,7 @@ __ioremap_mode(phys_addr_t offset, unsig + #else + #define __ioremap(offset, size, prot) ((void __iomem *)(offset)) + #define __ioremap_mode(offset, size, prot) ((void __iomem *)(offset)) +-#define iounmap(addr) do { } while (0) ++static inline void iounmap(void __iomem *addr) {} + #endif /* CONFIG_MMU */ + + static inline void __iomem *ioremap(phys_addr_t offset, unsigned long size) -- 2.47.3