From 4dc7daaeda26885f70a2375b041073ca772adb06 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 1 Mar 2021 13:59:19 +0100 Subject: [PATCH] 4.19-stable patches added patches: arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch floppy-reintroduce-o_ndelay-fix.patch fs-affs-release-old-buffer-head-on-error-path.patch hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch seq_file-document-how-per-entry-resources-are-managed.patch watchdog-mei_wdt-request-stop-on-unregister.patch x86-fix-seq_file-iteration-for-pat-memtype.c.patch --- ...supp-for-aarch32-instruction-probing.patch | 38 +++++++ .../floppy-reintroduce-o_ndelay-fix.patch | 81 +++++++++++++++ ...elease-old-buffer-head-on-error-path.patch | 35 +++++++ ...m_user-contig-page-struct-assumption.patch | 67 +++++++++++++ ...tween-probe-and-available_slots_show.patch | 98 +++++++++++++++++++ ...-sfc-put-child-node-np-on-error-path.patch | 36 +++++++ ...-how-per-entry-resources-are-managed.patch | 83 ++++++++++++++++ queue-4.19/series | 9 ++ ...g-mei_wdt-request-stop-on-unregister.patch | 43 ++++++++ ...seq_file-iteration-for-pat-memtype.c.patch | 67 +++++++++++++ 10 files changed, 557 insertions(+) create mode 100644 queue-4.19/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch create mode 100644 queue-4.19/floppy-reintroduce-o_ndelay-fix.patch create mode 100644 queue-4.19/fs-affs-release-old-buffer-head-on-error-path.patch create mode 100644 queue-4.19/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch create mode 100644 queue-4.19/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch create mode 100644 queue-4.19/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch create mode 100644 queue-4.19/seq_file-document-how-per-entry-resources-are-managed.patch create mode 100644 queue-4.19/watchdog-mei_wdt-request-stop-on-unregister.patch create mode 100644 queue-4.19/x86-fix-seq_file-iteration-for-pat-memtype.c.patch diff --git a/queue-4.19/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch b/queue-4.19/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch new file mode 100644 index 00000000000..7048f3537bd --- /dev/null +++ b/queue-4.19/arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch @@ -0,0 +1,38 @@ +From d47422d953e258ad587b5edf2274eb95d08bdc7d Mon Sep 17 00:00:00 2001 +From: He Zhe +Date: Tue, 23 Feb 2021 16:25:34 +0800 +Subject: arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing + +From: He Zhe + +commit d47422d953e258ad587b5edf2274eb95d08bdc7d upstream. + +As stated in linux/errno.h, ENOTSUPP should never be seen by user programs. +When we set up uprobe with 32-bit perf and arm64 kernel, we would see the +following vague error without useful hint. + +The sys_perf_event_open() syscall returned with 524 (INTERNAL ERROR: +strerror_r(524, [buf], 128)=22) + +Use EOPNOTSUPP instead to indicate such cases. + +Signed-off-by: He Zhe +Link: https://lore.kernel.org/r/20210223082535.48730-1-zhe.he@windriver.com +Cc: +Signed-off-by: Will Deacon +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/probes/uprobes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/probes/uprobes.c ++++ b/arch/arm64/kernel/probes/uprobes.c +@@ -41,7 +41,7 @@ int arch_uprobe_analyze_insn(struct arch + + /* TODO: Currently we do not support AARCH32 instruction probing */ + if (mm->context.flags & MMCF_AARCH32) +- return -ENOTSUPP; ++ return -EOPNOTSUPP; + else if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) + return -EINVAL; + diff --git a/queue-4.19/floppy-reintroduce-o_ndelay-fix.patch b/queue-4.19/floppy-reintroduce-o_ndelay-fix.patch new file mode 100644 index 00000000000..47b7ec1fcb4 --- /dev/null +++ b/queue-4.19/floppy-reintroduce-o_ndelay-fix.patch @@ -0,0 +1,81 @@ +From 8a0c014cd20516ade9654fc13b51345ec58e7be8 Mon Sep 17 00:00:00 2001 +From: Jiri Kosina +Date: Fri, 22 Jan 2021 12:13:20 +0100 +Subject: floppy: reintroduce O_NDELAY fix + +From: Jiri Kosina + +commit 8a0c014cd20516ade9654fc13b51345ec58e7be8 upstream. + +This issue was originally fixed in 09954bad4 ("floppy: refactor open() +flags handling"). + +The fix as a side-effect, however, introduce issue for open(O_ACCMODE) +that is being used for ioctl-only open. I wrote a fix for that, but +instead of it being merged, full revert of 09954bad4 was performed, +re-introducing the O_NDELAY / O_NONBLOCK issue, and it strikes again. + +This is a forward-port of the original fix to current codebase; the +original submission had the changelog below: + +==== +Commit 09954bad4 ("floppy: refactor open() flags handling"), as a +side-effect, causes open(/dev/fdX, O_ACCMODE) to fail. It turns out that +this is being used setfdprm userspace for ioctl-only open(). + +Reintroduce back the original behavior wrt !(FMODE_READ|FMODE_WRITE) +modes, while still keeping the original O_NDELAY bug fixed. + +Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2101221209060.5622@cbobk.fhfr.pm +Cc: stable@vger.kernel.org +Reported-by: Wim Osterholt +Tested-by: Wim Osterholt +Reported-and-tested-by: Kurt Garloff +Fixes: 09954bad4 ("floppy: refactor open() flags handling") +Fixes: f2791e7ead ("Revert "floppy: refactor open() flags handling"") +Signed-off-by: Jiri Kosina +Signed-off-by: Denis Efremov +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/block/floppy.c | 27 ++++++++++++++------------- + 1 file changed, 14 insertions(+), 13 deletions(-) + +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -4074,21 +4074,22 @@ static int floppy_open(struct block_devi + if (UFDCS->rawcmd == 1) + UFDCS->rawcmd = 2; + +- if (!(mode & FMODE_NDELAY)) { +- if (mode & (FMODE_READ|FMODE_WRITE)) { +- UDRS->last_checked = 0; +- clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); +- check_disk_change(bdev); +- if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) +- goto out; +- if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) +- goto out; +- } +- res = -EROFS; +- if ((mode & FMODE_WRITE) && +- !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) ++ if (mode & (FMODE_READ|FMODE_WRITE)) { ++ UDRS->last_checked = 0; ++ clear_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags); ++ check_disk_change(bdev); ++ if (test_bit(FD_DISK_CHANGED_BIT, &UDRS->flags)) ++ goto out; ++ if (test_bit(FD_OPEN_SHOULD_FAIL_BIT, &UDRS->flags)) + goto out; + } ++ ++ res = -EROFS; ++ ++ if ((mode & FMODE_WRITE) && ++ !test_bit(FD_DISK_WRITABLE_BIT, &UDRS->flags)) ++ goto out; ++ + mutex_unlock(&open_lock); + mutex_unlock(&floppy_mutex); + return 0; diff --git a/queue-4.19/fs-affs-release-old-buffer-head-on-error-path.patch b/queue-4.19/fs-affs-release-old-buffer-head-on-error-path.patch new file mode 100644 index 00000000000..891d03d79c3 --- /dev/null +++ b/queue-4.19/fs-affs-release-old-buffer-head-on-error-path.patch @@ -0,0 +1,35 @@ +From 70779b897395b330ba5a47bed84f94178da599f9 Mon Sep 17 00:00:00 2001 +From: Pan Bian +Date: Wed, 20 Jan 2021 00:51:13 -0800 +Subject: fs/affs: release old buffer head on error path + +From: Pan Bian + +commit 70779b897395b330ba5a47bed84f94178da599f9 upstream. + +The reference count of the old buffer head should be decremented on path +that fails to get the new buffer head. + +Fixes: 6b4657667ba0 ("fs/affs: add rename exchange") +CC: stable@vger.kernel.org # 4.14+ +Signed-off-by: Pan Bian +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/affs/namei.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/affs/namei.c ++++ b/fs/affs/namei.c +@@ -460,8 +460,10 @@ affs_xrename(struct inode *old_dir, stru + return -EIO; + + bh_new = affs_bread(sb, d_inode(new_dentry)->i_ino); +- if (!bh_new) ++ if (!bh_new) { ++ affs_brelse(bh_old); + return -EIO; ++ } + + /* Remove old header from its parent directory. */ + affs_lock_dir(old_dir); diff --git a/queue-4.19/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch b/queue-4.19/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch new file mode 100644 index 00000000000..9a8e4d9845f --- /dev/null +++ b/queue-4.19/hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch @@ -0,0 +1,67 @@ +From 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef Mon Sep 17 00:00:00 2001 +From: Mike Kravetz +Date: Wed, 24 Feb 2021 12:07:54 -0800 +Subject: hugetlb: fix copy_huge_page_from_user contig page struct assumption + +From: Mike Kravetz + +commit 3272cfc2525b3a2810a59312d7a1e6f04a0ca3ef upstream. + +page structs are not guaranteed to be contiguous for gigantic pages. The +routine copy_huge_page_from_user can encounter gigantic pages, yet it +assumes page structs are contiguous when copying pages from user space. + +Since page structs for the target gigantic page are not contiguous, the +data copied from user space could overwrite other pages not associated +with the gigantic page and cause data corruption. + +Non-contiguous page structs are generally not an issue. However, they can +exist with a specific kernel configuration and hotplug operations. For +example: Configure the kernel with CONFIG_SPARSEMEM and +!CONFIG_SPARSEMEM_VMEMMAP. Then, hotplug add memory for the area where +the gigantic page will be allocated. + +Link: https://lkml.kernel.org/r/20210217184926.33567-2-mike.kravetz@oracle.com +Fixes: 8fb5debc5fcd ("userfaultfd: hugetlbfs: add hugetlb_mcopy_atomic_pte for userfaultfd support") +Signed-off-by: Mike Kravetz +Cc: Zi Yan +Cc: Davidlohr Bueso +Cc: "Kirill A . Shutemov" +Cc: Andrea Arcangeli +Cc: Matthew Wilcox +Cc: Oscar Salvador +Cc: Joao Martins +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + mm/memory.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -4885,17 +4885,19 @@ long copy_huge_page_from_user(struct pag + void *page_kaddr; + unsigned long i, rc = 0; + unsigned long ret_val = pages_per_huge_page * PAGE_SIZE; ++ struct page *subpage = dst_page; + +- for (i = 0; i < pages_per_huge_page; i++) { ++ for (i = 0; i < pages_per_huge_page; ++ i++, subpage = mem_map_next(subpage, dst_page, i)) { + if (allow_pagefault) +- page_kaddr = kmap(dst_page + i); ++ page_kaddr = kmap(subpage); + else +- page_kaddr = kmap_atomic(dst_page + i); ++ page_kaddr = kmap_atomic(subpage); + rc = copy_from_user(page_kaddr, + (const void __user *)(src + i * PAGE_SIZE), + PAGE_SIZE); + if (allow_pagefault) +- kunmap(dst_page + i); ++ kunmap(subpage); + else + kunmap_atomic(page_kaddr); + diff --git a/queue-4.19/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch b/queue-4.19/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch new file mode 100644 index 00000000000..4fb014f0e77 --- /dev/null +++ b/queue-4.19/libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch @@ -0,0 +1,98 @@ +From foo@baz Mon Mar 1 01:45:34 PM CET 2021 +From: Dan Williams +Date: Mon, 1 Feb 2021 16:20:40 -0800 +Subject: libnvdimm/dimm: Avoid race between probe and available_slots_show() + +From: Dan Williams + +commit 7018c897c2f243d4b5f1b94bc6b4831a7eab80fb upstream + +Richard reports that the following test: + +(while true; do + cat /sys/bus/nd/devices/nmem*/available_slots 2>&1 > /dev/null + done) & + +while true; do + for i in $(seq 0 4); do + echo nmem$i > /sys/bus/nd/drivers/nvdimm/bind + done + for i in $(seq 0 4); do + echo nmem$i > /sys/bus/nd/drivers/nvdimm/unbind + done + done + +...fails with a crash signature like: + + divide error: 0000 [#1] SMP KASAN PTI + RIP: 0010:nd_label_nfree+0x134/0x1a0 [libnvdimm] + [..] + Call Trace: + available_slots_show+0x4e/0x120 [libnvdimm] + dev_attr_show+0x42/0x80 + ? memset+0x20/0x40 + sysfs_kf_seq_show+0x218/0x410 + +The root cause is that available_slots_show() consults driver-data, but +fails to synchronize against device-unbind setting up a TOCTOU race to +access uninitialized memory. + +Validate driver-data under the device-lock. + +Fixes: 4d88a97aa9e8 ("libnvdimm, nvdimm: dimm driver and base libnvdimm device-driver infrastructure") +Cc: +Cc: Vishal Verma +Cc: Dave Jiang +Cc: Ira Weiny +Cc: Coly Li +Reported-by: Richard Palethorpe +Acked-by: Richard Palethorpe +Signed-off-by: Dan Williams +[sudip: use device_lock()] +Signed-off-by: Sudip Mukherjee +Signed-off-by: Greg Kroah-Hartman +--- + drivers/nvdimm/dimm_devs.c | 18 +++++++++++++++--- + 1 file changed, 15 insertions(+), 3 deletions(-) + +--- a/drivers/nvdimm/dimm_devs.c ++++ b/drivers/nvdimm/dimm_devs.c +@@ -359,16 +359,16 @@ static ssize_t state_show(struct device + } + static DEVICE_ATTR_RO(state); + +-static ssize_t available_slots_show(struct device *dev, +- struct device_attribute *attr, char *buf) ++static ssize_t __available_slots_show(struct nvdimm_drvdata *ndd, char *buf) + { +- struct nvdimm_drvdata *ndd = dev_get_drvdata(dev); ++ struct device *dev; + ssize_t rc; + u32 nfree; + + if (!ndd) + return -ENXIO; + ++ dev = ndd->dev; + nvdimm_bus_lock(dev); + nfree = nd_label_nfree(ndd); + if (nfree - 1 > nfree) { +@@ -380,6 +380,18 @@ static ssize_t available_slots_show(stru + nvdimm_bus_unlock(dev); + return rc; + } ++ ++static ssize_t available_slots_show(struct device *dev, ++ struct device_attribute *attr, char *buf) ++{ ++ ssize_t rc; ++ ++ device_lock(dev); ++ rc = __available_slots_show(dev_get_drvdata(dev), buf); ++ device_unlock(dev); ++ ++ return rc; ++} + static DEVICE_ATTR_RO(available_slots); + + static struct attribute *nvdimm_attributes[] = { diff --git a/queue-4.19/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch b/queue-4.19/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch new file mode 100644 index 00000000000..cf21c455048 --- /dev/null +++ b/queue-4.19/mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch @@ -0,0 +1,36 @@ +From fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 Mon Sep 17 00:00:00 2001 +From: Pan Bian +Date: Thu, 21 Jan 2021 01:18:47 -0800 +Subject: mtd: spi-nor: hisi-sfc: Put child node np on error path + +From: Pan Bian + +commit fe6653460ee7a7dbe0cd5fd322992af862ce5ab0 upstream. + +Put the child node np when it fails to get or register device. + +Fixes: e523f11141bd ("mtd: spi-nor: add hisilicon spi-nor flash controller driver") +Cc: stable@vger.kernel.org +Signed-off-by: Pan Bian +[ta: Add Fixes tag and Cc stable] +Signed-off-by: Tudor Ambarus +Link: https://lore.kernel.org/r/20210121091847.85362-1-bianpan2016@163.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mtd/spi-nor/hisi-sfc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/mtd/spi-nor/hisi-sfc.c ++++ b/drivers/mtd/spi-nor/hisi-sfc.c +@@ -408,8 +408,10 @@ static int hisi_spi_nor_register_all(str + + for_each_available_child_of_node(dev->of_node, np) { + ret = hisi_spi_nor_register(np, host); +- if (ret) ++ if (ret) { ++ of_node_put(np); + goto fail; ++ } + + if (host->num_chip == HIFMC_MAX_CHIP_NUM) { + dev_warn(dev, "Flash device number exceeds the maximum chipselect number\n"); diff --git a/queue-4.19/seq_file-document-how-per-entry-resources-are-managed.patch b/queue-4.19/seq_file-document-how-per-entry-resources-are-managed.patch new file mode 100644 index 00000000000..e4c355bd034 --- /dev/null +++ b/queue-4.19/seq_file-document-how-per-entry-resources-are-managed.patch @@ -0,0 +1,83 @@ +From b3656d8227f4c45812c6b40815d8f4e446ed372a Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Thu, 25 Feb 2021 17:22:25 -0800 +Subject: seq_file: document how per-entry resources are managed. + +From: NeilBrown + +commit b3656d8227f4c45812c6b40815d8f4e446ed372a upstream. + +Patch series "Fix some seq_file users that were recently broken". + +A recent change to seq_file broke some users which were using seq_file +in a non-"standard" way ... though the "standard" isn't documented, so +they can be excused. The result is a possible leak - of memory in one +case, of references to a 'transport' in the other. + +These three patches: + 1/ document and explain the problem + 2/ fix the problem user in x86 + 3/ fix the problem user in net/sctp + +This patch (of 3): + +Users of seq_file will sometimes find it convenient to take a resource, +such as a lock or memory allocation, in the ->start or ->next operations. +These are per-entry resources, distinct from per-session resources which +are taken in ->start and released in ->stop. + +The preferred management of these is release the resource on the +subsequent call to ->next or ->stop. + +However prior to Commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file +iteration code and interface") it happened that ->show would always be +called after ->start or ->next, and a few users chose to release the +resource in ->show. + +This is no longer reliable. Since the mentioned commit, ->next will +always come after a successful ->show (to ensure m->index is updated +correctly), so the original ordering cannot be maintained. + +This patch updates the documentation to clearly state the required +behaviour. Other patches will fix the few problematic users. + +[akpm@linux-foundation.org: fix typo, per Willy] + +Link: https://lkml.kernel.org/r/161248518659.21478.2484341937387294998.stgit@noble1 +Link: https://lkml.kernel.org/r/161248539020.21478.3147971477400875336.stgit@noble1 +Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") +Signed-off-by: NeilBrown +Cc: Xin Long +Cc: Alexander Viro +Cc: Jonathan Corbet +Cc: Ingo Molnar +Cc: Dave Hansen +Cc: Andy Lutomirski +Cc: Peter Zijlstra +Cc: Vlad Yasevich +Cc: Neil Horman +Cc: Marcelo Ricardo Leitner +Cc: "David S. Miller" +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/filesystems/seq_file.txt | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/Documentation/filesystems/seq_file.txt ++++ b/Documentation/filesystems/seq_file.txt +@@ -192,6 +192,12 @@ between the calls to start() and stop(), + is a reasonable thing to do. The seq_file code will also avoid taking any + other locks while the iterator is active. + ++The iterater value returned by start() or next() is guaranteed to be ++passed to a subsequent next() or stop() call. This allows resources ++such as locks that were taken to be reliably released. There is *no* ++guarantee that the iterator will be passed to show(), though in practice ++it often will be. ++ + + Formatted output + diff --git a/queue-4.19/series b/queue-4.19/series index e6e4b826233..f07860dc32c 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -211,3 +211,12 @@ staging-gdm724x-fix-dma-from-stack.patch staging-rtl8188eu-add-edimax-ew-7811un-v2-to-device-table.patch media-ipu3-cio2-fix-mbus_code-processing-in-cio2_subdev_set_fmt.patch x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch +floppy-reintroduce-o_ndelay-fix.patch +arm64-uprobe-return-eopnotsupp-for-aarch32-instruction-probing.patch +watchdog-mei_wdt-request-stop-on-unregister.patch +mtd-spi-nor-hisi-sfc-put-child-node-np-on-error-path.patch +fs-affs-release-old-buffer-head-on-error-path.patch +seq_file-document-how-per-entry-resources-are-managed.patch +x86-fix-seq_file-iteration-for-pat-memtype.c.patch +hugetlb-fix-copy_huge_page_from_user-contig-page-struct-assumption.patch +libnvdimm-dimm-avoid-race-between-probe-and-available_slots_show.patch diff --git a/queue-4.19/watchdog-mei_wdt-request-stop-on-unregister.patch b/queue-4.19/watchdog-mei_wdt-request-stop-on-unregister.patch new file mode 100644 index 00000000000..6e2512f8d6a --- /dev/null +++ b/queue-4.19/watchdog-mei_wdt-request-stop-on-unregister.patch @@ -0,0 +1,43 @@ +From 740c0a57b8f1e36301218bf549f3c9cc833a60be Mon Sep 17 00:00:00 2001 +From: Alexander Usyskin +Date: Sun, 24 Jan 2021 13:49:38 +0200 +Subject: watchdog: mei_wdt: request stop on unregister + +From: Alexander Usyskin + +commit 740c0a57b8f1e36301218bf549f3c9cc833a60be upstream. + +The MEI bus has a special behavior on suspend it destroys +all the attached devices, this is due to the fact that also +firmware context is not persistent across power flows. + +If watchdog on MEI bus is ticking before suspending the firmware +times out and reports that the OS is missing watchdog tick. +Send the stop command to the firmware on watchdog unregistered +to eliminate the false event on suspend. +This does not make the things worse from the user-space perspective +as a user-space should re-open watchdog device after +suspending before this patch. + +Cc: +Signed-off-by: Alexander Usyskin +Signed-off-by: Tomas Winkler +Reviewed-by: Guenter Roeck +Link: https://lore.kernel.org/r/20210124114938.373885-1-tomas.winkler@intel.com +Signed-off-by: Guenter Roeck +Signed-off-by: Wim Van Sebroeck +Signed-off-by: Greg Kroah-Hartman +--- + drivers/watchdog/mei_wdt.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/watchdog/mei_wdt.c ++++ b/drivers/watchdog/mei_wdt.c +@@ -382,6 +382,7 @@ static int mei_wdt_register(struct mei_w + + watchdog_set_drvdata(&wdt->wdd, wdt); + watchdog_stop_on_reboot(&wdt->wdd); ++ watchdog_stop_on_unregister(&wdt->wdd); + + ret = watchdog_register_device(&wdt->wdd); + if (ret) { diff --git a/queue-4.19/x86-fix-seq_file-iteration-for-pat-memtype.c.patch b/queue-4.19/x86-fix-seq_file-iteration-for-pat-memtype.c.patch new file mode 100644 index 00000000000..a6f2371c777 --- /dev/null +++ b/queue-4.19/x86-fix-seq_file-iteration-for-pat-memtype.c.patch @@ -0,0 +1,67 @@ +From 3d2fc4c082448e9c05792f9b2a11c1d5db408b85 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Thu, 25 Feb 2021 17:22:29 -0800 +Subject: x86: fix seq_file iteration for pat/memtype.c + +From: NeilBrown + +commit 3d2fc4c082448e9c05792f9b2a11c1d5db408b85 upstream. + +The memtype seq_file iterator allocates a buffer in the ->start and ->next +functions and frees it in the ->show function. The preferred handling for +such resources is to free them in the subsequent ->next or ->stop function +call. + +Since Commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration +code and interface") there is no guarantee that ->show will be called +after ->next, so this function can now leak memory. + +So move the freeing of the buffer to ->next and ->stop. + +Link: https://lkml.kernel.org/r/161248539022.21478.13874455485854739066.stgit@noble1 +Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") +Signed-off-by: NeilBrown +Cc: Xin Long +Cc: Alexander Viro +Cc: Andy Lutomirski +Cc: Dave Hansen +Cc: "David S. Miller" +Cc: Ingo Molnar +Cc: Jonathan Corbet +Cc: Marcelo Ricardo Leitner +Cc: Neil Horman +Cc: Peter Zijlstra +Cc: Vlad Yasevich +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/mm/pat.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/mm/pat.c ++++ b/arch/x86/mm/pat.c +@@ -1131,12 +1131,14 @@ static void *memtype_seq_start(struct se + + static void *memtype_seq_next(struct seq_file *seq, void *v, loff_t *pos) + { ++ kfree(v); + ++*pos; + return memtype_get_idx(*pos); + } + + static void memtype_seq_stop(struct seq_file *seq, void *v) + { ++ kfree(v); + } + + static int memtype_seq_show(struct seq_file *seq, void *v) +@@ -1145,7 +1147,6 @@ static int memtype_seq_show(struct seq_f + + seq_printf(seq, "%s @ 0x%Lx-0x%Lx\n", cattr_name(print_entry->type), + print_entry->start, print_entry->end); +- kfree(print_entry); + + return 0; + } -- 2.47.3