From 715433d060ed8422ae8f9102c0c99b9f8ab47c8e Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Sun, 11 Apr 2021 23:51:18 -0400 Subject: [PATCH] Fixes for 4.9 Signed-off-by: Sasha Levin --- ...d-usage-of-list-cursor-in-unregister.patch | 107 ++++++++++++++++++ ...dle-error-code-at-mac-address-change.patch | 39 +++++++ ...x-a-double-free-in-tipc_sk_mcast_rcv.patch | 44 +++++++ ...-for-ipv6-address-properly-while-des.patch | 39 +++++++ ...-inline-assembly-register-clobbering.patch | 46 ++++++++ ...ff-by-one-checks-in-red_check_params.patch | 73 ++++++++++++ queue-4.9/series | 8 ++ ...fix-conflicting-alignment-attributes.patch | 44 +++++++ ...he-position-of-debug_work_activate-i.patch | 46 ++++++++ 9 files changed, 446 insertions(+) create mode 100644 queue-4.9/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch create mode 100644 queue-4.9/gianfar-handle-error-code-at-mac-address-change.patch create mode 100644 queue-4.9/net-tipc-fix-a-double-free-in-tipc_sk_mcast_rcv.patch create mode 100644 queue-4.9/rdma-cxgb4-check-for-ipv6-address-properly-while-des.patch create mode 100644 queue-4.9/s390-cpcmd-fix-inline-assembly-register-clobbering.patch create mode 100644 queue-4.9/sch_red-fix-off-by-one-checks-in-red_check_params.patch create mode 100644 queue-4.9/soc-fsl-qbman-fix-conflicting-alignment-attributes.patch create mode 100644 queue-4.9/workqueue-move-the-position-of-debug_work_activate-i.patch diff --git a/queue-4.9/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch b/queue-4.9/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch new file mode 100644 index 00000000000..4b75604d0a3 --- /dev/null +++ b/queue-4.9/clk-fix-invalid-usage-of-list-cursor-in-unregister.patch @@ -0,0 +1,107 @@ +From 351e8dcefd148a56ec50993cd46035d86c885b8c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Apr 2021 00:51:49 +0200 +Subject: clk: fix invalid usage of list cursor in unregister + +From: Lukasz Bartosik + +[ Upstream commit 7045465500e465b09f09d6e5bdc260a9f1aab97b ] + +Fix invalid usage of a list_for_each_entry cursor in +clk_notifier_unregister(). When list is empty or if the list +is completely traversed (without breaking from the loop on one +of the entries) then the list cursor does not point to a valid +entry and therefore should not be used. The patch fixes a logical +bug that hasn't been seen in pratice however it is analogus +to the bug fixed in clk_notifier_register(). + +The issue was dicovered when running 5.12-rc1 kernel on x86_64 +with KASAN enabled: +BUG: KASAN: global-out-of-bounds in clk_notifier_register+0xab/0x230 +Read of size 8 at addr ffffffffa0d10588 by task swapper/0/1 + +CPU: 1 PID: 1 Comm: swapper/0 Not tainted 5.12.0-rc1 #1 +Hardware name: Google Caroline/Caroline, +BIOS Google_Caroline.7820.430.0 07/20/2018 +Call Trace: + dump_stack+0xee/0x15c + print_address_description+0x1e/0x2dc + kasan_report+0x188/0x1ce + ? clk_notifier_register+0xab/0x230 + ? clk_prepare_lock+0x15/0x7b + ? clk_notifier_register+0xab/0x230 + clk_notifier_register+0xab/0x230 + dw8250_probe+0xc01/0x10d4 + ... + Memory state around the buggy address: + ffffffffa0d10480: 00 00 00 00 00 03 f9 f9 f9 f9 f9 f9 00 00 00 00 + ffffffffa0d10500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f9 f9 + >ffffffffa0d10580: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 + ^ + ffffffffa0d10600: 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 + ffffffffa0d10680: 00 00 00 00 00 00 00 00 f9 f9 f9 f9 00 00 00 00 + ================================================================== + +Fixes: b2476490ef11 ("clk: introduce the common clock framework") +Reported-by: Lukasz Majczak +Signed-off-by: Lukasz Bartosik +Link: https://lore.kernel.org/r/20210401225149.18826-2-lb@semihalf.com +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/clk.c | 30 +++++++++++++----------------- + 1 file changed, 13 insertions(+), 17 deletions(-) + +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index af4f2ffc4fc5..9d60b3f219f6 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -2990,32 +2990,28 @@ EXPORT_SYMBOL_GPL(clk_notifier_register); + */ + int clk_notifier_unregister(struct clk *clk, struct notifier_block *nb) + { +- struct clk_notifier *cn = NULL; +- int ret = -EINVAL; ++ struct clk_notifier *cn; ++ int ret = -ENOENT; + + if (!clk || !nb) + return -EINVAL; + + clk_prepare_lock(); + +- list_for_each_entry(cn, &clk_notifier_list, node) +- if (cn->clk == clk) +- break; +- +- if (cn->clk == clk) { +- ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); ++ list_for_each_entry(cn, &clk_notifier_list, node) { ++ if (cn->clk == clk) { ++ ret = srcu_notifier_chain_unregister(&cn->notifier_head, nb); + +- clk->core->notifier_count--; ++ clk->core->notifier_count--; + +- /* XXX the notifier code should handle this better */ +- if (!cn->notifier_head.head) { +- srcu_cleanup_notifier_head(&cn->notifier_head); +- list_del(&cn->node); +- kfree(cn); ++ /* XXX the notifier code should handle this better */ ++ if (!cn->notifier_head.head) { ++ srcu_cleanup_notifier_head(&cn->notifier_head); ++ list_del(&cn->node); ++ kfree(cn); ++ } ++ break; + } +- +- } else { +- ret = -ENOENT; + } + + clk_prepare_unlock(); +-- +2.30.2 + diff --git a/queue-4.9/gianfar-handle-error-code-at-mac-address-change.patch b/queue-4.9/gianfar-handle-error-code-at-mac-address-change.patch new file mode 100644 index 00000000000..25bd693aa8c --- /dev/null +++ b/queue-4.9/gianfar-handle-error-code-at-mac-address-change.patch @@ -0,0 +1,39 @@ +From aef3e49d487c022dfac91122d57c63f4bc3a37a4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Mar 2021 17:08:47 +0300 +Subject: gianfar: Handle error code at MAC address change + +From: Claudiu Manoil + +[ Upstream commit bff5b62585123823842833ab20b1c0a7fa437f8c ] + +Handle return error code of eth_mac_addr(); + +Fixes: 3d23a05c75c7 ("gianfar: Enable changing mac addr when if up") +Signed-off-by: Claudiu Manoil +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/gianfar.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/freescale/gianfar.c b/drivers/net/ethernet/freescale/gianfar.c +index 2df646348dbd..9fd68cfdd973 100644 +--- a/drivers/net/ethernet/freescale/gianfar.c ++++ b/drivers/net/ethernet/freescale/gianfar.c +@@ -485,7 +485,11 @@ static struct net_device_stats *gfar_get_stats(struct net_device *dev) + + static int gfar_set_mac_addr(struct net_device *dev, void *p) + { +- eth_mac_addr(dev, p); ++ int ret; ++ ++ ret = eth_mac_addr(dev, p); ++ if (ret) ++ return ret; + + gfar_set_mac_for_addr(dev, 0, dev->dev_addr); + +-- +2.30.2 + diff --git a/queue-4.9/net-tipc-fix-a-double-free-in-tipc_sk_mcast_rcv.patch b/queue-4.9/net-tipc-fix-a-double-free-in-tipc_sk_mcast_rcv.patch new file mode 100644 index 00000000000..c6093da7931 --- /dev/null +++ b/queue-4.9/net-tipc-fix-a-double-free-in-tipc_sk_mcast_rcv.patch @@ -0,0 +1,44 @@ +From 031cac7b373a0deb06352d62e4726b4651bd9bf6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Mar 2021 00:30:29 -0700 +Subject: net:tipc: Fix a double free in tipc_sk_mcast_rcv + +From: Lv Yunlong + +[ Upstream commit 6bf24dc0cc0cc43b29ba344b66d78590e687e046 ] + +In the if(skb_peek(arrvq) == skb) branch, it calls __skb_dequeue(arrvq) to get +the skb by skb = skb_peek(arrvq). Then __skb_dequeue() unlinks the skb from arrvq +and returns the skb which equals to skb_peek(arrvq). After __skb_dequeue(arrvq) +finished, the skb is freed by kfree_skb(__skb_dequeue(arrvq)) in the first time. + +Unfortunately, the same skb is freed in the second time by kfree_skb(skb) after +the branch completed. + +My patch removes kfree_skb() in the if(skb_peek(arrvq) == skb) branch, because +this skb will be freed by kfree_skb(skb) finally. + +Fixes: cb1b728096f54 ("tipc: eliminate race condition at multicast reception") +Signed-off-by: Lv Yunlong +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tipc/socket.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index 57df99ca6347..804cab8f9509 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -741,7 +741,7 @@ void tipc_sk_mcast_rcv(struct net *net, struct sk_buff_head *arrvq, + spin_lock_bh(&inputq->lock); + if (skb_peek(arrvq) == skb) { + skb_queue_splice_tail_init(&tmpq, inputq); +- kfree_skb(__skb_dequeue(arrvq)); ++ __skb_dequeue(arrvq); + } + spin_unlock_bh(&inputq->lock); + __skb_queue_purge(&tmpq); +-- +2.30.2 + diff --git a/queue-4.9/rdma-cxgb4-check-for-ipv6-address-properly-while-des.patch b/queue-4.9/rdma-cxgb4-check-for-ipv6-address-properly-while-des.patch new file mode 100644 index 00000000000..3d2f61d0f64 --- /dev/null +++ b/queue-4.9/rdma-cxgb4-check-for-ipv6-address-properly-while-des.patch @@ -0,0 +1,39 @@ +From 209846220c24c367a72e8511155f69f2c7a2829b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Mar 2021 19:27:15 +0530 +Subject: RDMA/cxgb4: check for ipv6 address properly while destroying listener + +From: Potnuri Bharat Teja + +[ Upstream commit 603c4690b01aaffe3a6c3605a429f6dac39852ae ] + +ipv6 bit is wrongly set by the below which causes fatal adapter lookup +engine errors for ipv4 connections while destroying a listener. Fix it to +properly check the local address for ipv6. + +Fixes: 3408be145a5d ("RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server") +Link: https://lore.kernel.org/r/20210331135715.30072-1-bharat@chelsio.com +Signed-off-by: Potnuri Bharat Teja +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/cxgb4/cm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c +index 8bd062635399..ed4397c3af1a 100644 +--- a/drivers/infiniband/hw/cxgb4/cm.c ++++ b/drivers/infiniband/hw/cxgb4/cm.c +@@ -3478,7 +3478,8 @@ int c4iw_destroy_listen(struct iw_cm_id *cm_id) + c4iw_init_wr_wait(&ep->com.wr_wait); + err = cxgb4_remove_server( + ep->com.dev->rdev.lldi.ports[0], ep->stid, +- ep->com.dev->rdev.lldi.rxq_ids[0], true); ++ ep->com.dev->rdev.lldi.rxq_ids[0], ++ ep->com.local_addr.ss_family == AF_INET6); + if (err) + goto done; + err = c4iw_wait_for_reply(&ep->com.dev->rdev, &ep->com.wr_wait, +-- +2.30.2 + diff --git a/queue-4.9/s390-cpcmd-fix-inline-assembly-register-clobbering.patch b/queue-4.9/s390-cpcmd-fix-inline-assembly-register-clobbering.patch new file mode 100644 index 00000000000..0970515df8f --- /dev/null +++ b/queue-4.9/s390-cpcmd-fix-inline-assembly-register-clobbering.patch @@ -0,0 +1,46 @@ +From f8aac1727ee7a19587b3a0251eb8346bbf868948 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Mar 2021 18:35:07 +0200 +Subject: s390/cpcmd: fix inline assembly register clobbering + +From: Alexander Gordeev + +[ Upstream commit 7a2f91441b2c1d81b77c1cd816a4659f4abc9cbe ] + +Register variables initialized using arithmetic. That leads to +kasan instrumentaton code corrupting the registers contents. +Follow GCC guidlines and use temporary variables for assigning +init values to register variables. + +Fixes: 94c12cc7d196 ("[S390] Inline assembly cleanup.") +Signed-off-by: Alexander Gordeev +Acked-by: Ilya Leoshkevich +Link: https://gcc.gnu.org/onlinedocs/gcc-10.2.0/gcc/Local-Register-Variables.html +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/cpcmd.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/s390/kernel/cpcmd.c b/arch/s390/kernel/cpcmd.c +index 7f48e568ac64..540912666740 100644 +--- a/arch/s390/kernel/cpcmd.c ++++ b/arch/s390/kernel/cpcmd.c +@@ -37,10 +37,12 @@ static int diag8_noresponse(int cmdlen) + + static int diag8_response(int cmdlen, char *response, int *rlen) + { ++ unsigned long _cmdlen = cmdlen | 0x40000000L; ++ unsigned long _rlen = *rlen; + register unsigned long reg2 asm ("2") = (addr_t) cpcmd_buf; + register unsigned long reg3 asm ("3") = (addr_t) response; +- register unsigned long reg4 asm ("4") = cmdlen | 0x40000000L; +- register unsigned long reg5 asm ("5") = *rlen; ++ register unsigned long reg4 asm ("4") = _cmdlen; ++ register unsigned long reg5 asm ("5") = _rlen; + + asm volatile( + " sam31\n" +-- +2.30.2 + diff --git a/queue-4.9/sch_red-fix-off-by-one-checks-in-red_check_params.patch b/queue-4.9/sch_red-fix-off-by-one-checks-in-red_check_params.patch new file mode 100644 index 00000000000..554c31f5960 --- /dev/null +++ b/queue-4.9/sch_red-fix-off-by-one-checks-in-red_check_params.patch @@ -0,0 +1,73 @@ +From 05b2b1247d4c2f922ee8960131b378a1dccfeba1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 11:14:53 -0700 +Subject: sch_red: fix off-by-one checks in red_check_params() + +From: Eric Dumazet + +[ Upstream commit 3a87571f0ffc51ba3bf3ecdb6032861d0154b164 ] + +This fixes following syzbot report: + +UBSAN: shift-out-of-bounds in ./include/net/red.h:237:23 +shift exponent 32 is too large for 32-bit type 'unsigned int' +CPU: 1 PID: 8418 Comm: syz-executor170 Not tainted 5.12.0-rc4-next-20210324-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +Call Trace: + __dump_stack lib/dump_stack.c:79 [inline] + dump_stack+0x141/0x1d7 lib/dump_stack.c:120 + ubsan_epilogue+0xb/0x5a lib/ubsan.c:148 + __ubsan_handle_shift_out_of_bounds.cold+0xb1/0x181 lib/ubsan.c:327 + red_set_parms include/net/red.h:237 [inline] + choke_change.cold+0x3c/0xc8 net/sched/sch_choke.c:414 + qdisc_create+0x475/0x12f0 net/sched/sch_api.c:1247 + tc_modify_qdisc+0x4c8/0x1a50 net/sched/sch_api.c:1663 + rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5553 + netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2502 + netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] + netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1338 + netlink_sendmsg+0x856/0xd90 net/netlink/af_netlink.c:1927 + sock_sendmsg_nosec net/socket.c:654 [inline] + sock_sendmsg+0xcf/0x120 net/socket.c:674 + ____sys_sendmsg+0x6e8/0x810 net/socket.c:2350 + ___sys_sendmsg+0xf3/0x170 net/socket.c:2404 + __sys_sendmsg+0xe5/0x1b0 net/socket.c:2433 + do_syscall_64+0x2d/0x70 arch/x86/entry/common.c:46 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x43f039 +Code: 28 c3 e8 2a 14 00 00 66 2e 0f 1f 84 00 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007ffdfa725168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +RAX: ffffffffffffffda RBX: 0000000000400488 RCX: 000000000043f039 +RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000004 +RBP: 0000000000403020 R08: 0000000000400488 R09: 0000000000400488 +R10: 0000000000400488 R11: 0000000000000246 R12: 00000000004030b0 +R13: 0000000000000000 R14: 00000000004ac018 R15: 0000000000400488 + +Fixes: 8afa10cbe281 ("net_sched: red: Avoid illegal values") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/net/red.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/net/red.h b/include/net/red.h +index b3ab5c6bfa83..117a3654d319 100644 +--- a/include/net/red.h ++++ b/include/net/red.h +@@ -170,9 +170,9 @@ static inline void red_set_vars(struct red_vars *v) + static inline bool red_check_params(u32 qth_min, u32 qth_max, u8 Wlog, + u8 Scell_log, u8 *stab) + { +- if (fls(qth_min) + Wlog > 32) ++ if (fls(qth_min) + Wlog >= 32) + return false; +- if (fls(qth_max) + Wlog > 32) ++ if (fls(qth_max) + Wlog >= 32) + return false; + if (Scell_log >= 32) + return false; +-- +2.30.2 + diff --git a/queue-4.9/series b/queue-4.9/series index 0a9122492bc..0b3dbcfcc9b 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -15,3 +15,11 @@ parisc-parisc-agp-requires-sba-iommu-driver.patch parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch batman-adv-initialize-struct-batadv_tvlv_tt_vlan_data-reserved-field.patch net-sched-sch_teql-fix-null-pointer-dereference.patch +sch_red-fix-off-by-one-checks-in-red_check_params.patch +gianfar-handle-error-code-at-mac-address-change.patch +net-tipc-fix-a-double-free-in-tipc_sk_mcast_rcv.patch +soc-fsl-qbman-fix-conflicting-alignment-attributes.patch +clk-fix-invalid-usage-of-list-cursor-in-unregister.patch +workqueue-move-the-position-of-debug_work_activate-i.patch +s390-cpcmd-fix-inline-assembly-register-clobbering.patch +rdma-cxgb4-check-for-ipv6-address-properly-while-des.patch diff --git a/queue-4.9/soc-fsl-qbman-fix-conflicting-alignment-attributes.patch b/queue-4.9/soc-fsl-qbman-fix-conflicting-alignment-attributes.patch new file mode 100644 index 00000000000..fddf4f75172 --- /dev/null +++ b/queue-4.9/soc-fsl-qbman-fix-conflicting-alignment-attributes.patch @@ -0,0 +1,44 @@ +From 54a2020d218dbbb311a2680aef5e94d4e8b01255 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 14:15:23 +0100 +Subject: soc/fsl: qbman: fix conflicting alignment attributes + +From: Arnd Bergmann + +[ Upstream commit 040f31196e8b2609613f399793b9225271b79471 ] + +When building with W=1, gcc points out that the __packed attribute +on struct qm_eqcr_entry conflicts with the 8-byte alignment +attribute on struct qm_fd inside it: + +drivers/soc/fsl/qbman/qman.c:189:1: error: alignment 1 of 'struct qm_eqcr_entry' is less than 8 [-Werror=packed-not-aligned] + +I assume that the alignment attribute is the correct one, and +that qm_eqcr_entry cannot actually be unaligned in memory, +so add the same alignment on the outer struct. + +Fixes: c535e923bb97 ("soc/fsl: Introduce DPAA 1.x QMan device driver") +Signed-off-by: Arnd Bergmann +Link: https://lore.kernel.org/r/20210323131530.2619900-1-arnd@kernel.org' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + drivers/soc/fsl/qbman/qman.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/soc/fsl/qbman/qman.c b/drivers/soc/fsl/qbman/qman.c +index 91f5c951850f..44463afb8015 100644 +--- a/drivers/soc/fsl/qbman/qman.c ++++ b/drivers/soc/fsl/qbman/qman.c +@@ -146,7 +146,7 @@ struct qm_eqcr_entry { + u32 tag; + struct qm_fd fd; + u8 __reserved3[32]; +-} __packed; ++} __packed __aligned(8); + #define QM_EQCR_VERB_VBIT 0x80 + #define QM_EQCR_VERB_CMD_MASK 0x61 /* but only one value; */ + #define QM_EQCR_VERB_CMD_ENQUEUE 0x01 +-- +2.30.2 + diff --git a/queue-4.9/workqueue-move-the-position-of-debug_work_activate-i.patch b/queue-4.9/workqueue-move-the-position-of-debug_work_activate-i.patch new file mode 100644 index 00000000000..13ade2d8b92 --- /dev/null +++ b/queue-4.9/workqueue-move-the-position-of-debug_work_activate-i.patch @@ -0,0 +1,46 @@ +From 678be0e8b383ccccb6fa9458fa9136ba3d046dc6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 11:16:49 +0800 +Subject: workqueue: Move the position of debug_work_activate() in + __queue_work() + +From: Zqiang + +[ Upstream commit 0687c66b5f666b5ad433f4e94251590d9bc9d10e ] + +The debug_work_activate() is called on the premise that +the work can be inserted, because if wq be in WQ_DRAINING +status, insert work may be failed. + +Fixes: e41e704bc4f4 ("workqueue: improve destroy_workqueue() debuggability") +Signed-off-by: Zqiang +Reviewed-by: Lai Jiangshan +Signed-off-by: Tejun Heo +Signed-off-by: Sasha Levin +--- + kernel/workqueue.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/workqueue.c b/kernel/workqueue.c +index 205c3131f8b0..3231088afd73 100644 +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -1377,7 +1377,6 @@ static void __queue_work(int cpu, struct workqueue_struct *wq, + */ + WARN_ON_ONCE(!irqs_disabled()); + +- debug_work_activate(work); + + /* if draining, only works from the same workqueue are allowed */ + if (unlikely(wq->flags & __WQ_DRAINING) && +@@ -1460,6 +1459,7 @@ retry: + worklist = &pwq->delayed_works; + } + ++ debug_work_activate(work); + insert_work(pwq, work, worklist, work_flags); + + spin_unlock(&pwq->pool->lock); +-- +2.30.2 + -- 2.47.3