From d8419df4e2c6d1660650f2f21c514cc966de4f51 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Fri, 12 Mar 2021 23:07:15 -0500 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...-race-condition-between-msdc_request.patch | 85 +++++++++++++++++++ ...a-resource-leak-in-an-error-handling.patch | 37 ++++++++ ...x-race-in-installing-chained-irq-han.patch | 50 +++++++++++ ...ord-counter-overflow-always-if-sampl.patch | 80 +++++++++++++++++ ...escan_cpus-move-cpumask-away-from-st.patch | 36 ++++++++ ...x-iscsi_prep_scsi_cmd_pdu-error-hand.patch | 50 +++++++++++ queue-4.4/series | 6 ++ 7 files changed, 344 insertions(+) create mode 100644 queue-4.4/mmc-mediatek-fix-race-condition-between-msdc_request.patch create mode 100644 queue-4.4/mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch create mode 100644 queue-4.4/pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch create mode 100644 queue-4.4/powerpc-perf-record-counter-overflow-always-if-sampl.patch create mode 100644 queue-4.4/s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch create mode 100644 queue-4.4/scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch diff --git a/queue-4.4/mmc-mediatek-fix-race-condition-between-msdc_request.patch b/queue-4.4/mmc-mediatek-fix-race-condition-between-msdc_request.patch new file mode 100644 index 00000000000..58e8743ec02 --- /dev/null +++ b/queue-4.4/mmc-mediatek-fix-race-condition-between-msdc_request.patch @@ -0,0 +1,85 @@ +From 9b685cbd215d966032712e99e66e761366d0fcc5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 18 Dec 2020 15:16:11 +0800 +Subject: mmc: mediatek: fix race condition between msdc_request_timeout and + irq + +From: Chaotian Jing + +[ Upstream commit 0354ca6edd464a2cf332f390581977b8699ed081 ] + +when get request SW timeout, if CMD/DAT xfer done irq coming right now, +then there is race between the msdc_request_timeout work and irq handler, +and the host->cmd and host->data may set to NULL in irq handler. also, +current flow ensure that only one path can go to msdc_request_done(), so +no need check the return value of cancel_delayed_work(). + +Signed-off-by: Chaotian Jing +Link: https://lore.kernel.org/r/20201218071611.12276-1-chaotian.jing@mediatek.com +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +--- + drivers/mmc/host/mtk-sd.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/drivers/mmc/host/mtk-sd.c b/drivers/mmc/host/mtk-sd.c +index 5ef25463494f..1770c8df9d1b 100644 +--- a/drivers/mmc/host/mtk-sd.c ++++ b/drivers/mmc/host/mtk-sd.c +@@ -720,13 +720,13 @@ static void msdc_track_cmd_data(struct msdc_host *host, + static void msdc_request_done(struct msdc_host *host, struct mmc_request *mrq) + { + unsigned long flags; +- bool ret; + +- ret = cancel_delayed_work(&host->req_timeout); +- if (!ret) { +- /* delay work already running */ +- return; +- } ++ /* ++ * No need check the return value of cancel_delayed_work, as only ONE ++ * path will go here! ++ */ ++ cancel_delayed_work(&host->req_timeout); ++ + spin_lock_irqsave(&host->lock, flags); + host->mrq = NULL; + spin_unlock_irqrestore(&host->lock, flags); +@@ -747,7 +747,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events, + bool done = false; + bool sbc_error; + unsigned long flags; +- u32 *rsp = cmd->resp; ++ u32 *rsp; + + if (mrq->sbc && cmd == mrq->cmd && + (events & (MSDC_INT_ACMDRDY | MSDC_INT_ACMDCRCERR +@@ -768,6 +768,7 @@ static bool msdc_cmd_done(struct msdc_host *host, int events, + + if (done) + return true; ++ rsp = cmd->resp; + + sdr_clr_bits(host->base + MSDC_INTEN, cmd_ints_mask); + +@@ -942,7 +943,7 @@ static void msdc_data_xfer_next(struct msdc_host *host, + static bool msdc_data_xfer_done(struct msdc_host *host, u32 events, + struct mmc_request *mrq, struct mmc_data *data) + { +- struct mmc_command *stop = data->stop; ++ struct mmc_command *stop; + unsigned long flags; + bool done; + unsigned int check_data = events & +@@ -958,6 +959,7 @@ static bool msdc_data_xfer_done(struct msdc_host *host, u32 events, + + if (done) + return true; ++ stop = data->stop; + + if (check_data || (stop && stop->error)) { + dev_dbg(host->dev, "DMA status: 0x%8X\n", +-- +2.30.1 + diff --git a/queue-4.4/mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch b/queue-4.4/mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch new file mode 100644 index 00000000000..5e75b911968 --- /dev/null +++ b/queue-4.4/mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch @@ -0,0 +1,37 @@ +From ef9ec571911d3a033f040eefef26392d064fb97c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Dec 2020 21:35:27 +0100 +Subject: mmc: mxs-mmc: Fix a resource leak in an error handling path in + 'mxs_mmc_probe()' + +From: Christophe JAILLET + +[ Upstream commit 0bb7e560f821c7770973a94e346654c4bdccd42c ] + +If 'mmc_of_parse()' fails, we must undo the previous 'dma_request_chan()' +call. + +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/20201208203527.49262-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Ulf Hansson +Signed-off-by: Sasha Levin +--- + drivers/mmc/host/mxs-mmc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/mmc/host/mxs-mmc.c b/drivers/mmc/host/mxs-mmc.c +index c8b8ac66ff7e..687fd68fbbcd 100644 +--- a/drivers/mmc/host/mxs-mmc.c ++++ b/drivers/mmc/host/mxs-mmc.c +@@ -651,7 +651,7 @@ static int mxs_mmc_probe(struct platform_device *pdev) + + ret = mmc_of_parse(mmc); + if (ret) +- goto out_clk_disable; ++ goto out_free_dma; + + mmc->ocr_avail = MMC_VDD_32_33 | MMC_VDD_33_34; + +-- +2.30.1 + diff --git a/queue-4.4/pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch b/queue-4.4/pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch new file mode 100644 index 00000000000..68e5b781ddf --- /dev/null +++ b/queue-4.4/pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch @@ -0,0 +1,50 @@ +From 228ccd5e3af3b66c3157b673b98a30cf8a5049dd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Jan 2021 22:24:35 +0100 +Subject: PCI: xgene-msi: Fix race in installing chained irq handler + +From: Martin Kaiser + +[ Upstream commit a93c00e5f975f23592895b7e83f35de2d36b7633 ] + +Fix a race where a pending interrupt could be received and the handler +called before the handler's data has been setup, by converting to +irq_set_chained_handler_and_data(). + +See also 2cf5a03cb29d ("PCI/keystone: Fix race in installing chained IRQ +handler"). + +Based on the mail discussion, it seems ok to drop the error handling. + +Link: https://lore.kernel.org/r/20210115212435.19940-3-martin@kaiser.cx +Signed-off-by: Martin Kaiser +Signed-off-by: Lorenzo Pieralisi +Signed-off-by: Sasha Levin +--- + drivers/pci/host/pci-xgene-msi.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/host/pci-xgene-msi.c b/drivers/pci/host/pci-xgene-msi.c +index a6456b578269..b6a099371ad2 100644 +--- a/drivers/pci/host/pci-xgene-msi.c ++++ b/drivers/pci/host/pci-xgene-msi.c +@@ -393,13 +393,9 @@ static int xgene_msi_hwirq_alloc(unsigned int cpu) + if (!msi_group->gic_irq) + continue; + +- irq_set_chained_handler(msi_group->gic_irq, +- xgene_msi_isr); +- err = irq_set_handler_data(msi_group->gic_irq, msi_group); +- if (err) { +- pr_err("failed to register GIC IRQ handler\n"); +- return -EINVAL; +- } ++ irq_set_chained_handler_and_data(msi_group->gic_irq, ++ xgene_msi_isr, msi_group); ++ + /* + * Statically allocate MSI GIC IRQs to each CPU core. + * With 8-core X-Gene v1, 2 MSI GIC IRQs are allocated +-- +2.30.1 + diff --git a/queue-4.4/powerpc-perf-record-counter-overflow-always-if-sampl.patch b/queue-4.4/powerpc-perf-record-counter-overflow-always-if-sampl.patch new file mode 100644 index 00000000000..60c7b8aeefa --- /dev/null +++ b/queue-4.4/powerpc-perf-record-counter-overflow-always-if-sampl.patch @@ -0,0 +1,80 @@ +From 649e1781db6b14721a34e77b46d8e364fde5fecf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Feb 2021 04:14:52 -0500 +Subject: powerpc/perf: Record counter overflow always if SAMPLE_IP is unset + +From: Athira Rajeev + +[ Upstream commit d137845c973147a22622cc76c7b0bc16f6206323 ] + +While sampling for marked events, currently we record the sample only +if the SIAR valid bit of Sampled Instruction Event Register (SIER) is +set. SIAR_VALID bit is used for fetching the instruction address from +Sampled Instruction Address Register(SIAR). But there are some +usecases, where the user is interested only in the PMU stats at each +counter overflow and the exact IP of the overflow event is not +required. Dropping SIAR invalid samples will fail to record some of +the counter overflows in such cases. + +Example of such usecase is dumping the PMU stats (event counts) after +some regular amount of instructions/events from the userspace (ex: via +ptrace). Here counter overflow is indicated to userspace via signal +handler, and captured by monitoring and enabling I/O signaling on the +event file descriptor. In these cases, we expect to get +sample/overflow indication after each specified sample_period. + +Perf event attribute will not have PERF_SAMPLE_IP set in the +sample_type if exact IP of the overflow event is not requested. So +while profiling if SAMPLE_IP is not set, just record the counter +overflow irrespective of SIAR_VALID check. + +Suggested-by: Michael Ellerman +Signed-off-by: Athira Rajeev +[mpe: Reflow comment and if formatting] +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/1612516492-1428-1-git-send-email-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/core-book3s.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/perf/core-book3s.c b/arch/powerpc/perf/core-book3s.c +index e593e7f856ed..7a80e1cff6e2 100644 +--- a/arch/powerpc/perf/core-book3s.c ++++ b/arch/powerpc/perf/core-book3s.c +@@ -2008,7 +2008,17 @@ static void record_and_restart(struct perf_event *event, unsigned long val, + left += period; + if (left <= 0) + left = period; +- record = siar_valid(regs); ++ ++ /* ++ * If address is not requested in the sample via ++ * PERF_SAMPLE_IP, just record that sample irrespective ++ * of SIAR valid check. ++ */ ++ if (event->attr.sample_type & PERF_SAMPLE_IP) ++ record = siar_valid(regs); ++ else ++ record = 1; ++ + event->hw.last_period = event->hw.sample_period; + } + if (left < 0x80000000LL) +@@ -2026,9 +2036,10 @@ static void record_and_restart(struct perf_event *event, unsigned long val, + * MMCR2. Check attr.exclude_kernel and address to drop the sample in + * these cases. + */ +- if (event->attr.exclude_kernel && record) +- if (is_kernel_addr(mfspr(SPRN_SIAR))) +- record = 0; ++ if (event->attr.exclude_kernel && ++ (event->attr.sample_type & PERF_SAMPLE_IP) && ++ is_kernel_addr(mfspr(SPRN_SIAR))) ++ record = 0; + + /* + * Finally record data if requested. +-- +2.30.1 + diff --git a/queue-4.4/s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch b/queue-4.4/s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch new file mode 100644 index 00000000000..0dccbe2ee36 --- /dev/null +++ b/queue-4.4/s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch @@ -0,0 +1,36 @@ +From 565990b12eabb9afb96ad6bb8b45eebdcb60e7d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Feb 2021 07:13:02 +0100 +Subject: s390/smp: __smp_rescan_cpus() - move cpumask away from stack + +From: Heiko Carstens + +[ Upstream commit 62c8dca9e194326802b43c60763f856d782b225c ] + +Avoid a potentially large stack frame and overflow by making +"cpumask_t avail" a static variable. There is no concurrent +access due to the existing locking. + +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/smp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c +index f113fcd781d8..486f0d4f9aee 100644 +--- a/arch/s390/kernel/smp.c ++++ b/arch/s390/kernel/smp.c +@@ -738,7 +738,7 @@ static int smp_add_core(struct sclp_core_entry *core, cpumask_t *avail, + static int __smp_rescan_cpus(struct sclp_core_info *info, bool early) + { + struct sclp_core_entry *core; +- cpumask_t avail; ++ static cpumask_t avail; + bool configured; + u16 core_id; + int nr, i; +-- +2.30.1 + diff --git a/queue-4.4/scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch b/queue-4.4/scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch new file mode 100644 index 00000000000..662f9dc684f --- /dev/null +++ b/queue-4.4/scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch @@ -0,0 +1,50 @@ +From 365df0068bafc2bb4ef7b6b66c5a3bbf973bfb1d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 6 Feb 2021 22:46:00 -0600 +Subject: scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling + +From: Mike Christie + +[ Upstream commit d28d48c699779973ab9a3bd0e5acfa112bd4fdef ] + +If iscsi_prep_scsi_cmd_pdu() fails we try to add it back to the cmdqueue, +but we leave it partially setup. We don't have functions that can undo the +pdu and init task setup. We only have cleanup_task which can clean up both +parts. So this has us just fail the cmd and go through the standard cleanup +routine and then have the SCSI midlayer retry it like is done when it fails +in the queuecommand path. + +Link: https://lore.kernel.org/r/20210207044608.27585-2-michael.christie@oracle.com +Reviewed-by: Lee Duncan +Signed-off-by: Mike Christie +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/libiscsi.c | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +diff --git a/drivers/scsi/libiscsi.c b/drivers/scsi/libiscsi.c +index ecf3950c4438..18b8d86ef74b 100644 +--- a/drivers/scsi/libiscsi.c ++++ b/drivers/scsi/libiscsi.c +@@ -1568,14 +1568,9 @@ static int iscsi_data_xmit(struct iscsi_conn *conn) + } + rc = iscsi_prep_scsi_cmd_pdu(conn->task); + if (rc) { +- if (rc == -ENOMEM || rc == -EACCES) { +- spin_lock_bh(&conn->taskqueuelock); +- list_add_tail(&conn->task->running, +- &conn->cmdqueue); +- conn->task = NULL; +- spin_unlock_bh(&conn->taskqueuelock); +- goto done; +- } else ++ if (rc == -ENOMEM || rc == -EACCES) ++ fail_scsi_task(conn->task, DID_IMM_RETRY); ++ else + fail_scsi_task(conn->task, DID_ABORT); + spin_lock_bh(&conn->taskqueuelock); + continue; +-- +2.30.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 6383436dcec..b12cdf7cba1 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -16,3 +16,9 @@ net-lapbether-remove-netif_start_queue-netif_stop_queue.patch net-davicom-fix-regulator-not-turned-off-on-failed-probe.patch net-davicom-fix-regulator-not-turned-off-on-driver-removal.patch media-usbtv-fix-deadlock-on-suspend.patch +mmc-mxs-mmc-fix-a-resource-leak-in-an-error-handling.patch +mmc-mediatek-fix-race-condition-between-msdc_request.patch +powerpc-perf-record-counter-overflow-always-if-sampl.patch +pci-xgene-msi-fix-race-in-installing-chained-irq-han.patch +s390-smp-__smp_rescan_cpus-move-cpumask-away-from-st.patch +scsi-libiscsi-fix-iscsi_prep_scsi_cmd_pdu-error-hand.patch -- 2.47.3