From e2011e3945e2104aa2fd019b31d67ff37b6c3cd2 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 15 Jun 2020 20:38:16 +0200 Subject: [PATCH] 4.4-stable patches added patches: cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch spi-bcm2835aux-fix-controller-unregister-order.patch --- ...-for-module-and-config_cgroup-usages.patch | 35 ++++++++++ ...erence-at-nilfs_segctor_do_construct.patch | 67 +++++++++++++++++++ queue-4.4/series | 3 + ...5aux-fix-controller-unregister-order.patch | 62 +++++++++++++++++ 4 files changed, 167 insertions(+) create mode 100644 queue-4.4/cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch create mode 100644 queue-4.4/nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch create mode 100644 queue-4.4/spi-bcm2835aux-fix-controller-unregister-order.patch diff --git a/queue-4.4/cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch b/queue-4.4/cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch new file mode 100644 index 00000000000..b5f187f0940 --- /dev/null +++ b/queue-4.4/cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch @@ -0,0 +1,35 @@ +From 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Thu, 27 Jun 2019 13:39:48 -0700 +Subject: cgroup, blkcg: Prepare some symbols for module and !CONFIG_CGROUP usages + +From: Tejun Heo + +commit 9b0eb69b75bccada2d341d7e7ca342f0cb1c9a6a upstream. + +btrfs is going to use css_put() and wbc helpers to improve cgroup +writeback support. Add dummy css_get() definition and export wbc +helpers to prepare for module and !CONFIG_CGROUP builds. + +[only backport the export of __inode_attach_wb for stable kernels - gregkh] + +Reported-by: kbuild test robot +Reviewed-by: Jan Kara +Signed-off-by: Tejun Heo +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/fs-writeback.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/fs-writeback.c ++++ b/fs/fs-writeback.c +@@ -269,6 +269,7 @@ void __inode_attach_wb(struct inode *ino + if (unlikely(cmpxchg(&inode->i_wb, NULL, wb))) + wb_put(wb); + } ++EXPORT_SYMBOL_GPL(__inode_attach_wb); + + /** + * locked_inode_to_wb_and_lock_list - determine a locked inode's wb and lock it diff --git a/queue-4.4/nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch b/queue-4.4/nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch new file mode 100644 index 00000000000..0a3d5461ded --- /dev/null +++ b/queue-4.4/nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch @@ -0,0 +1,67 @@ +From 8301c719a2bd131436438e49130ee381d30933f5 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Wed, 10 Jun 2020 18:41:35 -0700 +Subject: nilfs2: fix null pointer dereference at nilfs_segctor_do_construct() + +From: Ryusuke Konishi + +commit 8301c719a2bd131436438e49130ee381d30933f5 upstream. + +After commit c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if +mapping has no dirty pages"), the following null pointer dereference has +been reported on nilfs2: + + BUG: kernel NULL pointer dereference, address: 00000000000000a8 + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD 0 P4D 0 + Oops: 0000 [#1] SMP PTI + ... + RIP: 0010:percpu_counter_add_batch+0xa/0x60 + ... + Call Trace: + __test_set_page_writeback+0x2d3/0x330 + nilfs_segctor_do_construct+0x10d3/0x2110 [nilfs2] + nilfs_segctor_construct+0x168/0x260 [nilfs2] + nilfs_segctor_thread+0x127/0x3b0 [nilfs2] + kthread+0xf8/0x130 + ... + +This crash turned out to be caused by set_page_writeback() call for +segment summary buffers at nilfs_segctor_prepare_write(). + +set_page_writeback() can call inc_wb_stat(inode_to_wb(inode), +WB_WRITEBACK) where inode_to_wb(inode) is NULL if the inode of +underlying block device does not have an associated wb. + +This fixes the issue by calling inode_attach_wb() in advance to ensure +to associate the bdev inode with its wb. + +Fixes: c3aab9a0bd91 ("mm/filemap.c: don't initiate writeback if mapping has no dirty pages") +Reported-by: Walton Hoops +Reported-by: Tomas Hlavaty +Reported-by: ARAI Shun-ichi +Reported-by: Hideki EIRAKU +Signed-off-by: Ryusuke Konishi +Signed-off-by: Andrew Morton +Tested-by: Ryusuke Konishi +Cc: [5.4+] +Link: http://lkml.kernel.org/r/20200608.011819.1399059588922299158.konishi.ryusuke@gmail.com +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman + +--- + fs/nilfs2/segment.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -2781,6 +2781,8 @@ int nilfs_attach_log_writer(struct super + if (!nilfs->ns_writer) + return -ENOMEM; + ++ inode_attach_wb(nilfs->ns_bdev->bd_inode, NULL); ++ + err = nilfs_segctor_start_thread(nilfs->ns_writer); + if (err) { + kfree(nilfs->ns_writer); diff --git a/queue-4.4/series b/queue-4.4/series index ccbaed70f52..98e9021d55e 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -15,3 +15,6 @@ alsa-es1688-add-the-missed-snd_card_free.patch alsa-usb-audio-fix-inconsistent-card-pm-state-after-resume.patch acpi-sysfs-fix-reference-count-leak-in-acpi_sysfs_add_hotplug_profile.patch acpi-pm-avoid-using-power-resources-if-there-are-none-for-d0.patch +cgroup-blkcg-prepare-some-symbols-for-module-and-config_cgroup-usages.patch +nilfs2-fix-null-pointer-dereference-at-nilfs_segctor_do_construct.patch +spi-bcm2835aux-fix-controller-unregister-order.patch diff --git a/queue-4.4/spi-bcm2835aux-fix-controller-unregister-order.patch b/queue-4.4/spi-bcm2835aux-fix-controller-unregister-order.patch new file mode 100644 index 00000000000..3c562cf5a2e --- /dev/null +++ b/queue-4.4/spi-bcm2835aux-fix-controller-unregister-order.patch @@ -0,0 +1,62 @@ +From b9dd3f6d417258ad0beeb292a1bc74200149f15d Mon Sep 17 00:00:00 2001 +From: Lukas Wunner +Date: Fri, 15 May 2020 17:58:03 +0200 +Subject: spi: bcm2835aux: Fix controller unregister order + +From: Lukas Wunner + +commit b9dd3f6d417258ad0beeb292a1bc74200149f15d upstream. + +The BCM2835aux SPI driver uses devm_spi_register_master() on bind. +As a consequence, on unbind, __device_release_driver() first invokes +bcm2835aux_spi_remove() before unregistering the SPI controller via +devres_release_all(). + +This order is incorrect: bcm2835aux_spi_remove() turns off the SPI +controller, including its interrupts and clock. The SPI controller +is thus no longer usable. + +When the SPI controller is subsequently unregistered, it unbinds all +its slave devices. If their drivers need to access the SPI bus, +e.g. to quiesce their interrupts, unbinding will fail. + +As a rule, devm_spi_register_master() must not be used if the +->remove() hook performs teardown steps which shall be performed +after unbinding of slaves. + +Fix by using the non-devm variant spi_register_master(). Note that the +struct spi_master as well as the driver-private data are not freed until +after bcm2835aux_spi_remove() has finished, so accessing them is safe. + +Fixes: 1ea29b39f4c8 ("spi: bcm2835aux: add bcm2835 auxiliary spi device driver") +Signed-off-by: Lukas Wunner +Cc: stable@vger.kernel.org # v4.4+ +Cc: Martin Sperl +Link: https://lore.kernel.org/r/32f27f4d8242e4d75f9a53f7e8f1f77483b08669.1589557526.git.lukas@wunner.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/spi/spi-bcm2835aux.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/spi/spi-bcm2835aux.c ++++ b/drivers/spi/spi-bcm2835aux.c +@@ -457,7 +457,7 @@ static int bcm2835aux_spi_probe(struct p + goto out_clk_disable; + } + +- err = devm_spi_register_master(&pdev->dev, master); ++ err = spi_register_master(master); + if (err) { + dev_err(&pdev->dev, "could not register SPI master: %d\n", err); + goto out_clk_disable; +@@ -477,6 +477,8 @@ static int bcm2835aux_spi_remove(struct + struct spi_master *master = platform_get_drvdata(pdev); + struct bcm2835aux_spi *bs = spi_master_get_devdata(master); + ++ spi_unregister_master(master); ++ + bcm2835aux_spi_reset_hw(bs); + + /* disable the HW block by releasing the clock */ -- 2.47.3