From f2343f07552085345c3402a82d32a94fec748040 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Tue, 21 Apr 2020 23:25:57 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...tinue-if-clk_hw_round_rate-return-ze.patch | 49 +++++++++++++ ...egra-fix-tegra-pmc-clock-out-parents.patch | 56 +++++++++++++++ ...-fix-error-in-build_bug_on-reporting.patch | 70 ++++++++++++++++++ ...ty-body-warnings-when-wextra-is-used.patch | 60 ++++++++++++++++ ...o-not-commit-super-on-read-only-bdev.patch | 50 +++++++++++++ ...e-configuration-of-gcr3-table-root-p.patch | 38 ++++++++++ ...-memory-leak-of-dreq-when-nfs_get_lo.patch | 51 +++++++++++++ ...y-leaks-in-nfs_pageio_stop_mirroring.patch | 56 +++++++++++++++ ...leak-in-of_unittest_platform_populat.patch | 48 +++++++++++++ ...r-fix-a-data-race-at-vm_committed_as.patch | 72 +++++++++++++++++++ queue-4.4/series | 10 +++ 11 files changed, 560 insertions(+) create mode 100644 queue-4.4/clk-at91-usb-continue-if-clk_hw_round_rate-return-ze.patch create mode 100644 queue-4.4/clk-tegra-fix-tegra-pmc-clock-out-parents.patch create mode 100644 queue-4.4/compiler.h-fix-error-in-build_bug_on-reporting.patch create mode 100644 queue-4.4/ext2-fix-empty-body-warnings-when-wextra-is-used.patch create mode 100644 queue-4.4/ext4-do-not-commit-super-on-read-only-bdev.patch create mode 100644 queue-4.4/iommu-amd-fix-the-configuration-of-gcr3-table-root-p.patch create mode 100644 queue-4.4/nfs-direct.c-fix-memory-leak-of-dreq-when-nfs_get_lo.patch create mode 100644 queue-4.4/nfs-fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch create mode 100644 queue-4.4/of-unittest-kmemleak-in-of_unittest_platform_populat.patch create mode 100644 queue-4.4/percpu_counter-fix-a-data-race-at-vm_committed_as.patch diff --git a/queue-4.4/clk-at91-usb-continue-if-clk_hw_round_rate-return-ze.patch b/queue-4.4/clk-at91-usb-continue-if-clk_hw_round_rate-return-ze.patch new file mode 100644 index 00000000000..9e6b267fef5 --- /dev/null +++ b/queue-4.4/clk-at91-usb-continue-if-clk_hw_round_rate-return-ze.patch @@ -0,0 +1,49 @@ +From d0a12e28f9d8ae4c61530379ecabc905c89e87ad Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Jan 2020 13:36:46 +0200 +Subject: clk: at91: usb: continue if clk_hw_round_rate() return zero + +From: Claudiu Beznea + +[ Upstream commit b0ecf1c6c6e82da4847900fad0272abfd014666d ] + +clk_hw_round_rate() may call round rate function of its parents. In case +of SAM9X60 two of USB parrents are PLLA and UPLL. These clocks are +controlled by clk-sam9x60-pll.c driver. The round rate function for this +driver is sam9x60_pll_round_rate() which call in turn +sam9x60_pll_get_best_div_mul(). In case the requested rate is not in the +proper range (rate < characteristics->output[0].min && +rate > characteristics->output[0].max) the sam9x60_pll_round_rate() will +return a negative number to its caller (called by +clk_core_round_rate_nolock()). clk_hw_round_rate() will return zero in +case a negative number is returned by clk_core_round_rate_nolock(). With +this, the USB clock will continue its rate computation even caller of +clk_hw_round_rate() returned an error. With this, the USB clock on SAM9X60 +may not chose the best parent. I detected this after a suspend/resume +cycle on SAM9X60. + +Signed-off-by: Claudiu Beznea +Link: https://lkml.kernel.org/r/1579261009-4573-2-git-send-email-claudiu.beznea@microchip.com +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/at91/clk-usb.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/clk/at91/clk-usb.c b/drivers/clk/at91/clk-usb.c +index 8ab8502778a28..55e09641b491b 100644 +--- a/drivers/clk/at91/clk-usb.c ++++ b/drivers/clk/at91/clk-usb.c +@@ -79,6 +79,9 @@ static int at91sam9x5_clk_usb_determine_rate(struct clk_hw *hw, + tmp_parent_rate = req->rate * div; + tmp_parent_rate = clk_hw_round_rate(parent, + tmp_parent_rate); ++ if (!tmp_parent_rate) ++ continue; ++ + tmp_rate = DIV_ROUND_CLOSEST(tmp_parent_rate, div); + if (tmp_rate < req->rate) + tmp_diff = req->rate - tmp_rate; +-- +2.20.1 + diff --git a/queue-4.4/clk-tegra-fix-tegra-pmc-clock-out-parents.patch b/queue-4.4/clk-tegra-fix-tegra-pmc-clock-out-parents.patch new file mode 100644 index 00000000000..439f623f946 --- /dev/null +++ b/queue-4.4/clk-tegra-fix-tegra-pmc-clock-out-parents.patch @@ -0,0 +1,56 @@ +From fdd42cc09061f28ded9b66a7ba007bc029625b4f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jan 2020 23:24:09 -0800 +Subject: clk: tegra: Fix Tegra PMC clock out parents + +From: Sowjanya Komatineni + +[ Upstream commit 6fe38aa8cac3a5db38154331742835a4d9740788 ] + +Tegra PMC clocks clk_out_1, clk_out_2, and clk_out_3 supported parents +are osc, osc_div2, osc_div4 and extern clock. + +Clock driver is using incorrect parents clk_m, clk_m_div2, clk_m_div4 +for PMC clocks. + +This patch fixes this. + +Tested-by: Dmitry Osipenko +Reviewed-by: Dmitry Osipenko +Signed-off-by: Sowjanya Komatineni +Signed-off-by: Thierry Reding +Signed-off-by: Sasha Levin +--- + drivers/clk/tegra/clk-tegra-pmc.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/clk/tegra/clk-tegra-pmc.c b/drivers/clk/tegra/clk-tegra-pmc.c +index 91377abfefa19..17a04300f93bf 100644 +--- a/drivers/clk/tegra/clk-tegra-pmc.c ++++ b/drivers/clk/tegra/clk-tegra-pmc.c +@@ -60,16 +60,16 @@ struct pmc_clk_init_data { + + static DEFINE_SPINLOCK(clk_out_lock); + +-static const char *clk_out1_parents[] = { "clk_m", "clk_m_div2", +- "clk_m_div4", "extern1", ++static const char *clk_out1_parents[] = { "osc", "osc_div2", ++ "osc_div4", "extern1", + }; + +-static const char *clk_out2_parents[] = { "clk_m", "clk_m_div2", +- "clk_m_div4", "extern2", ++static const char *clk_out2_parents[] = { "osc", "osc_div2", ++ "osc_div4", "extern2", + }; + +-static const char *clk_out3_parents[] = { "clk_m", "clk_m_div2", +- "clk_m_div4", "extern3", ++static const char *clk_out3_parents[] = { "osc", "osc_div2", ++ "osc_div4", "extern3", + }; + + static struct pmc_clk_init_data pmc_clks[] = { +-- +2.20.1 + diff --git a/queue-4.4/compiler.h-fix-error-in-build_bug_on-reporting.patch b/queue-4.4/compiler.h-fix-error-in-build_bug_on-reporting.patch new file mode 100644 index 00000000000..1a0c9c65e0c --- /dev/null +++ b/queue-4.4/compiler.h-fix-error-in-build_bug_on-reporting.patch @@ -0,0 +1,70 @@ +From e5e5ba797294f34794d7015b4f2fe306e5450af6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Apr 2020 20:09:37 -0700 +Subject: compiler.h: fix error in BUILD_BUG_ON() reporting + +From: Vegard Nossum + +[ Upstream commit af9c5d2e3b355854ff0e4acfbfbfadcd5198a349 ] + +compiletime_assert() uses __LINE__ to create a unique function name. This +means that if you have more than one BUILD_BUG_ON() in the same source +line (which can happen if they appear e.g. in a macro), then the error +message from the compiler might output the wrong condition. + +For this source file: + + #include + + #define macro() \ + BUILD_BUG_ON(1); \ + BUILD_BUG_ON(0); + + void foo() + { + macro(); + } + +gcc would output: + +./include/linux/compiler.h:350:38: error: call to `__compiletime_assert_9' declared with attribute error: BUILD_BUG_ON failed: 0 + _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) + +However, it was not the BUILD_BUG_ON(0) that failed, so it should say 1 +instead of 0. With this patch, we use __COUNTER__ instead of __LINE__, so +each BUILD_BUG_ON() gets a different function name and the correct +condition is printed: + +./include/linux/compiler.h:350:38: error: call to `__compiletime_assert_0' declared with attribute error: BUILD_BUG_ON failed: 1 + _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) + +Signed-off-by: Vegard Nossum +Signed-off-by: Andrew Morton +Reviewed-by: Masahiro Yamada +Reviewed-by: Daniel Santos +Cc: Rasmus Villemoes +Cc: Ian Abbott +Cc: Joe Perches +Link: http://lkml.kernel.org/r/20200331112637.25047-1-vegard.nossum@oracle.com +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + include/linux/compiler.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/linux/compiler.h b/include/linux/compiler.h +index 5508011cc0c79..5f8749440c6af 100644 +--- a/include/linux/compiler.h ++++ b/include/linux/compiler.h +@@ -502,7 +502,7 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s + * compiler has support to do so. + */ + #define compiletime_assert(condition, msg) \ +- _compiletime_assert(condition, msg, __compiletime_assert_, __LINE__) ++ _compiletime_assert(condition, msg, __compiletime_assert_, __COUNTER__) + + #define compiletime_assert_atomic_type(t) \ + compiletime_assert(__native_word(t), \ +-- +2.20.1 + diff --git a/queue-4.4/ext2-fix-empty-body-warnings-when-wextra-is-used.patch b/queue-4.4/ext2-fix-empty-body-warnings-when-wextra-is-used.patch new file mode 100644 index 00000000000..8500fa43d76 --- /dev/null +++ b/queue-4.4/ext2-fix-empty-body-warnings-when-wextra-is-used.patch @@ -0,0 +1,60 @@ +From 70ab1f2b39b1122fa0b23a6d7e3f13d51bfa3d62 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 Mar 2020 19:45:41 -0700 +Subject: ext2: fix empty body warnings when -Wextra is used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Randy Dunlap + +[ Upstream commit 44a52022e7f15cbaab957df1c14f7a4f527ef7cf ] + +When EXT2_ATTR_DEBUG is not defined, modify the 2 debug macros +to use the no_printk() macro instead of . +This fixes gcc warnings when -Wextra is used: + +../fs/ext2/xattr.c:252:42: warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body] +../fs/ext2/xattr.c:258:42: warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body] +../fs/ext2/xattr.c:330:42: warning: suggest braces around empty body in an ‘if’ statement [-Wempty-body] +../fs/ext2/xattr.c:872:45: warning: suggest braces around empty body in an ‘else’ statement [-Wempty-body] + +I have verified that the only object code change (with gcc 7.5.0) is +the reversal of some instructions from 'cmp a,b' to 'cmp b,a'. + +Link: https://lore.kernel.org/r/e18a7395-61fb-2093-18e8-ed4f8cf56248@infradead.org +Signed-off-by: Randy Dunlap +Cc: Jan Kara +Cc: linux-ext4@vger.kernel.org +Signed-off-by: Jan Kara +Signed-off-by: Sasha Levin +--- + fs/ext2/xattr.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c +index 22d817dc821e9..6f6f4f89a2f0c 100644 +--- a/fs/ext2/xattr.c ++++ b/fs/ext2/xattr.c +@@ -55,6 +55,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -85,8 +86,8 @@ + printk("\n"); \ + } while (0) + #else +-# define ea_idebug(f...) +-# define ea_bdebug(f...) ++# define ea_idebug(inode, f...) no_printk(f) ++# define ea_bdebug(bh, f...) no_printk(f) + #endif + + static int ext2_xattr_set2(struct inode *, struct buffer_head *, +-- +2.20.1 + diff --git a/queue-4.4/ext4-do-not-commit-super-on-read-only-bdev.patch b/queue-4.4/ext4-do-not-commit-super-on-read-only-bdev.patch new file mode 100644 index 00000000000..ef48184dc84 --- /dev/null +++ b/queue-4.4/ext4-do-not-commit-super-on-read-only-bdev.patch @@ -0,0 +1,50 @@ +From 516be0fd81671e110b86afda386d27feab11d7d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Mar 2020 14:19:38 -0500 +Subject: ext4: do not commit super on read-only bdev + +From: Eric Sandeen + +[ Upstream commit c96e2b8564adfb8ac14469ebc51ddc1bfecb3ae2 ] + +Under some circumstances we may encounter a filesystem error on a +read-only block device, and if we try to save the error info to the +superblock and commit it, we'll wind up with a noisy error and +backtrace, i.e.: + +[ 3337.146838] EXT4-fs error (device pmem1p2): ext4_get_journal_inode:4634: comm mount: inode #0: comm mount: iget: illegal inode # +------------[ cut here ]------------ +generic_make_request: Trying to write to read-only block-device pmem1p2 (partno 2) +WARNING: CPU: 107 PID: 115347 at block/blk-core.c:788 generic_make_request_checks+0x6b4/0x7d0 +... + +To avoid this, commit the error info in the superblock only if the +block device is writable. + +Reported-by: Ritesh Harjani +Signed-off-by: Eric Sandeen +Reviewed-by: Andreas Dilger +Link: https://lore.kernel.org/r/4b6e774d-cc00-3469-7abb-108eb151071a@sandeen.net +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/super.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index f778eb4b3e5b6..67faf147bade1 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -313,7 +313,8 @@ static void save_error_info(struct super_block *sb, const char *func, + unsigned int line) + { + __save_error_info(sb, func, line); +- ext4_commit_super(sb, 1); ++ if (!bdev_read_only(sb->s_bdev)) ++ ext4_commit_super(sb, 1); + } + + /* +-- +2.20.1 + diff --git a/queue-4.4/iommu-amd-fix-the-configuration-of-gcr3-table-root-p.patch b/queue-4.4/iommu-amd-fix-the-configuration-of-gcr3-table-root-p.patch new file mode 100644 index 00000000000..e3d88962543 --- /dev/null +++ b/queue-4.4/iommu-amd-fix-the-configuration-of-gcr3-table-root-p.patch @@ -0,0 +1,38 @@ +From 2cd8936da1930ac0722a9e162f92555583547f47 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 Feb 2020 18:44:51 +0800 +Subject: iommu/amd: Fix the configuration of GCR3 table root pointer + +From: Adrian Huang + +[ Upstream commit c20f36534666e37858a14e591114d93cc1be0d34 ] + +The SPA of the GCR3 table root pointer[51:31] masks 20 bits. However, +this requires 21 bits (Please see the AMD IOMMU specification). +This leads to the potential failure when the bit 51 of SPA of +the GCR3 table root pointer is 1'. + +Signed-off-by: Adrian Huang +Fixes: 52815b75682e2 ("iommu/amd: Add support for IOMMUv2 domain mode") +Signed-off-by: Joerg Roedel +Signed-off-by: Sasha Levin +--- + drivers/iommu/amd_iommu_types.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iommu/amd_iommu_types.h b/drivers/iommu/amd_iommu_types.h +index b08cf57bf4554..695d4e235438c 100644 +--- a/drivers/iommu/amd_iommu_types.h ++++ b/drivers/iommu/amd_iommu_types.h +@@ -303,7 +303,7 @@ + + #define DTE_GCR3_VAL_A(x) (((x) >> 12) & 0x00007ULL) + #define DTE_GCR3_VAL_B(x) (((x) >> 15) & 0x0ffffULL) +-#define DTE_GCR3_VAL_C(x) (((x) >> 31) & 0xfffffULL) ++#define DTE_GCR3_VAL_C(x) (((x) >> 31) & 0x1fffffULL) + + #define DTE_GCR3_INDEX_A 0 + #define DTE_GCR3_INDEX_B 1 +-- +2.20.1 + diff --git a/queue-4.4/nfs-direct.c-fix-memory-leak-of-dreq-when-nfs_get_lo.patch b/queue-4.4/nfs-direct.c-fix-memory-leak-of-dreq-when-nfs_get_lo.patch new file mode 100644 index 00000000000..b1b062a8942 --- /dev/null +++ b/queue-4.4/nfs-direct.c-fix-memory-leak-of-dreq-when-nfs_get_lo.patch @@ -0,0 +1,51 @@ +From 9d07eb1588b719fcf5494f18309b3b500b636ef3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Aug 2019 17:01:22 +0900 +Subject: NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context + fails + +From: Misono Tomohiro + +[ Upstream commit 8605cf0e852af3b2c771c18417499dc4ceed03d5 ] + +When dreq is allocated by nfs_direct_req_alloc(), dreq->kref is +initialized to 2. Therefore we need to call nfs_direct_req_release() +twice to release the allocated dreq. Usually it is called in +nfs_file_direct_{read, write}() and nfs_direct_complete(). + +However, current code only calls nfs_direct_req_relese() once if +nfs_get_lock_context() fails in nfs_file_direct_{read, write}(). +So, that case would result in memory leak. + +Fix this by adding the missing call. + +Signed-off-by: Misono Tomohiro +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/direct.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c +index 88cb8e0d60149..7789f0b9b999e 100644 +--- a/fs/nfs/direct.c ++++ b/fs/nfs/direct.c +@@ -605,6 +605,7 @@ ssize_t nfs_file_direct_read(struct kiocb *iocb, struct iov_iter *iter, + l_ctx = nfs_get_lock_context(dreq->ctx); + if (IS_ERR(l_ctx)) { + result = PTR_ERR(l_ctx); ++ nfs_direct_req_release(dreq); + goto out_release; + } + dreq->l_ctx = l_ctx; +@@ -1015,6 +1016,7 @@ ssize_t nfs_file_direct_write(struct kiocb *iocb, struct iov_iter *iter) + l_ctx = nfs_get_lock_context(dreq->ctx); + if (IS_ERR(l_ctx)) { + result = PTR_ERR(l_ctx); ++ nfs_direct_req_release(dreq); + goto out_release; + } + dreq->l_ctx = l_ctx; +-- +2.20.1 + diff --git a/queue-4.4/nfs-fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch b/queue-4.4/nfs-fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch new file mode 100644 index 00000000000..679e0840466 --- /dev/null +++ b/queue-4.4/nfs-fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch @@ -0,0 +1,56 @@ +From 5f32d4a934c418c4de4f617af3024a893dcd6a2f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 29 Mar 2020 20:06:45 -0400 +Subject: NFS: Fix memory leaks in nfs_pageio_stop_mirroring() + +From: Trond Myklebust + +[ Upstream commit 862f35c94730c9270833f3ad05bd758a29f204ed ] + +If we just set the mirror count to 1 without first clearing out +the mirrors, we can leak queued up requests. + +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/pagelist.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/fs/nfs/pagelist.c b/fs/nfs/pagelist.c +index af1bb7353792c..f5de58c5773f6 100644 +--- a/fs/nfs/pagelist.c ++++ b/fs/nfs/pagelist.c +@@ -886,15 +886,6 @@ static int nfs_pageio_setup_mirroring(struct nfs_pageio_descriptor *pgio, + return 0; + } + +-/* +- * nfs_pageio_stop_mirroring - stop using mirroring (set mirror count to 1) +- */ +-void nfs_pageio_stop_mirroring(struct nfs_pageio_descriptor *pgio) +-{ +- pgio->pg_mirror_count = 1; +- pgio->pg_mirror_idx = 0; +-} +- + static void nfs_pageio_cleanup_mirroring(struct nfs_pageio_descriptor *pgio) + { + pgio->pg_mirror_count = 1; +@@ -1287,6 +1278,14 @@ void nfs_pageio_cond_complete(struct nfs_pageio_descriptor *desc, pgoff_t index) + } + } + ++/* ++ * nfs_pageio_stop_mirroring - stop using mirroring (set mirror count to 1) ++ */ ++void nfs_pageio_stop_mirroring(struct nfs_pageio_descriptor *pgio) ++{ ++ nfs_pageio_complete(pgio); ++} ++ + int __init nfs_init_nfspagecache(void) + { + nfs_page_cachep = kmem_cache_create("nfs_page", +-- +2.20.1 + diff --git a/queue-4.4/of-unittest-kmemleak-in-of_unittest_platform_populat.patch b/queue-4.4/of-unittest-kmemleak-in-of_unittest_platform_populat.patch new file mode 100644 index 00000000000..b3baf01ce18 --- /dev/null +++ b/queue-4.4/of-unittest-kmemleak-in-of_unittest_platform_populat.patch @@ -0,0 +1,48 @@ +From 2ff8c153f14c2eafb0bb19d8a806941d5250222d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Apr 2020 16:42:47 -0500 +Subject: of: unittest: kmemleak in of_unittest_platform_populate() + +From: Frank Rowand + +[ Upstream commit 216830d2413cc61be3f76bc02ffd905e47d2439e ] + +kmemleak reports several memory leaks from devicetree unittest. +This is the fix for problem 2 of 5. + +of_unittest_platform_populate() left an elevated reference count for +grandchild nodes (which are platform devices). Fix the platform +device reference counts so that the memory will be freed. + +Fixes: fb2caa50fbac ("of/selftest: add testcase for nodes with same name and address") +Reported-by: Erhard F. +Signed-off-by: Frank Rowand +Signed-off-by: Rob Herring +Signed-off-by: Sasha Levin +--- + drivers/of/unittest.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/of/unittest.c b/drivers/of/unittest.c +index 1ee2474fa8fbb..109497dbfba08 100644 +--- a/drivers/of/unittest.c ++++ b/drivers/of/unittest.c +@@ -816,10 +816,13 @@ static void __init of_unittest_platform_populate(void) + + of_platform_populate(np, match, NULL, &test_bus->dev); + for_each_child_of_node(np, child) { +- for_each_child_of_node(child, grandchild) +- unittest(of_find_device_by_node(grandchild), ++ for_each_child_of_node(child, grandchild) { ++ pdev = of_find_device_by_node(grandchild); ++ unittest(pdev, + "Could not create device for node '%s'\n", + grandchild->name); ++ of_dev_put(pdev); ++ } + } + + of_platform_depopulate(&test_bus->dev); +-- +2.20.1 + diff --git a/queue-4.4/percpu_counter-fix-a-data-race-at-vm_committed_as.patch b/queue-4.4/percpu_counter-fix-a-data-race-at-vm_committed_as.patch new file mode 100644 index 00000000000..355179bb0df --- /dev/null +++ b/queue-4.4/percpu_counter-fix-a-data-race-at-vm_committed_as.patch @@ -0,0 +1,72 @@ +From f88337e564ec75d531d9111d60b33a48d26db0a7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Apr 2020 20:10:25 -0700 +Subject: percpu_counter: fix a data race at vm_committed_as + +From: Qian Cai + +[ Upstream commit 7e2345200262e4a6056580f0231cccdaffc825f3 ] + +"vm_committed_as.count" could be accessed concurrently as reported by +KCSAN, + + BUG: KCSAN: data-race in __vm_enough_memory / percpu_counter_add_batch + + write to 0xffffffff9451c538 of 8 bytes by task 65879 on cpu 35: + percpu_counter_add_batch+0x83/0xd0 + percpu_counter_add_batch at lib/percpu_counter.c:91 + __vm_enough_memory+0xb9/0x260 + dup_mm+0x3a4/0x8f0 + copy_process+0x2458/0x3240 + _do_fork+0xaa/0x9f0 + __do_sys_clone+0x125/0x160 + __x64_sys_clone+0x70/0x90 + do_syscall_64+0x91/0xb05 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + + read to 0xffffffff9451c538 of 8 bytes by task 66773 on cpu 19: + __vm_enough_memory+0x199/0x260 + percpu_counter_read_positive at include/linux/percpu_counter.h:81 + (inlined by) __vm_enough_memory at mm/util.c:839 + mmap_region+0x1b2/0xa10 + do_mmap+0x45c/0x700 + vm_mmap_pgoff+0xc0/0x130 + ksys_mmap_pgoff+0x6e/0x300 + __x64_sys_mmap+0x33/0x40 + do_syscall_64+0x91/0xb05 + entry_SYSCALL_64_after_hwframe+0x49/0xbe + +The read is outside percpu_counter::lock critical section which results in +a data race. Fix it by adding a READ_ONCE() in +percpu_counter_read_positive() which could also service as the existing +compiler memory barrier. + +Signed-off-by: Qian Cai +Signed-off-by: Andrew Morton +Acked-by: Marco Elver +Link: http://lkml.kernel.org/r/1582302724-2804-1-git-send-email-cai@lca.pw +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + include/linux/percpu_counter.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/linux/percpu_counter.h b/include/linux/percpu_counter.h +index 84a1094496100..b6332cb761a4c 100644 +--- a/include/linux/percpu_counter.h ++++ b/include/linux/percpu_counter.h +@@ -76,9 +76,9 @@ static inline s64 percpu_counter_read(struct percpu_counter *fbc) + */ + static inline s64 percpu_counter_read_positive(struct percpu_counter *fbc) + { +- s64 ret = fbc->count; ++ /* Prevent reloads of fbc->count */ ++ s64 ret = READ_ONCE(fbc->count); + +- barrier(); /* Prevent reloads of fbc->count */ + if (ret >= 0) + return ret; + return 0; +-- +2.20.1 + diff --git a/queue-4.4/series b/queue-4.4/series index c795a318a8b..358c72c922f 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -80,3 +80,13 @@ wil6210-rate-limit-wil_rx_refill-error.patch rtc-pm8xxx-fix-issue-in-rtc-write-path.patch soc-qcom-smem-use-le32_to_cpu-for-comparison.patch of-fix-missing-kobject-init-for-sysfs-of_dynamic-config.patch +of-unittest-kmemleak-in-of_unittest_platform_populat.patch +clk-at91-usb-continue-if-clk_hw_round_rate-return-ze.patch +clk-tegra-fix-tegra-pmc-clock-out-parents.patch +nfs-direct.c-fix-memory-leak-of-dreq-when-nfs_get_lo.patch +ext4-do-not-commit-super-on-read-only-bdev.patch +percpu_counter-fix-a-data-race-at-vm_committed_as.patch +compiler.h-fix-error-in-build_bug_on-reporting.patch +nfs-fix-memory-leaks-in-nfs_pageio_stop_mirroring.patch +ext2-fix-empty-body-warnings-when-wextra-is-used.patch +iommu-amd-fix-the-configuration-of-gcr3-table-root-p.patch -- 2.47.3