--- /dev/null
+From efc347b9efee1c2b081f5281d33be4559fa50a16 Mon Sep 17 00:00:00 2001
+From: George Stark <gnstark@salutedevices.com>
+Date: Thu, 11 Apr 2024 19:10:31 +0300
+Subject: leds: mlxreg: Use devm_mutex_init() for mutex initialization
+
+From: George Stark <gnstark@salutedevices.com>
+
+commit efc347b9efee1c2b081f5281d33be4559fa50a16 upstream.
+
+In this driver LEDs are registered using devm_led_classdev_register()
+so they are automatically unregistered after module's remove() is done.
+led_classdev_unregister() calls module's led_set_brightness() to turn off
+the LEDs and that callback uses mutex which was destroyed already
+in module's remove() so use devm API instead.
+
+Signed-off-by: George Stark <gnstark@salutedevices.com>
+Reviewed-by: Andy Shevchenko <andy.shevchenko@gmail.com>
+Link: https://lore.kernel.org/r/20240411161032.609544-8-gnstark@salutedevices.com
+Signed-off-by: Lee Jones <lee@kernel.org>
+Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
+Signed-off-by: He Zhe <zhe.he@windriver.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/leds/leds-mlxreg.c | 16 +++++-----------
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+--- a/drivers/leds/leds-mlxreg.c
++++ b/drivers/leds/leds-mlxreg.c
+@@ -258,6 +258,7 @@ static int mlxreg_led_probe(struct platf
+ {
+ struct mlxreg_core_platform_data *led_pdata;
+ struct mlxreg_led_priv_data *priv;
++ int err;
+
+ led_pdata = dev_get_platdata(&pdev->dev);
+ if (!led_pdata) {
+@@ -269,28 +270,21 @@ static int mlxreg_led_probe(struct platf
+ if (!priv)
+ return -ENOMEM;
+
+- mutex_init(&priv->access_lock);
++ err = devm_mutex_init(&pdev->dev, &priv->access_lock);
++ if (err)
++ return err;
++
+ priv->pdev = pdev;
+ priv->pdata = led_pdata;
+
+ return mlxreg_led_config(priv);
+ }
+
+-static int mlxreg_led_remove(struct platform_device *pdev)
+-{
+- struct mlxreg_led_priv_data *priv = dev_get_drvdata(&pdev->dev);
+-
+- mutex_destroy(&priv->access_lock);
+-
+- return 0;
+-}
+-
+ static struct platform_driver mlxreg_led_driver = {
+ .driver = {
+ .name = "leds-mlxreg",
+ },
+ .probe = mlxreg_led_probe,
+- .remove = mlxreg_led_remove,
+ };
+
+ module_platform_driver(mlxreg_led_driver);
--- /dev/null
+From 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f Mon Sep 17 00:00:00 2001
+From: Andrii Nakryiko <andrii@kernel.org>
+Date: Thu, 17 Oct 2024 10:47:13 -0700
+Subject: lib/buildid: Handle memfd_secret() files in build_id_parse()
+
+From: Andrii Nakryiko <andrii@kernel.org>
+
+commit 5ac9b4e935dfc6af41eee2ddc21deb5c36507a9f upstream.
+
+>From memfd_secret(2) manpage:
+
+ The memory areas backing the file created with memfd_secret(2) are
+ visible only to the processes that have access to the file descriptor.
+ The memory region is removed from the kernel page tables and only the
+ page tables of the processes holding the file descriptor map the
+ corresponding physical memory. (Thus, the pages in the region can't be
+ accessed by the kernel itself, so that, for example, pointers to the
+ region can't be passed to system calls.)
+
+We need to handle this special case gracefully in build ID fetching
+code. Return -EFAULT whenever secretmem file is passed to build_id_parse()
+family of APIs. Original report and repro can be found in [0].
+
+ [0] https://lore.kernel.org/bpf/ZwyG8Uro%2FSyTXAni@ly-workstation/
+
+Fixes: de3ec364c3c3 ("lib/buildid: add single folio-based file reader abstraction")
+Reported-by: Yi Lai <yi1.lai@intel.com>
+Suggested-by: Shakeel Butt <shakeel.butt@linux.dev>
+Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
+Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
+Acked-by: Shakeel Butt <shakeel.butt@linux.dev>
+Link: https://lore.kernel.org/bpf/20241017175431.6183-A-hca@linux.ibm.com
+Link: https://lore.kernel.org/bpf/20241017174713.2157873-1-andrii@kernel.org
+[ Chen Linxuan: backport same logic without folio-based changes ]
+Fixes: 88a16a130933 ("perf: Add build id data in mmap2 event")
+Signed-off-by: Chen Linxuan <chenlinxuan@deepin.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ lib/buildid.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/lib/buildid.c
++++ b/lib/buildid.c
+@@ -5,6 +5,7 @@
+ #include <linux/elf.h>
+ #include <linux/kernel.h>
+ #include <linux/pagemap.h>
++#include <linux/secretmem.h>
+
+ #define BUILD_ID 3
+
+@@ -157,6 +158,10 @@ int build_id_parse(struct vm_area_struct
+ if (!vma->vm_file)
+ return -EINVAL;
+
++ /* reject secretmem folios created with memfd_secret() */
++ if (vma_is_secretmem(vma))
++ return -EFAULT;
++
+ page = find_get_page(vma->vm_file->f_mapping, 0);
+ if (!page)
+ return -EFAULT; /* page not mapped */
asoc-amd-yc-support-mic-on-another-lenovo-thinkpad-e16-gen-2-model.patch
qlcnic-fix-memory-leak-issues-in-qlcnic_sriov_common.c.patch
rust-disallow-btf-generation-with-rust-lto.patch
+lib-buildid-handle-memfd_secret-files-in-build_id_parse.patch
+tcp-fix-races-in-tcp_abort.patch
+tcp-fix-forever-orphan-socket-caused-by-tcp_abort.patch
+leds-mlxreg-use-devm_mutex_init-for-mutex-initialization.patch
--- /dev/null
+From bac76cf89816bff06c4ec2f3df97dc34e150a1c4 Mon Sep 17 00:00:00 2001
+From: Xueming Feng <kuro@kuroa.me>
+Date: Mon, 26 Aug 2024 18:23:27 +0800
+Subject: tcp: fix forever orphan socket caused by tcp_abort
+
+From: Xueming Feng <kuro@kuroa.me>
+
+commit bac76cf89816bff06c4ec2f3df97dc34e150a1c4 upstream.
+
+We have some problem closing zero-window fin-wait-1 tcp sockets in our
+environment. This patch come from the investigation.
+
+Previously tcp_abort only sends out reset and calls tcp_done when the
+socket is not SOCK_DEAD, aka orphan. For orphan socket, it will only
+purging the write queue, but not close the socket and left it to the
+timer.
+
+While purging the write queue, tp->packets_out and sk->sk_write_queue
+is cleared along the way. However tcp_retransmit_timer have early
+return based on !tp->packets_out and tcp_probe_timer have early
+return based on !sk->sk_write_queue.
+
+This caused ICSK_TIME_RETRANS and ICSK_TIME_PROBE0 not being resched
+and socket not being killed by the timers, converting a zero-windowed
+orphan into a forever orphan.
+
+This patch removes the SOCK_DEAD check in tcp_abort, making it send
+reset to peer and close the socket accordingly. Preventing the
+timer-less orphan from happening.
+
+According to Lorenzo's email in the v1 thread, the check was there to
+prevent force-closing the same socket twice. That situation is handled
+by testing for TCP_CLOSE inside lock, and returning -ENOENT if it is
+already closed.
+
+The -ENOENT code comes from the associate patch Lorenzo made for
+iproute2-ss; link attached below, which also conform to RFC 9293.
+
+At the end of the patch, tcp_write_queue_purge(sk) is removed because it
+was already called in tcp_done_with_error().
+
+p.s. This is the same patch with v2. Resent due to mis-labeled "changes
+requested" on patchwork.kernel.org.
+
+Link: https://patchwork.ozlabs.org/project/netdev/patch/1450773094-7978-3-git-send-email-lorenzo@google.com/
+Fixes: c1e64e298b8c ("net: diag: Support destroying TCP sockets.")
+Signed-off-by: Xueming Feng <kuro@kuroa.me>
+Tested-by: Lorenzo Colitti <lorenzo@google.com>
+Reviewed-by: Jason Xing <kerneljasonxing@gmail.com>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Link: https://patch.msgid.link/20240826102327.1461482-1-kuro@kuroa.me
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+[youngmin: Resolved minor conflict in net/ipv4/tcp.c]
+Signed-off-by: Youngmin Nam <youngmin.nam@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -4745,6 +4745,12 @@ int tcp_abort(struct sock *sk, int err)
+ /* Don't race with userspace socket closes such as tcp_close. */
+ lock_sock(sk);
+
++ /* Avoid closing the same socket twice. */
++ if (sk->sk_state == TCP_CLOSE) {
++ release_sock(sk);
++ return -ENOENT;
++ }
++
+ if (sk->sk_state == TCP_LISTEN) {
+ tcp_set_state(sk, TCP_CLOSE);
+ inet_csk_listen_stop(sk);
+@@ -4754,15 +4760,12 @@ int tcp_abort(struct sock *sk, int err)
+ local_bh_disable();
+ bh_lock_sock(sk);
+
+- if (!sock_flag(sk, SOCK_DEAD)) {
+- if (tcp_need_reset(sk->sk_state))
+- tcp_send_active_reset(sk, GFP_ATOMIC);
+- tcp_done_with_error(sk, err);
+- }
++ if (tcp_need_reset(sk->sk_state))
++ tcp_send_active_reset(sk, GFP_ATOMIC);
++ tcp_done_with_error(sk, err);
+
+ bh_unlock_sock(sk);
+ local_bh_enable();
+- tcp_write_queue_purge(sk);
+ release_sock(sk);
+ return 0;
+ }
--- /dev/null
+From 5ce4645c23cf5f048eb8e9ce49e514bababdee85 Mon Sep 17 00:00:00 2001
+From: Eric Dumazet <edumazet@google.com>
+Date: Tue, 28 May 2024 12:52:52 +0000
+Subject: tcp: fix races in tcp_abort()
+
+From: Eric Dumazet <edumazet@google.com>
+
+commit 5ce4645c23cf5f048eb8e9ce49e514bababdee85 upstream.
+
+tcp_abort() has the same issue than the one fixed in the prior patch
+in tcp_write_err().
+
+In order to get consistent results from tcp_poll(), we must call
+sk_error_report() after tcp_done().
+
+We can use tcp_done_with_error() to centralize this logic.
+
+Fixes: c1e64e298b8c ("net: diag: Support destroying TCP sockets.")
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Acked-by: Neal Cardwell <ncardwell@google.com>
+Link: https://lore.kernel.org/r/20240528125253.1966136-4-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+[youngmin: Resolved minor conflict in net/ipv4/tcp.c]
+Signed-off-by: Youngmin Nam <youngmin.nam@samsung.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv4/tcp.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/net/ipv4/tcp.c
++++ b/net/ipv4/tcp.c
+@@ -4755,13 +4755,9 @@ int tcp_abort(struct sock *sk, int err)
+ bh_lock_sock(sk);
+
+ if (!sock_flag(sk, SOCK_DEAD)) {
+- WRITE_ONCE(sk->sk_err, err);
+- /* This barrier is coupled with smp_rmb() in tcp_poll() */
+- smp_wmb();
+- sk_error_report(sk);
+ if (tcp_need_reset(sk->sk_state))
+ tcp_send_active_reset(sk, GFP_ATOMIC);
+- tcp_done(sk);
++ tcp_done_with_error(sk, err);
+ }
+
+ bh_unlock_sock(sk);
projects / thirdparty / kernel / stable-queue.git / commitdiff
