Fixes for 4.19

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.19/drm-msm-dsi-set-default-num_data_lanes.patch b/queue-4.19/drm-msm-dsi-set-default-num_data_lanes.patch
new file mode 100644 (file)
index 0000000..08b6559
--- /dev/null
+++ b/queue-4.19/drm-msm-dsi-set-default-num_data_lanes.patch
@@ -0,0 +1,44 @@
+From 338007012bf81f120085e7442c14f0f9795b3c60 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 30 Oct 2021 10:08:50 -0700
+Subject: drm/msm/dsi: set default num_data_lanes
+
+From: Philip Chen <philipchen@chromium.org>
+
+[ Upstream commit cd92cc187c053ab010a1570e2d61d68394a5c725 ]
+
+If "data_lanes" property of the dsi output endpoint is missing in
+the DT, num_data_lanes would be 0 by default, which could cause
+dsi_host_attach() to fail if dsi->lanes is set to a non-zero value
+by the bridge driver.
+
+According to the binding document of msm dsi controller, the
+input/output endpoint of the controller is expected to have 4 lanes.
+So let's set num_data_lanes to 4 by default.
+
+Signed-off-by: Philip Chen <philipchen@chromium.org>
+Reviewed-by: Douglas Anderson <dianders@chromium.org>
+Reviewed-by: Stephen Boyd <swboyd@chromium.org>
+Link: https://lore.kernel.org/r/20211030100812.1.I6cd9af36b723fed277d34539d3b2ba4ca233ad2d@changeid
+Signed-off-by: Rob Clark <robdclark@chromium.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/msm/dsi/dsi_host.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/drivers/gpu/drm/msm/dsi/dsi_host.c b/drivers/gpu/drm/msm/dsi/dsi_host.c
+index 77dae147caf90..9abfb19ea7ede 100644
+--- a/drivers/gpu/drm/msm/dsi/dsi_host.c
++++ b/drivers/gpu/drm/msm/dsi/dsi_host.c
+@@ -1677,6 +1677,8 @@ static int dsi_host_parse_lane_data(struct msm_dsi_host *msm_host,
+       if (!prop) {
+               dev_dbg(dev,
+                       "failed to find data lane mapping, using default\n");
++              /* Set the number of date lanes to 4 by default. */
++              msm_host->num_data_lanes = 4;
+               return 0;
+       }
+ 
+-- 
+2.33.0
+

diff --git a/queue-4.19/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch b/queue-4.19/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch
new file mode 100644 (file)
index 0000000..3a32bd0
--- /dev/null
+++ b/queue-4.19/i2c-rk3x-handle-a-spurious-start-completion-interrup.patch
@@ -0,0 +1,66 @@
+From 90e04f21e9e76e9a2b411ae241b0609da22fa68f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 24 Sep 2021 13:15:27 +0200
+Subject: i2c: rk3x: Handle a spurious start completion interrupt flag
+
+From: Ondrej Jirman <megous@megous.com>
+
+[ Upstream commit 02fe0fbd8a21e183687925c3a266ae27dda9840f ]
+
+In a typical read transfer, start completion flag is being set after
+read finishes (notice ipd bit 4 being set):
+
+trasnfer poll=0
+i2c start
+rk3x-i2c fdd40000.i2c: IRQ: state 1, ipd: 10
+i2c read
+rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 1b
+i2c stop
+rk3x-i2c fdd40000.i2c: IRQ: state 4, ipd: 33
+
+This causes I2C transfer being aborted in polled mode from a stop completion
+handler:
+
+trasnfer poll=1
+i2c start
+rk3x-i2c fdd40000.i2c: IRQ: state 1, ipd: 10
+i2c read
+rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 0
+rk3x-i2c fdd40000.i2c: IRQ: state 2, ipd: 1b
+i2c stop
+rk3x-i2c fdd40000.i2c: IRQ: state 4, ipd: 13
+i2c stop
+rk3x-i2c fdd40000.i2c: unexpected irq in STOP: 0x10
+
+Clearing the START flag after read fixes the issue without any obvious
+side effects.
+
+This issue was dicovered on RK3566 when adding support for powering
+off the RK817 PMIC.
+
+Signed-off-by: Ondrej Jirman <megous@megous.com>
+Reviewed-by: John Keeping <john@metanate.com>
+Signed-off-by: Wolfram Sang <wsa@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/i2c/busses/i2c-rk3x.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/i2c/busses/i2c-rk3x.c b/drivers/i2c/busses/i2c-rk3x.c
+index b8a2728dd4b69..e76ad020a5420 100644
+--- a/drivers/i2c/busses/i2c-rk3x.c
++++ b/drivers/i2c/busses/i2c-rk3x.c
+@@ -425,8 +425,8 @@ static void rk3x_i2c_handle_read(struct rk3x_i2c *i2c, unsigned int ipd)
+       if (!(ipd & REG_INT_MBRF))
+               return;
+ 
+-      /* ack interrupt */
+-      i2c_writel(i2c, REG_INT_MBRF, REG_IPD);
++      /* ack interrupt (read also produces a spurious START flag, clear it too) */
++      i2c_writel(i2c, REG_INT_MBRF | REG_INT_START, REG_IPD);
+ 
+       /* Can only handle a maximum of 32 bytes at a time */
+       if (len > 32)
+-- 
+2.33.0
+

diff --git a/queue-4.19/net-mlx4_en-update-reported-link-modes-for-1-10g.patch b/queue-4.19/net-mlx4_en-update-reported-link-modes-for-1-10g.patch
new file mode 100644 (file)
index 0000000..b216ea1
--- /dev/null
+++ b/queue-4.19/net-mlx4_en-update-reported-link-modes-for-1-10g.patch
@@ -0,0 +1,114 @@
+From 8e7ea6adc346d40aa2212c3675d7fe77652cb54a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 28 Nov 2021 13:37:11 +0100
+Subject: net/mlx4_en: Update reported link modes for 1/10G
+
+From: Erik Ekman <erik@kryo.se>
+
+[ Upstream commit 2191b1dfef7d45f44b5008d2148676d9f2c82874 ]
+
+When link modes were initially added in commit 2c762679435dc
+("net/mlx4_en: Use PTYS register to query ethtool settings") and
+later updated for the new ethtool API in commit 3d8f7cc78d0eb
+("net: mlx4: use new ETHTOOL_G/SSETTINGS API") the only 1/10G non-baseT
+link modes configured were 1000baseKX, 10000baseKX4 and 10000baseKR.
+It looks like these got picked to represent other modes since nothing
+better was available.
+
+Switch to using more specific link modes added in commit 5711a98221443
+("net: ethtool: add support for 1000BaseX and missing 10G link modes").
+
+Tested with MCX311A-XCAT connected via DAC.
+Before:
+
+% sudo ethtool enp3s0
+Settings for enp3s0:
+       Supported ports: [ FIBRE ]
+       Supported link modes:   1000baseKX/Full
+                               10000baseKR/Full
+       Supported pause frame use: Symmetric Receive-only
+       Supports auto-negotiation: No
+       Supported FEC modes: Not reported
+       Advertised link modes:  1000baseKX/Full
+                               10000baseKR/Full
+       Advertised pause frame use: Symmetric
+       Advertised auto-negotiation: No
+       Advertised FEC modes: Not reported
+       Speed: 10000Mb/s
+       Duplex: Full
+       Auto-negotiation: off
+       Port: Direct Attach Copper
+       PHYAD: 0
+       Transceiver: internal
+       Supports Wake-on: d
+       Wake-on: d
+        Current message level: 0x00000014 (20)
+                               link ifdown
+       Link detected: yes
+
+With this change:
+
+% sudo ethtool enp3s0
+       Settings for enp3s0:
+       Supported ports: [ FIBRE ]
+       Supported link modes:   1000baseX/Full
+                               10000baseCR/Full
+                               10000baseSR/Full
+       Supported pause frame use: Symmetric Receive-only
+       Supports auto-negotiation: No
+       Supported FEC modes: Not reported
+       Advertised link modes:  1000baseX/Full
+                               10000baseCR/Full
+                               10000baseSR/Full
+       Advertised pause frame use: Symmetric
+       Advertised auto-negotiation: No
+       Advertised FEC modes: Not reported
+       Speed: 10000Mb/s
+       Duplex: Full
+       Auto-negotiation: off
+       Port: Direct Attach Copper
+       PHYAD: 0
+       Transceiver: internal
+       Supports Wake-on: d
+       Wake-on: d
+        Current message level: 0x00000014 (20)
+                               link ifdown
+       Link detected: yes
+
+Tested-by: Michael Stapelberg <michael@stapelberg.ch>
+Signed-off-by: Erik Ekman <erik@kryo.se>
+Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+index 6a005014d46af..f652cfd8127bf 100644
+--- a/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
++++ b/drivers/net/ethernet/mellanox/mlx4/en_ethtool.c
+@@ -663,7 +663,7 @@ void __init mlx4_en_init_ptys2ethtool_map(void)
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_T, SPEED_1000,
+                                      ETHTOOL_LINK_MODE_1000baseT_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_CX_SGMII, SPEED_1000,
+-                                     ETHTOOL_LINK_MODE_1000baseKX_Full_BIT);
++                                     ETHTOOL_LINK_MODE_1000baseX_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_1000BASE_KX, SPEED_1000,
+                                      ETHTOOL_LINK_MODE_1000baseKX_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_T, SPEED_10000,
+@@ -675,9 +675,9 @@ void __init mlx4_en_init_ptys2ethtool_map(void)
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_KR, SPEED_10000,
+                                      ETHTOOL_LINK_MODE_10000baseKR_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_CR, SPEED_10000,
+-                                     ETHTOOL_LINK_MODE_10000baseKR_Full_BIT);
++                                     ETHTOOL_LINK_MODE_10000baseCR_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_10GBASE_SR, SPEED_10000,
+-                                     ETHTOOL_LINK_MODE_10000baseKR_Full_BIT);
++                                     ETHTOOL_LINK_MODE_10000baseSR_Full_BIT);
+       MLX4_BUILD_PTYS2ETHTOOL_CONFIG(MLX4_20GBASE_KR2, SPEED_20000,
+                                      ETHTOOL_LINK_MODE_20000baseMLD2_Full_BIT,
+                                      ETHTOOL_LINK_MODE_20000baseKR2_Full_BIT);
+-- 
+2.33.0
+

diff --git a/queue-4.19/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch b/queue-4.19/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch
new file mode 100644 (file)
index 0000000..0cfc3ee
--- /dev/null
+++ b/queue-4.19/net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch
@@ -0,0 +1,204 @@
+From d3a9d0985315045323664a074783037a33c24e4f Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 29 Nov 2021 09:53:27 -0800
+Subject: net: netlink: af_netlink: Prevent empty skb by adding a check on len.
+
+From: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
+
+[ Upstream commit f123cffdd8fe8ea6c7fded4b88516a42798797d0 ]
+
+Adding a check on len parameter to avoid empty skb. This prevents a
+division error in netem_enqueue function which is caused when skb->len=0
+and skb->data_len=0 in the randomized corruption step as shown below.
+
+skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8);
+
+Crash Report:
+[  343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family
+0 port 6081 - 0
+[  343.216110] netem: version 1.3
+[  343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI
+[  343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+
+[  343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
+BIOS 1.11.0-2.el7 04/01/2014
+[  343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]
+[  343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff
+ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f
+74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03
+[  343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246
+[  343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:
+0000000000000000
+[  343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:
+ffff88800f8eda40
+[  343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:
+ffffffff94fb8445
+[  343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:
+0000000000000000
+[  343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:
+0000000000000020
+[  343.247291] FS:  00007fdde2bd7700(0000) GS:ffff888109780000(0000)
+knlGS:0000000000000000
+[  343.248350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:
+00000000000006e0
+[  343.250076] Call Trace:
+[  343.250423]  <TASK>
+[  343.250713]  ? memcpy+0x4d/0x60
+[  343.251162]  ? netem_init+0xa0/0xa0 [sch_netem]
+[  343.251795]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.252443]  netem_enqueue+0xe28/0x33c0 [sch_netem]
+[  343.253102]  ? stack_trace_save+0x87/0xb0
+[  343.253655]  ? filter_irq_stacks+0xb0/0xb0
+[  343.254220]  ? netem_init+0xa0/0xa0 [sch_netem]
+[  343.254837]  ? __kasan_check_write+0x14/0x20
+[  343.255418]  ? _raw_spin_lock+0x88/0xd6
+[  343.255953]  dev_qdisc_enqueue+0x50/0x180
+[  343.256508]  __dev_queue_xmit+0x1a7e/0x3090
+[  343.257083]  ? netdev_core_pick_tx+0x300/0x300
+[  343.257690]  ? check_kcov_mode+0x10/0x40
+[  343.258219]  ? _raw_spin_unlock_irqrestore+0x29/0x40
+[  343.258899]  ? __kasan_init_slab_obj+0x24/0x30
+[  343.259529]  ? setup_object.isra.71+0x23/0x90
+[  343.260121]  ? new_slab+0x26e/0x4b0
+[  343.260609]  ? kasan_poison+0x3a/0x50
+[  343.261118]  ? kasan_unpoison+0x28/0x50
+[  343.261637]  ? __kasan_slab_alloc+0x71/0x90
+[  343.262214]  ? memcpy+0x4d/0x60
+[  343.262674]  ? write_comp_data+0x2f/0x90
+[  343.263209]  ? __kasan_check_write+0x14/0x20
+[  343.263802]  ? __skb_clone+0x5d6/0x840
+[  343.264329]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.264958]  dev_queue_xmit+0x1c/0x20
+[  343.265470]  netlink_deliver_tap+0x652/0x9c0
+[  343.266067]  netlink_unicast+0x5a0/0x7f0
+[  343.266608]  ? netlink_attachskb+0x860/0x860
+[  343.267183]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.267820]  ? write_comp_data+0x2f/0x90
+[  343.268367]  netlink_sendmsg+0x922/0xe80
+[  343.268899]  ? netlink_unicast+0x7f0/0x7f0
+[  343.269472]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.270099]  ? write_comp_data+0x2f/0x90
+[  343.270644]  ? netlink_unicast+0x7f0/0x7f0
+[  343.271210]  sock_sendmsg+0x155/0x190
+[  343.271721]  ____sys_sendmsg+0x75f/0x8f0
+[  343.272262]  ? kernel_sendmsg+0x60/0x60
+[  343.272788]  ? write_comp_data+0x2f/0x90
+[  343.273332]  ? write_comp_data+0x2f/0x90
+[  343.273869]  ___sys_sendmsg+0x10f/0x190
+[  343.274405]  ? sendmsg_copy_msghdr+0x80/0x80
+[  343.274984]  ? slab_post_alloc_hook+0x70/0x230
+[  343.275597]  ? futex_wait_setup+0x240/0x240
+[  343.276175]  ? security_file_alloc+0x3e/0x170
+[  343.276779]  ? write_comp_data+0x2f/0x90
+[  343.277313]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.277969]  ? write_comp_data+0x2f/0x90
+[  343.278515]  ? __fget_files+0x1ad/0x260
+[  343.279048]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.279685]  ? write_comp_data+0x2f/0x90
+[  343.280234]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.280874]  ? sockfd_lookup_light+0xd1/0x190
+[  343.281481]  __sys_sendmsg+0x118/0x200
+[  343.281998]  ? __sys_sendmsg_sock+0x40/0x40
+[  343.282578]  ? alloc_fd+0x229/0x5e0
+[  343.283070]  ? write_comp_data+0x2f/0x90
+[  343.283610]  ? write_comp_data+0x2f/0x90
+[  343.284135]  ? __sanitizer_cov_trace_pc+0x21/0x60
+[  343.284776]  ? ktime_get_coarse_real_ts64+0xb8/0xf0
+[  343.285450]  __x64_sys_sendmsg+0x7d/0xc0
+[  343.285981]  ? syscall_enter_from_user_mode+0x4d/0x70
+[  343.286664]  do_syscall_64+0x3a/0x80
+[  343.287158]  entry_SYSCALL_64_after_hwframe+0x44/0xae
+[  343.287850] RIP: 0033:0x7fdde24cf289
+[  343.288344] Code: 01 00 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00
+48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f
+05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b7 db 2c 00 f7 d8 64 89 01 48
+[  343.290729] RSP: 002b:00007fdde2bd6d98 EFLAGS: 00000246 ORIG_RAX:
+000000000000002e
+[  343.291730] RAX: ffffffffffffffda RBX: 0000000000000000 RCX:
+00007fdde24cf289
+[  343.292673] RDX: 0000000000000000 RSI: 00000000200000c0 RDI:
+0000000000000004
+[  343.293618] RBP: 00007fdde2bd6e20 R08: 0000000100000001 R09:
+0000000000000000
+[  343.294557] R10: 0000000100000001 R11: 0000000000000246 R12:
+0000000000000000
+[  343.295493] R13: 0000000000021000 R14: 0000000000000000 R15:
+00007fdde2bd7700
+[  343.296432]  </TASK>
+[  343.296735] Modules linked in: sch_netem ip6_vti ip_vti ip_gre ipip
+sit ip_tunnel geneve macsec macvtap tap ipvlan macvlan 8021q garp mrp
+hsr wireguard libchacha20poly1305 chacha_x86_64 poly1305_x86_64
+ip6_udp_tunnel udp_tunnel libblake2s blake2s_x86_64 libblake2s_generic
+curve25519_x86_64 libcurve25519_generic libchacha xfrm_interface
+xfrm6_tunnel tunnel4 veth netdevsim psample batman_adv nlmon dummy team
+bonding tls vcan ip6_gre ip6_tunnel tunnel6 gre tun ip6t_rpfilter
+ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set
+ebtable_nat ebtable_broute ip6table_nat ip6table_mangle
+ip6table_security ip6table_raw iptable_nat nf_nat nf_conntrack
+nf_defrag_ipv6 nf_defrag_ipv4 iptable_mangle iptable_security
+iptable_raw ebtable_filter ebtables rfkill ip6table_filter ip6_tables
+iptable_filter ppdev bochs drm_vram_helper drm_ttm_helper ttm
+drm_kms_helper cec parport_pc drm joydev floppy parport sg syscopyarea
+sysfillrect sysimgblt i2c_piix4 qemu_fw_cfg fb_sys_fops pcspkr
+[  343.297459]  ip_tables xfs virtio_net net_failover failover sd_mod
+sr_mod cdrom t10_pi ata_generic pata_acpi ata_piix libata virtio_pci
+virtio_pci_legacy_dev serio_raw virtio_pci_modern_dev dm_mirror
+dm_region_hash dm_log dm_mod
+[  343.311074] Dumping ftrace buffer:
+[  343.311532]    (ftrace buffer empty)
+[  343.312040] ---[ end trace a2e3db5a6ae05099 ]---
+[  343.312691] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem]
+[  343.313481] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff
+ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f
+74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03
+[  343.315893] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246
+[  343.316622] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX:
+0000000000000000
+[  343.317585] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI:
+ffff88800f8eda40
+[  343.318549] RBP: ffff88800bcd7458 R08: 0000000000000000 R09:
+ffffffff94fb8445
+[  343.319503] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12:
+0000000000000000
+[  343.320455] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15:
+0000000000000020
+[  343.321414] FS:  00007fdde2bd7700(0000) GS:ffff888109780000(0000)
+knlGS:0000000000000000
+[  343.322489] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+[  343.323283] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4:
+00000000000006e0
+[  343.324264] Kernel panic - not syncing: Fatal exception in interrupt
+[  343.333717] Dumping ftrace buffer:
+[  343.334175]    (ftrace buffer empty)
+[  343.334653] Kernel Offset: 0x13600000 from 0xffffffff81000000
+(relocation range: 0xffffffff80000000-0xffffffffbfffffff)
+[  343.336027] Rebooting in 86400 seconds..
+
+Reported-by: syzkaller <syzkaller@googlegroups.com>
+Signed-off-by: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
+Link: https://lore.kernel.org/r/20211129175328.55339-1-harshit.m.mogalapalli@oracle.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netlink/af_netlink.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
+index dd4e4289d0d2a..a7497361e4d78 100644
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -1853,6 +1853,11 @@ static int netlink_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
+       if (msg->msg_flags&MSG_OOB)
+               return -EOPNOTSUPP;
+ 
++      if (len == 0) {
++              pr_warn_once("Zero length message leads to an empty skb\n");
++              return -ENODATA;
++      }
++
+       err = scm_send(sock, msg, &scm, true);
+       if (err < 0)
+               return err;
+-- 
+2.33.0
+

diff --git a/queue-4.19/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch b/queue-4.19/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch
new file mode 100644 (file)
index 0000000..581d969
--- /dev/null
+++ b/queue-4.19/parisc-agp-annotate-parisc-agp-init-functions-with-_.patch
@@ -0,0 +1,50 @@
+From 7bebd0bb297a86025bba78a050bdb24f28efe0cf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Nov 2021 16:45:59 +0100
+Subject: parisc/agp: Annotate parisc agp init functions with __init
+
+From: Helge Deller <deller@gmx.de>
+
+[ Upstream commit 8d88382b7436551a9ebb78475c546b670790cbf6 ]
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Reported-by: kernel test robot <lkp@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/char/agp/parisc-agp.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/char/agp/parisc-agp.c b/drivers/char/agp/parisc-agp.c
+index 15f2e7025b78e..1d5510cb6db4e 100644
+--- a/drivers/char/agp/parisc-agp.c
++++ b/drivers/char/agp/parisc-agp.c
+@@ -285,7 +285,7 @@ agp_ioc_init(void __iomem *ioc_regs)
+         return 0;
+ }
+ 
+-static int
++static int __init
+ lba_find_capability(int cap)
+ {
+       struct _parisc_agp_info *info = &parisc_agp_info;
+@@ -370,7 +370,7 @@ parisc_agp_setup(void __iomem *ioc_hpa, void __iomem *lba_hpa)
+       return error;
+ }
+ 
+-static int
++static int __init
+ find_quicksilver(struct device *dev, void *data)
+ {
+       struct parisc_device **lba = data;
+@@ -382,7 +382,7 @@ find_quicksilver(struct device *dev, void *data)
+       return 0;
+ }
+ 
+-static int
++static int __init
+ parisc_agp_init(void)
+ {
+       extern struct sba_device *sba_list;
+-- 
+2.33.0
+

diff --git a/queue-4.19/series b/queue-4.19/series
index c487ad0fe249b6c1f5e4c99d5a158ac7f28251af..f700c9efc0dbcb20d1c57e02cffe1c50c8868aaa 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -1,2 +1,8 @@
 stable-clamp-sublevel-in-4.19.patch
 nfc-fix-segfault-in-nfc_genl_dump_devices_done.patch
+drm-msm-dsi-set-default-num_data_lanes.patch
+net-mlx4_en-update-reported-link-modes-for-1-10g.patch
+parisc-agp-annotate-parisc-agp-init-functions-with-_.patch
+i2c-rk3x-handle-a-spurious-start-completion-interrup.patch
+net-netlink-af_netlink-prevent-empty-skb-by-adding-a.patch
+tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch

diff --git a/queue-4.19/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch b/queue-4.19/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch
new file mode 100644 (file)
index 0000000..f314059
--- /dev/null
+++ b/queue-4.19/tracing-fix-a-kmemleak-false-positive-in-tracing_map.patch
@@ -0,0 +1,103 @@
+From e3b8855ae884059bbbdef12bcd781b77f1481487 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 24 Nov 2021 14:08:01 +0000
+Subject: tracing: Fix a kmemleak false positive in tracing_map
+
+From: Chen Jun <chenjun102@huawei.com>
+
+[ Upstream commit f25667e5980a4333729cac3101e5de1bb851f71a ]
+
+Doing the command:
+  echo 'hist:key=common_pid.execname,common_timestamp' > /sys/kernel/debug/tracing/events/xxx/trigger
+
+Triggers many kmemleak reports:
+
+unreferenced object 0xffff0000c7ea4980 (size 128):
+  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
+  hex dump (first 32 bytes):
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+  backtrace:
+    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
+    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
+    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
+    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
+    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
+    [<00000000f549355a>] event_trigger_write+0x7c/0x120
+    [<00000000b80f898d>] vfs_write+0xc4/0x380
+    [<00000000823e1055>] ksys_write+0x74/0xf8
+    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
+    [<0000000087124017>] do_el0_svc+0x88/0x1c0
+    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
+    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
+    [<00000000e7399680>] el0_sync+0x148/0x180
+unreferenced object 0xffff0000c7ea4980 (size 128):
+  comm "bash", pid 338, jiffies 4294912626 (age 9339.324s)
+  hex dump (first 32 bytes):
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+  backtrace:
+    [<00000000f3469921>] kmem_cache_alloc_trace+0x4c0/0x6f0
+    [<0000000054ca40c3>] hist_trigger_elt_data_alloc+0x140/0x178
+    [<00000000633bd154>] tracing_map_init+0x1f8/0x268
+    [<000000007e814ab9>] event_hist_trigger_func+0xca0/0x1ad0
+    [<00000000bf8520ed>] trigger_process_regex+0xd4/0x128
+    [<00000000f549355a>] event_trigger_write+0x7c/0x120
+    [<00000000b80f898d>] vfs_write+0xc4/0x380
+    [<00000000823e1055>] ksys_write+0x74/0xf8
+    [<000000008a9374aa>] __arm64_sys_write+0x24/0x30
+    [<0000000087124017>] do_el0_svc+0x88/0x1c0
+    [<00000000efd0dcd1>] el0_svc+0x1c/0x28
+    [<00000000dbfba9b3>] el0_sync_handler+0x88/0xc0
+    [<00000000e7399680>] el0_sync+0x148/0x180
+
+The reason is elts->pages[i] is alloced by get_zeroed_page.
+and kmemleak will not scan the area alloced by get_zeroed_page.
+The address stored in elts->pages will be regarded as leaked.
+
+That is, the elts->pages[i] will have pointers loaded onto it as well, and
+without telling kmemleak about it, those pointers will look like memory
+without a reference.
+
+To fix this, call kmemleak_alloc to tell kmemleak to scan elts->pages[i]
+
+Link: https://lkml.kernel.org/r/20211124140801.87121-1-chenjun102@huawei.com
+
+Signed-off-by: Chen Jun <chenjun102@huawei.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/tracing_map.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/kernel/trace/tracing_map.c b/kernel/trace/tracing_map.c
+index 10657b8dc2c2d..83c2a0598c648 100644
+--- a/kernel/trace/tracing_map.c
++++ b/kernel/trace/tracing_map.c
+@@ -15,6 +15,7 @@
+ #include <linux/jhash.h>
+ #include <linux/slab.h>
+ #include <linux/sort.h>
++#include <linux/kmemleak.h>
+ 
+ #include "tracing_map.h"
+ #include "trace.h"
+@@ -307,6 +308,7 @@ void tracing_map_array_free(struct tracing_map_array *a)
+       for (i = 0; i < a->n_pages; i++) {
+               if (!a->pages[i])
+                       break;
++              kmemleak_free(a->pages[i]);
+               free_page((unsigned long)a->pages[i]);
+       }
+ 
+@@ -342,6 +344,7 @@ struct tracing_map_array *tracing_map_array_alloc(unsigned int n_elts,
+               a->pages[i] = (void *)get_zeroed_page(GFP_KERNEL);
+               if (!a->pages[i])
+                       goto free;
++              kmemleak_alloc(a->pages[i], PAGE_SIZE, 1, GFP_KERNEL);
+       }
+  out:
+       return a;
+-- 
+2.33.0
+