5.4-stable patches

added patches:
	asoc-core-fix-compile-warning-with-config_debug_fs-n.patch
	asoc-dt-bindings-mt8183-add-missing-update.patch
	asoc-fsl_esai-add-spin-lock-to-protect-reset-stop-and-start.patch
	asoc-rsnd-fix-dalign-register-for-ssiu.patch
	asoc-simple_card_utils.h-add-missing-include.patch
	asoc-sof-intel-broadwell-clarify-mutual-exclusion-with-legacy-driver.patch
	btrfs-simplify-inode-locking-for-rwf_nowait.patch
	hsr-fix-slab-out-of-bounds-read-in-hsr_debugfs_rename.patch
	netfilter-nf_tables_offload-release-flow_rule-on-error-from-commit-path.patch
	netfilter-nft_meta-use-64-bit-time-arithmetic.patch

diff --git a/queue-5.4/asoc-core-fix-compile-warning-with-config_debug_fs-n.patch b/queue-5.4/asoc-core-fix-compile-warning-with-config_debug_fs-n.patch
new file mode 100644 (file)
index 0000000..d8fee45
--- /dev/null
+++ b/queue-5.4/asoc-core-fix-compile-warning-with-config_debug_fs-n.patch
@@ -0,0 +1,37 @@
+From bd0b609e0c3362cb167c51d4bd4330d79fc00987 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Thu, 7 Nov 2019 14:48:33 +0100
+Subject: ASoC: core: Fix compile warning with CONFIG_DEBUG_FS=n
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Takashi Iwai <tiwai@suse.de>
+
+commit bd0b609e0c3362cb167c51d4bd4330d79fc00987 upstream.
+
+Paper over a compile warning:
+  sound/soc/soc-pcm.c:1185:8: warning: unused variable ‘name’
+
+Fixes: 0632fa042541 ("ASoC: core: Fix pcm code debugfs error")
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Link: https://lore.kernel.org/r/20191107134833.1502-1-tiwai@suse.de
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/soc-pcm.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/sound/soc/soc-pcm.c
++++ b/sound/soc/soc-pcm.c
+@@ -1148,7 +1148,9 @@ static int dpcm_be_connect(struct snd_so
+ {
+       struct snd_soc_dpcm *dpcm;
+       unsigned long flags;
++#ifdef CONFIG_DEBUG_FS
+       char *name;
++#endif
+ 
+       /* only add new dpcms */
+       for_each_dpcm_be(fe, stream, dpcm) {

diff --git a/queue-5.4/asoc-dt-bindings-mt8183-add-missing-update.patch b/queue-5.4/asoc-dt-bindings-mt8183-add-missing-update.patch
new file mode 100644 (file)
index 0000000..0c92f2a
--- /dev/null
+++ b/queue-5.4/asoc-dt-bindings-mt8183-add-missing-update.patch
@@ -0,0 +1,36 @@
+From 7cf2804775f8a388411624b3e768e55d08711e9d Mon Sep 17 00:00:00 2001
+From: Tzung-Bi Shih <tzungbi@google.com>
+Date: Fri, 20 Sep 2019 19:23:20 +0800
+Subject: ASoC: dt-bindings: mt8183: add missing update
+
+From: Tzung-Bi Shih <tzungbi@google.com>
+
+commit 7cf2804775f8a388411624b3e768e55d08711e9d upstream.
+
+Headset codec is optional.  Add missing update to DT binding document.
+
+Fixes: a962a809e5e4 ("ASoC: mediatek: mt8183: make headset codec optional")
+Signed-off-by: Tzung-Bi Shih <tzungbi@google.com>
+Link: https://lore.kernel.org/r/20190920112320.166052-1-tzungbi@google.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ Documentation/devicetree/bindings/sound/mt8183-mt6358-ts3a227-max98357.txt |    4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/Documentation/devicetree/bindings/sound/mt8183-mt6358-ts3a227-max98357.txt
++++ b/Documentation/devicetree/bindings/sound/mt8183-mt6358-ts3a227-max98357.txt
+@@ -2,9 +2,11 @@ MT8183 with MT6358, TS3A227 and MAX98357
+ 
+ Required properties:
+ - compatible : "mediatek,mt8183_mt6358_ts3a227_max98357"
+-- mediatek,headset-codec: the phandles of ts3a227 codecs
+ - mediatek,platform: the phandle of MT8183 ASoC platform
+ 
++Optional properties:
++- mediatek,headset-codec: the phandles of ts3a227 codecs
++
+ Example:
+ 
+       sound {

diff --git a/queue-5.4/asoc-fsl_esai-add-spin-lock-to-protect-reset-stop-and-start.patch b/queue-5.4/asoc-fsl_esai-add-spin-lock-to-protect-reset-stop-and-start.patch
new file mode 100644 (file)
index 0000000..799284f
--- /dev/null
+++ b/queue-5.4/asoc-fsl_esai-add-spin-lock-to-protect-reset-stop-and-start.patch
@@ -0,0 +1,100 @@
+From 35dac627471938eda89fa39ee4ead1f7667e0f57 Mon Sep 17 00:00:00 2001
+From: Shengjiu Wang <shengjiu.wang@nxp.com>
+Date: Mon, 28 Oct 2019 17:11:05 +0800
+Subject: ASoC: fsl_esai: Add spin lock to protect reset, stop and start
+
+From: Shengjiu Wang <shengjiu.wang@nxp.com>
+
+commit 35dac627471938eda89fa39ee4ead1f7667e0f57 upstream.
+
+xrun may happen at the end of stream, the
+trigger->fsl_esai_trigger_stop maybe called in the middle of
+fsl_esai_hw_reset, this may cause esai in wrong state
+after stop, and there may be endless xrun interrupt.
+
+This issue may also happen with trigger->fsl_esai_trigger_start.
+
+So Add spin lock to lock those functions.
+
+Fixes: 7ccafa2b3879 ("ASoC: fsl_esai: recover the channel swap after xrun")
+Signed-off-by: Shengjiu Wang <shengjiu.wang@nxp.com>
+Acked-by: Nicolin Chen <nicoleotsuka@gmail.com>
+Link: https://lore.kernel.org/r/52e92c4221a83e39a84a6cd92fc3d5479b44894c.1572252321.git.shengjiu.wang@nxp.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/fsl/fsl_esai.c |   12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/sound/soc/fsl/fsl_esai.c
++++ b/sound/soc/fsl/fsl_esai.c
+@@ -33,6 +33,7 @@
+  * @fsysclk: system clock source to derive HCK, SCK and FS
+  * @spbaclk: SPBA clock (optional, depending on SoC design)
+  * @task: tasklet to handle the reset operation
++ * @lock: spin lock between hw_reset() and trigger()
+  * @fifo_depth: depth of tx/rx FIFO
+  * @slot_width: width of each DAI slot
+  * @slots: number of slots
+@@ -56,6 +57,7 @@ struct fsl_esai {
+       struct clk *fsysclk;
+       struct clk *spbaclk;
+       struct tasklet_struct task;
++      spinlock_t lock; /* Protect hw_reset and trigger */
+       u32 fifo_depth;
+       u32 slot_width;
+       u32 slots;
+@@ -676,8 +678,10 @@ static void fsl_esai_hw_reset(unsigned l
+ {
+       struct fsl_esai *esai_priv = (struct fsl_esai *)arg;
+       bool tx = true, rx = false, enabled[2];
++      unsigned long lock_flags;
+       u32 tfcr, rfcr;
+ 
++      spin_lock_irqsave(&esai_priv->lock, lock_flags);
+       /* Save the registers */
+       regmap_read(esai_priv->regmap, REG_ESAI_TFCR, &tfcr);
+       regmap_read(esai_priv->regmap, REG_ESAI_RFCR, &rfcr);
+@@ -715,6 +719,8 @@ static void fsl_esai_hw_reset(unsigned l
+               fsl_esai_trigger_start(esai_priv, tx);
+       if (enabled[rx])
+               fsl_esai_trigger_start(esai_priv, rx);
++
++      spin_unlock_irqrestore(&esai_priv->lock, lock_flags);
+ }
+ 
+ static int fsl_esai_trigger(struct snd_pcm_substream *substream, int cmd,
+@@ -722,6 +728,7 @@ static int fsl_esai_trigger(struct snd_p
+ {
+       struct fsl_esai *esai_priv = snd_soc_dai_get_drvdata(dai);
+       bool tx = substream->stream == SNDRV_PCM_STREAM_PLAYBACK;
++      unsigned long lock_flags;
+ 
+       esai_priv->channels[tx] = substream->runtime->channels;
+ 
+@@ -729,12 +736,16 @@ static int fsl_esai_trigger(struct snd_p
+       case SNDRV_PCM_TRIGGER_START:
+       case SNDRV_PCM_TRIGGER_RESUME:
+       case SNDRV_PCM_TRIGGER_PAUSE_RELEASE:
++              spin_lock_irqsave(&esai_priv->lock, lock_flags);
+               fsl_esai_trigger_start(esai_priv, tx);
++              spin_unlock_irqrestore(&esai_priv->lock, lock_flags);
+               break;
+       case SNDRV_PCM_TRIGGER_SUSPEND:
+       case SNDRV_PCM_TRIGGER_STOP:
+       case SNDRV_PCM_TRIGGER_PAUSE_PUSH:
++              spin_lock_irqsave(&esai_priv->lock, lock_flags);
+               fsl_esai_trigger_stop(esai_priv, tx);
++              spin_unlock_irqrestore(&esai_priv->lock, lock_flags);
+               break;
+       default:
+               return -EINVAL;
+@@ -1002,6 +1013,7 @@ static int fsl_esai_probe(struct platfor
+ 
+       dev_set_drvdata(&pdev->dev, esai_priv);
+ 
++      spin_lock_init(&esai_priv->lock);
+       ret = fsl_esai_hw_init(esai_priv);
+       if (ret)
+               return ret;

diff --git a/queue-5.4/asoc-rsnd-fix-dalign-register-for-ssiu.patch b/queue-5.4/asoc-rsnd-fix-dalign-register-for-ssiu.patch
new file mode 100644 (file)
index 0000000..18762c8
--- /dev/null
+++ b/queue-5.4/asoc-rsnd-fix-dalign-register-for-ssiu.patch
@@ -0,0 +1,72 @@
+From ef8e14794308a428b194f8b06ad9ae06b43466e4 Mon Sep 17 00:00:00 2001
+From: Nilkanth Ahirrao <anilkanth@jp.adit-jv.com>
+Date: Thu, 21 Nov 2019 12:10:23 +0100
+Subject: ASoC: rsnd: fix DALIGN register for SSIU
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Nilkanth Ahirrao <anilkanth@jp.adit-jv.com>
+
+commit ef8e14794308a428b194f8b06ad9ae06b43466e4 upstream.
+
+The current driver only sets 0x76543210 and 0x67452301 for DALIGN.
+This doesn’t work well for TDM split and ex-split mode for all SSIU.
+This patch programs the DALIGN registers based on the SSIU number.
+
+Cc: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
+Cc: Jiada Wang <jiada_wang@mentor.com>
+Cc: Andrew Gabbasov <andrew_gabbasov@mentor.com>
+Fixes: a914e44693d41b ("ASoC: rsnd: more clear rsnd_get_dalign() for DALIGN")
+Signed-off-by: Nilkanth Ahirrao <anilkanth@jp.adit-jv.com>
+Signed-off-by: Eugeniu Rosca <erosca@de.adit-jv.com>
+Acked-by: Kuninori Morimoto <kuninori.morimoto.gx@renesas.com>
+Link: https://lore.kernel.org/r/20191121111023.10976-1-erosca@de.adit-jv.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/sh/rcar/core.c |   20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+--- a/sound/soc/sh/rcar/core.c
++++ b/sound/soc/sh/rcar/core.c
+@@ -376,6 +376,17 @@ u32 rsnd_get_adinr_bit(struct rsnd_mod *
+  */
+ u32 rsnd_get_dalign(struct rsnd_mod *mod, struct rsnd_dai_stream *io)
+ {
++      static const u32 dalign_values[8][2] = {
++              {0x76543210, 0x67452301},
++              {0x00000032, 0x00000023},
++              {0x00007654, 0x00006745},
++              {0x00000076, 0x00000067},
++              {0xfedcba98, 0xefcdab89},
++              {0x000000ba, 0x000000ab},
++              {0x0000fedc, 0x0000efcd},
++              {0x000000fe, 0x000000ef},
++      };
++      int id = 0, inv;
+       struct rsnd_mod *ssiu = rsnd_io_to_mod_ssiu(io);
+       struct rsnd_mod *target;
+       struct snd_pcm_runtime *runtime = rsnd_io_to_runtime(io);
+@@ -411,13 +422,18 @@ u32 rsnd_get_dalign(struct rsnd_mod *mod
+               target = cmd ? cmd : ssiu;
+       }
+ 
++      if (mod == ssiu)
++              id = rsnd_mod_id_sub(mod);
++
+       /* Non target mod or non 16bit needs normal DALIGN */
+       if ((snd_pcm_format_width(runtime->format) != 16) ||
+           (mod != target))
+-              return 0x76543210;
++              inv = 0;
+       /* Target mod needs inverted DALIGN when 16bit */
+       else
+-              return 0x67452301;
++              inv = 1;
++
++      return dalign_values[id][inv];
+ }
+ 
+ u32 rsnd_get_busif_shift(struct rsnd_dai_stream *io, struct rsnd_mod *mod)

diff --git a/queue-5.4/asoc-simple_card_utils.h-add-missing-include.patch b/queue-5.4/asoc-simple_card_utils.h-add-missing-include.patch
new file mode 100644 (file)
index 0000000..4dc9154
--- /dev/null
+++ b/queue-5.4/asoc-simple_card_utils.h-add-missing-include.patch
@@ -0,0 +1,44 @@
+From 4bbee14d8e5487e3d2662138e3767cf4678cdf57 Mon Sep 17 00:00:00 2001
+From: Daniel Baluta <daniel.baluta@nxp.com>
+Date: Wed, 9 Oct 2019 18:36:14 +0300
+Subject: ASoC: simple_card_utils.h: Add missing include
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Daniel Baluta <daniel.baluta@nxp.com>
+
+commit 4bbee14d8e5487e3d2662138e3767cf4678cdf57 upstream.
+
+When debug is enabled compiler cannot find the definition of
+clk_get_rate resulting in the following error:
+
+./include/sound/simple_card_utils.h:168:40: note: previous implicit
+declaration of ‘clk_get_rate’ was here
+   dev_dbg(dev, "%s clk %luHz\n", name, clk_get_rate(dai->clk));
+./include/sound/simple_card_utils.h:168:3: note: in expansion of macro
+‘dev_dbg’
+   dev_dbg(dev, "%s clk %luHz\n", name, clk_get_rate(dai->clk));
+
+Fix this by including the appropriate header.
+
+Fixes: 0580dde59438686d ("ASoC: simple-card-utils: add asoc_simple_debug_info()")
+Signed-off-by: Daniel Baluta <daniel.baluta@nxp.com>
+Link: https://lore.kernel.org/r/20191009153615.32105-2-daniel.baluta@nxp.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ include/sound/simple_card_utils.h |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/include/sound/simple_card_utils.h
++++ b/include/sound/simple_card_utils.h
+@@ -8,6 +8,7 @@
+ #ifndef __SIMPLE_CARD_UTILS_H
+ #define __SIMPLE_CARD_UTILS_H
+ 
++#include <linux/clk.h>
+ #include <sound/soc.h>
+ 
+ #define asoc_simple_init_hp(card, sjack, prefix) \

diff --git a/queue-5.4/asoc-sof-intel-broadwell-clarify-mutual-exclusion-with-legacy-driver.patch b/queue-5.4/asoc-sof-intel-broadwell-clarify-mutual-exclusion-with-legacy-driver.patch
new file mode 100644 (file)
index 0000000..6b412c1
--- /dev/null
+++ b/queue-5.4/asoc-sof-intel-broadwell-clarify-mutual-exclusion-with-legacy-driver.patch
@@ -0,0 +1,62 @@
+From a6955fe0e2309feeab5ec71e4b0dcbe498f4f497 Mon Sep 17 00:00:00 2001
+From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Date: Fri, 1 Nov 2019 12:30:36 -0500
+Subject: ASoC: SOF: Intel: Broadwell: clarify mutual exclusion with legacy driver
+
+From: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+
+commit a6955fe0e2309feeab5ec71e4b0dcbe498f4f497 upstream.
+
+Some distros select all options blindly, which leads to confusion and
+bug reports. SOF does not fully support Broadwell due to firmware
+dependencies, the machine drivers can only support one option, and
+UCM/topology files are still being propagated to downstream distros,
+so make SOF on Broadwell an opt-in option that first require distros
+to opt-out of existing defaults.
+
+Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=204237
+Fixes: f35bf70f61d3 ('ASoC: Intel: Make sure BDW based machine drivers build for SOF')
+Signed-off-by: Pierre-Louis Bossart <pierre-louis.bossart@linux.intel.com>
+Link: https://lore.kernel.org/r/20191101173045.27099-3-pierre-louis.bossart@linux.intel.com
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/soc/intel/Kconfig     |    3 +++
+ sound/soc/sof/intel/Kconfig |   10 +++++++++-
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+--- a/sound/soc/intel/Kconfig
++++ b/sound/soc/intel/Kconfig
+@@ -59,6 +59,9 @@ config SND_SOC_INTEL_HASWELL
+         If you have a Intel Haswell or Broadwell platform connected to
+         an I2S codec, then enable this option by saying Y or m. This is
+         typically used for Chromebooks. This is a recommended option.
++        This option is mutually exclusive with the SOF support on
++        Broadwell. If you want to enable SOF on Broadwell, you need to
++        deselect this option first.
+ 
+ config SND_SOC_INTEL_BAYTRAIL
+       tristate "Baytrail (legacy) Platforms"
+--- a/sound/soc/sof/intel/Kconfig
++++ b/sound/soc/sof/intel/Kconfig
+@@ -76,10 +76,18 @@ config SND_SOC_SOF_BAYTRAIL
+ 
+ config SND_SOC_SOF_BROADWELL_SUPPORT
+       bool "SOF support for Broadwell"
++      depends on SND_SOC_INTEL_HASWELL=n
+       help
+         This adds support for Sound Open Firmware for Intel(R) platforms
+         using the Broadwell processors.
+-        Say Y if you have such a device.
++        This option is mutually exclusive with the Haswell/Broadwell legacy
++        driver. If you want to enable SOF on Broadwell you need to deselect
++        the legacy driver first.
++        SOF does fully support Broadwell yet, so this option is not
++        recommended for distros. At some point all legacy drivers will be
++        deprecated but not before all userspace firmware/topology/UCM files
++        are made available to downstream distros.
++        Say Y if you want to enable SOF on Broadwell
+         If unsure select "N".
+ 
+ config SND_SOC_SOF_BROADWELL

diff --git a/queue-5.4/btrfs-simplify-inode-locking-for-rwf_nowait.patch b/queue-5.4/btrfs-simplify-inode-locking-for-rwf_nowait.patch
new file mode 100644 (file)
index 0000000..2e72172
--- /dev/null
+++ b/queue-5.4/btrfs-simplify-inode-locking-for-rwf_nowait.patch
@@ -0,0 +1,41 @@
+From 9cf35f673583ccc9f3e2507498b3079d56614ad3 Mon Sep 17 00:00:00 2001
+From: Goldwyn Rodrigues <rgoldwyn@suse.com>
+Date: Wed, 11 Sep 2019 11:45:15 -0500
+Subject: btrfs: simplify inode locking for RWF_NOWAIT
+
+From: Goldwyn Rodrigues <rgoldwyn@suse.com>
+
+commit 9cf35f673583ccc9f3e2507498b3079d56614ad3 upstream.
+
+This is similar to 942491c9e6d6 ("xfs: fix AIM7 regression"). Apparently
+our current rwsem code doesn't like doing the trylock, then lock for
+real scheme. This causes extra contention on the lock and can be
+measured eg. by AIM7 benchmark.  So change our read/write methods to
+just do the trylock for the RWF_NOWAIT case.
+
+Fixes: edf064e7c6fe ("btrfs: nowait aio support")
+Signed-off-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
+Reviewed-by: David Sterba <dsterba@suse.com>
+[ update changelog ]
+Signed-off-by: David Sterba <dsterba@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/btrfs/file.c |    5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+--- a/fs/btrfs/file.c
++++ b/fs/btrfs/file.c
+@@ -1903,9 +1903,10 @@ static ssize_t btrfs_file_write_iter(str
+           (iocb->ki_flags & IOCB_NOWAIT))
+               return -EOPNOTSUPP;
+ 
+-      if (!inode_trylock(inode)) {
+-              if (iocb->ki_flags & IOCB_NOWAIT)
++      if (iocb->ki_flags & IOCB_NOWAIT) {
++              if (!inode_trylock(inode))
+                       return -EAGAIN;
++      } else {
+               inode_lock(inode);
+       }
+ 

diff --git a/queue-5.4/hsr-fix-slab-out-of-bounds-read-in-hsr_debugfs_rename.patch b/queue-5.4/hsr-fix-slab-out-of-bounds-read-in-hsr_debugfs_rename.patch
new file mode 100644 (file)
index 0000000..8cef3d5
--- /dev/null
+++ b/queue-5.4/hsr-fix-slab-out-of-bounds-read-in-hsr_debugfs_rename.patch
@@ -0,0 +1,72 @@
+From 04b69426d846cd04ca9acefff1ea39e1c64d2714 Mon Sep 17 00:00:00 2001
+From: Taehee Yoo <ap420073@gmail.com>
+Date: Sat, 28 Dec 2019 16:28:09 +0000
+Subject: hsr: fix slab-out-of-bounds Read in hsr_debugfs_rename()
+
+From: Taehee Yoo <ap420073@gmail.com>
+
+commit 04b69426d846cd04ca9acefff1ea39e1c64d2714 upstream.
+
+hsr slave interfaces don't have debugfs directory.
+So, hsr_debugfs_rename() shouldn't be called when hsr slave interface name
+is changed.
+
+Test commands:
+    ip link add dummy0 type dummy
+    ip link add dummy1 type dummy
+    ip link add hsr0 type hsr slave1 dummy0 slave2 dummy1
+    ip link set dummy0 name ap
+
+Splat looks like:
+[21071.899367][T22666] ap: renamed from dummy0
+[21071.914005][T22666] ==================================================================
+[21071.919008][T22666] BUG: KASAN: slab-out-of-bounds in hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.923640][T22666] Read of size 8 at addr ffff88805febcd98 by task ip/22666
+[21071.926941][T22666]
+[21071.927750][T22666] CPU: 0 PID: 22666 Comm: ip Not tainted 5.5.0-rc2+ #240
+[21071.929919][T22666] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+[21071.935094][T22666] Call Trace:
+[21071.935867][T22666]  dump_stack+0x96/0xdb
+[21071.936687][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.937774][T22666]  print_address_description.constprop.5+0x1be/0x360
+[21071.939019][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.940081][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.940949][T22666]  __kasan_report+0x12a/0x16f
+[21071.941758][T22666]  ? hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.942674][T22666]  kasan_report+0xe/0x20
+[21071.943325][T22666]  hsr_debugfs_rename+0xaa/0xb0 [hsr]
+[21071.944187][T22666]  hsr_netdev_notify+0x1fe/0x9b0 [hsr]
+[21071.945052][T22666]  ? __module_text_address+0x13/0x140
+[21071.945897][T22666]  notifier_call_chain+0x90/0x160
+[21071.946743][T22666]  dev_change_name+0x419/0x840
+[21071.947496][T22666]  ? __read_once_size_nocheck.constprop.6+0x10/0x10
+[21071.948600][T22666]  ? netdev_adjacent_rename_links+0x280/0x280
+[21071.949577][T22666]  ? __read_once_size_nocheck.constprop.6+0x10/0x10
+[21071.950672][T22666]  ? lock_downgrade+0x6e0/0x6e0
+[21071.951345][T22666]  ? do_setlink+0x811/0x2ef0
+[21071.951991][T22666]  do_setlink+0x811/0x2ef0
+[21071.952613][T22666]  ? is_bpf_text_address+0x81/0xe0
+[ ... ]
+
+Reported-by: syzbot+9328206518f08318a5fd@syzkaller.appspotmail.com
+Fixes: 4c2d5e33dcd3 ("hsr: rename debugfs file when interface name is changed")
+Signed-off-by: Taehee Yoo <ap420073@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/hsr/hsr_main.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/hsr/hsr_main.c
++++ b/net/hsr/hsr_main.c
+@@ -46,7 +46,8 @@ static int hsr_netdev_notify(struct noti
+               hsr_check_carrier_and_operstate(hsr);
+               break;
+       case NETDEV_CHANGENAME:
+-              hsr_debugfs_rename(dev);
++              if (is_hsr_master(dev))
++                      hsr_debugfs_rename(dev);
+               break;
+       case NETDEV_CHANGEADDR:
+               if (port->type == HSR_PT_MASTER) {

diff --git a/queue-5.4/netfilter-nf_tables_offload-release-flow_rule-on-error-from-commit-path.patch b/queue-5.4/netfilter-nf_tables_offload-release-flow_rule-on-error-from-commit-path.patch
new file mode 100644 (file)
index 0000000..e41e271
--- /dev/null
+++ b/queue-5.4/netfilter-nf_tables_offload-release-flow_rule-on-error-from-commit-path.patch
@@ -0,0 +1,65 @@
+From 23403cd8898dbc9808d3eb2f63bc1db8a340b751 Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Thu, 14 Nov 2019 14:17:24 +0100
+Subject: netfilter: nf_tables_offload: release flow_rule on error from commit path
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 23403cd8898dbc9808d3eb2f63bc1db8a340b751 upstream.
+
+If hardware offload commit path fails, release all flow_rule objects.
+
+Fixes: c9626a2cbdb2 ("netfilter: nf_tables: add hardware offload support")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nf_tables_offload.c |   26 +++++++++++++++++++++-----
+ 1 file changed, 21 insertions(+), 5 deletions(-)
+
+--- a/net/netfilter/nf_tables_offload.c
++++ b/net/netfilter/nf_tables_offload.c
+@@ -358,14 +358,14 @@ int nft_flow_rule_offload_commit(struct
+                               continue;
+ 
+                       if (trans->ctx.flags & NLM_F_REPLACE ||
+-                          !(trans->ctx.flags & NLM_F_APPEND))
+-                              return -EOPNOTSUPP;
+-
++                          !(trans->ctx.flags & NLM_F_APPEND)) {
++                              err = -EOPNOTSUPP;
++                              break;
++                      }
+                       err = nft_flow_offload_rule(trans->ctx.chain,
+                                                   nft_trans_rule(trans),
+                                                   nft_trans_flow_rule(trans),
+                                                   FLOW_CLS_REPLACE);
+-                      nft_flow_rule_destroy(nft_trans_flow_rule(trans));
+                       break;
+               case NFT_MSG_DELRULE:
+                       if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
+@@ -379,7 +379,23 @@ int nft_flow_rule_offload_commit(struct
+               }
+ 
+               if (err)
+-                      return err;
++                      break;
++      }
++
++      list_for_each_entry(trans, &net->nft.commit_list, list) {
++              if (trans->ctx.family != NFPROTO_NETDEV)
++                      continue;
++
++              switch (trans->msg_type) {
++              case NFT_MSG_NEWRULE:
++                      if (!(trans->ctx.chain->flags & NFT_CHAIN_HW_OFFLOAD))
++                              continue;
++
++                      nft_flow_rule_destroy(nft_trans_flow_rule(trans));
++                      break;
++              default:
++                      break;
++              }
+       }
+ 
+       return err;

diff --git a/queue-5.4/netfilter-nft_meta-use-64-bit-time-arithmetic.patch b/queue-5.4/netfilter-nft_meta-use-64-bit-time-arithmetic.patch
new file mode 100644 (file)
index 0000000..d1ade13
--- /dev/null
+++ b/queue-5.4/netfilter-nft_meta-use-64-bit-time-arithmetic.patch
@@ -0,0 +1,69 @@
+From 6408c40c39d8eee5caaf97f5219b7dd4e041cc59 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Fri, 8 Nov 2019 22:32:47 +0100
+Subject: netfilter: nft_meta: use 64-bit time arithmetic
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 6408c40c39d8eee5caaf97f5219b7dd4e041cc59 upstream.
+
+On 32-bit architectures, get_seconds() returns an unsigned 32-bit
+time value, which also matches the type used in the nft_meta
+code. This will not overflow in year 2038 as a time_t would, but
+it still suffers from the overflow problem later on in year 2106.
+
+Change this instance to use the time64_t type consistently
+and avoid the deprecated get_seconds().
+
+The nft_meta_weekday() calculation potentially gets a little slower
+on 32-bit architectures, but now it has the same behavior as on
+64-bit architectures and does not overflow.
+
+Fixes: 63d10e12b00d ("netfilter: nft_meta: support for time matching")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Acked-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_meta.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+--- a/net/netfilter/nft_meta.c
++++ b/net/netfilter/nft_meta.c
+@@ -33,19 +33,19 @@
+ 
+ static DEFINE_PER_CPU(struct rnd_state, nft_prandom_state);
+ 
+-static u8 nft_meta_weekday(unsigned long secs)
++static u8 nft_meta_weekday(time64_t secs)
+ {
+       unsigned int dse;
+       u8 wday;
+ 
+       secs -= NFT_META_SECS_PER_MINUTE * sys_tz.tz_minuteswest;
+-      dse = secs / NFT_META_SECS_PER_DAY;
++      dse = div_u64(secs, NFT_META_SECS_PER_DAY);
+       wday = (4 + dse) % NFT_META_DAYS_PER_WEEK;
+ 
+       return wday;
+ }
+ 
+-static u32 nft_meta_hour(unsigned long secs)
++static u32 nft_meta_hour(time64_t secs)
+ {
+       struct tm tm;
+ 
+@@ -250,10 +250,10 @@ void nft_meta_get_eval(const struct nft_
+               nft_reg_store64(dest, ktime_get_real_ns());
+               break;
+       case NFT_META_TIME_DAY:
+-              nft_reg_store8(dest, nft_meta_weekday(get_seconds()));
++              nft_reg_store8(dest, nft_meta_weekday(ktime_get_real_seconds()));
+               break;
+       case NFT_META_TIME_HOUR:
+-              *dest = nft_meta_hour(get_seconds());
++              *dest = nft_meta_hour(ktime_get_real_seconds());
+               break;
+       default:
+               WARN_ON(1);

diff --git a/queue-5.4/series b/queue-5.4/series
index 190618b175c8523678eca21e3d05e0296c64d045..8b7b1195f46ba2ac66ad2baed78ad978f11b934f 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -48,3 +48,13 @@ syscalls-x86-wire-up-compat_syscall_define0.patch
 syscalls-x86-use-compat_syscall_define0-for-ia32-rt_-sigreturn.patch
 syscalls-x86-use-the-correct-function-type-for-sys_ni_syscall.patch
 syscalls-x86-fix-function-types-in-cond_syscall.patch
+hsr-fix-slab-out-of-bounds-read-in-hsr_debugfs_rename.patch
+btrfs-simplify-inode-locking-for-rwf_nowait.patch
+netfilter-nf_tables_offload-release-flow_rule-on-error-from-commit-path.patch
+netfilter-nft_meta-use-64-bit-time-arithmetic.patch
+asoc-dt-bindings-mt8183-add-missing-update.patch
+asoc-simple_card_utils.h-add-missing-include.patch
+asoc-fsl_esai-add-spin-lock-to-protect-reset-stop-and-start.patch
+asoc-sof-intel-broadwell-clarify-mutual-exclusion-with-legacy-driver.patch
+asoc-core-fix-compile-warning-with-config_debug_fs-n.patch
+asoc-rsnd-fix-dalign-register-for-ssiu.patch