--- /dev/null
+From a4cb6e62ea4d36e53fb3c0f18ea4503d7b76674f Mon Sep 17 00:00:00 2001
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+Date: Mon, 1 Aug 2022 22:47:16 +0200
+Subject: can: ems_usb: fix clang's -Wunaligned-access warning
+
+From: Marc Kleine-Budde <mkl@pengutronix.de>
+
+commit a4cb6e62ea4d36e53fb3c0f18ea4503d7b76674f upstream.
+
+clang emits a -Wunaligned-access warning on struct __packed
+ems_cpc_msg.
+
+The reason is that the anonymous union msg (not declared as packed) is
+being packed right after some non naturally aligned variables (3*8
+bits + 2*32) inside a packed struct:
+
+| struct __packed ems_cpc_msg {
+| u8 type; /* type of message */
+| u8 length; /* length of data within union 'msg' */
+| u8 msgid; /* confirmation handle */
+| __le32 ts_sec; /* timestamp in seconds */
+| __le32 ts_nsec; /* timestamp in nano seconds */
+| /* ^ not naturally aligned */
+|
+| union {
+| /* ^ not declared as packed */
+| u8 generic[64];
+| struct cpc_can_msg can_msg;
+| struct cpc_can_params can_params;
+| struct cpc_confirm confirmation;
+| struct cpc_overrun overrun;
+| struct cpc_can_error error;
+| struct cpc_can_err_counter err_counter;
+| u8 can_state;
+| } msg;
+| };
+
+Starting from LLVM 14, having an unpacked struct nested in a packed
+struct triggers a warning. c.f. [1].
+
+Fix the warning by marking the anonymous union as packed.
+
+[1] https://github.com/llvm/llvm-project/issues/55520
+
+Fixes: 702171adeed3 ("ems_usb: Added support for EMS CPC-USB/ARM7 CAN/USB interface")
+Link: https://lore.kernel.org/all/20220802094021.959858-1-mkl@pengutronix.de
+Cc: Gerhard Uttenthaler <uttenthaler@ems-wuensche.com>
+Cc: Sebastian Haas <haas@ems-wuensche.com>
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/can/usb/ems_usb.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/can/usb/ems_usb.c
++++ b/drivers/net/can/usb/ems_usb.c
+@@ -206,7 +206,7 @@ struct __packed ems_cpc_msg {
+ __le32 ts_sec; /* timestamp in seconds */
+ __le32 ts_nsec; /* timestamp in nano seconds */
+
+- union {
++ union __packed {
+ u8 generic[64];
+ struct cpc_can_msg can_msg;
+ struct cpc_can_params can_params;
--- /dev/null
+From e35a5e782f67ed76a65ad0f23a484444a95f000f Mon Sep 17 00:00:00 2001
+From: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
+Date: Wed, 27 Jul 2022 18:01:07 +0800
+Subject: NFSv4.1: RECLAIM_COMPLETE must handle EACCES
+
+From: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
+
+commit e35a5e782f67ed76a65ad0f23a484444a95f000f upstream.
+
+A client should be able to handle getting an EACCES error while doing
+a mount operation to reclaim state due to NFS4CLNT_RECLAIM_REBOOT
+being set. If the server returns RPC_AUTH_BADCRED because authentication
+failed when we execute "exportfs -au", then RECLAIM_COMPLETE will go a
+wrong way. After mount succeeds, all OPEN call will fail due to an
+NFS4ERR_GRACE error being returned. This patch is to fix it by resending
+a RPC request.
+
+Signed-off-by: Zhang Xianwei <zhang.xianwei8@zte.com.cn>
+Signed-off-by: Yi Wang <wang.yi59@zte.com.cn>
+Fixes: aa5190d0ed7d ("NFSv4: Kill nfs4_async_handle_error() abuses by NFSv4.1")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/nfs4proc.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -8229,6 +8229,9 @@ static int nfs41_reclaim_complete_handle
+ rpc_delay(task, NFS4_POLL_RETRY_MAX);
+ /* fall through */
+ case -NFS4ERR_RETRY_UNCACHED_REP:
++ case -EACCES:
++ dprintk("%s: failed to reclaim complete error %d for server %s, retrying\n",
++ __func__, task->tk_status, clp->cl_hostname);
+ return -EAGAIN;
+ case -NFS4ERR_BADSESSION:
+ case -NFS4ERR_DEADSESSION:
--- /dev/null
+From 4b32e054335ea0ce50967f63a7bfd4db058b14b9 Mon Sep 17 00:00:00 2001
+From: Miaoqian Lin <linmq006@gmail.com>
+Date: Tue, 7 Jun 2022 15:16:01 +0400
+Subject: pinctrl: nomadik: Fix refcount leak in nmk_pinctrl_dt_subnode_to_map
+
+From: Miaoqian Lin <linmq006@gmail.com>
+
+commit 4b32e054335ea0ce50967f63a7bfd4db058b14b9 upstream.
+
+of_parse_phandle() returns a node pointer with refcount
+incremented, we should use of_node_put() on it when not need anymore.
+Add missing of_node_put() to avoid refcount leak."
+
+Fixes: c2f6d059abfc ("pinctrl: nomadik: refactor DT parser to take two paths")
+Signed-off-by: Miaoqian Lin <linmq006@gmail.com>
+Link: https://lore.kernel.org/r/20220607111602.57355-1-linmq006@gmail.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/nomadik/pinctrl-nomadik.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/pinctrl/nomadik/pinctrl-nomadik.c
++++ b/drivers/pinctrl/nomadik/pinctrl-nomadik.c
+@@ -1455,8 +1455,10 @@ static int nmk_pinctrl_dt_subnode_to_map
+
+ has_config = nmk_pinctrl_dt_get_config(np, &configs);
+ np_config = of_parse_phandle(np, "ste,config", 0);
+- if (np_config)
++ if (np_config) {
+ has_config |= nmk_pinctrl_dt_get_config(np_config, &configs);
++ of_node_put(np_config);
++ }
+ if (has_config) {
+ const char *gpio_name;
+ const char *pin;
--- /dev/null
+From 44339391c666e46cba522d19c65a6ad1071c68b7 Mon Sep 17 00:00:00 2001
+From: Nikita Travkin <nikita@trvn.ru>
+Date: Sun, 12 Jun 2022 19:59:54 +0500
+Subject: pinctrl: qcom: msm8916: Allow CAMSS GP clocks to be muxed
+
+From: Nikita Travkin <nikita@trvn.ru>
+
+commit 44339391c666e46cba522d19c65a6ad1071c68b7 upstream.
+
+GPIO 31, 32 can be muxed to GCC_CAMSS_GP(1,2)_CLK respectively but the
+function was never assigned to the pingroup (even though the function
+exists already).
+
+Add this mode to the related pins.
+
+Fixes: 5373a2c5abb6 ("pinctrl: qcom: Add msm8916 pinctrl driver")
+Signed-off-by: Nikita Travkin <nikita@trvn.ru>
+Link: https://lore.kernel.org/r/20220612145955.385787-4-nikita@trvn.ru
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/qcom/pinctrl-msm8916.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/pinctrl/qcom/pinctrl-msm8916.c
++++ b/drivers/pinctrl/qcom/pinctrl-msm8916.c
+@@ -852,8 +852,8 @@ static const struct msm_pingroup msm8916
+ PINGROUP(28, pwr_modem_enabled_a, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac),
+ PINGROUP(29, cci_i2c, NA, NA, NA, NA, NA, qdss_tracedata_b, NA, atest_combodac),
+ PINGROUP(30, cci_i2c, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
+- PINGROUP(31, cci_timer0, NA, NA, NA, NA, NA, NA, NA, NA),
+- PINGROUP(32, cci_timer1, NA, NA, NA, NA, NA, NA, NA, NA),
++ PINGROUP(31, cci_timer0, flash_strobe, NA, NA, NA, NA, NA, NA, NA),
++ PINGROUP(32, cci_timer1, flash_strobe, NA, NA, NA, NA, NA, NA, NA),
+ PINGROUP(33, cci_async, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
+ PINGROUP(34, pwr_nav_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
+ PINGROUP(35, pwr_crypto_enabled_a, NA, NA, NA, NA, NA, NA, NA, qdss_tracedata_b),
rds-add-missing-barrier-to-release_refill.patch
ata-libata-eh-add-missing-command-name.patch
btrfs-fix-lost-error-handling-when-looking-up-extended-ref-on-log-replay.patch
+can-ems_usb-fix-clang-s-wunaligned-access-warning.patch
+nfsv4.1-reclaim_complete-must-handle-eacces.patch
+sunrpc-reinitialise-the-backchannel-request-buffers-before-reuse.patch
+pinctrl-nomadik-fix-refcount-leak-in-nmk_pinctrl_dt_subnode_to_map.patch
+pinctrl-qcom-msm8916-allow-camss-gp-clocks-to-be-muxed.patch
+vsock-fix-memory-leak-in-vsock_connect.patch
--- /dev/null
+From 6622e3a73112fc336c1c2c582428fb5ef18e456a Mon Sep 17 00:00:00 2001
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+Date: Wed, 27 Jul 2022 12:27:54 -0400
+Subject: SUNRPC: Reinitialise the backchannel request buffers before reuse
+
+From: Trond Myklebust <trond.myklebust@hammerspace.com>
+
+commit 6622e3a73112fc336c1c2c582428fb5ef18e456a upstream.
+
+When we're reusing the backchannel requests instead of freeing them,
+then we should reinitialise any values of the send/receive xdr_bufs so
+that they reflect the available space.
+
+Fixes: 0d2a970d0ae5 ("SUNRPC: Fix a backchannel race")
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/sunrpc/backchannel_rqst.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+--- a/net/sunrpc/backchannel_rqst.c
++++ b/net/sunrpc/backchannel_rqst.c
+@@ -69,6 +69,17 @@ static void xprt_free_allocation(struct
+ kfree(req);
+ }
+
++static void xprt_bc_reinit_xdr_buf(struct xdr_buf *buf)
++{
++ buf->head[0].iov_len = PAGE_SIZE;
++ buf->tail[0].iov_len = 0;
++ buf->pages = NULL;
++ buf->page_len = 0;
++ buf->flags = 0;
++ buf->len = 0;
++ buf->buflen = PAGE_SIZE;
++}
++
+ static int xprt_alloc_xdr_buf(struct xdr_buf *buf, gfp_t gfp_flags)
+ {
+ struct page *page;
+@@ -291,6 +302,9 @@ void xprt_free_bc_rqst(struct rpc_rqst *
+ */
+ spin_lock_bh(&xprt->bc_pa_lock);
+ if (xprt_need_to_requeue(xprt)) {
++ xprt_bc_reinit_xdr_buf(&req->rq_snd_buf);
++ xprt_bc_reinit_xdr_buf(&req->rq_rcv_buf);
++ req->rq_rcv_buf.len = PAGE_SIZE;
+ list_add_tail(&req->rq_bc_pa_list, &xprt->bc_pa_list);
+ xprt->bc_alloc_count++;
+ req = NULL;
--- /dev/null
+From 7e97cfed9929eaabc41829c395eb0d1350fccb9d Mon Sep 17 00:00:00 2001
+From: Peilin Ye <peilin.ye@bytedance.com>
+Date: Mon, 8 Aug 2022 11:04:47 -0700
+Subject: vsock: Fix memory leak in vsock_connect()
+
+From: Peilin Ye <peilin.ye@bytedance.com>
+
+commit 7e97cfed9929eaabc41829c395eb0d1350fccb9d upstream.
+
+An O_NONBLOCK vsock_connect() request may try to reschedule
+@connect_work. Imagine the following sequence of vsock_connect()
+requests:
+
+ 1. The 1st, non-blocking request schedules @connect_work, which will
+ expire after 200 jiffies. Socket state is now SS_CONNECTING;
+
+ 2. Later, the 2nd, blocking request gets interrupted by a signal after
+ a few jiffies while waiting for the connection to be established.
+ Socket state is back to SS_UNCONNECTED, but @connect_work is still
+ pending, and will expire after 100 jiffies.
+
+ 3. Now, the 3rd, non-blocking request tries to schedule @connect_work
+ again. Since @connect_work is already scheduled,
+ schedule_delayed_work() silently returns. sock_hold() is called
+ twice, but sock_put() will only be called once in
+ vsock_connect_timeout(), causing a memory leak reported by syzbot:
+
+ BUG: memory leak
+ unreferenced object 0xffff88810ea56a40 (size 1232):
+ comm "syz-executor756", pid 3604, jiffies 4294947681 (age 12.350s)
+ hex dump (first 32 bytes):
+ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
+ 28 00 07 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............
+ backtrace:
+ [<ffffffff837c830e>] sk_prot_alloc+0x3e/0x1b0 net/core/sock.c:1930
+ [<ffffffff837cbe22>] sk_alloc+0x32/0x2e0 net/core/sock.c:1989
+ [<ffffffff842ccf68>] __vsock_create.constprop.0+0x38/0x320 net/vmw_vsock/af_vsock.c:734
+ [<ffffffff842ce8f1>] vsock_create+0xc1/0x2d0 net/vmw_vsock/af_vsock.c:2203
+ [<ffffffff837c0cbb>] __sock_create+0x1ab/0x2b0 net/socket.c:1468
+ [<ffffffff837c3acf>] sock_create net/socket.c:1519 [inline]
+ [<ffffffff837c3acf>] __sys_socket+0x6f/0x140 net/socket.c:1561
+ [<ffffffff837c3bba>] __do_sys_socket net/socket.c:1570 [inline]
+ [<ffffffff837c3bba>] __se_sys_socket net/socket.c:1568 [inline]
+ [<ffffffff837c3bba>] __x64_sys_socket+0x1a/0x20 net/socket.c:1568
+ [<ffffffff84512815>] do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ [<ffffffff84512815>] do_syscall_64+0x35/0x80 arch/x86/entry/common.c:80
+ [<ffffffff84600068>] entry_SYSCALL_64_after_hwframe+0x44/0xae
+ <...>
+
+Use mod_delayed_work() instead: if @connect_work is already scheduled,
+reschedule it, and undo sock_hold() to keep the reference count
+balanced.
+
+Reported-and-tested-by: syzbot+b03f55bf128f9a38f064@syzkaller.appspotmail.com
+Fixes: d021c344051a ("VSOCK: Introduce VM Sockets")
+Co-developed-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
+Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
+Signed-off-by: Peilin Ye <peilin.ye@bytedance.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/vmw_vsock/af_vsock.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/net/vmw_vsock/af_vsock.c
++++ b/net/vmw_vsock/af_vsock.c
+@@ -1205,7 +1205,14 @@ static int vsock_stream_connect(struct s
+ * timeout fires.
+ */
+ sock_hold(sk);
+- schedule_delayed_work(&vsk->connect_work, timeout);
++
++ /* If the timeout function is already scheduled,
++ * reschedule it, then ungrab the socket refcount to
++ * keep it balanced.
++ */
++ if (mod_delayed_work(system_wq, &vsk->connect_work,
++ timeout))
++ sock_put(sk);
+
+ /* Skip ahead to preserve error code set above. */
+ goto out_wait;
projects / thirdparty / kernel / stable-queue.git / commitdiff
