--- /dev/null
+From 61d5e2a251fb20c2c5e998c3f1d52ed6d5360319 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Cs=C3=B3k=C3=A1s=20Bence?= <csokas.bence@prolan.hu>
+Date: Thu, 11 Aug 2022 12:13:49 +0200
+Subject: fec: Fix timer capture timing in `fec_ptp_enable_pps()`
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Csókás Bence <csokas.bence@prolan.hu>
+
+commit 61d5e2a251fb20c2c5e998c3f1d52ed6d5360319 upstream.
+
+Code reimplements functionality already in `fec_ptp_read()`,
+but misses check for FEC_QUIRK_BUG_CAPTURE. Replace with function call.
+
+Fixes: 28b5f058cf1d ("net: fec: ptp: fix convergence issue to support LinuxPTP stack")
+Signed-off-by: Csókás Bence <csokas.bence@prolan.hu>
+Link: https://lore.kernel.org/r/20220811101348.13755-1-csokas.bence@prolan.hu
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/freescale/fec_ptp.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/drivers/net/ethernet/freescale/fec_ptp.c
++++ b/drivers/net/ethernet/freescale/fec_ptp.c
+@@ -155,11 +155,7 @@ static int fec_ptp_enable_pps(struct fec
+ * NSEC_PER_SEC - ts.tv_nsec. Add the remaining nanoseconds
+ * to current timer would be next second.
+ */
+- tempval = readl(fep->hwp + FEC_ATIME_CTRL);
+- tempval |= FEC_T_CTRL_CAPTURE;
+- writel(tempval, fep->hwp + FEC_ATIME_CTRL);
+-
+- tempval = readl(fep->hwp + FEC_ATIME);
++ tempval = fep->cc.read(&fep->cc);
+ /* Convert the ptp local counter to 1588 timestamp */
+ ns = timecounter_cyc2time(&fep->tc, tempval);
+ ts = ns_to_timespec64(ns);
--- /dev/null
+From 57c942bc3bef0970f0b21f8e0998e76a900ea80d Mon Sep 17 00:00:00 2001
+From: Alan Brady <alan.brady@intel.com>
+Date: Tue, 2 Aug 2022 10:19:17 +0200
+Subject: i40e: Fix to stop tx_timeout recovery if GLOBR fails
+
+From: Alan Brady <alan.brady@intel.com>
+
+commit 57c942bc3bef0970f0b21f8e0998e76a900ea80d upstream.
+
+When a tx_timeout fires, the PF attempts to recover by incrementally
+resetting. First we try a PFR, then CORER and finally a GLOBR. If the
+GLOBR fails, then we keep hitting the tx_timeout and incrementing the
+recovery level and issuing dmesgs, which is both annoying to the user
+and accomplishes nothing.
+
+If the GLOBR fails, then we're pretty much totally hosed, and there's
+not much else we can do to recover, so this makes it such that we just
+kill the VSI and stop hitting the tx_timeout in such a case.
+
+Fixes: 41c445ff0f48 ("i40e: main driver core")
+Signed-off-by: Alan Brady <alan.brady@intel.com>
+Signed-off-by: Mateusz Palczewski <mateusz.palczewski@intel.com>
+Tested-by: Gurucharan <gurucharanx.g@intel.com> (A Contingent worker at Intel)
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/i40e/i40e_main.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
+@@ -405,7 +405,9 @@ static void i40e_tx_timeout(struct net_d
+ set_bit(__I40E_GLOBAL_RESET_REQUESTED, pf->state);
+ break;
+ default:
+- netdev_err(netdev, "tx_timeout recovery unsuccessful\n");
++ netdev_err(netdev, "tx_timeout recovery unsuccessful, device is in non-recoverable state.\n");
++ set_bit(__I40E_DOWN_REQUESTED, pf->state);
++ set_bit(__I40E_VSI_DOWN_REQUESTED, vsi->state);
+ break;
+ }
+
--- /dev/null
+From 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 Mon Sep 17 00:00:00 2001
+From: Lin Ma <linma@zju.edu.cn>
+Date: Wed, 17 Aug 2022 11:49:21 -0700
+Subject: igb: Add lock to avoid data race
+
+From: Lin Ma <linma@zju.edu.cn>
+
+commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 upstream.
+
+The commit c23d92b80e0b ("igb: Teardown SR-IOV before
+unregister_netdev()") places the unregister_netdev() call after the
+igb_disable_sriov() call to avoid functionality issue.
+
+However, it introduces several race conditions when detaching a device.
+For example, when .remove() is called, the below interleaving leads to
+use-after-free.
+
+ (FREE from device detaching) | (USE from netdev core)
+igb_remove | igb_ndo_get_vf_config
+ igb_disable_sriov | vf >= adapter->vfs_allocated_count?
+ kfree(adapter->vf_data) |
+ adapter->vfs_allocated_count = 0 |
+ | memcpy(... adapter->vf_data[vf]
+
+Moreover, the igb_disable_sriov() also suffers from data race with the
+requests from VF driver.
+
+ (FREE from device detaching) | (USE from requests)
+igb_remove | igb_msix_other
+ igb_disable_sriov | igb_msg_task
+ kfree(adapter->vf_data) | vf < adapter->vfs_allocated_count
+ adapter->vfs_allocated_count = 0 |
+
+To this end, this commit first eliminates the data races from netdev
+core by using rtnl_lock (similar to commit 719479230893 ("dpaa2-eth: add
+MAC/PHY support through phylink")). And then adds a spinlock to
+eliminate races from driver requests. (similar to commit 1e53834ce541
+("ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero")
+
+Fixes: c23d92b80e0b ("igb: Teardown SR-IOV before unregister_netdev()")
+Signed-off-by: Lin Ma <linma@zju.edu.cn>
+Tested-by: Konrad Jankowski <konrad0.jankowski@intel.com>
+Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
+Link: https://lore.kernel.org/r/20220817184921.735244-1-anthony.l.nguyen@intel.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/intel/igb/igb.h | 2 ++
+ drivers/net/ethernet/intel/igb/igb_main.c | 12 +++++++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/intel/igb/igb.h
++++ b/drivers/net/ethernet/intel/igb/igb.h
+@@ -599,6 +599,8 @@ struct igb_adapter {
+ struct igb_mac_addr *mac_table;
+ struct vf_mac_filter vf_macs;
+ struct vf_mac_filter *vf_mac_list;
++ /* lock for VF resources */
++ spinlock_t vfs_lock;
+ };
+
+ /* flags controlling PTP/1588 function */
+--- a/drivers/net/ethernet/intel/igb/igb_main.c
++++ b/drivers/net/ethernet/intel/igb/igb_main.c
+@@ -2805,6 +2805,7 @@ static int igb_disable_sriov(struct pci_
+ struct net_device *netdev = pci_get_drvdata(pdev);
+ struct igb_adapter *adapter = netdev_priv(netdev);
+ struct e1000_hw *hw = &adapter->hw;
++ unsigned long flags;
+
+ /* reclaim resources allocated to VFs */
+ if (adapter->vf_data) {
+@@ -2817,12 +2818,13 @@ static int igb_disable_sriov(struct pci_
+ pci_disable_sriov(pdev);
+ msleep(500);
+ }
+-
++ spin_lock_irqsave(&adapter->vfs_lock, flags);
+ kfree(adapter->vf_mac_list);
+ adapter->vf_mac_list = NULL;
+ kfree(adapter->vf_data);
+ adapter->vf_data = NULL;
+ adapter->vfs_allocated_count = 0;
++ spin_unlock_irqrestore(&adapter->vfs_lock, flags);
+ wr32(E1000_IOVCTL, E1000_IOVCTL_REUSE_VFQ);
+ wrfl();
+ msleep(100);
+@@ -2984,7 +2986,9 @@ static void igb_remove(struct pci_dev *p
+ igb_release_hw_control(adapter);
+
+ #ifdef CONFIG_PCI_IOV
++ rtnl_lock();
+ igb_disable_sriov(pdev);
++ rtnl_unlock();
+ #endif
+
+ unregister_netdev(netdev);
+@@ -3137,6 +3141,9 @@ static int igb_sw_init(struct igb_adapte
+
+ spin_lock_init(&adapter->nfc_lock);
+ spin_lock_init(&adapter->stats64_lock);
++
++ /* init spinlock to avoid concurrency of VF resources */
++ spin_lock_init(&adapter->vfs_lock);
+ #ifdef CONFIG_PCI_IOV
+ switch (hw->mac.type) {
+ case e1000_82576:
+@@ -6776,8 +6783,10 @@ unlock:
+ static void igb_msg_task(struct igb_adapter *adapter)
+ {
+ struct e1000_hw *hw = &adapter->hw;
++ unsigned long flags;
+ u32 vf;
+
++ spin_lock_irqsave(&adapter->vfs_lock, flags);
+ for (vf = 0; vf < adapter->vfs_allocated_count; vf++) {
+ /* process any reset requests */
+ if (!igb_check_for_rst(hw, vf))
+@@ -6791,6 +6800,7 @@ static void igb_msg_task(struct igb_adap
+ if (!igb_check_for_ack(hw, vf))
+ igb_rcv_ack_from_vf(adapter, vf);
+ }
++ spin_unlock_irqrestore(&adapter->vfs_lock, flags);
+ }
+
+ /**
--- /dev/null
+From 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c Mon Sep 17 00:00:00 2001
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+Date: Tue, 9 Aug 2022 17:23:53 +0200
+Subject: netfilter: nf_tables: really skip inactive sets when allocating name
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+commit 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c upstream.
+
+While looping to build the bitmap of used anonymous set names, check the
+current set in the iteration, instead of the one that is being created.
+
+Fixes: 37a9cc525525 ("netfilter: nf_tables: add generation mask to sets")
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/netfilter/nf_tables_api.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -2797,7 +2797,7 @@ cont:
+ list_for_each_entry(i, &ctx->table->sets, list) {
+ int tmp;
+
+- if (!nft_is_active_next(ctx->net, set))
++ if (!nft_is_active_next(ctx->net, i))
+ continue;
+ if (!sscanf(i->name, name, &tmp))
+ continue;
--- /dev/null
+From 8d48562a2729742f767b0fdd994d6b2a56a49c63 Mon Sep 17 00:00:00 2001
+From: Michael Ellerman <mpe@ellerman.id.au>
+Date: Mon, 15 Aug 2022 16:55:23 +1000
+Subject: powerpc/pci: Fix get_phb_number() locking
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+commit 8d48562a2729742f767b0fdd994d6b2a56a49c63 upstream.
+
+The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP
+warning on some systems:
+
+ BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580
+ in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper
+ preempt_count: 1, expected: 0
+ RCU nest depth: 0, expected: 0
+ 1 lock held by swapper/1:
+ #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220
+ Preemption disabled at:
+ [<00000000>] 0x0
+ CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1
+ Call Trace:
+ [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable)
+ [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8
+ [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec
+ [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4
+ [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220
+ [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784
+ [d101de50] [c140852c] discover_phbs+0x30/0x4c
+ [d101de60] [c0007fd4] do_one_initcall+0x94/0x344
+ [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c
+ [d101df10] [c00086e0] kernel_init+0x34/0x160
+ [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64
+
+This is because pcibios_alloc_controller() holds hose_spinlock but
+of_alias_get_id() takes of_mutex which can sleep.
+
+The hose_spinlock protects the phb_bitmap, and also the hose_list, but
+it doesn't need to be held while get_phb_number() calls the OF routines,
+because those are only looking up information in the device tree.
+
+So fix it by having get_phb_number() take the hose_spinlock itself, only
+where required, and then dropping the lock before returning.
+pcibios_alloc_controller() then needs to take the lock again before the
+list_add() but that's safe, the order of the list is not important.
+
+Fixes: 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias")
+Reported-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://lore.kernel.org/r/20220815065550.1303620-1-mpe@ellerman.id.au
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/powerpc/kernel/pci-common.c | 16 ++++++++++------
+ 1 file changed, 10 insertions(+), 6 deletions(-)
+
+--- a/arch/powerpc/kernel/pci-common.c
++++ b/arch/powerpc/kernel/pci-common.c
+@@ -73,10 +73,6 @@ const struct dma_map_ops *get_pci_dma_op
+ }
+ EXPORT_SYMBOL(get_pci_dma_ops);
+
+-/*
+- * This function should run under locking protection, specifically
+- * hose_spinlock.
+- */
+ static int get_phb_number(struct device_node *dn)
+ {
+ int ret, phb_id = -1;
+@@ -113,15 +109,20 @@ static int get_phb_number(struct device_
+ if (!ret)
+ phb_id = (int)(prop & (MAX_PHBS - 1));
+
++ spin_lock(&hose_spinlock);
++
+ /* We need to be sure to not use the same PHB number twice. */
+ if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap))
+- return phb_id;
++ goto out_unlock;
+
+ /* If everything fails then fallback to dynamic PHB numbering. */
+ phb_id = find_first_zero_bit(phb_bitmap, MAX_PHBS);
+ BUG_ON(phb_id >= MAX_PHBS);
+ set_bit(phb_id, phb_bitmap);
+
++out_unlock:
++ spin_unlock(&hose_spinlock);
++
+ return phb_id;
+ }
+
+@@ -132,10 +133,13 @@ struct pci_controller *pcibios_alloc_con
+ phb = zalloc_maybe_bootmem(sizeof(struct pci_controller), GFP_KERNEL);
+ if (phb == NULL)
+ return NULL;
+- spin_lock(&hose_spinlock);
++
+ phb->global_number = get_phb_number(dev);
++
++ spin_lock(&hose_spinlock);
+ list_add_tail(&phb->list_node, &hose_list);
+ spin_unlock(&hose_spinlock);
++
+ phb->dn = dev;
+ phb->is_dynamic = slab_is_available();
+ #ifdef CONFIG_PPC64
nios2-fix-syscall-restart-checks.patch
nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch
nios2-add-force_successful_syscall_return.patch
+netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch
+powerpc-pci-fix-get_phb_number-locking.patch
+i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch
+fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch
+igb-add-lock-to-avoid-data-race.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
