]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
6.1-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 11:03:04 +0000 (12:03 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 11:03:04 +0000 (12:03 +0100)
added patches:
alsa-hda-intel-dsp-config-add-mtl-pci-id.patch
alsa-hda-realtek-fix-speaker-mute-micmute-leds-not-work-on-a-hp-platform.patch
alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch
cifs-fix-smb2_set_path_size.patch
drm-amd-display-disconnect-mpcc-only-on-otg-change.patch
drm-amd-display-do-not-set-drr-on-pipe-commit.patch
drm-amd-pm-bump-smu-13.0.4-driver_if-header-version.patch
drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch
drm-amdgpu-don-t-resume-iommu-after-incomplete-init.patch
drm-i915-active-fix-misuse-of-non-idle-barriers-as-fence-trackers.patch
drm-i915-dg2-add-hdmi-pixel-clock-frequencies-267.30-and-319.89-mhz.patch
drm-shmem-helper-remove-another-errant-put-in-error-path.patch
drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch
kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
kvm-svm-fix-a-benign-off-by-one-bug-in-avic-physical-table-mask.patch
kvm-svm-modify-avic-gatag-to-support-max-number-of-512-vcpus.patch
mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch
mptcp-avoid-setting-tcp_close-state-twice.patch
mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch
mptcp-fix-possible-deadlock-in-subflow_error_report.patch
revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch
riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch
tracing-check-field-value-in-hist_field_name.patch
tracing-make-splice_read-available-again.patch
tracing-make-tracepoint-lockdep-check-actually-test-something.patch

26 files changed:
queue-6.1/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch [new file with mode: 0644]
queue-6.1/alsa-hda-realtek-fix-speaker-mute-micmute-leds-not-work-on-a-hp-platform.patch [new file with mode: 0644]
queue-6.1/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch [new file with mode: 0644]
queue-6.1/cifs-fix-smb2_set_path_size.patch [new file with mode: 0644]
queue-6.1/drm-amd-display-disconnect-mpcc-only-on-otg-change.patch [new file with mode: 0644]
queue-6.1/drm-amd-display-do-not-set-drr-on-pipe-commit.patch [new file with mode: 0644]
queue-6.1/drm-amd-pm-bump-smu-13.0.4-driver_if-header-version.patch [new file with mode: 0644]
queue-6.1/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch [new file with mode: 0644]
queue-6.1/drm-amdgpu-don-t-resume-iommu-after-incomplete-init.patch [new file with mode: 0644]
queue-6.1/drm-i915-active-fix-misuse-of-non-idle-barriers-as-fence-trackers.patch [new file with mode: 0644]
queue-6.1/drm-i915-dg2-add-hdmi-pixel-clock-frequencies-267.30-and-319.89-mhz.patch [new file with mode: 0644]
queue-6.1/drm-shmem-helper-remove-another-errant-put-in-error-path.patch [new file with mode: 0644]
queue-6.1/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch [new file with mode: 0644]
queue-6.1/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch [new file with mode: 0644]
queue-6.1/kvm-svm-fix-a-benign-off-by-one-bug-in-avic-physical-table-mask.patch [new file with mode: 0644]
queue-6.1/kvm-svm-modify-avic-gatag-to-support-max-number-of-512-vcpus.patch [new file with mode: 0644]
queue-6.1/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch [new file with mode: 0644]
queue-6.1/mptcp-avoid-setting-tcp_close-state-twice.patch [new file with mode: 0644]
queue-6.1/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch [new file with mode: 0644]
queue-6.1/mptcp-fix-possible-deadlock-in-subflow_error_report.patch [new file with mode: 0644]
queue-6.1/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch [new file with mode: 0644]
queue-6.1/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch [new file with mode: 0644]
queue-6.1/series
queue-6.1/tracing-check-field-value-in-hist_field_name.patch [new file with mode: 0644]
queue-6.1/tracing-make-splice_read-available-again.patch [new file with mode: 0644]
queue-6.1/tracing-make-tracepoint-lockdep-check-actually-test-something.patch [new file with mode: 0644]

diff --git a/queue-6.1/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch b/queue-6.1/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch
new file mode 100644 (file)
index 0000000..6c485a9
--- /dev/null
@@ -0,0 +1,40 @@
+From bbdf904b13a62bb8b1272d92a7dde082dff86fbb Mon Sep 17 00:00:00 2001
+From: Bard Liao <yung-chuan.liao@linux.intel.com>
+Date: Mon, 6 Mar 2023 15:41:01 +0800
+Subject: ALSA: hda: intel-dsp-config: add MTL PCI id
+
+From: Bard Liao <yung-chuan.liao@linux.intel.com>
+
+commit bbdf904b13a62bb8b1272d92a7dde082dff86fbb upstream.
+
+Use SOF as default audio driver.
+
+Signed-off-by: Bard Liao <yung-chuan.liao@linux.intel.com>
+Reviewed-by: Gongjun Song <gongjun.song@intel.com>
+Reviewed-by: Kai Vehmanen <kai.vehmanen@linux.intel.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230306074101.3906707-1-yung-chuan.liao@linux.intel.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/hda/intel-dsp-config.c |    9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/sound/hda/intel-dsp-config.c
++++ b/sound/hda/intel-dsp-config.c
+@@ -472,6 +472,15 @@ static const struct config_entry config_
+       },
+ #endif
++/* Meteor Lake */
++#if IS_ENABLED(CONFIG_SND_SOC_SOF_METEORLAKE)
++      /* Meteorlake-P */
++      {
++              .flags = FLAG_SOF | FLAG_SOF_ONLY_IF_DMIC_OR_SOUNDWIRE,
++              .device = 0x7e28,
++      },
++#endif
++
+ };
+ static const struct config_entry *snd_intel_dsp_find_config
diff --git a/queue-6.1/alsa-hda-realtek-fix-speaker-mute-micmute-leds-not-work-on-a-hp-platform.patch b/queue-6.1/alsa-hda-realtek-fix-speaker-mute-micmute-leds-not-work-on-a-hp-platform.patch
new file mode 100644 (file)
index 0000000..d95c327
--- /dev/null
@@ -0,0 +1,31 @@
+From 7bb62340951a9af20235a3bde8c98e2e292915df Mon Sep 17 00:00:00 2001
+From: Jeremy Szu <jeremy.szu@canonical.com>
+Date: Tue, 7 Mar 2023 21:53:16 +0800
+Subject: ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform
+
+From: Jeremy Szu <jeremy.szu@canonical.com>
+
+commit 7bb62340951a9af20235a3bde8c98e2e292915df upstream.
+
+There is a HP platform needs ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED quirk to
+make mic-mute/audio-mute/speaker working.
+
+Signed-off-by: Jeremy Szu <jeremy.szu@canonical.com>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230307135317.37621-1-jeremy.szu@canonical.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -9446,6 +9446,7 @@ static const struct snd_pci_quirk alc269
+       SND_PCI_QUIRK(0x103c, 0x8b8a, "HP", ALC236_FIXUP_HP_GPIO_LED),
+       SND_PCI_QUIRK(0x103c, 0x8b8b, "HP", ALC236_FIXUP_HP_GPIO_LED),
+       SND_PCI_QUIRK(0x103c, 0x8b8d, "HP", ALC236_FIXUP_HP_GPIO_LED),
++      SND_PCI_QUIRK(0x103c, 0x8b8f, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
+       SND_PCI_QUIRK(0x103c, 0x8b92, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED),
+       SND_PCI_QUIRK(0x103c, 0x8bf0, "HP", ALC236_FIXUP_HP_GPIO_LED),
+       SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC),
diff --git a/queue-6.1/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch b/queue-6.1/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch
new file mode 100644 (file)
index 0000000..2fe1f61
--- /dev/null
@@ -0,0 +1,32 @@
+From a86e79e3015f5dd8e1b01ccfa49bd5c6e41047a1 Mon Sep 17 00:00:00 2001
+From: "Hamidreza H. Fard" <nitocris@posteo.net>
+Date: Tue, 7 Mar 2023 16:37:41 +0000
+Subject: ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro
+
+From: Hamidreza H. Fard <nitocris@posteo.net>
+
+commit a86e79e3015f5dd8e1b01ccfa49bd5c6e41047a1 upstream.
+
+Samsung Galaxy Book2 Pro (13" 2022 NP930XED-KA1DE) with codec SSID
+144d:c868 requires the same workaround for enabling the speaker amp
+like other Samsung models with ALC298 code.
+
+Signed-off-by: Hamidreza H. Fard <nitocris@posteo.net>
+Cc: <stable@vger.kernel.org>
+Link: https://lore.kernel.org/r/20230307163741.3878-1-nitocris@posteo.net
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ sound/pci/hda/patch_realtek.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/sound/pci/hda/patch_realtek.c
++++ b/sound/pci/hda/patch_realtek.c
+@@ -9538,6 +9538,7 @@ static const struct snd_pci_quirk alc269
+       SND_PCI_QUIRK(0x144d, 0xc830, "Samsung Galaxy Book Ion (NT950XCJ-X716A)", ALC298_FIXUP_SAMSUNG_AMP),
+       SND_PCI_QUIRK(0x144d, 0xc832, "Samsung Galaxy Book Flex Alpha (NP730QCJ)", ALC256_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET),
+       SND_PCI_QUIRK(0x144d, 0xca03, "Samsung Galaxy Book2 Pro 360 (NP930QED)", ALC298_FIXUP_SAMSUNG_AMP),
++      SND_PCI_QUIRK(0x144d, 0xc868, "Samsung Galaxy Book2 Pro (NP930XED)", ALC298_FIXUP_SAMSUNG_AMP),
+       SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC),
+       SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC),
+       SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC),
diff --git a/queue-6.1/cifs-fix-smb2_set_path_size.patch b/queue-6.1/cifs-fix-smb2_set_path_size.patch
new file mode 100644 (file)
index 0000000..9af2e28
--- /dev/null
@@ -0,0 +1,63 @@
+From 211baef0eabf4169ce4f73ebd917749d1a7edd74 Mon Sep 17 00:00:00 2001
+From: Volker Lendecke <vl@samba.org>
+Date: Mon, 13 Mar 2023 16:09:54 +0100
+Subject: cifs: Fix smb2_set_path_size()
+
+From: Volker Lendecke <vl@samba.org>
+
+commit 211baef0eabf4169ce4f73ebd917749d1a7edd74 upstream.
+
+If cifs_get_writable_path() finds a writable file, smb2_compound_op()
+must use that file's FID and not the COMPOUND_FID.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Volker Lendecke <vl@samba.org>
+Reviewed-by: Paulo Alcantara (SUSE) <pc@manguebit.com>
+Signed-off-by: Steve French <stfrench@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/cifs/smb2inode.c |   31 ++++++++++++++++++++++++-------
+ 1 file changed, 24 insertions(+), 7 deletions(-)
+
+--- a/fs/cifs/smb2inode.c
++++ b/fs/cifs/smb2inode.c
+@@ -233,15 +233,32 @@ static int smb2_compound_op(const unsign
+               size[0] = 8; /* sizeof __le64 */
+               data[0] = ptr;
+-              rc = SMB2_set_info_init(tcon, server,
+-                                      &rqst[num_rqst], COMPOUND_FID,
+-                                      COMPOUND_FID, current->tgid,
+-                                      FILE_END_OF_FILE_INFORMATION,
+-                                      SMB2_O_INFO_FILE, 0, data, size);
++              if (cfile) {
++                      rc = SMB2_set_info_init(tcon, server,
++                                              &rqst[num_rqst],
++                                              cfile->fid.persistent_fid,
++                                              cfile->fid.volatile_fid,
++                                              current->tgid,
++                                              FILE_END_OF_FILE_INFORMATION,
++                                              SMB2_O_INFO_FILE, 0,
++                                              data, size);
++              } else {
++                      rc = SMB2_set_info_init(tcon, server,
++                                              &rqst[num_rqst],
++                                              COMPOUND_FID,
++                                              COMPOUND_FID,
++                                              current->tgid,
++                                              FILE_END_OF_FILE_INFORMATION,
++                                              SMB2_O_INFO_FILE, 0,
++                                              data, size);
++                      if (!rc) {
++                              smb2_set_next_command(tcon, &rqst[num_rqst]);
++                              smb2_set_related(&rqst[num_rqst]);
++                      }
++              }
+               if (rc)
+                       goto finished;
+-              smb2_set_next_command(tcon, &rqst[num_rqst]);
+-              smb2_set_related(&rqst[num_rqst++]);
++              num_rqst++;
+               trace_smb3_set_eof_enter(xid, ses->Suid, tcon->tid, full_path);
+               break;
+       case SMB2_OP_SET_INFO:
diff --git a/queue-6.1/drm-amd-display-disconnect-mpcc-only-on-otg-change.patch b/queue-6.1/drm-amd-display-disconnect-mpcc-only-on-otg-change.patch
new file mode 100644 (file)
index 0000000..58343f6
--- /dev/null
@@ -0,0 +1,56 @@
+From 7304ee979b6b6422f41a1312391a5e505fc29ccd Mon Sep 17 00:00:00 2001
+From: Ayush Gupta <ayugupta@amd.com>
+Date: Thu, 2 Mar 2023 09:58:05 -0500
+Subject: drm/amd/display: disconnect MPCC only on OTG change
+
+From: Ayush Gupta <ayugupta@amd.com>
+
+commit 7304ee979b6b6422f41a1312391a5e505fc29ccd upstream.
+
+[Why]
+Framedrops are observed while playing Vp9 and Av1 10 bit
+video on 8k resolution using VSR while playback controls
+are disappeared/appeared
+
+[How]
+Now ODM 2 to 1 is disabled for 5k or greater resolutions on VSR.
+
+Cc: stable@vger.kernel.org
+Cc: Mario Limonciello <mario.limonciello@amd.com>
+Reviewed-by: Alvin Lee <Alvin.Lee2@amd.com>
+Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
+Signed-off-by: Ayush Gupta <ayugupta@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c |    6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
++++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_resource.c
+@@ -1883,6 +1883,7 @@ int dcn32_populate_dml_pipes_from_contex
+       bool subvp_in_use = false;
+       uint8_t is_pipe_split_expected[MAX_PIPES] = {0};
+       struct dc_crtc_timing *timing;
++      bool vsr_odm_support = false;
+       dcn20_populate_dml_pipes_from_context(dc, context, pipes, fast_validate);
+@@ -1900,12 +1901,15 @@ int dcn32_populate_dml_pipes_from_contex
+               timing = &pipe->stream->timing;
+               pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_dal;
++              vsr_odm_support = (res_ctx->pipe_ctx[i].stream->src.width >= 5120 &&
++                              res_ctx->pipe_ctx[i].stream->src.width > res_ctx->pipe_ctx[i].stream->dst.width);
+               if (context->stream_count == 1 &&
+                               context->stream_status[0].plane_count == 1 &&
+                               !dc_is_hdmi_signal(res_ctx->pipe_ctx[i].stream->signal) &&
+                               is_h_timing_divisible_by_2(res_ctx->pipe_ctx[i].stream) &&
+                               pipe->stream->timing.pix_clk_100hz * 100 > DCN3_2_VMIN_DISPCLK_HZ &&
+-                              dc->debug.enable_single_display_2to1_odm_policy) {
++                              dc->debug.enable_single_display_2to1_odm_policy &&
++                              !vsr_odm_support) { //excluding 2to1 ODM combine on >= 5k vsr
+                       pipes[pipe_cnt].pipe.dest.odm_combine_policy = dm_odm_combine_policy_2to1;
+               }
+               pipe_cnt++;
diff --git a/queue-6.1/drm-amd-display-do-not-set-drr-on-pipe-commit.patch b/queue-6.1/drm-amd-display-do-not-set-drr-on-pipe-commit.patch
new file mode 100644 (file)
index 0000000..e4ce823
--- /dev/null
@@ -0,0 +1,36 @@
+From 56574f89dbd84004c3fd6485bcaafb5aa9b8be14 Mon Sep 17 00:00:00 2001
+From: Wesley Chalmers <Wesley.Chalmers@amd.com>
+Date: Thu, 3 Nov 2022 22:29:31 -0400
+Subject: drm/amd/display: Do not set DRR on pipe Commit
+
+From: Wesley Chalmers <Wesley.Chalmers@amd.com>
+
+commit 56574f89dbd84004c3fd6485bcaafb5aa9b8be14 upstream.
+
+[WHY]
+Writing to DRR registers such as OTG_V_TOTAL_MIN on the same frame as a
+pipe commit can cause underflow.
+
+Cc: stable@vger.kernel.org
+Cc: Mario Limonciello <mario.limonciello@amd.com>
+Reviewed-by: Jun Lei <Jun.Lei@amd.com>
+Acked-by: Qingqing Zhuo <qingqing.zhuo@amd.com>
+Signed-off-by: Wesley Chalmers <Wesley.Chalmers@amd.com>
+Tested-by: Daniel Wheeler <daniel.wheeler@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c |    3 ---
+ 1 file changed, 3 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
++++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hwseq.c
+@@ -992,8 +992,5 @@ void dcn30_prepare_bandwidth(struct dc *
+                       dc->clk_mgr->funcs->set_max_memclk(dc->clk_mgr, dc->clk_mgr->bw_params->clk_table.entries[dc->clk_mgr->bw_params->clk_table.num_entries - 1].memclk_mhz);
+       dcn20_prepare_bandwidth(dc, context);
+-
+-      dc_dmub_srv_p_state_delegate(dc,
+-              context->bw_ctx.bw.dcn.clk.fw_based_mclk_switching, context);
+ }
diff --git a/queue-6.1/drm-amd-pm-bump-smu-13.0.4-driver_if-header-version.patch b/queue-6.1/drm-amd-pm-bump-smu-13.0.4-driver_if-header-version.patch
new file mode 100644 (file)
index 0000000..87f43d3
--- /dev/null
@@ -0,0 +1,53 @@
+From ab9bdb1213b4b40942af6a383f555d0c14874c1b Mon Sep 17 00:00:00 2001
+From: Tim Huang <tim.huang@amd.com>
+Date: Wed, 1 Mar 2023 10:53:03 +0800
+Subject: drm/amd/pm: bump SMU 13.0.4 driver_if header version
+
+From: Tim Huang <tim.huang@amd.com>
+
+commit ab9bdb1213b4b40942af6a383f555d0c14874c1b upstream.
+
+Align the SMU driver interface version with PMFW to
+suppress the version mismatch message on driver loading.
+
+Signed-off-by: Tim Huang <tim.huang@amd.com>
+Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org # 6.1.x
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h |    4 ++--
+ drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h                       |    2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h
++++ b/drivers/gpu/drm/amd/pm/swsmu/inc/pmfw_if/smu13_driver_if_v13_0_4.h
+@@ -27,7 +27,7 @@
+ // *** IMPORTANT ***
+ // SMU TEAM: Always increment the interface version if
+ // any structure is changed in this file
+-#define PMFW_DRIVER_IF_VERSION 7
++#define PMFW_DRIVER_IF_VERSION 8
+ typedef struct {
+   int32_t value;
+@@ -198,7 +198,7 @@ typedef struct {
+   uint16_t SkinTemp;
+   uint16_t DeviceState;
+   uint16_t CurTemp;                     //[centi-Celsius]
+-  uint16_t spare2;
++  uint16_t FilterAlphaValue;
+   uint16_t AverageGfxclkFrequency;
+   uint16_t AverageFclkFrequency;
+--- a/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h
++++ b/drivers/gpu/drm/amd/pm/swsmu/inc/smu_v13_0.h
+@@ -29,7 +29,7 @@
+ #define SMU13_DRIVER_IF_VERSION_YELLOW_CARP 0x04
+ #define SMU13_DRIVER_IF_VERSION_ALDE 0x08
+ #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_0_0 0x37
+-#define SMU13_DRIVER_IF_VERSION_SMU_V13_0_4 0x07
++#define SMU13_DRIVER_IF_VERSION_SMU_V13_0_4 0x08
+ #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_5 0x04
+ #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_0_10 0x32
+ #define SMU13_DRIVER_IF_VERSION_SMU_V13_0_7 0x37
diff --git a/queue-6.1/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch b/queue-6.1/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch
new file mode 100644 (file)
index 0000000..a5a597b
--- /dev/null
@@ -0,0 +1,111 @@
+From a9386ee9681585794dbab95d4ce6826f73d19af6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?B=C5=82a=C5=BCej=20Szczygie=C5=82?= <mumei6102@gmail.com>
+Date: Sun, 5 Mar 2023 00:44:31 +0100
+Subject: drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: BÅ‚ażej SzczygieÅ‚ <mumei6102@gmail.com>
+
+commit a9386ee9681585794dbab95d4ce6826f73d19af6 upstream.
+
+Always setup overdrive tables after resume. Preserve only some
+user-defined settings in user_overdrive_table if they're set.
+
+Copy restored user_overdrive_table into od_table to get correct
+values.
+
+On cold boot, BTC was triggered and GfxVfCurve was calibrated. We
+got VfCurve settings (a). On resuming back, BTC will be triggered
+again and GfxVfCurve will be recalibrated. VfCurve settings (b)
+got may be different from those of cold boot.  So if we reuse
+those VfCurve settings (a) got on cold boot on suspend, we can
+run into discrepencies.
+
+Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1897
+Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2276
+Reviewed-by: Evan Quan <evan.quan@amd.com>
+Signed-off-by: BÅ‚ażej SzczygieÅ‚ <mumei6102@gmail.com>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c |   43 ++++++++++++----
+ 1 file changed, 33 insertions(+), 10 deletions(-)
+
+--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c
+@@ -2143,16 +2143,9 @@ static int sienna_cichlid_set_default_od
+               (OverDriveTable_t *)smu->smu_table.boot_overdrive_table;
+       OverDriveTable_t *user_od_table =
+               (OverDriveTable_t *)smu->smu_table.user_overdrive_table;
++      OverDriveTable_t user_od_table_bak;
+       int ret = 0;
+-      /*
+-       * For S3/S4/Runpm resume, no need to setup those overdrive tables again as
+-       *   - either they already have the default OD settings got during cold bootup
+-       *   - or they have some user customized OD settings which cannot be overwritten
+-       */
+-      if (smu->adev->in_suspend)
+-              return 0;
+-
+       ret = smu_cmn_update_table(smu, SMU_TABLE_OVERDRIVE,
+                                  0, (void *)boot_od_table, false);
+       if (ret) {
+@@ -2163,7 +2156,23 @@ static int sienna_cichlid_set_default_od
+       sienna_cichlid_dump_od_table(smu, boot_od_table);
+       memcpy(od_table, boot_od_table, sizeof(OverDriveTable_t));
+-      memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t));
++
++      /*
++       * For S3/S4/Runpm resume, we need to setup those overdrive tables again,
++       * but we have to preserve user defined values in "user_od_table".
++       */
++      if (!smu->adev->in_suspend) {
++              memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t));
++              smu->user_dpm_profile.user_od = false;
++      } else if (smu->user_dpm_profile.user_od) {
++              memcpy(&user_od_table_bak, user_od_table, sizeof(OverDriveTable_t));
++              memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t));
++              user_od_table->GfxclkFmin = user_od_table_bak.GfxclkFmin;
++              user_od_table->GfxclkFmax = user_od_table_bak.GfxclkFmax;
++              user_od_table->UclkFmin = user_od_table_bak.UclkFmin;
++              user_od_table->UclkFmax = user_od_table_bak.UclkFmax;
++              user_od_table->VddGfxOffset = user_od_table_bak.VddGfxOffset;
++      }
+       return 0;
+ }
+@@ -2373,6 +2382,20 @@ static int sienna_cichlid_od_edit_dpm_ta
+       return ret;
+ }
++static int sienna_cichlid_restore_user_od_settings(struct smu_context *smu)
++{
++      struct smu_table_context *table_context = &smu->smu_table;
++      OverDriveTable_t *od_table = table_context->overdrive_table;
++      OverDriveTable_t *user_od_table = table_context->user_overdrive_table;
++      int res;
++
++      res = smu_v11_0_restore_user_od_settings(smu);
++      if (res == 0)
++              memcpy(od_table, user_od_table, sizeof(OverDriveTable_t));
++
++      return res;
++}
++
+ static int sienna_cichlid_run_btc(struct smu_context *smu)
+ {
+       int res;
+@@ -4400,7 +4423,7 @@ static const struct pptable_funcs sienna
+       .set_soft_freq_limited_range = smu_v11_0_set_soft_freq_limited_range,
+       .set_default_od_settings = sienna_cichlid_set_default_od_settings,
+       .od_edit_dpm_table = sienna_cichlid_od_edit_dpm_table,
+-      .restore_user_od_settings = smu_v11_0_restore_user_od_settings,
++      .restore_user_od_settings = sienna_cichlid_restore_user_od_settings,
+       .run_btc = sienna_cichlid_run_btc,
+       .set_power_source = smu_v11_0_set_power_source,
+       .get_pp_feature_mask = smu_cmn_get_pp_feature_mask,
diff --git a/queue-6.1/drm-amdgpu-don-t-resume-iommu-after-incomplete-init.patch b/queue-6.1/drm-amdgpu-don-t-resume-iommu-after-incomplete-init.patch
new file mode 100644 (file)
index 0000000..15905b8
--- /dev/null
@@ -0,0 +1,63 @@
+From f3921a9a641483784448fb982b2eb738b383d9b9 Mon Sep 17 00:00:00 2001
+From: Felix Kuehling <Felix.Kuehling@amd.com>
+Date: Mon, 13 Mar 2023 20:03:08 -0400
+Subject: drm/amdgpu: Don't resume IOMMU after incomplete init
+
+From: Felix Kuehling <Felix.Kuehling@amd.com>
+
+commit f3921a9a641483784448fb982b2eb738b383d9b9 upstream.
+
+Check kfd->init_complete in kgd2kfd_iommu_resume, consistent with other
+kgd2kfd calls. This should fix IOMMU errors on resume from suspend when
+KFD IOMMU initialization failed.
+
+Reported-by: Matt Fagnani <matt.fagnani@bell.net>
+Link: https://lore.kernel.org/r/4a3b225c-2ffd-e758-4de1-447375e34cad@bell.net/
+Link: https://bugzilla.kernel.org/show_bug.cgi?id=217170
+Link: https://gitlab.freedesktop.org/drm/amd/-/issues/2454
+Cc: Vasant Hegde <vasant.hegde@amd.com>
+Cc: Linux regression tracking (Thorsten Leemhuis) <regressions@leemhuis.info>
+Cc: stable@vger.kernel.org
+Signed-off-by: Felix Kuehling <Felix.Kuehling@amd.com>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Tested-by: Matt Fagnani <matt.fagnani@bell.net>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/amd/amdkfd/kfd_device.c |   11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/drivers/gpu/drm/amd/amdkfd/kfd_device.c
++++ b/drivers/gpu/drm/amd/amdkfd/kfd_device.c
+@@ -59,6 +59,7 @@ static int kfd_gtt_sa_init(struct kfd_de
+                               unsigned int chunk_size);
+ static void kfd_gtt_sa_fini(struct kfd_dev *kfd);
++static int kfd_resume_iommu(struct kfd_dev *kfd);
+ static int kfd_resume(struct kfd_dev *kfd);
+ static void kfd_device_info_set_sdma_info(struct kfd_dev *kfd)
+@@ -634,7 +635,7 @@ bool kgd2kfd_device_init(struct kfd_dev
+       svm_migrate_init(kfd->adev);
+-      if (kgd2kfd_resume_iommu(kfd))
++      if (kfd_resume_iommu(kfd))
+               goto device_iommu_error;
+       if (kfd_resume(kfd))
+@@ -783,6 +784,14 @@ int kgd2kfd_resume(struct kfd_dev *kfd,
+ int kgd2kfd_resume_iommu(struct kfd_dev *kfd)
+ {
++      if (!kfd->init_complete)
++              return 0;
++
++      return kfd_resume_iommu(kfd);
++}
++
++static int kfd_resume_iommu(struct kfd_dev *kfd)
++{
+       int err = 0;
+       err = kfd_iommu_resume(kfd);
diff --git a/queue-6.1/drm-i915-active-fix-misuse-of-non-idle-barriers-as-fence-trackers.patch b/queue-6.1/drm-i915-active-fix-misuse-of-non-idle-barriers-as-fence-trackers.patch
new file mode 100644 (file)
index 0000000..9c5a56e
--- /dev/null
@@ -0,0 +1,121 @@
+From e0e6b416b25ee14716f3549e0cbec1011b193809 Mon Sep 17 00:00:00 2001
+From: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
+Date: Thu, 2 Mar 2023 13:08:20 +0100
+Subject: drm/i915/active: Fix misuse of non-idle barriers as fence trackers
+
+From: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
+
+commit e0e6b416b25ee14716f3549e0cbec1011b193809 upstream.
+
+Users reported oopses on list corruptions when using i915 perf with a
+number of concurrently running graphics applications.  Root cause analysis
+pointed at an issue in barrier processing code -- a race among perf open /
+close replacing active barriers with perf requests on kernel context and
+concurrent barrier preallocate / acquire operations performed during user
+context first pin / last unpin.
+
+When adding a request to a composite tracker, we try to reuse an existing
+fence tracker, already allocated and registered with that composite.  The
+tracker we obtain may already track another fence, may be an idle barrier,
+or an active barrier.
+
+If the tracker we get occurs a non-idle barrier then we try to delete that
+barrier from a list of barrier tasks it belongs to.  However, while doing
+that we don't respect return value from a function that performs the
+barrier deletion.  Should the deletion ever fail, we would end up reusing
+the tracker still registered as a barrier task.  Since the same structure
+field is reused with both fence callback lists and barrier tasks list,
+list corruptions would likely occur.
+
+Barriers are now deleted from a barrier tasks list by temporarily removing
+the list content, traversing that content with skip over the node to be
+deleted, then populating the list back with the modified content.  Should
+that intentionally racy concurrent deletion attempts be not serialized,
+one or more of those may fail because of the list being temporary empty.
+
+Related code that ignores the results of barrier deletion was initially
+introduced in v5.4 by commit d8af05ff38ae ("drm/i915: Allow sharing the
+idle-barrier from other kernel requests").  However, all users of the
+barrier deletion routine were apparently serialized at that time, then the
+issue didn't exhibit itself.  Results of git bisect with help of a newly
+developed igt@gem_barrier_race@remote-request IGT test indicate that list
+corruptions might start to appear after commit 311770173fac ("drm/i915/gt:
+Schedule request retirement when timeline idles"), introduced in v5.5.
+
+Respect results of barrier deletion attempts -- mark the barrier as idle
+only if successfully deleted from the list.  Then, before proceeding with
+setting our fence as the one currently tracked, make sure that the tracker
+we've got is not a non-idle barrier.  If that check fails then don't use
+that tracker but go back and try to acquire a new, usable one.
+
+v3: use unlikely() to document what outcome we expect (Andi),
+  - fix bad grammar in commit description.
+v2: no code changes,
+  - blame commit 311770173fac ("drm/i915/gt: Schedule request retirement
+    when timeline idles"), v5.5, not commit d8af05ff38ae ("drm/i915: Allow
+    sharing the idle-barrier from other kernel requests"), v5.4,
+  - reword commit description.
+
+Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/6333
+Fixes: 311770173fac ("drm/i915/gt: Schedule request retirement when timeline idles")
+Cc: Chris Wilson <chris@chris-wilson.co.uk>
+Cc: stable@vger.kernel.org # v5.5
+Cc: Andi Shyti <andi.shyti@linux.intel.com>
+Signed-off-by: Janusz Krzysztofik <janusz.krzysztofik@linux.intel.com>
+Reviewed-by: Andi Shyti <andi.shyti@linux.intel.com>
+Signed-off-by: Andi Shyti <andi.shyti@linux.intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230302120820.48740-1-janusz.krzysztofik@linux.intel.com
+(cherry picked from commit 506006055769b10d1b2b4e22f636f3b45e0e9fc7)
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/i915_active.c |   27 +++++++++++++++------------
+ 1 file changed, 15 insertions(+), 12 deletions(-)
+
+--- a/drivers/gpu/drm/i915/i915_active.c
++++ b/drivers/gpu/drm/i915/i915_active.c
+@@ -422,12 +422,12 @@ replace_barrier(struct i915_active *ref,
+        * we can use it to substitute for the pending idle-barrer
+        * request that we want to emit on the kernel_context.
+        */
+-      __active_del_barrier(ref, node_from_active(active));
+-      return true;
++      return __active_del_barrier(ref, node_from_active(active));
+ }
+ int i915_active_add_request(struct i915_active *ref, struct i915_request *rq)
+ {
++      u64 idx = i915_request_timeline(rq)->fence_context;
+       struct dma_fence *fence = &rq->fence;
+       struct i915_active_fence *active;
+       int err;
+@@ -437,16 +437,19 @@ int i915_active_add_request(struct i915_
+       if (err)
+               return err;
+-      active = active_instance(ref, i915_request_timeline(rq)->fence_context);
+-      if (!active) {
+-              err = -ENOMEM;
+-              goto out;
+-      }
+-
+-      if (replace_barrier(ref, active)) {
+-              RCU_INIT_POINTER(active->fence, NULL);
+-              atomic_dec(&ref->count);
+-      }
++      do {
++              active = active_instance(ref, idx);
++              if (!active) {
++                      err = -ENOMEM;
++                      goto out;
++              }
++
++              if (replace_barrier(ref, active)) {
++                      RCU_INIT_POINTER(active->fence, NULL);
++                      atomic_dec(&ref->count);
++              }
++      } while (unlikely(is_barrier(active)));
++
+       if (!__i915_active_fence_set(active, fence))
+               __i915_active_acquire(ref);
diff --git a/queue-6.1/drm-i915-dg2-add-hdmi-pixel-clock-frequencies-267.30-and-319.89-mhz.patch b/queue-6.1/drm-i915-dg2-add-hdmi-pixel-clock-frequencies-267.30-and-319.89-mhz.patch
new file mode 100644 (file)
index 0000000..5777ccb
--- /dev/null
@@ -0,0 +1,113 @@
+From 46bc23dcd94569270d02c4c1f7e62ae01ebd53bb Mon Sep 17 00:00:00 2001
+From: Ankit Nautiyal <ankit.k.nautiyal@intel.com>
+Date: Thu, 23 Feb 2023 10:06:19 +0530
+Subject: drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz
+
+From: Ankit Nautiyal <ankit.k.nautiyal@intel.com>
+
+commit 46bc23dcd94569270d02c4c1f7e62ae01ebd53bb upstream.
+
+Add snps phy table values for HDMI pixel clocks 267.30 MHz and
+319.89 MHz. Values are based on the Bspec algorithm for
+PLL programming for HDMI.
+
+Cc: stable@vger.kernel.org
+Closes: https://gitlab.freedesktop.org/drm/intel/-/issues/8008
+Signed-off-by: Ankit Nautiyal <ankit.k.nautiyal@intel.com>
+Reviewed-by: Uma Shankar <uma.shankar@intel.com>
+Signed-off-by: Uma Shankar <uma.shankar@intel.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230223043619.3941382-1-ankit.k.nautiyal@intel.com
+(cherry picked from commit d46746b8b13cbd377ffc733e465d25800459a31b)
+Signed-off-by: Jani Nikula <jani.nikula@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/i915/display/intel_snps_phy.c |   62 ++++++++++++++++++++++++++
+ 1 file changed, 62 insertions(+)
+
+--- a/drivers/gpu/drm/i915/display/intel_snps_phy.c
++++ b/drivers/gpu/drm/i915/display/intel_snps_phy.c
+@@ -1418,6 +1418,36 @@ static const struct intel_mpllb_state dg
+               REG_FIELD_PREP(SNPS_PHY_MPLLB_SSC_UP_SPREAD, 1),
+ };
++static const struct intel_mpllb_state dg2_hdmi_267300 = {
++      .clock = 267300,
++      .ref_control =
++              REG_FIELD_PREP(SNPS_PHY_REF_CONTROL_REF_RANGE, 3),
++      .mpllb_cp =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_INT, 7) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_PROP, 14) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_INT_GS, 64) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_PROP_GS, 124),
++      .mpllb_div =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_DIV5_CLK_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_TX_CLK_DIV, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_PMIX_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_V2I, 2) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FREQ_VCO, 3),
++      .mpllb_div2 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_REF_CLK_DIV, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_MULTIPLIER, 74) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_HDMI_DIV, 1),
++      .mpllb_fracn1 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_CGG_UPDATE_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_DEN, 65535),
++      .mpllb_fracn2 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_QUOT, 30146) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_REM, 36699),
++      .mpllb_sscen =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_SSC_UP_SPREAD, 1),
++};
++
+ static const struct intel_mpllb_state dg2_hdmi_268500 = {
+       .clock = 268500,
+       .ref_control =
+@@ -1508,6 +1538,36 @@ static const struct intel_mpllb_state dg
+               REG_FIELD_PREP(SNPS_PHY_MPLLB_SSC_UP_SPREAD, 1),
+ };
++static const struct intel_mpllb_state dg2_hdmi_319890 = {
++      .clock = 319890,
++      .ref_control =
++              REG_FIELD_PREP(SNPS_PHY_REF_CONTROL_REF_RANGE, 3),
++      .mpllb_cp =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_INT, 6) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_PROP, 14) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_INT_GS, 64) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_CP_PROP_GS, 124),
++      .mpllb_div =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_DIV5_CLK_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_TX_CLK_DIV, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_PMIX_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_V2I, 2) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FREQ_VCO, 2),
++      .mpllb_div2 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_REF_CLK_DIV, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_MULTIPLIER, 94) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_HDMI_DIV, 1),
++      .mpllb_fracn1 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_CGG_UPDATE_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_EN, 1) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_DEN, 65535),
++      .mpllb_fracn2 =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_QUOT, 64094) |
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_FRACN_REM, 13631),
++      .mpllb_sscen =
++              REG_FIELD_PREP(SNPS_PHY_MPLLB_SSC_UP_SPREAD, 1),
++};
++
+ static const struct intel_mpllb_state dg2_hdmi_497750 = {
+       .clock = 497750,
+       .ref_control =
+@@ -1695,8 +1755,10 @@ static const struct intel_mpllb_state *
+       &dg2_hdmi_209800,
+       &dg2_hdmi_241500,
+       &dg2_hdmi_262750,
++      &dg2_hdmi_267300,
+       &dg2_hdmi_268500,
+       &dg2_hdmi_296703,
++      &dg2_hdmi_319890,
+       &dg2_hdmi_497750,
+       &dg2_hdmi_592000,
+       &dg2_hdmi_593407,
diff --git a/queue-6.1/drm-shmem-helper-remove-another-errant-put-in-error-path.patch b/queue-6.1/drm-shmem-helper-remove-another-errant-put-in-error-path.patch
new file mode 100644 (file)
index 0000000..c12559d
--- /dev/null
@@ -0,0 +1,43 @@
+From ee9adb7a45516cfa536ca92253d7ae59d56db9e4 Mon Sep 17 00:00:00 2001
+From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Date: Mon, 9 Jan 2023 00:13:11 +0300
+Subject: drm/shmem-helper: Remove another errant put in error path
+
+From: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+
+commit ee9adb7a45516cfa536ca92253d7ae59d56db9e4 upstream.
+
+drm_gem_shmem_mmap() doesn't own reference in error code path, resulting
+in the dma-buf shmem GEM object getting prematurely freed leading to a
+later use-after-free.
+
+Fixes: f49a51bfdc8e ("drm/shme-helpers: Fix dma_buf_mmap forwarding bug")
+Cc: stable@vger.kernel.org
+Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
+Reviewed-by: Rob Clark <robdclark@gmail.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230108211311.3950107-1-dmitry.osipenko@collabora.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/drm_gem_shmem_helper.c |    9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+--- a/drivers/gpu/drm/drm_gem_shmem_helper.c
++++ b/drivers/gpu/drm/drm_gem_shmem_helper.c
+@@ -622,11 +622,14 @@ int drm_gem_shmem_mmap(struct drm_gem_sh
+       int ret;
+       if (obj->import_attach) {
+-              /* Drop the reference drm_gem_mmap_obj() acquired.*/
+-              drm_gem_object_put(obj);
+               vma->vm_private_data = NULL;
++              ret = dma_buf_mmap(obj->dma_buf, vma, 0);
++
++              /* Drop the reference drm_gem_mmap_obj() acquired.*/
++              if (!ret)
++                      drm_gem_object_put(obj);
+-              return dma_buf_mmap(obj->dma_buf, vma, 0);
++              return ret;
+       }
+       ret = drm_gem_shmem_get_pages(shmem);
diff --git a/queue-6.1/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch b/queue-6.1/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch
new file mode 100644 (file)
index 0000000..513078f
--- /dev/null
@@ -0,0 +1,49 @@
+From c22f2ff8724b49dce2ae797e9fbf4bc0fa91112f Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan+linaro@kernel.org>
+Date: Mon, 6 Mar 2023 11:32:42 +0100
+Subject: drm/sun4i: fix missing component unbind on bind errors
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+commit c22f2ff8724b49dce2ae797e9fbf4bc0fa91112f upstream.
+
+Make sure to unbind all subcomponents when binding the aggregate device
+fails.
+
+Fixes: 9026e0d122ac ("drm: Add Allwinner A10 Display Engine support")
+Cc: stable@vger.kernel.org      # 4.7
+Cc: Maxime Ripard <mripard@kernel.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Signed-off-by: Maxime Ripard <maxime@cerno.tech>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230306103242.4775-1-johan+linaro@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/gpu/drm/sun4i/sun4i_drv.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/drivers/gpu/drm/sun4i/sun4i_drv.c
++++ b/drivers/gpu/drm/sun4i/sun4i_drv.c
+@@ -95,12 +95,12 @@ static int sun4i_drv_bind(struct device
+       /* drm_vblank_init calls kcalloc, which can fail */
+       ret = drm_vblank_init(drm, drm->mode_config.num_crtc);
+       if (ret)
+-              goto cleanup_mode_config;
++              goto unbind_all;
+       /* Remove early framebuffers (ie. simplefb) */
+       ret = drm_aperture_remove_framebuffers(false, &sun4i_drv_driver);
+       if (ret)
+-              goto cleanup_mode_config;
++              goto unbind_all;
+       sun4i_framebuffer_init(drm);
+@@ -119,6 +119,8 @@ static int sun4i_drv_bind(struct device
+ finish_poll:
+       drm_kms_helper_poll_fini(drm);
++unbind_all:
++      component_unbind_all(dev, NULL);
+ cleanup_mode_config:
+       drm_mode_config_cleanup(drm);
+       of_reserved_mem_device_release(dev);
diff --git a/queue-6.1/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch b/queue-6.1/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
new file mode 100644 (file)
index 0000000..466685b
--- /dev/null
@@ -0,0 +1,57 @@
+From 112e66017bff7f2837030f34c2bc19501e9212d5 Mon Sep 17 00:00:00 2001
+From: Paolo Bonzini <pbonzini@redhat.com>
+Date: Fri, 10 Mar 2023 11:10:56 -0500
+Subject: KVM: nVMX: add missing consistency checks for CR0 and CR4
+
+From: Paolo Bonzini <pbonzini@redhat.com>
+
+commit 112e66017bff7f2837030f34c2bc19501e9212d5 upstream.
+
+The effective values of the guest CR0 and CR4 registers may differ from
+those included in the VMCS12.  In particular, disabling EPT forces
+CR4.PAE=1 and disabling unrestricted guest mode forces CR0.PG=CR0.PE=1.
+
+Therefore, checks on these bits cannot be delegated to the processor
+and must be performed by KVM.
+
+Reported-by: Reima ISHII <ishiir@g.ecc.u-tokyo.ac.jp>
+Cc: stable@vger.kernel.org
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/vmx/nested.c |   10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+--- a/arch/x86/kvm/vmx/nested.c
++++ b/arch/x86/kvm/vmx/nested.c
+@@ -2999,7 +2999,7 @@ static int nested_vmx_check_guest_state(
+                                       struct vmcs12 *vmcs12,
+                                       enum vm_entry_failure_code *entry_failure_code)
+ {
+-      bool ia32e;
++      bool ia32e = !!(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE);
+       *entry_failure_code = ENTRY_FAIL_DEFAULT;
+@@ -3025,6 +3025,13 @@ static int nested_vmx_check_guest_state(
+                                          vmcs12->guest_ia32_perf_global_ctrl)))
+               return -EINVAL;
++      if (CC((vmcs12->guest_cr0 & (X86_CR0_PG | X86_CR0_PE)) == X86_CR0_PG))
++              return -EINVAL;
++
++      if (CC(ia32e && !(vmcs12->guest_cr4 & X86_CR4_PAE)) ||
++          CC(ia32e && !(vmcs12->guest_cr0 & X86_CR0_PG)))
++              return -EINVAL;
++
+       /*
+        * If the load IA32_EFER VM-entry control is 1, the following checks
+        * are performed on the field for the IA32_EFER MSR:
+@@ -3036,7 +3043,6 @@ static int nested_vmx_check_guest_state(
+        */
+       if (to_vmx(vcpu)->nested.nested_run_pending &&
+           (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) {
+-              ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0;
+               if (CC(!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer)) ||
+                   CC(ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA)) ||
+                   CC(((vmcs12->guest_cr0 & X86_CR0_PG) &&
diff --git a/queue-6.1/kvm-svm-fix-a-benign-off-by-one-bug-in-avic-physical-table-mask.patch b/queue-6.1/kvm-svm-fix-a-benign-off-by-one-bug-in-avic-physical-table-mask.patch
new file mode 100644 (file)
index 0000000..bf584a0
--- /dev/null
@@ -0,0 +1,66 @@
+From 3ec7a1b2743c07c45f4a0c508114f6cb410ddef3 Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <seanjc@google.com>
+Date: Tue, 7 Feb 2023 00:21:54 +0000
+Subject: KVM: SVM: Fix a benign off-by-one bug in AVIC physical table mask
+
+From: Sean Christopherson <seanjc@google.com>
+
+commit 3ec7a1b2743c07c45f4a0c508114f6cb410ddef3 upstream.
+
+Define the "physical table max index mask" as bits 8:0, not 9:0.  x2AVIC
+currently supports a max of 512 entries, i.e. the max index is 511, and
+the inputs to GENMASK_ULL() are inclusive.  The bug is benign as bit 9 is
+reserved and never set by KVM, i.e. KVM is just clearing bits that are
+guaranteed to be zero.
+
+Note, as of this writing, APM "Rev. 3.39-October 2022" incorrectly states
+that bits 11:8 are reserved in Table B-1. VMCB Layout, Control Area.  I.e.
+that table wasn't updated when x2AVIC support was added.
+
+Opportunistically fix the comment for the max AVIC ID to align with the
+code, and clean up comment formatting too.
+
+Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
+Cc: stable@vger.kernel.org
+Cc: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+Cc: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Message-Id: <20230207002156.521736-2-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/include/asm/svm.h |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/arch/x86/include/asm/svm.h
++++ b/arch/x86/include/asm/svm.h
+@@ -256,20 +256,22 @@ enum avic_ipi_failure_cause {
+       AVIC_IPI_FAILURE_INVALID_BACKING_PAGE,
+ };
+-#define AVIC_PHYSICAL_MAX_INDEX_MASK  GENMASK_ULL(9, 0)
++#define AVIC_PHYSICAL_MAX_INDEX_MASK  GENMASK_ULL(8, 0)
+ /*
+- * For AVIC, the max index allowed for physical APIC ID
+- * table is 0xff (255).
++ * For AVIC, the max index allowed for physical APIC ID table is 0xfe (254), as
++ * 0xff is a broadcast to all CPUs, i.e. can't be targeted individually.
+  */
+ #define AVIC_MAX_PHYSICAL_ID          0XFEULL
+ /*
+- * For x2AVIC, the max index allowed for physical APIC ID
+- * table is 0x1ff (511).
++ * For x2AVIC, the max index allowed for physical APIC ID table is 0x1ff (511).
+  */
+ #define X2AVIC_MAX_PHYSICAL_ID                0x1FFUL
++static_assert((AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == AVIC_MAX_PHYSICAL_ID);
++static_assert((X2AVIC_MAX_PHYSICAL_ID & AVIC_PHYSICAL_MAX_INDEX_MASK) == X2AVIC_MAX_PHYSICAL_ID);
++
+ #define AVIC_HPA_MASK ~((0xFFFULL << 52) | 0xFFF)
+ #define VMCB_AVIC_APIC_BAR_MASK               0xFFFFFFFFFF000ULL
diff --git a/queue-6.1/kvm-svm-modify-avic-gatag-to-support-max-number-of-512-vcpus.patch b/queue-6.1/kvm-svm-modify-avic-gatag-to-support-max-number-of-512-vcpus.patch
new file mode 100644 (file)
index 0000000..c93af28
--- /dev/null
@@ -0,0 +1,81 @@
+From 5999715922c5a3ede5d8fe2a6b17aba58a157d41 Mon Sep 17 00:00:00 2001
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Date: Tue, 7 Feb 2023 00:21:55 +0000
+Subject: KVM: SVM: Modify AVIC GATag to support max number of 512 vCPUs
+
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+
+commit 5999715922c5a3ede5d8fe2a6b17aba58a157d41 upstream.
+
+Define AVIC_VCPU_ID_MASK based on AVIC_PHYSICAL_MAX_INDEX, i.e. the mask
+that effectively controls the largest guest physical APIC ID supported by
+x2AVIC, instead of hardcoding the number of bits to 8 (and the number of
+VM bits to 24).
+
+The AVIC GATag is programmed into the AMD IOMMU IRTE to provide a
+reference back to KVM in case the IOMMU cannot inject an interrupt into a
+non-running vCPU.  In such a case, the IOMMU notifies software by creating
+a GALog entry with the corresponded GATag, and KVM then uses the GATag to
+find the correct VM+vCPU to kick.  Dropping bit 8 from the GATag results
+in kicking the wrong vCPU when targeting vCPUs with x2APIC ID > 255.
+
+Fixes: 4d1d7942e36a ("KVM: SVM: Introduce logic to (de)activate x2AVIC mode")
+Cc: stable@vger.kernel.org
+Reported-by: Alejandro Jimenez <alejandro.j.jimenez@oracle.com>
+Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Co-developed-by: Sean Christopherson <seanjc@google.com>
+Signed-off-by: Sean Christopherson <seanjc@google.com>
+Reviewed-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Tested-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Message-Id: <20230207002156.521736-3-seanjc@google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kvm/svm/avic.c | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/arch/x86/kvm/svm/avic.c b/arch/x86/kvm/svm/avic.c
+index ca684979e90d..326341a22153 100644
+--- a/arch/x86/kvm/svm/avic.c
++++ b/arch/x86/kvm/svm/avic.c
+@@ -27,19 +27,29 @@
+ #include "irq.h"
+ #include "svm.h"
+-/* AVIC GATAG is encoded using VM and VCPU IDs */
+-#define AVIC_VCPU_ID_BITS             8
+-#define AVIC_VCPU_ID_MASK             ((1 << AVIC_VCPU_ID_BITS) - 1)
++/*
++ * Encode the arbitrary VM ID and the vCPU's default APIC ID, i.e the vCPU ID,
++ * into the GATag so that KVM can retrieve the correct vCPU from a GALog entry
++ * if an interrupt can't be delivered, e.g. because the vCPU isn't running.
++ *
++ * For the vCPU ID, use however many bits are currently allowed for the max
++ * guest physical APIC ID (limited by the size of the physical ID table), and
++ * use whatever bits remain to assign arbitrary AVIC IDs to VMs.  Note, the
++ * size of the GATag is defined by hardware (32 bits), but is an opaque value
++ * as far as hardware is concerned.
++ */
++#define AVIC_VCPU_ID_MASK             AVIC_PHYSICAL_MAX_INDEX_MASK
+-#define AVIC_VM_ID_BITS                       24
+-#define AVIC_VM_ID_NR                 (1 << AVIC_VM_ID_BITS)
+-#define AVIC_VM_ID_MASK                       ((1 << AVIC_VM_ID_BITS) - 1)
++#define AVIC_VM_ID_SHIFT              HWEIGHT32(AVIC_PHYSICAL_MAX_INDEX_MASK)
++#define AVIC_VM_ID_MASK                       (GENMASK(31, AVIC_VM_ID_SHIFT) >> AVIC_VM_ID_SHIFT)
+-#define AVIC_GATAG(x, y)              (((x & AVIC_VM_ID_MASK) << AVIC_VCPU_ID_BITS) | \
++#define AVIC_GATAG(x, y)              (((x & AVIC_VM_ID_MASK) << AVIC_VM_ID_SHIFT) | \
+                                               (y & AVIC_VCPU_ID_MASK))
+-#define AVIC_GATAG_TO_VMID(x)         ((x >> AVIC_VCPU_ID_BITS) & AVIC_VM_ID_MASK)
++#define AVIC_GATAG_TO_VMID(x)         ((x >> AVIC_VM_ID_SHIFT) & AVIC_VM_ID_MASK)
+ #define AVIC_GATAG_TO_VCPUID(x)               (x & AVIC_VCPU_ID_MASK)
++static_assert(AVIC_GATAG(AVIC_VM_ID_MASK, AVIC_VCPU_ID_MASK) == -1u);
++
+ static bool force_avic;
+ module_param_unsafe(force_avic, bool, 0444);
+-- 
+2.40.0
+
diff --git a/queue-6.1/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch b/queue-6.1/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch
new file mode 100644 (file)
index 0000000..3906816
--- /dev/null
@@ -0,0 +1,46 @@
+From 822467a48e938e661965d09df5fcac66f7291050 Mon Sep 17 00:00:00 2001
+From: Geliang Tang <geliang.tang@suse.com>
+Date: Thu, 9 Mar 2023 15:50:02 +0100
+Subject: mptcp: add ro_after_init for tcp{,v6}_prot_override
+
+From: Geliang Tang <geliang.tang@suse.com>
+
+commit 822467a48e938e661965d09df5fcac66f7291050 upstream.
+
+Add __ro_after_init labels for the variables tcp_prot_override and
+tcpv6_prot_override, just like other variables adjacent to them, to
+indicate that they are initialised from the init hooks and no writes
+occur afterwards.
+
+Fixes: b19bc2945b40 ("mptcp: implement delegated actions")
+Cc: stable@vger.kernel.org
+Fixes: 51fa7f8ebf0e ("mptcp: mark ops structures as ro_after_init")
+Signed-off-by: Geliang Tang <geliang.tang@suse.com>
+Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -560,7 +560,7 @@ static struct request_sock_ops mptcp_sub
+ static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init;
+ static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init;
+ static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init;
+-static struct proto tcpv6_prot_override;
++static struct proto tcpv6_prot_override __ro_after_init;
+ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb)
+ {
+@@ -846,7 +846,7 @@ dispose_child:
+ }
+ static struct inet_connection_sock_af_ops subflow_specific __ro_after_init;
+-static struct proto tcp_prot_override;
++static struct proto tcp_prot_override __ro_after_init;
+ enum mapping_status {
+       MAPPING_OK,
diff --git a/queue-6.1/mptcp-avoid-setting-tcp_close-state-twice.patch b/queue-6.1/mptcp-avoid-setting-tcp_close-state-twice.patch
new file mode 100644 (file)
index 0000000..edae50a
--- /dev/null
@@ -0,0 +1,35 @@
+From 3ba14528684f528566fb7d956bfbfb958b591d86 Mon Sep 17 00:00:00 2001
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+Date: Thu, 9 Mar 2023 15:50:03 +0100
+Subject: mptcp: avoid setting TCP_CLOSE state twice
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit 3ba14528684f528566fb7d956bfbfb958b591d86 upstream.
+
+tcp_set_state() is called from tcp_done() already.
+
+There is then no need to first set the state to TCP_CLOSE, then call
+tcp_done().
+
+Fixes: d582484726c4 ("mptcp: fix fallback for MP_JOIN subflows")
+Cc: stable@vger.kernel.org
+Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/362
+Acked-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c |    1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -358,7 +358,6 @@ void mptcp_subflow_reset(struct sock *ss
+       /* must hold: tcp_done() could drop last reference on parent */
+       sock_hold(sk);
+-      tcp_set_state(ssk, TCP_CLOSE);
+       tcp_send_active_reset(ssk, GFP_ATOMIC);
+       tcp_done(ssk);
+       if (!test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &mptcp_sk(sk)->flags) &&
diff --git a/queue-6.1/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch b/queue-6.1/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch
new file mode 100644 (file)
index 0000000..e22b318
--- /dev/null
@@ -0,0 +1,69 @@
+From cee4034a3db1d30c3243dd51506a9d4ab1a849fa Mon Sep 17 00:00:00 2001
+From: Paolo Abeni <pabeni@redhat.com>
+Date: Thu, 9 Mar 2023 15:50:04 +0100
+Subject: mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket()
+
+From: Paolo Abeni <pabeni@redhat.com>
+
+commit cee4034a3db1d30c3243dd51506a9d4ab1a849fa upstream.
+
+Christoph reports a lockdep splat in the mptcp_subflow_create_socket()
+error path, when such function is invoked by
+mptcp_pm_nl_create_listen_socket().
+
+Such code path acquires two separates, nested socket lock, with the
+internal lock operation lacking the "nested" annotation. Adding that
+in sock_release() for mptcp's sake only could be confusing.
+
+Instead just add a new lockclass to the in-kernel msk socket,
+re-initializing the lockdep infra after the socket creation.
+
+Fixes: ad2171009d96 ("mptcp: fix locking for in-kernel listener creation")
+Cc: stable@vger.kernel.org
+Reported-by: Christoph Paasch <cpaasch@apple.com>
+Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/354
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Tested-by: Christoph Paasch <cpaasch@apple.com>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/pm_netlink.c |   16 ++++++++++++++++
+ 1 file changed, 16 insertions(+)
+
+--- a/net/mptcp/pm_netlink.c
++++ b/net/mptcp/pm_netlink.c
+@@ -987,9 +987,13 @@ out:
+       return ret;
+ }
++static struct lock_class_key mptcp_slock_keys[2];
++static struct lock_class_key mptcp_keys[2];
++
+ static int mptcp_pm_nl_create_listen_socket(struct sock *sk,
+                                           struct mptcp_pm_addr_entry *entry)
+ {
++      bool is_ipv6 = sk->sk_family == AF_INET6;
+       int addrlen = sizeof(struct sockaddr_in);
+       struct sockaddr_storage addr;
+       struct socket *ssock;
+@@ -1006,6 +1010,18 @@ static int mptcp_pm_nl_create_listen_soc
+       if (!newsk)
+               return -EINVAL;
++      /* The subflow socket lock is acquired in a nested to the msk one
++       * in several places, even by the TCP stack, and this msk is a kernel
++       * socket: lockdep complains. Instead of propagating the _nested
++       * modifiers in several places, re-init the lock class for the msk
++       * socket to an mptcp specific one.
++       */
++      sock_lock_init_class_and_name(newsk,
++                                    is_ipv6 ? "mlock-AF_INET6" : "mlock-AF_INET",
++                                    &mptcp_slock_keys[is_ipv6],
++                                    is_ipv6 ? "msk_lock-AF_INET6" : "msk_lock-AF_INET",
++                                    &mptcp_keys[is_ipv6]);
++
+       lock_sock(newsk);
+       ssock = __mptcp_nmpc_socket(mptcp_sk(newsk));
+       release_sock(newsk);
diff --git a/queue-6.1/mptcp-fix-possible-deadlock-in-subflow_error_report.patch b/queue-6.1/mptcp-fix-possible-deadlock-in-subflow_error_report.patch
new file mode 100644 (file)
index 0000000..49c4b12
--- /dev/null
@@ -0,0 +1,54 @@
+From b7a679ba7c652587b85294f4953f33ac0b756d40 Mon Sep 17 00:00:00 2001
+From: Paolo Abeni <pabeni@redhat.com>
+Date: Thu, 9 Mar 2023 15:49:57 +0100
+Subject: mptcp: fix possible deadlock in subflow_error_report
+
+From: Paolo Abeni <pabeni@redhat.com>
+
+commit b7a679ba7c652587b85294f4953f33ac0b756d40 upstream.
+
+Christoph reported a possible deadlock while the TCP stack
+destroys an unaccepted subflow due to an incoming reset: the
+MPTCP socket error path tries to acquire the msk-level socket
+lock while TCP still owns the listener socket accept queue
+spinlock, and the reverse dependency already exists in the
+TCP stack.
+
+Note that the above is actually a lockdep false positive, as
+the chain involves two separate sockets. A different per-socket
+lockdep key will address the issue, but such a change will be
+quite invasive.
+
+Instead, we can simply stop earlier the socket error handling
+for orphaned or unaccepted subflows, breaking the critical
+lockdep chain. Error handling in such a scenario is a no-op.
+
+Reported-and-tested-by: Christoph Paasch <cpaasch@apple.com>
+Fixes: 15cc10453398 ("mptcp: deliver ssk errors to msk")
+Cc: stable@vger.kernel.org
+Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/355
+Signed-off-by: Paolo Abeni <pabeni@redhat.com>
+Reviewed-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c |    7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -1376,6 +1376,13 @@ static void subflow_error_report(struct
+ {
+       struct sock *sk = mptcp_subflow_ctx(ssk)->conn;
++      /* bail early if this is a no-op, so that we avoid introducing a
++       * problematic lockdep dependency between TCP accept queue lock
++       * and msk socket spinlock
++       */
++      if (!sk->sk_socket)
++              return;
++
+       mptcp_data_lock(sk);
+       if (!sock_owned_by_user(sk))
+               __mptcp_error_report(sk);
diff --git a/queue-6.1/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch b/queue-6.1/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch
new file mode 100644 (file)
index 0000000..f9cef2e
--- /dev/null
@@ -0,0 +1,139 @@
+From e921050022f1f12d5029d1487a7dfc46cde15523 Mon Sep 17 00:00:00 2001
+From: Sergey Matyukevich <sergey.matyukevich@syntacore.com>
+Date: Sun, 26 Feb 2023 18:01:36 +0300
+Subject: Revert "riscv: mm: notify remote harts about mmu cache updates"
+
+From: Sergey Matyukevich <sergey.matyukevich@syntacore.com>
+
+commit e921050022f1f12d5029d1487a7dfc46cde15523 upstream.
+
+This reverts the remaining bits of commit 4bd1d80efb5a ("riscv: mm:
+notify remote harts harts about mmu cache updates").
+
+According to bug reports, suggested approach to fix stale TLB entries
+is not sufficient. It needs to be replaced by a more robust solution.
+
+Fixes: 4bd1d80efb5a ("riscv: mm: notify remote harts about mmu cache updates")
+Reported-by: Zong Li <zong.li@sifive.com>
+Reported-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
+Signed-off-by: Sergey Matyukevich <sergey.matyukevich@syntacore.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Guo Ren <guoren@kernel.org>
+Link: https://lore.kernel.org/r/20230226150137.1919750-2-geomatsi@gmail.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/include/asm/mmu.h      |    2 --
+ arch/riscv/include/asm/tlbflush.h |   18 ------------------
+ arch/riscv/mm/context.c           |   10 ----------
+ arch/riscv/mm/tlbflush.c          |   28 +++++++++++++++++-----------
+ 4 files changed, 17 insertions(+), 41 deletions(-)
+
+--- a/arch/riscv/include/asm/mmu.h
++++ b/arch/riscv/include/asm/mmu.h
+@@ -19,8 +19,6 @@ typedef struct {
+ #ifdef CONFIG_SMP
+       /* A local icache flush is needed before user execution can resume. */
+       cpumask_t icache_stale_mask;
+-      /* A local tlb flush is needed before user execution can resume. */
+-      cpumask_t tlb_stale_mask;
+ #endif
+ } mm_context_t;
+--- a/arch/riscv/include/asm/tlbflush.h
++++ b/arch/riscv/include/asm/tlbflush.h
+@@ -22,24 +22,6 @@ static inline void local_flush_tlb_page(
+ {
+       ALT_FLUSH_TLB_PAGE(__asm__ __volatile__ ("sfence.vma %0" : : "r" (addr) : "memory"));
+ }
+-
+-static inline void local_flush_tlb_all_asid(unsigned long asid)
+-{
+-      __asm__ __volatile__ ("sfence.vma x0, %0"
+-                      :
+-                      : "r" (asid)
+-                      : "memory");
+-}
+-
+-static inline void local_flush_tlb_page_asid(unsigned long addr,
+-              unsigned long asid)
+-{
+-      __asm__ __volatile__ ("sfence.vma %0, %1"
+-                      :
+-                      : "r" (addr), "r" (asid)
+-                      : "memory");
+-}
+-
+ #else /* CONFIG_MMU */
+ #define local_flush_tlb_all()                 do { } while (0)
+ #define local_flush_tlb_page(addr)            do { } while (0)
+--- a/arch/riscv/mm/context.c
++++ b/arch/riscv/mm/context.c
+@@ -196,16 +196,6 @@ switch_mm_fast:
+       if (need_flush_tlb)
+               local_flush_tlb_all();
+-#ifdef CONFIG_SMP
+-      else {
+-              cpumask_t *mask = &mm->context.tlb_stale_mask;
+-
+-              if (cpumask_test_cpu(cpu, mask)) {
+-                      cpumask_clear_cpu(cpu, mask);
+-                      local_flush_tlb_all_asid(cntx & asid_mask);
+-              }
+-      }
+-#endif
+ }
+ static void set_mm_noasid(struct mm_struct *mm)
+--- a/arch/riscv/mm/tlbflush.c
++++ b/arch/riscv/mm/tlbflush.c
+@@ -5,7 +5,23 @@
+ #include <linux/sched.h>
+ #include <asm/sbi.h>
+ #include <asm/mmu_context.h>
+-#include <asm/tlbflush.h>
++
++static inline void local_flush_tlb_all_asid(unsigned long asid)
++{
++      __asm__ __volatile__ ("sfence.vma x0, %0"
++                      :
++                      : "r" (asid)
++                      : "memory");
++}
++
++static inline void local_flush_tlb_page_asid(unsigned long addr,
++              unsigned long asid)
++{
++      __asm__ __volatile__ ("sfence.vma %0, %1"
++                      :
++                      : "r" (addr), "r" (asid)
++                      : "memory");
++}
+ void flush_tlb_all(void)
+ {
+@@ -15,7 +31,6 @@ void flush_tlb_all(void)
+ static void __sbi_tlb_flush_range(struct mm_struct *mm, unsigned long start,
+                                 unsigned long size, unsigned long stride)
+ {
+-      struct cpumask *pmask = &mm->context.tlb_stale_mask;
+       struct cpumask *cmask = mm_cpumask(mm);
+       unsigned int cpuid;
+       bool broadcast;
+@@ -29,15 +44,6 @@ static void __sbi_tlb_flush_range(struct
+       if (static_branch_unlikely(&use_asid_allocator)) {
+               unsigned long asid = atomic_long_read(&mm->context.id);
+-              /*
+-               * TLB will be immediately flushed on harts concurrently
+-               * executing this MM context. TLB flush on other harts
+-               * is deferred until this MM context migrates there.
+-               */
+-              cpumask_setall(pmask);
+-              cpumask_clear_cpu(cpuid, pmask);
+-              cpumask_andnot(pmask, pmask, cmask);
+-
+               if (broadcast) {
+                       sbi_remote_sfence_vma_asid(cmask, start, size, asid);
+               } else if (size <= stride) {
diff --git a/queue-6.1/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch b/queue-6.1/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch
new file mode 100644 (file)
index 0000000..758c236
--- /dev/null
@@ -0,0 +1,139 @@
+From 82dd33fde0268cc622d3d1ac64971f3f61634142 Mon Sep 17 00:00:00 2001
+From: Guo Ren <guoren@linux.alibaba.com>
+Date: Sun, 26 Feb 2023 18:01:37 +0300
+Subject: riscv: asid: Fixup stale TLB entry cause application crash
+
+From: Guo Ren <guoren@linux.alibaba.com>
+
+commit 82dd33fde0268cc622d3d1ac64971f3f61634142 upstream.
+
+After use_asid_allocator is enabled, the userspace application will
+crash by stale TLB entries. Because only using cpumask_clear_cpu without
+local_flush_tlb_all couldn't guarantee CPU's TLB entries were fresh.
+Then set_mm_asid would cause the user space application to get a stale
+value by stale TLB entry, but set_mm_noasid is okay.
+
+Here is the symptom of the bug:
+unhandled signal 11 code 0x1 (coredump)
+   0x0000003fd6d22524 <+4>:     auipc   s0,0x70
+   0x0000003fd6d22528 <+8>:     ld      s0,-148(s0) # 0x3fd6d92490
+=> 0x0000003fd6d2252c <+12>:    ld      a5,0(s0)
+(gdb) i r s0
+s0          0x8082ed1cc3198b21       0x8082ed1cc3198b21
+(gdb) x /2x 0x3fd6d92490
+0x3fd6d92490:   0xd80ac8a8      0x0000003f
+The core dump file shows that register s0 is wrong, but the value in
+memory is correct. Because 'ld s0, -148(s0)' used a stale mapping entry
+in TLB and got a wrong result from an incorrect physical address.
+
+When the task ran on CPU0, which loaded/speculative-loaded the value of
+address(0x3fd6d92490), then the first version of the mapping entry was
+PTWed into CPU0's TLB.
+When the task switched from CPU0 to CPU1 (No local_tlb_flush_all here by
+asid), it happened to write a value on the address (0x3fd6d92490). It
+caused do_page_fault -> wp_page_copy -> ptep_clear_flush ->
+ptep_get_and_clear & flush_tlb_page.
+The flush_tlb_page used mm_cpumask(mm) to determine which CPUs need TLB
+flush, but CPU0 had cleared the CPU0's mm_cpumask in the previous
+switch_mm. So we only flushed the CPU1 TLB and set the second version
+mapping of the PTE. When the task switched from CPU1 to CPU0 again, CPU0
+still used a stale TLB mapping entry which contained a wrong target
+physical address. It raised a bug when the task happened to read that
+value.
+
+   CPU0                               CPU1
+   - switch 'task' in
+   - read addr (Fill stale mapping
+     entry into TLB)
+   - switch 'task' out (no tlb_flush)
+                                      - switch 'task' in (no tlb_flush)
+                                      - write addr cause pagefault
+                                        do_page_fault() (change to
+                                        new addr mapping)
+                                          wp_page_copy()
+                                            ptep_clear_flush()
+                                              ptep_get_and_clear()
+                                              & flush_tlb_page()
+                                        write new value into addr
+                                      - switch 'task' out (no tlb_flush)
+   - switch 'task' in (no tlb_flush)
+   - read addr again (Use stale
+     mapping entry in TLB)
+     get wrong value from old phyical
+     addr, BUG!
+
+The solution is to keep all CPUs' footmarks of cpumask(mm) in switch_mm,
+which could guarantee to invalidate all stale TLB entries during TLB
+flush.
+
+Fixes: 65d4b9c53017 ("RISC-V: Implement ASID allocator")
+Signed-off-by: Guo Ren <guoren@linux.alibaba.com>
+Signed-off-by: Guo Ren <guoren@kernel.org>
+Tested-by: Lad Prabhakar <prabhakar.mahadev-lad.rj@bp.renesas.com>
+Tested-by: Zong Li <zong.li@sifive.com>
+Tested-by: Sergey Matyukevich <sergey.matyukevich@syntacore.com>
+Cc: Anup Patel <apatel@ventanamicro.com>
+Cc: Palmer Dabbelt <palmer@rivosinc.com>
+Cc: stable@vger.kernel.org
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Link: https://lore.kernel.org/r/20230226150137.1919750-3-geomatsi@gmail.com
+Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/riscv/mm/context.c |   30 ++++++++++++++++++++----------
+ 1 file changed, 20 insertions(+), 10 deletions(-)
+
+--- a/arch/riscv/mm/context.c
++++ b/arch/riscv/mm/context.c
+@@ -205,12 +205,24 @@ static void set_mm_noasid(struct mm_stru
+       local_flush_tlb_all();
+ }
+-static inline void set_mm(struct mm_struct *mm, unsigned int cpu)
++static inline void set_mm(struct mm_struct *prev,
++                        struct mm_struct *next, unsigned int cpu)
+ {
+-      if (static_branch_unlikely(&use_asid_allocator))
+-              set_mm_asid(mm, cpu);
+-      else
+-              set_mm_noasid(mm);
++      /*
++       * The mm_cpumask indicates which harts' TLBs contain the virtual
++       * address mapping of the mm. Compared to noasid, using asid
++       * can't guarantee that stale TLB entries are invalidated because
++       * the asid mechanism wouldn't flush TLB for every switch_mm for
++       * performance. So when using asid, keep all CPUs footmarks in
++       * cpumask() until mm reset.
++       */
++      cpumask_set_cpu(cpu, mm_cpumask(next));
++      if (static_branch_unlikely(&use_asid_allocator)) {
++              set_mm_asid(next, cpu);
++      } else {
++              cpumask_clear_cpu(cpu, mm_cpumask(prev));
++              set_mm_noasid(next);
++      }
+ }
+ static int __init asids_init(void)
+@@ -264,7 +276,8 @@ static int __init asids_init(void)
+ }
+ early_initcall(asids_init);
+ #else
+-static inline void set_mm(struct mm_struct *mm, unsigned int cpu)
++static inline void set_mm(struct mm_struct *prev,
++                        struct mm_struct *next, unsigned int cpu)
+ {
+       /* Nothing to do here when there is no MMU */
+ }
+@@ -317,10 +330,7 @@ void switch_mm(struct mm_struct *prev, s
+        */
+       cpu = smp_processor_id();
+-      cpumask_clear_cpu(cpu, mm_cpumask(prev));
+-      cpumask_set_cpu(cpu, mm_cpumask(next));
+-
+-      set_mm(next, cpu);
++      set_mm(prev, next, cpu);
+       flush_icache_deferred(next, cpu);
+ }
index abb010420122c46263da107702ef856e359b56a6..c77f48cf3aa292c7ee79c88e40ca617e8b608124 100644 (file)
@@ -140,3 +140,28 @@ interconnect-exynos-fix-node-leak-in-probe-pm-qos-error-path.patch
 interconnect-exynos-fix-registration-race.patch
 md-select-block_legacy_autoload.patch
 cifs-generate-signkey-for-the-channel-that-s-reconnecting.patch
+tracing-make-splice_read-available-again.patch
+tracing-check-field-value-in-hist_field_name.patch
+tracing-make-tracepoint-lockdep-check-actually-test-something.patch
+cifs-fix-smb2_set_path_size.patch
+kvm-svm-fix-a-benign-off-by-one-bug-in-avic-physical-table-mask.patch
+kvm-svm-modify-avic-gatag-to-support-max-number-of-512-vcpus.patch
+kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch
+alsa-hda-intel-dsp-config-add-mtl-pci-id.patch
+alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch
+alsa-hda-realtek-fix-speaker-mute-micmute-leds-not-work-on-a-hp-platform.patch
+revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch
+riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch
+drm-shmem-helper-remove-another-errant-put-in-error-path.patch
+drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch
+drm-i915-active-fix-misuse-of-non-idle-barriers-as-fence-trackers.patch
+drm-i915-dg2-add-hdmi-pixel-clock-frequencies-267.30-and-319.89-mhz.patch
+drm-amdgpu-don-t-resume-iommu-after-incomplete-init.patch
+drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch
+drm-amd-pm-bump-smu-13.0.4-driver_if-header-version.patch
+drm-amd-display-do-not-set-drr-on-pipe-commit.patch
+drm-amd-display-disconnect-mpcc-only-on-otg-change.patch
+mptcp-fix-possible-deadlock-in-subflow_error_report.patch
+mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch
+mptcp-avoid-setting-tcp_close-state-twice.patch
+mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch
diff --git a/queue-6.1/tracing-check-field-value-in-hist_field_name.patch b/queue-6.1/tracing-check-field-value-in-hist_field_name.patch
new file mode 100644 (file)
index 0000000..4094d65
--- /dev/null
@@ -0,0 +1,43 @@
+From 9f116f76fa8c04c81aef33ad870dbf9a158e5b70 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Wed, 1 Mar 2023 20:00:53 -0500
+Subject: tracing: Check field value in hist_field_name()
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit 9f116f76fa8c04c81aef33ad870dbf9a158e5b70 upstream.
+
+The function hist_field_name() cannot handle being passed a NULL field
+parameter. It should never be NULL, but due to a previous bug, NULL was
+passed to the function and the kernel crashed due to a NULL dereference.
+Mark Rutland reported this to me on IRC.
+
+The bug was fixed, but to prevent future bugs from crashing the kernel,
+check the field and add a WARN_ON() if it is NULL.
+
+Link: https://lkml.kernel.org/r/20230302020810.762384440@goodmis.org
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Reported-by: Mark Rutland <mark.rutland@arm.com>
+Fixes: c6afad49d127f ("tracing: Add hist trigger 'sym' and 'sym-offset' modifiers")
+Tested-by: Mark Rutland <mark.rutland@arm.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace_events_hist.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/kernel/trace/trace_events_hist.c
++++ b/kernel/trace/trace_events_hist.c
+@@ -1330,6 +1330,9 @@ static const char *hist_field_name(struc
+ {
+       const char *field_name = "";
++      if (WARN_ON_ONCE(!field))
++              return field_name;
++
+       if (level > 1)
+               return field_name;
diff --git a/queue-6.1/tracing-make-splice_read-available-again.patch b/queue-6.1/tracing-make-splice_read-available-again.patch
new file mode 100644 (file)
index 0000000..9d19c2d
--- /dev/null
@@ -0,0 +1,40 @@
+From e400be674a1a40e9dcb2e95f84d6c1fd2d88f31d Mon Sep 17 00:00:00 2001
+From: Sung-hun Kim <sfoon.kim@samsung.com>
+Date: Tue, 14 Mar 2023 10:37:07 +0900
+Subject: tracing: Make splice_read available again
+
+From: Sung-hun Kim <sfoon.kim@samsung.com>
+
+commit e400be674a1a40e9dcb2e95f84d6c1fd2d88f31d upstream.
+
+Since the commit 36e2c7421f02 ("fs: don't allow splice read/write
+without explicit ops") is applied to the kernel, splice() and
+sendfile() calls on the trace file (/sys/kernel/debug/tracing
+/trace) return EINVAL.
+
+This patch restores these system calls by initializing splice_read
+in file_operations of the trace file. This patch only enables such
+functionalities for the read case.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20230314013707.28814-1-sfoon.kim@samsung.com
+
+Cc: stable@vger.kernel.org
+Fixes: 36e2c7421f02 ("fs: don't allow splice read/write without explicit ops")
+Signed-off-by: Sung-hun Kim <sfoon.kim@samsung.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/trace.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -5120,6 +5120,8 @@ loff_t tracing_lseek(struct file *file,
+ static const struct file_operations tracing_fops = {
+       .open           = tracing_open,
+       .read           = seq_read,
++      .read_iter      = seq_read_iter,
++      .splice_read    = generic_file_splice_read,
+       .write          = tracing_write_stub,
+       .llseek         = tracing_lseek,
+       .release        = tracing_release,
diff --git a/queue-6.1/tracing-make-tracepoint-lockdep-check-actually-test-something.patch b/queue-6.1/tracing-make-tracepoint-lockdep-check-actually-test-something.patch
new file mode 100644 (file)
index 0000000..abd610e
--- /dev/null
@@ -0,0 +1,86 @@
+From c2679254b9c9980d9045f0f722cf093a2b1f7590 Mon Sep 17 00:00:00 2001
+From: "Steven Rostedt (Google)" <rostedt@goodmis.org>
+Date: Fri, 10 Mar 2023 17:28:56 -0500
+Subject: tracing: Make tracepoint lockdep check actually test something
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+commit c2679254b9c9980d9045f0f722cf093a2b1f7590 upstream.
+
+A while ago where the trace events had the following:
+
+   rcu_read_lock_sched_notrace();
+   rcu_dereference_sched(...);
+   rcu_read_unlock_sched_notrace();
+
+If the tracepoint is enabled, it could trigger RCU issues if called in
+the wrong place. And this warning was only triggered if lockdep was
+enabled. If the tracepoint was never enabled with lockdep, the bug would
+not be caught. To handle this, the above sequence was done when lockdep
+was enabled regardless if the tracepoint was enabled or not (although the
+always enabled code really didn't do anything, it would still trigger a
+warning).
+
+But a lot has changed since that lockdep code was added. One is, that
+sequence no longer triggers any warning. Another is, the tracepoint when
+enabled doesn't even do that sequence anymore.
+
+The main check we care about today is whether RCU is "watching" or not.
+So if lockdep is enabled, always check if rcu_is_watching() which will
+trigger a warning if it is not (tracepoints require RCU to be watching).
+
+Note, that old sequence did add a bit of overhead when lockdep was enabled,
+and with the latest kernel updates, would cause the system to slow down
+enough to trigger kernel "stalled" warnings.
+
+Link: http://lore.kernel.org/lkml/20140806181801.GA4605@redhat.com
+Link: http://lore.kernel.org/lkml/20140807175204.C257CAC5@viggo.jf.intel.com
+Link: https://lore.kernel.org/lkml/20230307184645.521db5c9@gandalf.local.home/
+Link: https://lore.kernel.org/linux-trace-kernel/20230310172856.77406446@gandalf.local.home
+
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Dave Hansen <dave.hansen@linux.intel.com>
+Cc: "Paul E. McKenney" <paulmck@kernel.org>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Joel Fernandes <joel@joelfernandes.org>
+Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Acked-by: Paul E. McKenney <paulmck@kernel.org>
+Fixes: e6753f23d961 ("tracepoint: Make rcuidle tracepoint callers use SRCU")
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/linux/tracepoint.h |   15 ++++++---------
+ 1 file changed, 6 insertions(+), 9 deletions(-)
+
+--- a/include/linux/tracepoint.h
++++ b/include/linux/tracepoint.h
+@@ -231,12 +231,11 @@ static inline struct tracepoint *tracepo
+  * not add unwanted padding between the beginning of the section and the
+  * structure. Force alignment to the same alignment as the section start.
+  *
+- * When lockdep is enabled, we make sure to always do the RCU portions of
+- * the tracepoint code, regardless of whether tracing is on. However,
+- * don't check if the condition is false, due to interaction with idle
+- * instrumentation. This lets us find RCU issues triggered with tracepoints
+- * even when this tracepoint is off. This code has no purpose other than
+- * poking RCU a bit.
++ * When lockdep is enabled, we make sure to always test if RCU is
++ * "watching" regardless if the tracepoint is enabled or not. Tracepoints
++ * require RCU to be active, and it should always warn at the tracepoint
++ * site if it is not watching, as it will need to be active when the
++ * tracepoint is enabled.
+  */
+ #define __DECLARE_TRACE(name, proto, args, cond, data_proto)          \
+       extern int __traceiter_##name(data_proto);                      \
+@@ -249,9 +248,7 @@ static inline struct tracepoint *tracepo
+                               TP_ARGS(args),                          \
+                               TP_CONDITION(cond), 0);                 \
+               if (IS_ENABLED(CONFIG_LOCKDEP) && (cond)) {             \
+-                      rcu_read_lock_sched_notrace();                  \
+-                      rcu_dereference_sched(__tracepoint_##name.funcs);\
+-                      rcu_read_unlock_sched_notrace();                \
++                      WARN_ON_ONCE(!rcu_is_watching());               \
+               }                                                       \
+       }                                                               \
+       __DECLARE_TRACE_RCU(name, PARAMS(proto), PARAMS(args),          \