From: Sasha Levin Date: Sun, 19 Dec 2021 03:02:45 +0000 (-0500) Subject: Fixes for 5.4 X-Git-Tag: v4.4.296~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=040211b3b2cdd3e5f62a0ec053865468bc594d8a;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/arm-socfpga-dts-fix-qspi-node-compatible.patch b/queue-5.4/arm-socfpga-dts-fix-qspi-node-compatible.patch new file mode 100644 index 00000000000..fc27b3ac48a --- /dev/null +++ b/queue-5.4/arm-socfpga-dts-fix-qspi-node-compatible.patch @@ -0,0 +1,128 @@ +From 8744bdb1da488551ecb522eaf9b3f7ae8571eb74 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Nov 2021 19:36:30 -0500 +Subject: ARM: socfpga: dts: fix qspi node compatible + +From: Dinh Nguyen + +[ Upstream commit cb25b11943cbcc5a34531129952870420f8be858 ] + +The QSPI flash node needs to have the required "jedec,spi-nor" in the +compatible string. + +Fixes: 1df99da8953 ("ARM: dts: socfpga: Enable QSPI in Arria10 devkit") +Signed-off-by: Dinh Nguyen +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts | 2 +- + arch/arm/boot/dts/socfpga_arria5_socdk.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_socdk.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_sockit.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_socrates.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_sodia.dts | 2 +- + arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts | 4 ++-- + 7 files changed, 8 insertions(+), 8 deletions(-) + +diff --git a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts +index b4c0a76a4d1af..4c2fcfcc7baed 100644 +--- a/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts ++++ b/arch/arm/boot/dts/socfpga_arria10_socdk_qspi.dts +@@ -12,7 +12,7 @@ &qspi { + flash0: n25q00@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00aa"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_arria5_socdk.dts b/arch/arm/boot/dts/socfpga_arria5_socdk.dts +index 90e676e7019f2..1b02d46496a85 100644 +--- a/arch/arm/boot/dts/socfpga_arria5_socdk.dts ++++ b/arch/arm/boot/dts/socfpga_arria5_socdk.dts +@@ -119,7 +119,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q256a"; ++ compatible = "micron,n25q256a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts +index 6f138b2b26163..51bb436784e24 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_socdk.dts +@@ -124,7 +124,7 @@ &qspi { + flash0: n25q00@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; /* chip select */ + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts +index c155ff02eb6e0..cae9ddd5ed38b 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_sockit.dts +@@ -169,7 +169,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts +index 8d5d3996f6f27..ca18b959e6559 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_socrates.dts +@@ -80,7 +80,7 @@ &qspi { + flash: flash@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q256a"; ++ compatible = "micron,n25q256a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + m25p,fast-read; +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts +index 99a71757cdf46..3f7aa7bf0863a 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_sodia.dts +@@ -116,7 +116,7 @@ &qspi { + flash0: n25q512a@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q512a"; ++ compatible = "micron,n25q512a", "jedec,spi-nor"; + reg = <0>; + spi-max-frequency = <100000000>; + +diff --git a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts +index a060718758b67..25874e1b9c829 100644 +--- a/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts ++++ b/arch/arm/boot/dts/socfpga_cyclone5_vining_fpga.dts +@@ -224,7 +224,7 @@ &qspi { + n25q128@0 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q128"; ++ compatible = "micron,n25q128", "jedec,spi-nor"; + reg = <0>; /* chip select */ + spi-max-frequency = <100000000>; + m25p,fast-read; +@@ -241,7 +241,7 @@ n25q128@0 { + n25q00@1 { + #address-cells = <1>; + #size-cells = <1>; +- compatible = "n25q00"; ++ compatible = "micron,mt25qu02g", "jedec,spi-nor"; + reg = <1>; /* chip select */ + spi-max-frequency = <100000000>; + m25p,fast-read; +-- +2.33.0 + diff --git a/queue-5.4/arm64-dts-rockchip-fix-audio-supply-for-rock-pi-4.patch b/queue-5.4/arm64-dts-rockchip-fix-audio-supply-for-rock-pi-4.patch new file mode 100644 index 00000000000..1ec257fd3b2 --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-fix-audio-supply-for-rock-pi-4.patch @@ -0,0 +1,46 @@ +From 5782a72dc275f39b510b38229646f88d922f2c45 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 27 Oct 2021 16:37:25 +0200 +Subject: arm64: dts: rockchip: fix audio-supply for Rock Pi 4 + +From: Alex Bee + +[ Upstream commit 8240e87f16d17a9592c9d67857a3dcdbcb98f10d ] + +As stated in the schematics [1] and [2] P5 the APIO5 domain is supplied +by RK808-D Buck4, which in our case vcc1v8_codec - i.e. a 1.8 V regulator. + +Currently only white noise comes from the ES8316's output, which - for +whatever reason - came up only after the the correct switch from i2s0_8ch_bus +to i2s0_2ch_bus for i2s0's pinctrl was done. + +Fix this by setting the correct regulator for audio-supply. + +[1] https://dl.radxa.com/rockpi4/docs/hw/rockpi4/rockpi4_v13_sch_20181112.pdf +[2] https://dl.radxa.com/rockpi4/docs/hw/rockpi4/rockpi_4c_v12_sch_20200620.pdf + +Fixes: 1b5715c602fd ("arm64: dts: rockchip: add ROCK Pi 4 DTS support") +Signed-off-by: Alex Bee +Link: https://lore.kernel.org/r/20211027143726.165809-1-knaerzche@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts b/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts +index 1ae1ebd4efdd0..da3b031d4befa 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dts +@@ -452,7 +452,7 @@ &io_domains { + status = "okay"; + + bt656-supply = <&vcc_3v0>; +- audio-supply = <&vcc_3v0>; ++ audio-supply = <&vcc1v8_codec>; + sdmmc-supply = <&vcc_sdio>; + gpio1830-supply = <&vcc_3v0>; + }; +-- +2.33.0 + diff --git a/queue-5.4/arm64-dts-rockchip-fix-rk3399-leez-p710-vcc3v3-lan-s.patch b/queue-5.4/arm64-dts-rockchip-fix-rk3399-leez-p710-vcc3v3-lan-s.patch new file mode 100644 index 00000000000..5f449b5b368 --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-fix-rk3399-leez-p710-vcc3v3-lan-s.patch @@ -0,0 +1,38 @@ +From 4bb97af5f586ab60ac81817537fb4bdf76f46cd4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Nov 2021 18:29:08 +0000 +Subject: arm64: dts: rockchip: fix rk3399-leez-p710 vcc3v3-lan supply + +From: John Keeping + +[ Upstream commit 2b454a90e2ccdd6e03f88f930036da4df577be76 ] + +Correct a typo in the vin-supply property. The input supply is +always-on, so this mistake doesn't affect whether the supply is actually +enabled correctly. + +Fixes: fc702ed49a86 ("arm64: dts: rockchip: Add dts for Leez RK3399 P710 SBC") +Signed-off-by: John Keeping +Link: https://lore.kernel.org/r/20211102182908.3409670-3-john@metanate.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399-leez-p710.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-leez-p710.dts b/arch/arm64/boot/dts/rockchip/rk3399-leez-p710.dts +index 73be38a537960..a72e77c261ef3 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-leez-p710.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3399-leez-p710.dts +@@ -49,7 +49,7 @@ vcc3v3_lan: vcc3v3-lan { + regulator-boot-on; + regulator-min-microvolt = <3300000>; + regulator-max-microvolt = <3300000>; +- vim-supply = <&vcc3v3_sys>; ++ vin-supply = <&vcc3v3_sys>; + }; + + vcc3v3_sys: vcc3v3-sys { +-- +2.33.0 + diff --git a/queue-5.4/arm64-dts-rockchip-remove-mmc-hs400-enhanced-strobe-.patch b/queue-5.4/arm64-dts-rockchip-remove-mmc-hs400-enhanced-strobe-.patch new file mode 100644 index 00000000000..137ca0b3bec --- /dev/null +++ b/queue-5.4/arm64-dts-rockchip-remove-mmc-hs400-enhanced-strobe-.patch @@ -0,0 +1,62 @@ +From bf1a935d92c14ca918ad128fc6c80f1f6382d2f5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Nov 2021 16:33:21 +0800 +Subject: arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from + rk3399-khadas-edge + +From: Artem Lapkin + +[ Upstream commit 6dd0053683804427529ef3523f7872f473440a19 ] + +Remove mmc-hs400-enhanced-strobe from the rk3399-khadas-edge dts to +improve compatibility with a wider range of eMMC chips. + +Before (BJTD4R 29.1 GiB): + +[ 7.001493] mmc2: CQHCI version 5.10 +[ 7.027971] mmc2: SDHCI controller on fe330000.mmc [fe330000.mmc] using ADMA +....... +[ 7.207086] mmc2: mmc_select_hs400es failed, error -110 +[ 7.207129] mmc2: error -110 whilst initialising MMC card +[ 7.308893] mmc2: mmc_select_hs400es failed, error -110 +[ 7.308921] mmc2: error -110 whilst initialising MMC card +[ 7.427524] mmc2: mmc_select_hs400es failed, error -110 +[ 7.427546] mmc2: error -110 whilst initialising MMC card +[ 7.590993] mmc2: mmc_select_hs400es failed, error -110 +[ 7.591012] mmc2: error -110 whilst initialising MMC card + +After: + +[ 6.960785] mmc2: CQHCI version 5.10 +[ 6.984672] mmc2: SDHCI controller on fe330000.mmc [fe330000.mmc] using ADMA +[ 7.175021] mmc2: Command Queue Engine enabled +[ 7.175053] mmc2: new HS400 MMC card at address 0001 +[ 7.175808] mmcblk2: mmc2:0001 BJTD4R 29.1 GiB +[ 7.176033] mmcblk2boot0: mmc2:0001 BJTD4R 4.00 MiB +[ 7.176245] mmcblk2boot1: mmc2:0001 BJTD4R 4.00 MiB +[ 7.176495] mmcblk2rpmb: mmc2:0001 BJTD4R 4.00 MiB, chardev (242:0) + +Fixes: c2aacceedc86 ("arm64: dts: rockchip: Add support for Khadas Edge/Edge-V/Captain boards") +Signed-off-by: Artem Lapkin +Link: https://lore.kernel.org/r/20211115083321.2627461-1-art@khadas.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/rockchip/rk3399-khadas-edge.dtsi | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/rk3399-khadas-edge.dtsi b/arch/arm64/boot/dts/rockchip/rk3399-khadas-edge.dtsi +index e87a04477440e..292ca70c512b5 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3399-khadas-edge.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399-khadas-edge.dtsi +@@ -685,7 +685,6 @@ &sdmmc { + &sdhci { + bus-width = <8>; + mmc-hs400-1_8v; +- mmc-hs400-enhanced-strobe; + non-removable; + status = "okay"; + }; +-- +2.33.0 + diff --git a/queue-5.4/clk-don-t-parent-clks-until-the-parent-is-fully-regi.patch b/queue-5.4/clk-don-t-parent-clks-until-the-parent-is-fully-regi.patch new file mode 100644 index 00000000000..924618f0e4e --- /dev/null +++ b/queue-5.4/clk-don-t-parent-clks-until-the-parent-is-fully-regi.patch @@ -0,0 +1,126 @@ +From 0ec8f488fd147dcf3b840f9198cf446a600c96ed Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Nov 2021 20:34:38 -0800 +Subject: clk: Don't parent clks until the parent is fully registered + +From: Mike Tipton + +[ Upstream commit 54baf56eaa40aa5cdcd02b3c20d593e4e1211220 ] + +Before commit fc0c209c147f ("clk: Allow parents to be specified without +string names") child clks couldn't find their parent until the parent +clk was added to a list in __clk_core_init(). After that commit, child +clks can reference their parent clks directly via a clk_hw pointer, or +they can lookup that clk_hw pointer via DT if the parent clk is +registered with an OF clk provider. + +The common clk framework treats hw->core being non-NULL as "the clk is +registered" per the logic within clk_core_fill_parent_index(): + + parent = entry->hw->core; + /* + * We have a direct reference but it isn't registered yet? + * Orphan it and let clk_reparent() update the orphan status + * when the parent is registered. + */ + if (!parent) + +Therefore we need to be extra careful to not set hw->core until the clk +is fully registered with the clk framework. Otherwise we can get into a +situation where a child finds a parent clk and we move the child clk off +the orphan list when the parent isn't actually registered, wrecking our +enable accounting and breaking critical clks. + +Consider the following scenario: + + CPU0 CPU1 + ---- ---- + struct clk_hw clkBad; + struct clk_hw clkA; + + clkA.init.parent_hws = { &clkBad }; + + clk_hw_register(&clkA) clk_hw_register(&clkBad) + ... __clk_register() + hw->core = core + ... + __clk_register() + __clk_core_init() + clk_prepare_lock() + __clk_init_parent() + clk_core_get_parent_by_index() + clk_core_fill_parent_index() + if (entry->hw) { + parent = entry->hw->core; + +At this point, 'parent' points to clkBad even though clkBad hasn't been +fully registered yet. Ouch! A similar problem can happen if a clk +controller registers orphan clks that are referenced in the DT node of +another clk controller. + +Let's fix all this by only setting the hw->core pointer underneath the +clk prepare lock in __clk_core_init(). This way we know that +clk_core_fill_parent_index() can't see hw->core be non-NULL until the +clk is fully registered. + +Fixes: fc0c209c147f ("clk: Allow parents to be specified without string names") +Signed-off-by: Mike Tipton +Link: https://lore.kernel.org/r/20211109043438.4639-1-quic_mdtipton@quicinc.com +[sboyd@kernel.org: Reword commit text, update comment] +Signed-off-by: Stephen Boyd +Signed-off-by: Sasha Levin +--- + drivers/clk/clk.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/clk/clk.c b/drivers/clk/clk.c +index 6ff87cd867121..e4e1b4e94a67b 100644 +--- a/drivers/clk/clk.c ++++ b/drivers/clk/clk.c +@@ -3299,6 +3299,14 @@ static int __clk_core_init(struct clk_core *core) + + clk_prepare_lock(); + ++ /* ++ * Set hw->core after grabbing the prepare_lock to synchronize with ++ * callers of clk_core_fill_parent_index() where we treat hw->core ++ * being NULL as the clk not being registered yet. This is crucial so ++ * that clks aren't parented until their parent is fully registered. ++ */ ++ core->hw->core = core; ++ + ret = clk_pm_runtime_get(core); + if (ret) + goto unlock; +@@ -3452,8 +3460,10 @@ static int __clk_core_init(struct clk_core *core) + out: + clk_pm_runtime_put(core); + unlock: +- if (ret) ++ if (ret) { + hlist_del_init(&core->child_node); ++ core->hw->core = NULL; ++ } + + clk_prepare_unlock(); + +@@ -3699,7 +3709,6 @@ __clk_register(struct device *dev, struct device_node *np, struct clk_hw *hw) + core->num_parents = init->num_parents; + core->min_rate = 0; + core->max_rate = ULONG_MAX; +- hw->core = core; + + ret = clk_core_populate_parent_map(core, init); + if (ret) +@@ -3717,7 +3726,7 @@ __clk_register(struct device *dev, struct device_node *np, struct clk_hw *hw) + goto fail_create_clk; + } + +- clk_core_link_consumer(hw->core, hw->clk); ++ clk_core_link_consumer(core, hw->clk); + + ret = __clk_core_init(core); + if (!ret) +-- +2.33.0 + diff --git a/queue-5.4/dmaengine-st_fdma-fix-module_alias.patch b/queue-5.4/dmaengine-st_fdma-fix-module_alias.patch new file mode 100644 index 00000000000..48b321065da --- /dev/null +++ b/queue-5.4/dmaengine-st_fdma-fix-module_alias.patch @@ -0,0 +1,33 @@ +From b59021af65b84722bc6aeda778f4608f7c79cec9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Nov 2021 15:44:38 +0000 +Subject: dmaengine: st_fdma: fix MODULE_ALIAS + +From: Alyssa Ross + +[ Upstream commit 822c9f2b833c53fc67e8adf6f63ecc3ea24d502c ] + +modprobe can't handle spaces in aliases. + +Fixes: 6b4cd727eaf1 ("dmaengine: st_fdma: Add STMicroelectronics FDMA engine driver support") +Signed-off-by: Alyssa Ross +Link: https://lore.kernel.org/r/20211125154441.2626214-1-hi@alyssa.is +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/st_fdma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/st_fdma.c b/drivers/dma/st_fdma.c +index 67087dbe2f9fa..f7393c19a1ba3 100644 +--- a/drivers/dma/st_fdma.c ++++ b/drivers/dma/st_fdma.c +@@ -873,4 +873,4 @@ MODULE_LICENSE("GPL v2"); + MODULE_DESCRIPTION("STMicroelectronics FDMA engine driver"); + MODULE_AUTHOR("Ludovic.barre "); + MODULE_AUTHOR("Peter Griffin "); +-MODULE_ALIAS("platform: " DRIVER_NAME); ++MODULE_ALIAS("platform:" DRIVER_NAME); +-- +2.33.0 + diff --git a/queue-5.4/flow_offload-return-eopnotsupp-for-the-unsupported-m.patch b/queue-5.4/flow_offload-return-eopnotsupp-for-the-unsupported-m.patch new file mode 100644 index 00000000000..b4f7fb792dc --- /dev/null +++ b/queue-5.4/flow_offload-return-eopnotsupp-for-the-unsupported-m.patch @@ -0,0 +1,41 @@ +From 5717b1edd0f865b6c6b08c4be968b1c393e3026b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Dec 2021 15:46:04 +0100 +Subject: flow_offload: return EOPNOTSUPP for the unsupported mpls action type + +From: Baowen Zheng + +[ Upstream commit 166b6a46b78bf8b9559a6620c3032f9fe492e082 ] + +We need to return EOPNOTSUPP for the unsupported mpls action type when +setup the flow action. + +In the original implement, we will return 0 for the unsupported mpls +action type, actually we do not setup it and the following actions +to the flow action entry. + +Fixes: 9838b20a7fb2 ("net: sched: take rtnl lock in tc_setup_flow_action()") +Signed-off-by: Baowen Zheng +Signed-off-by: Simon Horman +Acked-by: Jamal Hadi Salim +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/sched/cls_api.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c +index 61aa63cc170b4..a4c61205462ac 100644 +--- a/net/sched/cls_api.c ++++ b/net/sched/cls_api.c +@@ -3562,6 +3562,7 @@ int tc_setup_flow_action(struct flow_action *flow_action, + entry->mpls_mangle.ttl = tcf_mpls_ttl(act); + break; + default: ++ err = -EOPNOTSUPP; + goto err_out_locked; + } + } else if (is_tcf_skbedit_ptype(act)) { +-- +2.33.0 + diff --git a/queue-5.4/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch b/queue-5.4/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch new file mode 100644 index 00000000000..0ddfdc33b8a --- /dev/null +++ b/queue-5.4/hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch @@ -0,0 +1,54 @@ +From 9e7c0684af28d3f2e16e2b6d9b235a97653f896e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Nov 2021 18:33:16 -0800 +Subject: hv: utils: add PTP_1588_CLOCK to Kconfig to fix build + +From: Randy Dunlap + +[ Upstream commit 1dc2f2b81a6a9895da59f3915760f6c0c3074492 ] + +The hyperv utilities use PTP clock interfaces and should depend a +a kconfig symbol such that they will be built as a loadable module or +builtin so that linker errors do not happen. + +Prevents these build errors: + +ld: drivers/hv/hv_util.o: in function `hv_timesync_deinit': +hv_util.c:(.text+0x37d): undefined reference to `ptp_clock_unregister' +ld: drivers/hv/hv_util.o: in function `hv_timesync_init': +hv_util.c:(.text+0x738): undefined reference to `ptp_clock_register' + +Fixes: 3716a49a81ba ("hv_utils: implement Hyper-V PTP source") +Signed-off-by: Randy Dunlap +Reported-by: kernel test robot +Cc: Arnd Bergmann +Cc: "K. Y. Srinivasan" +Cc: Haiyang Zhang +Cc: Stephen Hemminger +Cc: Wei Liu +Cc: Dexuan Cui +Cc: linux-hyperv@vger.kernel.org +Cc: Greg Kroah-Hartman +Reviewed-by: Michael Kelley +Link: https://lore.kernel.org/r/20211126023316.25184-1-rdunlap@infradead.org +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + drivers/hv/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/hv/Kconfig b/drivers/hv/Kconfig +index 79e5356a737a2..210e532ac277f 100644 +--- a/drivers/hv/Kconfig ++++ b/drivers/hv/Kconfig +@@ -17,6 +17,7 @@ config HYPERV_TIMER + config HYPERV_UTILS + tristate "Microsoft Hyper-V Utilities driver" + depends on HYPERV && CONNECTOR && NLS ++ depends on PTP_1588_CLOCK_OPTIONAL + help + Select this option to enable the Hyper-V Utilities. + +-- +2.33.0 + diff --git a/queue-5.4/igb-fix-removal-of-unicast-mac-filters-of-vfs.patch b/queue-5.4/igb-fix-removal-of-unicast-mac-filters-of-vfs.patch new file mode 100644 index 00000000000..eb165ade11d --- /dev/null +++ b/queue-5.4/igb-fix-removal-of-unicast-mac-filters-of-vfs.patch @@ -0,0 +1,71 @@ +From 82df6fe47353087075da12f98b8f6697508073d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 31 Aug 2021 13:16:35 +0200 +Subject: igb: Fix removal of unicast MAC filters of VFs + +From: Karen Sornek + +[ Upstream commit 584af82154f56e6b2740160fcc84a2966d969e15 ] + +Move checking condition of VF MAC filter before clearing +or adding MAC filter to VF to prevent potential blackout caused +by removal of necessary and working VF's MAC filter. + +Fixes: 1b8b062a99dc ("igb: add VF trust infrastructure") +Signed-off-by: Karen Sornek +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/igb/igb_main.c | 28 +++++++++++------------ + 1 file changed, 14 insertions(+), 14 deletions(-) + +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c +index c11244a9b7e69..3df25b231ab5c 100644 +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -7374,6 +7374,20 @@ static int igb_set_vf_mac_filter(struct igb_adapter *adapter, const int vf, + struct vf_mac_filter *entry = NULL; + int ret = 0; + ++ if ((vf_data->flags & IGB_VF_FLAG_PF_SET_MAC) && ++ !vf_data->trusted) { ++ dev_warn(&pdev->dev, ++ "VF %d requested MAC filter but is administratively denied\n", ++ vf); ++ return -EINVAL; ++ } ++ if (!is_valid_ether_addr(addr)) { ++ dev_warn(&pdev->dev, ++ "VF %d attempted to set invalid MAC filter\n", ++ vf); ++ return -EINVAL; ++ } ++ + switch (info) { + case E1000_VF_MAC_FILTER_CLR: + /* remove all unicast MAC filters related to the current VF */ +@@ -7387,20 +7401,6 @@ static int igb_set_vf_mac_filter(struct igb_adapter *adapter, const int vf, + } + break; + case E1000_VF_MAC_FILTER_ADD: +- if ((vf_data->flags & IGB_VF_FLAG_PF_SET_MAC) && +- !vf_data->trusted) { +- dev_warn(&pdev->dev, +- "VF %d requested MAC filter but is administratively denied\n", +- vf); +- return -EINVAL; +- } +- if (!is_valid_ether_addr(addr)) { +- dev_warn(&pdev->dev, +- "VF %d attempted to set invalid MAC filter\n", +- vf); +- return -EINVAL; +- } +- + /* try to find empty slot in the list */ + list_for_each(pos, &adapter->vf_macs.l) { + entry = list_entry(pos, struct vf_mac_filter, l); +-- +2.33.0 + diff --git a/queue-5.4/igbvf-fix-double-free-in-igbvf_probe.patch b/queue-5.4/igbvf-fix-double-free-in-igbvf_probe.patch new file mode 100644 index 00000000000..5307df97da4 --- /dev/null +++ b/queue-5.4/igbvf-fix-double-free-in-igbvf_probe.patch @@ -0,0 +1,80 @@ +From c7ffa6924289ad9958b8fd48eb548eacae830ce0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 13 Nov 2021 11:42:34 +0800 +Subject: igbvf: fix double free in `igbvf_probe` + +From: Letu Ren + +[ Upstream commit b6d335a60dc624c0d279333b22c737faa765b028 ] + +In `igbvf_probe`, if register_netdev() fails, the program will go to +label err_hw_init, and then to label err_ioremap. In free_netdev() which +is just below label err_ioremap, there is `list_for_each_entry_safe` and +`netif_napi_del` which aims to delete all entries in `dev->napi_list`. +The program has added an entry `adapter->rx_ring->napi` which is added by +`netif_napi_add` in igbvf_alloc_queues(). However, adapter->rx_ring has +been freed below label err_hw_init. So this a UAF. + +In terms of how to patch the problem, we can refer to igbvf_remove() and +delete the entry before `adapter->rx_ring`. + +The KASAN logs are as follows: + +[ 35.126075] BUG: KASAN: use-after-free in free_netdev+0x1fd/0x450 +[ 35.127170] Read of size 8 at addr ffff88810126d990 by task modprobe/366 +[ 35.128360] +[ 35.128643] CPU: 1 PID: 366 Comm: modprobe Not tainted 5.15.0-rc2+ #14 +[ 35.129789] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 +[ 35.131749] Call Trace: +[ 35.132199] dump_stack_lvl+0x59/0x7b +[ 35.132865] print_address_description+0x7c/0x3b0 +[ 35.133707] ? free_netdev+0x1fd/0x450 +[ 35.134378] __kasan_report+0x160/0x1c0 +[ 35.135063] ? free_netdev+0x1fd/0x450 +[ 35.135738] kasan_report+0x4b/0x70 +[ 35.136367] free_netdev+0x1fd/0x450 +[ 35.137006] igbvf_probe+0x121d/0x1a10 [igbvf] +[ 35.137808] ? igbvf_vlan_rx_add_vid+0x100/0x100 [igbvf] +[ 35.138751] local_pci_probe+0x13c/0x1f0 +[ 35.139461] pci_device_probe+0x37e/0x6c0 +[ 35.165526] +[ 35.165806] Allocated by task 366: +[ 35.166414] ____kasan_kmalloc+0xc4/0xf0 +[ 35.167117] foo_kmem_cache_alloc_trace+0x3c/0x50 [igbvf] +[ 35.168078] igbvf_probe+0x9c5/0x1a10 [igbvf] +[ 35.168866] local_pci_probe+0x13c/0x1f0 +[ 35.169565] pci_device_probe+0x37e/0x6c0 +[ 35.179713] +[ 35.179993] Freed by task 366: +[ 35.180539] kasan_set_track+0x4c/0x80 +[ 35.181211] kasan_set_free_info+0x1f/0x40 +[ 35.181942] ____kasan_slab_free+0x103/0x140 +[ 35.182703] kfree+0xe3/0x250 +[ 35.183239] igbvf_probe+0x1173/0x1a10 [igbvf] +[ 35.184040] local_pci_probe+0x13c/0x1f0 + +Fixes: d4e0fe01a38a0 (igbvf: add new driver to support 82576 virtual functions) +Reported-by: Zheyu Ma +Signed-off-by: Letu Ren +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/igbvf/netdev.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/intel/igbvf/netdev.c b/drivers/net/ethernet/intel/igbvf/netdev.c +index 77cb2ab7dab40..1082e49ea0560 100644 +--- a/drivers/net/ethernet/intel/igbvf/netdev.c ++++ b/drivers/net/ethernet/intel/igbvf/netdev.c +@@ -2887,6 +2887,7 @@ static int igbvf_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + return 0; + + err_hw_init: ++ netif_napi_del(&adapter->rx_ring->napi); + kfree(adapter->tx_ring); + kfree(adapter->rx_ring); + err_sw_init: +-- +2.33.0 + diff --git a/queue-5.4/inet_diag-fix-kernel-infoleak-for-udp-sockets.patch b/queue-5.4/inet_diag-fix-kernel-infoleak-for-udp-sockets.patch new file mode 100644 index 00000000000..abc3bb6d5fe --- /dev/null +++ b/queue-5.4/inet_diag-fix-kernel-infoleak-for-udp-sockets.patch @@ -0,0 +1,117 @@ +From ad65bd50c5a6f3b4f5e0666b72295d872db940f3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Dec 2021 10:50:58 -0800 +Subject: inet_diag: fix kernel-infoleak for UDP sockets + +From: Eric Dumazet + +[ Upstream commit 71ddeac8cd1d217744a0e060ff520e147c9328d1 ] + +KMSAN reported a kernel-infoleak [1], that can exploited +by unpriv users. + +After analysis it turned out UDP was not initializing +r->idiag_expires. Other users of inet_sk_diag_fill() +might make the same mistake in the future, so fix this +in inet_sk_diag_fill(). + +[1] +BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] +BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:156 [inline] +BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 + instrument_copy_to_user include/linux/instrumented.h:121 [inline] + copyout lib/iov_iter.c:156 [inline] + _copy_to_iter+0x69d/0x25c0 lib/iov_iter.c:670 + copy_to_iter include/linux/uio.h:155 [inline] + simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 + __skb_datagram_iter+0x2cb/0x1280 net/core/datagram.c:425 + skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 + skb_copy_datagram_msg include/linux/skbuff.h:3657 [inline] + netlink_recvmsg+0x660/0x1c60 net/netlink/af_netlink.c:1974 + sock_recvmsg_nosec net/socket.c:944 [inline] + sock_recvmsg net/socket.c:962 [inline] + sock_read_iter+0x5a9/0x630 net/socket.c:1035 + call_read_iter include/linux/fs.h:2156 [inline] + new_sync_read fs/read_write.c:400 [inline] + vfs_read+0x1631/0x1980 fs/read_write.c:481 + ksys_read+0x28c/0x520 fs/read_write.c:619 + __do_sys_read fs/read_write.c:629 [inline] + __se_sys_read fs/read_write.c:627 [inline] + __x64_sys_read+0xdb/0x120 fs/read_write.c:627 + do_syscall_x64 arch/x86/entry/common.c:51 [inline] + do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Uninit was created at: + slab_post_alloc_hook mm/slab.h:524 [inline] + slab_alloc_node mm/slub.c:3251 [inline] + __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4974 + kmalloc_reserve net/core/skbuff.c:354 [inline] + __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 + alloc_skb include/linux/skbuff.h:1126 [inline] + netlink_dump+0x3d5/0x16a0 net/netlink/af_netlink.c:2245 + __netlink_dump_start+0xd1c/0xee0 net/netlink/af_netlink.c:2370 + netlink_dump_start include/linux/netlink.h:254 [inline] + inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1343 + sock_diag_rcv_msg+0x24a/0x620 + netlink_rcv_skb+0x447/0x800 net/netlink/af_netlink.c:2491 + sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:276 + netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] + netlink_unicast+0x1095/0x1360 net/netlink/af_netlink.c:1345 + netlink_sendmsg+0x16f3/0x1870 net/netlink/af_netlink.c:1916 + sock_sendmsg_nosec net/socket.c:704 [inline] + sock_sendmsg net/socket.c:724 [inline] + sock_write_iter+0x594/0x690 net/socket.c:1057 + do_iter_readv_writev+0xa7f/0xc70 + do_iter_write+0x52c/0x1500 fs/read_write.c:851 + vfs_writev fs/read_write.c:924 [inline] + do_writev+0x63f/0xe30 fs/read_write.c:967 + __do_sys_writev fs/read_write.c:1040 [inline] + __se_sys_writev fs/read_write.c:1037 [inline] + __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 + do_syscall_x64 arch/x86/entry/common.c:51 [inline] + do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Bytes 68-71 of 312 are uninitialized +Memory access of size 312 starts at ffff88812ab54000 +Data copied to user address 0000000020001440 + +CPU: 1 PID: 6365 Comm: syz-executor801 Not tainted 5.16.0-rc3-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 + +Fixes: 3c4d05c80567 ("inet_diag: Introduce the inet socket dumping routine") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Link: https://lore.kernel.org/r/20211209185058.53917-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/ipv4/inet_diag.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c +index 6f8118b29ba51..f8f79672cc5f3 100644 +--- a/net/ipv4/inet_diag.c ++++ b/net/ipv4/inet_diag.c +@@ -200,6 +200,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, + r->idiag_state = sk->sk_state; + r->idiag_timer = 0; + r->idiag_retrans = 0; ++ r->idiag_expires = 0; + + if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin)) + goto errout; +@@ -251,9 +252,6 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, + r->idiag_retrans = icsk->icsk_probes_out; + r->idiag_expires = + jiffies_delta_to_msecs(sk->sk_timer.expires - jiffies); +- } else { +- r->idiag_timer = 0; +- r->idiag_expires = 0; + } + + if ((ext & (1 << (INET_DIAG_INFO - 1))) && handler->idiag_info_size) { +-- +2.33.0 + diff --git a/queue-5.4/inet_diag-use-jiffies_delta_to_msecs.patch b/queue-5.4/inet_diag-use-jiffies_delta_to_msecs.patch new file mode 100644 index 00000000000..4230e3f5701 --- /dev/null +++ b/queue-5.4/inet_diag-use-jiffies_delta_to_msecs.patch @@ -0,0 +1,75 @@ +From 43d33e0a43f2c6a434ccbfd11ee84820e0a0f70e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Nov 2019 14:11:50 -0800 +Subject: inet_diag: use jiffies_delta_to_msecs() + +From: Eric Dumazet + +[ Upstream commit 3828a93f5cfdf5d8a4ff9dead741e9a2871ff57b ] + +Use jiffies_delta_to_msecs() to avoid reporting 'infinite' +timeouts and to cleanup code. + +Signed-off-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv4/inet_diag.c | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c +index 4f71aca156662..6f8118b29ba51 100644 +--- a/net/ipv4/inet_diag.c ++++ b/net/ipv4/inet_diag.c +@@ -240,17 +240,17 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk, + r->idiag_timer = 1; + r->idiag_retrans = icsk->icsk_retransmits; + r->idiag_expires = +- jiffies_to_msecs(icsk->icsk_timeout - jiffies); ++ jiffies_delta_to_msecs(icsk->icsk_timeout - jiffies); + } else if (icsk->icsk_pending == ICSK_TIME_PROBE0) { + r->idiag_timer = 4; + r->idiag_retrans = icsk->icsk_probes_out; + r->idiag_expires = +- jiffies_to_msecs(icsk->icsk_timeout - jiffies); ++ jiffies_delta_to_msecs(icsk->icsk_timeout - jiffies); + } else if (timer_pending(&sk->sk_timer)) { + r->idiag_timer = 2; + r->idiag_retrans = icsk->icsk_probes_out; + r->idiag_expires = +- jiffies_to_msecs(sk->sk_timer.expires - jiffies); ++ jiffies_delta_to_msecs(sk->sk_timer.expires - jiffies); + } else { + r->idiag_timer = 0; + r->idiag_expires = 0; +@@ -338,16 +338,13 @@ static int inet_twsk_diag_fill(struct sock *sk, + r = nlmsg_data(nlh); + BUG_ON(tw->tw_state != TCP_TIME_WAIT); + +- tmo = tw->tw_timer.expires - jiffies; +- if (tmo < 0) +- tmo = 0; +- + inet_diag_msg_common_fill(r, sk); + r->idiag_retrans = 0; + + r->idiag_state = tw->tw_substate; + r->idiag_timer = 3; +- r->idiag_expires = jiffies_to_msecs(tmo); ++ tmo = tw->tw_timer.expires - jiffies; ++ r->idiag_expires = jiffies_delta_to_msecs(tmo); + r->idiag_rqueue = 0; + r->idiag_wqueue = 0; + r->idiag_uid = 0; +@@ -381,7 +378,7 @@ static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb, + offsetof(struct sock, sk_cookie)); + + tmo = inet_reqsk(sk)->rsk_timer.expires - jiffies; +- r->idiag_expires = (tmo >= 0) ? jiffies_to_msecs(tmo) : 0; ++ r->idiag_expires = jiffies_delta_to_msecs(tmo); + r->idiag_rqueue = 0; + r->idiag_wqueue = 0; + r->idiag_uid = 0; +-- +2.33.0 + diff --git a/queue-5.4/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch b/queue-5.4/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch new file mode 100644 index 00000000000..d73f863261b --- /dev/null +++ b/queue-5.4/ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch @@ -0,0 +1,56 @@ +From 23ba35d97dd4fce6ecf4c4680715b3638d6bfb99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Nov 2021 18:39:36 -0700 +Subject: ixgbe: set X550 MDIO speed before talking to PHY + +From: Cyril Novikov + +[ Upstream commit bf0a375055bd1afbbf02a0ef45f7655da7b71317 ] + +The MDIO bus speed must be initialized before talking to the PHY the first +time in order to avoid talking to it using a speed that the PHY doesn't +support. + +This fixes HW initialization error -17 (IXGBE_ERR_PHY_ADDR_INVALID) on +Denverton CPUs (a.k.a. the Atom C3000 family) on ports with a 10Gb network +plugged in. On those devices, HLREG0[MDCSPD] resets to 1, which combined +with the 10Gb network results in a 24MHz MDIO speed, which is apparently +too fast for the connected PHY. PHY register reads over MDIO bus return +garbage, leading to initialization failure. + +Reproduced with Linux kernel 4.19 and 5.15-rc7. Can be reproduced using +the following setup: + +* Use an Atom C3000 family system with at least one X552 LAN on the SoC +* Disable PXE or other BIOS network initialization if possible + (the interface must not be initialized before Linux boots) +* Connect a live 10Gb Ethernet cable to an X550 port +* Power cycle (not reset, doesn't always work) the system and boot Linux +* Observe: ixgbe interfaces w/ 10GbE cables plugged in fail with error -17 + +Fixes: e84db7272798 ("ixgbe: Introduce function to control MDIO speed") +Signed-off-by: Cyril Novikov +Reviewed-by: Andrew Lunn +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c +index 9c42f741ed5ef..74728c0a44a81 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_x550.c +@@ -3405,6 +3405,9 @@ static s32 ixgbe_reset_hw_X550em(struct ixgbe_hw *hw) + /* flush pending Tx transactions */ + ixgbe_clear_tx_pending(hw); + ++ /* set MDIO speed before talking to the PHY in case it's the 1st time */ ++ ixgbe_set_mdio_speed(hw); ++ + /* PHY ops must be identified and initialized prior to reset */ + status = hw->phy.ops.init(hw); + if (status == IXGBE_ERR_SFP_NOT_SUPPORTED || +-- +2.33.0 + diff --git a/queue-5.4/mac80211-accept-aggregation-sessions-on-6-ghz.patch b/queue-5.4/mac80211-accept-aggregation-sessions-on-6-ghz.patch new file mode 100644 index 00000000000..184047b934f --- /dev/null +++ b/queue-5.4/mac80211-accept-aggregation-sessions-on-6-ghz.patch @@ -0,0 +1,60 @@ +From 25582bd419a506f40c812d48472d0fea69b1bd10 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 May 2020 21:34:44 +0200 +Subject: mac80211: accept aggregation sessions on 6 GHz + +From: Johannes Berg + +[ Upstream commit 93382a0d119b3ab95e3ebca51ea15aa87187b493 ] + +On 6 GHz, stations don't have ht_supported set, but they can +still do aggregation since they must have HE, allow that. + +Link: https://lore.kernel.org/r/20200528213443.776d3c891b64.Ifa099d450617b50c691832b3c4aa08959fab520a@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/agg-rx.c | 5 +++-- + net/mac80211/agg-tx.c | 3 ++- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c +index 4d1c335e06e57..7f245e9f114c2 100644 +--- a/net/mac80211/agg-rx.c ++++ b/net/mac80211/agg-rx.c +@@ -9,7 +9,7 @@ + * Copyright 2007, Michael Wu + * Copyright 2007-2010, Intel Corporation + * Copyright(c) 2015-2017 Intel Deutschland GmbH +- * Copyright (C) 2018 Intel Corporation ++ * Copyright (C) 2018-2020 Intel Corporation + */ + + /** +@@ -292,7 +292,8 @@ void ___ieee80211_start_rx_ba_session(struct sta_info *sta, + goto end; + } + +- if (!sta->sta.ht_cap.ht_supported) { ++ if (!sta->sta.ht_cap.ht_supported && ++ sta->sdata->vif.bss_conf.chandef.chan->band != NL80211_BAND_6GHZ) { + ht_dbg(sta->sdata, + "STA %pM erroneously requests BA session on tid %d w/o QoS\n", + sta->sta.addr, tid); +diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c +index d801ceb2ed7fa..8d3b905e551a3 100644 +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -583,7 +583,8 @@ int ieee80211_start_tx_ba_session(struct ieee80211_sta *pubsta, u16 tid, + "Requested to start BA session on reserved tid=%d", tid)) + return -EINVAL; + +- if (!pubsta->ht_cap.ht_supported) ++ if (!pubsta->ht_cap.ht_supported && ++ sta->sdata->vif.bss_conf.chandef.chan->band != NL80211_BAND_6GHZ) + return -EINVAL; + + if (WARN_ON_ONCE(!local->ops->ampdu_action)) +-- +2.33.0 + diff --git a/queue-5.4/mac80211-agg-tx-don-t-schedule_and_wake_txq-under-st.patch b/queue-5.4/mac80211-agg-tx-don-t-schedule_and_wake_txq-under-st.patch new file mode 100644 index 00000000000..1b0f952c107 --- /dev/null +++ b/queue-5.4/mac80211-agg-tx-don-t-schedule_and_wake_txq-under-st.patch @@ -0,0 +1,94 @@ +From 6a60526c1828890b88b3be88a9dd6b01c8c384dc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Dec 2021 15:26:25 +0200 +Subject: mac80211: agg-tx: don't schedule_and_wake_txq() under sta->lock + +From: Johannes Berg + +[ Upstream commit 06c41bda0ea14aa7fba932a9613c4ee239682cf0 ] + +When we call ieee80211_agg_start_txq(), that will in turn call +schedule_and_wake_txq(). Called from ieee80211_stop_tx_ba_cb() +this is done under sta->lock, which leads to certain circular +lock dependencies, as reported by Chris Murphy: +https://lore.kernel.org/r/CAJCQCtSXJ5qA4bqSPY=oLRMbv-irihVvP7A2uGutEbXQVkoNaw@mail.gmail.com + +In general, ieee80211_agg_start_txq() is usually not called +with sta->lock held, only in this one place. But it's always +called with sta->ampdu_mlme.mtx held, and that's therefore +clearly sufficient. + +Change ieee80211_stop_tx_ba_cb() to also call it without the +sta->lock held, by factoring it out of ieee80211_remove_tid_tx() +(which is only called in this one place). + +This breaks the locking chain and makes it less likely that +we'll have similar locking chain problems in the future. + +Fixes: ba8c3d6f16a1 ("mac80211: add an intermediate software queue implementation") +Reported-by: Chris Murphy +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Link: https://lore.kernel.org/r/iwlwifi.20211202152554.f519884c8784.I555fef8e67d93fff3d9a304886c4a9f8b322e591@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/agg-tx.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c +index 1a5768ae5f515..d801ceb2ed7fa 100644 +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -9,7 +9,7 @@ + * Copyright 2007, Michael Wu + * Copyright 2007-2010, Intel Corporation + * Copyright(c) 2015-2017 Intel Deutschland GmbH +- * Copyright (C) 2018 - 2020 Intel Corporation ++ * Copyright (C) 2018 - 2021 Intel Corporation + */ + + #include +@@ -213,6 +213,8 @@ ieee80211_agg_start_txq(struct sta_info *sta, int tid, bool enable) + struct ieee80211_txq *txq = sta->sta.txq[tid]; + struct txq_info *txqi; + ++ lockdep_assert_held(&sta->ampdu_mlme.mtx); ++ + if (!txq) + return; + +@@ -290,7 +292,6 @@ static void ieee80211_remove_tid_tx(struct sta_info *sta, int tid) + ieee80211_assign_tid_tx(sta, tid, NULL); + + ieee80211_agg_splice_finish(sta->sdata, tid); +- ieee80211_agg_start_txq(sta, tid, false); + + kfree_rcu(tid_tx, rcu_head); + } +@@ -871,6 +872,7 @@ void ieee80211_stop_tx_ba_cb(struct sta_info *sta, int tid, + { + struct ieee80211_sub_if_data *sdata = sta->sdata; + bool send_delba = false; ++ bool start_txq = false; + + ht_dbg(sdata, "Stopping Tx BA session for %pM tid %d\n", + sta->sta.addr, tid); +@@ -888,10 +890,14 @@ void ieee80211_stop_tx_ba_cb(struct sta_info *sta, int tid, + send_delba = true; + + ieee80211_remove_tid_tx(sta, tid); ++ start_txq = true; + + unlock_sta: + spin_unlock_bh(&sta->lock); + ++ if (start_txq) ++ ieee80211_agg_start_txq(sta, tid, false); ++ + if (send_delba) + ieee80211_send_delba(sdata, sta->sta.addr, tid, + WLAN_BACK_INITIATOR, WLAN_REASON_QSTA_NOT_USE); +-- +2.33.0 + diff --git a/queue-5.4/mac80211-agg-tx-refactor-sending-addba.patch b/queue-5.4/mac80211-agg-tx-refactor-sending-addba.patch new file mode 100644 index 00000000000..a2ed48ac74b --- /dev/null +++ b/queue-5.4/mac80211-agg-tx-refactor-sending-addba.patch @@ -0,0 +1,123 @@ +From 92de6bd0416250f03921e67d3d34f7337930c762 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 Mar 2020 15:09:37 +0200 +Subject: mac80211: agg-tx: refactor sending addba + +From: Mordechay Goodstein + +[ Upstream commit 31d8bb4e07f80935ee9bf599a9d99de7ca90fc5a ] + +We move the actual arming the timer and sending ADDBA to a function +for the use in different places calling the same logic. + +Signed-off-by: Mordechay Goodstein +Signed-off-by: Luca Coelho +Link: https://lore.kernel.org/r/iwlwifi.20200326150855.58a337eb90a1.I75934e6464535fbf43969acc796bc886291e79a5@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/agg-tx.c | 67 +++++++++++++++++++++++++------------------ + 1 file changed, 39 insertions(+), 28 deletions(-) + +diff --git a/net/mac80211/agg-tx.c b/net/mac80211/agg-tx.c +index 3d2af1851bdf9..1a5768ae5f515 100644 +--- a/net/mac80211/agg-tx.c ++++ b/net/mac80211/agg-tx.c +@@ -9,7 +9,7 @@ + * Copyright 2007, Michael Wu + * Copyright 2007-2010, Intel Corporation + * Copyright(c) 2015-2017 Intel Deutschland GmbH +- * Copyright (C) 2018 - 2019 Intel Corporation ++ * Copyright (C) 2018 - 2020 Intel Corporation + */ + + #include +@@ -448,6 +448,43 @@ static void sta_addba_resp_timer_expired(struct timer_list *t) + ieee80211_stop_tx_ba_session(&sta->sta, tid); + } + ++static void ieee80211_send_addba_with_timeout(struct sta_info *sta, ++ struct tid_ampdu_tx *tid_tx) ++{ ++ struct ieee80211_sub_if_data *sdata = sta->sdata; ++ struct ieee80211_local *local = sta->local; ++ u8 tid = tid_tx->tid; ++ u16 buf_size; ++ ++ /* activate the timer for the recipient's addBA response */ ++ mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL); ++ ht_dbg(sdata, "activated addBA response timer on %pM tid %d\n", ++ sta->sta.addr, tid); ++ ++ spin_lock_bh(&sta->lock); ++ sta->ampdu_mlme.last_addba_req_time[tid] = jiffies; ++ sta->ampdu_mlme.addba_req_num[tid]++; ++ spin_unlock_bh(&sta->lock); ++ ++ if (sta->sta.he_cap.has_he) { ++ buf_size = local->hw.max_tx_aggregation_subframes; ++ } else { ++ /* ++ * We really should use what the driver told us it will ++ * transmit as the maximum, but certain APs (e.g. the ++ * LinkSys WRT120N with FW v1.0.07 build 002 Jun 18 2012) ++ * will crash when we use a lower number. ++ */ ++ buf_size = IEEE80211_MAX_AMPDU_BUF_HT; ++ } ++ ++ /* send AddBA request */ ++ ieee80211_send_addba_request(sdata, sta->sta.addr, tid, ++ tid_tx->dialog_token, ++ sta->tid_seq[tid] >> 4, ++ buf_size, tid_tx->timeout); ++} ++ + void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) + { + struct tid_ampdu_tx *tid_tx; +@@ -462,7 +499,6 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) + .timeout = 0, + }; + int ret; +- u16 buf_size; + + tid_tx = rcu_dereference_protected_tid_tx(sta, tid); + +@@ -501,32 +537,7 @@ void ieee80211_tx_ba_session_handle_start(struct sta_info *sta, int tid) + return; + } + +- /* activate the timer for the recipient's addBA response */ +- mod_timer(&tid_tx->addba_resp_timer, jiffies + ADDBA_RESP_INTERVAL); +- ht_dbg(sdata, "activated addBA response timer on %pM tid %d\n", +- sta->sta.addr, tid); +- +- spin_lock_bh(&sta->lock); +- sta->ampdu_mlme.last_addba_req_time[tid] = jiffies; +- sta->ampdu_mlme.addba_req_num[tid]++; +- spin_unlock_bh(&sta->lock); +- +- if (sta->sta.he_cap.has_he) { +- buf_size = local->hw.max_tx_aggregation_subframes; +- } else { +- /* +- * We really should use what the driver told us it will +- * transmit as the maximum, but certain APs (e.g. the +- * LinkSys WRT120N with FW v1.0.07 build 002 Jun 18 2012) +- * will crash when we use a lower number. +- */ +- buf_size = IEEE80211_MAX_AMPDU_BUF_HT; +- } +- +- /* send AddBA request */ +- ieee80211_send_addba_request(sdata, sta->sta.addr, tid, +- tid_tx->dialog_token, params.ssn, +- buf_size, tid_tx->timeout); ++ ieee80211_send_addba_with_timeout(sta, tid_tx); + } + + /* +-- +2.33.0 + diff --git a/queue-5.4/mac80211-fix-lookup-when-adding-addba-extension-elem.patch b/queue-5.4/mac80211-fix-lookup-when-adding-addba-extension-elem.patch new file mode 100644 index 00000000000..6cfc1a7ca7a --- /dev/null +++ b/queue-5.4/mac80211-fix-lookup-when-adding-addba-extension-elem.patch @@ -0,0 +1,49 @@ +From 21af20a6727377b1ef8f8a1ab07591c023ef5b69 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Nov 2021 15:32:46 +0200 +Subject: mac80211: fix lookup when adding AddBA extension element + +From: Johannes Berg + +[ Upstream commit 511ab0c1dfb260a6b17b8771109e8d63474473a7 ] + +We should be doing the HE capabilities lookup based on the full +interface type so if P2P doesn't have HE but client has it doesn't +get confused. Fix that. + +Fixes: 2ab45876756f ("mac80211: add support for the ADDBA extension element") +Signed-off-by: Johannes Berg +Signed-off-by: Luca Coelho +Link: https://lore.kernel.org/r/iwlwifi.20211129152938.010fc1d61137.If3a468145f29d670cb00a693bed559d8290ba693@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/agg-rx.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/agg-rx.c b/net/mac80211/agg-rx.c +index 7f245e9f114c2..49ec9bfb6c8e6 100644 +--- a/net/mac80211/agg-rx.c ++++ b/net/mac80211/agg-rx.c +@@ -9,7 +9,7 @@ + * Copyright 2007, Michael Wu + * Copyright 2007-2010, Intel Corporation + * Copyright(c) 2015-2017 Intel Deutschland GmbH +- * Copyright (C) 2018-2020 Intel Corporation ++ * Copyright (C) 2018-2021 Intel Corporation + */ + + /** +@@ -191,7 +191,8 @@ static void ieee80211_add_addbaext(struct ieee80211_sub_if_data *sdata, + sband = ieee80211_get_sband(sdata); + if (!sband) + return; +- he_cap = ieee80211_get_he_iftype_cap(sband, sdata->vif.type); ++ he_cap = ieee80211_get_he_iftype_cap(sband, ++ ieee80211_vif_type_p2p(&sdata->vif)); + if (!he_cap) + return; + +-- +2.33.0 + diff --git a/queue-5.4/mac80211-track-only-qos-data-frames-for-admission-co.patch b/queue-5.4/mac80211-track-only-qos-data-frames-for-admission-co.patch new file mode 100644 index 00000000000..ca48cb022dc --- /dev/null +++ b/queue-5.4/mac80211-track-only-qos-data-frames-for-admission-co.patch @@ -0,0 +1,57 @@ +From ea887c4d682c5526712000ba302b182886d19908 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Nov 2021 12:47:40 +0100 +Subject: mac80211: track only QoS data frames for admission control + +From: Johannes Berg + +[ Upstream commit d5e568c3a4ec2ddd23e7dc5ad5b0c64e4f22981a ] + +For admission control, obviously all of that only works for +QoS data frames, otherwise we cannot even access the QoS +field in the header. + +Syzbot reported (see below) an uninitialized value here due +to a status of a non-QoS nullfunc packet, which isn't even +long enough to contain the QoS header. + +Fix this to only do anything for QoS data packets. + +Reported-by: syzbot+614e82b88a1a4973e534@syzkaller.appspotmail.com +Fixes: 02219b3abca5 ("mac80211: add WMM admission control support") +Link: https://lore.kernel.org/r/20211122124737.dad29e65902a.Ieb04587afacb27c14e0de93ec1bfbefb238cc2a0@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/mlme.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c +index ccaf2389ccc1d..5c727af01143f 100644 +--- a/net/mac80211/mlme.c ++++ b/net/mac80211/mlme.c +@@ -2418,11 +2418,18 @@ static void ieee80211_sta_tx_wmm_ac_notify(struct ieee80211_sub_if_data *sdata, + u16 tx_time) + { + struct ieee80211_if_managed *ifmgd = &sdata->u.mgd; +- u16 tid = ieee80211_get_tid(hdr); +- int ac = ieee80211_ac_from_tid(tid); +- struct ieee80211_sta_tx_tspec *tx_tspec = &ifmgd->tx_tspec[ac]; ++ u16 tid; ++ int ac; ++ struct ieee80211_sta_tx_tspec *tx_tspec; + unsigned long now = jiffies; + ++ if (!ieee80211_is_data_qos(hdr->frame_control)) ++ return; ++ ++ tid = ieee80211_get_tid(hdr); ++ ac = ieee80211_ac_from_tid(tid); ++ tx_tspec = &ifmgd->tx_tspec[ac]; ++ + if (likely(!tx_tspec->admitted_time)) + return; + +-- +2.33.0 + diff --git a/queue-5.4/net-fix-double-0x-prefix-print-in-skb-dump.patch b/queue-5.4/net-fix-double-0x-prefix-print-in-skb-dump.patch new file mode 100644 index 00000000000..88645e0d516 --- /dev/null +++ b/queue-5.4/net-fix-double-0x-prefix-print-in-skb-dump.patch @@ -0,0 +1,36 @@ +From b63b904e3ca17dd64e9ea1bc66a617c21c451606 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Dec 2021 11:28:25 +0200 +Subject: net: Fix double 0x prefix print in SKB dump + +From: Gal Pressman + +[ Upstream commit 8a03ef676ade55182f9b05115763aeda6dc08159 ] + +When printing netdev features %pNF already takes care of the 0x prefix, +remove the explicit one. + +Fixes: 6413139dfc64 ("skbuff: increase verbosity when dumping skb data") +Signed-off-by: Gal Pressman +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/core/skbuff.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/skbuff.c b/net/core/skbuff.c +index 7dba091bc8617..ac083685214e0 100644 +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -768,7 +768,7 @@ void skb_dump(const char *level, const struct sk_buff *skb, bool full_pkt) + ntohs(skb->protocol), skb->pkt_type, skb->skb_iif); + + if (dev) +- printk("%sdev name=%s feat=0x%pNF\n", ++ printk("%sdev name=%s feat=%pNF\n", + level, dev->name, &dev->features); + if (sk) + printk("%ssk family=%hu type=%u proto=%u\n", +-- +2.33.0 + diff --git a/queue-5.4/net-packet-rx_owner_map-depends-on-pg_vec.patch b/queue-5.4/net-packet-rx_owner_map-depends-on-pg_vec.patch new file mode 100644 index 00000000000..de37bd5bd36 --- /dev/null +++ b/queue-5.4/net-packet-rx_owner_map-depends-on-pg_vec.patch @@ -0,0 +1,46 @@ +From e401caf7854a4f68fa642f20760c6c16680b23c0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Dec 2021 09:39:37 -0500 +Subject: net/packet: rx_owner_map depends on pg_vec + +From: Willem de Bruijn + +[ Upstream commit ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 ] + +Packet sockets may switch ring versions. Avoid misinterpreting state +between versions, whose fields share a union. rx_owner_map is only +allocated with a packet ring (pg_vec) and both are swapped together. +If pg_vec is NULL, meaning no packet ring was allocated, then neither +was rx_owner_map. And the field may be old state from a tpacket_v3. + +Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition") +Reported-by: Syzbot +Signed-off-by: Willem de Bruijn +Reviewed-by: Eric Dumazet +Link: https://lore.kernel.org/r/20211215143937.106178-1-willemdebruijn.kernel@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/packet/af_packet.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 0ffbf3d17911a..6062bd5bf132b 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -4453,9 +4453,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, + } + + out_free_pg_vec: +- bitmap_free(rx_owner_map); +- if (pg_vec) ++ if (pg_vec) { ++ bitmap_free(rx_owner_map); + free_pg_vec(pg_vec, order, req->tp_block_nr); ++ } + out: + return err; + } +-- +2.33.0 + diff --git a/queue-5.4/net-sched-lock-action-when-translating-it-to-flow_ac.patch b/queue-5.4/net-sched-lock-action-when-translating-it-to-flow_ac.patch new file mode 100644 index 00000000000..a1451e1cc61 --- /dev/null +++ b/queue-5.4/net-sched-lock-action-when-translating-it-to-flow_ac.patch @@ -0,0 +1,141 @@ +From a3268371f83933bcbc32eb2fa3676c2e1e62d901 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Feb 2020 12:12:09 +0200 +Subject: net: sched: lock action when translating it to flow_action infra + +From: Vlad Buslov + +[ Upstream commit 7a47281439ba00b11fc098f36695522184ce5a82 ] + +In order to remove dependency on rtnl lock, take action's tcfa_lock when +constructing its representation as flow_action_entry structure. + +Refactor tcf_sample_get_group() to assume that caller holds tcf_lock and +don't take it manually. This callback is only called from flow_action infra +representation translator which now calls it with tcf_lock held, so this +refactoring is necessary to prevent deadlock. + +Allocate memory with GFP_ATOMIC flag for ip_tunnel_info copy because +tcf_tunnel_info_copy() is only called from flow_action representation infra +code with tcf_lock spinlock taken. + +Signed-off-by: Vlad Buslov +Acked-by: Jiri Pirko +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + include/net/tc_act/tc_tunnel_key.h | 2 +- + net/sched/act_sample.c | 2 -- + net/sched/cls_api.c | 17 +++++++++++------ + 3 files changed, 12 insertions(+), 9 deletions(-) + +diff --git a/include/net/tc_act/tc_tunnel_key.h b/include/net/tc_act/tc_tunnel_key.h +index 0689d9bcdf841..2b3df076e5b62 100644 +--- a/include/net/tc_act/tc_tunnel_key.h ++++ b/include/net/tc_act/tc_tunnel_key.h +@@ -69,7 +69,7 @@ tcf_tunnel_info_copy(const struct tc_action *a) + if (tun) { + size_t tun_size = sizeof(*tun) + tun->options_len; + struct ip_tunnel_info *tun_copy = kmemdup(tun, tun_size, +- GFP_KERNEL); ++ GFP_ATOMIC); + + return tun_copy; + } +diff --git a/net/sched/act_sample.c b/net/sched/act_sample.c +index 74450b0f69fc5..214f4efdd9920 100644 +--- a/net/sched/act_sample.c ++++ b/net/sched/act_sample.c +@@ -265,14 +265,12 @@ tcf_sample_get_group(const struct tc_action *a, + struct tcf_sample *s = to_sample(a); + struct psample_group *group; + +- spin_lock_bh(&s->tcf_lock); + group = rcu_dereference_protected(s->psample_group, + lockdep_is_held(&s->tcf_lock)); + if (group) { + psample_group_take(group); + *destructor = tcf_psample_group_put; + } +- spin_unlock_bh(&s->tcf_lock); + + return group; + } +diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c +index 7f20fd37e01e0..61aa63cc170b4 100644 +--- a/net/sched/cls_api.c ++++ b/net/sched/cls_api.c +@@ -3436,7 +3436,7 @@ static void tcf_sample_get_group(struct flow_action_entry *entry, + int tc_setup_flow_action(struct flow_action *flow_action, + const struct tcf_exts *exts, bool rtnl_held) + { +- const struct tc_action *act; ++ struct tc_action *act; + int i, j, k, err = 0; + + if (!exts) +@@ -3450,6 +3450,7 @@ int tc_setup_flow_action(struct flow_action *flow_action, + struct flow_action_entry *entry; + + entry = &flow_action->entries[j]; ++ spin_lock_bh(&act->tcfa_lock); + if (is_tcf_gact_ok(act)) { + entry->id = FLOW_ACTION_ACCEPT; + } else if (is_tcf_gact_shot(act)) { +@@ -3490,13 +3491,13 @@ int tc_setup_flow_action(struct flow_action *flow_action, + break; + default: + err = -EOPNOTSUPP; +- goto err_out; ++ goto err_out_locked; + } + } else if (is_tcf_tunnel_set(act)) { + entry->id = FLOW_ACTION_TUNNEL_ENCAP; + err = tcf_tunnel_encap_get_tunnel(entry, act); + if (err) +- goto err_out; ++ goto err_out_locked; + } else if (is_tcf_tunnel_release(act)) { + entry->id = FLOW_ACTION_TUNNEL_DECAP; + } else if (is_tcf_pedit(act)) { +@@ -3510,7 +3511,7 @@ int tc_setup_flow_action(struct flow_action *flow_action, + break; + default: + err = -EOPNOTSUPP; +- goto err_out; ++ goto err_out_locked; + } + entry->mangle.htype = tcf_pedit_htype(act, k); + entry->mangle.mask = tcf_pedit_mask(act, k); +@@ -3561,15 +3562,16 @@ int tc_setup_flow_action(struct flow_action *flow_action, + entry->mpls_mangle.ttl = tcf_mpls_ttl(act); + break; + default: +- goto err_out; ++ goto err_out_locked; + } + } else if (is_tcf_skbedit_ptype(act)) { + entry->id = FLOW_ACTION_PTYPE; + entry->ptype = tcf_skbedit_ptype(act); + } else { + err = -EOPNOTSUPP; +- goto err_out; ++ goto err_out_locked; + } ++ spin_unlock_bh(&act->tcfa_lock); + + if (!is_tcf_pedit(act)) + j++; +@@ -3583,6 +3585,9 @@ int tc_setup_flow_action(struct flow_action *flow_action, + tc_cleanup_flow_action(flow_action); + + return err; ++err_out_locked: ++ spin_unlock_bh(&act->tcfa_lock); ++ goto err_out; + } + EXPORT_SYMBOL(tc_setup_flow_action); + +-- +2.33.0 + diff --git a/queue-5.4/net-smc-prevent-smc_release-from-long-blocking.patch b/queue-5.4/net-smc-prevent-smc_release-from-long-blocking.patch new file mode 100644 index 00000000000..2854f230973 --- /dev/null +++ b/queue-5.4/net-smc-prevent-smc_release-from-long-blocking.patch @@ -0,0 +1,84 @@ +From 4f74f2327c0800885bbbe3253a86dac33ddf47a5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Dec 2021 20:29:21 +0800 +Subject: net/smc: Prevent smc_release() from long blocking +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: D. Wythe + +[ Upstream commit 5c15b3123f65f8fbb1b445d9a7e8812e0e435df2 ] + +In nginx/wrk benchmark, there's a hung problem with high probability +on case likes that: (client will last several minutes to exit) + +server: smc_run nginx + +client: smc_run wrk -c 10000 -t 1 http://server + +Client hangs with the following backtrace: + +0 [ffffa7ce8Of3bbf8] __schedule at ffffffff9f9eOd5f +1 [ffffa7ce8Of3bc88] schedule at ffffffff9f9eløe6 +2 [ffffa7ce8Of3bcaO] schedule_timeout at ffffffff9f9e3f3c +3 [ffffa7ce8Of3bd2O] wait_for_common at ffffffff9f9el9de +4 [ffffa7ce8Of3bd8O] __flush_work at ffffffff9fOfeOl3 +5 [ffffa7ce8øf3bdfO] smc_release at ffffffffcO697d24 [smc] +6 [ffffa7ce8Of3be2O] __sock_release at ffffffff9f8O2e2d +7 [ffffa7ce8Of3be4ø] sock_close at ffffffff9f8ø2ebl +8 [ffffa7ce8øf3be48] __fput at ffffffff9f334f93 +9 [ffffa7ce8Of3be78] task_work_run at ffffffff9flOlff5 +10 [ffffa7ce8Of3beaO] do_exit at ffffffff9fOe5Ol2 +11 [ffffa7ce8Of3bflO] do_group_exit at ffffffff9fOe592a +12 [ffffa7ce8Of3bf38] __x64_sys_exit_group at ffffffff9fOe5994 +13 [ffffa7ce8Of3bf4O] do_syscall_64 at ffffffff9f9d4373 +14 [ffffa7ce8Of3bfsO] entry_SYSCALL_64_after_hwframe at ffffffff9fa0007c + +This issue dues to flush_work(), which is used to wait for +smc_connect_work() to finish in smc_release(). Once lots of +smc_connect_work() was pending or all executing work dangling, +smc_release() has to block until one worker comes to free, which +is equivalent to wait another smc_connnect_work() to finish. + +In order to fix this, There are two changes: + +1. For those idle smc_connect_work(), cancel it from the workqueue; for + executing smc_connect_work(), waiting for it to finish. For that + purpose, replace flush_work() with cancel_work_sync(). + +2. Since smc_connect() hold a reference for passive closing, if + smc_connect_work() has been cancelled, release the reference. + +Fixes: 24ac3a08e658 ("net/smc: rebuild nonblocking connect") +Reported-by: Tony Lu +Tested-by: Dust Li +Reviewed-by: Dust Li +Reviewed-by: Tony Lu +Signed-off-by: D. Wythe +Acked-by: Karsten Graul +Link: https://lore.kernel.org/r/1639571361-101128-1-git-send-email-alibuda@linux.alibaba.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/smc/af_smc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c +index fa3b20e5f4608..06684ac346abd 100644 +--- a/net/smc/af_smc.c ++++ b/net/smc/af_smc.c +@@ -183,7 +183,9 @@ static int smc_release(struct socket *sock) + /* cleanup for a dangling non-blocking connect */ + if (smc->connect_nonblock && sk->sk_state == SMC_INIT) + tcp_abort(smc->clcsock->sk, ECONNABORTED); +- flush_work(&smc->connect_work); ++ ++ if (cancel_work_sync(&smc->connect_work)) ++ sock_put(&smc->sk); /* sock_hold in smc_connect for passive closing */ + + if (sk->sk_state == SMC_LISTEN) + /* smc_close_non_accepted() is called and acquires +-- +2.33.0 + diff --git a/queue-5.4/net-systemport-add-global-locking-for-descriptor-lif.patch b/queue-5.4/net-systemport-add-global-locking-for-descriptor-lif.patch new file mode 100644 index 00000000000..37421a1dc1a --- /dev/null +++ b/queue-5.4/net-systemport-add-global-locking-for-descriptor-lif.patch @@ -0,0 +1,94 @@ +From 73a25ef0d741f0c5250e53494e2a0c4c7706a38d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Dec 2021 12:24:49 -0800 +Subject: net: systemport: Add global locking for descriptor lifecycle + +From: Florian Fainelli + +[ Upstream commit 8b8e6e782456f1ce02a7ae914bbd5b1053f0b034 ] + +The descriptor list is a shared resource across all of the transmit queues, and +the locking mechanism used today only protects concurrency across a given +transmit queue between the transmit and reclaiming. This creates an opportunity +for the SYSTEMPORT hardware to work on corrupted descriptors if we have +multiple producers at once which is the case when using multiple transmit +queues. + +This was particularly noticeable when using multiple flows/transmit queues and +it showed up in interesting ways in that UDP packets would get a correct UDP +header checksum being calculated over an incorrect packet length. Similarly TCP +packets would get an equally correct checksum computed by the hardware over an +incorrect packet length. + +The SYSTEMPORT hardware maintains an internal descriptor list that it re-arranges +when the driver produces a new descriptor anytime it writes to the +WRITE_PORT_{HI,LO} registers, there is however some delay in the hardware to +re-organize its descriptors and it is possible that concurrent TX queues +eventually break this internal allocation scheme to the point where the +length/status part of the descriptor gets used for an incorrect data buffer. + +The fix is to impose a global serialization for all TX queues in the short +section where we are writing to the WRITE_PORT_{HI,LO} registers which solves +the corruption even with multiple concurrent TX queues being used. + +Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver") +Signed-off-by: Florian Fainelli +Link: https://lore.kernel.org/r/20211215202450.4086240-1-f.fainelli@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/broadcom/bcmsysport.c | 5 ++++- + drivers/net/ethernet/broadcom/bcmsysport.h | 1 + + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.c b/drivers/net/ethernet/broadcom/bcmsysport.c +index 470d12e308814..5a2094a281e15 100644 +--- a/drivers/net/ethernet/broadcom/bcmsysport.c ++++ b/drivers/net/ethernet/broadcom/bcmsysport.c +@@ -1277,11 +1277,11 @@ static netdev_tx_t bcm_sysport_xmit(struct sk_buff *skb, + struct bcm_sysport_priv *priv = netdev_priv(dev); + struct device *kdev = &priv->pdev->dev; + struct bcm_sysport_tx_ring *ring; ++ unsigned long flags, desc_flags; + struct bcm_sysport_cb *cb; + struct netdev_queue *txq; + u32 len_status, addr_lo; + unsigned int skb_len; +- unsigned long flags; + dma_addr_t mapping; + u16 queue; + int ret; +@@ -1339,8 +1339,10 @@ static netdev_tx_t bcm_sysport_xmit(struct sk_buff *skb, + ring->desc_count--; + + /* Ports are latched, so write upper address first */ ++ spin_lock_irqsave(&priv->desc_lock, desc_flags); + tdma_writel(priv, len_status, TDMA_WRITE_PORT_HI(ring->index)); + tdma_writel(priv, addr_lo, TDMA_WRITE_PORT_LO(ring->index)); ++ spin_unlock_irqrestore(&priv->desc_lock, desc_flags); + + /* Check ring space and update SW control flow */ + if (ring->desc_count == 0) +@@ -1970,6 +1972,7 @@ static int bcm_sysport_open(struct net_device *dev) + } + + /* Initialize both hardware and software ring */ ++ spin_lock_init(&priv->desc_lock); + for (i = 0; i < dev->num_tx_queues; i++) { + ret = bcm_sysport_init_tx_ring(priv, i); + if (ret) { +diff --git a/drivers/net/ethernet/broadcom/bcmsysport.h b/drivers/net/ethernet/broadcom/bcmsysport.h +index 6d80735fbc7f4..57336ca3f4277 100644 +--- a/drivers/net/ethernet/broadcom/bcmsysport.h ++++ b/drivers/net/ethernet/broadcom/bcmsysport.h +@@ -742,6 +742,7 @@ struct bcm_sysport_priv { + int wol_irq; + + /* Transmit rings */ ++ spinlock_t desc_lock; + struct bcm_sysport_tx_ring *tx_rings; + + /* Receive queue */ +-- +2.33.0 + diff --git a/queue-5.4/netdevsim-zero-initialize-memory-for-new-map-s-value.patch b/queue-5.4/netdevsim-zero-initialize-memory-for-new-map-s-value.patch new file mode 100644 index 00000000000..bbabc98f37d --- /dev/null +++ b/queue-5.4/netdevsim-zero-initialize-memory-for-new-map-s-value.patch @@ -0,0 +1,49 @@ +From 870801c147a6c1623c8ec123250832f268fcecc3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Dec 2021 19:15:30 +0800 +Subject: netdevsim: Zero-initialize memory for new map's value in function + nsim_bpf_map_alloc + +From: Haimin Zhang + +[ Upstream commit 481221775d53d6215a6e5e9ce1cce6d2b4ab9a46 ] + +Zero-initialize memory for new map's value in function nsim_bpf_map_alloc +since it may cause a potential kernel information leak issue, as follows: +1. nsim_bpf_map_alloc calls nsim_map_alloc_elem to allocate elements for +a new map. +2. nsim_map_alloc_elem uses kmalloc to allocate map's value, but doesn't +zero it. +3. A user application can use IOCTL BPF_MAP_LOOKUP_ELEM to get specific +element's information in the map. +4. The kernel function map_lookup_elem will call bpf_map_copy_value to get +the information allocated at step-2, then use copy_to_user to copy to the +user buffer. +This can only leak information for an array map. + +Fixes: 395cacb5f1a0 ("netdevsim: bpf: support fake map offload") +Suggested-by: Jakub Kicinski +Acked-by: Jakub Kicinski +Signed-off-by: Haimin Zhang +Link: https://lore.kernel.org/r/20211215111530.72103-1-tcs.kernel@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/netdevsim/bpf.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/netdevsim/bpf.c b/drivers/net/netdevsim/bpf.c +index 2b74425822ab1..e0a4acc6144bf 100644 +--- a/drivers/net/netdevsim/bpf.c ++++ b/drivers/net/netdevsim/bpf.c +@@ -510,6 +510,7 @@ nsim_bpf_map_alloc(struct netdevsim *ns, struct bpf_offloaded_map *offmap) + goto err_free; + key = nmap->entry[i].key; + *key = i; ++ memset(nmap->entry[i].value, 0, offmap->map.value_size); + } + } + +-- +2.33.0 + diff --git a/queue-5.4/rds-memory-leak-in-__rds_conn_create.patch b/queue-5.4/rds-memory-leak-in-__rds_conn_create.patch new file mode 100644 index 00000000000..f24649d9bfa --- /dev/null +++ b/queue-5.4/rds-memory-leak-in-__rds_conn_create.patch @@ -0,0 +1,36 @@ +From 94ad313d2ec83dd91b5cd5c5a748b7894ccc365b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Dec 2021 18:46:59 +0800 +Subject: rds: memory leak in __rds_conn_create() + +From: Hangyu Hua + +[ Upstream commit 5f9562ebe710c307adc5f666bf1a2162ee7977c0 ] + +__rds_conn_create() did not release conn->c_path when loop_trans != 0 and +trans->t_prefer_loopback != 0 and is_outgoing == 0. + +Fixes: aced3ce57cd3 ("RDS tcp loopback connection can hang") +Signed-off-by: Hangyu Hua +Reviewed-by: Sharath Srinivasan +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/rds/connection.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/rds/connection.c b/net/rds/connection.c +index c85bd6340eaa7..92ff40e7a66cf 100644 +--- a/net/rds/connection.c ++++ b/net/rds/connection.c +@@ -253,6 +253,7 @@ static struct rds_connection *__rds_conn_create(struct net *net, + * should end up here, but if it + * does, reset/destroy the connection. + */ ++ kfree(conn->c_path); + kmem_cache_free(rds_conn_slab, conn); + conn = ERR_PTR(-EOPNOTSUPP); + goto out; +-- +2.33.0 + diff --git a/queue-5.4/s390-kexec_file-fix-error-handling-when-applying-rel.patch b/queue-5.4/s390-kexec_file-fix-error-handling-when-applying-rel.patch new file mode 100644 index 00000000000..43606146f9a --- /dev/null +++ b/queue-5.4/s390-kexec_file-fix-error-handling-when-applying-rel.patch @@ -0,0 +1,63 @@ +From 6c24d0b1a6d5547e54b2b0bfb15ff83c97820299 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Dec 2021 14:07:41 +0100 +Subject: s390/kexec_file: fix error handling when applying relocations + +From: Philipp Rudo + +[ Upstream commit 41967a37b8eedfee15b81406a9f3015be90d3980 ] + +arch_kexec_apply_relocations_add currently ignores all errors returned +by arch_kexec_do_relocs. This means that every unknown relocation is +silently skipped causing unpredictable behavior while the relocated code +runs. Fix this by checking for errors and fail kexec_file_load if an +unknown relocation type is encountered. + +The problem was found after gcc changed its behavior and used +R_390_PLT32DBL relocations for brasl instruction and relied on ld to +resolve the relocations in the final link in case direct calls are +possible. As the purgatory code is only linked partially (option -r) +ld didn't resolve the relocations leaving them for arch_kexec_do_relocs. +But arch_kexec_do_relocs doesn't know how to handle R_390_PLT32DBL +relocations so they were silently skipped. This ultimately caused an +endless loop in the purgatory as the brasl instructions kept branching +to itself. + +Fixes: 71406883fd35 ("s390/kexec_file: Add kexec_file_load system call") +Reported-by: Tao Liu +Signed-off-by: Philipp Rudo +Link: https://lore.kernel.org/r/20211208130741.5821-3-prudo@redhat.com +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + arch/s390/kernel/machine_kexec_file.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/arch/s390/kernel/machine_kexec_file.c b/arch/s390/kernel/machine_kexec_file.c +index e7435f3a3d2d2..76cd09879eaf4 100644 +--- a/arch/s390/kernel/machine_kexec_file.c ++++ b/arch/s390/kernel/machine_kexec_file.c +@@ -277,6 +277,7 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, + { + Elf_Rela *relas; + int i, r_type; ++ int ret; + + relas = (void *)pi->ehdr + relsec->sh_offset; + +@@ -311,7 +312,11 @@ int arch_kexec_apply_relocations_add(struct purgatory_info *pi, + addr = section->sh_addr + relas[i].r_offset; + + r_type = ELF64_R_TYPE(relas[i].r_info); +- arch_kexec_do_relocs(r_type, loc, val, addr); ++ ret = arch_kexec_do_relocs(r_type, loc, val, addr); ++ if (ret) { ++ pr_err("Unknown rela relocation: %d\n", r_type); ++ return -ENOEXEC; ++ } + } + return 0; + } +-- +2.33.0 + diff --git a/queue-5.4/sch_cake-do-not-call-cake_destroy-from-cake_init.patch b/queue-5.4/sch_cake-do-not-call-cake_destroy-from-cake_init.patch new file mode 100644 index 00000000000..10984abbbf1 --- /dev/null +++ b/queue-5.4/sch_cake-do-not-call-cake_destroy-from-cake_init.patch @@ -0,0 +1,105 @@ +From fdb4573f8aa8d9d974ab6b88c70d47aaf0a50303 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Dec 2021 06:20:46 -0800 +Subject: sch_cake: do not call cake_destroy() from cake_init() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Eric Dumazet + +[ Upstream commit ab443c53916730862cec202078d36fd4008bea79 ] + +qdiscs are not supposed to call their own destroy() method +from init(), because core stack already does that. + +syzbot was able to trigger use after free: + +DEBUG_LOCKS_WARN_ON(lock->magic != lock) +WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock_common kernel/locking/mutex.c:586 [inline] +WARNING: CPU: 0 PID: 21902 at kernel/locking/mutex.c:586 __mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 +Modules linked in: +CPU: 0 PID: 21902 Comm: syz-executor189 Not tainted 5.16.0-rc4-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:__mutex_lock_common kernel/locking/mutex.c:586 [inline] +RIP: 0010:__mutex_lock+0x9ec/0x12f0 kernel/locking/mutex.c:740 +Code: 08 84 d2 0f 85 19 08 00 00 8b 05 97 38 4b 04 85 c0 0f 85 27 f7 ff ff 48 c7 c6 20 00 ac 89 48 c7 c7 a0 fe ab 89 e8 bf 76 ba ff <0f> 0b e9 0d f7 ff ff 48 8b 44 24 40 48 8d b8 c8 08 00 00 48 89 f8 +RSP: 0018:ffffc9000627f290 EFLAGS: 00010282 +RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: ffff88802315d700 RSI: ffffffff815f1db8 RDI: fffff52000c4fe44 +RBP: ffff88818f28e000 R08: 0000000000000000 R09: 0000000000000000 +R10: ffffffff815ebb5e R11: 0000000000000000 R12: 0000000000000000 +R13: dffffc0000000000 R14: ffffc9000627f458 R15: 0000000093c30000 +FS: 0000555556abc400(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007fda689c3303 CR3: 000000001cfbb000 CR4: 0000000000350ef0 +Call Trace: + + tcf_chain0_head_change_cb_del+0x2e/0x3d0 net/sched/cls_api.c:810 + tcf_block_put_ext net/sched/cls_api.c:1381 [inline] + tcf_block_put_ext net/sched/cls_api.c:1376 [inline] + tcf_block_put+0xbc/0x130 net/sched/cls_api.c:1394 + cake_destroy+0x3f/0x80 net/sched/sch_cake.c:2695 + qdisc_create.constprop.0+0x9da/0x10f0 net/sched/sch_api.c:1293 + tc_modify_qdisc+0x4c5/0x1980 net/sched/sch_api.c:1660 + rtnetlink_rcv_msg+0x413/0xb80 net/core/rtnetlink.c:5571 + netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2496 + netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] + netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345 + netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921 + sock_sendmsg_nosec net/socket.c:704 [inline] + sock_sendmsg+0xcf/0x120 net/socket.c:724 + ____sys_sendmsg+0x6e8/0x810 net/socket.c:2409 + ___sys_sendmsg+0xf3/0x170 net/socket.c:2463 + __sys_sendmsg+0xe5/0x1b0 net/socket.c:2492 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x7f1bb06badb9 +Code: Unable to access opcode bytes at RIP 0x7f1bb06bad8f. +RSP: 002b:00007fff3012a658 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f1bb06badb9 +RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000003 +RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000003 +R10: 0000000000000003 R11: 0000000000000246 R12: 00007fff3012a688 +R13: 00007fff3012a6a0 R14: 00007fff3012a6e0 R15: 00000000000013c2 + + +Fixes: 046f6fd5daef ("sched: Add Common Applications Kept Enhanced (cake) qdisc") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Acked-by: Toke Høiland-Jørgensen +Link: https://lore.kernel.org/r/20211210142046.698336-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/sched/sch_cake.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/net/sched/sch_cake.c b/net/sched/sch_cake.c +index e8eebe40e0ae9..0eb4d4a568f77 100644 +--- a/net/sched/sch_cake.c ++++ b/net/sched/sch_cake.c +@@ -2724,7 +2724,7 @@ static int cake_init(struct Qdisc *sch, struct nlattr *opt, + q->tins = kvcalloc(CAKE_MAX_TINS, sizeof(struct cake_tin_data), + GFP_KERNEL); + if (!q->tins) +- goto nomem; ++ return -ENOMEM; + + for (i = 0; i < CAKE_MAX_TINS; i++) { + struct cake_tin_data *b = q->tins + i; +@@ -2754,10 +2754,6 @@ static int cake_init(struct Qdisc *sch, struct nlattr *opt, + q->min_netlen = ~0; + q->min_adjlen = ~0; + return 0; +- +-nomem: +- cake_destroy(sch); +- return -ENOMEM; + } + + static int cake_dump(struct Qdisc *sch, struct sk_buff *skb) +-- +2.33.0 + diff --git a/queue-5.4/selftest-net-forwarding-declare-netifs-p9-p10.patch b/queue-5.4/selftest-net-forwarding-declare-netifs-p9-p10.patch new file mode 100644 index 00000000000..9825f59298a --- /dev/null +++ b/queue-5.4/selftest-net-forwarding-declare-netifs-p9-p10.patch @@ -0,0 +1,41 @@ +From 0eb4759b86b50b74e94fe7cc2129005d268f21c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Dec 2021 16:36:00 +0800 +Subject: selftest/net/forwarding: declare NETIFS p9 p10 + +From: Hangbin Liu + +[ Upstream commit 71da1aec215290e249d09c44c768df859f3a3bba ] + +The recent GRE selftests defined NUM_NETIFS=10. If the users copy +forwarding.config.sample to forwarding.config directly, they will get +error "Command line is not complete" when run the GRE tests, because +create_netif_veth() failed with no interface name defined. + +Fix it by extending the NETIFS with p9 and p10. + +Fixes: 2800f2485417 ("selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel") +Signed-off-by: Hangbin Liu +Reviewed-by: Ido Schimmel +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/forwarding/forwarding.config.sample | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/testing/selftests/net/forwarding/forwarding.config.sample b/tools/testing/selftests/net/forwarding/forwarding.config.sample +index e2adb533c8fcb..e71c61ee4cc67 100644 +--- a/tools/testing/selftests/net/forwarding/forwarding.config.sample ++++ b/tools/testing/selftests/net/forwarding/forwarding.config.sample +@@ -13,6 +13,8 @@ NETIFS[p5]=veth4 + NETIFS[p6]=veth5 + NETIFS[p7]=veth6 + NETIFS[p8]=veth7 ++NETIFS[p9]=veth8 ++NETIFS[p10]=veth9 + + ############################################################################## + # Defines +-- +2.33.0 + diff --git a/queue-5.4/selftests-fix-ipv6-address-bind-tests.patch b/queue-5.4/selftests-fix-ipv6-address-bind-tests.patch new file mode 100644 index 00000000000..d45fa44dee8 --- /dev/null +++ b/queue-5.4/selftests-fix-ipv6-address-bind-tests.patch @@ -0,0 +1,65 @@ +From 50ce4b0cd4a8b761b30a2d75bf15d3d55fe256f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Dec 2021 11:26:16 -0700 +Subject: selftests: Fix IPv6 address bind tests + +From: David Ahern + +[ Upstream commit 28a2686c185e84b6aa6a4d9c9a972360eb7ca266 ] + +IPv6 allows binding a socket to a device then binding to an address +not on the device (__inet6_bind -> ipv6_chk_addr with strict flag +not set). Update the bind tests to reflect legacy behavior. + +Fixes: 34d0302ab861 ("selftests: Add ipv6 address bind tests to fcnal-test") +Reported-by: Li Zhijian +Signed-off-by: David Ahern +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/fcnal-test.sh | 18 +++++++++++++----- + 1 file changed, 13 insertions(+), 5 deletions(-) + +diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh +index c8f28e847ee9e..157822331954d 100755 +--- a/tools/testing/selftests/net/fcnal-test.sh ++++ b/tools/testing/selftests/net/fcnal-test.sh +@@ -2891,11 +2891,14 @@ ipv6_addr_bind_novrf() + run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b + log_test_addr ${a} $? 0 "TCP socket bind to local address after device bind" + ++ # Sadly, the kernel allows binding a socket to a device and then ++ # binding to an address not on the device. So this test passes ++ # when it really should not + a=${NSA_LO_IP6} + log_start +- show_hint "Should fail with 'Cannot assign requested address'" +- run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b +- log_test_addr ${a} $? 1 "TCP socket bind to out of scope local address" ++ show_hint "Tecnically should fail since address is not on device but kernel allows" ++ run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b ++ log_test_addr ${a} $? 0 "TCP socket bind to out of scope local address" + } + + ipv6_addr_bind_vrf() +@@ -2936,10 +2939,15 @@ ipv6_addr_bind_vrf() + run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b + log_test_addr ${a} $? 0 "TCP socket bind to local address with device bind" + ++ # Sadly, the kernel allows binding a socket to a device and then ++ # binding to an address not on the device. The only restriction ++ # is that the address is valid in the L3 domain. So this test ++ # passes when it really should not + a=${VRF_IP6} + log_start +- run_cmd nettest -6 -s -l ${a} -d ${NSA_DEV} -t1 -b +- log_test_addr ${a} $? 1 "TCP socket bind to VRF address with device bind" ++ show_hint "Tecnically should fail since address is not on device but kernel allows" ++ run_cmd nettest -6 -s -l ${a} -I ${NSA_DEV} -t1 -b ++ log_test_addr ${a} $? 0 "TCP socket bind to VRF address with device bind" + + a=${NSA_LO_IP6} + log_start +-- +2.33.0 + diff --git a/queue-5.4/selftests-fix-raw-socket-bind-tests-with-vrf.patch b/queue-5.4/selftests-fix-raw-socket-bind-tests-with-vrf.patch new file mode 100644 index 00000000000..ec85d1eda94 --- /dev/null +++ b/queue-5.4/selftests-fix-raw-socket-bind-tests-with-vrf.patch @@ -0,0 +1,43 @@ +From e501b72c1c33ef1d554c861009ae5e8c77c570eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 11 Dec 2021 10:21:08 -0700 +Subject: selftests: Fix raw socket bind tests with VRF + +From: David Ahern + +[ Upstream commit 0f108ae4452025fef529671998f6c7f1c4526790 ] + +Commit referenced below added negative socket bind tests for VRF. The +socket binds should fail since the address to bind to is in a VRF yet +the socket is not bound to the VRF or a device within it. Update the +expected return code to check for 1 (bind failure) so the test passes +when the bind fails as expected. Add a 'show_hint' comment to explain +why the bind is expected to fail. + +Fixes: 75b2b2b3db4c ("selftests: Add ipv4 address bind tests to fcnal-test") +Reported-by: Li Zhijian +Signed-off-by: David Ahern +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/fcnal-test.sh | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh +index 475ac62373e92..c8f28e847ee9e 100755 +--- a/tools/testing/selftests/net/fcnal-test.sh ++++ b/tools/testing/selftests/net/fcnal-test.sh +@@ -1491,8 +1491,9 @@ ipv4_addr_bind_vrf() + for a in ${NSA_IP} ${VRF_IP} + do + log_start ++ show_hint "Socket not bound to VRF, but address is in VRF" + run_cmd nettest -s -R -P icmp -l ${a} -b +- log_test_addr ${a} $? 0 "Raw socket bind to local address" ++ log_test_addr ${a} $? 1 "Raw socket bind to local address" + + log_start + run_cmd nettest -s -R -P icmp -l ${a} -d ${NSA_DEV} -b +-- +2.33.0 + diff --git a/queue-5.4/selftests-net-correct-ping6-expected-rc-from-2-to-1.patch b/queue-5.4/selftests-net-correct-ping6-expected-rc-from-2-to-1.patch new file mode 100644 index 00000000000..246bd719474 --- /dev/null +++ b/queue-5.4/selftests-net-correct-ping6-expected-rc-from-2-to-1.patch @@ -0,0 +1,45 @@ +From 9be7a1c5af8937af177eff98b6b467f112543bc9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Dec 2021 10:02:30 +0800 +Subject: selftests: net: Correct ping6 expected rc from 2 to 1 + +From: Jie2x Zhou + +[ Upstream commit 92816e2629808726af015c7f5b14adc8e4f8b147 ] + +./fcnal-test.sh -v -t ipv6_ping +TEST: ping out, VRF bind - ns-B IPv6 LLA [FAIL] +TEST: ping out, VRF bind - multicast IP [FAIL] + +ping6 is failing as it should. +COMMAND: ip netns exec ns-A /bin/ping6 -c1 -w1 fe80::7c4c:bcff:fe66:a63a%red +strace of ping6 shows it is failing with '1', +so change the expected rc from 2 to 1. + +Fixes: c0644e71df33 ("selftests: Add ipv6 ping tests to fcnal-test") +Reported-by: kernel test robot +Suggested-by: David Ahern +Signed-off-by: Jie2x Zhou +Link: https://lore.kernel.org/r/20211209020230.37270-1-jie2x.zhou@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/net/fcnal-test.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/net/fcnal-test.sh b/tools/testing/selftests/net/fcnal-test.sh +index 782a8da5d9500..475ac62373e92 100755 +--- a/tools/testing/selftests/net/fcnal-test.sh ++++ b/tools/testing/selftests/net/fcnal-test.sh +@@ -1884,7 +1884,7 @@ ipv6_ping_vrf() + log_start + show_hint "Fails since VRF device does not support linklocal or multicast" + run_cmd ${ping6} -c1 -w1 ${a} +- log_test_addr ${a} $? 2 "ping out, VRF bind" ++ log_test_addr ${a} $? 1 "ping out, VRF bind" + done + + for a in ${NSB_IP6} ${NSB_LO_IP6} ${NSB_LINKIP6}%${NSA_DEV} ${MCAST}%${NSA_DEV} +-- +2.33.0 + diff --git a/queue-5.4/series b/queue-5.4/series index 452827b44e5..ff9cac3bf94 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -8,3 +8,37 @@ dm-btree-remove-fix-use-after-free-in-rebalance_children.patch audit-improve-robustness-of-the-audit-queue-handling.patch iio-adc-stm32-fix-a-current-leak-by-resetting-pcsel-before-disabling-vdda.patch nfsd-fix-use-after-free-due-to-delegation-race.patch +arm64-dts-rockchip-remove-mmc-hs400-enhanced-strobe-.patch +arm64-dts-rockchip-fix-rk3399-leez-p710-vcc3v3-lan-s.patch +arm64-dts-rockchip-fix-audio-supply-for-rock-pi-4.patch +mac80211-track-only-qos-data-frames-for-admission-co.patch +hv-utils-add-ptp_1588_clock-to-kconfig-to-fix-build.patch +arm-socfpga-dts-fix-qspi-node-compatible.patch +clk-don-t-parent-clks-until-the-parent-is-fully-regi.patch +selftests-net-correct-ping6-expected-rc-from-2-to-1.patch +s390-kexec_file-fix-error-handling-when-applying-rel.patch +sch_cake-do-not-call-cake_destroy-from-cake_init.patch +inet_diag-use-jiffies_delta_to_msecs.patch +inet_diag-fix-kernel-infoleak-for-udp-sockets.patch +selftests-fix-raw-socket-bind-tests-with-vrf.patch +selftests-fix-ipv6-address-bind-tests.patch +dmaengine-st_fdma-fix-module_alias.patch +selftest-net-forwarding-declare-netifs-p9-p10.patch +mac80211-agg-tx-refactor-sending-addba.patch +mac80211-agg-tx-don-t-schedule_and_wake_txq-under-st.patch +mac80211-accept-aggregation-sessions-on-6-ghz.patch +mac80211-fix-lookup-when-adding-addba-extension-elem.patch +net-sched-lock-action-when-translating-it-to-flow_ac.patch +flow_offload-return-eopnotsupp-for-the-unsupported-m.patch +rds-memory-leak-in-__rds_conn_create.patch +xsk-do-not-sleep-in-poll-when-need_wakeup-set.patch +soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch +igb-fix-removal-of-unicast-mac-filters-of-vfs.patch +igbvf-fix-double-free-in-igbvf_probe.patch +ixgbe-set-x550-mdio-speed-before-talking-to-phy.patch +netdevsim-zero-initialize-memory-for-new-map-s-value.patch +net-packet-rx_owner_map-depends-on-pg_vec.patch +net-fix-double-0x-prefix-print-in-skb-dump.patch +net-smc-prevent-smc_release-from-long-blocking.patch +net-systemport-add-global-locking-for-descriptor-lif.patch +sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch diff --git a/queue-5.4/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch b/queue-5.4/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch new file mode 100644 index 00000000000..d088917b1db --- /dev/null +++ b/queue-5.4/sit-do-not-call-ipip6_dev_free-from-sit_init_net.patch @@ -0,0 +1,88 @@ +From e4d3c0c73b676c7b5c83d88097abb8d8a79504e2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Dec 2021 03:17:41 -0800 +Subject: sit: do not call ipip6_dev_free() from sit_init_net() + +From: Eric Dumazet + +[ Upstream commit e28587cc491ef0f3c51258fdc87fbc386b1d4c59 ] + +ipip6_dev_free is sit dev->priv_destructor, already called +by register_netdevice() if something goes wrong. + +Alternative would be to make ipip6_dev_free() robust against +multiple invocations, but other drivers do not implement this +strategy. + +syzbot reported: + +dst_release underflow +WARNING: CPU: 0 PID: 5059 at net/core/dst.c:173 dst_release+0xd8/0xe0 net/core/dst.c:173 +Modules linked in: +CPU: 1 PID: 5059 Comm: syz-executor.4 Not tainted 5.16.0-rc5-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:dst_release+0xd8/0xe0 net/core/dst.c:173 +Code: 4c 89 f2 89 d9 31 c0 5b 41 5e 5d e9 da d5 44 f9 e8 1d 90 5f f9 c6 05 87 48 c6 05 01 48 c7 c7 80 44 99 8b 31 c0 e8 e8 67 29 f9 <0f> 0b eb 85 0f 1f 40 00 53 48 89 fb e8 f7 8f 5f f9 48 83 c3 a8 48 +RSP: 0018:ffffc9000aa5faa0 EFLAGS: 00010246 +RAX: d6894a925dd15a00 RBX: 00000000ffffffff RCX: 0000000000040000 +RDX: ffffc90005e19000 RSI: 000000000003ffff RDI: 0000000000040000 +RBP: 0000000000000000 R08: ffffffff816a1f42 R09: ffffed1017344f2c +R10: ffffed1017344f2c R11: 0000000000000000 R12: 0000607f462b1358 +R13: 1ffffffff1bfd305 R14: ffffe8ffffcb1358 R15: dffffc0000000000 +FS: 00007f66c71a2700(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f88aaed5058 CR3: 0000000023e0f000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + dst_cache_destroy+0x107/0x1e0 net/core/dst_cache.c:160 + ipip6_dev_free net/ipv6/sit.c:1414 [inline] + sit_init_net+0x229/0x550 net/ipv6/sit.c:1936 + ops_init+0x313/0x430 net/core/net_namespace.c:140 + setup_net+0x35b/0x9d0 net/core/net_namespace.c:326 + copy_net_ns+0x359/0x5c0 net/core/net_namespace.c:470 + create_new_namespaces+0x4ce/0xa00 kernel/nsproxy.c:110 + unshare_nsproxy_namespaces+0x11e/0x180 kernel/nsproxy.c:226 + ksys_unshare+0x57d/0xb50 kernel/fork.c:3075 + __do_sys_unshare kernel/fork.c:3146 [inline] + __se_sys_unshare kernel/fork.c:3144 [inline] + __x64_sys_unshare+0x34/0x40 kernel/fork.c:3144 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x7f66c882ce99 +Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007f66c71a2168 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 +RAX: ffffffffffffffda RBX: 00007f66c893ff60 RCX: 00007f66c882ce99 +RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000048040200 +RBP: 00007f66c8886ff1 R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +R13: 00007fff6634832f R14: 00007f66c71a2300 R15: 0000000000022000 + + +Fixes: cf124db566e6 ("net: Fix inconsistent teardown and release of private netdev state.") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Link: https://lore.kernel.org/r/20211216111741.1387540-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/ipv6/sit.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index 7f9cae4c49e7e..16e75a996b749 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -1876,7 +1876,6 @@ static int __net_init sit_init_net(struct net *net) + return 0; + + err_reg_dev: +- ipip6_dev_free(sitn->fb_tunnel_dev); + free_netdev(sitn->fb_tunnel_dev); + err_alloc_dev: + return err; +-- +2.33.0 + diff --git a/queue-5.4/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch b/queue-5.4/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch new file mode 100644 index 00000000000..bb4278cf1fc --- /dev/null +++ b/queue-5.4/soc-tegra-fuse-fix-bitwise-vs.-logical-or-warning.patch @@ -0,0 +1,76 @@ +From df4038ab19b4f2ab927e033fb2f363e3d25bfb2c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Dec 2021 09:55:29 -0700 +Subject: soc/tegra: fuse: Fix bitwise vs. logical OR warning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Nathan Chancellor + +[ Upstream commit a7083763619f7485ccdade160deb81737cf2732f ] + +A new warning in clang points out two instances where boolean +expressions are being used with a bitwise OR instead of logical OR: + +drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical] + reg = tegra_fuse_read_spare(i) | + ^~~~~~~~~~~~~~~~~~~~~~~~~~ + || +drivers/soc/tegra/fuse/speedo-tegra20.c:72:9: note: cast one or both operands to int to silence this warning +drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: warning: use of bitwise '|' with boolean operands [-Wbitwise-instead-of-logical] + reg = tegra_fuse_read_spare(i) | + ^~~~~~~~~~~~~~~~~~~~~~~~~~ + || +drivers/soc/tegra/fuse/speedo-tegra20.c:87:9: note: cast one or both operands to int to silence this warning +2 warnings generated. + +The motivation for the warning is that logical operations short circuit +while bitwise operations do not. + +In this instance, tegra_fuse_read_spare() is not semantically returning +a boolean, it is returning a bit value. Use u32 for its return type so +that it can be used with either bitwise or boolean operators without any +warnings. + +Fixes: 25cd5a391478 ("ARM: tegra: Add speedo-based process identification") +Link: https://github.com/ClangBuiltLinux/linux/issues/1488 +Suggested-by: Michał Mirosław +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Thierry Reding +Signed-off-by: Sasha Levin +--- + drivers/soc/tegra/fuse/fuse-tegra.c | 2 +- + drivers/soc/tegra/fuse/fuse.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/soc/tegra/fuse/fuse-tegra.c b/drivers/soc/tegra/fuse/fuse-tegra.c +index 3eb44e65b3261..1a54bac512b69 100644 +--- a/drivers/soc/tegra/fuse/fuse-tegra.c ++++ b/drivers/soc/tegra/fuse/fuse-tegra.c +@@ -172,7 +172,7 @@ static struct platform_driver tegra_fuse_driver = { + }; + builtin_platform_driver(tegra_fuse_driver); + +-bool __init tegra_fuse_read_spare(unsigned int spare) ++u32 __init tegra_fuse_read_spare(unsigned int spare) + { + unsigned int offset = fuse->soc->info->spare + spare * 4; + +diff --git a/drivers/soc/tegra/fuse/fuse.h b/drivers/soc/tegra/fuse/fuse.h +index 7230cb3305033..6996cfc7cbca3 100644 +--- a/drivers/soc/tegra/fuse/fuse.h ++++ b/drivers/soc/tegra/fuse/fuse.h +@@ -53,7 +53,7 @@ struct tegra_fuse { + void tegra_init_revision(void); + void tegra_init_apbmisc(void); + +-bool __init tegra_fuse_read_spare(unsigned int spare); ++u32 __init tegra_fuse_read_spare(unsigned int spare); + u32 __init tegra_fuse_read_early(unsigned int offset); + + #ifdef CONFIG_ARCH_TEGRA_2x_SOC +-- +2.33.0 + diff --git a/queue-5.4/xsk-do-not-sleep-in-poll-when-need_wakeup-set.patch b/queue-5.4/xsk-do-not-sleep-in-poll-when-need_wakeup-set.patch new file mode 100644 index 00000000000..08f421c2b40 --- /dev/null +++ b/queue-5.4/xsk-do-not-sleep-in-poll-when-need_wakeup-set.patch @@ -0,0 +1,57 @@ +From 33a146851cf21ffc19b11d8100297b271cf69fa5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Dec 2021 11:26:07 +0100 +Subject: xsk: Do not sleep in poll() when need_wakeup set + +From: Magnus Karlsson + +[ Upstream commit bd0687c18e635b63233dc87f38058cd728802ab4 ] + +Do not sleep in poll() when the need_wakeup flag is set. When this +flag is set, the application needs to explicitly wake up the driver +with a syscall (poll, recvmsg, sendmsg, etc.) to guarantee that Rx +and/or Tx processing will be processed promptly. But the current code +in poll(), sleeps first then wakes up the driver. This means that no +driver processing will occur (baring any interrupts) until the timeout +has expired. + +Fix this by checking the need_wakeup flag first and if set, wake the +driver and return to the application. Only if need_wakeup is not set +should the process sleep if there is a timeout set in the poll() call. + +Fixes: 77cd0d7b3f25 ("xsk: add support for need_wakeup flag in AF_XDP rings") +Reported-by: Keith Wiles +Signed-off-by: Magnus Karlsson +Signed-off-by: Daniel Borkmann +Acked-by: Maciej Fijalkowski +Link: https://lore.kernel.org/bpf/20211214102607.7677-1-magnus.karlsson@gmail.com +Signed-off-by: Sasha Levin +--- + net/xdp/xsk.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c +index 2bc0d6e3e124c..4ec5f4463a718 100644 +--- a/net/xdp/xsk.c ++++ b/net/xdp/xsk.c +@@ -434,8 +434,6 @@ static __poll_t xsk_poll(struct file *file, struct socket *sock, + struct xdp_sock *xs = xdp_sk(sk); + struct xdp_umem *umem; + +- sock_poll_wait(file, sock, wait); +- + if (unlikely(!xsk_is_bound(xs))) + return mask; + +@@ -447,6 +445,8 @@ static __poll_t xsk_poll(struct file *file, struct socket *sock, + else + /* Poll needs to drive Tx also in copy mode */ + __xsk_sendmsg(sk); ++ } else { ++ sock_poll_wait(file, sock, wait); + } + + if (xs->rx && !xskq_empty_desc(xs->rx)) +-- +2.33.0 +