From: Greg Kroah-Hartman Date: Thu, 17 Apr 2025 13:57:01 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.12.24~42 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=06c431c501c87450774ae7c914c1ca02124da61d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: ntb-use-64-bit-arithmetic-for-the-msi-doorbell-mask.patch of-irq-fix-device-node-refcount-leakage-in-api-irq_of_parse_and_map.patch of-irq-fix-device-node-refcount-leakages-in-of_irq_count.patch of-irq-fix-device-node-refcount-leakages-in-of_irq_init.patch pci-brcmstb-fix-missing-of_node_put-in-brcm_pcie_probe.patch pci-fix-reference-leak-in-pci_alloc_child_bus.patch pinctrl-qcom-clear-latched-interrupt-status-when-changing-irq-type.patch selftests-mptcp-close-fd_in-before-returning-in-main_loop.patch --- diff --git a/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch b/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch deleted file mode 100644 index 979ec11f49..0000000000 --- a/queue-5.15/kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch +++ /dev/null @@ -1,82 +0,0 @@ -From ef01cac401f18647d62720cf773d7bb0541827da Mon Sep 17 00:00:00 2001 -From: Sean Christopherson -Date: Tue, 1 Apr 2025 08:05:04 -0700 -Subject: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses - -From: Sean Christopherson - -commit ef01cac401f18647d62720cf773d7bb0541827da upstream. - -Acquire a lock on kvm->srcu when userspace is getting MP state to handle a -rather extreme edge case where "accepting" APIC events, i.e. processing -pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU -is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP -state will trigger a nested VM-Exit by way of ->check_nested_events(), and -emuating the nested VM-Exit can access guest memory. - -The splat was originally hit by syzkaller on a Google-internal kernel, and -reproduced on an upstream kernel by hacking the triple_fault_event_test -selftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a -memory access on VMX), and do vcpu_mp_state_get() to trigger the scenario. - - ============================= - WARNING: suspicious RCU usage - 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted - ----------------------------- - include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage! - - other info that might help us debug this: - - rcu_scheduler_active = 2, debug_locks = 1 - 1 lock held by triple_fault_ev/1256: - #0: ffff88810df5a330 (&vcpu->mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm] - - stack backtrace: - CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3 - Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 - Call Trace: - - dump_stack_lvl+0x7f/0x90 - lockdep_rcu_suspicious+0x144/0x190 - kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm] - kvm_vcpu_read_guest+0x3e/0x90 [kvm] - read_and_check_msr_entry+0x2e/0x180 [kvm_intel] - __nested_vmx_vmexit+0x550/0xde0 [kvm_intel] - kvm_check_nested_events+0x1b/0x30 [kvm] - kvm_apic_accept_events+0x33/0x100 [kvm] - kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm] - kvm_vcpu_ioctl+0x33e/0x9a0 [kvm] - __x64_sys_ioctl+0x8b/0xb0 - do_syscall_64+0x6c/0x170 - entry_SYSCALL_64_after_hwframe+0x4b/0x53 - - -Cc: stable@vger.kernel.org -Signed-off-by: Sean Christopherson -Message-ID: <20250401150504.829812-1-seanjc@google.com> -Signed-off-by: Paolo Bonzini -Signed-off-by: Greg Kroah-Hartman ---- - arch/x86/kvm/x86.c | 4 ++++ - 1 file changed, 4 insertions(+) - ---- a/arch/x86/kvm/x86.c -+++ b/arch/x86/kvm/x86.c -@@ -10579,6 +10579,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(stru - if (kvm_mpx_supported()) - kvm_load_guest_fpu(vcpu); - -+ kvm_vcpu_srcu_read_lock(vcpu); -+ - r = kvm_apic_accept_events(vcpu); - if (r < 0) - goto out; -@@ -10592,6 +10594,8 @@ int kvm_arch_vcpu_ioctl_get_mpstate(stru - mp_state->mp_state = vcpu->arch.mp_state; - - out: -+ kvm_vcpu_srcu_read_unlock(vcpu); -+ - if (kvm_mpx_supported()) - kvm_put_guest_fpu(vcpu); - vcpu_put(vcpu); diff --git a/queue-5.15/ntb-use-64-bit-arithmetic-for-the-msi-doorbell-mask.patch b/queue-5.15/ntb-use-64-bit-arithmetic-for-the-msi-doorbell-mask.patch new file mode 100644 index 0000000000..4c2d9c97e2 --- /dev/null +++ b/queue-5.15/ntb-use-64-bit-arithmetic-for-the-msi-doorbell-mask.patch @@ -0,0 +1,40 @@ +From fd5625fc86922f36bedee5846fefd647b7e72751 Mon Sep 17 00:00:00 2001 +From: Fedor Pchelkin +Date: Wed, 15 Jan 2025 21:28:17 +0300 +Subject: ntb: use 64-bit arithmetic for the MSI doorbell mask + +From: Fedor Pchelkin + +commit fd5625fc86922f36bedee5846fefd647b7e72751 upstream. + +msi_db_mask is of type 'u64', still the standard 'int' arithmetic is +performed to compute its value. + +While most of the ntb_hw drivers actually don't utilize the higher 32 +bits of the doorbell mask now, this may be the case for Switchtec - see +switchtec_ntb_init_db(). + +Found by Linux Verification Center (linuxtesting.org) with SVACE static +analysis tool. + +Fixes: 2b0569b3b7e6 ("NTB: Add MSI interrupt support to ntb_transport") +Cc: stable@vger.kernel.org +Signed-off-by: Fedor Pchelkin +Reviewed-by: Dave Jiang +Signed-off-by: Jon Mason +Signed-off-by: Greg Kroah-Hartman +--- + drivers/ntb/ntb_transport.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/ntb/ntb_transport.c ++++ b/drivers/ntb/ntb_transport.c +@@ -1338,7 +1338,7 @@ static int ntb_transport_probe(struct nt + qp_count = ilog2(qp_bitmap); + if (nt->use_msi) { + qp_count -= 1; +- nt->msi_db_mask = 1 << qp_count; ++ nt->msi_db_mask = BIT_ULL(qp_count); + ntb_db_clear_mask(ndev, nt->msi_db_mask); + } + diff --git a/queue-5.15/of-irq-fix-device-node-refcount-leakage-in-api-irq_of_parse_and_map.patch b/queue-5.15/of-irq-fix-device-node-refcount-leakage-in-api-irq_of_parse_and_map.patch new file mode 100644 index 0000000000..806a8cd1c3 --- /dev/null +++ b/queue-5.15/of-irq-fix-device-node-refcount-leakage-in-api-irq_of_parse_and_map.patch @@ -0,0 +1,44 @@ +From 962a2805e47b933876ba0e4c488d9e89ced2dd29 Mon Sep 17 00:00:00 2001 +From: Zijun Hu +Date: Sun, 9 Feb 2025 20:58:59 +0800 +Subject: of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() + +From: Zijun Hu + +commit 962a2805e47b933876ba0e4c488d9e89ced2dd29 upstream. + +In irq_of_parse_and_map(), refcount of device node @oirq.np was got +by successful of_irq_parse_one() invocation, but it does not put the +refcount before return, so causes @oirq.np refcount leakage. + +Fix by putting @oirq.np refcount before return. + +Fixes: e3873444990d ("of/irq: Move irq_of_parse_and_map() to common code") +Cc: stable@vger.kernel.org +Signed-off-by: Zijun Hu +Link: https://lore.kernel.org/r/20250209-of_irq_fix-v2-6-93e3a2659aa7@quicinc.com +Signed-off-by: Rob Herring (Arm) +Signed-off-by: Greg Kroah-Hartman +--- + drivers/of/irq.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/of/irq.c ++++ b/drivers/of/irq.c +@@ -36,11 +36,15 @@ + unsigned int irq_of_parse_and_map(struct device_node *dev, int index) + { + struct of_phandle_args oirq; ++ unsigned int ret; + + if (of_irq_parse_one(dev, index, &oirq)) + return 0; + +- return irq_create_of_mapping(&oirq); ++ ret = irq_create_of_mapping(&oirq); ++ of_node_put(oirq.np); ++ ++ return ret; + } + EXPORT_SYMBOL_GPL(irq_of_parse_and_map); + diff --git a/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_count.patch b/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_count.patch new file mode 100644 index 0000000000..4de7db57d0 --- /dev/null +++ b/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_count.patch @@ -0,0 +1,40 @@ +From bbf71f44aaf241d853759a71de7e7ebcdb89be3d Mon Sep 17 00:00:00 2001 +From: Zijun Hu +Date: Sun, 9 Feb 2025 20:58:58 +0800 +Subject: of/irq: Fix device node refcount leakages in of_irq_count() + +From: Zijun Hu + +commit bbf71f44aaf241d853759a71de7e7ebcdb89be3d upstream. + +of_irq_count() invokes of_irq_parse_one() to count IRQs, and successful +invocation of the later will get device node @irq.np refcount, but the +former does not put the refcount before next iteration invocation, hence +causes device node refcount leakages. + +Fix by putting @irq.np refcount before the next iteration invocation. + +Fixes: 3da5278727a8 ("of/irq: Rework of_irq_count()") +Cc: stable@vger.kernel.org +Signed-off-by: Zijun Hu +Link: https://lore.kernel.org/r/20250209-of_irq_fix-v2-5-93e3a2659aa7@quicinc.com +Signed-off-by: Rob Herring (Arm) +Signed-off-by: Greg Kroah-Hartman +--- + drivers/of/irq.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/of/irq.c ++++ b/drivers/of/irq.c +@@ -443,8 +443,10 @@ int of_irq_count(struct device_node *dev + struct of_phandle_args irq; + int nr = 0; + +- while (of_irq_parse_one(dev, nr, &irq) == 0) ++ while (of_irq_parse_one(dev, nr, &irq) == 0) { ++ of_node_put(irq.np); + nr++; ++ } + + return nr; + } diff --git a/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_init.patch b/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_init.patch new file mode 100644 index 0000000000..b998736315 --- /dev/null +++ b/queue-5.15/of-irq-fix-device-node-refcount-leakages-in-of_irq_init.patch @@ -0,0 +1,53 @@ +From 708124d9e6e7ac5ebf927830760679136b23fdf0 Mon Sep 17 00:00:00 2001 +From: Zijun Hu +Date: Sun, 9 Feb 2025 20:59:00 +0800 +Subject: of/irq: Fix device node refcount leakages in of_irq_init() + +From: Zijun Hu + +commit 708124d9e6e7ac5ebf927830760679136b23fdf0 upstream. + +of_irq_init() will leak interrupt controller device node refcounts +in two places as explained below: + +1) Leak refcounts of both @desc->dev and @desc->interrupt_parent when + suffers @desc->irq_init_cb() failure. +2) Leak refcount of @desc->interrupt_parent when cleans up list + @intc_desc_list in the end. + +Refcounts of both @desc->dev and @desc->interrupt_parent were got in +the first loop, but of_irq_init() does not put them before kfree(@desc) +in places mentioned above, so causes refcount leakages. + +Fix by putting refcounts involved before kfree(@desc). + +Fixes: 8363ccb917c6 ("of/irq: add missing of_node_put") +Fixes: c71a54b08201 ("of/irq: introduce of_irq_init") +Cc: stable@vger.kernel.org +Signed-off-by: Zijun Hu +Link: https://lore.kernel.org/r/20250209-of_irq_fix-v2-7-93e3a2659aa7@quicinc.com +Signed-off-by: Rob Herring (Arm) +Signed-off-by: Greg Kroah-Hartman +--- + drivers/of/irq.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/of/irq.c ++++ b/drivers/of/irq.c +@@ -555,6 +555,8 @@ void __init of_irq_init(const struct of_ + desc->interrupt_parent); + if (ret) { + of_node_clear_flag(desc->dev, OF_POPULATED); ++ of_node_put(desc->interrupt_parent); ++ of_node_put(desc->dev); + kfree(desc); + continue; + } +@@ -585,6 +587,7 @@ void __init of_irq_init(const struct of_ + err: + list_for_each_entry_safe(desc, temp_desc, &intc_desc_list, list) { + list_del(&desc->list); ++ of_node_put(desc->interrupt_parent); + of_node_put(desc->dev); + kfree(desc); + } diff --git a/queue-5.15/pci-brcmstb-fix-missing-of_node_put-in-brcm_pcie_probe.patch b/queue-5.15/pci-brcmstb-fix-missing-of_node_put-in-brcm_pcie_probe.patch new file mode 100644 index 0000000000..6d35aa78fa --- /dev/null +++ b/queue-5.15/pci-brcmstb-fix-missing-of_node_put-in-brcm_pcie_probe.patch @@ -0,0 +1,61 @@ +From 2df181e1aea4628a8fd257f866026625d0519627 Mon Sep 17 00:00:00 2001 +From: Stanimir Varbanov +Date: Thu, 23 Jan 2025 00:29:55 +0200 +Subject: PCI: brcmstb: Fix missing of_node_put() in brcm_pcie_probe() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Stanimir Varbanov + +commit 2df181e1aea4628a8fd257f866026625d0519627 upstream. + +A call to of_parse_phandle() is incrementing the refcount, and as such, +the of_node_put() must be called when the reference is no longer needed. + +Thus, refactor the existing code and add a missing of_node_put() call +following the check to ensure that "msi_np" matches "pcie->np" and after +MSI initialization, but only if the MSI support is enabled system-wide. + +Cc: stable@vger.kernel.org # v5.10+ +Fixes: 40ca1bf580ef ("PCI: brcmstb: Add MSI support") +Signed-off-by: Stanimir Varbanov +Reviewed-by: Florian Fainelli +Reviewed-by: Manivannan Sadhasivam +Link: https://lore.kernel.org/r/20250122222955.1752778-1-svarbanov@suse.de +[kwilczynski: commit log] +Signed-off-by: Krzysztof Wilczyński +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/controller/pcie-brcmstb.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/pci/controller/pcie-brcmstb.c ++++ b/drivers/pci/controller/pcie-brcmstb.c +@@ -1231,7 +1231,7 @@ static const struct of_device_id brcm_pc + + static int brcm_pcie_probe(struct platform_device *pdev) + { +- struct device_node *np = pdev->dev.of_node, *msi_np; ++ struct device_node *np = pdev->dev.of_node; + struct pci_host_bridge *bridge; + const struct pcie_cfg_data *data; + struct brcm_pcie *pcie; +@@ -1306,9 +1306,14 @@ static int brcm_pcie_probe(struct platfo + goto fail; + } + +- msi_np = of_parse_phandle(pcie->np, "msi-parent", 0); +- if (pci_msi_enabled() && msi_np == pcie->np) { +- ret = brcm_pcie_enable_msi(pcie); ++ if (pci_msi_enabled()) { ++ struct device_node *msi_np = of_parse_phandle(pcie->np, "msi-parent", 0); ++ ++ if (msi_np == pcie->np) ++ ret = brcm_pcie_enable_msi(pcie); ++ ++ of_node_put(msi_np); ++ + if (ret) { + dev_err(pcie->dev, "probe of internal MSI failed"); + goto fail; diff --git a/queue-5.15/pci-fix-reference-leak-in-pci_alloc_child_bus.patch b/queue-5.15/pci-fix-reference-leak-in-pci_alloc_child_bus.patch new file mode 100644 index 0000000000..9d25ef08e7 --- /dev/null +++ b/queue-5.15/pci-fix-reference-leak-in-pci_alloc_child_bus.patch @@ -0,0 +1,42 @@ +From 1f2768b6a3ee77a295106e3a5d68458064923ede Mon Sep 17 00:00:00 2001 +From: Ma Ke +Date: Sun, 2 Feb 2025 14:23:57 +0800 +Subject: PCI: Fix reference leak in pci_alloc_child_bus() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ma Ke + +commit 1f2768b6a3ee77a295106e3a5d68458064923ede upstream. + +If device_register(&child->dev) fails, call put_device() to explicitly +release child->dev, per the comment at device_register(). + +Found by code review. + +Link: https://lore.kernel.org/r/20250202062357.872971-1-make24@iscas.ac.cn +Fixes: 4f535093cf8f ("PCI: Put pci_dev in device tree as early as possible") +Signed-off-by: Ma Ke +Signed-off-by: Bjorn Helgaas +Reviewed-by: Ilpo Järvinen +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/probe.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/pci/probe.c ++++ b/drivers/pci/probe.c +@@ -1115,7 +1115,10 @@ static struct pci_bus *pci_alloc_child_b + add_dev: + pci_set_bus_msi_domain(child); + ret = device_register(&child->dev); +- WARN_ON(ret < 0); ++ if (WARN_ON(ret < 0)) { ++ put_device(&child->dev); ++ return NULL; ++ } + + pcibios_add_bus(child); + diff --git a/queue-5.15/pinctrl-qcom-clear-latched-interrupt-status-when-changing-irq-type.patch b/queue-5.15/pinctrl-qcom-clear-latched-interrupt-status-when-changing-irq-type.patch new file mode 100644 index 0000000000..da29ee2db5 --- /dev/null +++ b/queue-5.15/pinctrl-qcom-clear-latched-interrupt-status-when-changing-irq-type.patch @@ -0,0 +1,107 @@ +From e225128c3f8be879e7d4eb71a25949e188b420ae Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Wed, 12 Mar 2025 14:19:27 +0100 +Subject: pinctrl: qcom: Clear latched interrupt status when changing IRQ type + +From: Stephan Gerhold + +commit e225128c3f8be879e7d4eb71a25949e188b420ae upstream. + +When submitting the TLMM test driver, Bjorn reported that some of the test +cases are failing for GPIOs that not are backed by PDC (i.e. "non-wakeup" +GPIOs that are handled directly in pinctrl-msm). Basically, lingering +latched interrupt state is still being delivered at IRQ request time, e.g.: + + ok 1 tlmm_test_silent_rising + tlmm_test_silent_falling: ASSERTION FAILED at drivers/pinctrl/qcom/tlmm-test.c:178 + Expected atomic_read(&priv->intr_count) == 0, but + atomic_read(&priv->intr_count) == 1 (0x1) + not ok 2 tlmm_test_silent_falling + tlmm_test_silent_low: ASSERTION FAILED at drivers/pinctrl/qcom/tlmm-test.c:178 + Expected atomic_read(&priv->intr_count) == 0, but + atomic_read(&priv->intr_count) == 1 (0x1) + not ok 3 tlmm_test_silent_low + ok 4 tlmm_test_silent_high + +Whether to report interrupts that came in while the IRQ was unclaimed +doesn't seem to be well-defined in the Linux IRQ API. However, looking +closer at these specific cases, we're actually reporting events that do not +match the interrupt type requested by the driver: + + 1. After "ok 1 tlmm_test_silent_rising", the GPIO is in low state and + configured for IRQF_TRIGGER_RISING. + + 2. (a) In preparation for "tlmm_test_silent_falling", the GPIO is switched + to high state. The rising interrupt gets latched. + (b) The GPIO is re-configured for IRQF_TRIGGER_FALLING, but the latched + interrupt isn't cleared. + (c) The IRQ handler is called for the latched interrupt, but there + wasn't any falling edge. + + 3. (a) For "tlmm_test_silent_low", the GPIO remains in high state. + (b) The GPIO is re-configured for IRQF_TRIGGER_LOW. This seems to + result in a phantom interrupt that gets latched. + (c) The IRQ handler is called for the latched interrupt, but the GPIO + isn't in low state. + + 4. (a) For "tlmm_test_silent_high", the GPIO is switched to low state. + (b) This doesn't result in a latched interrupt, because RAW_STATUS_EN + was cleared when masking the level-triggered interrupt. + +Fix this by clearing the interrupt state whenever making any changes to the +interrupt configuration. This includes previously disabled interrupts, but +also any changes to interrupt polarity or detection type. + +With this change, all 16 test cases are now passing for the non-wakeup +GPIOs in the TLMM. + +Cc: stable@vger.kernel.org +Fixes: cf9d052aa600 ("pinctrl: qcom: Don't clear pending interrupts when enabling") +Reported-by: Bjorn Andersson +Closes: https://lore.kernel.org/r/20250227-tlmm-test-v1-1-d18877b4a5db@oss.qualcomm.com/ +Signed-off-by: Stephan Gerhold +Tested-by: Bjorn Andersson +Reviewed-by: Bjorn Andersson +Link: https://lore.kernel.org/20250312-pinctrl-msm-type-latch-v1-1-ce87c561d3d7@linaro.org +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pinctrl/qcom/pinctrl-msm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/drivers/pinctrl/qcom/pinctrl-msm.c ++++ b/drivers/pinctrl/qcom/pinctrl-msm.c +@@ -955,8 +955,7 @@ static int msm_gpio_irq_set_type(struct + struct msm_pinctrl *pctrl = gpiochip_get_data(gc); + const struct msm_pingroup *g; + unsigned long flags; +- bool was_enabled; +- u32 val; ++ u32 val, oldval; + + if (msm_gpio_needs_dual_edge_parent_workaround(d, type)) { + set_bit(d->hwirq, pctrl->dual_edge_irqs); +@@ -1016,8 +1015,7 @@ static int msm_gpio_irq_set_type(struct + * internal circuitry of TLMM, toggling the RAW_STATUS + * could cause the INTR_STATUS to be set for EDGE interrupts. + */ +- val = msm_readl_intr_cfg(pctrl, g); +- was_enabled = val & BIT(g->intr_raw_status_bit); ++ val = oldval = msm_readl_intr_cfg(pctrl, g); + val |= BIT(g->intr_raw_status_bit); + if (g->intr_detection_width == 2) { + val &= ~(3 << g->intr_detection_bit); +@@ -1070,9 +1068,11 @@ static int msm_gpio_irq_set_type(struct + /* + * The first time we set RAW_STATUS_EN it could trigger an interrupt. + * Clear the interrupt. This is safe because we have +- * IRQCHIP_SET_TYPE_MASKED. ++ * IRQCHIP_SET_TYPE_MASKED. When changing the interrupt type, we could ++ * also still have a non-matching interrupt latched, so clear whenever ++ * making changes to the interrupt configuration. + */ +- if (!was_enabled) ++ if (val != oldval) + msm_ack_intr_status(pctrl, g); + + if (test_bit(d->hwirq, pctrl->dual_edge_irqs)) diff --git a/queue-5.15/selftests-mptcp-close-fd_in-before-returning-in-main_loop.patch b/queue-5.15/selftests-mptcp-close-fd_in-before-returning-in-main_loop.patch new file mode 100644 index 0000000000..9827f68fe3 --- /dev/null +++ b/queue-5.15/selftests-mptcp-close-fd_in-before-returning-in-main_loop.patch @@ -0,0 +1,49 @@ +From c183165f87a486d5879f782c05a23c179c3794ab Mon Sep 17 00:00:00 2001 +From: Geliang Tang +Date: Fri, 28 Mar 2025 15:27:18 +0100 +Subject: selftests: mptcp: close fd_in before returning in main_loop + +From: Geliang Tang + +commit c183165f87a486d5879f782c05a23c179c3794ab upstream. + +The file descriptor 'fd_in' is opened when cfg_input is configured, but +not closed in main_loop(), this patch fixes it. + +Fixes: 05be5e273c84 ("selftests: mptcp: add disconnect tests") +Cc: stable@vger.kernel.org +Co-developed-by: Cong Liu +Signed-off-by: Cong Liu +Signed-off-by: Geliang Tang +Reviewed-by: Matthieu Baerts (NGI0) +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://patch.msgid.link/20250328-net-mptcp-misc-fixes-6-15-v1-3-34161a482a7f@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_connect.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/tools/testing/selftests/net/mptcp/mptcp_connect.c ++++ b/tools/testing/selftests/net/mptcp/mptcp_connect.c +@@ -734,7 +734,7 @@ static int copyfd_io(int infd, int peerf + } + + if (ret) +- return ret; ++ goto out; + + if (cfg_time) { + unsigned int delta_ms; +@@ -754,7 +754,10 @@ static int copyfd_io(int infd, int peerf + fprintf(stderr, "%d", delta_ms); + } + +- return 0; ++out: ++ if (cfg_input) ++ close(fd_in); ++ return ret; + } + + static void check_sockaddr(int pf, struct sockaddr_storage *ss, diff --git a/queue-5.15/series b/queue-5.15/series index 7802f470c1..091d639ab3 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -105,4 +105,11 @@ crypto-ccp-fix-check-for-the-primary-asp-device.patch dm-integrity-set-ti-error-on-memory-allocation-failure.patch ftrace-add-cond_resched-to-ftrace_graph_set_hash.patch gpio-zynq-fix-wakeup-source-leaks-on-device-unbind.patch -kvm-x86-acquire-srcu-in-kvm_get_mp_state-to-protect-guest-memory-accesses.patch +ntb-use-64-bit-arithmetic-for-the-msi-doorbell-mask.patch +of-irq-fix-device-node-refcount-leakages-in-of_irq_count.patch +of-irq-fix-device-node-refcount-leakage-in-api-irq_of_parse_and_map.patch +of-irq-fix-device-node-refcount-leakages-in-of_irq_init.patch +pci-brcmstb-fix-missing-of_node_put-in-brcm_pcie_probe.patch +pci-fix-reference-leak-in-pci_alloc_child_bus.patch +pinctrl-qcom-clear-latched-interrupt-status-when-changing-irq-type.patch +selftests-mptcp-close-fd_in-before-returning-in-main_loop.patch