From: Greg Kroah-Hartman Date: Wed, 24 Nov 2021 08:32:50 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v5.15.5~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=08a042c9c20677fd96bf398f52bb397a00e2fe02;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: arm64-dts-qcom-msm8916-longcheer-l8150-use-pm8916_usbin-extcon.patch asoc-dapm-cover-regression-by-kctl-change-notification-fix.patch asoc-rsnd-fixup-dmaengine-api.patch bpf-forbid-bpf_ktime_get_coarse_ns-and-bpf_timer_-in-tracing-progs.patch btrfs-update-device-path-inode-time-instead-of-bd_inode.patch fs-export-an-inode_update_time-helper.patch hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch ice-delete-always-true-check-of-pf-pointer.patch ice-fix-vf-true-promiscuous-mode.patch net-add-and-use-skb_unclone_keeptruesize-helper.patch rdma-netlink-add-__maybe_unused-to-static-inline-in-c-file.patch selinux-fix-null-pointer-dereference-when-hashtab-allocation-fails.patch usb-max-3421-use-driver-data-instead-of-maintaining-a-list-of-bound-devices.patch x86-kconfig-fix-an-unused-variable-error-in-dell-smm-hwmon.patch --- diff --git a/queue-5.15/arm64-dts-qcom-msm8916-longcheer-l8150-use-pm8916_usbin-extcon.patch b/queue-5.15/arm64-dts-qcom-msm8916-longcheer-l8150-use-pm8916_usbin-extcon.patch new file mode 100644 index 00000000000..1ff87c918a6 --- /dev/null +++ b/queue-5.15/arm64-dts-qcom-msm8916-longcheer-l8150-use-pm8916_usbin-extcon.patch @@ -0,0 +1,83 @@ +From b30cad26d8030bddeb0ee2373b6d4c1440ffb1a3 Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Tue, 28 Sep 2021 13:29:45 +0200 +Subject: arm64: dts: qcom: msm8916-longcheer-l8150: Use &pm8916_usbin extcon + +From: Stephan Gerhold + +commit b30cad26d8030bddeb0ee2373b6d4c1440ffb1a3 upstream. + +At the moment, longcheer-l8150 is using a dummy extcon-usb-gpio device +that permanently enables USB gadget mode. This workaround allows USB +to work but is actually wrong and confusing. The "vbus-gpio" used there +refers to an unused (floating) GPIO that is pulled up to make +extcon-usb-gpio report USB gadget mode permanently. + +Replace this with the new &pm8916_usbin extcon device that actually +reports if an USB cable is attached or not. This allows the USB PHY +to be turned off when there is no USB cable attached and is much +cleaner overall. + +Fixes: 16e8e8072108 ("arm64: dts: qcom: Add device tree for Longcheer L8150") +Signed-off-by: Stephan Gerhold +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20210928112945.25310-3-stephan@gerhold.net +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/msm8916-longcheer-l8150.dts | 23 ++++--------------- + 1 file changed, 6 insertions(+), 17 deletions(-) + +--- a/arch/arm64/boot/dts/qcom/msm8916-longcheer-l8150.dts ++++ b/arch/arm64/boot/dts/qcom/msm8916-longcheer-l8150.dts +@@ -30,14 +30,6 @@ + }; + }; + +- // FIXME: Use extcon device provided by charger driver when available +- usb_vbus: usb-vbus { +- compatible = "linux,extcon-usb-gpio"; +- vbus-gpio = <&msmgpio 62 GPIO_ACTIVE_HIGH>; +- pinctrl-names = "default"; +- pinctrl-0 = <&usb_vbus_default>; +- }; +- + gpio-keys { + compatible = "gpio-keys"; + +@@ -196,6 +188,10 @@ + linux,code = ; + }; + ++&pm8916_usbin { ++ status = "okay"; ++}; ++ + &pm8916_vib { + status = "okay"; + }; +@@ -225,11 +221,11 @@ + &usb { + status = "okay"; + dr_mode = "peripheral"; +- extcon = <&usb_vbus>; ++ extcon = <&pm8916_usbin>; + }; + + &usb_hs_phy { +- extcon = <&usb_vbus>; ++ extcon = <&pm8916_usbin>; + }; + + &smd_rpm_regulators { +@@ -375,11 +371,4 @@ + drive-strength = <2>; + bias-disable; + }; +- +- usb_vbus_default: usb-vbus-default { +- pins = "gpio62"; +- function = "gpio"; +- +- bias-pull-up; +- }; + }; diff --git a/queue-5.15/asoc-dapm-cover-regression-by-kctl-change-notification-fix.patch b/queue-5.15/asoc-dapm-cover-regression-by-kctl-change-notification-fix.patch new file mode 100644 index 00000000000..cf921027094 --- /dev/null +++ b/queue-5.15/asoc-dapm-cover-regression-by-kctl-change-notification-fix.patch @@ -0,0 +1,82 @@ +From 827b0913a9d9d07a0c3e559dbb20ca4d6d285a54 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 5 Nov 2021 10:09:25 +0100 +Subject: ASoC: DAPM: Cover regression by kctl change notification fix + +From: Takashi Iwai + +commit 827b0913a9d9d07a0c3e559dbb20ca4d6d285a54 upstream. + +The recent fix for DAPM to correct the kctl change notification by the +commit 5af82c81b2c4 ("ASoC: DAPM: Fix missing kctl change +notifications") caused other regressions since it changed the behavior +of snd_soc_dapm_set_pin() that is called from several API functions. +Formerly it returned always 0 for success, but now it returns 0 or 1. + +This patch addresses it, restoring the old behavior of +snd_soc_dapm_set_pin() while keeping the fix in +snd_soc_dapm_put_pin_switch(). + +Fixes: 5af82c81b2c4 ("ASoC: DAPM: Fix missing kctl change notifications") +Reported-by: Yu-Hsuan Hsu +Cc: +Signed-off-by: Takashi Iwai +Link: https://lore.kernel.org/r/20211105090925.20575-1-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-dapm.c | 29 +++++++++++++++++++++++------ + 1 file changed, 23 insertions(+), 6 deletions(-) + +--- a/sound/soc/soc-dapm.c ++++ b/sound/soc/soc-dapm.c +@@ -2557,8 +2557,13 @@ static struct snd_soc_dapm_widget *dapm_ + return NULL; + } + +-static int snd_soc_dapm_set_pin(struct snd_soc_dapm_context *dapm, +- const char *pin, int status) ++/* ++ * set the DAPM pin status: ++ * returns 1 when the value has been updated, 0 when unchanged, or a negative ++ * error code; called from kcontrol put callback ++ */ ++static int __snd_soc_dapm_set_pin(struct snd_soc_dapm_context *dapm, ++ const char *pin, int status) + { + struct snd_soc_dapm_widget *w = dapm_find_widget(dapm, pin, true); + int ret = 0; +@@ -2584,6 +2589,18 @@ static int snd_soc_dapm_set_pin(struct s + return ret; + } + ++/* ++ * similar as __snd_soc_dapm_set_pin(), but returns 0 when successful; ++ * called from several API functions below ++ */ ++static int snd_soc_dapm_set_pin(struct snd_soc_dapm_context *dapm, ++ const char *pin, int status) ++{ ++ int ret = __snd_soc_dapm_set_pin(dapm, pin, status); ++ ++ return ret < 0 ? ret : 0; ++} ++ + /** + * snd_soc_dapm_sync_unlocked - scan and power dapm paths + * @dapm: DAPM context +@@ -3587,10 +3604,10 @@ int snd_soc_dapm_put_pin_switch(struct s + const char *pin = (const char *)kcontrol->private_value; + int ret; + +- if (ucontrol->value.integer.value[0]) +- ret = snd_soc_dapm_enable_pin(&card->dapm, pin); +- else +- ret = snd_soc_dapm_disable_pin(&card->dapm, pin); ++ mutex_lock_nested(&card->dapm_mutex, SND_SOC_DAPM_CLASS_RUNTIME); ++ ret = __snd_soc_dapm_set_pin(&card->dapm, pin, ++ !!ucontrol->value.integer.value[0]); ++ mutex_unlock(&card->dapm_mutex); + + snd_soc_dapm_sync(&card->dapm); + return ret; diff --git a/queue-5.15/asoc-rsnd-fixup-dmaengine-api.patch b/queue-5.15/asoc-rsnd-fixup-dmaengine-api.patch new file mode 100644 index 00000000000..c9f673025a3 --- /dev/null +++ b/queue-5.15/asoc-rsnd-fixup-dmaengine-api.patch @@ -0,0 +1,66 @@ +From 2ce1b21cb3326e12af3c72c47e1d294b19d73947 Mon Sep 17 00:00:00 2001 +From: Kuninori Morimoto +Date: Mon, 8 Nov 2021 13:22:55 +0900 +Subject: ASoC: rsnd: fixup DMAEngine API + +From: Kuninori Morimoto + +commit 2ce1b21cb3326e12af3c72c47e1d294b19d73947 upstream. + +commit d5bb69dc54ec1 ("ASoC: sh: rcar: dma: : use proper DMAENGINE +API for termination") updated DMAEngine API _all() to _sync(), +but it should be _async(). +_all() and _async() are almost same, the difference is only return +error code. _sync() will call dmaengine_synchronize() and will be +kernel panic. +This patch is needed for v5.15 or later. + +[ 27.293264] BUG: scheduling while atomic: irq/130-ec70000/131/0x00000003 +[ 27.300084] 2 locks held by irq/130-ec70000/131: +[ 27.304743] #0: ffff0004c274d908 (&group->lock){....}-{2:2}, at: _snd_pcm_stream_lock_irqsave+0x48/0x54 +[ 27.314344] #1: ffff0004c1788c60 (&priv->lock#2){....}-{2:2}, at: rsnd_soc_dai_trigger+0x70/0x7bc +[ 27.323409] irq event stamp: 206 +[ 27.326664] hardirqs last enabled at (205): [] _raw_spin_unlock_irq+0x50/0xa0 +[ 27.335529] hardirqs last disabled at (206): [] _raw_spin_lock_irqsave+0xc4/0xd0 +[ 27.344564] softirqs last enabled at (0): [] copy_process+0x644/0x1b10 +[ 27.352819] softirqs last disabled at (0): [<0000000000000000>] 0x0 +[ 27.359142] CPU: 0 PID: 131 Comm: irq/130-ec70000 Not tainted 5.14.0-rc1+ #918 +[ 27.366429] Hardware name: Renesas H3ULCB Kingfisher board based on r8a77950 (DT) +[ 27.373975] Call trace: +[ 27.376442] dump_backtrace+0x0/0x1b4 +[ 27.380141] show_stack+0x24/0x30 +[ 27.383488] dump_stack_lvl+0x8c/0xb8 +[ 27.387184] dump_stack+0x18/0x34 +[ 27.390528] __schedule_bug+0x8c/0x9c +[ 27.394224] __schedule+0x790/0x8dc +[ 27.397746] schedule+0x7c/0x110 +[ 27.401003] synchronize_irq+0x94/0xd0 +[ 27.404786] rcar_dmac_device_synchronize+0x20/0x2c +[ 27.409710] rsnd_dmaen_stop+0x50/0x64 +[ 27.413495] rsnd_soc_dai_trigger+0x554/0x7bc +[ 27.417890] snd_soc_pcm_dai_trigger+0xe8/0x264 + +Cc: +Fixes: commit d5bb69dc54ec1 ("ASoC: sh: rcar: dma: : use proper DMAENGINE API for termination") +Link: https://lore.kernel.org/r/TY2PR01MB3692889E1A7476C4322CC296D8AE9@TY2PR01MB3692.jpnprd01.prod.outlook.com +Reported-by: Yoshihiro Shimoda +Acked-by: Wolfram Sang +Signed-off-by: Kuninori Morimoto +Link: https://lore.kernel.org/r/87mtmfz36o.wl-kuninori.morimoto.gx@renesas.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/sh/rcar/dma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/sh/rcar/dma.c ++++ b/sound/soc/sh/rcar/dma.c +@@ -102,7 +102,7 @@ static int rsnd_dmaen_stop(struct rsnd_m + struct rsnd_dmaen *dmaen = rsnd_dma_to_dmaen(dma); + + if (dmaen->chan) +- dmaengine_terminate_sync(dmaen->chan); ++ dmaengine_terminate_async(dmaen->chan); + + return 0; + } diff --git a/queue-5.15/bpf-forbid-bpf_ktime_get_coarse_ns-and-bpf_timer_-in-tracing-progs.patch b/queue-5.15/bpf-forbid-bpf_ktime_get_coarse_ns-and-bpf_timer_-in-tracing-progs.patch new file mode 100644 index 00000000000..3ac2954b08f --- /dev/null +++ b/queue-5.15/bpf-forbid-bpf_ktime_get_coarse_ns-and-bpf_timer_-in-tracing-progs.patch @@ -0,0 +1,207 @@ +From 5e0bc3082e2e403ac0753e099c2b01446bb35578 Mon Sep 17 00:00:00 2001 +From: Dmitrii Banshchikov +Date: Sat, 13 Nov 2021 18:22:26 +0400 +Subject: bpf: Forbid bpf_ktime_get_coarse_ns and bpf_timer_* in tracing progs + +From: Dmitrii Banshchikov + +commit 5e0bc3082e2e403ac0753e099c2b01446bb35578 upstream. + +Use of bpf_ktime_get_coarse_ns() and bpf_timer_* helpers in tracing +progs may result in locking issues. + +bpf_ktime_get_coarse_ns() uses ktime_get_coarse_ns() time accessor that +isn't safe for any context: +====================================================== +WARNING: possible circular locking dependency detected +5.15.0-syzkaller #0 Not tainted +------------------------------------------------------ +syz-executor.4/14877 is trying to acquire lock: +ffffffff8cb30008 (tk_core.seq.seqcount){----}-{0:0}, at: ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255 + +but task is already holding lock: +ffffffff90dbf200 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x61/0x400 lib/debugobjects.c:735 + +which lock already depends on the new lock. + +the existing dependency chain (in reverse order) is: + +-> #1 (&obj_hash[i].lock){-.-.}-{2:2}: + lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625 + __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] + _raw_spin_lock_irqsave+0xd1/0x120 kernel/locking/spinlock.c:162 + __debug_object_init+0xd9/0x1860 lib/debugobjects.c:569 + debug_hrtimer_init kernel/time/hrtimer.c:414 [inline] + debug_init kernel/time/hrtimer.c:468 [inline] + hrtimer_init+0x20/0x40 kernel/time/hrtimer.c:1592 + ntp_init_cmos_sync kernel/time/ntp.c:676 [inline] + ntp_init+0xa1/0xad kernel/time/ntp.c:1095 + timekeeping_init+0x512/0x6bf kernel/time/timekeeping.c:1639 + start_kernel+0x267/0x56e init/main.c:1030 + secondary_startup_64_no_verify+0xb1/0xbb + +-> #0 (tk_core.seq.seqcount){----}-{0:0}: + check_prev_add kernel/locking/lockdep.c:3051 [inline] + check_prevs_add kernel/locking/lockdep.c:3174 [inline] + validate_chain+0x1dfb/0x8240 kernel/locking/lockdep.c:3789 + __lock_acquire+0x1382/0x2b00 kernel/locking/lockdep.c:5015 + lock_acquire+0x19f/0x4d0 kernel/locking/lockdep.c:5625 + seqcount_lockdep_reader_access+0xfe/0x230 include/linux/seqlock.h:103 + ktime_get_coarse_ts64+0x25/0x110 kernel/time/timekeeping.c:2255 + ktime_get_coarse include/linux/timekeeping.h:120 [inline] + ktime_get_coarse_ns include/linux/timekeeping.h:126 [inline] + ____bpf_ktime_get_coarse_ns kernel/bpf/helpers.c:173 [inline] + bpf_ktime_get_coarse_ns+0x7e/0x130 kernel/bpf/helpers.c:171 + bpf_prog_a99735ebafdda2f1+0x10/0xb50 + bpf_dispatcher_nop_func include/linux/bpf.h:721 [inline] + __bpf_prog_run include/linux/filter.h:626 [inline] + bpf_prog_run include/linux/filter.h:633 [inline] + BPF_PROG_RUN_ARRAY include/linux/bpf.h:1294 [inline] + trace_call_bpf+0x2cf/0x5d0 kernel/trace/bpf_trace.c:127 + perf_trace_run_bpf_submit+0x7b/0x1d0 kernel/events/core.c:9708 + perf_trace_lock+0x37c/0x440 include/trace/events/lock.h:39 + trace_lock_release+0x128/0x150 include/trace/events/lock.h:58 + lock_release+0x82/0x810 kernel/locking/lockdep.c:5636 + __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:149 [inline] + _raw_spin_unlock_irqrestore+0x75/0x130 kernel/locking/spinlock.c:194 + debug_hrtimer_deactivate kernel/time/hrtimer.c:425 [inline] + debug_deactivate kernel/time/hrtimer.c:481 [inline] + __run_hrtimer kernel/time/hrtimer.c:1653 [inline] + __hrtimer_run_queues+0x2f9/0xa60 kernel/time/hrtimer.c:1749 + hrtimer_interrupt+0x3b3/0x1040 kernel/time/hrtimer.c:1811 + local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline] + __sysvec_apic_timer_interrupt+0xf9/0x270 arch/x86/kernel/apic/apic.c:1103 + sysvec_apic_timer_interrupt+0x8c/0xb0 arch/x86/kernel/apic/apic.c:1097 + asm_sysvec_apic_timer_interrupt+0x12/0x20 + __raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:152 [inline] + _raw_spin_unlock_irqrestore+0xd4/0x130 kernel/locking/spinlock.c:194 + try_to_wake_up+0x702/0xd20 kernel/sched/core.c:4118 + wake_up_process kernel/sched/core.c:4200 [inline] + wake_up_q+0x9a/0xf0 kernel/sched/core.c:953 + futex_wake+0x50f/0x5b0 kernel/futex/waitwake.c:184 + do_futex+0x367/0x560 kernel/futex/syscalls.c:127 + __do_sys_futex kernel/futex/syscalls.c:199 [inline] + __se_sys_futex+0x401/0x4b0 kernel/futex/syscalls.c:180 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +There is a possible deadlock with bpf_timer_* set of helpers: +hrtimer_start() + lock_base(); + trace_hrtimer...() + perf_event() + bpf_run() + bpf_timer_start() + hrtimer_start() + lock_base() <- DEADLOCK + +Forbid use of bpf_ktime_get_coarse_ns() and bpf_timer_* helpers in +BPF_PROG_TYPE_KPROBE, BPF_PROG_TYPE_TRACEPOINT, BPF_PROG_TYPE_PERF_EVENT +and BPF_PROG_TYPE_RAW_TRACEPOINT prog types. + +Fixes: d05512618056 ("bpf: Add bpf_ktime_get_coarse_ns helper") +Fixes: b00628b1c7d5 ("bpf: Introduce bpf timers.") +Reported-by: syzbot+43fd005b5a1b4d10781e@syzkaller.appspotmail.com +Signed-off-by: Dmitrii Banshchikov +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20211113142227.566439-2-me@ubique.spb.ru +Signed-off-by: Greg Kroah-Hartman +--- + kernel/bpf/cgroup.c | 2 ++ + kernel/bpf/helpers.c | 2 -- + kernel/bpf/verifier.c | 7 +++++++ + kernel/trace/bpf_trace.c | 2 -- + net/core/filter.c | 6 ++++++ + net/ipv4/bpf_tcp_ca.c | 2 ++ + 6 files changed, 17 insertions(+), 4 deletions(-) + +--- a/kernel/bpf/cgroup.c ++++ b/kernel/bpf/cgroup.c +@@ -1773,6 +1773,8 @@ sysctl_func_proto(enum bpf_func_id func_ + return &bpf_sysctl_get_new_value_proto; + case BPF_FUNC_sysctl_set_new_value: + return &bpf_sysctl_set_new_value_proto; ++ case BPF_FUNC_ktime_get_coarse_ns: ++ return &bpf_ktime_get_coarse_ns_proto; + default: + return cgroup_base_func_proto(func_id, prog); + } +--- a/kernel/bpf/helpers.c ++++ b/kernel/bpf/helpers.c +@@ -1367,8 +1367,6 @@ bpf_base_func_proto(enum bpf_func_id fun + return &bpf_ktime_get_ns_proto; + case BPF_FUNC_ktime_get_boot_ns: + return &bpf_ktime_get_boot_ns_proto; +- case BPF_FUNC_ktime_get_coarse_ns: +- return &bpf_ktime_get_coarse_ns_proto; + case BPF_FUNC_ringbuf_output: + return &bpf_ringbuf_output_proto; + case BPF_FUNC_ringbuf_reserve: +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -11451,6 +11451,13 @@ static int check_map_prog_compatibility( + } + } + ++ if (map_value_has_timer(map)) { ++ if (is_tracing_prog_type(prog_type)) { ++ verbose(env, "tracing progs cannot use bpf_timer yet\n"); ++ return -EINVAL; ++ } ++ } ++ + if ((bpf_prog_is_dev_bound(prog->aux) || bpf_map_is_dev_bound(map)) && + !bpf_offload_prog_map_match(prog, map)) { + verbose(env, "offload device mismatch between prog and map\n"); +--- a/kernel/trace/bpf_trace.c ++++ b/kernel/trace/bpf_trace.c +@@ -1037,8 +1037,6 @@ bpf_tracing_func_proto(enum bpf_func_id + return &bpf_ktime_get_ns_proto; + case BPF_FUNC_ktime_get_boot_ns: + return &bpf_ktime_get_boot_ns_proto; +- case BPF_FUNC_ktime_get_coarse_ns: +- return &bpf_ktime_get_coarse_ns_proto; + case BPF_FUNC_tail_call: + return &bpf_tail_call_proto; + case BPF_FUNC_get_current_pid_tgid: +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -7162,6 +7162,8 @@ sock_filter_func_proto(enum bpf_func_id + #endif + case BPF_FUNC_sk_storage_get: + return &bpf_sk_storage_get_cg_sock_proto; ++ case BPF_FUNC_ktime_get_coarse_ns: ++ return &bpf_ktime_get_coarse_ns_proto; + default: + return bpf_base_func_proto(func_id); + } +@@ -10306,6 +10308,8 @@ sk_reuseport_func_proto(enum bpf_func_id + return &sk_reuseport_load_bytes_relative_proto; + case BPF_FUNC_get_socket_cookie: + return &bpf_get_socket_ptr_cookie_proto; ++ case BPF_FUNC_ktime_get_coarse_ns: ++ return &bpf_ktime_get_coarse_ns_proto; + default: + return bpf_base_func_proto(func_id); + } +@@ -10787,6 +10791,8 @@ bpf_sk_base_func_proto(enum bpf_func_id + case BPF_FUNC_skc_to_udp6_sock: + func = &bpf_skc_to_udp6_sock_proto; + break; ++ case BPF_FUNC_ktime_get_coarse_ns: ++ return &bpf_ktime_get_coarse_ns_proto; + default: + return bpf_base_func_proto(func_id); + } +--- a/net/ipv4/bpf_tcp_ca.c ++++ b/net/ipv4/bpf_tcp_ca.c +@@ -212,6 +212,8 @@ bpf_tcp_ca_get_func_proto(enum bpf_func_ + offsetof(struct tcp_congestion_ops, release)) + return &bpf_sk_getsockopt_proto; + return NULL; ++ case BPF_FUNC_ktime_get_coarse_ns: ++ return &bpf_ktime_get_coarse_ns_proto; + default: + return bpf_base_func_proto(func_id); + } diff --git a/queue-5.15/btrfs-update-device-path-inode-time-instead-of-bd_inode.patch b/queue-5.15/btrfs-update-device-path-inode-time-instead-of-bd_inode.patch new file mode 100644 index 00000000000..ac1f510a757 --- /dev/null +++ b/queue-5.15/btrfs-update-device-path-inode-time-instead-of-bd_inode.patch @@ -0,0 +1,84 @@ +From 54fde91f52f515e0b1514f0f0fa146e87a672227 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Thu, 14 Oct 2021 13:11:01 -0400 +Subject: btrfs: update device path inode time instead of bd_inode + +From: Josef Bacik + +commit 54fde91f52f515e0b1514f0f0fa146e87a672227 upstream. + +Christoph pointed out that I'm updating bdev->bd_inode for the device +time when we remove block devices from a btrfs file system, however this +isn't actually exposed to anything. The inode we want to update is the +one that's associated with the path to the device, usually on devtmpfs, +so that blkid notices the difference. + +We still don't want to do the blkdev_open, so use kern_path() to get the +path to the given device and do the update time on that inode. + +Fixes: 8f96a5bfa150 ("btrfs: update the bdev time directly when closing") +Reported-by: Christoph Hellwig +Signed-off-by: Josef Bacik +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/volumes.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/fs/btrfs/volumes.c ++++ b/fs/btrfs/volumes.c +@@ -14,6 +14,7 @@ + #include + #include + #include ++#include + #include "misc.h" + #include "ctree.h" + #include "extent_map.h" +@@ -1884,18 +1885,22 @@ out: + /* + * Function to update ctime/mtime for a given device path. + * Mainly used for ctime/mtime based probe like libblkid. ++ * ++ * We don't care about errors here, this is just to be kind to userspace. + */ +-static void update_dev_time(struct block_device *bdev) ++static void update_dev_time(const char *device_path) + { +- struct inode *inode = bdev->bd_inode; ++ struct path path; + struct timespec64 now; ++ int ret; + +- /* Shouldn't happen but just in case. */ +- if (!inode) ++ ret = kern_path(device_path, LOOKUP_FOLLOW, &path); ++ if (ret) + return; + +- now = current_time(inode); +- generic_update_time(inode, &now, S_MTIME | S_CTIME); ++ now = current_time(d_inode(path.dentry)); ++ inode_update_time(d_inode(path.dentry), &now, S_MTIME | S_CTIME); ++ path_put(&path); + } + + static int btrfs_rm_dev_item(struct btrfs_device *device) +@@ -2071,7 +2076,7 @@ void btrfs_scratch_superblocks(struct bt + btrfs_kobject_uevent(bdev, KOBJ_CHANGE); + + /* Update ctime/mtime for device path for libblkid */ +- update_dev_time(bdev); ++ update_dev_time(device_path); + } + + int btrfs_rm_device(struct btrfs_fs_info *fs_info, const char *device_path, +@@ -2735,7 +2740,7 @@ int btrfs_init_new_device(struct btrfs_f + btrfs_forget_devices(device_path); + + /* Update ctime/mtime for blkid or udev */ +- update_dev_time(bdev); ++ update_dev_time(device_path); + + return ret; + diff --git a/queue-5.15/fs-export-an-inode_update_time-helper.patch b/queue-5.15/fs-export-an-inode_update_time-helper.patch new file mode 100644 index 00000000000..6e88b2fcfdf --- /dev/null +++ b/queue-5.15/fs-export-an-inode_update_time-helper.patch @@ -0,0 +1,69 @@ +From e60feb445fce9e51c1558a6aa7faf9dd5ded533b Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Thu, 14 Oct 2021 13:11:00 -0400 +Subject: fs: export an inode_update_time helper + +From: Josef Bacik + +commit e60feb445fce9e51c1558a6aa7faf9dd5ded533b upstream. + +If you already have an inode and need to update the time on the inode +there is no way to do this properly. Export this helper to allow file +systems to update time on the inode so the appropriate handler is +called, either ->update_time or generic_update_time. + +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/inode.c | 7 ++++--- + include/linux/fs.h | 2 ++ + 2 files changed, 6 insertions(+), 3 deletions(-) + +--- a/fs/inode.c ++++ b/fs/inode.c +@@ -1782,12 +1782,13 @@ EXPORT_SYMBOL(generic_update_time); + * This does the actual work of updating an inodes time or version. Must have + * had called mnt_want_write() before calling this. + */ +-static int update_time(struct inode *inode, struct timespec64 *time, int flags) ++int inode_update_time(struct inode *inode, struct timespec64 *time, int flags) + { + if (inode->i_op->update_time) + return inode->i_op->update_time(inode, time, flags); + return generic_update_time(inode, time, flags); + } ++EXPORT_SYMBOL(inode_update_time); + + /** + * atime_needs_update - update the access time +@@ -1857,7 +1858,7 @@ void touch_atime(const struct path *path + * of the fs read only, e.g. subvolumes in Btrfs. + */ + now = current_time(inode); +- update_time(inode, &now, S_ATIME); ++ inode_update_time(inode, &now, S_ATIME); + __mnt_drop_write(mnt); + skip_update: + sb_end_write(inode->i_sb); +@@ -2002,7 +2003,7 @@ int file_update_time(struct file *file) + if (__mnt_want_write_file(file)) + return 0; + +- ret = update_time(inode, &now, sync_it); ++ ret = inode_update_time(inode, &now, sync_it); + __mnt_drop_write_file(file); + + return ret; +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -2498,6 +2498,8 @@ enum file_time_flags { + + extern bool atime_needs_update(const struct path *, struct inode *); + extern void touch_atime(const struct path *); ++int inode_update_time(struct inode *inode, struct timespec64 *time, int flags); ++ + static inline void file_accessed(struct file *file) + { + if (!(file->f_flags & O_NOATIME)) diff --git a/queue-5.15/hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch b/queue-5.15/hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch new file mode 100644 index 00000000000..c10a2abba50 --- /dev/null +++ b/queue-5.15/hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch @@ -0,0 +1,83 @@ +From a4a118f2eead1d6c49e00765de89878288d4b890 Mon Sep 17 00:00:00 2001 +From: Nadav Amit +Date: Sun, 21 Nov 2021 12:40:07 -0800 +Subject: hugetlbfs: flush TLBs correctly after huge_pmd_unshare + +From: Nadav Amit + +commit a4a118f2eead1d6c49e00765de89878288d4b890 upstream. + +When __unmap_hugepage_range() calls to huge_pmd_unshare() succeed, a TLB +flush is missing. This TLB flush must be performed before releasing the +i_mmap_rwsem, in order to prevent an unshared PMDs page from being +released and reused before the TLB flush took place. + +Arguably, a comprehensive solution would use mmu_gather interface to +batch the TLB flushes and the PMDs page release, however it is not an +easy solution: (1) try_to_unmap_one() and try_to_migrate_one() also call +huge_pmd_unshare() and they cannot use the mmu_gather interface; and (2) +deferring the release of the page reference for the PMDs page until +after i_mmap_rwsem is dropeed can confuse huge_pmd_unshare() into +thinking PMDs are shared when they are not. + +Fix __unmap_hugepage_range() by adding the missing TLB flush, and +forcing a flush when unshare is successful. + +Fixes: 24669e58477e ("hugetlb: use mmu_gather instead of a temporary linked list for accumulating pages)" # 3.6 +Signed-off-by: Nadav Amit +Reviewed-by: Mike Kravetz +Cc: Aneesh Kumar K.V +Cc: KAMEZAWA Hiroyuki +Cc: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + mm/hugetlb.c | 23 +++++++++++++++++++---- + 1 file changed, 19 insertions(+), 4 deletions(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -4439,6 +4439,7 @@ void __unmap_hugepage_range(struct mmu_g + struct hstate *h = hstate_vma(vma); + unsigned long sz = huge_page_size(h); + struct mmu_notifier_range range; ++ bool force_flush = false; + + WARN_ON(!is_vm_hugetlb_page(vma)); + BUG_ON(start & ~huge_page_mask(h)); +@@ -4467,10 +4468,8 @@ void __unmap_hugepage_range(struct mmu_g + ptl = huge_pte_lock(h, mm, ptep); + if (huge_pmd_unshare(mm, vma, &address, ptep)) { + spin_unlock(ptl); +- /* +- * We just unmapped a page of PMDs by clearing a PUD. +- * The caller's TLB flush range should cover this area. +- */ ++ tlb_flush_pmd_range(tlb, address & PUD_MASK, PUD_SIZE); ++ force_flush = true; + continue; + } + +@@ -4527,6 +4526,22 @@ void __unmap_hugepage_range(struct mmu_g + } + mmu_notifier_invalidate_range_end(&range); + tlb_end_vma(tlb, vma); ++ ++ /* ++ * If we unshared PMDs, the TLB flush was not recorded in mmu_gather. We ++ * could defer the flush until now, since by holding i_mmap_rwsem we ++ * guaranteed that the last refernece would not be dropped. But we must ++ * do the flushing before we return, as otherwise i_mmap_rwsem will be ++ * dropped and the last reference to the shared PMDs page might be ++ * dropped as well. ++ * ++ * In theory we could defer the freeing of the PMD pages as well, but ++ * huge_pmd_unshare() relies on the exact page_count for the PMD page to ++ * detect sharing, so we cannot defer the release of the page either. ++ * Instead, do flush now. ++ */ ++ if (force_flush) ++ tlb_flush_mmu_tlbonly(tlb); + } + + void __unmap_hugepage_range_final(struct mmu_gather *tlb, diff --git a/queue-5.15/ice-delete-always-true-check-of-pf-pointer.patch b/queue-5.15/ice-delete-always-true-check-of-pf-pointer.patch new file mode 100644 index 00000000000..8f44ce967d3 --- /dev/null +++ b/queue-5.15/ice-delete-always-true-check-of-pf-pointer.patch @@ -0,0 +1,32 @@ +From 2ff04286a9569675948f39cec2c6ad47c3584633 Mon Sep 17 00:00:00 2001 +From: Leon Romanovsky +Date: Thu, 23 Sep 2021 21:12:52 +0300 +Subject: ice: Delete always true check of PF pointer + +From: Leon Romanovsky + +commit 2ff04286a9569675948f39cec2c6ad47c3584633 upstream. + +PF pointer is always valid when PCI core calls its .shutdown() and +.remove() callbacks. There is no need to check it again. + +Fixes: 837f08fdecbe ("ice: Add basic driver framework for Intel(R) E800 Series") +Signed-off-by: Leon Romanovsky +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ice/ice_main.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/drivers/net/ethernet/intel/ice/ice_main.c ++++ b/drivers/net/ethernet/intel/ice/ice_main.c +@@ -4600,9 +4600,6 @@ static void ice_remove(struct pci_dev *p + struct ice_pf *pf = pci_get_drvdata(pdev); + int i; + +- if (!pf) +- return; +- + for (i = 0; i < ICE_MAX_RESET_WAIT; i++) { + if (!ice_is_reset_in_progress(pf->state)) + break; diff --git a/queue-5.15/ice-fix-vf-true-promiscuous-mode.patch b/queue-5.15/ice-fix-vf-true-promiscuous-mode.patch new file mode 100644 index 00000000000..882312f21b0 --- /dev/null +++ b/queue-5.15/ice-fix-vf-true-promiscuous-mode.patch @@ -0,0 +1,158 @@ +From 1a8c7778bcde5981463a5b9f9b2caa44a327ff93 Mon Sep 17 00:00:00 2001 +From: Brett Creeley +Date: Fri, 26 Feb 2021 13:19:23 -0800 +Subject: ice: Fix VF true promiscuous mode + +From: Brett Creeley + +commit 1a8c7778bcde5981463a5b9f9b2caa44a327ff93 upstream. + +When a VF requests promiscuous mode and it's trusted and true promiscuous +mode is enabled the PF driver attempts to enable unicast and/or +multicast promiscuous mode filters based on the request. This is fine, +but there are a couple issues with the current code. + +[1] The define to configure the unicast promiscuous mode mask also + includes bits to configure the multicast promiscuous mode mask, which + causes multicast to be set/cleared unintentionally. +[2] All 4 cases for enable/disable unicast/multicast mode are not + handled in the promiscuous mode message handler, which causes + unexpected results regarding the current promiscuous mode settings. + +To fix [1] make sure any promiscuous mask defines include the correct +bits for each of the promiscuous modes. + +To fix [2] make sure that all 4 cases are handled since there are 2 bits +(FLAG_VF_UNICAST_PROMISC and FLAG_VF_MULTICAST_PROMISC) that can be +either set or cleared. Also, since either unicast and/or multicast +promiscuous configuration can fail, introduce two separate error values +to handle each of these cases. + +Fixes: 01b5e89aab49 ("ice: Add VF promiscuous support") +Signed-off-by: Brett Creeley +Tested-by: Tony Brelinski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ice/ice.h | 5 - + drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c | 78 +++++++++++------------ + 2 files changed, 40 insertions(+), 43 deletions(-) + +--- a/drivers/net/ethernet/intel/ice/ice.h ++++ b/drivers/net/ethernet/intel/ice/ice.h +@@ -139,13 +139,10 @@ + #define ice_for_each_q_vector(vsi, i) \ + for ((i) = 0; (i) < (vsi)->num_q_vectors; (i)++) + +-#define ICE_UCAST_PROMISC_BITS (ICE_PROMISC_UCAST_TX | ICE_PROMISC_MCAST_TX | \ +- ICE_PROMISC_UCAST_RX | ICE_PROMISC_MCAST_RX) ++#define ICE_UCAST_PROMISC_BITS (ICE_PROMISC_UCAST_TX | ICE_PROMISC_UCAST_RX) + + #define ICE_UCAST_VLAN_PROMISC_BITS (ICE_PROMISC_UCAST_TX | \ +- ICE_PROMISC_MCAST_TX | \ + ICE_PROMISC_UCAST_RX | \ +- ICE_PROMISC_MCAST_RX | \ + ICE_PROMISC_VLAN_TX | \ + ICE_PROMISC_VLAN_RX) + +--- a/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/ice/ice_virtchnl_pf.c +@@ -2952,6 +2952,7 @@ bool ice_is_any_vf_in_promisc(struct ice + static int ice_vc_cfg_promiscuous_mode_msg(struct ice_vf *vf, u8 *msg) + { + enum virtchnl_status_code v_ret = VIRTCHNL_STATUS_SUCCESS; ++ enum ice_status mcast_status = 0, ucast_status = 0; + bool rm_promisc, alluni = false, allmulti = false; + struct virtchnl_promisc_info *info = + (struct virtchnl_promisc_info *)msg; +@@ -3041,52 +3042,51 @@ static int ice_vc_cfg_promiscuous_mode_m + goto error_param; + } + } else { +- enum ice_status status; +- u8 promisc_m; ++ u8 mcast_m, ucast_m; + +- if (alluni) { +- if (vf->port_vlan_info || vsi->num_vlan) +- promisc_m = ICE_UCAST_VLAN_PROMISC_BITS; +- else +- promisc_m = ICE_UCAST_PROMISC_BITS; +- } else if (allmulti) { +- if (vf->port_vlan_info || vsi->num_vlan) +- promisc_m = ICE_MCAST_VLAN_PROMISC_BITS; +- else +- promisc_m = ICE_MCAST_PROMISC_BITS; ++ if (vf->port_vlan_info || vsi->num_vlan > 1) { ++ mcast_m = ICE_MCAST_VLAN_PROMISC_BITS; ++ ucast_m = ICE_UCAST_VLAN_PROMISC_BITS; + } else { +- if (vf->port_vlan_info || vsi->num_vlan) +- promisc_m = ICE_UCAST_VLAN_PROMISC_BITS; +- else +- promisc_m = ICE_UCAST_PROMISC_BITS; ++ mcast_m = ICE_MCAST_PROMISC_BITS; ++ ucast_m = ICE_UCAST_PROMISC_BITS; + } + +- /* Configure multicast/unicast with or without VLAN promiscuous +- * mode +- */ +- status = ice_vf_set_vsi_promisc(vf, vsi, promisc_m, rm_promisc); +- if (status) { +- dev_err(dev, "%sable Tx/Rx filter promiscuous mode on VF-%d failed, error: %s\n", +- rm_promisc ? "dis" : "en", vf->vf_id, +- ice_stat_str(status)); +- v_ret = ice_err_to_virt_err(status); +- goto error_param; +- } else { +- dev_dbg(dev, "%sable Tx/Rx filter promiscuous mode on VF-%d succeeded\n", +- rm_promisc ? "dis" : "en", vf->vf_id); ++ ucast_status = ice_vf_set_vsi_promisc(vf, vsi, ucast_m, ++ !alluni); ++ if (ucast_status) { ++ dev_err(dev, "%sable Tx/Rx filter promiscuous mode on VF-%d failed\n", ++ alluni ? "en" : "dis", vf->vf_id); ++ v_ret = ice_err_to_virt_err(ucast_status); ++ } ++ ++ mcast_status = ice_vf_set_vsi_promisc(vf, vsi, mcast_m, ++ !allmulti); ++ if (mcast_status) { ++ dev_err(dev, "%sable Tx/Rx filter promiscuous mode on VF-%d failed\n", ++ allmulti ? "en" : "dis", vf->vf_id); ++ v_ret = ice_err_to_virt_err(mcast_status); + } + } + +- if (allmulti && +- !test_and_set_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) +- dev_info(dev, "VF %u successfully set multicast promiscuous mode\n", vf->vf_id); +- else if (!allmulti && test_and_clear_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) +- dev_info(dev, "VF %u successfully unset multicast promiscuous mode\n", vf->vf_id); +- +- if (alluni && !test_and_set_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) +- dev_info(dev, "VF %u successfully set unicast promiscuous mode\n", vf->vf_id); +- else if (!alluni && test_and_clear_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) +- dev_info(dev, "VF %u successfully unset unicast promiscuous mode\n", vf->vf_id); ++ if (!mcast_status) { ++ if (allmulti && ++ !test_and_set_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) ++ dev_info(dev, "VF %u successfully set multicast promiscuous mode\n", ++ vf->vf_id); ++ else if (!allmulti && test_and_clear_bit(ICE_VF_STATE_MC_PROMISC, vf->vf_states)) ++ dev_info(dev, "VF %u successfully unset multicast promiscuous mode\n", ++ vf->vf_id); ++ } ++ ++ if (!ucast_status) { ++ if (alluni && !test_and_set_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) ++ dev_info(dev, "VF %u successfully set unicast promiscuous mode\n", ++ vf->vf_id); ++ else if (!alluni && test_and_clear_bit(ICE_VF_STATE_UC_PROMISC, vf->vf_states)) ++ dev_info(dev, "VF %u successfully unset unicast promiscuous mode\n", ++ vf->vf_id); ++ } + + error_param: + return ice_vc_send_msg_to_vf(vf, VIRTCHNL_OP_CONFIG_PROMISCUOUS_MODE, diff --git a/queue-5.15/net-add-and-use-skb_unclone_keeptruesize-helper.patch b/queue-5.15/net-add-and-use-skb_unclone_keeptruesize-helper.patch new file mode 100644 index 00000000000..2cf886abffe --- /dev/null +++ b/queue-5.15/net-add-and-use-skb_unclone_keeptruesize-helper.patch @@ -0,0 +1,110 @@ +From c4777efa751d293e369aec464ce6875e957be255 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet +Date: Mon, 1 Nov 2021 17:45:55 -0700 +Subject: net: add and use skb_unclone_keeptruesize() helper + +From: Eric Dumazet + +commit c4777efa751d293e369aec464ce6875e957be255 upstream. + +While commit 097b9146c0e2 ("net: fix up truesize of cloned +skb in skb_prepare_for_shift()") fixed immediate issues found +when KFENCE was enabled/tested, there are still similar issues, +when tcp_trim_head() hits KFENCE while the master skb +is cloned. + +This happens under heavy networking TX workloads, +when the TX completion might be delayed after incoming ACK. + +This patch fixes the WARNING in sk_stream_kill_queues +when sk->sk_mem_queued/sk->sk_forward_alloc are not zero. + +Fixes: d3fb45f370d9 ("mm, kfence: insert KFENCE hooks for SLAB") +Signed-off-by: Eric Dumazet +Acked-by: Marco Elver +Link: https://lore.kernel.org/r/20211102004555.1359210-1-eric.dumazet@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/skbuff.h | 16 ++++++++++++++++ + net/core/skbuff.c | 14 +------------- + net/ipv4/tcp_output.c | 6 +++--- + 3 files changed, 20 insertions(+), 16 deletions(-) + +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -1671,6 +1671,22 @@ static inline int skb_unclone(struct sk_ + return 0; + } + ++/* This variant of skb_unclone() makes sure skb->truesize is not changed */ ++static inline int skb_unclone_keeptruesize(struct sk_buff *skb, gfp_t pri) ++{ ++ might_sleep_if(gfpflags_allow_blocking(pri)); ++ ++ if (skb_cloned(skb)) { ++ unsigned int save = skb->truesize; ++ int res; ++ ++ res = pskb_expand_head(skb, 0, 0, pri); ++ skb->truesize = save; ++ return res; ++ } ++ return 0; ++} ++ + /** + * skb_header_cloned - is the header a clone + * @skb: buffer to check +--- a/net/core/skbuff.c ++++ b/net/core/skbuff.c +@@ -3449,19 +3449,7 @@ EXPORT_SYMBOL(skb_split); + */ + static int skb_prepare_for_shift(struct sk_buff *skb) + { +- int ret = 0; +- +- if (skb_cloned(skb)) { +- /* Save and restore truesize: pskb_expand_head() may reallocate +- * memory where ksize(kmalloc(S)) != ksize(kmalloc(S)), but we +- * cannot change truesize at this point. +- */ +- unsigned int save_truesize = skb->truesize; +- +- ret = pskb_expand_head(skb, 0, 0, GFP_ATOMIC); +- skb->truesize = save_truesize; +- } +- return ret; ++ return skb_unclone_keeptruesize(skb, GFP_ATOMIC); + } + + /** +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -1562,7 +1562,7 @@ int tcp_fragment(struct sock *sk, enum t + return -ENOMEM; + } + +- if (skb_unclone(skb, gfp)) ++ if (skb_unclone_keeptruesize(skb, gfp)) + return -ENOMEM; + + /* Get a new skb... force flag on. */ +@@ -1672,7 +1672,7 @@ int tcp_trim_head(struct sock *sk, struc + { + u32 delta_truesize; + +- if (skb_unclone(skb, GFP_ATOMIC)) ++ if (skb_unclone_keeptruesize(skb, GFP_ATOMIC)) + return -ENOMEM; + + delta_truesize = __pskb_trim_head(skb, len); +@@ -3184,7 +3184,7 @@ int __tcp_retransmit_skb(struct sock *sk + cur_mss, GFP_ATOMIC)) + return -ENOMEM; /* We'll try again later. */ + } else { +- if (skb_unclone(skb, GFP_ATOMIC)) ++ if (skb_unclone_keeptruesize(skb, GFP_ATOMIC)) + return -ENOMEM; + + diff = tcp_skb_pcount(skb); diff --git a/queue-5.15/rdma-netlink-add-__maybe_unused-to-static-inline-in-c-file.patch b/queue-5.15/rdma-netlink-add-__maybe_unused-to-static-inline-in-c-file.patch new file mode 100644 index 00000000000..4f08a857d90 --- /dev/null +++ b/queue-5.15/rdma-netlink-add-__maybe_unused-to-static-inline-in-c-file.patch @@ -0,0 +1,37 @@ +From 83dde7498fefeb920b1def317421262317d178e5 Mon Sep 17 00:00:00 2001 +From: Leon Romanovsky +Date: Sun, 7 Nov 2021 08:40:47 +0200 +Subject: RDMA/netlink: Add __maybe_unused to static inline in C file + +From: Leon Romanovsky + +commit 83dde7498fefeb920b1def317421262317d178e5 upstream. + +Like other commits in the tree add __maybe_unused to a static inline in a +C file because some clang compilers will complain about unused code: + +>> drivers/infiniband/core/nldev.c:2543:1: warning: unused function '__chk_RDMA_NL_NLDEV' + MODULE_ALIAS_RDMA_NETLINK(RDMA_NL_NLDEV, 5); + ^ + +Fixes: e3bf14bdc17a ("rdma: Autoload netlink client modules") +Link: https://lore.kernel.org/r/4a8101919b765e01d7fde6f27fd572c958deeb4a.1636267207.git.leonro@nvidia.com +Reported-by: kernel test robot +Signed-off-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + include/rdma/rdma_netlink.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/include/rdma/rdma_netlink.h ++++ b/include/rdma/rdma_netlink.h +@@ -30,7 +30,7 @@ enum rdma_nl_flags { + * constant as well and the compiler checks they are the same. + */ + #define MODULE_ALIAS_RDMA_NETLINK(_index, _val) \ +- static inline void __chk_##_index(void) \ ++ static inline void __maybe_unused __chk_##_index(void) \ + { \ + BUILD_BUG_ON(_index != _val); \ + } \ diff --git a/queue-5.15/selinux-fix-null-pointer-dereference-when-hashtab-allocation-fails.patch b/queue-5.15/selinux-fix-null-pointer-dereference-when-hashtab-allocation-fails.patch new file mode 100644 index 00000000000..4ae2462c161 --- /dev/null +++ b/queue-5.15/selinux-fix-null-pointer-dereference-when-hashtab-allocation-fails.patch @@ -0,0 +1,56 @@ +From dc27f3c5d10c58069672215787a96b4fae01818b Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Fri, 19 Nov 2021 14:45:20 +0100 +Subject: selinux: fix NULL-pointer dereference when hashtab allocation fails + +From: Ondrej Mosnacek + +commit dc27f3c5d10c58069672215787a96b4fae01818b upstream. + +When the hash table slot array allocation fails in hashtab_init(), +h->size is left initialized with a non-zero value, but the h->htable +pointer is NULL. This may then cause a NULL pointer dereference, since +the policydb code relies on the assumption that even after a failed +hashtab_init(), hashtab_map() and hashtab_destroy() can be safely called +on it. Yet, these detect an empty hashtab only by looking at the size. + +Fix this by making sure that hashtab_init() always leaves behind a valid +empty hashtab when the allocation fails. + +Cc: stable@vger.kernel.org +Fixes: 03414a49ad5f ("selinux: do not allocate hashtabs dynamically") +Signed-off-by: Ondrej Mosnacek +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/selinux/ss/hashtab.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +--- a/security/selinux/ss/hashtab.c ++++ b/security/selinux/ss/hashtab.c +@@ -30,13 +30,20 @@ static u32 hashtab_compute_size(u32 nel) + + int hashtab_init(struct hashtab *h, u32 nel_hint) + { +- h->size = hashtab_compute_size(nel_hint); ++ u32 size = hashtab_compute_size(nel_hint); ++ ++ /* should already be zeroed, but better be safe */ + h->nel = 0; +- if (!h->size) +- return 0; ++ h->size = 0; ++ h->htable = NULL; + +- h->htable = kcalloc(h->size, sizeof(*h->htable), GFP_KERNEL); +- return h->htable ? 0 : -ENOMEM; ++ if (size) { ++ h->htable = kcalloc(size, sizeof(*h->htable), GFP_KERNEL); ++ if (!h->htable) ++ return -ENOMEM; ++ h->size = size; ++ } ++ return 0; + } + + int __hashtab_insert(struct hashtab *h, struct hashtab_node **dst, diff --git a/queue-5.15/series b/queue-5.15/series index 68193af570a..c5fc3fab3b7 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -264,3 +264,17 @@ signal-x86-in-emulate_vsyscall-force-a-signal-instead-of-calling-do_exit.patch signal-replace-force_sigsegv-sigsegv-with-force_fatal_sig-sigsegv.patch signal-don-t-always-set-sa_immutable-for-forced-signals.patch signal-replace-force_fatal_sig-with-force_exit_sig-when-in-doubt.patch +hugetlbfs-flush-tlbs-correctly-after-huge_pmd_unshare.patch +rdma-netlink-add-__maybe_unused-to-static-inline-in-c-file.patch +bpf-forbid-bpf_ktime_get_coarse_ns-and-bpf_timer_-in-tracing-progs.patch +selinux-fix-null-pointer-dereference-when-hashtab-allocation-fails.patch +asoc-dapm-cover-regression-by-kctl-change-notification-fix.patch +asoc-rsnd-fixup-dmaengine-api.patch +usb-max-3421-use-driver-data-instead-of-maintaining-a-list-of-bound-devices.patch +arm64-dts-qcom-msm8916-longcheer-l8150-use-pm8916_usbin-extcon.patch +ice-fix-vf-true-promiscuous-mode.patch +ice-delete-always-true-check-of-pf-pointer.patch +fs-export-an-inode_update_time-helper.patch +btrfs-update-device-path-inode-time-instead-of-bd_inode.patch +net-add-and-use-skb_unclone_keeptruesize-helper.patch +x86-kconfig-fix-an-unused-variable-error-in-dell-smm-hwmon.patch diff --git a/queue-5.15/usb-max-3421-use-driver-data-instead-of-maintaining-a-list-of-bound-devices.patch b/queue-5.15/usb-max-3421-use-driver-data-instead-of-maintaining-a-list-of-bound-devices.patch new file mode 100644 index 00000000000..ada947ab1e6 --- /dev/null +++ b/queue-5.15/usb-max-3421-use-driver-data-instead-of-maintaining-a-list-of-bound-devices.patch @@ -0,0 +1,98 @@ +From fc153aba3ef371d0d76eb88230ed4e0dee5b38f2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= +Date: Mon, 18 Oct 2021 22:40:28 +0200 +Subject: usb: max-3421: Use driver data instead of maintaining a list of bound devices +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Uwe Kleine-König + +commit fc153aba3ef371d0d76eb88230ed4e0dee5b38f2 upstream. + +Instead of maintaining a single-linked list of devices that must be +searched linearly in .remove() just use spi_set_drvdata() to remember the +link between the spi device and the driver struct. Then the global list +and the next member can be dropped. + +This simplifies the driver, reduces the memory footprint and the time to +search the list. Also it makes obvious that there is always a corresponding +driver struct for a given device in .remove(), so the error path for +!max3421_hcd can be dropped, too. + +As a side effect this fixes a data inconsistency when .probe() races with +itself for a second max3421 device in manipulating max3421_hcd_list. A +similar race is fixed in .remove(), too. + +Fixes: 2d53139f3162 ("Add support for using a MAX3421E chip as a host driver.") +Signed-off-by: Uwe Kleine-König +Link: https://lore.kernel.org/r/20211018204028.2914597-1-u.kleine-koenig@pengutronix.de +Signed-off-by: Greg Kroah-Hartman +--- + drivers/usb/host/max3421-hcd.c | 25 +++++-------------------- + 1 file changed, 5 insertions(+), 20 deletions(-) + +--- a/drivers/usb/host/max3421-hcd.c ++++ b/drivers/usb/host/max3421-hcd.c +@@ -125,8 +125,6 @@ struct max3421_hcd { + + struct task_struct *spi_thread; + +- struct max3421_hcd *next; +- + enum max3421_rh_state rh_state; + /* lower 16 bits contain port status, upper 16 bits the change mask: */ + u32 port_status; +@@ -174,8 +172,6 @@ struct max3421_ep { + u8 retransmit; /* packet needs retransmission */ + }; + +-static struct max3421_hcd *max3421_hcd_list; +- + #define MAX3421_FIFO_SIZE 64 + + #define MAX3421_SPI_DIR_RD 0 /* read register from MAX3421 */ +@@ -1882,9 +1878,8 @@ max3421_probe(struct spi_device *spi) + } + set_bit(HCD_FLAG_POLL_RH, &hcd->flags); + max3421_hcd = hcd_to_max3421(hcd); +- max3421_hcd->next = max3421_hcd_list; +- max3421_hcd_list = max3421_hcd; + INIT_LIST_HEAD(&max3421_hcd->ep_list); ++ spi_set_drvdata(spi, max3421_hcd); + + max3421_hcd->tx = kmalloc(sizeof(*max3421_hcd->tx), GFP_KERNEL); + if (!max3421_hcd->tx) +@@ -1934,28 +1929,18 @@ error: + static int + max3421_remove(struct spi_device *spi) + { +- struct max3421_hcd *max3421_hcd = NULL, **prev; +- struct usb_hcd *hcd = NULL; ++ struct max3421_hcd *max3421_hcd; ++ struct usb_hcd *hcd; + unsigned long flags; + +- for (prev = &max3421_hcd_list; *prev; prev = &(*prev)->next) { +- max3421_hcd = *prev; +- hcd = max3421_to_hcd(max3421_hcd); +- if (hcd->self.controller == &spi->dev) +- break; +- } +- if (!max3421_hcd) { +- dev_err(&spi->dev, "no MAX3421 HCD found for SPI device %p\n", +- spi); +- return -ENODEV; +- } ++ max3421_hcd = spi_get_drvdata(spi); ++ hcd = max3421_to_hcd(max3421_hcd); + + usb_remove_hcd(hcd); + + spin_lock_irqsave(&max3421_hcd->lock, flags); + + kthread_stop(max3421_hcd->spi_thread); +- *prev = max3421_hcd->next; + + spin_unlock_irqrestore(&max3421_hcd->lock, flags); + diff --git a/queue-5.15/x86-kconfig-fix-an-unused-variable-error-in-dell-smm-hwmon.patch b/queue-5.15/x86-kconfig-fix-an-unused-variable-error-in-dell-smm-hwmon.patch new file mode 100644 index 00000000000..12d05909225 --- /dev/null +++ b/queue-5.15/x86-kconfig-fix-an-unused-variable-error-in-dell-smm-hwmon.patch @@ -0,0 +1,50 @@ +From ef775a0e36c6a81c5b07cb228c02f967133fe768 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Fri, 10 Sep 2021 00:19:21 -0700 +Subject: x86/Kconfig: Fix an unused variable error in dell-smm-hwmon +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Randy Dunlap + +commit ef775a0e36c6a81c5b07cb228c02f967133fe768 upstream. + +When CONFIG_PROC_FS is not set, there is a build warning (turned +into an error): + + ../drivers/hwmon/dell-smm-hwmon.c: In function 'i8k_init_procfs': + ../drivers/hwmon/dell-smm-hwmon.c:624:24: error: unused variable 'data' [-Werror=unused-variable] + struct dell_smm_data *data = dev_get_drvdata(dev); + +Make I8K depend on PROC_FS and HWMON (instead of selecting HWMON -- it +is strongly preferred to not select entire subsystems). + +Build tested in all possible combinations of SENSORS_DELL_SMM, I8K, and +PROC_FS. + +Fixes: 039ae58503f3 ("hwmon: Allow to compile dell-smm-hwmon driver without /proc/i8k") +Reported-by: Arnd Bergmann +Signed-off-by: Randy Dunlap +Signed-off-by: Borislav Petkov +Reviewed-by: Arnd Bergmann +Acked-by: Guenter Roeck +Acked-by: Pali Rohár +Link: https://lkml.kernel.org/r/20210910071921.16777-1-rdunlap@infradead.org +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/Kconfig | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/arch/x86/Kconfig ++++ b/arch/x86/Kconfig +@@ -1256,7 +1256,8 @@ config TOSHIBA + + config I8K + tristate "Dell i8k legacy laptop support" +- select HWMON ++ depends on HWMON ++ depends on PROC_FS + select SENSORS_DELL_SMM + help + This option enables legacy /proc/i8k userspace interface in hwmon