From: Sasha Levin Date: Sun, 8 Mar 2020 18:13:06 +0000 (-0400) Subject: fixes for 5.4 X-Git-Tag: v4.4.216~65 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=31dd36ed56f092589bc38445a2be56d1aa696172;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/alsa-hda-realtek-fix-a-regression-for-mute-led-on-le.patch b/queue-5.4/alsa-hda-realtek-fix-a-regression-for-mute-led-on-le.patch new file mode 100644 index 00000000000..26bf143774b --- /dev/null +++ b/queue-5.4/alsa-hda-realtek-fix-a-regression-for-mute-led-on-le.patch @@ -0,0 +1,38 @@ +From bfbf09e68045e35056b07097562369ea08c5b5d3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 19 Feb 2020 13:23:06 +0800 +Subject: ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 + +From: Hui Wang + +[ Upstream commit c37c0ab029569a75fd180edb03d411e7a28a936f ] + +Need to chain the THINKPAD_ACPI, otherwise the mute led will not +work. + +Fixes: d2cd795c4ece ("ALSA: hda - fixup for the bass speaker on Lenovo Carbon X1 7th gen") +Cc: +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20200219052306.24935-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 4f78b40831d8c..00e2ba38a7cf6 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6684,6 +6684,8 @@ static const struct hda_fixup alc269_fixups[] = { + [ALC285_FIXUP_SPEAKER2_TO_DAC1] = { + .type = HDA_FIXUP_FUNC, + .v.func = alc285_fixup_speaker2_to_dac1, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_THINKPAD_ACPI + }, + [ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER] = { + .type = HDA_FIXUP_PINS, +-- +2.20.1 + diff --git a/queue-5.4/blktrace-fix-dereference-after-null-check.patch b/queue-5.4/blktrace-fix-dereference-after-null-check.patch new file mode 100644 index 00000000000..73d55f8985f --- /dev/null +++ b/queue-5.4/blktrace-fix-dereference-after-null-check.patch @@ -0,0 +1,70 @@ +From 53be7e95fa76ff36352eb23631d7f99aab4318e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Mar 2020 13:58:19 +0300 +Subject: blktrace: fix dereference after null check + +From: Cengiz Can + +[ Upstream commit 153031a301bb07194e9c37466cfce8eacb977621 ] + +There was a recent change in blktrace.c that added a RCU protection to +`q->blk_trace` in order to fix a use-after-free issue during access. + +However the change missed an edge case that can lead to dereferencing of +`bt` pointer even when it's NULL: + +Coverity static analyzer marked this as a FORWARD_NULL issue with CID +1460458. + +``` +/kernel/trace/blktrace.c: 1904 in sysfs_blk_trace_attr_store() +1898 ret = 0; +1899 if (bt == NULL) +1900 ret = blk_trace_setup_queue(q, bdev); +1901 +1902 if (ret == 0) { +1903 if (attr == &dev_attr_act_mask) +>>> CID 1460458: Null pointer dereferences (FORWARD_NULL) +>>> Dereferencing null pointer "bt". +1904 bt->act_mask = value; +1905 else if (attr == &dev_attr_pid) +1906 bt->pid = value; +1907 else if (attr == &dev_attr_start_lba) +1908 bt->start_lba = value; +1909 else if (attr == &dev_attr_end_lba) +``` + +Added a reassignment with RCU annotation to fix the issue. + +Fixes: c780e86dd48 ("blktrace: Protect q->blk_trace with RCU") +Cc: stable@vger.kernel.org +Reviewed-by: Ming Lei +Reviewed-by: Bob Liu +Reviewed-by: Steven Rostedt (VMware) +Signed-off-by: Cengiz Can +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + kernel/trace/blktrace.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c +index 4b2ad374167bc..e7e483cdbea61 100644 +--- a/kernel/trace/blktrace.c ++++ b/kernel/trace/blktrace.c +@@ -1888,8 +1888,11 @@ static ssize_t sysfs_blk_trace_attr_store(struct device *dev, + } + + ret = 0; +- if (bt == NULL) ++ if (bt == NULL) { + ret = blk_trace_setup_queue(q, bdev); ++ bt = rcu_dereference_protected(q->blk_trace, ++ lockdep_is_held(&q->blk_trace_mutex)); ++ } + + if (ret == 0) { + if (attr == &dev_attr_act_mask) +-- +2.20.1 + diff --git a/queue-5.4/dm-thin-metadata-fix-lockdep-complaint.patch b/queue-5.4/dm-thin-metadata-fix-lockdep-complaint.patch new file mode 100644 index 00000000000..563d76ab7dc --- /dev/null +++ b/queue-5.4/dm-thin-metadata-fix-lockdep-complaint.patch @@ -0,0 +1,57 @@ +From aef89fe0265077bd4d0c7e15358c9fe423fd0274 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 23 Feb 2020 14:54:58 -0500 +Subject: dm thin metadata: fix lockdep complaint + +From: Theodore Ts'o + +[ Upstream commit 3918e0667bbac99400b44fa5aef3f8be2eeada4a ] + +[ 3934.173244] ====================================================== +[ 3934.179572] WARNING: possible circular locking dependency detected +[ 3934.185884] 5.4.21-xfstests #1 Not tainted +[ 3934.190151] ------------------------------------------------------ +[ 3934.196673] dmsetup/8897 is trying to acquire lock: +[ 3934.201688] ffffffffbce82b18 (shrinker_rwsem){++++}, at: unregister_shrinker+0x22/0x80 +[ 3934.210268] + but task is already holding lock: +[ 3934.216489] ffff92a10cc5e1d0 (&pmd->root_lock){++++}, at: dm_pool_metadata_close+0xba/0x120 +[ 3934.225083] + which lock already depends on the new lock. + +[ 3934.564165] Chain exists of: + shrinker_rwsem --> &journal->j_checkpoint_mutex --> &pmd->root_lock + +For a more detailed lockdep report, please see: + + https://lore.kernel.org/r/20200220234519.GA620489@mit.edu + +We shouldn't need to hold the lock while are just tearing down and +freeing the whole metadata pool structure. + +Fixes: 44d8ebf436399a4 ("dm thin metadata: use pool locking at end of dm_pool_metadata_close") +Signed-off-by: Theodore Ts'o +Signed-off-by: Mike Snitzer +Signed-off-by: Sasha Levin +--- + drivers/md/dm-thin-metadata.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c +index 8bb723f1a569a..4cd8868f80040 100644 +--- a/drivers/md/dm-thin-metadata.c ++++ b/drivers/md/dm-thin-metadata.c +@@ -960,9 +960,9 @@ int dm_pool_metadata_close(struct dm_pool_metadata *pmd) + DMWARN("%s: __commit_transaction() failed, error = %d", + __func__, r); + } ++ pmd_write_unlock(pmd); + if (!pmd->fail_io) + __destroy_persistent_data_objects(pmd); +- pmd_write_unlock(pmd); + + kfree(pmd); + return 0; +-- +2.20.1 + diff --git a/queue-5.4/kbuild-fix-no-such-file-or-directory-warning-when-cl.patch b/queue-5.4/kbuild-fix-no-such-file-or-directory-warning-when-cl.patch new file mode 100644 index 00000000000..d00d9349ac2 --- /dev/null +++ b/queue-5.4/kbuild-fix-no-such-file-or-directory-warning-when-cl.patch @@ -0,0 +1,46 @@ +From 10a6150bad99d40f383ffc4d0e021c581f484c90 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 4 Dec 2019 11:51:48 +0900 +Subject: kbuild: fix 'No such file or directory' warning when cleaning +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masahiro Yamada + +[ Upstream commit cf6b58ab2d55f5a143c88c219c8e66ff0720fa69 ] + +Since commit fcbb8461fd23 ("kbuild: remove header compile test"), +'make clean' with O= option in the pristine source tree emits +'No such file or directory' warning. + +$ git clean -d -f -x +$ make O=foo clean +make[1]: Entering directory '/home/masahiro/linux/foo' +find: ‘usr/include’: No such file or directory +make[1]: Leaving directory '/home/masahiro/linux/foo' + +Fixes: fcbb8461fd23 ("kbuild: remove header compile test") +Reported-by: kbuild test robot +Signed-off-by: Masahiro Yamada +Signed-off-by: Sasha Levin +--- + usr/include/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/usr/include/Makefile b/usr/include/Makefile +index 47cb91d3a51d2..e2840579156a9 100644 +--- a/usr/include/Makefile ++++ b/usr/include/Makefile +@@ -99,7 +99,7 @@ endif + # asm-generic/*.h is used by asm/*.h, and should not be included directly + header-test- += asm-generic/% + +-extra-y := $(patsubst $(obj)/%.h,%.hdrtest, $(shell find $(obj) -name '*.h')) ++extra-y := $(patsubst $(obj)/%.h,%.hdrtest, $(shell find $(obj) -name '*.h' 2>/dev/null)) + + quiet_cmd_hdrtest = HDRTEST $< + cmd_hdrtest = \ +-- +2.20.1 + diff --git a/queue-5.4/kprobes-fix-optimize_kprobe-unoptimize_kprobe-cancel.patch b/queue-5.4/kprobes-fix-optimize_kprobe-unoptimize_kprobe-cancel.patch new file mode 100644 index 00000000000..75626a86a6a --- /dev/null +++ b/queue-5.4/kprobes-fix-optimize_kprobe-unoptimize_kprobe-cancel.patch @@ -0,0 +1,166 @@ +From 7e54dc84e7b976b7ce8b973e9a6d50bc9a8e7ccd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jan 2020 23:42:24 +0900 +Subject: kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic + +From: Masami Hiramatsu + +[ Upstream commit e4add247789e4ba5e08ad8256183ce2e211877d4 ] + +optimize_kprobe() and unoptimize_kprobe() cancels if a given kprobe +is on the optimizing_list or unoptimizing_list already. However, since +the following commit: + + f66c0447cca1 ("kprobes: Set unoptimized flag after unoptimizing code") + +modified the update timing of the KPROBE_FLAG_OPTIMIZED, it doesn't +work as expected anymore. + +The optimized_kprobe could be in the following states: + +- [optimizing]: Before inserting jump instruction + op.kp->flags has KPROBE_FLAG_OPTIMIZED and + op->list is not empty. + +- [optimized]: jump inserted + op.kp->flags has KPROBE_FLAG_OPTIMIZED and + op->list is empty. + +- [unoptimizing]: Before removing jump instruction (including unused + optprobe) + op.kp->flags has KPROBE_FLAG_OPTIMIZED and + op->list is not empty. + +- [unoptimized]: jump removed + op.kp->flags doesn't have KPROBE_FLAG_OPTIMIZED and + op->list is empty. + +Current code mis-expects [unoptimizing] state doesn't have +KPROBE_FLAG_OPTIMIZED, and that can cause incorrect results. + +To fix this, introduce optprobe_queued_unopt() to distinguish [optimizing] +and [unoptimizing] states and fixes the logic in optimize_kprobe() and +unoptimize_kprobe(). + +[ mingo: Cleaned up the changelog and the code a bit. ] + +Signed-off-by: Masami Hiramatsu +Reviewed-by: Steven Rostedt (VMware) +Cc: Alexei Starovoitov +Cc: Peter Zijlstra +Cc: Thomas Gleixner +Cc: bristot@redhat.com +Fixes: f66c0447cca1 ("kprobes: Set unoptimized flag after unoptimizing code") +Link: https://lkml.kernel.org/r/157840814418.7181.13478003006386303481.stgit@devnote2 +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/kprobes.c | 67 +++++++++++++++++++++++++++++++----------------- + 1 file changed, 43 insertions(+), 24 deletions(-) + +diff --git a/kernel/kprobes.c b/kernel/kprobes.c +index 34e28b236d680..2625c241ac00f 100644 +--- a/kernel/kprobes.c ++++ b/kernel/kprobes.c +@@ -612,6 +612,18 @@ void wait_for_kprobe_optimizer(void) + mutex_unlock(&kprobe_mutex); + } + ++static bool optprobe_queued_unopt(struct optimized_kprobe *op) ++{ ++ struct optimized_kprobe *_op; ++ ++ list_for_each_entry(_op, &unoptimizing_list, list) { ++ if (op == _op) ++ return true; ++ } ++ ++ return false; ++} ++ + /* Optimize kprobe if p is ready to be optimized */ + static void optimize_kprobe(struct kprobe *p) + { +@@ -633,17 +645,21 @@ static void optimize_kprobe(struct kprobe *p) + return; + + /* Check if it is already optimized. */ +- if (op->kp.flags & KPROBE_FLAG_OPTIMIZED) ++ if (op->kp.flags & KPROBE_FLAG_OPTIMIZED) { ++ if (optprobe_queued_unopt(op)) { ++ /* This is under unoptimizing. Just dequeue the probe */ ++ list_del_init(&op->list); ++ } + return; ++ } + op->kp.flags |= KPROBE_FLAG_OPTIMIZED; + +- if (!list_empty(&op->list)) +- /* This is under unoptimizing. Just dequeue the probe */ +- list_del_init(&op->list); +- else { +- list_add(&op->list, &optimizing_list); +- kick_kprobe_optimizer(); +- } ++ /* On unoptimizing/optimizing_list, op must have OPTIMIZED flag */ ++ if (WARN_ON_ONCE(!list_empty(&op->list))) ++ return; ++ ++ list_add(&op->list, &optimizing_list); ++ kick_kprobe_optimizer(); + } + + /* Short cut to direct unoptimizing */ +@@ -665,30 +681,33 @@ static void unoptimize_kprobe(struct kprobe *p, bool force) + return; /* This is not an optprobe nor optimized */ + + op = container_of(p, struct optimized_kprobe, kp); +- if (!kprobe_optimized(p)) { +- /* Unoptimized or unoptimizing case */ +- if (force && !list_empty(&op->list)) { +- /* +- * Only if this is unoptimizing kprobe and forced, +- * forcibly unoptimize it. (No need to unoptimize +- * unoptimized kprobe again :) +- */ +- list_del_init(&op->list); +- force_unoptimize_kprobe(op); +- } ++ if (!kprobe_optimized(p)) + return; +- } + + if (!list_empty(&op->list)) { +- /* Dequeue from the optimization queue */ +- list_del_init(&op->list); ++ if (optprobe_queued_unopt(op)) { ++ /* Queued in unoptimizing queue */ ++ if (force) { ++ /* ++ * Forcibly unoptimize the kprobe here, and queue it ++ * in the freeing list for release afterwards. ++ */ ++ force_unoptimize_kprobe(op); ++ list_move(&op->list, &freeing_list); ++ } ++ } else { ++ /* Dequeue from the optimizing queue */ ++ list_del_init(&op->list); ++ op->kp.flags &= ~KPROBE_FLAG_OPTIMIZED; ++ } + return; + } ++ + /* Optimized kprobe case */ +- if (force) ++ if (force) { + /* Forcibly update the code: this is a special case */ + force_unoptimize_kprobe(op); +- else { ++ } else { + list_add(&op->list, &unoptimizing_list); + kick_kprobe_optimizer(); + } +-- +2.20.1 + diff --git a/queue-5.4/net-dsa-bcm_sf2-forcibly-configure-imp-port-for-1gb-.patch b/queue-5.4/net-dsa-bcm_sf2-forcibly-configure-imp-port-for-1gb-.patch new file mode 100644 index 00000000000..82b8c11343c --- /dev/null +++ b/queue-5.4/net-dsa-bcm_sf2-forcibly-configure-imp-port-for-1gb-.patch @@ -0,0 +1,41 @@ +From d1cf1a6e749aec232862bb370685eb629cb26c9b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 24 Feb 2020 15:56:32 -0800 +Subject: net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec + +From: Florian Fainelli + +[ Upstream commit 98c5f7d44fef309e692c24c6d71131ee0f0871fb ] + +We are still experiencing some packet loss with the existing advanced +congestion buffering (ACB) settings with the IMP port configured for +2Gb/sec, so revert to conservative link speeds that do not produce +packet loss until this is resolved. + +Fixes: 8f1880cbe8d0 ("net: dsa: bcm_sf2: Configure IMP port for 2Gb/sec") +Fixes: de34d7084edd ("net: dsa: bcm_sf2: Only 7278 supports 2Gb/sec IMP port") +Signed-off-by: Florian Fainelli +Reviewed-by: Vivien Didelot +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/dsa/bcm_sf2.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c +index fecd5e674e04c..46dc913da852d 100644 +--- a/drivers/net/dsa/bcm_sf2.c ++++ b/drivers/net/dsa/bcm_sf2.c +@@ -69,8 +69,7 @@ static void bcm_sf2_imp_setup(struct dsa_switch *ds, int port) + /* Force link status for IMP port */ + reg = core_readl(priv, offset); + reg |= (MII_SW_OR | LINK_STS); +- if (priv->type == BCM7278_DEVICE_ID) +- reg |= GMII_SPEED_UP_2G; ++ reg &= ~GMII_SPEED_UP_2G; + core_writel(priv, reg, offset); + + /* Enable Broadcast, Multicast, Unicast forwarding to IMP port */ +-- +2.20.1 + diff --git a/queue-5.4/net-stmmac-fix-notifier-registration.patch b/queue-5.4/net-stmmac-fix-notifier-registration.patch new file mode 100644 index 00000000000..191fe6031bf --- /dev/null +++ b/queue-5.4/net-stmmac-fix-notifier-registration.patch @@ -0,0 +1,87 @@ +From e08cdbd4bfd76e10d492d49d40ea83ff1c239482 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Feb 2020 18:49:01 +0200 +Subject: net: stmmac: fix notifier registration + +From: Aaro Koskinen + +[ Upstream commit 474a31e13a4e9749fb3ee55794d69d0f17ee0998 ] + +We cannot register the same netdev notifier multiple times when probing +stmmac devices. Register the notifier only once in module init, and also +make debugfs creation/deletion safe against simultaneous notifier call. + +Fixes: 481a7d154cbb ("stmmac: debugfs entry name is not be changed when udev rename device name.") +Signed-off-by: Aaro Koskinen +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index 582176d869c35..89a6ae2b17e35 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -4208,6 +4208,8 @@ static void stmmac_init_fs(struct net_device *dev) + { + struct stmmac_priv *priv = netdev_priv(dev); + ++ rtnl_lock(); ++ + /* Create per netdev entries */ + priv->dbgfs_dir = debugfs_create_dir(dev->name, stmmac_fs_dir); + +@@ -4219,14 +4221,13 @@ static void stmmac_init_fs(struct net_device *dev) + debugfs_create_file("dma_cap", 0444, priv->dbgfs_dir, dev, + &stmmac_dma_cap_fops); + +- register_netdevice_notifier(&stmmac_notifier); ++ rtnl_unlock(); + } + + static void stmmac_exit_fs(struct net_device *dev) + { + struct stmmac_priv *priv = netdev_priv(dev); + +- unregister_netdevice_notifier(&stmmac_notifier); + debugfs_remove_recursive(priv->dbgfs_dir); + } + #endif /* CONFIG_DEBUG_FS */ +@@ -4728,14 +4729,14 @@ int stmmac_dvr_remove(struct device *dev) + + netdev_info(priv->dev, "%s: removing driver", __func__); + +-#ifdef CONFIG_DEBUG_FS +- stmmac_exit_fs(ndev); +-#endif + stmmac_stop_all_dma(priv); + + stmmac_mac_set(priv, priv->ioaddr, false); + netif_carrier_off(ndev); + unregister_netdev(ndev); ++#ifdef CONFIG_DEBUG_FS ++ stmmac_exit_fs(ndev); ++#endif + phylink_destroy(priv->phylink); + if (priv->plat->stmmac_rst) + reset_control_assert(priv->plat->stmmac_rst); +@@ -4955,6 +4956,7 @@ static int __init stmmac_init(void) + /* Create debugfs main directory if it doesn't exist yet */ + if (!stmmac_fs_dir) + stmmac_fs_dir = debugfs_create_dir(STMMAC_RESOURCE_NAME, NULL); ++ register_netdevice_notifier(&stmmac_notifier); + #endif + + return 0; +@@ -4963,6 +4965,7 @@ static int __init stmmac_init(void) + static void __exit stmmac_exit(void) + { + #ifdef CONFIG_DEBUG_FS ++ unregister_netdevice_notifier(&stmmac_notifier); + debugfs_remove_recursive(stmmac_fs_dir); + #endif + } +-- +2.20.1 + diff --git a/queue-5.4/rdma-core-fix-pkey-and-port-assignment-in-get_new_pp.patch b/queue-5.4/rdma-core-fix-pkey-and-port-assignment-in-get_new_pp.patch new file mode 100644 index 00000000000..d0a8a5b5f3c --- /dev/null +++ b/queue-5.4/rdma-core-fix-pkey-and-port-assignment-in-get_new_pp.patch @@ -0,0 +1,107 @@ +From 214b5432557319385f0fe6f2953ee91de427d6c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 27 Feb 2020 14:57:28 +0200 +Subject: RDMA/core: Fix pkey and port assignment in get_new_pps + +From: Maor Gottlieb + +[ Upstream commit 801b67f3eaafd3f2ec8b65d93142d4ffedba85df ] + +When port is part of the modify mask, then we should take it from the +qp_attr and not from the old pps. Same for PKEY. Otherwise there are +panics in some configurations: + + RIP: 0010:get_pkey_idx_qp_list+0x50/0x80 [ib_core] + Code: c7 18 e8 13 04 30 ef 0f b6 43 06 48 69 c0 b8 00 00 00 48 03 85 a0 04 00 00 48 8b 50 20 48 8d 48 20 48 39 ca 74 1a 0f b7 73 04 <66> 39 72 10 75 08 eb 10 66 39 72 10 74 0a 48 8b 12 48 39 ca 75 f2 + RSP: 0018:ffffafb3480932f0 EFLAGS: 00010203 + RAX: ffff98059ababa10 RBX: ffff980d926e8cc0 RCX: ffff98059ababa30 + RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff98059ababa28 + RBP: ffff98059b940000 R08: 00000000000310c0 R09: ffff97fe47c07480 + R10: 0000000000000036 R11: 0000000000000200 R12: 0000000000000071 + R13: ffff98059b940000 R14: ffff980d87f948a0 R15: 0000000000000000 + FS: 00007f88deb31740(0000) GS:ffff98059f600000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000010 CR3: 0000000853e26001 CR4: 00000000001606e0 + Call Trace: + port_pkey_list_insert+0x3d/0x1b0 [ib_core] + ? kmem_cache_alloc_trace+0x215/0x220 + ib_security_modify_qp+0x226/0x3a0 [ib_core] + _ib_modify_qp+0xcf/0x390 [ib_core] + ipoib_init_qp+0x7f/0x200 [ib_ipoib] + ? rvt_modify_port+0xd0/0xd0 [rdmavt] + ? ib_find_pkey+0x99/0xf0 [ib_core] + ipoib_ib_dev_open_default+0x1a/0x200 [ib_ipoib] + ipoib_ib_dev_open+0x96/0x130 [ib_ipoib] + ipoib_open+0x44/0x130 [ib_ipoib] + __dev_open+0xd1/0x160 + __dev_change_flags+0x1ab/0x1f0 + dev_change_flags+0x23/0x60 + do_setlink+0x328/0xe30 + ? __nla_validate_parse+0x54/0x900 + __rtnl_newlink+0x54e/0x810 + ? __alloc_pages_nodemask+0x17d/0x320 + ? page_fault+0x30/0x50 + ? _cond_resched+0x15/0x30 + ? kmem_cache_alloc_trace+0x1c8/0x220 + rtnl_newlink+0x43/0x60 + rtnetlink_rcv_msg+0x28f/0x350 + ? kmem_cache_alloc+0x1fb/0x200 + ? _cond_resched+0x15/0x30 + ? __kmalloc_node_track_caller+0x24d/0x2d0 + ? rtnl_calcit.isra.31+0x120/0x120 + netlink_rcv_skb+0xcb/0x100 + netlink_unicast+0x1e0/0x340 + netlink_sendmsg+0x317/0x480 + ? __check_object_size+0x48/0x1d0 + sock_sendmsg+0x65/0x80 + ____sys_sendmsg+0x223/0x260 + ? copy_msghdr_from_user+0xdc/0x140 + ___sys_sendmsg+0x7c/0xc0 + ? skb_dequeue+0x57/0x70 + ? __inode_wait_for_writeback+0x75/0xe0 + ? fsnotify_grab_connector+0x45/0x80 + ? __dentry_kill+0x12c/0x180 + __sys_sendmsg+0x58/0xa0 + do_syscall_64+0x5b/0x200 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f88de467f10 + +Link: https://lore.kernel.org/r/20200227125728.100551-1-leon@kernel.org +Cc: +Fixes: 1dd017882e01 ("RDMA/core: Fix protection fault in get_pkey_idx_qp_list") +Signed-off-by: Maor Gottlieb +Signed-off-by: Leon Romanovsky +Tested-by: Mike Marciniszyn +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/security.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c +index 2b4d80393bd0d..9e27ca18d3270 100644 +--- a/drivers/infiniband/core/security.c ++++ b/drivers/infiniband/core/security.c +@@ -340,11 +340,15 @@ static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp, + return NULL; + + if (qp_attr_mask & IB_QP_PORT) +- new_pps->main.port_num = +- (qp_pps) ? qp_pps->main.port_num : qp_attr->port_num; ++ new_pps->main.port_num = qp_attr->port_num; ++ else if (qp_pps) ++ new_pps->main.port_num = qp_pps->main.port_num; ++ + if (qp_attr_mask & IB_QP_PKEY_INDEX) +- new_pps->main.pkey_index = (qp_pps) ? qp_pps->main.pkey_index : +- qp_attr->pkey_index; ++ new_pps->main.pkey_index = qp_attr->pkey_index; ++ else if (qp_pps) ++ new_pps->main.pkey_index = qp_pps->main.pkey_index; ++ + if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT)) + new_pps->main.state = IB_PORT_PKEY_VALID; + +-- +2.20.1 + diff --git a/queue-5.4/rdma-core-fix-use-of-logical-or-in-get_new_pps.patch b/queue-5.4/rdma-core-fix-use-of-logical-or-in-get_new_pps.patch new file mode 100644 index 00000000000..f2050c63486 --- /dev/null +++ b/queue-5.4/rdma-core-fix-use-of-logical-or-in-get_new_pps.patch @@ -0,0 +1,47 @@ +From d4053e3dccf3acb92f988795b52d6b2567d62864 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Feb 2020 13:43:18 -0700 +Subject: RDMA/core: Fix use of logical OR in get_new_pps + +From: Nathan Chancellor + +[ Upstream commit 4ca501d6aaf21de31541deac35128bbea8427aa6 ] + +Clang warns: + +../drivers/infiniband/core/security.c:351:41: warning: converting the +enum constant to a boolean [-Wint-in-bool-context] + if (!(qp_attr_mask & (IB_QP_PKEY_INDEX || IB_QP_PORT)) && qp_pps) { + ^ +1 warning generated. + +A bitwise OR should have been used instead. + +Fixes: 1dd017882e01 ("RDMA/core: Fix protection fault in get_pkey_idx_qp_list") +Link: https://lore.kernel.org/r/20200217204318.13609-1-natechancellor@gmail.com +Link: https://github.com/ClangBuiltLinux/linux/issues/889 +Reported-by: Dan Carpenter +Signed-off-by: Nathan Chancellor +Reviewed-by: Leon Romanovsky +Signed-off-by: Jason Gunthorpe +Signed-off-by: Sasha Levin +--- + drivers/infiniband/core/security.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c +index 9e27ca18d3270..2d5608315dc80 100644 +--- a/drivers/infiniband/core/security.c ++++ b/drivers/infiniband/core/security.c +@@ -352,7 +352,7 @@ static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp, + if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT)) + new_pps->main.state = IB_PORT_PKEY_VALID; + +- if (!(qp_attr_mask & (IB_QP_PKEY_INDEX || IB_QP_PORT)) && qp_pps) { ++ if (!(qp_attr_mask & (IB_QP_PKEY_INDEX | IB_QP_PORT)) && qp_pps) { + new_pps->main.port_num = qp_pps->main.port_num; + new_pps->main.pkey_index = qp_pps->main.pkey_index; + if (qp_pps->main.state != IB_PORT_PKEY_NOT_VALID) +-- +2.20.1 + diff --git a/queue-5.4/series b/queue-5.4/series index 1f596f31557..ed82b966192 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -1,3 +1,12 @@ block-bfq-get-a-ref-to-a-group-when-adding-it-to-a-s.patch block-bfq-get-extra-ref-to-prevent-a-queue-from-bein.patch block-bfq-do-not-insert-oom-queue-into-position-tree.patch +alsa-hda-realtek-fix-a-regression-for-mute-led-on-le.patch +net-dsa-bcm_sf2-forcibly-configure-imp-port-for-1gb-.patch +net-stmmac-fix-notifier-registration.patch +dm-thin-metadata-fix-lockdep-complaint.patch +rdma-core-fix-pkey-and-port-assignment-in-get_new_pp.patch +rdma-core-fix-use-of-logical-or-in-get_new_pps.patch +kbuild-fix-no-such-file-or-directory-warning-when-cl.patch +kprobes-fix-optimize_kprobe-unoptimize_kprobe-cancel.patch +blktrace-fix-dereference-after-null-check.patch