From: Sasha Levin Date: Thu, 25 Mar 2021 20:14:43 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v5.11.11~73 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=472cc28c5a9ed7f24be8251f83e4090e60ef47e8;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/atm-eni-dont-release-is-never-initialized.patch b/queue-4.14/atm-eni-dont-release-is-never-initialized.patch new file mode 100644 index 00000000000..bcc8eb747e6 --- /dev/null +++ b/queue-4.14/atm-eni-dont-release-is-never-initialized.patch @@ -0,0 +1,106 @@ +From 57810f12b836be2af2861490728f161f79a588fe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 27 Feb 2021 16:15:06 -0500 +Subject: atm: eni: dont release is never initialized + +From: Tong Zhang + +[ Upstream commit 4deb550bc3b698a1f03d0332cde3df154d1b6c1e ] + +label err_eni_release is reachable when eni_start() fail. +In eni_start() it calls dev->phy->start() in the last step, if start() +fail we don't need to call phy->stop(), if start() is never called, we +neither need to call phy->stop(), otherwise null-ptr-deref will happen. + +In order to fix this issue, don't call phy->stop() in label err_eni_release + +[ 4.875714] ================================================================== +[ 4.876091] BUG: KASAN: null-ptr-deref in suni_stop+0x47/0x100 [suni] +[ 4.876433] Read of size 8 at addr 0000000000000030 by task modprobe/95 +[ 4.876778] +[ 4.876862] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #2 +[ 4.877290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd94 +[ 4.877876] Call Trace: +[ 4.878009] dump_stack+0x7d/0xa3 +[ 4.878191] kasan_report.cold+0x10c/0x10e +[ 4.878410] ? __slab_free+0x2f0/0x340 +[ 4.878612] ? suni_stop+0x47/0x100 [suni] +[ 4.878832] suni_stop+0x47/0x100 [suni] +[ 4.879043] eni_do_release+0x3b/0x70 [eni] +[ 4.879269] eni_init_one.cold+0x1152/0x1747 [eni] +[ 4.879528] ? _raw_spin_lock_irqsave+0x7b/0xd0 +[ 4.879768] ? eni_ioctl+0x270/0x270 [eni] +[ 4.879990] ? __mutex_lock_slowpath+0x10/0x10 +[ 4.880226] ? eni_ioctl+0x270/0x270 [eni] +[ 4.880448] local_pci_probe+0x6f/0xb0 +[ 4.880650] pci_device_probe+0x171/0x240 +[ 4.880864] ? pci_device_remove+0xe0/0xe0 +[ 4.881086] ? kernfs_create_link+0xb6/0x110 +[ 4.881315] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0 +[ 4.881594] really_probe+0x161/0x420 +[ 4.881791] driver_probe_device+0x6d/0xd0 +[ 4.882010] device_driver_attach+0x82/0x90 +[ 4.882233] ? device_driver_attach+0x90/0x90 +[ 4.882465] __driver_attach+0x60/0x100 +[ 4.882671] ? device_driver_attach+0x90/0x90 +[ 4.882903] bus_for_each_dev+0xe1/0x140 +[ 4.883114] ? subsys_dev_iter_exit+0x10/0x10 +[ 4.883346] ? klist_node_init+0x61/0x80 +[ 4.883557] bus_add_driver+0x254/0x2a0 +[ 4.883764] driver_register+0xd3/0x150 +[ 4.883971] ? 0xffffffffc0038000 +[ 4.884149] do_one_initcall+0x84/0x250 +[ 4.884355] ? trace_event_raw_event_initcall_finish+0x150/0x150 +[ 4.884674] ? unpoison_range+0xf/0x30 +[ 4.884875] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 4.885150] ? unpoison_range+0xf/0x30 +[ 4.885352] ? unpoison_range+0xf/0x30 +[ 4.885557] do_init_module+0xf8/0x350 +[ 4.885760] load_module+0x3fe6/0x4340 +[ 4.885960] ? vm_unmap_ram+0x1d0/0x1d0 +[ 4.886166] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 4.886441] ? module_frob_arch_sections+0x20/0x20 +[ 4.886697] ? __do_sys_finit_module+0x108/0x170 +[ 4.886941] __do_sys_finit_module+0x108/0x170 +[ 4.887178] ? __ia32_sys_init_module+0x40/0x40 +[ 4.887419] ? file_open_root+0x200/0x200 +[ 4.887634] ? do_sys_open+0x85/0xe0 +[ 4.887826] ? filp_open+0x50/0x50 +[ 4.888009] ? fpregs_assert_state_consistent+0x4d/0x60 +[ 4.888287] ? exit_to_user_mode_prepare+0x2f/0x130 +[ 4.888547] do_syscall_64+0x33/0x40 +[ 4.888739] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 4.889010] RIP: 0033:0x7ff62fcf1cf7 +[ 4.889202] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f71 +[ 4.890172] RSP: 002b:00007ffe6644ade8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 4.890570] RAX: ffffffffffffffda RBX: 0000000000f2ca70 RCX: 00007ff62fcf1cf7 +[ 4.890944] RDX: 0000000000000000 RSI: 0000000000f2b9e0 RDI: 0000000000000003 +[ 4.891318] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 +[ 4.891691] R10: 00007ff62fd55300 R11: 0000000000000246 R12: 0000000000f2b9e0 +[ 4.892064] R13: 0000000000000000 R14: 0000000000f2bdd0 R15: 0000000000000001 +[ 4.892439] ================================================================== + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/eni.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c +index ba549d945479..ffe519663687 100644 +--- a/drivers/atm/eni.c ++++ b/drivers/atm/eni.c +@@ -2279,7 +2279,8 @@ static int eni_init_one(struct pci_dev *pci_dev, + return rc; + + err_eni_release: +- eni_do_release(dev); ++ dev->phy = NULL; ++ iounmap(ENI_DEV(dev)->ioaddr); + err_unregister: + atm_dev_deregister(dev); + err_free_consistent: +-- +2.30.1 + diff --git a/queue-4.14/atm-idt77252-fix-null-ptr-dereference.patch b/queue-4.14/atm-idt77252-fix-null-ptr-dereference.patch new file mode 100644 index 00000000000..37a33ba7f3e --- /dev/null +++ b/queue-4.14/atm-idt77252-fix-null-ptr-dereference.patch @@ -0,0 +1,48 @@ +From bb65917a717f47201a45b1bb9486bd5a00c5dea4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 22:25:30 -0500 +Subject: atm: idt77252: fix null-ptr-dereference + +From: Tong Zhang + +[ Upstream commit 4416e98594dc04590ebc498fc4e530009535c511 ] + +this one is similar to the phy_data allocation fix in uPD98402, the +driver allocate the idt77105_priv and store to dev_data but later +dereference using dev->dev_data, which will cause null-ptr-dereference. + +fix this issue by changing dev_data to phy_data so that PRIV(dev) can +work correctly. + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/idt77105.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c +index 082aa02abc57..be3ba90b76b9 100644 +--- a/drivers/atm/idt77105.c ++++ b/drivers/atm/idt77105.c +@@ -261,7 +261,7 @@ static int idt77105_start(struct atm_dev *dev) + { + unsigned long flags; + +- if (!(dev->dev_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL))) ++ if (!(dev->phy_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL))) + return -ENOMEM; + PRIV(dev)->dev = dev; + spin_lock_irqsave(&idt77105_priv_lock, flags); +@@ -338,7 +338,7 @@ static int idt77105_stop(struct atm_dev *dev) + else + idt77105_all = walk->next; + dev->phy = NULL; +- dev->dev_data = NULL; ++ dev->phy_data = NULL; + kfree(walk); + break; + } +-- +2.30.1 + diff --git a/queue-4.14/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch b/queue-4.14/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch new file mode 100644 index 00000000000..43bffabcdff --- /dev/null +++ b/queue-4.14/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch @@ -0,0 +1,147 @@ +From af604c87975c10fc2b9ca643abdc6f108435d29b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 27 Feb 2021 22:55:50 -0500 +Subject: atm: lanai: dont run lanai_dev_close if not open + +From: Tong Zhang + +[ Upstream commit a2bd45834e83d6c5a04d397bde13d744a4812dfc ] + +lanai_dev_open() can fail. When it fail, lanai->base is unmapped and the +pci device is disabled. The caller, lanai_init_one(), then tries to run +atm_dev_deregister(). This will subsequently call lanai_dev_close() and +use the already released MMIO area. + +To fix this issue, set the lanai->base to NULL if open fail, +and test the flag in lanai_dev_close(). + +[ 8.324153] lanai: lanai_start() failed, err=19 +[ 8.324819] lanai(itf 0): shutting down interface +[ 8.325211] BUG: unable to handle page fault for address: ffffc90000180024 +[ 8.325781] #PF: supervisor write access in kernel mode +[ 8.326215] #PF: error_code(0x0002) - not-present page +[ 8.326641] PGD 100000067 P4D 100000067 PUD 100139067 PMD 10013a067 PTE 0 +[ 8.327206] Oops: 0002 [#1] SMP KASAN NOPTI +[ 8.327557] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #12 +[ 8.328229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-4 +[ 8.329145] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai] +[ 8.329587] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80 +[ 8.330917] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246 +[ 8.331196] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a +[ 8.331572] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000 +[ 8.331948] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa +[ 8.332326] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4 +[ 8.332701] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88 +[ 8.333077] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000 +[ 8.333502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8.333806] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0 +[ 8.334182] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8.334557] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 8.334932] Call Trace: +[ 8.335066] atm_dev_deregister+0x161/0x1a0 [atm] +[ 8.335324] lanai_init_one.cold+0x20c/0x96d [lanai] +[ 8.335594] ? lanai_send+0x2a0/0x2a0 [lanai] +[ 8.335831] local_pci_probe+0x6f/0xb0 +[ 8.336039] pci_device_probe+0x171/0x240 +[ 8.336255] ? pci_device_remove+0xe0/0xe0 +[ 8.336475] ? kernfs_create_link+0xb6/0x110 +[ 8.336704] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0 +[ 8.336983] really_probe+0x161/0x420 +[ 8.337181] driver_probe_device+0x6d/0xd0 +[ 8.337401] device_driver_attach+0x82/0x90 +[ 8.337626] ? device_driver_attach+0x90/0x90 +[ 8.337859] __driver_attach+0x60/0x100 +[ 8.338065] ? device_driver_attach+0x90/0x90 +[ 8.338298] bus_for_each_dev+0xe1/0x140 +[ 8.338511] ? subsys_dev_iter_exit+0x10/0x10 +[ 8.338745] ? klist_node_init+0x61/0x80 +[ 8.338956] bus_add_driver+0x254/0x2a0 +[ 8.339164] driver_register+0xd3/0x150 +[ 8.339370] ? 0xffffffffc0028000 +[ 8.339550] do_one_initcall+0x84/0x250 +[ 8.339755] ? trace_event_raw_event_initcall_finish+0x150/0x150 +[ 8.340076] ? free_vmap_area_noflush+0x1a5/0x5c0 +[ 8.340329] ? unpoison_range+0xf/0x30 +[ 8.340532] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 8.340806] ? unpoison_range+0xf/0x30 +[ 8.341014] ? unpoison_range+0xf/0x30 +[ 8.341217] do_init_module+0xf8/0x350 +[ 8.341419] load_module+0x3fe6/0x4340 +[ 8.341621] ? vm_unmap_ram+0x1d0/0x1d0 +[ 8.341826] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 8.342101] ? module_frob_arch_sections+0x20/0x20 +[ 8.342358] ? __do_sys_finit_module+0x108/0x170 +[ 8.342604] __do_sys_finit_module+0x108/0x170 +[ 8.342841] ? __ia32_sys_init_module+0x40/0x40 +[ 8.343083] ? file_open_root+0x200/0x200 +[ 8.343298] ? do_sys_open+0x85/0xe0 +[ 8.343491] ? filp_open+0x50/0x50 +[ 8.343675] ? exit_to_user_mode_prepare+0xfc/0x130 +[ 8.343935] do_syscall_64+0x33/0x40 +[ 8.344132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 8.344401] RIP: 0033:0x7f08eb887cf7 +[ 8.344594] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d6 41 +[ 8.345565] RSP: 002b:00007ffcd5c98ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 8.345962] RAX: ffffffffffffffda RBX: 00000000008fea70 RCX: 00007f08eb887cf7 +[ 8.346336] RDX: 0000000000000000 RSI: 00000000008fd9e0 RDI: 0000000000000003 +[ 8.346711] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 +[ 8.347085] R10: 00007f08eb8eb300 R11: 0000000000000246 R12: 00000000008fd9e0 +[ 8.347460] R13: 0000000000000000 R14: 00000000008fddd0 R15: 0000000000000001 +[ 8.347836] Modules linked in: lanai(+) atm +[ 8.348065] CR2: ffffc90000180024 +[ 8.348244] ---[ end trace 7fdc1c668f2003e5 ]--- +[ 8.348490] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai] +[ 8.348772] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80 +[ 8.349745] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246 +[ 8.350022] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a +[ 8.350397] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000 +[ 8.350772] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa +[ 8.351151] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4 +[ 8.351525] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88 +[ 8.351918] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000 +[ 8.352343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8.352647] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0 +[ 8.353022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8.353397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 8.353958] modprobe (95) used greatest stack depth: 26216 bytes left + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/lanai.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c +index 2351dad78ff5..60e5e496bd3b 100644 +--- a/drivers/atm/lanai.c ++++ b/drivers/atm/lanai.c +@@ -2240,6 +2240,7 @@ static int lanai_dev_open(struct atm_dev *atmdev) + conf1_write(lanai); + #endif + iounmap(lanai->base); ++ lanai->base = NULL; + error_pci: + pci_disable_device(lanai->pci); + error: +@@ -2252,6 +2253,8 @@ static int lanai_dev_open(struct atm_dev *atmdev) + static void lanai_dev_close(struct atm_dev *atmdev) + { + struct lanai_dev *lanai = (struct lanai_dev *) atmdev->dev_data; ++ if (lanai->base==NULL) ++ return; + printk(KERN_INFO DEV_LABEL "(itf %d): shutting down interface\n", + lanai->number); + lanai_timed_poll_stop(lanai); +@@ -2561,7 +2564,7 @@ static int lanai_init_one(struct pci_dev *pci, + struct atm_dev *atmdev; + int result; + +- lanai = kmalloc(sizeof(*lanai), GFP_KERNEL); ++ lanai = kzalloc(sizeof(*lanai), GFP_KERNEL); + if (lanai == NULL) { + printk(KERN_ERR DEV_LABEL + ": couldn't allocate dev_data structure!\n"); +-- +2.30.1 + diff --git a/queue-4.14/atm-upd98402-fix-incorrect-allocation.patch b/queue-4.14/atm-upd98402-fix-incorrect-allocation.patch new file mode 100644 index 00000000000..fccddafe52d --- /dev/null +++ b/queue-4.14/atm-upd98402-fix-incorrect-allocation.patch @@ -0,0 +1,39 @@ +From f9344dd58cbe0b763505192d0a509e18f1a317da Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 22:25:29 -0500 +Subject: atm: uPD98402: fix incorrect allocation + +From: Tong Zhang + +[ Upstream commit 3153724fc084d8ef640c611f269ddfb576d1dcb1 ] + +dev->dev_data is set in zatm.c, calling zatm_start() will overwrite this +dev->dev_data in uPD98402_start() and a subsequent PRIV(dev)->lock +(i.e dev->phy_data->lock) will result in a null-ptr-dereference. + +I believe this is a typo and what it actually want to do is to allocate +phy_data instead of dev_data. + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/uPD98402.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/atm/uPD98402.c b/drivers/atm/uPD98402.c +index 4fa13a807873..cf517fd148ea 100644 +--- a/drivers/atm/uPD98402.c ++++ b/drivers/atm/uPD98402.c +@@ -210,7 +210,7 @@ static void uPD98402_int(struct atm_dev *dev) + static int uPD98402_start(struct atm_dev *dev) + { + DPRINTK("phy_start\n"); +- if (!(dev->dev_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL))) ++ if (!(dev->phy_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL))) + return -ENOMEM; + spin_lock_init(&PRIV(dev)->lock); + memset(&PRIV(dev)->sonet_stats,0,sizeof(struct k_sonet_stats)); +-- +2.30.1 + diff --git a/queue-4.14/drm-radeon-fix-agp-dependency.patch b/queue-4.14/drm-radeon-fix-agp-dependency.patch new file mode 100644 index 00000000000..c8d6c89accd --- /dev/null +++ b/queue-4.14/drm-radeon-fix-agp-dependency.patch @@ -0,0 +1,38 @@ +From 55197c7edb909b48f076731b21db6cf3a2dcd1d7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 19:22:13 +0100 +Subject: drm/radeon: fix AGP dependency +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christian König + +[ Upstream commit cba2afb65cb05c3d197d17323fee4e3c9edef9cd ] + +When AGP is compiled as module radeon must be compiled as module as +well. + +Signed-off-by: Christian König +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/Kconfig b/drivers/gpu/drm/Kconfig +index 83cb2a88c204..595d0c96ba89 100644 +--- a/drivers/gpu/drm/Kconfig ++++ b/drivers/gpu/drm/Kconfig +@@ -156,6 +156,7 @@ source "drivers/gpu/drm/arm/Kconfig" + config DRM_RADEON + tristate "ATI Radeon" + depends on DRM && PCI && MMU ++ depends on AGP || !AGP + select FW_LOADER + select DRM_KMS_HELPER + select DRM_TTM +-- +2.30.1 + diff --git a/queue-4.14/gpiolib-acpi-add-missing-irqf_oneshot.patch b/queue-4.14/gpiolib-acpi-add-missing-irqf_oneshot.patch new file mode 100644 index 00000000000..68b41993026 --- /dev/null +++ b/queue-4.14/gpiolib-acpi-add-missing-irqf_oneshot.patch @@ -0,0 +1,41 @@ +From 80b4711f0f82347d913b4dbfe7803b208bc5e448 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Feb 2021 16:35:58 +0800 +Subject: gpiolib: acpi: Add missing IRQF_ONESHOT + +From: Yang Li + +[ Upstream commit 6e5d5791730b55a1f987e1db84b078b91eb49e99 ] + +fixed the following coccicheck: +./drivers/gpio/gpiolib-acpi.c:176:7-27: ERROR: Threaded IRQ with no +primary handler requested without IRQF_ONESHOT + +Make sure threaded IRQs without a primary handler are always request +with IRQF_ONESHOT + +Reported-by: Abaci Robot +Signed-off-by: Yang Li +Acked-by: Andy Shevchenko +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpiolib-acpi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c +index 7c06f4541c5d..ab5de5196080 100644 +--- a/drivers/gpio/gpiolib-acpi.c ++++ b/drivers/gpio/gpiolib-acpi.c +@@ -234,7 +234,7 @@ static void acpi_gpiochip_request_irq(struct acpi_gpio_chip *acpi_gpio, + int ret, value; + + ret = request_threaded_irq(event->irq, NULL, event->handler, +- event->irqflags, "ACPI:Event", event); ++ event->irqflags | IRQF_ONESHOT, "ACPI:Event", event); + if (ret) { + dev_err(acpi_gpio->chip->parent, + "Failed to setup interrupt handler for %d\n", +-- +2.30.1 + diff --git a/queue-4.14/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch b/queue-4.14/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch new file mode 100644 index 00000000000..cad1a9d60f3 --- /dev/null +++ b/queue-4.14/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch @@ -0,0 +1,98 @@ +From cf44fdb3fa1c53f515a80d791a6a8107ed6d4d01 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Mar 2021 21:08:23 -0800 +Subject: ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls + +From: Sergei Trofimovich + +[ Upstream commit 0ceb1ace4a2778e34a5414e5349712ae4dc41d85 ] + +In https://bugs.gentoo.org/769614 Dmitry noticed that +`ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via +glibc's syscall() wrapper. + +ia64 has two ways to call syscalls from userspace: via `break` and via +`eps` instructions. + +The difference is in stack layout: + +1. `eps` creates simple stack frame: no locals, in{0..7} == out{0..8} +2. `break` uses userspace stack frame: may be locals (glibc provides + one), in{0..7} == out{0..8}. + +Both work fine in syscall handling cde itself. + +But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to +re-extract syscall arguments but it does not account for locals. + +The change always skips locals registers. It should not change `eps` +path as kernel's handler already enforces locals=0 and fixes `break`. + +Tested on v5.10 on rx3600 machine (ia64 9040 CPU). + +Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org +Link: https://bugs.gentoo.org/769614 +Signed-off-by: Sergei Trofimovich +Reported-by: Dmitry V. Levin +Cc: Oleg Nesterov +Cc: John Paul Adrian Glaubitz +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/ptrace.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c +index 427cd565fd61..799400287cda 100644 +--- a/arch/ia64/kernel/ptrace.c ++++ b/arch/ia64/kernel/ptrace.c +@@ -2147,27 +2147,39 @@ static void syscall_get_set_args_cb(struct unw_frame_info *info, void *data) + { + struct syscall_get_set_args *args = data; + struct pt_regs *pt = args->regs; +- unsigned long *krbs, cfm, ndirty; ++ unsigned long *krbs, cfm, ndirty, nlocals, nouts; + int i, count; + + if (unw_unwind_to_user(info) < 0) + return; + ++ /* ++ * We get here via a few paths: ++ * - break instruction: cfm is shared with caller. ++ * syscall args are in out= regs, locals are non-empty. ++ * - epsinstruction: cfm is set by br.call ++ * locals don't exist. ++ * ++ * For both cases argguments are reachable in cfm.sof - cfm.sol. ++ * CFM: [ ... | sor: 17..14 | sol : 13..7 | sof : 6..0 ] ++ */ + cfm = pt->cr_ifs; ++ nlocals = (cfm >> 7) & 0x7f; /* aka sol */ ++ nouts = (cfm & 0x7f) - nlocals; /* aka sof - sol */ + krbs = (unsigned long *)info->task + IA64_RBS_OFFSET/8; + ndirty = ia64_rse_num_regs(krbs, krbs + (pt->loadrs >> 19)); + + count = 0; + if (in_syscall(pt)) +- count = min_t(int, args->n, cfm & 0x7f); ++ count = min_t(int, args->n, nouts); + ++ /* Iterate over outs. */ + for (i = 0; i < count; i++) { ++ int j = ndirty + nlocals + i + args->i; + if (args->rw) +- *ia64_rse_skip_regs(krbs, ndirty + i + args->i) = +- args->args[i]; ++ *ia64_rse_skip_regs(krbs, j) = args->args[i]; + else +- args->args[i] = *ia64_rse_skip_regs(krbs, +- ndirty + i + args->i); ++ args->args[i] = *ia64_rse_skip_regs(krbs, j); + } + + if (!args->rw) { +-- +2.30.1 + diff --git a/queue-4.14/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch b/queue-4.14/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch new file mode 100644 index 00000000000..061f8b33671 --- /dev/null +++ b/queue-4.14/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch @@ -0,0 +1,72 @@ +From 5549d11dce0bfccb03885c6068b77d89c678f454 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Mar 2021 21:08:27 -0800 +Subject: ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign + +From: Sergei Trofimovich + +[ Upstream commit 61bf318eac2c13356f7bd1c6a05421ef504ccc8a ] + +In https://bugs.gentoo.org/769614 Dmitry noticed that +`ptrace(PTRACE_GET_SYSCALL_INFO)` does not return error sign properly. + +The bug is in mismatch between get/set errors: + +static inline long syscall_get_error(struct task_struct *task, + struct pt_regs *regs) +{ + return regs->r10 == -1 ? regs->r8:0; +} + +static inline long syscall_get_return_value(struct task_struct *task, + struct pt_regs *regs) +{ + return regs->r8; +} + +static inline void syscall_set_return_value(struct task_struct *task, + struct pt_regs *regs, + int error, long val) +{ + if (error) { + /* error < 0, but ia64 uses > 0 return value */ + regs->r8 = -error; + regs->r10 = -1; + } else { + regs->r8 = val; + regs->r10 = 0; + } +} + +Tested on v5.10 on rx3600 machine (ia64 9040 CPU). + +Link: https://lkml.kernel.org/r/20210221002554.333076-2-slyfox@gentoo.org +Link: https://bugs.gentoo.org/769614 +Signed-off-by: Sergei Trofimovich +Reported-by: Dmitry V. Levin +Reviewed-by: Dmitry V. Levin +Cc: John Paul Adrian Glaubitz +Cc: Oleg Nesterov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/include/asm/syscall.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h +index 1d0b875fec44..ec909eec0b4c 100644 +--- a/arch/ia64/include/asm/syscall.h ++++ b/arch/ia64/include/asm/syscall.h +@@ -35,7 +35,7 @@ static inline void syscall_rollback(struct task_struct *task, + static inline long syscall_get_error(struct task_struct *task, + struct pt_regs *regs) + { +- return regs->r10 == -1 ? regs->r8:0; ++ return regs->r10 == -1 ? -regs->r8:0; + } + + static inline long syscall_get_return_value(struct task_struct *task, +-- +2.30.1 + diff --git a/queue-4.14/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch b/queue-4.14/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch new file mode 100644 index 00000000000..e60137c45ba --- /dev/null +++ b/queue-4.14/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch @@ -0,0 +1,42 @@ +From 93624c1357db2b12ce30dfdd536b78cd83862731 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 3 Jan 2021 16:08:42 +0800 +Subject: ixgbe: Fix memleak in ixgbe_configure_clsu32 + +From: Dinghao Liu + +[ Upstream commit 7a766381634da19fc837619b0a34590498d9d29a ] + +When ixgbe_fdir_write_perfect_filter_82599() fails, +input allocated by kzalloc() has not been freed, +which leads to memleak. + +Signed-off-by: Dinghao Liu +Reviewed-by: Paul Menzel +Tested-by: Tony Brelinski +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index 9c3fa0b55551..e9205c893531 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -9266,8 +9266,10 @@ static int ixgbe_configure_clsu32(struct ixgbe_adapter *adapter, + ixgbe_atr_compute_perfect_hash_82599(&input->filter, mask); + err = ixgbe_fdir_write_perfect_filter_82599(hw, &input->filter, + input->sw_idx, queue); +- if (!err) +- ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx); ++ if (err) ++ goto err_out_w_lock; ++ ++ ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx); + spin_unlock(&adapter->fdir_perfect_lock); + + if ((uhtid != 0x800) && (adapter->jump_tables[uhtid])) +-- +2.30.1 + diff --git a/queue-4.14/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch b/queue-4.14/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch new file mode 100644 index 00000000000..fc2bf6b9710 --- /dev/null +++ b/queue-4.14/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch @@ -0,0 +1,53 @@ +From 4aeb983e2d2c9ea648c9f4fe7a47be8b943fce40 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Feb 2021 22:15:16 +0100 +Subject: net: fec: ptp: avoid register access when ipg clock is disabled + +From: Heiko Thiery + +[ Upstream commit 6a4d7234ae9a3bb31181f348ade9bbdb55aeb5c5 ] + +When accessing the timecounter register on an i.MX8MQ the kernel hangs. +This is only the case when the interface is down. This can be reproduced +by reading with 'phc_ctrl eth0 get'. + +Like described in the change in 91c0d987a9788dcc5fe26baafd73bf9242b68900 +the igp clock is disabled when the interface is down and leads to a +system hang. + +So we check if the ptp clock status before reading the timecounter +register. + +Signed-off-by: Heiko Thiery +Acked-by: Richard Cochran +Link: https://lore.kernel.org/r/20210225211514.9115-1-heiko.thiery@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/fec_ptp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/net/ethernet/freescale/fec_ptp.c b/drivers/net/ethernet/freescale/fec_ptp.c +index 6ebad3fac81d..e63df6455fba 100644 +--- a/drivers/net/ethernet/freescale/fec_ptp.c ++++ b/drivers/net/ethernet/freescale/fec_ptp.c +@@ -396,9 +396,16 @@ static int fec_ptp_gettime(struct ptp_clock_info *ptp, struct timespec64 *ts) + u64 ns; + unsigned long flags; + ++ mutex_lock(&adapter->ptp_clk_mutex); ++ /* Check the ptp clock */ ++ if (!adapter->ptp_clk_on) { ++ mutex_unlock(&adapter->ptp_clk_mutex); ++ return -EINVAL; ++ } + spin_lock_irqsave(&adapter->tmreg_lock, flags); + ns = timecounter_read(&adapter->tc); + spin_unlock_irqrestore(&adapter->tmreg_lock, flags); ++ mutex_unlock(&adapter->ptp_clk_mutex); + + *ts = ns_to_timespec64(ns); + +-- +2.30.1 + diff --git a/queue-4.14/net-hisilicon-hns-fix-error-return-code-of-hns_nic_c.patch b/queue-4.14/net-hisilicon-hns-fix-error-return-code-of-hns_nic_c.patch new file mode 100644 index 00000000000..c5e5034bd8d --- /dev/null +++ b/queue-4.14/net-hisilicon-hns-fix-error-return-code-of-hns_nic_c.patch @@ -0,0 +1,41 @@ +From 618b485b815b55e46d3716284eb57018d734d3ba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 00:40:12 -0800 +Subject: net: hisilicon: hns: fix error return code of + hns_nic_clear_all_rx_fetch() + +From: Jia-Ju Bai + +[ Upstream commit 143c253f42bad20357e7e4432087aca747c43384 ] + +When hns_assemble_skb() returns NULL to skb, no error return code of +hns_nic_clear_all_rx_fetch() is assigned. +To fix this bug, ret is assigned with -ENOMEM in this case. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/hisilicon/hns/hns_enet.c b/drivers/net/ethernet/hisilicon/hns/hns_enet.c +index af832929ae28..5ddc09e9b5a6 100644 +--- a/drivers/net/ethernet/hisilicon/hns/hns_enet.c ++++ b/drivers/net/ethernet/hisilicon/hns/hns_enet.c +@@ -1812,8 +1812,10 @@ static int hns_nic_clear_all_rx_fetch(struct net_device *ndev) + for (j = 0; j < fetch_num; j++) { + /* alloc one skb and init */ + skb = hns_assemble_skb(ndev); +- if (!skb) ++ if (!skb) { ++ ret = -ENOMEM; + goto out; ++ } + rd = &tx_ring_data(priv, skb->queue_mapping); + hns_nic_net_xmit_hw(ndev, skb, rd); + +-- +2.30.1 + diff --git a/queue-4.14/net-tehuti-fix-error-return-code-in-bdx_probe.patch b/queue-4.14/net-tehuti-fix-error-return-code-in-bdx_probe.patch new file mode 100644 index 00000000000..93927029f6f --- /dev/null +++ b/queue-4.14/net-tehuti-fix-error-return-code-in-bdx_probe.patch @@ -0,0 +1,36 @@ +From 53bb3aa594321e180c62cd0c8dbb83654238e4bf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Mar 2021 18:06:48 -0800 +Subject: net: tehuti: fix error return code in bdx_probe() + +From: Jia-Ju Bai + +[ Upstream commit 38c26ff3048af50eee3fcd591921357ee5bfd9ee ] + +When bdx_read_mac() fails, no error return code of bdx_probe() +is assigned. +To fix this bug, err is assigned with -EFAULT as error return code. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/tehuti/tehuti.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/tehuti/tehuti.c b/drivers/net/ethernet/tehuti/tehuti.c +index 163d8d16bc24..75620c3365b3 100644 +--- a/drivers/net/ethernet/tehuti/tehuti.c ++++ b/drivers/net/ethernet/tehuti/tehuti.c +@@ -2058,6 +2058,7 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + /*bdx_hw_reset(priv); */ + if (bdx_read_mac(priv)) { + pr_err("load MAC address failed\n"); ++ err = -EFAULT; + goto err_out_iomap; + } + SET_NETDEV_DEV(ndev, &pdev->dev); +-- +2.30.1 + diff --git a/queue-4.14/net-wan-fix-error-return-code-of-uhdlc_init.patch b/queue-4.14/net-wan-fix-error-return-code-of-uhdlc_init.patch new file mode 100644 index 00000000000..0ae650541e6 --- /dev/null +++ b/queue-4.14/net-wan-fix-error-return-code-of-uhdlc_init.patch @@ -0,0 +1,48 @@ +From c23ed7672186bf9fe1eb910bd91fd57db0f344e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 01:12:56 -0800 +Subject: net: wan: fix error return code of uhdlc_init() + +From: Jia-Ju Bai + +[ Upstream commit 62765d39553cfd1ad340124fe1e280450e8c89e2 ] + +When priv->rx_skbuff or priv->tx_skbuff is NULL, no error return code of +uhdlc_init() is assigned. +To fix this bug, ret is assigned with -ENOMEM in these cases. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/wan/fsl_ucc_hdlc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c +index 6a26cef62193..978f642daced 100644 +--- a/drivers/net/wan/fsl_ucc_hdlc.c ++++ b/drivers/net/wan/fsl_ucc_hdlc.c +@@ -200,13 +200,17 @@ static int uhdlc_init(struct ucc_hdlc_private *priv) + + priv->rx_skbuff = kzalloc(priv->rx_ring_size * sizeof(*priv->rx_skbuff), + GFP_KERNEL); +- if (!priv->rx_skbuff) ++ if (!priv->rx_skbuff) { ++ ret = -ENOMEM; + goto free_ucc_pram; ++ } + + priv->tx_skbuff = kzalloc(priv->tx_ring_size * sizeof(*priv->tx_skbuff), + GFP_KERNEL); +- if (!priv->tx_skbuff) ++ if (!priv->tx_skbuff) { ++ ret = -ENOMEM; + goto free_rx_skbuff; ++ } + + priv->skb_curtx = 0; + priv->skb_dirtytx = 0; +-- +2.30.1 + diff --git a/queue-4.14/nfs-correct-size-calculation-for-create-reply-length.patch b/queue-4.14/nfs-correct-size-calculation-for-create-reply-length.patch new file mode 100644 index 00000000000..f2ce2b023fc --- /dev/null +++ b/queue-4.14/nfs-correct-size-calculation-for-create-reply-length.patch @@ -0,0 +1,49 @@ +From 89d965ad13d413c94dd6ee80e2e7f463edab73e4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 12:12:13 -0600 +Subject: NFS: Correct size calculation for create reply length + +From: Frank Sorenson + +[ Upstream commit ad3dbe35c833c2d4d0bbf3f04c785d32f931e7c9 ] + +CREATE requests return a post_op_fh3, rather than nfs_fh3. The +post_op_fh3 includes an extra word to indicate 'handle_follows'. + +Without that additional word, create fails when full 64-byte +filehandles are in use. + +Add NFS3_post_op_fh_sz, and correct the size calculation for +NFS3_createres_sz. + +Signed-off-by: Frank Sorenson +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs3xdr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c +index f1cb0b7eb05f..be666aee28cc 100644 +--- a/fs/nfs/nfs3xdr.c ++++ b/fs/nfs/nfs3xdr.c +@@ -34,6 +34,7 @@ + */ + #define NFS3_fhandle_sz (1+16) + #define NFS3_fh_sz (NFS3_fhandle_sz) /* shorthand */ ++#define NFS3_post_op_fh_sz (1+NFS3_fh_sz) + #define NFS3_sattr_sz (15) + #define NFS3_filename_sz (1+(NFS3_MAXNAMLEN>>2)) + #define NFS3_path_sz (1+(NFS3_MAXPATHLEN>>2)) +@@ -71,7 +72,7 @@ + #define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz+1) + #define NFS3_readres_sz (1+NFS3_post_op_attr_sz+3) + #define NFS3_writeres_sz (1+NFS3_wcc_data_sz+4) +-#define NFS3_createres_sz (1+NFS3_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) ++#define NFS3_createres_sz (1+NFS3_post_op_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_renameres_sz (1+(2 * NFS3_wcc_data_sz)) + #define NFS3_linkres_sz (1+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_readdirres_sz (1+NFS3_post_op_attr_sz+2) +-- +2.30.1 + diff --git a/queue-4.14/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch b/queue-4.14/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch new file mode 100644 index 00000000000..c0a6945b43d --- /dev/null +++ b/queue-4.14/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch @@ -0,0 +1,36 @@ +From 30e2b26e85a69a0281fd34b051a814d39cdd7a55 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Feb 2021 15:19:01 +0100 +Subject: nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default + +From: Timo Rothenpieler + +[ Upstream commit a0590473c5e6c4ef17c3132ad08fbad170f72d55 ] + +This follows what was done in 8c2fabc6542d9d0f8b16bd1045c2eda59bdcde13. +With the default being m, it's impossible to build the module into the +kernel. + +Signed-off-by: Timo Rothenpieler +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index ac3e06367cb6..e55f86713948 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -127,7 +127,7 @@ config PNFS_BLOCK + config PNFS_FLEXFILE_LAYOUT + tristate + depends on NFS_V4_1 && NFS_V3 +- default m ++ default NFS_V4 + + config NFS_V4_1_IMPLEMENTATION_ID_DOMAIN + string "NFSv4.1 Implementation ID Domain" +-- +2.30.1 + diff --git a/queue-4.14/nfs-we-don-t-support-removing-system.nfs4_acl.patch b/queue-4.14/nfs-we-don-t-support-removing-system.nfs4_acl.patch new file mode 100644 index 00000000000..9c4a75ac9b3 --- /dev/null +++ b/queue-4.14/nfs-we-don-t-support-removing-system.nfs4_acl.patch @@ -0,0 +1,40 @@ +From 60a024f4e3671ffe4f110dc355ea2eaab9d970b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 17:36:38 -0500 +Subject: nfs: we don't support removing system.nfs4_acl + +From: J. Bruce Fields + +[ Upstream commit 4f8be1f53bf615102d103c0509ffa9596f65b718 ] + +The NFSv4 protocol doesn't have any notion of reomoving an attribute, so +removexattr(path,"system.nfs4_acl") doesn't make sense. + +There's no documented return value. Arguably it could be EOPNOTSUPP but +I'm a little worried an application might take that to mean that we +don't support ACLs or xattrs. How about EINVAL? + +Signed-off-by: J. Bruce Fields +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 7f50767af46b..e053fd7f83d8 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5255,6 +5255,9 @@ static int __nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t bufl + unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE); + int ret, i; + ++ /* You can't remove system.nfs4_acl: */ ++ if (buflen == 0) ++ return -EINVAL; + if (!nfs4_server_supports_acls(server)) + return -EOPNOTSUPP; + if (npages > ARRAY_SIZE(pages)) +-- +2.30.1 + diff --git a/queue-4.14/powerpc-4xx-fix-build-errors-from-mfdcr.patch b/queue-4.14/powerpc-4xx-fix-build-errors-from-mfdcr.patch new file mode 100644 index 00000000000..e079a0ee3ec --- /dev/null +++ b/queue-4.14/powerpc-4xx-fix-build-errors-from-mfdcr.patch @@ -0,0 +1,72 @@ +From 4a026b0dc911c40d9b7dc2055a687bc5dcbbeb04 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 23:30:58 +1100 +Subject: powerpc/4xx: Fix build errors from mfdcr() + +From: Michael Ellerman + +[ Upstream commit eead089311f4d935ab5d1d8fbb0c42ad44699ada ] + +lkp reported a build error in fsp2.o: + + CC arch/powerpc/platforms/44x/fsp2.o + {standard input}:577: Error: unsupported relocation against base + +Which comes from: + + pr_err("GESR0: 0x%08x\n", mfdcr(base + PLB4OPB_GESR0)); + +Where our mfdcr() macro is stringifying "base + PLB4OPB_GESR0", and +passing that to the assembler, which obviously doesn't work. + +The mfdcr() macro already checks that the argument is constant using +__builtin_constant_p(), and if not calls the out-of-line version of +mfdcr(). But in this case GCC is smart enough to notice that "base + +PLB4OPB_GESR0" will be constant, even though it's not something we can +immediately stringify into a register number. + +Segher pointed out that passing the register number to the inline asm +as a constant would be better, and in fact it fixes the build error, +presumably because it gives GCC a chance to resolve the value. + +While we're at it, change mtdcr() similarly. + +Reported-by: kernel test robot +Suggested-by: Segher Boessenkool +Signed-off-by: Michael Ellerman +Acked-by: Feng Tang +Link: https://lore.kernel.org/r/20210218123058.748882-1-mpe@ellerman.id.au +Signed-off-by: Sasha Levin +--- + arch/powerpc/include/asm/dcr-native.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/include/asm/dcr-native.h b/arch/powerpc/include/asm/dcr-native.h +index 4a2beef74277..86fdda16bb73 100644 +--- a/arch/powerpc/include/asm/dcr-native.h ++++ b/arch/powerpc/include/asm/dcr-native.h +@@ -65,8 +65,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val) + #define mfdcr(rn) \ + ({unsigned int rval; \ + if (__builtin_constant_p(rn) && rn < 1024) \ +- asm volatile("mfdcr %0," __stringify(rn) \ +- : "=r" (rval)); \ ++ asm volatile("mfdcr %0, %1" : "=r" (rval) \ ++ : "n" (rn)); \ + else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \ + rval = mfdcrx(rn); \ + else \ +@@ -76,8 +76,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val) + #define mtdcr(rn, v) \ + do { \ + if (__builtin_constant_p(rn) && rn < 1024) \ +- asm volatile("mtdcr " __stringify(rn) ",%0" \ +- : : "r" (v)); \ ++ asm volatile("mtdcr %0, %1" \ ++ : : "n" (rn), "r" (v)); \ + else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \ + mtdcrx(rn, v); \ + else \ +-- +2.30.1 + diff --git a/queue-4.14/revert-r8152-adjust-the-settings-about-mac-clock-spe.patch b/queue-4.14/revert-r8152-adjust-the-settings-about-mac-clock-spe.patch new file mode 100644 index 00000000000..206e48ff425 --- /dev/null +++ b/queue-4.14/revert-r8152-adjust-the-settings-about-mac-clock-spe.patch @@ -0,0 +1,111 @@ +From 61cc4dabe24e98c9983a484860383c954590e194 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 3 Mar 2021 16:39:47 +0800 +Subject: Revert "r8152: adjust the settings about MAC clock speed down for + RTL8153" + +From: Hayes Wang + +[ Upstream commit 4b5dc1a94d4f92b5845e98bd9ae344b26d933aad ] + +This reverts commit 134f98bcf1b898fb9d6f2b91bc85dd2e5478b4b8. + +The r8153_mac_clk_spd() is used for RTL8153A only, because the register +table of RTL8153B is different from RTL8153A. However, this function would +be called when RTL8153B calls r8153_first_init() and r8153_enter_oob(). +That causes RTL8153B becomes unstable when suspending and resuming. The +worst case may let the device stop working. + +Besides, revert this commit to disable MAC clock speed down for RTL8153A. +It would avoid the known issue when enabling U1. The data of the first +control transfer may be wrong when exiting U1. + +Signed-off-by: Hayes Wang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/usb/r8152.c | 35 ++++++----------------------------- + 1 file changed, 6 insertions(+), 29 deletions(-) + +diff --git a/drivers/net/usb/r8152.c b/drivers/net/usb/r8152.c +index bd91d4bad49b..f9c531a6ce06 100644 +--- a/drivers/net/usb/r8152.c ++++ b/drivers/net/usb/r8152.c +@@ -2588,29 +2588,6 @@ static void __rtl_set_wol(struct r8152 *tp, u32 wolopts) + device_set_wakeup_enable(&tp->udev->dev, false); + } + +-static void r8153_mac_clk_spd(struct r8152 *tp, bool enable) +-{ +- /* MAC clock speed down */ +- if (enable) { +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL, +- ALDPS_SPDWN_RATIO); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL2, +- EEE_SPDWN_RATIO); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL3, +- PKT_AVAIL_SPDWN_EN | SUSPEND_SPDWN_EN | +- U1U2_SPDWN_EN | L1_SPDWN_EN); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL4, +- PWRSAVE_SPDWN_EN | RXDV_SPDWN_EN | TX10MIDLE_EN | +- TP100_SPDWN_EN | TP500_SPDWN_EN | EEE_SPDWN_EN | +- TP1000_SPDWN_EN); +- } else { +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL, 0); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL2, 0); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL3, 0); +- ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL4, 0); +- } +-} +- + static void r8153_u1u2en(struct r8152 *tp, bool enable) + { + u8 u1u2[8]; +@@ -2841,11 +2818,9 @@ static void rtl8153_runtime_enable(struct r8152 *tp, bool enable) + if (enable) { + r8153_u1u2en(tp, false); + r8153_u2p3en(tp, false); +- r8153_mac_clk_spd(tp, true); + rtl_runtime_suspend_enable(tp, true); + } else { + rtl_runtime_suspend_enable(tp, false); +- r8153_mac_clk_spd(tp, false); + + switch (tp->version) { + case RTL_VER_03: +@@ -3407,7 +3382,6 @@ static void r8153_first_init(struct r8152 *tp) + u32 ocp_data; + int i; + +- r8153_mac_clk_spd(tp, false); + rxdy_gated_en(tp, true); + r8153_teredo_off(tp); + +@@ -3469,8 +3443,6 @@ static void r8153_enter_oob(struct r8152 *tp) + u32 ocp_data; + int i; + +- r8153_mac_clk_spd(tp, true); +- + ocp_data = ocp_read_byte(tp, MCU_TYPE_PLA, PLA_OOB_CTRL); + ocp_data &= ~NOW_IS_OOB; + ocp_write_byte(tp, MCU_TYPE_PLA, PLA_OOB_CTRL, ocp_data); +@@ -4134,9 +4106,14 @@ static void r8153_init(struct r8152 *tp) + + ocp_write_word(tp, MCU_TYPE_USB, USB_CONNECT_TIMER, 0x0001); + ++ /* MAC clock speed down */ ++ ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL, 0); ++ ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL2, 0); ++ ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL3, 0); ++ ocp_write_word(tp, MCU_TYPE_PLA, PLA_MAC_PWR_CTRL4, 0); ++ + r8153_power_cut_en(tp, false); + r8153_u1u2en(tp, true); +- r8153_mac_clk_spd(tp, false); + usb_enable_lpm(tp->udev); + + /* rx aggregation */ +-- +2.30.1 + diff --git a/queue-4.14/series b/queue-4.14/series new file mode 100644 index 00000000000..9406d682f2e --- /dev/null +++ b/queue-4.14/series @@ -0,0 +1,21 @@ +net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch +powerpc-4xx-fix-build-errors-from-mfdcr.patch +atm-eni-dont-release-is-never-initialized.patch +atm-lanai-dont-run-lanai_dev_close-if-not-open.patch +revert-r8152-adjust-the-settings-about-mac-clock-spe.patch +ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch +net-tehuti-fix-error-return-code-in-bdx_probe.patch +sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch +gpiolib-acpi-add-missing-irqf_oneshot.patch +nfs-fix-pnfs_flexfile_layout-kconfig-default.patch +nfs-correct-size-calculation-for-create-reply-length.patch +net-hisilicon-hns-fix-error-return-code-of-hns_nic_c.patch +net-wan-fix-error-return-code-of-uhdlc_init.patch +atm-upd98402-fix-incorrect-allocation.patch +atm-idt77252-fix-null-ptr-dereference.patch +sparc64-fix-opcode-filtering-in-handling-of-no-fault.patch +u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch +drm-radeon-fix-agp-dependency.patch +nfs-we-don-t-support-removing-system.nfs4_acl.patch +ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch +ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch diff --git a/queue-4.14/sparc64-fix-opcode-filtering-in-handling-of-no-fault.patch b/queue-4.14/sparc64-fix-opcode-filtering-in-handling-of-no-fault.patch new file mode 100644 index 00000000000..5dddc1ac996 --- /dev/null +++ b/queue-4.14/sparc64-fix-opcode-filtering-in-handling-of-no-fault.patch @@ -0,0 +1,74 @@ +From 1061ecbe39f2cfc73f9aef173c01f96220ffa496 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Feb 2021 22:48:16 -0700 +Subject: sparc64: Fix opcode filtering in handling of no fault loads + +From: Rob Gardner + +[ Upstream commit e5e8b80d352ec999d2bba3ea584f541c83f4ca3f ] + +is_no_fault_exception() has two bugs which were discovered via random +opcode testing with stress-ng. Both are caused by improper filtering +of opcodes. + +The first bug can be triggered by a floating point store with a no-fault +ASI, for instance "sta %f0, [%g0] #ASI_PNF", opcode C1A01040. + +The code first tests op3[5] (0x1000000), which denotes a floating +point instruction, and then tests op3[2] (0x200000), which denotes a +store instruction. But these bits are not mutually exclusive, and the +above mentioned opcode has both bits set. The intent is to filter out +stores, so the test for stores must be done first in order to have +any effect. + +The second bug can be triggered by a floating point load with one of +the invalid ASI values 0x8e or 0x8f, which pass this check in +is_no_fault_exception(): + if ((asi & 0xf2) == ASI_PNF) + +An example instruction is "ldqa [%l7 + %o7] #ASI 0x8f, %f38", +opcode CF95D1EF. Asi values greater than 0x8b (ASI_SNFL) are fatal +in handle_ldf_stq(), and is_no_fault_exception() must not allow these +invalid asi values to make it that far. + +In both of these cases, handle_ldf_stq() reacts by calling +sun4v_data_access_exception() or spitfire_data_access_exception(), +which call is_no_fault_exception() and results in an infinite +recursion. + +Signed-off-by: Rob Gardner +Tested-by: Anatoly Pugachev +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + arch/sparc/kernel/traps_64.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c +index 0a56dc257cb9..6ab9b87dbca8 100644 +--- a/arch/sparc/kernel/traps_64.c ++++ b/arch/sparc/kernel/traps_64.c +@@ -290,14 +290,13 @@ bool is_no_fault_exception(struct pt_regs *regs) + asi = (regs->tstate >> 24); /* saved %asi */ + else + asi = (insn >> 5); /* immediate asi */ +- if ((asi & 0xf2) == ASI_PNF) { +- if (insn & 0x1000000) { /* op3[5:4]=3 */ +- handle_ldf_stq(insn, regs); +- return true; +- } else if (insn & 0x200000) { /* op3[2], stores */ ++ if ((asi & 0xf6) == ASI_PNF) { ++ if (insn & 0x200000) /* op3[2], stores */ + return false; +- } +- handle_ld_nf(insn, regs); ++ if (insn & 0x1000000) /* op3[5:4]=3 (fp) */ ++ handle_ldf_stq(insn, regs); ++ else ++ handle_ld_nf(insn, regs); + return true; + } + } +-- +2.30.1 + diff --git a/queue-4.14/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch b/queue-4.14/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch new file mode 100644 index 00000000000..4fc1beabaa8 --- /dev/null +++ b/queue-4.14/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch @@ -0,0 +1,35 @@ +From 65c267fd31b31a6822926b2bd26c8509b1a5fc53 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Mar 2021 20:02:12 +0300 +Subject: sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count + +From: Denis Efremov + +[ Upstream commit 155b23e6e53475ca3b8c2a946299b4d4dd6a5a1e ] + +RXMAC_BC_FRM_CNT_COUNT added to mp->rx_bcasts twice in a row +in niu_xmac_interrupt(). Remove the second addition. + +Signed-off-by: Denis Efremov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/sun/niu.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c +index 411a69bea1d4..32ab44d00790 100644 +--- a/drivers/net/ethernet/sun/niu.c ++++ b/drivers/net/ethernet/sun/niu.c +@@ -3948,8 +3948,6 @@ static void niu_xmac_interrupt(struct niu *np) + mp->rx_mcasts += RXMAC_MC_FRM_CNT_COUNT; + if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP) + mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT; +- if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP) +- mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT; + if (val & XRXMAC_STATUS_RXHIST1_CNT_EXP) + mp->rx_hist_cnt1 += RXMAC_HIST_CNT1_COUNT; + if (val & XRXMAC_STATUS_RXHIST2_CNT_EXP) +-- +2.30.1 + diff --git a/queue-4.14/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch b/queue-4.14/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch new file mode 100644 index 00000000000..4e1e5092fe9 --- /dev/null +++ b/queue-4.14/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch @@ -0,0 +1,64 @@ +From da51f4fbe88b1c20fa3dff040c64454d57561b24 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 09:38:12 +0100 +Subject: u64_stats,lockdep: Fix u64_stats_init() vs lockdep + +From: Peter Zijlstra + +[ Upstream commit d5b0e0677bfd5efd17c5bbb00156931f0d41cb85 ] + +Jakub reported that: + + static struct net_device *rtl8139_init_board(struct pci_dev *pdev) + { + ... + u64_stats_init(&tp->rx_stats.syncp); + u64_stats_init(&tp->tx_stats.syncp); + ... + } + +results in lockdep getting confused between the RX and TX stats lock. +This is because u64_stats_init() is an inline calling seqcount_init(), +which is a macro using a static variable to generate a lockdep class. + +By wrapping that in an inline, we negate the effect of the macro and +fold the static key variable, hence the confusion. + +Fix by also making u64_stats_init() a macro for the case where it +matters, leaving the other case an inline for argument validation +etc. + +Reported-by: Jakub Kicinski +Debugged-by: "Ahmed S. Darwish" +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: "Erhard F." +Link: https://lkml.kernel.org/r/YEXicy6+9MksdLZh@hirez.programming.kicks-ass.net +Signed-off-by: Sasha Levin +--- + include/linux/u64_stats_sync.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/include/linux/u64_stats_sync.h b/include/linux/u64_stats_sync.h +index 07ee0f84a46c..eb0a2532eb6f 100644 +--- a/include/linux/u64_stats_sync.h ++++ b/include/linux/u64_stats_sync.h +@@ -69,12 +69,13 @@ struct u64_stats_sync { + }; + + ++#if BITS_PER_LONG == 32 && defined(CONFIG_SMP) ++#define u64_stats_init(syncp) seqcount_init(&(syncp)->seq) ++#else + static inline void u64_stats_init(struct u64_stats_sync *syncp) + { +-#if BITS_PER_LONG == 32 && defined(CONFIG_SMP) +- seqcount_init(&syncp->seq); +-#endif + } ++#endif + + static inline void u64_stats_update_begin(struct u64_stats_sync *syncp) + { +-- +2.30.1 +