From: Greg Kroah-Hartman Date: Thu, 13 Feb 2025 13:14:11 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v6.6.78~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=56e18dda0cb55753ae5f35ab8a004483c4671e15;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch gpio-xilinx-remove-excess-kernel-doc.patch memory-tegra20-emc-correct-memory-device-mask.patch mptcp-prevent-excessive-coalescing-on-receive.patch ocfs2-check-dir-i_size-in-ocfs2_find_entry.patch tty-xilinx_uartps-split-sysrq-handling.patch --- diff --git a/queue-5.15/drm-sti-hdmi-use-eld_mutex-to-protect-access-to-conn.patch b/queue-5.15/drm-sti-hdmi-use-eld_mutex-to-protect-access-to-conn.patch deleted file mode 100644 index 47366ef3ba..0000000000 --- a/queue-5.15/drm-sti-hdmi-use-eld_mutex-to-protect-access-to-conn.patch +++ /dev/null @@ -1,39 +0,0 @@ -From a03ea9dfca7a75701096f10e1b43e478867f3d07 Mon Sep 17 00:00:00 2001 -From: Sasha Levin -Date: Fri, 6 Dec 2024 11:43:12 +0200 -Subject: drm/sti: hdmi: use eld_mutex to protect access to connector->eld - -From: Dmitry Baryshkov - -[ Upstream commit e99c0b517bcd53cf61f998a3c4291333401cb391 ] - -Reading access to connector->eld can happen at the same time the -drm_edid_to_eld() updates the data. Take the newly added eld_mutex in -order to protect connector->eld from concurrent access. - -Reviewed-by: Maxime Ripard -Acked-by: Raphael Gallais-Pou -Link: https://patchwork.freedesktop.org/patch/msgid/20241206-drm-connector-eld-mutex-v2-9-c9bce1ee8bea@linaro.org -Signed-off-by: Dmitry Baryshkov -Signed-off-by: Sasha Levin ---- - drivers/gpu/drm/sti/sti_hdmi.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/drivers/gpu/drm/sti/sti_hdmi.c b/drivers/gpu/drm/sti/sti_hdmi.c -index 36bea1551ef84..8b2f44d73630b 100644 ---- a/drivers/gpu/drm/sti/sti_hdmi.c -+++ b/drivers/gpu/drm/sti/sti_hdmi.c -@@ -1219,7 +1219,9 @@ static int hdmi_audio_get_eld(struct device *dev, void *data, uint8_t *buf, size - struct drm_connector *connector = hdmi->drm_connector; - - DRM_DEBUG_DRIVER("\n"); -+ mutex_lock(&connector->eld_mutex); - memcpy(buf, connector->eld, min(sizeof(connector->eld), len)); -+ mutex_unlock(&connector->eld_mutex); - - return 0; - } --- -2.39.5 - diff --git a/queue-5.15/ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch b/queue-5.15/ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch new file mode 100644 index 0000000000..88295bd951 --- /dev/null +++ b/queue-5.15/ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch @@ -0,0 +1,40 @@ +From 985b67cd86392310d9e9326de941c22fc9340eec Mon Sep 17 00:00:00 2001 +From: Lizhi Xu +Date: Wed, 5 Jun 2024 09:23:35 +0800 +Subject: ext4: filesystems without casefold feature cannot be mounted with siphash + +From: Lizhi Xu + +commit 985b67cd86392310d9e9326de941c22fc9340eec upstream. + +When mounting the ext4 filesystem, if the default hash version is set to +DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. + +Reported-by: syzbot+340581ba9dceb7e06fb3@syzkaller.appspotmail.com +Signed-off-by: Lizhi Xu +Link: https://patch.msgid.link/20240605012335.44086-1-lizhi.xu@windriver.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Bruno VERNAY +Signed-off-by: Victor Giraud +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/super.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -3192,6 +3192,14 @@ int ext4_feature_set_ok(struct super_blo + } + #endif + ++ if (EXT4_SB(sb)->s_es->s_def_hash_version == DX_HASH_SIPHASH && ++ !ext4_has_feature_casefold(sb)) { ++ ext4_msg(sb, KERN_ERR, ++ "Filesystem without casefold feature cannot be " ++ "mounted with siphash"); ++ return 0; ++ } ++ + if (readonly) + return 1; + diff --git a/queue-5.15/gpio-xilinx-remove-excess-kernel-doc.patch b/queue-5.15/gpio-xilinx-remove-excess-kernel-doc.patch new file mode 100644 index 0000000000..31933b2e37 --- /dev/null +++ b/queue-5.15/gpio-xilinx-remove-excess-kernel-doc.patch @@ -0,0 +1,33 @@ +From 4c7fcbf5077532b80bc233c83d56e09a6bfa16b0 Mon Sep 17 00:00:00 2001 +From: Bartosz Golaszewski +Date: Fri, 15 Dec 2023 10:09:43 +0100 +Subject: gpio: xilinx: remove excess kernel doc + +From: Bartosz Golaszewski + +commit 4c7fcbf5077532b80bc233c83d56e09a6bfa16b0 upstream. + +The irqchip field has been removed from struct xgpio_instance so remove +the doc as well. + +Fixes: b4510f8fd5d0 ("gpio: xilinx: Convert to immutable irq_chip") +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202312150239.IyuTVvrL-lkp@intel.com/ +Signed-off-by: Bartosz Golaszewski +Reviewed-by: Michal Simek +Reviewed-by: Randy Dunlap +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpio-xilinx.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/gpio/gpio-xilinx.c ++++ b/drivers/gpio/gpio-xilinx.c +@@ -52,7 +52,6 @@ + * @dir: GPIO direction shadow register + * @gpio_lock: Lock used for synchronization + * @irq: IRQ used by GPIO device +- * @irqchip: IRQ chip + * @enable: GPIO IRQ enable/disable bitfield + * @rising_edge: GPIO IRQ rising edge enable/disable bitfield + * @falling_edge: GPIO IRQ falling edge enable/disable bitfield diff --git a/queue-5.15/memory-tegra20-emc-correct-memory-device-mask.patch b/queue-5.15/memory-tegra20-emc-correct-memory-device-mask.patch new file mode 100644 index 0000000000..d0371dca51 --- /dev/null +++ b/queue-5.15/memory-tegra20-emc-correct-memory-device-mask.patch @@ -0,0 +1,33 @@ +From 9ff684342ee7d3ea2755c6e9b60bc43085baa3ad Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Wed, 22 Dec 2021 07:32:15 +0300 +Subject: memory: tegra20-emc: Correct memory device mask + +From: Dmitry Osipenko + +commit 9ff684342ee7d3ea2755c6e9b60bc43085baa3ad upstream. + +Memory chip select is swapped when we read mode register, correct it. +We didn't have devices that use a single LPDDR chip and both chips are +always identical, hence this change is just a minor improvement. + +Fixes: 131dd9a436d8 ("memory: tegra20-emc: Support matching timings by LPDDR2 configuration") +Signed-off-by: Dmitry Osipenko +Link: https://lore.kernel.org/r/20211222043215.28237-2-digetx@gmail.com +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/memory/tegra/tegra20-emc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/memory/tegra/tegra20-emc.c ++++ b/drivers/memory/tegra/tegra20-emc.c +@@ -540,7 +540,7 @@ static int emc_read_lpddr_mode_register( + unsigned int register_addr, + unsigned int *register_data) + { +- u32 memory_dev = emem_dev + 1; ++ u32 memory_dev = emem_dev ? 1 : 2; + u32 val, mr_mask = 0xff; + int err; + diff --git a/queue-5.15/mptcp-prevent-excessive-coalescing-on-receive.patch b/queue-5.15/mptcp-prevent-excessive-coalescing-on-receive.patch new file mode 100644 index 0000000000..4f470a04ad --- /dev/null +++ b/queue-5.15/mptcp-prevent-excessive-coalescing-on-receive.patch @@ -0,0 +1,38 @@ +From 56b824eb49d6258aa0bad09a406ceac3f643cdae Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Mon, 30 Dec 2024 19:12:32 +0100 +Subject: mptcp: prevent excessive coalescing on receive + +From: Paolo Abeni + +commit 56b824eb49d6258aa0bad09a406ceac3f643cdae upstream. + +Currently the skb size after coalescing is only limited by the skb +layout (the skb must not carry frag_list). A single coalesced skb +covering several MSS can potentially fill completely the receive +buffer. In such a case, the snd win will zero until the receive buffer +will be empty again, affecting tput badly. + +Fixes: 8268ed4c9d19 ("mptcp: introduce and use mptcp_try_coalesce()") +Cc: stable@vger.kernel.org # please delay 2 weeks after 6.13-final release +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://patch.msgid.link/20241230-net-mptcp-rbuf-fixes-v1-3-8608af434ceb@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -133,6 +133,7 @@ static bool mptcp_try_coalesce(struct so + int delta; + + if (MPTCP_SKB_CB(from)->offset || ++ ((to->len + from->len) > (sk->sk_rcvbuf >> 3)) || + !skb_try_coalesce(to, from, &fragstolen, &delta)) + return false; + diff --git a/queue-5.15/ocfs2-check-dir-i_size-in-ocfs2_find_entry.patch b/queue-5.15/ocfs2-check-dir-i_size-in-ocfs2_find_entry.patch new file mode 100644 index 0000000000..71552655c6 --- /dev/null +++ b/queue-5.15/ocfs2-check-dir-i_size-in-ocfs2_find_entry.patch @@ -0,0 +1,217 @@ +From b0fce54b8c0d8e5f2b4c243c803c5996e73baee8 Mon Sep 17 00:00:00 2001 +From: Su Yue +Date: Mon, 6 Jan 2025 22:06:40 +0800 +Subject: ocfs2: check dir i_size in ocfs2_find_entry + +From: Su Yue + +commit b0fce54b8c0d8e5f2b4c243c803c5996e73baee8 upstream. + +syz reports an out of bounds read: + +================================================================== +BUG: KASAN: slab-out-of-bounds in ocfs2_match fs/ocfs2/dir.c:334 +[inline] +BUG: KASAN: slab-out-of-bounds in ocfs2_search_dirblock+0x283/0x6e0 +fs/ocfs2/dir.c:367 +Read of size 1 at addr ffff88804d8b9982 by task syz-executor.2/14802 + +CPU: 0 UID: 0 PID: 14802 Comm: syz-executor.2 Not tainted 6.13.0-rc4 #2 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 +04/01/2014 +Sched_ext: serialise (enabled+all), task: runnable_at=-10ms +Call Trace: + +__dump_stack lib/dump_stack.c:94 [inline] +dump_stack_lvl+0x229/0x350 lib/dump_stack.c:120 +print_address_description mm/kasan/report.c:378 [inline] +print_report+0x164/0x530 mm/kasan/report.c:489 +kasan_report+0x147/0x180 mm/kasan/report.c:602 +ocfs2_match fs/ocfs2/dir.c:334 [inline] +ocfs2_search_dirblock+0x283/0x6e0 fs/ocfs2/dir.c:367 +ocfs2_find_entry_id fs/ocfs2/dir.c:414 [inline] +ocfs2_find_entry+0x1143/0x2db0 fs/ocfs2/dir.c:1078 +ocfs2_find_files_on_disk+0x18e/0x530 fs/ocfs2/dir.c:1981 +ocfs2_lookup_ino_from_name+0xb6/0x110 fs/ocfs2/dir.c:2003 +ocfs2_lookup+0x30a/0xd40 fs/ocfs2/namei.c:122 +lookup_open fs/namei.c:3627 [inline] +open_last_lookups fs/namei.c:3748 [inline] +path_openat+0x145a/0x3870 fs/namei.c:3984 +do_filp_open+0xe9/0x1c0 fs/namei.c:4014 +do_sys_openat2+0x135/0x1d0 fs/open.c:1402 +do_sys_open fs/open.c:1417 [inline] +__do_sys_openat fs/open.c:1433 [inline] +__se_sys_openat fs/open.c:1428 [inline] +__x64_sys_openat+0x15d/0x1c0 fs/open.c:1428 +do_syscall_x64 arch/x86/entry/common.c:52 [inline] +do_syscall_64+0xf6/0x210 arch/x86/entry/common.c:83 +entry_SYSCALL_64_after_hwframe+0x77/0x7f +RIP: 0033:0x7f01076903ad +Code: c3 e8 a7 2b 00 00 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 +f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 +f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007f01084acfc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 +RAX: ffffffffffffffda RBX: 00007f01077cbf80 RCX: 00007f01076903ad +RDX: 0000000000105042 RSI: 0000000020000080 RDI: ffffffffffffff9c +RBP: 00007f01077cbf80 R08: 0000000000000000 R09: 0000000000000000 +R10: 00000000000001ff R11: 0000000000000246 R12: 0000000000000000 +R13: 00007f01077cbf80 R14: 00007f010764fc90 R15: 00007f010848d000 + +================================================================== + +And a general protection fault in ocfs2_prepare_dir_for_insert: + +================================================================== +loop0: detected capacity change from 0 to 32768 +JBD2: Ignoring recovery information on journal +ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data +mode. +Oops: general protection fault, probably for non-canonical address +0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN NOPTI +KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] +CPU: 0 UID: 0 PID: 5096 Comm: syz-executor792 Not tainted +6.11.0-rc4-syzkaller-00002-gb0da640826ba #0 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS +1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 +RIP: 0010:ocfs2_find_dir_space_id fs/ocfs2/dir.c:3406 [inline] +RIP: 0010:ocfs2_prepare_dir_for_insert+0x3309/0x5c70 fs/ocfs2/dir.c:4280 +Code: 00 00 e8 2a 25 13 fe e9 ba 06 00 00 e8 20 25 13 fe e9 4f 01 00 00 +e8 16 25 13 fe 49 8d 7f 08 49 8d 5f 09 48 89 f8 48 c1 e8 03 <42> 0f b6 +04 20 84 c0 0f 85 bd 23 00 00 48 89 d8 48 c1 e8 03 42 0f +RSP: 0018:ffffc9000af9f020 EFLAGS: 00010202 +RAX: 0000000000000001 RBX: 0000000000000009 RCX: ffff88801e27a440 +RDX: 0000000000000000 RSI: 0000000000000400 RDI: 0000000000000008 +RBP: ffffc9000af9f830 R08: ffffffff8380395b R09: ffffffff838090a7 +R10: 0000000000000002 R11: ffff88801e27a440 R12: dffffc0000000000 +R13: ffff88803c660878 R14: f700000000000088 R15: 0000000000000000 +FS: 000055555a677380(0000) GS:ffff888020800000(0000) +knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000560bce569178 CR3: 000000001de5a000 CR4: 0000000000350ef0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + +ocfs2_mknod+0xcaf/0x2b40 fs/ocfs2/namei.c:292 +vfs_mknod+0x36d/0x3b0 fs/namei.c:4088 +do_mknodat+0x3ec/0x5b0 +__do_sys_mknodat fs/namei.c:4166 [inline] +__se_sys_mknodat fs/namei.c:4163 [inline] +__x64_sys_mknodat+0xa7/0xc0 fs/namei.c:4163 +do_syscall_x64 arch/x86/entry/common.c:52 [inline] +do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 +entry_SYSCALL_64_after_hwframe+0x77/0x7f +RIP: 0033:0x7f2dafda3a99 +Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 17 00 00 90 48 89 +f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 +0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 +64 89 01 48 +RSP: 002b:00007ffe336a6658 EFLAGS: 00000246 ORIG_RAX: +0000000000000103 +RAX: ffffffffffffffda RBX: 0000000000000000 RCX: +00007f2dafda3a99 +RDX: 00000000000021c0 RSI: 0000000020000040 RDI: +00000000ffffff9c +RBP: 00007f2dafe1b5f0 R08: 0000000000004480 R09: +000055555a6784c0 +R10: 0000000000000103 R11: 0000000000000246 R12: +00007ffe336a6680 +R13: 00007ffe336a68a8 R14: 431bde82d7b634db R15: +00007f2dafdec03b + +================================================================== + +The two reports are all caused invalid negative i_size of dir inode. For +ocfs2, dir_inode can't be negative or zero. + +Here add a check in which is called by ocfs2_check_dir_for_entry(). It +fixes the second report as ocfs2_check_dir_for_entry() must be called +before ocfs2_prepare_dir_for_insert(). Also set a up limit for dir with +OCFS2_INLINE_DATA_FL. The i_size can't be great than blocksize. + +Link: https://lkml.kernel.org/r/20250106140640.92260-1-glass.su@suse.com +Reported-by: Jiacheng Xu +Link: https://lore.kernel.org/ocfs2-devel/17a04f01.1ae74.19436d003fc.Coremail.stitch@zju.edu.cn/T/#u +Reported-by: syzbot+5a64828fcc4c2ad9b04f@syzkaller.appspotmail.com +Link: https://lore.kernel.org/all/0000000000005894f3062018caf1@google.com/T/ +Signed-off-by: Su Yue +Reviewed-by: Heming Zhao +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Jun Piao +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/dir.c | 25 +++++++++++++++++++++---- + 1 file changed, 21 insertions(+), 4 deletions(-) + +--- a/fs/ocfs2/dir.c ++++ b/fs/ocfs2/dir.c +@@ -1065,26 +1065,39 @@ int ocfs2_find_entry(const char *name, i + { + struct buffer_head *bh; + struct ocfs2_dir_entry *res_dir = NULL; ++ int ret = 0; + + if (ocfs2_dir_indexed(dir)) + return ocfs2_find_entry_dx(name, namelen, dir, lookup); + ++ if (unlikely(i_size_read(dir) <= 0)) { ++ ret = -EFSCORRUPTED; ++ mlog_errno(ret); ++ goto out; ++ } + /* + * The unindexed dir code only uses part of the lookup + * structure, so there's no reason to push it down further + * than this. + */ +- if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL) ++ if (OCFS2_I(dir)->ip_dyn_features & OCFS2_INLINE_DATA_FL) { ++ if (unlikely(i_size_read(dir) > dir->i_sb->s_blocksize)) { ++ ret = -EFSCORRUPTED; ++ mlog_errno(ret); ++ goto out; ++ } + bh = ocfs2_find_entry_id(name, namelen, dir, &res_dir); +- else ++ } else { + bh = ocfs2_find_entry_el(name, namelen, dir, &res_dir); ++ } + + if (bh == NULL) + return -ENOENT; + + lookup->dl_leaf_bh = bh; + lookup->dl_entry = res_dir; +- return 0; ++out: ++ return ret; + } + + /* +@@ -2011,6 +2024,7 @@ int ocfs2_lookup_ino_from_name(struct in + * + * Return 0 if the name does not exist + * Return -EEXIST if the directory contains the name ++ * Return -EFSCORRUPTED if found corruption + * + * Callers should have i_mutex + a cluster lock on dir + */ +@@ -2024,9 +2038,12 @@ int ocfs2_check_dir_for_entry(struct ino + trace_ocfs2_check_dir_for_entry( + (unsigned long long)OCFS2_I(dir)->ip_blkno, namelen, name); + +- if (ocfs2_find_entry(name, namelen, dir, &lookup) == 0) { ++ ret = ocfs2_find_entry(name, namelen, dir, &lookup); ++ if (ret == 0) { + ret = -EEXIST; + mlog_errno(ret); ++ } else if (ret == -ENOENT) { ++ ret = 0; + } + + ocfs2_free_dir_lookup_result(&lookup); diff --git a/queue-5.15/series b/queue-5.15/series index b773b35bd2..845be1d5e3 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -207,7 +207,6 @@ sched-don-t-try-to-catch-up-excess-steal-time.patch lockdep-fix-upper-limit-for-lockdep_-_bits-configs.patch x86-amd_nb-restrict-init-function-to-amd-based-syste.patch printk-fix-signed-integer-overflow-when-defining-log.patch -drm-sti-hdmi-use-eld_mutex-to-protect-access-to-conn.patch safesetid-check-size-of-policy-writes.patch tun-fix-group-permission-check.patch mmc-core-respect-quirk_max_rate-for-non-uhs-sdio-car.patch @@ -334,3 +333,9 @@ net-phy-c45-tjaxx-add-delay-between-mdio-write-and-read-in-soft_reset.patch ptp-ensure-info-enable-callback-is-always-set.patch mips-ftrace-declare-ftrace_get_parent_ra_addr-as-static.patch net-ncsi-use-dev_set_mac_address-for-get-mc-mac-address-handling.patch +gpio-xilinx-remove-excess-kernel-doc.patch +memory-tegra20-emc-correct-memory-device-mask.patch +ocfs2-check-dir-i_size-in-ocfs2_find_entry.patch +ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch +mptcp-prevent-excessive-coalescing-on-receive.patch +tty-xilinx_uartps-split-sysrq-handling.patch diff --git a/queue-5.15/tty-xilinx_uartps-split-sysrq-handling.patch b/queue-5.15/tty-xilinx_uartps-split-sysrq-handling.patch new file mode 100644 index 0000000000..b44466bcdc --- /dev/null +++ b/queue-5.15/tty-xilinx_uartps-split-sysrq-handling.patch @@ -0,0 +1,77 @@ +From b06f388994500297bb91be60ffaf6825ecfd2afe Mon Sep 17 00:00:00 2001 +From: Sean Anderson +Date: Fri, 10 Jan 2025 16:38:22 -0500 +Subject: tty: xilinx_uartps: split sysrq handling + +From: Sean Anderson + +commit b06f388994500297bb91be60ffaf6825ecfd2afe upstream. + +lockdep detects the following circular locking dependency: + +CPU 0 CPU 1 +========================== ============================ +cdns_uart_isr() printk() + uart_port_lock(port) console_lock() + cdns_uart_console_write() + if (!port->sysrq) + uart_port_lock(port) + uart_handle_break() + port->sysrq = ... + uart_handle_sysrq_char() + printk() + console_lock() + +The fixed commit attempts to avoid this situation by only taking the +port lock in cdns_uart_console_write if port->sysrq unset. However, if +(as shown above) cdns_uart_console_write runs before port->sysrq is set, +then it will try to take the port lock anyway. This may result in a +deadlock. + +Fix this by splitting sysrq handling into two parts. We use the prepare +helper under the port lock and defer handling until we release the lock. + +Fixes: 74ea66d4ca06 ("tty: xuartps: Improve sysrq handling") +Signed-off-by: Sean Anderson +Cc: stable@vger.kernel.org # c980248179d: serial: xilinx_uartps: Use port lock wrappers +Acked-by: John Ogness +Link: https://lore.kernel.org/r/20250110213822.2107462-1-sean.anderson@linux.dev +Signed-off-by: Sean Anderson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/xilinx_uartps.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/drivers/tty/serial/xilinx_uartps.c ++++ b/drivers/tty/serial/xilinx_uartps.c +@@ -268,7 +268,7 @@ static void cdns_uart_handle_rx(void *de + continue; + } + +- if (uart_handle_sysrq_char(port, data)) ++ if (uart_prepare_sysrq_char(port, data)) + continue; + + if (is_rxbs_support) { +@@ -385,7 +385,7 @@ static irqreturn_t cdns_uart_isr(int irq + !(readl(port->membase + CDNS_UART_CR) & CDNS_UART_CR_RX_DIS)) + cdns_uart_handle_rx(dev_id, isrstatus); + +- spin_unlock(&port->lock); ++ uart_unlock_and_check_sysrq(port); + return IRQ_HANDLED; + } + +@@ -1217,10 +1217,8 @@ static void cdns_uart_console_write(stru + unsigned int imr, ctrl; + int locked = 1; + +- if (port->sysrq) +- locked = 0; +- else if (oops_in_progress) +- locked = spin_trylock_irqsave(&port->lock, flags); ++ if (oops_in_progress) ++ locked = uart_port_trylock_irqsave(port, &flags); + else + spin_lock_irqsave(&port->lock, flags); +