From: Sasha Levin Date: Thu, 25 Mar 2021 20:14:43 +0000 (-0400) Subject: Fixes for 4.9 X-Git-Tag: v5.11.11~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5aff95957c5a2c3410ae842786f824ac8087485f;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.9 Signed-off-by: Sasha Levin --- diff --git a/queue-4.9/atm-eni-dont-release-is-never-initialized.patch b/queue-4.9/atm-eni-dont-release-is-never-initialized.patch new file mode 100644 index 00000000000..49c8b24ea35 --- /dev/null +++ b/queue-4.9/atm-eni-dont-release-is-never-initialized.patch @@ -0,0 +1,106 @@ +From 262fdd073465034ac3d24feebc3163074000b422 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 27 Feb 2021 16:15:06 -0500 +Subject: atm: eni: dont release is never initialized + +From: Tong Zhang + +[ Upstream commit 4deb550bc3b698a1f03d0332cde3df154d1b6c1e ] + +label err_eni_release is reachable when eni_start() fail. +In eni_start() it calls dev->phy->start() in the last step, if start() +fail we don't need to call phy->stop(), if start() is never called, we +neither need to call phy->stop(), otherwise null-ptr-deref will happen. + +In order to fix this issue, don't call phy->stop() in label err_eni_release + +[ 4.875714] ================================================================== +[ 4.876091] BUG: KASAN: null-ptr-deref in suni_stop+0x47/0x100 [suni] +[ 4.876433] Read of size 8 at addr 0000000000000030 by task modprobe/95 +[ 4.876778] +[ 4.876862] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #2 +[ 4.877290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd94 +[ 4.877876] Call Trace: +[ 4.878009] dump_stack+0x7d/0xa3 +[ 4.878191] kasan_report.cold+0x10c/0x10e +[ 4.878410] ? __slab_free+0x2f0/0x340 +[ 4.878612] ? suni_stop+0x47/0x100 [suni] +[ 4.878832] suni_stop+0x47/0x100 [suni] +[ 4.879043] eni_do_release+0x3b/0x70 [eni] +[ 4.879269] eni_init_one.cold+0x1152/0x1747 [eni] +[ 4.879528] ? _raw_spin_lock_irqsave+0x7b/0xd0 +[ 4.879768] ? eni_ioctl+0x270/0x270 [eni] +[ 4.879990] ? __mutex_lock_slowpath+0x10/0x10 +[ 4.880226] ? eni_ioctl+0x270/0x270 [eni] +[ 4.880448] local_pci_probe+0x6f/0xb0 +[ 4.880650] pci_device_probe+0x171/0x240 +[ 4.880864] ? pci_device_remove+0xe0/0xe0 +[ 4.881086] ? kernfs_create_link+0xb6/0x110 +[ 4.881315] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0 +[ 4.881594] really_probe+0x161/0x420 +[ 4.881791] driver_probe_device+0x6d/0xd0 +[ 4.882010] device_driver_attach+0x82/0x90 +[ 4.882233] ? device_driver_attach+0x90/0x90 +[ 4.882465] __driver_attach+0x60/0x100 +[ 4.882671] ? device_driver_attach+0x90/0x90 +[ 4.882903] bus_for_each_dev+0xe1/0x140 +[ 4.883114] ? subsys_dev_iter_exit+0x10/0x10 +[ 4.883346] ? klist_node_init+0x61/0x80 +[ 4.883557] bus_add_driver+0x254/0x2a0 +[ 4.883764] driver_register+0xd3/0x150 +[ 4.883971] ? 0xffffffffc0038000 +[ 4.884149] do_one_initcall+0x84/0x250 +[ 4.884355] ? trace_event_raw_event_initcall_finish+0x150/0x150 +[ 4.884674] ? unpoison_range+0xf/0x30 +[ 4.884875] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 4.885150] ? unpoison_range+0xf/0x30 +[ 4.885352] ? unpoison_range+0xf/0x30 +[ 4.885557] do_init_module+0xf8/0x350 +[ 4.885760] load_module+0x3fe6/0x4340 +[ 4.885960] ? vm_unmap_ram+0x1d0/0x1d0 +[ 4.886166] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 4.886441] ? module_frob_arch_sections+0x20/0x20 +[ 4.886697] ? __do_sys_finit_module+0x108/0x170 +[ 4.886941] __do_sys_finit_module+0x108/0x170 +[ 4.887178] ? __ia32_sys_init_module+0x40/0x40 +[ 4.887419] ? file_open_root+0x200/0x200 +[ 4.887634] ? do_sys_open+0x85/0xe0 +[ 4.887826] ? filp_open+0x50/0x50 +[ 4.888009] ? fpregs_assert_state_consistent+0x4d/0x60 +[ 4.888287] ? exit_to_user_mode_prepare+0x2f/0x130 +[ 4.888547] do_syscall_64+0x33/0x40 +[ 4.888739] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 4.889010] RIP: 0033:0x7ff62fcf1cf7 +[ 4.889202] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f71 +[ 4.890172] RSP: 002b:00007ffe6644ade8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 4.890570] RAX: ffffffffffffffda RBX: 0000000000f2ca70 RCX: 00007ff62fcf1cf7 +[ 4.890944] RDX: 0000000000000000 RSI: 0000000000f2b9e0 RDI: 0000000000000003 +[ 4.891318] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 +[ 4.891691] R10: 00007ff62fd55300 R11: 0000000000000246 R12: 0000000000f2b9e0 +[ 4.892064] R13: 0000000000000000 R14: 0000000000f2bdd0 R15: 0000000000000001 +[ 4.892439] ================================================================== + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/eni.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c +index 9d16743c4917..2b7786cd548f 100644 +--- a/drivers/atm/eni.c ++++ b/drivers/atm/eni.c +@@ -2279,7 +2279,8 @@ static int eni_init_one(struct pci_dev *pci_dev, + return rc; + + err_eni_release: +- eni_do_release(dev); ++ dev->phy = NULL; ++ iounmap(ENI_DEV(dev)->ioaddr); + err_unregister: + atm_dev_deregister(dev); + err_free_consistent: +-- +2.30.1 + diff --git a/queue-4.9/atm-idt77252-fix-null-ptr-dereference.patch b/queue-4.9/atm-idt77252-fix-null-ptr-dereference.patch new file mode 100644 index 00000000000..60d78b2dd3e --- /dev/null +++ b/queue-4.9/atm-idt77252-fix-null-ptr-dereference.patch @@ -0,0 +1,48 @@ +From e3935945814d669862d6c72739acf4a3f0d49007 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 22:25:30 -0500 +Subject: atm: idt77252: fix null-ptr-dereference + +From: Tong Zhang + +[ Upstream commit 4416e98594dc04590ebc498fc4e530009535c511 ] + +this one is similar to the phy_data allocation fix in uPD98402, the +driver allocate the idt77105_priv and store to dev_data but later +dereference using dev->dev_data, which will cause null-ptr-dereference. + +fix this issue by changing dev_data to phy_data so that PRIV(dev) can +work correctly. + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/idt77105.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/atm/idt77105.c b/drivers/atm/idt77105.c +index feb023d7eebd..40644670cff2 100644 +--- a/drivers/atm/idt77105.c ++++ b/drivers/atm/idt77105.c +@@ -261,7 +261,7 @@ static int idt77105_start(struct atm_dev *dev) + { + unsigned long flags; + +- if (!(dev->dev_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL))) ++ if (!(dev->phy_data = kmalloc(sizeof(struct idt77105_priv),GFP_KERNEL))) + return -ENOMEM; + PRIV(dev)->dev = dev; + spin_lock_irqsave(&idt77105_priv_lock, flags); +@@ -338,7 +338,7 @@ static int idt77105_stop(struct atm_dev *dev) + else + idt77105_all = walk->next; + dev->phy = NULL; +- dev->dev_data = NULL; ++ dev->phy_data = NULL; + kfree(walk); + break; + } +-- +2.30.1 + diff --git a/queue-4.9/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch b/queue-4.9/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch new file mode 100644 index 00000000000..acc53f622d3 --- /dev/null +++ b/queue-4.9/atm-lanai-dont-run-lanai_dev_close-if-not-open.patch @@ -0,0 +1,147 @@ +From cbd42864b925df57e7a5c3c093ae3252e593206a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 27 Feb 2021 22:55:50 -0500 +Subject: atm: lanai: dont run lanai_dev_close if not open + +From: Tong Zhang + +[ Upstream commit a2bd45834e83d6c5a04d397bde13d744a4812dfc ] + +lanai_dev_open() can fail. When it fail, lanai->base is unmapped and the +pci device is disabled. The caller, lanai_init_one(), then tries to run +atm_dev_deregister(). This will subsequently call lanai_dev_close() and +use the already released MMIO area. + +To fix this issue, set the lanai->base to NULL if open fail, +and test the flag in lanai_dev_close(). + +[ 8.324153] lanai: lanai_start() failed, err=19 +[ 8.324819] lanai(itf 0): shutting down interface +[ 8.325211] BUG: unable to handle page fault for address: ffffc90000180024 +[ 8.325781] #PF: supervisor write access in kernel mode +[ 8.326215] #PF: error_code(0x0002) - not-present page +[ 8.326641] PGD 100000067 P4D 100000067 PUD 100139067 PMD 10013a067 PTE 0 +[ 8.327206] Oops: 0002 [#1] SMP KASAN NOPTI +[ 8.327557] CPU: 0 PID: 95 Comm: modprobe Not tainted 5.11.0-rc7-00090-gdcc0b49040c7 #12 +[ 8.328229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-4 +[ 8.329145] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai] +[ 8.329587] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80 +[ 8.330917] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246 +[ 8.331196] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a +[ 8.331572] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000 +[ 8.331948] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa +[ 8.332326] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4 +[ 8.332701] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88 +[ 8.333077] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000 +[ 8.333502] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8.333806] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0 +[ 8.334182] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8.334557] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 8.334932] Call Trace: +[ 8.335066] atm_dev_deregister+0x161/0x1a0 [atm] +[ 8.335324] lanai_init_one.cold+0x20c/0x96d [lanai] +[ 8.335594] ? lanai_send+0x2a0/0x2a0 [lanai] +[ 8.335831] local_pci_probe+0x6f/0xb0 +[ 8.336039] pci_device_probe+0x171/0x240 +[ 8.336255] ? pci_device_remove+0xe0/0xe0 +[ 8.336475] ? kernfs_create_link+0xb6/0x110 +[ 8.336704] ? sysfs_do_create_link_sd.isra.0+0x76/0xe0 +[ 8.336983] really_probe+0x161/0x420 +[ 8.337181] driver_probe_device+0x6d/0xd0 +[ 8.337401] device_driver_attach+0x82/0x90 +[ 8.337626] ? device_driver_attach+0x90/0x90 +[ 8.337859] __driver_attach+0x60/0x100 +[ 8.338065] ? device_driver_attach+0x90/0x90 +[ 8.338298] bus_for_each_dev+0xe1/0x140 +[ 8.338511] ? subsys_dev_iter_exit+0x10/0x10 +[ 8.338745] ? klist_node_init+0x61/0x80 +[ 8.338956] bus_add_driver+0x254/0x2a0 +[ 8.339164] driver_register+0xd3/0x150 +[ 8.339370] ? 0xffffffffc0028000 +[ 8.339550] do_one_initcall+0x84/0x250 +[ 8.339755] ? trace_event_raw_event_initcall_finish+0x150/0x150 +[ 8.340076] ? free_vmap_area_noflush+0x1a5/0x5c0 +[ 8.340329] ? unpoison_range+0xf/0x30 +[ 8.340532] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 8.340806] ? unpoison_range+0xf/0x30 +[ 8.341014] ? unpoison_range+0xf/0x30 +[ 8.341217] do_init_module+0xf8/0x350 +[ 8.341419] load_module+0x3fe6/0x4340 +[ 8.341621] ? vm_unmap_ram+0x1d0/0x1d0 +[ 8.341826] ? ____kasan_kmalloc.constprop.0+0x84/0xa0 +[ 8.342101] ? module_frob_arch_sections+0x20/0x20 +[ 8.342358] ? __do_sys_finit_module+0x108/0x170 +[ 8.342604] __do_sys_finit_module+0x108/0x170 +[ 8.342841] ? __ia32_sys_init_module+0x40/0x40 +[ 8.343083] ? file_open_root+0x200/0x200 +[ 8.343298] ? do_sys_open+0x85/0xe0 +[ 8.343491] ? filp_open+0x50/0x50 +[ 8.343675] ? exit_to_user_mode_prepare+0xfc/0x130 +[ 8.343935] do_syscall_64+0x33/0x40 +[ 8.344132] entry_SYSCALL_64_after_hwframe+0x44/0xa9 +[ 8.344401] RIP: 0033:0x7f08eb887cf7 +[ 8.344594] Code: 48 89 57 30 48 8b 04 24 48 89 47 38 e9 1d a0 02 00 48 89 f8 48 89 f7 48 89 d6 41 +[ 8.345565] RSP: 002b:00007ffcd5c98ad8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 +[ 8.345962] RAX: ffffffffffffffda RBX: 00000000008fea70 RCX: 00007f08eb887cf7 +[ 8.346336] RDX: 0000000000000000 RSI: 00000000008fd9e0 RDI: 0000000000000003 +[ 8.346711] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000001 +[ 8.347085] R10: 00007f08eb8eb300 R11: 0000000000000246 R12: 00000000008fd9e0 +[ 8.347460] R13: 0000000000000000 R14: 00000000008fddd0 R15: 0000000000000001 +[ 8.347836] Modules linked in: lanai(+) atm +[ 8.348065] CR2: ffffc90000180024 +[ 8.348244] ---[ end trace 7fdc1c668f2003e5 ]--- +[ 8.348490] RIP: 0010:lanai_dev_close+0x4f/0xe5 [lanai] +[ 8.348772] Code: 00 48 c7 c7 00 d3 01 c0 e8 49 4e 0a c2 48 8d bd 08 02 00 00 e8 6e 52 14 c1 48 80 +[ 8.349745] RSP: 0018:ffff8881029ef680 EFLAGS: 00010246 +[ 8.350022] RAX: 000000000003fffe RBX: ffff888102fb4800 RCX: ffffffffc001a98a +[ 8.350397] RDX: ffffc90000180000 RSI: 0000000000000246 RDI: ffff888102fb4000 +[ 8.350772] RBP: ffff888102fb4000 R08: ffffffff8115da8a R09: ffffed102053deaa +[ 8.351151] R10: 0000000000000003 R11: ffffed102053dea9 R12: ffff888102fb48a4 +[ 8.351525] R13: ffffffffc00123c0 R14: ffff888102fb4b90 R15: ffff888102fb4b88 +[ 8.351918] FS: 00007f08eb9056a0(0000) GS:ffff88815b400000(0000) knlGS:0000000000000000 +[ 8.352343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 8.352647] CR2: ffffc90000180024 CR3: 0000000102a28000 CR4: 00000000000006f0 +[ 8.353022] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 8.353397] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 8.353958] modprobe (95) used greatest stack depth: 26216 bytes left + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/lanai.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c +index 445505d9ea07..dec6c68156ee 100644 +--- a/drivers/atm/lanai.c ++++ b/drivers/atm/lanai.c +@@ -2240,6 +2240,7 @@ static int lanai_dev_open(struct atm_dev *atmdev) + conf1_write(lanai); + #endif + iounmap(lanai->base); ++ lanai->base = NULL; + error_pci: + pci_disable_device(lanai->pci); + error: +@@ -2252,6 +2253,8 @@ static int lanai_dev_open(struct atm_dev *atmdev) + static void lanai_dev_close(struct atm_dev *atmdev) + { + struct lanai_dev *lanai = (struct lanai_dev *) atmdev->dev_data; ++ if (lanai->base==NULL) ++ return; + printk(KERN_INFO DEV_LABEL "(itf %d): shutting down interface\n", + lanai->number); + lanai_timed_poll_stop(lanai); +@@ -2561,7 +2564,7 @@ static int lanai_init_one(struct pci_dev *pci, + struct atm_dev *atmdev; + int result; + +- lanai = kmalloc(sizeof(*lanai), GFP_KERNEL); ++ lanai = kzalloc(sizeof(*lanai), GFP_KERNEL); + if (lanai == NULL) { + printk(KERN_ERR DEV_LABEL + ": couldn't allocate dev_data structure!\n"); +-- +2.30.1 + diff --git a/queue-4.9/atm-upd98402-fix-incorrect-allocation.patch b/queue-4.9/atm-upd98402-fix-incorrect-allocation.patch new file mode 100644 index 00000000000..4700c47b22c --- /dev/null +++ b/queue-4.9/atm-upd98402-fix-incorrect-allocation.patch @@ -0,0 +1,39 @@ +From 9829ecaacb9a8158f3e0de3d080edb55521ffd7a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 22:25:29 -0500 +Subject: atm: uPD98402: fix incorrect allocation + +From: Tong Zhang + +[ Upstream commit 3153724fc084d8ef640c611f269ddfb576d1dcb1 ] + +dev->dev_data is set in zatm.c, calling zatm_start() will overwrite this +dev->dev_data in uPD98402_start() and a subsequent PRIV(dev)->lock +(i.e dev->phy_data->lock) will result in a null-ptr-dereference. + +I believe this is a typo and what it actually want to do is to allocate +phy_data instead of dev_data. + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/atm/uPD98402.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/atm/uPD98402.c b/drivers/atm/uPD98402.c +index 5120a96b3a89..b2f4e8df1591 100644 +--- a/drivers/atm/uPD98402.c ++++ b/drivers/atm/uPD98402.c +@@ -210,7 +210,7 @@ static void uPD98402_int(struct atm_dev *dev) + static int uPD98402_start(struct atm_dev *dev) + { + DPRINTK("phy_start\n"); +- if (!(dev->dev_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL))) ++ if (!(dev->phy_data = kmalloc(sizeof(struct uPD98402_priv),GFP_KERNEL))) + return -ENOMEM; + spin_lock_init(&PRIV(dev)->lock); + memset(&PRIV(dev)->sonet_stats,0,sizeof(struct k_sonet_stats)); +-- +2.30.1 + diff --git a/queue-4.9/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch b/queue-4.9/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch new file mode 100644 index 00000000000..b076b30e034 --- /dev/null +++ b/queue-4.9/ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch @@ -0,0 +1,98 @@ +From a9ce1130662bad66b1649e8aaf955b0f8adcb17d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Mar 2021 21:08:23 -0800 +Subject: ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls + +From: Sergei Trofimovich + +[ Upstream commit 0ceb1ace4a2778e34a5414e5349712ae4dc41d85 ] + +In https://bugs.gentoo.org/769614 Dmitry noticed that +`ptrace(PTRACE_GET_SYSCALL_INFO)` does not work for syscalls called via +glibc's syscall() wrapper. + +ia64 has two ways to call syscalls from userspace: via `break` and via +`eps` instructions. + +The difference is in stack layout: + +1. `eps` creates simple stack frame: no locals, in{0..7} == out{0..8} +2. `break` uses userspace stack frame: may be locals (glibc provides + one), in{0..7} == out{0..8}. + +Both work fine in syscall handling cde itself. + +But `ptrace(PTRACE_GET_SYSCALL_INFO)` uses unwind mechanism to +re-extract syscall arguments but it does not account for locals. + +The change always skips locals registers. It should not change `eps` +path as kernel's handler already enforces locals=0 and fixes `break`. + +Tested on v5.10 on rx3600 machine (ia64 9040 CPU). + +Link: https://lkml.kernel.org/r/20210221002554.333076-1-slyfox@gentoo.org +Link: https://bugs.gentoo.org/769614 +Signed-off-by: Sergei Trofimovich +Reported-by: Dmitry V. Levin +Cc: Oleg Nesterov +Cc: John Paul Adrian Glaubitz +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/ptrace.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/arch/ia64/kernel/ptrace.c b/arch/ia64/kernel/ptrace.c +index 36f660da8124..56007258c014 100644 +--- a/arch/ia64/kernel/ptrace.c ++++ b/arch/ia64/kernel/ptrace.c +@@ -2144,27 +2144,39 @@ static void syscall_get_set_args_cb(struct unw_frame_info *info, void *data) + { + struct syscall_get_set_args *args = data; + struct pt_regs *pt = args->regs; +- unsigned long *krbs, cfm, ndirty; ++ unsigned long *krbs, cfm, ndirty, nlocals, nouts; + int i, count; + + if (unw_unwind_to_user(info) < 0) + return; + ++ /* ++ * We get here via a few paths: ++ * - break instruction: cfm is shared with caller. ++ * syscall args are in out= regs, locals are non-empty. ++ * - epsinstruction: cfm is set by br.call ++ * locals don't exist. ++ * ++ * For both cases argguments are reachable in cfm.sof - cfm.sol. ++ * CFM: [ ... | sor: 17..14 | sol : 13..7 | sof : 6..0 ] ++ */ + cfm = pt->cr_ifs; ++ nlocals = (cfm >> 7) & 0x7f; /* aka sol */ ++ nouts = (cfm & 0x7f) - nlocals; /* aka sof - sol */ + krbs = (unsigned long *)info->task + IA64_RBS_OFFSET/8; + ndirty = ia64_rse_num_regs(krbs, krbs + (pt->loadrs >> 19)); + + count = 0; + if (in_syscall(pt)) +- count = min_t(int, args->n, cfm & 0x7f); ++ count = min_t(int, args->n, nouts); + ++ /* Iterate over outs. */ + for (i = 0; i < count; i++) { ++ int j = ndirty + nlocals + i + args->i; + if (args->rw) +- *ia64_rse_skip_regs(krbs, ndirty + i + args->i) = +- args->args[i]; ++ *ia64_rse_skip_regs(krbs, j) = args->args[i]; + else +- args->args[i] = *ia64_rse_skip_regs(krbs, +- ndirty + i + args->i); ++ args->args[i] = *ia64_rse_skip_regs(krbs, j); + } + + if (!args->rw) { +-- +2.30.1 + diff --git a/queue-4.9/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch b/queue-4.9/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch new file mode 100644 index 00000000000..6db75a30ba5 --- /dev/null +++ b/queue-4.9/ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch @@ -0,0 +1,72 @@ +From 7d3788b8010200db783e0f99ba3b172741509c58 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 Mar 2021 21:08:27 -0800 +Subject: ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign + +From: Sergei Trofimovich + +[ Upstream commit 61bf318eac2c13356f7bd1c6a05421ef504ccc8a ] + +In https://bugs.gentoo.org/769614 Dmitry noticed that +`ptrace(PTRACE_GET_SYSCALL_INFO)` does not return error sign properly. + +The bug is in mismatch between get/set errors: + +static inline long syscall_get_error(struct task_struct *task, + struct pt_regs *regs) +{ + return regs->r10 == -1 ? regs->r8:0; +} + +static inline long syscall_get_return_value(struct task_struct *task, + struct pt_regs *regs) +{ + return regs->r8; +} + +static inline void syscall_set_return_value(struct task_struct *task, + struct pt_regs *regs, + int error, long val) +{ + if (error) { + /* error < 0, but ia64 uses > 0 return value */ + regs->r8 = -error; + regs->r10 = -1; + } else { + regs->r8 = val; + regs->r10 = 0; + } +} + +Tested on v5.10 on rx3600 machine (ia64 9040 CPU). + +Link: https://lkml.kernel.org/r/20210221002554.333076-2-slyfox@gentoo.org +Link: https://bugs.gentoo.org/769614 +Signed-off-by: Sergei Trofimovich +Reported-by: Dmitry V. Levin +Reviewed-by: Dmitry V. Levin +Cc: John Paul Adrian Glaubitz +Cc: Oleg Nesterov +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/include/asm/syscall.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/include/asm/syscall.h b/arch/ia64/include/asm/syscall.h +index 1d0b875fec44..ec909eec0b4c 100644 +--- a/arch/ia64/include/asm/syscall.h ++++ b/arch/ia64/include/asm/syscall.h +@@ -35,7 +35,7 @@ static inline void syscall_rollback(struct task_struct *task, + static inline long syscall_get_error(struct task_struct *task, + struct pt_regs *regs) + { +- return regs->r10 == -1 ? regs->r8:0; ++ return regs->r10 == -1 ? -regs->r8:0; + } + + static inline long syscall_get_return_value(struct task_struct *task, +-- +2.30.1 + diff --git a/queue-4.9/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch b/queue-4.9/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch new file mode 100644 index 00000000000..063e3a305fd --- /dev/null +++ b/queue-4.9/ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch @@ -0,0 +1,42 @@ +From e5a8f4bf1a538079bc406f17fec6dbc3db981efd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 3 Jan 2021 16:08:42 +0800 +Subject: ixgbe: Fix memleak in ixgbe_configure_clsu32 + +From: Dinghao Liu + +[ Upstream commit 7a766381634da19fc837619b0a34590498d9d29a ] + +When ixgbe_fdir_write_perfect_filter_82599() fails, +input allocated by kzalloc() has not been freed, +which leads to memleak. + +Signed-off-by: Dinghao Liu +Reviewed-by: Paul Menzel +Tested-by: Tony Brelinski +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/ixgbe/ixgbe_main.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index 36d73bf32f4f..8e2aaf774693 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -8677,8 +8677,10 @@ static int ixgbe_configure_clsu32(struct ixgbe_adapter *adapter, + ixgbe_atr_compute_perfect_hash_82599(&input->filter, mask); + err = ixgbe_fdir_write_perfect_filter_82599(hw, &input->filter, + input->sw_idx, queue); +- if (!err) +- ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx); ++ if (err) ++ goto err_out_w_lock; ++ ++ ixgbe_update_ethtool_fdir_entry(adapter, input, input->sw_idx); + spin_unlock(&adapter->fdir_perfect_lock); + + if ((uhtid != 0x800) && (adapter->jump_tables[uhtid])) +-- +2.30.1 + diff --git a/queue-4.9/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch b/queue-4.9/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch new file mode 100644 index 00000000000..7f10cda4820 --- /dev/null +++ b/queue-4.9/net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch @@ -0,0 +1,53 @@ +From cec3efe3fcb0050c68d2d7f5e145bccd4815977d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Feb 2021 22:15:16 +0100 +Subject: net: fec: ptp: avoid register access when ipg clock is disabled + +From: Heiko Thiery + +[ Upstream commit 6a4d7234ae9a3bb31181f348ade9bbdb55aeb5c5 ] + +When accessing the timecounter register on an i.MX8MQ the kernel hangs. +This is only the case when the interface is down. This can be reproduced +by reading with 'phc_ctrl eth0 get'. + +Like described in the change in 91c0d987a9788dcc5fe26baafd73bf9242b68900 +the igp clock is disabled when the interface is down and leads to a +system hang. + +So we check if the ptp clock status before reading the timecounter +register. + +Signed-off-by: Heiko Thiery +Acked-by: Richard Cochran +Link: https://lore.kernel.org/r/20210225211514.9115-1-heiko.thiery@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/freescale/fec_ptp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/net/ethernet/freescale/fec_ptp.c b/drivers/net/ethernet/freescale/fec_ptp.c +index f9e74461bdc0..123181612595 100644 +--- a/drivers/net/ethernet/freescale/fec_ptp.c ++++ b/drivers/net/ethernet/freescale/fec_ptp.c +@@ -396,9 +396,16 @@ static int fec_ptp_gettime(struct ptp_clock_info *ptp, struct timespec64 *ts) + u64 ns; + unsigned long flags; + ++ mutex_lock(&adapter->ptp_clk_mutex); ++ /* Check the ptp clock */ ++ if (!adapter->ptp_clk_on) { ++ mutex_unlock(&adapter->ptp_clk_mutex); ++ return -EINVAL; ++ } + spin_lock_irqsave(&adapter->tmreg_lock, flags); + ns = timecounter_read(&adapter->tc); + spin_unlock_irqrestore(&adapter->tmreg_lock, flags); ++ mutex_unlock(&adapter->ptp_clk_mutex); + + *ts = ns_to_timespec64(ns); + +-- +2.30.1 + diff --git a/queue-4.9/net-tehuti-fix-error-return-code-in-bdx_probe.patch b/queue-4.9/net-tehuti-fix-error-return-code-in-bdx_probe.patch new file mode 100644 index 00000000000..259ffefd6a3 --- /dev/null +++ b/queue-4.9/net-tehuti-fix-error-return-code-in-bdx_probe.patch @@ -0,0 +1,36 @@ +From 03c48cba5f745a2330f4927f3d129ad49ca0f5d1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Mar 2021 18:06:48 -0800 +Subject: net: tehuti: fix error return code in bdx_probe() + +From: Jia-Ju Bai + +[ Upstream commit 38c26ff3048af50eee3fcd591921357ee5bfd9ee ] + +When bdx_read_mac() fails, no error return code of bdx_probe() +is assigned. +To fix this bug, err is assigned with -EFAULT as error return code. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/tehuti/tehuti.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/tehuti/tehuti.c b/drivers/net/ethernet/tehuti/tehuti.c +index 7108c68f16d3..6ee7f8d2f2d1 100644 +--- a/drivers/net/ethernet/tehuti/tehuti.c ++++ b/drivers/net/ethernet/tehuti/tehuti.c +@@ -2062,6 +2062,7 @@ bdx_probe(struct pci_dev *pdev, const struct pci_device_id *ent) + /*bdx_hw_reset(priv); */ + if (bdx_read_mac(priv)) { + pr_err("load MAC address failed\n"); ++ err = -EFAULT; + goto err_out_iomap; + } + SET_NETDEV_DEV(ndev, &pdev->dev); +-- +2.30.1 + diff --git a/queue-4.9/net-wan-fix-error-return-code-of-uhdlc_init.patch b/queue-4.9/net-wan-fix-error-return-code-of-uhdlc_init.patch new file mode 100644 index 00000000000..7ccdd77ed58 --- /dev/null +++ b/queue-4.9/net-wan-fix-error-return-code-of-uhdlc_init.patch @@ -0,0 +1,48 @@ +From 40570a1929bc0f211d9cec3e017461d6154d6819 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 7 Mar 2021 01:12:56 -0800 +Subject: net: wan: fix error return code of uhdlc_init() + +From: Jia-Ju Bai + +[ Upstream commit 62765d39553cfd1ad340124fe1e280450e8c89e2 ] + +When priv->rx_skbuff or priv->tx_skbuff is NULL, no error return code of +uhdlc_init() is assigned. +To fix this bug, ret is assigned with -ENOMEM in these cases. + +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/wan/fsl_ucc_hdlc.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wan/fsl_ucc_hdlc.c b/drivers/net/wan/fsl_ucc_hdlc.c +index 87bf05a81db5..fc7d28edee07 100644 +--- a/drivers/net/wan/fsl_ucc_hdlc.c ++++ b/drivers/net/wan/fsl_ucc_hdlc.c +@@ -169,13 +169,17 @@ static int uhdlc_init(struct ucc_hdlc_private *priv) + + priv->rx_skbuff = kzalloc(priv->rx_ring_size * sizeof(*priv->rx_skbuff), + GFP_KERNEL); +- if (!priv->rx_skbuff) ++ if (!priv->rx_skbuff) { ++ ret = -ENOMEM; + goto free_ucc_pram; ++ } + + priv->tx_skbuff = kzalloc(priv->tx_ring_size * sizeof(*priv->tx_skbuff), + GFP_KERNEL); +- if (!priv->tx_skbuff) ++ if (!priv->tx_skbuff) { ++ ret = -ENOMEM; + goto free_rx_skbuff; ++ } + + priv->skb_curtx = 0; + priv->skb_dirtytx = 0; +-- +2.30.1 + diff --git a/queue-4.9/nfs-correct-size-calculation-for-create-reply-length.patch b/queue-4.9/nfs-correct-size-calculation-for-create-reply-length.patch new file mode 100644 index 00000000000..cf1bc593f7e --- /dev/null +++ b/queue-4.9/nfs-correct-size-calculation-for-create-reply-length.patch @@ -0,0 +1,49 @@ +From b2a11d8e3d6dd4be38f6f2bcfcf7cc9bd9e6eeb2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 12:12:13 -0600 +Subject: NFS: Correct size calculation for create reply length + +From: Frank Sorenson + +[ Upstream commit ad3dbe35c833c2d4d0bbf3f04c785d32f931e7c9 ] + +CREATE requests return a post_op_fh3, rather than nfs_fh3. The +post_op_fh3 includes an extra word to indicate 'handle_follows'. + +Without that additional word, create fails when full 64-byte +filehandles are in use. + +Add NFS3_post_op_fh_sz, and correct the size calculation for +NFS3_createres_sz. + +Signed-off-by: Frank Sorenson +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs3xdr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/nfs3xdr.c b/fs/nfs/nfs3xdr.c +index 267126d32ec0..4a68837e92ea 100644 +--- a/fs/nfs/nfs3xdr.c ++++ b/fs/nfs/nfs3xdr.c +@@ -33,6 +33,7 @@ + */ + #define NFS3_fhandle_sz (1+16) + #define NFS3_fh_sz (NFS3_fhandle_sz) /* shorthand */ ++#define NFS3_post_op_fh_sz (1+NFS3_fh_sz) + #define NFS3_sattr_sz (15) + #define NFS3_filename_sz (1+(NFS3_MAXNAMLEN>>2)) + #define NFS3_path_sz (1+(NFS3_MAXPATHLEN>>2)) +@@ -70,7 +71,7 @@ + #define NFS3_readlinkres_sz (1+NFS3_post_op_attr_sz+1) + #define NFS3_readres_sz (1+NFS3_post_op_attr_sz+3) + #define NFS3_writeres_sz (1+NFS3_wcc_data_sz+4) +-#define NFS3_createres_sz (1+NFS3_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) ++#define NFS3_createres_sz (1+NFS3_post_op_fh_sz+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_renameres_sz (1+(2 * NFS3_wcc_data_sz)) + #define NFS3_linkres_sz (1+NFS3_post_op_attr_sz+NFS3_wcc_data_sz) + #define NFS3_readdirres_sz (1+NFS3_post_op_attr_sz+2) +-- +2.30.1 + diff --git a/queue-4.9/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch b/queue-4.9/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch new file mode 100644 index 00000000000..7acb6bce52a --- /dev/null +++ b/queue-4.9/nfs-fix-pnfs_flexfile_layout-kconfig-default.patch @@ -0,0 +1,36 @@ +From 7ebaaac6e415639cb8f3987144d67e8b896a1556 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Feb 2021 15:19:01 +0100 +Subject: nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default + +From: Timo Rothenpieler + +[ Upstream commit a0590473c5e6c4ef17c3132ad08fbad170f72d55 ] + +This follows what was done in 8c2fabc6542d9d0f8b16bd1045c2eda59bdcde13. +With the default being m, it's impossible to build the module into the +kernel. + +Signed-off-by: Timo Rothenpieler +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index c3428767332c..55ebf9f4a824 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -132,7 +132,7 @@ config PNFS_OBJLAYOUT + config PNFS_FLEXFILE_LAYOUT + tristate + depends on NFS_V4_1 && NFS_V3 +- default m ++ default NFS_V4 + + config NFS_V4_1_IMPLEMENTATION_ID_DOMAIN + string "NFSv4.1 Implementation ID Domain" +-- +2.30.1 + diff --git a/queue-4.9/nfs-we-don-t-support-removing-system.nfs4_acl.patch b/queue-4.9/nfs-we-don-t-support-removing-system.nfs4_acl.patch new file mode 100644 index 00000000000..a28910469df --- /dev/null +++ b/queue-4.9/nfs-we-don-t-support-removing-system.nfs4_acl.patch @@ -0,0 +1,40 @@ +From 621377971352da38e994335a312fd253d6660d09 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 17:36:38 -0500 +Subject: nfs: we don't support removing system.nfs4_acl + +From: J. Bruce Fields + +[ Upstream commit 4f8be1f53bf615102d103c0509ffa9596f65b718 ] + +The NFSv4 protocol doesn't have any notion of reomoving an attribute, so +removexattr(path,"system.nfs4_acl") doesn't make sense. + +There's no documented return value. Arguably it could be EOPNOTSUPP but +I'm a little worried an application might take that to mean that we +don't support ACLs or xattrs. How about EINVAL? + +Signed-off-by: J. Bruce Fields +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index 0cebe0ca03b2..94130588ebf5 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -5144,6 +5144,9 @@ static int __nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t bufl + unsigned int npages = DIV_ROUND_UP(buflen, PAGE_SIZE); + int ret, i; + ++ /* You can't remove system.nfs4_acl: */ ++ if (buflen == 0) ++ return -EINVAL; + if (!nfs4_server_supports_acls(server)) + return -EOPNOTSUPP; + if (npages > ARRAY_SIZE(pages)) +-- +2.30.1 + diff --git a/queue-4.9/powerpc-4xx-fix-build-errors-from-mfdcr.patch b/queue-4.9/powerpc-4xx-fix-build-errors-from-mfdcr.patch new file mode 100644 index 00000000000..245715533e5 --- /dev/null +++ b/queue-4.9/powerpc-4xx-fix-build-errors-from-mfdcr.patch @@ -0,0 +1,72 @@ +From e9a650c5649853f904f4b86ffec3ad03bcf79ae3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 23:30:58 +1100 +Subject: powerpc/4xx: Fix build errors from mfdcr() + +From: Michael Ellerman + +[ Upstream commit eead089311f4d935ab5d1d8fbb0c42ad44699ada ] + +lkp reported a build error in fsp2.o: + + CC arch/powerpc/platforms/44x/fsp2.o + {standard input}:577: Error: unsupported relocation against base + +Which comes from: + + pr_err("GESR0: 0x%08x\n", mfdcr(base + PLB4OPB_GESR0)); + +Where our mfdcr() macro is stringifying "base + PLB4OPB_GESR0", and +passing that to the assembler, which obviously doesn't work. + +The mfdcr() macro already checks that the argument is constant using +__builtin_constant_p(), and if not calls the out-of-line version of +mfdcr(). But in this case GCC is smart enough to notice that "base + +PLB4OPB_GESR0" will be constant, even though it's not something we can +immediately stringify into a register number. + +Segher pointed out that passing the register number to the inline asm +as a constant would be better, and in fact it fixes the build error, +presumably because it gives GCC a chance to resolve the value. + +While we're at it, change mtdcr() similarly. + +Reported-by: kernel test robot +Suggested-by: Segher Boessenkool +Signed-off-by: Michael Ellerman +Acked-by: Feng Tang +Link: https://lore.kernel.org/r/20210218123058.748882-1-mpe@ellerman.id.au +Signed-off-by: Sasha Levin +--- + arch/powerpc/include/asm/dcr-native.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/include/asm/dcr-native.h b/arch/powerpc/include/asm/dcr-native.h +index 4a2beef74277..86fdda16bb73 100644 +--- a/arch/powerpc/include/asm/dcr-native.h ++++ b/arch/powerpc/include/asm/dcr-native.h +@@ -65,8 +65,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val) + #define mfdcr(rn) \ + ({unsigned int rval; \ + if (__builtin_constant_p(rn) && rn < 1024) \ +- asm volatile("mfdcr %0," __stringify(rn) \ +- : "=r" (rval)); \ ++ asm volatile("mfdcr %0, %1" : "=r" (rval) \ ++ : "n" (rn)); \ + else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \ + rval = mfdcrx(rn); \ + else \ +@@ -76,8 +76,8 @@ static inline void mtdcrx(unsigned int reg, unsigned int val) + #define mtdcr(rn, v) \ + do { \ + if (__builtin_constant_p(rn) && rn < 1024) \ +- asm volatile("mtdcr " __stringify(rn) ",%0" \ +- : : "r" (v)); \ ++ asm volatile("mtdcr %0, %1" \ ++ : : "n" (rn), "r" (v)); \ + else if (likely(cpu_has_feature(CPU_FTR_INDEXED_DCR))) \ + mtdcrx(rn, v); \ + else \ +-- +2.30.1 + diff --git a/queue-4.9/series b/queue-4.9/series new file mode 100644 index 00000000000..699b3c7b7de --- /dev/null +++ b/queue-4.9/series @@ -0,0 +1,16 @@ +net-fec-ptp-avoid-register-access-when-ipg-clock-is-.patch +powerpc-4xx-fix-build-errors-from-mfdcr.patch +atm-eni-dont-release-is-never-initialized.patch +atm-lanai-dont-run-lanai_dev_close-if-not-open.patch +ixgbe-fix-memleak-in-ixgbe_configure_clsu32.patch +net-tehuti-fix-error-return-code-in-bdx_probe.patch +sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch +nfs-fix-pnfs_flexfile_layout-kconfig-default.patch +nfs-correct-size-calculation-for-create-reply-length.patch +net-wan-fix-error-return-code-of-uhdlc_init.patch +atm-upd98402-fix-incorrect-allocation.patch +atm-idt77252-fix-null-ptr-dereference.patch +u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch +nfs-we-don-t-support-removing-system.nfs4_acl.patch +ia64-fix-ia64_syscall_get_set_arguments-for-break-ba.patch +ia64-fix-ptrace-ptrace_syscall_info_exit-sign.patch diff --git a/queue-4.9/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch b/queue-4.9/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch new file mode 100644 index 00000000000..226d46b8b2c --- /dev/null +++ b/queue-4.9/sun-niu-fix-wrong-rxmac_bc_frm_cnt_count-count.patch @@ -0,0 +1,35 @@ +From 556a443bc543c5c8975877328333be9b8581912c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Mar 2021 20:02:12 +0300 +Subject: sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count + +From: Denis Efremov + +[ Upstream commit 155b23e6e53475ca3b8c2a946299b4d4dd6a5a1e ] + +RXMAC_BC_FRM_CNT_COUNT added to mp->rx_bcasts twice in a row +in niu_xmac_interrupt(). Remove the second addition. + +Signed-off-by: Denis Efremov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/sun/niu.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/net/ethernet/sun/niu.c b/drivers/net/ethernet/sun/niu.c +index fe5b0ac8c631..5bf47279f9c1 100644 +--- a/drivers/net/ethernet/sun/niu.c ++++ b/drivers/net/ethernet/sun/niu.c +@@ -3948,8 +3948,6 @@ static void niu_xmac_interrupt(struct niu *np) + mp->rx_mcasts += RXMAC_MC_FRM_CNT_COUNT; + if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP) + mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT; +- if (val & XRXMAC_STATUS_RXBCAST_CNT_EXP) +- mp->rx_bcasts += RXMAC_BC_FRM_CNT_COUNT; + if (val & XRXMAC_STATUS_RXHIST1_CNT_EXP) + mp->rx_hist_cnt1 += RXMAC_HIST_CNT1_COUNT; + if (val & XRXMAC_STATUS_RXHIST2_CNT_EXP) +-- +2.30.1 + diff --git a/queue-4.9/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch b/queue-4.9/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch new file mode 100644 index 00000000000..17a757f09f4 --- /dev/null +++ b/queue-4.9/u64_stats-lockdep-fix-u64_stats_init-vs-lockdep.patch @@ -0,0 +1,64 @@ +From 04c72c1755d852026ab7a568f29a1e8b3646adcb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 09:38:12 +0100 +Subject: u64_stats,lockdep: Fix u64_stats_init() vs lockdep + +From: Peter Zijlstra + +[ Upstream commit d5b0e0677bfd5efd17c5bbb00156931f0d41cb85 ] + +Jakub reported that: + + static struct net_device *rtl8139_init_board(struct pci_dev *pdev) + { + ... + u64_stats_init(&tp->rx_stats.syncp); + u64_stats_init(&tp->tx_stats.syncp); + ... + } + +results in lockdep getting confused between the RX and TX stats lock. +This is because u64_stats_init() is an inline calling seqcount_init(), +which is a macro using a static variable to generate a lockdep class. + +By wrapping that in an inline, we negate the effect of the macro and +fold the static key variable, hence the confusion. + +Fix by also making u64_stats_init() a macro for the case where it +matters, leaving the other case an inline for argument validation +etc. + +Reported-by: Jakub Kicinski +Debugged-by: "Ahmed S. Darwish" +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: "Erhard F." +Link: https://lkml.kernel.org/r/YEXicy6+9MksdLZh@hirez.programming.kicks-ass.net +Signed-off-by: Sasha Levin +--- + include/linux/u64_stats_sync.h | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/include/linux/u64_stats_sync.h b/include/linux/u64_stats_sync.h +index 650f3dd6b800..f604a8fe9d2e 100644 +--- a/include/linux/u64_stats_sync.h ++++ b/include/linux/u64_stats_sync.h +@@ -68,12 +68,13 @@ struct u64_stats_sync { + }; + + ++#if BITS_PER_LONG == 32 && defined(CONFIG_SMP) ++#define u64_stats_init(syncp) seqcount_init(&(syncp)->seq) ++#else + static inline void u64_stats_init(struct u64_stats_sync *syncp) + { +-#if BITS_PER_LONG == 32 && defined(CONFIG_SMP) +- seqcount_init(&syncp->seq); +-#endif + } ++#endif + + static inline void u64_stats_update_begin(struct u64_stats_sync *syncp) + { +-- +2.30.1 +