From: Sasha Levin Date: Sun, 19 Jun 2022 13:03:29 +0000 (-0400) Subject: Fixes for 4.14 X-Git-Tag: v5.4.200~56 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5e73092d9d893cfb67e2901037cc577ff5d3ef9a;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.14 Signed-off-by: Sasha Levin --- diff --git a/queue-4.14/arm64-ftrace-fix-branch-range-checks.patch b/queue-4.14/arm64-ftrace-fix-branch-range-checks.patch new file mode 100644 index 00000000000..c2fa9afb9d1 --- /dev/null +++ b/queue-4.14/arm64-ftrace-fix-branch-range-checks.patch @@ -0,0 +1,86 @@ +From 1caa95d1eaa404668ab88b2421fb205d3598e746 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Jun 2022 09:09:42 +0100 +Subject: arm64: ftrace: fix branch range checks + +From: Mark Rutland + +[ Upstream commit 3eefdf9d1e406f3da47470b2854347009ffcb6fa ] + +The branch range checks in ftrace_make_call() and ftrace_make_nop() are +incorrect, erroneously permitting a forwards branch of 128M and +erroneously rejecting a backwards branch of 128M. + +This is because both functions calculate the offset backwards, +calculating the offset *from* the target *to* the branch, rather than +the other way around as the later comparisons expect. + +If an out-of-range branch were erroeously permitted, this would later be +rejected by aarch64_insn_gen_branch_imm() as branch_imm_common() checks +the bounds correctly, resulting in warnings and the placement of a BRK +instruction. Note that this can only happen for a forwards branch of +exactly 128M, and so the caller would need to be exactly 128M bytes +below the relevant ftrace trampoline. + +If an in-range branch were erroeously rejected, then: + +* For modules when CONFIG_ARM64_MODULE_PLTS=y, this would result in the + use of a PLT entry, which is benign. + + Note that this is the common case, as this is selected by + CONFIG_RANDOMIZE_BASE (and therefore RANDOMIZE_MODULE_REGION_FULL), + which distributions typically seelct. This is also selected by + CONFIG_ARM64_ERRATUM_843419. + +* For modules when CONFIG_ARM64_MODULE_PLTS=n, this would result in + internal ftrace failures. + +* For core kernel text, this would result in internal ftrace failues. + + Note that for this to happen, the kernel text would need to be at + least 128M bytes in size, and typical configurations are smaller tha + this. + +Fix this by calculating the offset *from* the branch *to* the target in +both functions. + +Fixes: f8af0b364e24 ("arm64: ftrace: don't validate branch via PLT in ftrace_make_nop()") +Fixes: e71a4e1bebaf ("arm64: ftrace: add support for far branches to dynamic ftrace") +Signed-off-by: Mark Rutland +Cc: Ard Biesheuvel +Cc: Will Deacon +Tested-by: "Ivan T. Ivanov" +Reviewed-by: Chengming Zhou +Reviewed-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220614080944.1349146-2-mark.rutland@arm.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/ftrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c +index 6eefd5873aef..cd0b2fc94d3b 100644 +--- a/arch/arm64/kernel/ftrace.c ++++ b/arch/arm64/kernel/ftrace.c +@@ -72,7 +72,7 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) + { + unsigned long pc = rec->ip; + u32 old, new; +- long offset = (long)pc - (long)addr; ++ long offset = (long)addr - (long)pc; + + if (offset < -SZ_128M || offset >= SZ_128M) { + #ifdef CONFIG_ARM64_MODULE_PLTS +@@ -151,7 +151,7 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec, + unsigned long pc = rec->ip; + bool validate = true; + u32 old = 0, new; +- long offset = (long)pc - (long)addr; ++ long offset = (long)addr - (long)pc; + + if (offset < -SZ_128M || offset >= SZ_128M) { + #ifdef CONFIG_ARM64_MODULE_PLTS +-- +2.35.1 + diff --git a/queue-4.14/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch b/queue-4.14/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch new file mode 100644 index 00000000000..e4aa64a5ab7 --- /dev/null +++ b/queue-4.14/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch @@ -0,0 +1,52 @@ +From 0263594cd22ecd899a5286062f78ed71945fbdd7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 12 Jun 2022 02:22:30 +0900 +Subject: certs/blacklist_hashes.c: fix const confusion in certs blacklist +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masahiro Yamada + +[ Upstream commit 6a1c3767d82ed8233de1263aa7da81595e176087 ] + +This file fails to compile as follows: + + CC certs/blacklist_hashes.o +certs/blacklist_hashes.c:4:1: error: ignoring attribute ‘section (".init.data")’ because it conflicts with previous ‘section (".init.rodata")’ [-Werror=attributes] + 4 | const char __initdata *const blacklist_hashes[] = { + | ^~~~~ +In file included from certs/blacklist_hashes.c:2: +certs/blacklist.h:5:38: note: previous declaration here + 5 | extern const char __initconst *const blacklist_hashes[]; + | ^~~~~~~~~~~~~~~~ + +Apply the same fix as commit 2be04df5668d ("certs/blacklist_nohashes.c: +fix const confusion in certs blacklist"). + +Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring") +Signed-off-by: Masahiro Yamada +Reviewed-by: Jarkko Sakkinen +Reviewed-by: Mickaël Salaün +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Sasha Levin +--- + certs/blacklist_hashes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/certs/blacklist_hashes.c b/certs/blacklist_hashes.c +index 344892337be0..d5961aa3d338 100644 +--- a/certs/blacklist_hashes.c ++++ b/certs/blacklist_hashes.c +@@ -1,7 +1,7 @@ + // SPDX-License-Identifier: GPL-2.0 + #include "blacklist.h" + +-const char __initdata *const blacklist_hashes[] = { ++const char __initconst *const blacklist_hashes[] = { + #include CONFIG_SYSTEM_BLACKLIST_HASH_LIST + , NULL + }; +-- +2.35.1 + diff --git a/queue-4.14/i40e-fix-call-trace-in-setup_tx_descriptors.patch b/queue-4.14/i40e-fix-call-trace-in-setup_tx_descriptors.patch new file mode 100644 index 00000000000..7a367e7b0d5 --- /dev/null +++ b/queue-4.14/i40e-fix-call-trace-in-setup_tx_descriptors.patch @@ -0,0 +1,83 @@ +From 4d02540603fce418f3282e5019da0c564bc7a614 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 May 2022 16:01:45 +0200 +Subject: i40e: Fix call trace in setup_tx_descriptors + +From: Aleksandr Loktionov + +[ Upstream commit fd5855e6b1358e816710afee68a1d2bc685176ca ] + +After PF reset and ethtool -t there was call trace in dmesg +sometimes leading to panic. When there was some time, around 5 +seconds, between reset and test there were no errors. + +Problem was that pf reset calls i40e_vsi_close in prep_for_reset +and ethtool -t calls i40e_vsi_close in diag_test. If there was not +enough time between those commands the second i40e_vsi_close starts +before previous i40e_vsi_close was done which leads to crash. + +Add check to diag_test if pf is in reset and don't start offline +tests if it is true. +Add netif_info("testing failed") into unhappy path of i40e_diag_test() + +Fixes: e17bc411aea8 ("i40e: Disable offline diagnostics if VFs are enabled") +Fixes: 510efb2682b3 ("i40e: Fix ethtool offline diagnostic with netqueues") +Signed-off-by: Michal Jaron +Signed-off-by: Aleksandr Loktionov +Tested-by: Gurucharan (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + .../net/ethernet/intel/i40e/i40e_ethtool.c | 25 +++++++++++++------ + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c +index 751ac5616884..21648dab13e0 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c +@@ -1874,15 +1874,16 @@ static void i40e_diag_test(struct net_device *netdev, + + set_bit(__I40E_TESTING, pf->state); + ++ if (test_bit(__I40E_RESET_RECOVERY_PENDING, pf->state) || ++ test_bit(__I40E_RESET_INTR_RECEIVED, pf->state)) { ++ dev_warn(&pf->pdev->dev, ++ "Cannot start offline testing when PF is in reset state.\n"); ++ goto skip_ol_tests; ++ } ++ + if (i40e_active_vfs(pf) || i40e_active_vmdqs(pf)) { + dev_warn(&pf->pdev->dev, + "Please take active VFs and Netqueues offline and restart the adapter before running NIC diagnostics\n"); +- data[I40E_ETH_TEST_REG] = 1; +- data[I40E_ETH_TEST_EEPROM] = 1; +- data[I40E_ETH_TEST_INTR] = 1; +- data[I40E_ETH_TEST_LINK] = 1; +- eth_test->flags |= ETH_TEST_FL_FAILED; +- clear_bit(__I40E_TESTING, pf->state); + goto skip_ol_tests; + } + +@@ -1929,9 +1930,17 @@ static void i40e_diag_test(struct net_device *netdev, + data[I40E_ETH_TEST_INTR] = 0; + } + +-skip_ol_tests: +- + netif_info(pf, drv, netdev, "testing finished\n"); ++ return; ++ ++skip_ol_tests: ++ data[I40E_ETH_TEST_REG] = 1; ++ data[I40E_ETH_TEST_EEPROM] = 1; ++ data[I40E_ETH_TEST_INTR] = 1; ++ data[I40E_ETH_TEST_LINK] = 1; ++ eth_test->flags |= ETH_TEST_FL_FAILED; ++ clear_bit(__I40E_TESTING, pf->state); ++ netif_info(pf, drv, netdev, "testing failed\n"); + } + + static void i40e_get_wol(struct net_device *netdev, +-- +2.35.1 + diff --git a/queue-4.14/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch b/queue-4.14/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch new file mode 100644 index 00000000000..841584dd46b --- /dev/null +++ b/queue-4.14/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch @@ -0,0 +1,47 @@ +From e131d32280e9a3330c7d79fc39e1df1d1d40654e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 16:30:26 +0400 +Subject: misc: atmel-ssc: Fix IRQ check in ssc_probe + +From: Miaoqian Lin + +[ Upstream commit 1c245358ce0b13669f6d1625f7a4e05c41f28980 ] + +platform_get_irq() returns negative error number instead 0 on failure. +And the doc of platform_get_irq() provides a usage example: + + int irq = platform_get_irq(pdev, 0); + if (irq < 0) + return irq; + +Fix the check of return value to catch errors correctly. + +Fixes: eb1f2930609b ("Driver for the Atmel on-chip SSC on AT32AP and AT91") +Reviewed-by: Claudiu Beznea +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220601123026.7119-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/misc/atmel-ssc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/misc/atmel-ssc.c b/drivers/misc/atmel-ssc.c +index f9caf233e2cc..48521861beb5 100644 +--- a/drivers/misc/atmel-ssc.c ++++ b/drivers/misc/atmel-ssc.c +@@ -235,9 +235,9 @@ static int ssc_probe(struct platform_device *pdev) + clk_disable_unprepare(ssc->clk); + + ssc->irq = platform_get_irq(pdev, 0); +- if (!ssc->irq) { ++ if (ssc->irq < 0) { + dev_dbg(&pdev->dev, "could not get irq\n"); +- return -ENXIO; ++ return ssc->irq; + } + + mutex_lock(&user_lock); +-- +2.35.1 + diff --git a/queue-4.14/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch b/queue-4.14/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch new file mode 100644 index 00000000000..1167508323d --- /dev/null +++ b/queue-4.14/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch @@ -0,0 +1,39 @@ +From 7221170e4132cb107dee3169f16b8f49caaf9a92 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jun 2022 22:53:50 +0200 +Subject: net: bgmac: Fix an erroneous kfree() in bgmac_remove() + +From: Christophe JAILLET + +[ Upstream commit d7dd6eccfbc95ac47a12396f84e7e1b361db654b ] + +'bgmac' is part of a managed resource allocated with bgmac_alloc(). It +should not be freed explicitly. + +Remove the erroneous kfree() from the .remove() function. + +Fixes: 34a5102c3235 ("net: bgmac: allocate struct bgmac just once & don't copy it") +Signed-off-by: Christophe JAILLET +Reviewed-by: Florian Fainelli +Link: https://lore.kernel.org/r/a026153108dd21239036a032b95c25b5cece253b.1655153616.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/broadcom/bgmac-bcma.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/bgmac-bcma.c b/drivers/net/ethernet/broadcom/bgmac-bcma.c +index 6322594ab260..98f1057650da 100644 +--- a/drivers/net/ethernet/broadcom/bgmac-bcma.c ++++ b/drivers/net/ethernet/broadcom/bgmac-bcma.c +@@ -317,7 +317,6 @@ static void bgmac_remove(struct bcma_device *core) + bcma_mdio_mii_unregister(bgmac->mii_bus); + bgmac_enet_remove(bgmac); + bcma_set_drvdata(core, NULL); +- kfree(bgmac); + } + + static struct bcma_driver bgmac_bcma_driver = { +-- +2.35.1 + diff --git a/queue-4.14/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch b/queue-4.14/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch new file mode 100644 index 00000000000..60e512ee54f --- /dev/null +++ b/queue-4.14/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch @@ -0,0 +1,42 @@ +From 158a06b4c76f9582a588a1eb4c74f323d4a7156b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 31 May 2022 11:03:06 -0400 +Subject: pNFS: Don't keep retrying if the server replied + NFS4ERR_LAYOUTUNAVAILABLE + +From: Trond Myklebust + +[ Upstream commit fe44fb23d6ccde4c914c44ef74ab8d9d9ba02bea ] + +If the server tells us that a pNFS layout is not available for a +specific file, then we should not keep pounding it with further +layoutget requests. + +Fixes: 183d9e7b112a ("pnfs: rework LAYOUTGET retry handling") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/pnfs.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c +index 18bbdaefd940..962585e00c86 100644 +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -1878,6 +1878,12 @@ pnfs_update_layout(struct inode *ino, + /* Fallthrough */ + case -EAGAIN: + break; ++ case -ENODATA: ++ /* The server returned NFS4ERR_LAYOUTUNAVAILABLE */ ++ pnfs_layout_set_fail_bit( ++ lo, pnfs_iomode_to_fail_bit(iomode)); ++ lseg = NULL; ++ goto out_put_layout_hdr; + default: + if (!nfs_error_is_fatal(PTR_ERR(lseg))) { + pnfs_layout_clear_fail_bit(lo, pnfs_iomode_to_fail_bit(iomode)); +-- +2.35.1 + diff --git a/queue-4.14/series b/queue-4.14/series index 77ec066cae6..a3f617a5e0d 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -206,3 +206,10 @@ nfc-nfcmrvl-fix-memory-leak-in-nfcmrvl_play_deferred.patch ipv6-fix-signed-integer-overflow-in-l2tp_ip6_sendmsg.patch net-ethernet-mtk_eth_soc-fix-misuse-of-mem-alloc-int.patch random-credit-cpu-and-bootloader-seeds-by-default.patch +pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch +i40e-fix-call-trace-in-setup_tx_descriptors.patch +tty-goldfish-fix-free_irq-on-remove.patch +misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch +net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch +arm64-ftrace-fix-branch-range-checks.patch +certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch diff --git a/queue-4.14/tty-goldfish-fix-free_irq-on-remove.patch b/queue-4.14/tty-goldfish-fix-free_irq-on-remove.patch new file mode 100644 index 00000000000..796d7edcff3 --- /dev/null +++ b/queue-4.14/tty-goldfish-fix-free_irq-on-remove.patch @@ -0,0 +1,51 @@ +From de1b59cc37426a2532d6bdbd86faf72185f31908 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Jun 2022 16:17:04 +0200 +Subject: tty: goldfish: Fix free_irq() on remove + +From: Vincent Whitchurch + +[ Upstream commit 499e13aac6c762e1e828172b0f0f5275651d6512 ] + +Pass the correct dev_id to free_irq() to fix this splat when the driver +is unbound: + + WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq + Trying to free already-free IRQ 65 + Call Trace: + warn_slowpath_fmt + free_irq + goldfish_tty_remove + platform_remove + device_remove + device_release_driver_internal + device_driver_detach + unbind_store + drv_attr_store + ... + +Fixes: 465893e18878e119 ("tty: goldfish: support platform_device with id -1") +Signed-off-by: Vincent Whitchurch +Link: https://lore.kernel.org/r/20220609141704.1080024-1-vincent.whitchurch@axis.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/goldfish.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/goldfish.c b/drivers/tty/goldfish.c +index 1b72321f2d0b..9f0b6b185be7 100644 +--- a/drivers/tty/goldfish.c ++++ b/drivers/tty/goldfish.c +@@ -435,7 +435,7 @@ static int goldfish_tty_remove(struct platform_device *pdev) + tty_unregister_device(goldfish_tty_driver, qtty->console.index); + iounmap(qtty->base); + qtty->base = NULL; +- free_irq(qtty->irq, pdev); ++ free_irq(qtty->irq, qtty); + tty_port_destroy(&qtty->port); + goldfish_tty_current_line_count--; + if (goldfish_tty_current_line_count == 0) +-- +2.35.1 +