From: Greg Kroah-Hartman Date: Sun, 6 Feb 2022 12:54:39 +0000 (+0100) Subject: 4.9-stable patches X-Git-Tag: v4.9.300~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6118787d36d677ee2d981f6ad2d1fc180e78a6a4;p=thirdparty%2Fkernel%2Fstable-queue.git 4.9-stable patches added patches: asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch --- diff --git a/queue-4.9/asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch b/queue-4.9/asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch new file mode 100644 index 00000000000..7dc860885d2 --- /dev/null +++ b/queue-4.9/asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch @@ -0,0 +1,48 @@ +From fb25621da5702c104ce0a48de5b174ced09e5b4e Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Thu, 27 Jan 2022 13:13:34 +0000 +Subject: ASoC: fsl: Add missing error handling in pcm030_fabric_probe + +From: Miaoqian Lin + +commit fb25621da5702c104ce0a48de5b174ced09e5b4e upstream. + +Add the missing platform_device_put() and platform_device_del() +before return from pcm030_fabric_probe in the error handling case. + +Fixes: c912fa913446 ("ASoC: fsl: register the wm9712-codec") +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220127131336.30214-1-linmq006@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/fsl/pcm030-audio-fabric.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/sound/soc/fsl/pcm030-audio-fabric.c ++++ b/sound/soc/fsl/pcm030-audio-fabric.c +@@ -90,16 +90,21 @@ static int pcm030_fabric_probe(struct pl + dev_err(&op->dev, "platform_device_alloc() failed\n"); + + ret = platform_device_add(pdata->codec_device); +- if (ret) ++ if (ret) { + dev_err(&op->dev, "platform_device_add() failed: %d\n", ret); ++ platform_device_put(pdata->codec_device); ++ } + + ret = snd_soc_register_card(card); +- if (ret) ++ if (ret) { + dev_err(&op->dev, "snd_soc_register_card() failed: %d\n", ret); ++ platform_device_del(pdata->codec_device); ++ platform_device_put(pdata->codec_device); ++ } + + platform_set_drvdata(op, pdata); +- + return ret; ++ + } + + static int pcm030_fabric_remove(struct platform_device *op) diff --git a/queue-4.9/iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch b/queue-4.9/iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch new file mode 100644 index 00000000000..751a9992d5e --- /dev/null +++ b/queue-4.9/iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch @@ -0,0 +1,45 @@ +From 9b45a7738eec52bf0f5d8d3d54e822962781c5f2 Mon Sep 17 00:00:00 2001 +From: Joerg Roedel +Date: Fri, 4 Feb 2022 12:55:37 +0100 +Subject: iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() + +From: Joerg Roedel + +commit 9b45a7738eec52bf0f5d8d3d54e822962781c5f2 upstream. + +The polling loop for the register change in iommu_ga_log_enable() needs +to have a udelay() in it. Otherwise the CPU might be faster than the +IOMMU hardware and wrongly trigger the WARN_ON() further down the code +stream. Use a 10us for udelay(), has there is some hardware where +activation of the GA log can take more than a 100ms. + +A future optimization should move the activation check of the GA log +to the point where it gets used for the first time. But that is a +bigger change and not suitable for a fix. + +Fixes: 8bda0cfbdc1a ("iommu/amd: Detect and initialize guest vAPIC log") +Signed-off-by: Joerg Roedel +Link: https://lore.kernel.org/r/20220204115537.3894-1-joro@8bytes.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iommu/amd_iommu_init.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/iommu/amd_iommu_init.c ++++ b/drivers/iommu/amd_iommu_init.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -715,6 +716,7 @@ static int iommu_ga_log_enable(struct am + status = readl(iommu->mmio_base + MMIO_STATUS_OFFSET); + if (status & (MMIO_STATUS_GALOG_RUN_MASK)) + break; ++ udelay(10); + } + + if (i >= LOOP_TIMEOUT) diff --git a/queue-4.9/net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch b/queue-4.9/net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch new file mode 100644 index 00000000000..97e0288862e --- /dev/null +++ b/queue-4.9/net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch @@ -0,0 +1,61 @@ +From 79c37ca73a6e9a33f7b2b7783ba6af07a448c8a9 Mon Sep 17 00:00:00 2001 +From: Miquel Raynal +Date: Tue, 25 Jan 2022 13:14:25 +0100 +Subject: net: ieee802154: Return meaningful error codes from the netlink helpers + +From: Miquel Raynal + +commit 79c37ca73a6e9a33f7b2b7783ba6af07a448c8a9 upstream. + +Returning -1 does not indicate anything useful. + +Use a standard and meaningful error code instead. + +Fixes: a26c5fd7622d ("nl802154: add support for security layer") +Signed-off-by: Miquel Raynal +Acked-by: Alexander Aring +Link: https://lore.kernel.org/r/20220125121426.848337-6-miquel.raynal@bootlin.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Greg Kroah-Hartman +--- + net/ieee802154/nl802154.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1474,7 +1474,7 @@ static int nl802154_send_key(struct sk_b + + hdr = nl802154hdr_put(msg, portid, seq, flags, cmd); + if (!hdr) +- return -1; ++ return -ENOBUFS; + + if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex)) + goto nla_put_failure; +@@ -1665,7 +1665,7 @@ static int nl802154_send_device(struct s + + hdr = nl802154hdr_put(msg, portid, seq, flags, cmd); + if (!hdr) +- return -1; ++ return -ENOBUFS; + + if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex)) + goto nla_put_failure; +@@ -1843,7 +1843,7 @@ static int nl802154_send_devkey(struct s + + hdr = nl802154hdr_put(msg, portid, seq, flags, cmd); + if (!hdr) +- return -1; ++ return -ENOBUFS; + + if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex)) + goto nla_put_failure; +@@ -2020,7 +2020,7 @@ static int nl802154_send_seclevel(struct + + hdr = nl802154hdr_put(msg, portid, seq, flags, cmd); + if (!hdr) +- return -1; ++ return -ENOBUFS; + + if (nla_put_u32(msg, NL802154_ATTR_IFINDEX, dev->ifindex)) + goto nla_put_failure; diff --git a/queue-4.9/net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch b/queue-4.9/net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch new file mode 100644 index 00000000000..e36fec2fb3f --- /dev/null +++ b/queue-4.9/net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch @@ -0,0 +1,47 @@ +From d0cfa548dbde354de986911d3913897b5448faad Mon Sep 17 00:00:00 2001 +From: Lior Nahmanson +Date: Sun, 30 Jan 2022 13:37:52 +0200 +Subject: net: macsec: Verify that send_sci is on when setting Tx sci explicitly + +From: Lior Nahmanson + +commit d0cfa548dbde354de986911d3913897b5448faad upstream. + +When setting Tx sci explicit, the Rx side is expected to use this +sci and not recalculate it from the packet.However, in case of Tx sci +is explicit and send_sci is off, the receiver is wrongly recalculate +the sci from the source MAC address which most likely be different +than the explicit sci. + +Fix by preventing such configuration when macsec newlink is established +and return EINVAL error code on such cases. + +Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") +Signed-off-by: Lior Nahmanson +Reviewed-by: Raed Salem +Signed-off-by: Raed Salem +Link: https://lore.kernel.org/r/1643542672-29403-1-git-send-email-raeds@nvidia.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/macsec.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/net/macsec.c ++++ b/drivers/net/macsec.c +@@ -3230,6 +3230,15 @@ static int macsec_newlink(struct net *ne + + macsec->real_dev = real_dev; + ++ /* send_sci must be set to true when transmit sci explicitly is set */ ++ if ((data && data[IFLA_MACSEC_SCI]) && ++ (data && data[IFLA_MACSEC_INC_SCI])) { ++ u8 send_sci = !!nla_get_u8(data[IFLA_MACSEC_INC_SCI]); ++ ++ if (!send_sci) ++ return -EINVAL; ++ } ++ + if (data && data[IFLA_MACSEC_ICV_LEN]) + icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]); + mtu = real_dev->mtu - icv_len - macsec_extra_len(true); diff --git a/queue-4.9/nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch b/queue-4.9/nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch new file mode 100644 index 00000000000..7bc769df30a --- /dev/null +++ b/queue-4.9/nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch @@ -0,0 +1,45 @@ +From ab451ea952fe9d7afefae55ddb28943a148247fe Mon Sep 17 00:00:00 2001 +From: Dai Ngo +Date: Wed, 26 Jan 2022 13:13:38 -0800 +Subject: nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client. + +From: Dai Ngo + +commit ab451ea952fe9d7afefae55ddb28943a148247fe upstream. + +From RFC 7530 Section 16.34.5: + +o The server has not recorded an unconfirmed { v, x, c, *, * } and + has recorded a confirmed { v, x, c, *, s }. If the principals of + the record and of SETCLIENTID_CONFIRM do not match, the server + returns NFS4ERR_CLID_INUSE without removing any relevant leased + client state, and without changing recorded callback and + callback_ident values for client { x }. + +The current code intends to do what the spec describes above but +it forgot to set 'old' to NULL resulting to the confirmed client +to be expired. + +Fixes: 2b63482185e6 ("nfsd: fix clid_inuse on mount with security change") +Signed-off-by: Dai Ngo +Signed-off-by: Chuck Lever +Reviewed-by: Bruce Fields +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/nfs4state.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -3424,8 +3424,10 @@ nfsd4_setclientid_confirm(struct svc_rqs + status = nfserr_clid_inuse; + if (client_has_state(old) + && !same_creds(&unconf->cl_cred, +- &old->cl_cred)) ++ &old->cl_cred)) { ++ old = NULL; + goto out; ++ } + status = mark_client_expired_locked(old); + if (status) { + old = NULL; diff --git a/queue-4.9/scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch b/queue-4.9/scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch new file mode 100644 index 00000000000..ad159f25bb2 --- /dev/null +++ b/queue-4.9/scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch @@ -0,0 +1,92 @@ +From 936bd03405fc83ba039d42bc93ffd4b88418f1d3 Mon Sep 17 00:00:00 2001 +From: John Meneghini +Date: Mon, 24 Jan 2022 09:51:10 -0500 +Subject: scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe + +From: John Meneghini + +commit 936bd03405fc83ba039d42bc93ffd4b88418f1d3 upstream. + +Running tests with a debug kernel shows that bnx2fc_recv_frame() is +modifying the per_cpu lport stats counters in a non-mpsafe way. Just boot +a debug kernel and run the bnx2fc driver with the hardware enabled. + +[ 1391.699147] BUG: using smp_processor_id() in preemptible [00000000] code: bnx2fc_ +[ 1391.699160] caller is bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] +[ 1391.699174] CPU: 2 PID: 4355 Comm: bnx2fc_l2_threa Kdump: loaded Tainted: G B +[ 1391.699180] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 +[ 1391.699183] Call Trace: +[ 1391.699188] dump_stack_lvl+0x57/0x7d +[ 1391.699198] check_preemption_disabled+0xc8/0xd0 +[ 1391.699205] bnx2fc_recv_frame+0xbf9/0x1760 [bnx2fc] +[ 1391.699215] ? do_raw_spin_trylock+0xb5/0x180 +[ 1391.699221] ? bnx2fc_npiv_create_vports.isra.0+0x4e0/0x4e0 [bnx2fc] +[ 1391.699229] ? bnx2fc_l2_rcv_thread+0xb7/0x3a0 [bnx2fc] +[ 1391.699240] bnx2fc_l2_rcv_thread+0x1af/0x3a0 [bnx2fc] +[ 1391.699250] ? bnx2fc_ulp_init+0xc0/0xc0 [bnx2fc] +[ 1391.699258] kthread+0x364/0x420 +[ 1391.699263] ? _raw_spin_unlock_irq+0x24/0x50 +[ 1391.699268] ? set_kthread_struct+0x100/0x100 +[ 1391.699273] ret_from_fork+0x22/0x30 + +Restore the old get_cpu/put_cpu code with some modifications to reduce the +size of the critical section. + +Link: https://lore.kernel.org/r/20220124145110.442335-1-jmeneghi@redhat.com +Fixes: d576a5e80cd0 ("bnx2fc: Improve stats update mechanism") +Tested-by: Guangwu Zhang +Acked-by: Saurav Kashyap +Signed-off-by: John Meneghini +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +--- a/drivers/scsi/bnx2fc/bnx2fc_fcoe.c ++++ b/drivers/scsi/bnx2fc/bnx2fc_fcoe.c +@@ -521,7 +521,8 @@ static int bnx2fc_l2_rcv_thread(void *ar + + static void bnx2fc_recv_frame(struct sk_buff *skb) + { +- u32 fr_len; ++ u64 crc_err; ++ u32 fr_len, fr_crc; + struct fc_lport *lport; + struct fcoe_rcv_info *fr; + struct fc_stats *stats; +@@ -553,6 +554,11 @@ static void bnx2fc_recv_frame(struct sk_ + skb_pull(skb, sizeof(struct fcoe_hdr)); + fr_len = skb->len - sizeof(struct fcoe_crc_eof); + ++ stats = per_cpu_ptr(lport->stats, get_cpu()); ++ stats->RxFrames++; ++ stats->RxWords += fr_len / FCOE_WORD_TO_BYTE; ++ put_cpu(); ++ + fp = (struct fc_frame *)skb; + fc_frame_init(fp); + fr_dev(fp) = lport; +@@ -604,16 +610,15 @@ static void bnx2fc_recv_frame(struct sk_ + return; + } + +- stats = per_cpu_ptr(lport->stats, smp_processor_id()); +- stats->RxFrames++; +- stats->RxWords += fr_len / FCOE_WORD_TO_BYTE; ++ fr_crc = le32_to_cpu(fr_crc(fp)); + +- if (le32_to_cpu(fr_crc(fp)) != +- ~crc32(~0, skb->data, fr_len)) { +- if (stats->InvalidCRCCount < 5) ++ if (unlikely(fr_crc != ~crc32(~0, skb->data, fr_len))) { ++ stats = per_cpu_ptr(lport->stats, get_cpu()); ++ crc_err = (stats->InvalidCRCCount++); ++ put_cpu(); ++ if (crc_err < 5) + printk(KERN_WARNING PFX "dropping frame with " + "CRC error\n"); +- stats->InvalidCRCCount++; + kfree_skb(skb); + return; + } diff --git a/queue-4.9/series b/queue-4.9/series index 4c1498e4d0d..36be72b272a 100644 --- a/queue-4.9/series +++ b/queue-4.9/series @@ -34,3 +34,11 @@ asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw.patch asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_volsw_sx.patch asoc-ops-reject-out-of-bounds-values-in-snd_soc_put_xr_sx.patch drm-nouveau-fix-off-by-one-in-bios-boundary-checking.patch +iommu-amd-fix-loop-timeout-issue-in-iommu_ga_log_enable.patch +spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch +spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch +net-ieee802154-return-meaningful-error-codes-from-the-netlink-helpers.patch +net-macsec-verify-that-send_sci-is-on-when-setting-tx-sci-explicitly.patch +asoc-fsl-add-missing-error-handling-in-pcm030_fabric_probe.patch +scsi-bnx2fc-make-bnx2fc_recv_frame-mp-safe.patch +nfsd-nfsd4_setclientid_confirm-mistakenly-expires-confirmed-client.patch diff --git a/queue-4.9/spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch b/queue-4.9/spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch new file mode 100644 index 00000000000..0e8160dd0df --- /dev/null +++ b/queue-4.9/spi-bcm-qspi-check-for-valid-cs-before-applying-chip-select.patch @@ -0,0 +1,36 @@ +From 2cbd27267ffe020af1442b95ec57f59a157ba85c Mon Sep 17 00:00:00 2001 +From: Kamal Dasu +Date: Thu, 27 Jan 2022 13:53:59 -0500 +Subject: spi: bcm-qspi: check for valid cs before applying chip select + +From: Kamal Dasu + +commit 2cbd27267ffe020af1442b95ec57f59a157ba85c upstream. + +Apply only valid chip select value. This change fixes case where chip +select is set to initial value of '-1' during probe and PM supend and +subsequent resume can try to use the value with undefined behaviour. +Also in case where gpio based chip select, the check in +bcm_qspi_chip_select() shall prevent undefined behaviour on resume. + +Fixes: fa236a7ef240 ("spi: bcm-qspi: Add Broadcom MSPI driver") +Signed-off-by: Kamal Dasu +Acked-by: Florian Fainelli +Link: https://lore.kernel.org/r/20220127185359.27322-1-kdasu.kdev@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-bcm-qspi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-bcm-qspi.c ++++ b/drivers/spi/spi-bcm-qspi.c +@@ -546,7 +546,7 @@ static void bcm_qspi_chip_select(struct + u32 rd = 0; + u32 wr = 0; + +- if (qspi->base[CHIP_SELECT]) { ++ if (cs >= 0 && qspi->base[CHIP_SELECT]) { + rd = bcm_qspi_read(qspi, CHIP_SELECT, 0); + wr = (rd & ~0xff) | (1 << cs); + if (rd == wr) diff --git a/queue-4.9/spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch b/queue-4.9/spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch new file mode 100644 index 00000000000..24cbb9b7758 --- /dev/null +++ b/queue-4.9/spi-mediatek-avoid-null-pointer-crash-in-interrupt.patch @@ -0,0 +1,34 @@ +From f83a96e5f033fbbd21764705cb9c04234b96218e Mon Sep 17 00:00:00 2001 +From: Benjamin Gaignard +Date: Mon, 31 Jan 2022 15:17:08 +0100 +Subject: spi: mediatek: Avoid NULL pointer crash in interrupt + +From: Benjamin Gaignard + +commit f83a96e5f033fbbd21764705cb9c04234b96218e upstream. + +In some case, like after a transfer timeout, master->cur_msg pointer +is NULL which led to a kernel crash when trying to use master->cur_msg->spi. +mtk_spi_can_dma(), pointed by master->can_dma, doesn't use this parameter +avoid the problem by setting NULL as second parameter. + +Fixes: a568231f46322 ("spi: mediatek: Add spi bus for Mediatek MT8173") +Signed-off-by: Benjamin Gaignard +Link: https://lore.kernel.org/r/20220131141708.888710-1-benjamin.gaignard@collabora.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/spi/spi-mt65xx.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/spi/spi-mt65xx.c ++++ b/drivers/spi/spi-mt65xx.c +@@ -440,7 +440,7 @@ static irqreturn_t mtk_spi_interrupt(int + else + mdata->state = MTK_SPI_IDLE; + +- if (!master->can_dma(master, master->cur_msg->spi, trans)) { ++ if (!master->can_dma(master, NULL, trans)) { + if (trans->rx_buf) { + cnt = mdata->xfer_len / 4; + ioread32_rep(mdata->base + SPI_RX_DATA_REG,