From: Sasha Levin Date: Sat, 18 Jun 2022 17:07:51 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v5.4.200~67 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=65a6134532f8605542c89a5e9e38254d538eb98e;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/alsa-hda-realtek-add-hw8326-support.patch b/queue-5.4/alsa-hda-realtek-add-hw8326-support.patch new file mode 100644 index 00000000000..a0a0d4f730e --- /dev/null +++ b/queue-5.4/alsa-hda-realtek-add-hw8326-support.patch @@ -0,0 +1,152 @@ +From 737c41f3af302bb6f0e9eeec79398691fe5caaf6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Jun 2022 16:23:57 +0800 +Subject: ALSA: hda/realtek - Add HW8326 support + +From: huangwenhui + +[ Upstream commit 527f4643e03c298c1e3321cfa27866b1374a55e1 ] + +Added the support of new Huawei codec HW8326. The HW8326 is developed +by Huawei with Realtek's IP Core, and it's compatible with ALC256. + +Signed-off-by: huangwenhui +Link: https://lore.kernel.org/r/20220608082357.26898-1-huangwenhuia@uniontech.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/hda/hdac_device.c | 1 + + sound/pci/hda/patch_realtek.c | 14 ++++++++++++++ + 2 files changed, 15 insertions(+) + +diff --git a/sound/hda/hdac_device.c b/sound/hda/hdac_device.c +index b84e12f4f804..489f996d86bc 100644 +--- a/sound/hda/hdac_device.c ++++ b/sound/hda/hdac_device.c +@@ -656,6 +656,7 @@ static struct hda_vendor_id hda_vendor_ids[] = { + { 0x14f1, "Conexant" }, + { 0x17e8, "Chrontel" }, + { 0x1854, "LG" }, ++ { 0x19e5, "Huawei" }, + { 0x1aec, "Wolfson Microelectronics" }, + { 0x1af4, "QEMU" }, + { 0x434d, "C-Media" }, +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 8a221866ab01..9f55ee76861a 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -382,6 +382,7 @@ static void alc_fill_eapd_coef(struct hda_codec *codec) + case 0x10ec0245: + case 0x10ec0255: + case 0x10ec0256: ++ case 0x19e58326: + case 0x10ec0257: + case 0x10ec0282: + case 0x10ec0283: +@@ -519,6 +520,7 @@ static void alc_shutup_pins(struct hda_codec *codec) + switch (codec->core.vendor_id) { + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + case 0x10ec0283: + case 0x10ec0286: + case 0x10ec0288: +@@ -3194,6 +3196,7 @@ static void alc_disable_headset_jack_key(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_write_coef_idx(codec, 0x48, 0x0); + alc_update_coef_idx(codec, 0x49, 0x0045, 0x0); + break; +@@ -3222,6 +3225,7 @@ static void alc_enable_headset_jack_key(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_write_coef_idx(codec, 0x48, 0xd011); + alc_update_coef_idx(codec, 0x49, 0x007f, 0x0045); + break; +@@ -4684,6 +4688,7 @@ static void alc_headset_mode_unplugged(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_process_coef_fw(codec, coef0256); + break; + case 0x10ec0234: +@@ -4799,6 +4804,7 @@ static void alc_headset_mode_mic_in(struct hda_codec *codec, hda_nid_t hp_pin, + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_write_coef_idx(codec, 0x45, 0xc489); + snd_hda_set_pin_ctl_cache(codec, hp_pin, 0); + alc_process_coef_fw(codec, coef0256); +@@ -4949,6 +4955,7 @@ static void alc_headset_mode_default(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_write_coef_idx(codec, 0x1b, 0x0e4b); + alc_write_coef_idx(codec, 0x45, 0xc089); + msleep(50); +@@ -5048,6 +5055,7 @@ static void alc_headset_mode_ctia(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_process_coef_fw(codec, coef0256); + break; + case 0x10ec0234: +@@ -5162,6 +5170,7 @@ static void alc_headset_mode_omtp(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_process_coef_fw(codec, coef0256); + break; + case 0x10ec0234: +@@ -5258,6 +5267,7 @@ static void alc_determine_headset_type(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_write_coef_idx(codec, 0x1b, 0x0e4b); + alc_write_coef_idx(codec, 0x06, 0x6104); + alc_write_coefex_idx(codec, 0x57, 0x3, 0x09a3); +@@ -5552,6 +5562,7 @@ static void alc255_set_default_jack_type(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + alc_process_coef_fw(codec, alc256fw); + break; + } +@@ -6155,6 +6166,7 @@ static void alc_combo_jack_hp_jd_restart(struct hda_codec *codec) + case 0x10ec0236: + case 0x10ec0255: + case 0x10ec0256: ++ case 0x19e58326: + alc_update_coef_idx(codec, 0x1b, 0x8000, 1 << 15); /* Reset HP JD */ + alc_update_coef_idx(codec, 0x1b, 0x8000, 0 << 15); + break; +@@ -9160,6 +9172,7 @@ static int patch_alc269(struct hda_codec *codec) + case 0x10ec0230: + case 0x10ec0236: + case 0x10ec0256: ++ case 0x19e58326: + spec->codec_variant = ALC269_TYPE_ALC256; + spec->shutup = alc256_shutup; + spec->init_hook = alc256_init; +@@ -10602,6 +10615,7 @@ static const struct hda_device_id snd_hda_id_realtek[] = { + HDA_CODEC_ENTRY(0x10ec0b00, "ALCS1200A", patch_alc882), + HDA_CODEC_ENTRY(0x10ec1168, "ALC1220", patch_alc882), + HDA_CODEC_ENTRY(0x10ec1220, "ALC1220", patch_alc882), ++ HDA_CODEC_ENTRY(0x19e58326, "HW8326", patch_alc269), + {} /* terminator */ + }; + MODULE_DEVICE_TABLE(hdaudio, snd_hda_id_realtek); +-- +2.35.1 + diff --git a/queue-5.4/asoc-cs35l36-update-digital-volume-tlv.patch b/queue-5.4/asoc-cs35l36-update-digital-volume-tlv.patch new file mode 100644 index 00000000000..5375dc00a51 --- /dev/null +++ b/queue-5.4/asoc-cs35l36-update-digital-volume-tlv.patch @@ -0,0 +1,37 @@ +From 4124de3f47383470b1faa6aace6433a3cb224341 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 17:21:15 +0100 +Subject: ASoC: cs35l36: Update digital volume TLV + +From: Charles Keepax + +[ Upstream commit 5005a2345825eb8346546d99bfe669f73111b5c5 ] + +The digital volume TLV specifies the step as 0.25dB but the actual step +of the control is 0.125dB. Update the TLV to correct this. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220602162119.3393857-3-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs35l36.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/cs35l36.c b/sound/soc/codecs/cs35l36.c +index e9b5f76f27a8..aa32b8c26578 100644 +--- a/sound/soc/codecs/cs35l36.c ++++ b/sound/soc/codecs/cs35l36.c +@@ -444,7 +444,8 @@ static bool cs35l36_volatile_reg(struct device *dev, unsigned int reg) + } + } + +-static DECLARE_TLV_DB_SCALE(dig_vol_tlv, -10200, 25, 0); ++static const DECLARE_TLV_DB_RANGE(dig_vol_tlv, 0, 912, ++ TLV_DB_MINMAX_ITEM(-10200, 1200)); + static DECLARE_TLV_DB_SCALE(amp_gain_tlv, 0, 1, 1); + + static const char * const cs35l36_pcm_sftramp_text[] = { +-- +2.35.1 + diff --git a/queue-5.4/asoc-cs42l52-correct-tlv-for-bypass-volume.patch b/queue-5.4/asoc-cs42l52-correct-tlv-for-bypass-volume.patch new file mode 100644 index 00000000000..614f3505ab0 --- /dev/null +++ b/queue-5.4/asoc-cs42l52-correct-tlv-for-bypass-volume.patch @@ -0,0 +1,45 @@ +From 75965722adaa2a379c3e14f8ffcc9de8484b397f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 17:21:17 +0100 +Subject: ASoC: cs42l52: Correct TLV for Bypass Volume + +From: Charles Keepax + +[ Upstream commit 91e90c712fade0b69cdff7cc6512f6099bd18ae5 ] + +The Bypass Volume is accidentally using a -6dB minimum TLV rather than +the correct -60dB minimum. Add a new TLV to correct this. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220602162119.3393857-5-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs42l52.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/cs42l52.c b/sound/soc/codecs/cs42l52.c +index 0daa3b4c68ca..6c054b357205 100644 +--- a/sound/soc/codecs/cs42l52.c ++++ b/sound/soc/codecs/cs42l52.c +@@ -137,6 +137,8 @@ static DECLARE_TLV_DB_SCALE(mic_tlv, 1600, 100, 0); + + static DECLARE_TLV_DB_SCALE(pga_tlv, -600, 50, 0); + ++static DECLARE_TLV_DB_SCALE(pass_tlv, -6000, 50, 0); ++ + static DECLARE_TLV_DB_SCALE(mix_tlv, -5150, 50, 0); + + static DECLARE_TLV_DB_SCALE(beep_tlv, -56, 200, 0); +@@ -351,7 +353,7 @@ static const struct snd_kcontrol_new cs42l52_snd_controls[] = { + CS42L52_SPKB_VOL, 0, 0x40, 0xC0, hl_tlv), + + SOC_DOUBLE_R_SX_TLV("Bypass Volume", CS42L52_PASSTHRUA_VOL, +- CS42L52_PASSTHRUB_VOL, 0, 0x88, 0x90, pga_tlv), ++ CS42L52_PASSTHRUB_VOL, 0, 0x88, 0x90, pass_tlv), + + SOC_DOUBLE("Bypass Mute", CS42L52_MISC_CTL, 4, 5, 1, 0), + +-- +2.35.1 + diff --git a/queue-5.4/asoc-cs42l52-fix-tlv-scales-for-mixer-controls.patch b/queue-5.4/asoc-cs42l52-fix-tlv-scales-for-mixer-controls.patch new file mode 100644 index 00000000000..67aabdbafcb --- /dev/null +++ b/queue-5.4/asoc-cs42l52-fix-tlv-scales-for-mixer-controls.patch @@ -0,0 +1,45 @@ +From 88719c26b8cc6f229f13d258da985a3a1154f1e4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 17:21:14 +0100 +Subject: ASoC: cs42l52: Fix TLV scales for mixer controls + +From: Charles Keepax + +[ Upstream commit 8bf5aabf524eec61013e506f764a0b2652dc5665 ] + +The datasheet specifies the range of the mixer volumes as between +-51.5dB and 12dB with a 0.5dB step. Update the TLVs for this. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220602162119.3393857-2-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs42l52.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/cs42l52.c b/sound/soc/codecs/cs42l52.c +index 2ea4cba3be2a..0daa3b4c68ca 100644 +--- a/sound/soc/codecs/cs42l52.c ++++ b/sound/soc/codecs/cs42l52.c +@@ -137,7 +137,7 @@ static DECLARE_TLV_DB_SCALE(mic_tlv, 1600, 100, 0); + + static DECLARE_TLV_DB_SCALE(pga_tlv, -600, 50, 0); + +-static DECLARE_TLV_DB_SCALE(mix_tlv, -50, 50, 0); ++static DECLARE_TLV_DB_SCALE(mix_tlv, -5150, 50, 0); + + static DECLARE_TLV_DB_SCALE(beep_tlv, -56, 200, 0); + +@@ -364,7 +364,7 @@ static const struct snd_kcontrol_new cs42l52_snd_controls[] = { + CS42L52_ADCB_VOL, 0, 0xA0, 0x78, ipd_tlv), + SOC_DOUBLE_R_SX_TLV("ADC Mixer Volume", + CS42L52_ADCA_MIXER_VOL, CS42L52_ADCB_MIXER_VOL, +- 0, 0x19, 0x7F, ipd_tlv), ++ 0, 0x19, 0x7F, mix_tlv), + + SOC_DOUBLE("ADC Switch", CS42L52_ADC_MISC_CTL, 0, 1, 1, 0), + +-- +2.35.1 + diff --git a/queue-5.4/asoc-cs42l56-correct-typo-in-minimum-level-for-sx-vo.patch b/queue-5.4/asoc-cs42l56-correct-typo-in-minimum-level-for-sx-vo.patch new file mode 100644 index 00000000000..e72b4653fba --- /dev/null +++ b/queue-5.4/asoc-cs42l56-correct-typo-in-minimum-level-for-sx-vo.patch @@ -0,0 +1,41 @@ +From 1e791c59efd6f931f04cdfcb138375a36e0a3da4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 17:21:18 +0100 +Subject: ASoC: cs42l56: Correct typo in minimum level for SX volume controls + +From: Charles Keepax + +[ Upstream commit a8928ada9b96944cadd8b65d191e33199fd38782 ] + +A couple of the SX volume controls specify 0x84 as the lowest volume +value, however the correct value from the datasheet is 0x44. The +datasheet don't include spaces in the value it displays as binary so +this was almost certainly just a typo reading 1000100. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220602162119.3393857-6-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs42l56.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/cs42l56.c b/sound/soc/codecs/cs42l56.c +index 51d7a87ab4c3..8be7d83f0ce9 100644 +--- a/sound/soc/codecs/cs42l56.c ++++ b/sound/soc/codecs/cs42l56.c +@@ -391,9 +391,9 @@ static const struct snd_kcontrol_new cs42l56_snd_controls[] = { + SOC_DOUBLE("ADC Boost Switch", CS42L56_GAIN_BIAS_CTL, 3, 2, 1, 1), + + SOC_DOUBLE_R_SX_TLV("Headphone Volume", CS42L56_HPA_VOLUME, +- CS42L56_HPB_VOLUME, 0, 0x84, 0x48, hl_tlv), ++ CS42L56_HPB_VOLUME, 0, 0x44, 0x48, hl_tlv), + SOC_DOUBLE_R_SX_TLV("LineOut Volume", CS42L56_LOA_VOLUME, +- CS42L56_LOB_VOLUME, 0, 0x84, 0x48, hl_tlv), ++ CS42L56_LOB_VOLUME, 0, 0x44, 0x48, hl_tlv), + + SOC_SINGLE_TLV("Bass Shelving Volume", CS42L56_TONE_CTL, + 0, 0x00, 1, tone_tlv), +-- +2.35.1 + diff --git a/queue-5.4/asoc-cs53l30-correct-number-of-volume-levels-on-sx-c.patch b/queue-5.4/asoc-cs53l30-correct-number-of-volume-levels-on-sx-c.patch new file mode 100644 index 00000000000..eb266227e0d --- /dev/null +++ b/queue-5.4/asoc-cs53l30-correct-number-of-volume-levels-on-sx-c.patch @@ -0,0 +1,59 @@ +From 0e838701b35c2ef62d8d0b2589e253ef874c8d97 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 17:21:16 +0100 +Subject: ASoC: cs53l30: Correct number of volume levels on SX controls + +From: Charles Keepax + +[ Upstream commit 7fbd6dd68127927e844912a16741016d432a0737 ] + +This driver specified the maximum value rather than the number of volume +levels on the SX controls, this is incorrect, so correct them. + +Reported-by: David Rhodes +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220602162119.3393857-4-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/cs53l30.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/sound/soc/codecs/cs53l30.c b/sound/soc/codecs/cs53l30.c +index ed22361b35c1..a5a383b92305 100644 +--- a/sound/soc/codecs/cs53l30.c ++++ b/sound/soc/codecs/cs53l30.c +@@ -347,22 +347,22 @@ static const struct snd_kcontrol_new cs53l30_snd_controls[] = { + SOC_ENUM("ADC2 NG Delay", adc2_ng_delay_enum), + + SOC_SINGLE_SX_TLV("ADC1A PGA Volume", +- CS53L30_ADC1A_AFE_CTL, 0, 0x34, 0x18, pga_tlv), ++ CS53L30_ADC1A_AFE_CTL, 0, 0x34, 0x24, pga_tlv), + SOC_SINGLE_SX_TLV("ADC1B PGA Volume", +- CS53L30_ADC1B_AFE_CTL, 0, 0x34, 0x18, pga_tlv), ++ CS53L30_ADC1B_AFE_CTL, 0, 0x34, 0x24, pga_tlv), + SOC_SINGLE_SX_TLV("ADC2A PGA Volume", +- CS53L30_ADC2A_AFE_CTL, 0, 0x34, 0x18, pga_tlv), ++ CS53L30_ADC2A_AFE_CTL, 0, 0x34, 0x24, pga_tlv), + SOC_SINGLE_SX_TLV("ADC2B PGA Volume", +- CS53L30_ADC2B_AFE_CTL, 0, 0x34, 0x18, pga_tlv), ++ CS53L30_ADC2B_AFE_CTL, 0, 0x34, 0x24, pga_tlv), + + SOC_SINGLE_SX_TLV("ADC1A Digital Volume", +- CS53L30_ADC1A_DIG_VOL, 0, 0xA0, 0x0C, dig_tlv), ++ CS53L30_ADC1A_DIG_VOL, 0, 0xA0, 0x6C, dig_tlv), + SOC_SINGLE_SX_TLV("ADC1B Digital Volume", +- CS53L30_ADC1B_DIG_VOL, 0, 0xA0, 0x0C, dig_tlv), ++ CS53L30_ADC1B_DIG_VOL, 0, 0xA0, 0x6C, dig_tlv), + SOC_SINGLE_SX_TLV("ADC2A Digital Volume", +- CS53L30_ADC2A_DIG_VOL, 0, 0xA0, 0x0C, dig_tlv), ++ CS53L30_ADC2A_DIG_VOL, 0, 0xA0, 0x6C, dig_tlv), + SOC_SINGLE_SX_TLV("ADC2B Digital Volume", +- CS53L30_ADC2B_DIG_VOL, 0, 0xA0, 0x0C, dig_tlv), ++ CS53L30_ADC2B_DIG_VOL, 0, 0xA0, 0x6C, dig_tlv), + }; + + static const struct snd_soc_dapm_widget cs53l30_dapm_widgets[] = { +-- +2.35.1 + diff --git a/queue-5.4/asoc-es8328-fix-event-generation-for-deemphasis-cont.patch b/queue-5.4/asoc-es8328-fix-event-generation-for-deemphasis-cont.patch new file mode 100644 index 00000000000..e794359cae6 --- /dev/null +++ b/queue-5.4/asoc-es8328-fix-event-generation-for-deemphasis-cont.patch @@ -0,0 +1,47 @@ +From 3604c0420fa1af114458a3fdb5d5adaf81337620 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jun 2022 14:39:37 +0200 +Subject: ASoC: es8328: Fix event generation for deemphasis control + +From: Mark Brown + +[ Upstream commit 8259610c2ec01c5cbfb61882ae176aabacac9c19 ] + +Currently the put() method for the deemphasis control returns 0 when a new +value is written to the control even if the value changed, meaning events +are not generated. Fix this, skip the work of updating the value when it is +unchanged and then return 1 after having done so. + +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20220603123937.4013603-1-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/es8328.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/es8328.c b/sound/soc/codecs/es8328.c +index fdf64c29f563..4117ab6e9b6f 100644 +--- a/sound/soc/codecs/es8328.c ++++ b/sound/soc/codecs/es8328.c +@@ -161,13 +161,16 @@ static int es8328_put_deemph(struct snd_kcontrol *kcontrol, + if (deemph > 1) + return -EINVAL; + ++ if (es8328->deemph == deemph) ++ return 0; ++ + ret = es8328_set_deemph(component); + if (ret < 0) + return ret; + + es8328->deemph = deemph; + +- return 0; ++ return 1; + } + + +-- +2.35.1 + diff --git a/queue-5.4/asoc-nau8822-add-operation-for-internal-pll-off-and-.patch b/queue-5.4/asoc-nau8822-add-operation-for-internal-pll-off-and-.patch new file mode 100644 index 00000000000..9ccb077a8eb --- /dev/null +++ b/queue-5.4/asoc-nau8822-add-operation-for-internal-pll-off-and-.patch @@ -0,0 +1,72 @@ +From 0c9dbcba292a280343d0037bf6c149e6453fe990 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 May 2022 12:01:50 +0800 +Subject: ASoC: nau8822: Add operation for internal PLL off and on + +From: Hui Wang + +[ Upstream commit aeca8a3295022bcec46697f16e098140423d8463 ] + +We tried to enable the audio on an imx6sx EVB with the codec nau8822, +after setting the internal PLL fractional parameters, the audio still +couldn't work and the there was no sdma irq at all. + +After checking with the section "8.1.1 Phase Locked Loop (PLL) Design +Example" of "NAU88C22 Datasheet Rev 0.6", we found we need to +turn off the PLL before programming fractional parameters and turn on +the PLL after programming. + +After this change, the audio driver could record and play sound and +the sdma's irq is triggered when playing or recording. + +Cc: David Lin +Cc: John Hsu +Cc: Seven Li +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20220530040151.95221-2-hui.wang@canonical.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/nau8822.c | 4 ++++ + sound/soc/codecs/nau8822.h | 3 +++ + 2 files changed, 7 insertions(+) + +diff --git a/sound/soc/codecs/nau8822.c b/sound/soc/codecs/nau8822.c +index 78db3bd0b3bc..cd163978792e 100644 +--- a/sound/soc/codecs/nau8822.c ++++ b/sound/soc/codecs/nau8822.c +@@ -740,6 +740,8 @@ static int nau8822_set_pll(struct snd_soc_dai *dai, int pll_id, int source, + pll_param->pll_int, pll_param->pll_frac, + pll_param->mclk_scaler, pll_param->pre_factor); + ++ snd_soc_component_update_bits(component, ++ NAU8822_REG_POWER_MANAGEMENT_1, NAU8822_PLL_EN_MASK, NAU8822_PLL_OFF); + snd_soc_component_update_bits(component, + NAU8822_REG_PLL_N, NAU8822_PLLMCLK_DIV2 | NAU8822_PLLN_MASK, + (pll_param->pre_factor ? NAU8822_PLLMCLK_DIV2 : 0) | +@@ -757,6 +759,8 @@ static int nau8822_set_pll(struct snd_soc_dai *dai, int pll_id, int source, + pll_param->mclk_scaler << NAU8822_MCLKSEL_SFT); + snd_soc_component_update_bits(component, + NAU8822_REG_CLOCKING, NAU8822_CLKM_MASK, NAU8822_CLKM_PLL); ++ snd_soc_component_update_bits(component, ++ NAU8822_REG_POWER_MANAGEMENT_1, NAU8822_PLL_EN_MASK, NAU8822_PLL_ON); + + return 0; + } +diff --git a/sound/soc/codecs/nau8822.h b/sound/soc/codecs/nau8822.h +index 489191ff187e..b45d42c15de6 100644 +--- a/sound/soc/codecs/nau8822.h ++++ b/sound/soc/codecs/nau8822.h +@@ -90,6 +90,9 @@ + #define NAU8822_REFIMP_3K 0x3 + #define NAU8822_IOBUF_EN (0x1 << 2) + #define NAU8822_ABIAS_EN (0x1 << 3) ++#define NAU8822_PLL_EN_MASK (0x1 << 5) ++#define NAU8822_PLL_ON (0x1 << 5) ++#define NAU8822_PLL_OFF (0x0 << 5) + + /* NAU8822_REG_AUDIO_INTERFACE (0x4) */ + #define NAU8822_AIFMT_MASK (0x3 << 3) +-- +2.35.1 + diff --git a/queue-5.4/asoc-wm8962-fix-suspend-while-playing-music.patch b/queue-5.4/asoc-wm8962-fix-suspend-while-playing-music.patch new file mode 100644 index 00000000000..7076080649d --- /dev/null +++ b/queue-5.4/asoc-wm8962-fix-suspend-while-playing-music.patch @@ -0,0 +1,42 @@ +From c24554c0d7b3282adeb9450ddc806744eeee3c56 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 May 2022 13:21:28 -0500 +Subject: ASoC: wm8962: Fix suspend while playing music + +From: Adam Ford + +[ Upstream commit d1f5272c0f7d2e53c6f2480f46725442776f5f78 ] + +If the audio CODEC is playing sound when the system is suspended, +it can be left in a state which throws the following error: + +wm8962 3-001a: ASoC: error at soc_component_read_no_lock on wm8962.3-001a: -16 + +Once this error has occurred, the audio will not work again until rebooted. + +Fix this by configuring SET_SYSTEM_SLEEP_PM_OPS. + +Signed-off-by: Adam Ford +Acked-by: Charles Keepax +Link: https://lore.kernel.org/r/20220526182129.538472-1-aford173@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/wm8962.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/soc/codecs/wm8962.c b/sound/soc/codecs/wm8962.c +index d9d59f45833f..ebaee468057b 100644 +--- a/sound/soc/codecs/wm8962.c ++++ b/sound/soc/codecs/wm8962.c +@@ -3854,6 +3854,7 @@ static int wm8962_runtime_suspend(struct device *dev) + #endif + + static const struct dev_pm_ops wm8962_pm = { ++ SET_SYSTEM_SLEEP_PM_OPS(pm_runtime_force_suspend, pm_runtime_force_resume) + SET_RUNTIME_PM_OPS(wm8962_runtime_suspend, wm8962_runtime_resume, NULL) + }; + +-- +2.35.1 + diff --git a/queue-5.4/asoc-wm_adsp-fix-event-generation-for-wm_adsp_fw_put.patch b/queue-5.4/asoc-wm_adsp-fix-event-generation-for-wm_adsp_fw_put.patch new file mode 100644 index 00000000000..b185b2d16b2 --- /dev/null +++ b/queue-5.4/asoc-wm_adsp-fix-event-generation-for-wm_adsp_fw_put.patch @@ -0,0 +1,39 @@ +From 8ffcb24bf09046208b5c9ecf9426ec409238b99b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jun 2022 13:50:03 +0200 +Subject: ASoC: wm_adsp: Fix event generation for wm_adsp_fw_put() + +From: Mark Brown + +[ Upstream commit 2abdf9f80019e8244d3806ed0e1c9f725e50b452 ] + +Currently wm_adsp_fw_put() returns 0 rather than 1 when updating the value +of the control, meaning that no event is generated to userspace. Fix this +by setting the default return value to 1, the code already exits early with +a return value of 0 if the value is unchanged. + +Signed-off-by: Mark Brown +Reviewed-by: Richard Fitzgerald +Link: https://lore.kernel.org/r/20220603115003.3865834-1-broonie@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/wm_adsp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/wm_adsp.c b/sound/soc/codecs/wm_adsp.c +index 13672928da99..aedfa6b2895b 100644 +--- a/sound/soc/codecs/wm_adsp.c ++++ b/sound/soc/codecs/wm_adsp.c +@@ -791,7 +791,7 @@ int wm_adsp_fw_put(struct snd_kcontrol *kcontrol, + struct snd_soc_component *component = snd_soc_kcontrol_component(kcontrol); + struct soc_enum *e = (struct soc_enum *)kcontrol->private_value; + struct wm_adsp *dsp = snd_soc_component_get_drvdata(component); +- int ret = 0; ++ int ret = 1; + + if (ucontrol->value.enumerated.item[0] == dsp[e->shift_l].fw) + return 0; +-- +2.35.1 + diff --git a/queue-5.4/ata-libata-core-fix-null-pointer-deref-in-ata_host_a.patch b/queue-5.4/ata-libata-core-fix-null-pointer-deref-in-ata_host_a.patch new file mode 100644 index 00000000000..cdb53614d1b --- /dev/null +++ b/queue-5.4/ata-libata-core-fix-null-pointer-deref-in-ata_host_a.patch @@ -0,0 +1,50 @@ +From 43597ba39b9c364518107efd9867e96de7bce31f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 21 May 2022 23:34:10 +0300 +Subject: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() + +From: Sergey Shtylyov + +[ Upstream commit bf476fe22aa1851bab4728e0c49025a6a0bea307 ] + +In an unlikely (and probably wrong?) case that the 'ppi' parameter of +ata_host_alloc_pinfo() points to an array starting with a NULL pointer, +there's going to be a kernel oops as the 'pi' local variable won't get +reassigned from the initial value of NULL. Initialize 'pi' instead to +'&ata_dummy_port_info' to fix the possible kernel oops for good... + +Found by Linux Verification Center (linuxtesting.org) with the SVACE static +analysis tool. + +Signed-off-by: Sergey Shtylyov +Signed-off-by: Damien Le Moal +Signed-off-by: Sasha Levin +--- + drivers/ata/libata-core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c +index af8a1bac9345..fc37e075f3e1 100644 +--- a/drivers/ata/libata-core.c ++++ b/drivers/ata/libata-core.c +@@ -6235,7 +6235,7 @@ struct ata_host *ata_host_alloc_pinfo(struct device *dev, + const struct ata_port_info * const * ppi, + int n_ports) + { +- const struct ata_port_info *pi; ++ const struct ata_port_info *pi = &ata_dummy_port_info; + struct ata_host *host; + int i, j; + +@@ -6243,7 +6243,7 @@ struct ata_host *ata_host_alloc_pinfo(struct device *dev, + if (!host) + return NULL; + +- for (i = 0, j = 0, pi = NULL; i < host->n_ports; i++) { ++ for (i = 0, j = 0; i < host->n_ports; i++) { + struct ata_port *ap = host->ports[i]; + + if (ppi[j]) +-- +2.35.1 + diff --git a/queue-5.4/dma-debug-make-things-less-spammy-under-memory-press.patch b/queue-5.4/dma-debug-make-things-less-spammy-under-memory-press.patch new file mode 100644 index 00000000000..aed46fe0ae4 --- /dev/null +++ b/queue-5.4/dma-debug-make-things-less-spammy-under-memory-press.patch @@ -0,0 +1,38 @@ +From eb9fe2d5a1667f925e05c8e889e4f2c08b1c197a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 07:51:16 -0700 +Subject: dma-debug: make things less spammy under memory pressure + +From: Rob Clark + +[ Upstream commit e19f8fa6ce1ca9b8b934ba7d2e8f34c95abc6e60 ] + +Limit the error msg to avoid flooding the console. If you have a lot of +threads hitting this at once, they could have already gotten passed the +dma_debug_disabled() check before they get to the point of allocation +failure, resulting in quite a lot of this error message spamming the +log. Use pr_err_once() to limit that. + +Signed-off-by: Rob Clark +Signed-off-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + kernel/dma/debug.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/dma/debug.c b/kernel/dma/debug.c +index 1c133f610f59..9a4837b68e18 100644 +--- a/kernel/dma/debug.c ++++ b/kernel/dma/debug.c +@@ -616,7 +616,7 @@ static void add_dma_entry(struct dma_debug_entry *entry) + + rc = active_cacheline_insert(entry); + if (rc == -ENOMEM) { +- pr_err("cacheline tracking ENOMEM, dma-debug disabled\n"); ++ pr_err_once("cacheline tracking ENOMEM, dma-debug disabled\n"); + global_disable = true; + } + +-- +2.35.1 + diff --git a/queue-5.4/ipv6-fix-signed-integer-overflow-in-l2tp_ip6_sendmsg.patch b/queue-5.4/ipv6-fix-signed-integer-overflow-in-l2tp_ip6_sendmsg.patch new file mode 100644 index 00000000000..1c17361f9a4 --- /dev/null +++ b/queue-5.4/ipv6-fix-signed-integer-overflow-in-l2tp_ip6_sendmsg.patch @@ -0,0 +1,46 @@ +From 92bdece18fde9fd37f070104ed1be19c2484863f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jun 2022 20:00:28 +0800 +Subject: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg + +From: Wang Yufen + +[ Upstream commit f638a84afef3dfe10554c51820c16e39a278c915 ] + +When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be +overflow. To fix, we can follow what udpv6 does and subtract the +transhdrlen from the max. + +Signed-off-by: Wang Yufen +Link: https://lore.kernel.org/r/20220607120028.845916-2-wangyufen@huawei.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/l2tp/l2tp_ip6.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c +index 0fa694bd3f6a..23e9ce985ed6 100644 +--- a/net/l2tp/l2tp_ip6.c ++++ b/net/l2tp/l2tp_ip6.c +@@ -515,14 +515,15 @@ static int l2tp_ip6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) + struct ipcm6_cookie ipc6; + int addr_len = msg->msg_namelen; + int transhdrlen = 4; /* zero session-id */ +- int ulen = len + transhdrlen; ++ int ulen; + int err; + + /* Rough check on arithmetic overflow, + better check is made in ip6_append_data(). + */ +- if (len > INT_MAX) ++ if (len > INT_MAX - transhdrlen) + return -EMSGSIZE; ++ ulen = len + transhdrlen; + + /* Mirror BSD error message compatibility */ + if (msg->msg_flags & MSG_OOB) +-- +2.35.1 + diff --git a/queue-5.4/net-ethernet-mtk_eth_soc-fix-misuse-of-mem-alloc-int.patch b/queue-5.4/net-ethernet-mtk_eth_soc-fix-misuse-of-mem-alloc-int.patch new file mode 100644 index 00000000000..7241725a7e8 --- /dev/null +++ b/queue-5.4/net-ethernet-mtk_eth_soc-fix-misuse-of-mem-alloc-int.patch @@ -0,0 +1,74 @@ +From b186c137bfaac2e9f8041372d444f4af710a5f87 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Jun 2022 20:46:53 +0800 +Subject: net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface + netdev[napi]_alloc_frag + +From: Chen Lin + +[ Upstream commit 2f2c0d2919a14002760f89f4e02960c735a316d2 ] + +When rx_flag == MTK_RX_FLAGS_HWLRO, +rx_data_len = MTK_MAX_LRO_RX_LENGTH(4096 * 3) > PAGE_SIZE. +netdev_alloc_frag is for alloction of page fragment only. +Reference to other drivers and Documentation/vm/page_frags.rst + +Branch to use __get_free_pages when ring->frag_size > PAGE_SIZE. + +Signed-off-by: Chen Lin +Link: https://lore.kernel.org/r/1654692413-2598-1-git-send-email-chen45464546@163.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mediatek/mtk_eth_soc.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/mediatek/mtk_eth_soc.c b/drivers/net/ethernet/mediatek/mtk_eth_soc.c +index 5dce4cd60f58..f9139150a8a2 100644 +--- a/drivers/net/ethernet/mediatek/mtk_eth_soc.c ++++ b/drivers/net/ethernet/mediatek/mtk_eth_soc.c +@@ -802,6 +802,17 @@ static inline void mtk_rx_get_desc(struct mtk_rx_dma *rxd, + rxd->rxd4 = READ_ONCE(dma_rxd->rxd4); + } + ++static void *mtk_max_lro_buf_alloc(gfp_t gfp_mask) ++{ ++ unsigned int size = mtk_max_frag_size(MTK_MAX_LRO_RX_LENGTH); ++ unsigned long data; ++ ++ data = __get_free_pages(gfp_mask | __GFP_COMP | __GFP_NOWARN, ++ get_order(size)); ++ ++ return (void *)data; ++} ++ + /* the qdma core needs scratch memory to be setup */ + static int mtk_init_fq_dma(struct mtk_eth *eth) + { +@@ -1299,7 +1310,10 @@ static int mtk_poll_rx(struct napi_struct *napi, int budget, + goto release_desc; + + /* alloc new buffer */ +- new_data = napi_alloc_frag(ring->frag_size); ++ if (ring->frag_size <= PAGE_SIZE) ++ new_data = napi_alloc_frag(ring->frag_size); ++ else ++ new_data = mtk_max_lro_buf_alloc(GFP_ATOMIC); + if (unlikely(!new_data)) { + netdev->stats.rx_dropped++; + goto release_desc; +@@ -1696,7 +1710,10 @@ static int mtk_rx_alloc(struct mtk_eth *eth, int ring_no, int rx_flag) + return -ENOMEM; + + for (i = 0; i < rx_dma_size; i++) { +- ring->data[i] = netdev_alloc_frag(ring->frag_size); ++ if (ring->frag_size <= PAGE_SIZE) ++ ring->data[i] = netdev_alloc_frag(ring->frag_size); ++ else ++ ring->data[i] = mtk_max_lro_buf_alloc(GFP_KERNEL); + if (!ring->data[i]) + return -ENOMEM; + } +-- +2.35.1 + diff --git a/queue-5.4/netfs-gcc-12-temporarily-disable-wattribute-warning-.patch b/queue-5.4/netfs-gcc-12-temporarily-disable-wattribute-warning-.patch new file mode 100644 index 00000000000..e078cf547bf --- /dev/null +++ b/queue-5.4/netfs-gcc-12-temporarily-disable-wattribute-warning-.patch @@ -0,0 +1,110 @@ +From cbb3c5b4b3c63115b75577e6bee6ea3e88aa1053 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Jun 2022 11:29:36 -0700 +Subject: netfs: gcc-12: temporarily disable '-Wattribute-warning' for now +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Linus Torvalds + +[ Upstream commit 507160f46c55913955d272ebf559d63809a8e560 ] + +This is a pure band-aid so that I can continue merging stuff from people +while some of the gcc-12 fallout gets sorted out. + +In particular, gcc-12 is very unhappy about the kinds of pointer +arithmetic tricks that netfs does, and that makes the fortify checks +trigger in afs and ceph: + + In function ‘fortify_memset_chk’, + inlined from ‘netfs_i_context_init’ at include/linux/netfs.h:327:2, + inlined from ‘afs_set_netfs_context’ at fs/afs/inode.c:61:2, + inlined from ‘afs_root_iget’ at fs/afs/inode.c:543:2: + include/linux/fortify-string.h:258:25: warning: call to ‘__write_overflow_field’ declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wattribute-warning] + 258 | __write_overflow_field(p_size_field, size); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +and the reason is that netfs_i_context_init() is passed a 'struct inode' +pointer, and then it does + + struct netfs_i_context *ctx = netfs_i_context(inode); + + memset(ctx, 0, sizeof(*ctx)); + +where that netfs_i_context() function just does pointer arithmetic on +the inode pointer, knowing that the netfs_i_context is laid out +immediately after it in memory. + +This is all truly disgusting, since the whole "netfs_i_context is laid +out immediately after it in memory" is not actually remotely true in +general, but is just made to be that way for afs and ceph. + +See for example fs/cifs/cifsglob.h: + + struct cifsInodeInfo { + struct { + /* These must be contiguous */ + struct inode vfs_inode; /* the VFS's inode record */ + struct netfs_i_context netfs_ctx; /* Netfslib context */ + }; + [...] + +and realize that this is all entirely wrong, and the pointer arithmetic +that netfs_i_context() is doing is also very very wrong and wouldn't +give the right answer if netfs_ctx had different alignment rules from a +'struct inode', for example). + +Anyway, that's just a long-winded way to say "the gcc-12 warning is +actually quite reasonable, and our code happens to work but is pretty +disgusting". + +This is getting fixed properly, but for now I made the mistake of +thinking "the week right after the merge window tends to be calm for me +as people take a breather" and I did a sustem upgrade. And I got gcc-12 +as a result, so to continue merging fixes from people and not have the +end result drown in warnings, I am fixing all these gcc-12 issues I hit. + +Including with these kinds of temporary fixes. + +Cc: Kees Cook +Cc: David Howells +Link: https://lore.kernel.org/all/AEEBCF5D-8402-441D-940B-105AA718C71F@chromium.org/ +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + fs/afs/inode.c | 3 +++ + fs/ceph/inode.c | 3 +++ + 2 files changed, 6 insertions(+) + +diff --git a/fs/afs/inode.c b/fs/afs/inode.c +index 90eac3ec01cb..243ba4e0ab1f 100644 +--- a/fs/afs/inode.c ++++ b/fs/afs/inode.c +@@ -25,6 +25,9 @@ + #include "internal.h" + #include "afs_fs.h" + ++// Temporary: netfs does disgusting things with inode pointers ++#pragma GCC diagnostic ignored "-Wattribute-warning" ++ + static const struct inode_operations afs_symlink_inode_operations = { + .get_link = page_get_link, + }; +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index af85a7237604..d7e0f7cd3768 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -20,6 +20,9 @@ + #include "cache.h" + #include + ++// Temporary: netfs does disgusting things with inode pointers ++#pragma GCC diagnostic ignored "-Wattribute-warning" ++ + /* + * Ceph inode operations + * +-- +2.35.1 + diff --git a/queue-5.4/nfc-nfcmrvl-fix-memory-leak-in-nfcmrvl_play_deferred.patch b/queue-5.4/nfc-nfcmrvl-fix-memory-leak-in-nfcmrvl_play_deferred.patch new file mode 100644 index 00000000000..4a218117c86 --- /dev/null +++ b/queue-5.4/nfc-nfcmrvl-fix-memory-leak-in-nfcmrvl_play_deferred.patch @@ -0,0 +1,66 @@ +From 54f4619d35d93885530de931751e9b850e8e9912 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jun 2022 16:32:30 +0800 +Subject: nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred + +From: Xiaohui Zhang + +[ Upstream commit 8a4d480702b71184fabcf379b80bf7539716752e ] + +Similar to the handling of play_deferred in commit 19cfe912c37b +("Bluetooth: btusb: Fix memory leak in play_deferred"), we thought +a patch might be needed here as well. + +Currently usb_submit_urb is called directly to submit deferred tx +urbs after unanchor them. + +So the usb_giveback_urb_bh would failed to unref it in usb_unanchor_urb +and cause memory leak. + +Put those urbs in tx_anchor to avoid the leak, and also fix the error +handling. + +Signed-off-by: Xiaohui Zhang +Acked-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20220607083230.6182-1-xiaohuizhang@ruc.edu.cn +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/nfc/nfcmrvl/usb.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/drivers/nfc/nfcmrvl/usb.c b/drivers/nfc/nfcmrvl/usb.c +index 888e298f610b..f26986eb53f1 100644 +--- a/drivers/nfc/nfcmrvl/usb.c ++++ b/drivers/nfc/nfcmrvl/usb.c +@@ -401,13 +401,25 @@ static void nfcmrvl_play_deferred(struct nfcmrvl_usb_drv_data *drv_data) + int err; + + while ((urb = usb_get_from_anchor(&drv_data->deferred))) { ++ usb_anchor_urb(urb, &drv_data->tx_anchor); ++ + err = usb_submit_urb(urb, GFP_ATOMIC); +- if (err) ++ if (err) { ++ kfree(urb->setup_packet); ++ usb_unanchor_urb(urb); ++ usb_free_urb(urb); + break; ++ } + + drv_data->tx_in_flight++; ++ usb_free_urb(urb); ++ } ++ ++ /* Cleanup the rest deferred urbs. */ ++ while ((urb = usb_get_from_anchor(&drv_data->deferred))) { ++ kfree(urb->setup_packet); ++ usb_free_urb(urb); + } +- usb_scuttle_anchored_urbs(&drv_data->deferred); + } + + static int nfcmrvl_resume(struct usb_interface *intf) +-- +2.35.1 + diff --git a/queue-5.4/powerpc-kasan-silence-kasan-warnings-in-__get_wchan.patch b/queue-5.4/powerpc-kasan-silence-kasan-warnings-in-__get_wchan.patch new file mode 100644 index 00000000000..39fee8ed9e6 --- /dev/null +++ b/queue-5.4/powerpc-kasan-silence-kasan-warnings-in-__get_wchan.patch @@ -0,0 +1,91 @@ +From f84b933b1e912c78a69fdec785a5249d0607c0ca Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Jan 2022 20:44:18 -0500 +Subject: powerpc/kasan: Silence KASAN warnings in __get_wchan() + +From: He Ying + +[ Upstream commit a1b29ba2f2c171b9bea73be993bfdf0a62d37d15 ] + +The following KASAN warning was reported in our kernel. + + BUG: KASAN: stack-out-of-bounds in get_wchan+0x188/0x250 + Read of size 4 at addr d216f958 by task ps/14437 + + CPU: 3 PID: 14437 Comm: ps Tainted: G O 5.10.0 #1 + Call Trace: + [daa63858] [c0654348] dump_stack+0x9c/0xe4 (unreliable) + [daa63888] [c035cf0c] print_address_description.constprop.3+0x8c/0x570 + [daa63908] [c035d6bc] kasan_report+0x1ac/0x218 + [daa63948] [c00496e8] get_wchan+0x188/0x250 + [daa63978] [c0461ec8] do_task_stat+0xce8/0xe60 + [daa63b98] [c0455ac8] proc_single_show+0x98/0x170 + [daa63bc8] [c03cab8c] seq_read_iter+0x1ec/0x900 + [daa63c38] [c03cb47c] seq_read+0x1dc/0x290 + [daa63d68] [c037fc94] vfs_read+0x164/0x510 + [daa63ea8] [c03808e4] ksys_read+0x144/0x1d0 + [daa63f38] [c005b1dc] ret_from_syscall+0x0/0x38 + --- interrupt: c00 at 0x8fa8f4 + LR = 0x8fa8cc + + The buggy address belongs to the page: + page:98ebcdd2 refcount:0 mapcount:0 mapping:00000000 index:0x2 pfn:0x1216f + flags: 0x0() + raw: 00000000 00000000 01010122 00000000 00000002 00000000 ffffffff 00000000 + raw: 00000000 + page dumped because: kasan: bad access detected + + Memory state around the buggy address: + d216f800: 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00 00 00 00 + d216f880: f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + >d216f900: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 + ^ + d216f980: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 00 00 00 00 + d216fa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 + +After looking into this issue, I find the buggy address belongs +to the task stack region. It seems KASAN has something wrong. +I look into the code of __get_wchan in x86 architecture and +find the same issue has been resolved by the commit +f7d27c35ddff ("x86/mm, kasan: Silence KASAN warnings in get_wchan()"). +The solution could be applied to powerpc architecture too. + +As Andrey Ryabinin said, get_wchan() is racy by design, it may +access volatile stack of running task, thus it may access +redzone in a stack frame and cause KASAN to warn about this. + +Use READ_ONCE_NOCHECK() to silence these warnings. + +Reported-by: Wanming Hu +Signed-off-by: He Ying +Signed-off-by: Chen Jingwen +Reviewed-by: Kees Cook +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220121014418.155675-1-heying24@huawei.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/process.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c +index c94bba9142e7..832663f21422 100644 +--- a/arch/powerpc/kernel/process.c ++++ b/arch/powerpc/kernel/process.c +@@ -2001,12 +2001,12 @@ static unsigned long __get_wchan(struct task_struct *p) + return 0; + + do { +- sp = *(unsigned long *)sp; ++ sp = READ_ONCE_NOCHECK(*(unsigned long *)sp); + if (!validate_sp(sp, p, STACK_FRAME_OVERHEAD) || + p->state == TASK_RUNNING) + return 0; + if (count > 0) { +- ip = ((unsigned long *)sp)[STACK_FRAME_LR_SAVE]; ++ ip = READ_ONCE_NOCHECK(((unsigned long *)sp)[STACK_FRAME_LR_SAVE]); + if (!in_sched_functions(ip)) + return ip; + } +-- +2.35.1 + diff --git a/queue-5.4/random-credit-cpu-and-bootloader-seeds-by-default.patch b/queue-5.4/random-credit-cpu-and-bootloader-seeds-by-default.patch new file mode 100644 index 00000000000..ed1eb2c9c70 --- /dev/null +++ b/queue-5.4/random-credit-cpu-and-bootloader-seeds-by-default.patch @@ -0,0 +1,203 @@ +From f39ebcd3c0966d2be996f335e68808d024a09706 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jun 2022 22:07:01 -0400 +Subject: random: credit cpu and bootloader seeds by default + +From: Jason A. Donenfeld + +[ Upstream commit 846bb97e131d7938847963cca00657c995b1fce1 ] + +This commit changes the default Kconfig values of RANDOM_TRUST_CPU and +RANDOM_TRUST_BOOTLOADER to be Y by default. It does not change any +existing configs or change any kernel behavior. The reason for this is +several fold. + +As background, I recently had an email thread with the kernel +maintainers of Fedora/RHEL, Debian, Ubuntu, Gentoo, Arch, NixOS, Alpine, +SUSE, and Void as recipients. I noted that some distros trust RDRAND, +some trust EFI, and some trust both, and I asked why or why not. There +wasn't really much of a "debate" but rather an interesting discussion of +what the historical reasons have been for this, and it came up that some +distros just missed the introduction of the bootloader Kconfig knob, +while another didn't want to enable it until there was a boot time +switch to turn it off for more concerned users (which has since been +added). The result of the rather uneventful discussion is that every +major Linux distro enables these two options by default. + +While I didn't have really too strong of an opinion going into this +thread -- and I mostly wanted to learn what the distros' thinking was +one way or another -- ultimately I think their choice was a decent +enough one for a default option (which can be disabled at boot time). +I'll try to summarize the pros and cons: + +Pros: + +- The RNG machinery gets initialized super quickly, and there's no + messing around with subsequent blocking behavior. + +- The bootloader mechanism is used by kexec in order for the prior + kernel to initialize the RNG of the next kernel, which increases + the entropy available to early boot daemons of the next kernel. + +- Previous objections related to backdoors centered around + Dual_EC_DRBG-like kleptographic systems, in which observing some + amount of the output stream enables an adversary holding the right key + to determine the entire output stream. + + This used to be a partially justified concern, because RDRAND output + was mixed into the output stream in varying ways, some of which may + have lacked pre-image resistance (e.g. XOR or an LFSR). + + But this is no longer the case. Now, all usage of RDRAND and + bootloader seeds go through a cryptographic hash function. This means + that the CPU would have to compute a hash pre-image, which is not + considered to be feasible (otherwise the hash function would be + terribly broken). + +- More generally, if the CPU is backdoored, the RNG is probably not the + realistic vector of choice for an attacker. + +- These CPU or bootloader seeds are far from being the only source of + entropy. Rather, there is generally a pretty huge amount of entropy, + not all of which is credited, especially on CPUs that support + instructions like RDRAND. In other words, assuming RDRAND outputs all + zeros, an attacker would *still* have to accurately model every single + other entropy source also in use. + +- The RNG now reseeds itself quite rapidly during boot, starting at 2 + seconds, then 4, then 8, then 16, and so forth, so that other sources + of entropy get used without much delay. + +- Paranoid users can set random.trust_{cpu,bootloader}=no in the kernel + command line, and paranoid system builders can set the Kconfig options + to N, so there's no reduction or restriction of optionality. + +- It's a practical default. + +- All the distros have it set this way. Microsoft and Apple trust it + too. Bandwagon. + +Cons: + +- RDRAND *could* still be backdoored with something like a fixed key or + limited space serial number seed or another indexable scheme like + that. (However, it's hard to imagine threat models where the CPU is + backdoored like this, yet people are still okay making *any* + computations with it or connecting it to networks, etc.) + +- RDRAND *could* be defective, rather than backdoored, and produce + garbage that is in one way or another insufficient for crypto. + +- Suggesting a *reduction* in paranoia, as this commit effectively does, + may cause some to question my personal integrity as a "security + person". + +- Bootloader seeds and RDRAND are generally very difficult if not all + together impossible to audit. + +Keep in mind that this doesn't actually change any behavior. This +is just a change in the default Kconfig value. The distros already are +shipping kernels that set things this way. + +Ard made an additional argument in [1]: + + We're at the mercy of firmware and micro-architecture anyway, given + that we are also relying on it to ensure that every instruction in + the kernel's executable image has been faithfully copied to memory, + and that the CPU implements those instructions as documented. So I + don't think firmware or ISA bugs related to RNGs deserve special + treatment - if they are broken, we should quirk around them like we + usually do. So enabling these by default is a step in the right + direction IMHO. + +In [2], Phil pointed out that having this disabled masked a bug that CI +otherwise would have caught: + + A clean 5.15.45 boots cleanly, whereas a downstream kernel shows the + static key warning (but it does go on to boot). The significant + difference is that our defconfigs set CONFIG_RANDOM_TRUST_BOOTLOADER=y + defining that on top of multi_v7_defconfig demonstrates the issue on + a clean 5.15.45. Conversely, not setting that option in a + downstream kernel build avoids the warning + +[1] https://lore.kernel.org/lkml/CAMj1kXGi+ieviFjXv9zQBSaGyyzeGW_VpMpTLJK8PJb2QHEQ-w@mail.gmail.com/ +[2] https://lore.kernel.org/lkml/c47c42e3-1d56-5859-a6ad-976a1a3381c6@raspberrypi.com/ + +Cc: Theodore Ts'o +Reviewed-by: Ard Biesheuvel +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Sasha Levin +--- + drivers/char/Kconfig | 54 +++++++++++++++++++++++++++----------------- + 1 file changed, 33 insertions(+), 21 deletions(-) + +diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig +index 0a811d5f5e00..85e97550a9a6 100644 +--- a/drivers/char/Kconfig ++++ b/drivers/char/Kconfig +@@ -535,29 +535,41 @@ config ADI + and SSM (Silicon Secured Memory). Intended consumers of this + driver include crash and makedumpfile. + +-endmenu +- + config RANDOM_TRUST_CPU +- bool "Trust the CPU manufacturer to initialize Linux's CRNG" +- depends on X86 || S390 || PPC +- default n ++ bool "Initialize RNG using CPU RNG instructions" ++ default y ++ depends on ARCH_RANDOM + help +- Assume that CPU manufacturer (e.g., Intel or AMD for RDSEED or +- RDRAND, IBM for the S390 and Power PC architectures) is trustworthy +- for the purposes of initializing Linux's CRNG. Since this is not +- something that can be independently audited, this amounts to trusting +- that CPU manufacturer (perhaps with the insistence or mandate +- of a Nation State's intelligence or law enforcement agencies) +- has not installed a hidden back door to compromise the CPU's +- random number generation facilities. This can also be configured +- at boot with "random.trust_cpu=on/off". ++ Initialize the RNG using random numbers supplied by the CPU's ++ RNG instructions (e.g. RDRAND), if supported and available. These ++ random numbers are never used directly, but are rather hashed into ++ the main input pool, and this happens regardless of whether or not ++ this option is enabled. Instead, this option controls whether the ++ they are credited and hence can initialize the RNG. Additionally, ++ other sources of randomness are always used, regardless of this ++ setting. Enabling this implies trusting that the CPU can supply high ++ quality and non-backdoored random numbers. ++ ++ Say Y here unless you have reason to mistrust your CPU or believe ++ its RNG facilities may be faulty. This may also be configured at ++ boot time with "random.trust_cpu=on/off". + + config RANDOM_TRUST_BOOTLOADER +- bool "Trust the bootloader to initialize Linux's CRNG" ++ bool "Initialize RNG using bootloader-supplied seed" ++ default y + help +- Some bootloaders can provide entropy to increase the kernel's initial +- device randomness. Say Y here to assume the entropy provided by the +- booloader is trustworthy so it will be added to the kernel's entropy +- pool. Otherwise, say N here so it will be regarded as device input that +- only mixes the entropy pool. This can also be configured at boot with +- "random.trust_bootloader=on/off". ++ Initialize the RNG using a seed supplied by the bootloader or boot ++ environment (e.g. EFI or a bootloader-generated device tree). This ++ seed is not used directly, but is rather hashed into the main input ++ pool, and this happens regardless of whether or not this option is ++ enabled. Instead, this option controls whether the seed is credited ++ and hence can initialize the RNG. Additionally, other sources of ++ randomness are always used, regardless of this setting. Enabling ++ this implies trusting that the bootloader can supply high quality and ++ non-backdoored seeds. ++ ++ Say Y here unless you have reason to mistrust your bootloader or ++ believe its RNG facilities may be faulty. This may also be configured ++ at boot time with "random.trust_bootloader=on/off". ++ ++endmenu +-- +2.35.1 + diff --git a/queue-5.4/scsi-ipr-fix-missing-incorrect-resource-cleanup-in-e.patch b/queue-5.4/scsi-ipr-fix-missing-incorrect-resource-cleanup-in-e.patch new file mode 100644 index 00000000000..9c5ce8e7b9c --- /dev/null +++ b/queue-5.4/scsi-ipr-fix-missing-incorrect-resource-cleanup-in-e.patch @@ -0,0 +1,49 @@ +From e733a9567f451be1b6faed5bbd5ee0fad7b0e91f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 29 May 2022 23:34:53 +0800 +Subject: scsi: ipr: Fix missing/incorrect resource cleanup in error case + +From: Chengguang Xu + +[ Upstream commit d64c491911322af1dcada98e5b9ee0d87e8c8fee ] + +Fix missing resource cleanup (when '(--i) == 0') for error case in +ipr_alloc_mem() and skip incorrect resource cleanup (when '(--i) == 0') for +error case in ipr_request_other_msi_irqs() because variable i started from +1. + +Link: https://lore.kernel.org/r/20220529153456.4183738-4-cgxu519@mykernel.net +Reviewed-by: Dan Carpenter +Acked-by: Brian King +Signed-off-by: Chengguang Xu +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/ipr.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/ipr.c b/drivers/scsi/ipr.c +index 7a57b61f0340..a163fd9331b3 100644 +--- a/drivers/scsi/ipr.c ++++ b/drivers/scsi/ipr.c +@@ -9772,7 +9772,7 @@ static int ipr_alloc_mem(struct ipr_ioa_cfg *ioa_cfg) + GFP_KERNEL); + + if (!ioa_cfg->hrrq[i].host_rrq) { +- while (--i > 0) ++ while (--i >= 0) + dma_free_coherent(&pdev->dev, + sizeof(u32) * ioa_cfg->hrrq[i].size, + ioa_cfg->hrrq[i].host_rrq, +@@ -10045,7 +10045,7 @@ static int ipr_request_other_msi_irqs(struct ipr_ioa_cfg *ioa_cfg, + ioa_cfg->vectors_info[i].desc, + &ioa_cfg->hrrq[i]); + if (rc) { +- while (--i >= 0) ++ while (--i > 0) + free_irq(pci_irq_vector(pdev, i), + &ioa_cfg->hrrq[i]); + return rc; +-- +2.35.1 + diff --git a/queue-5.4/scsi-lpfc-allow-reduced-polling-rate-for-nvme_admin_.patch b/queue-5.4/scsi-lpfc-allow-reduced-polling-rate-for-nvme_admin_.patch new file mode 100644 index 00000000000..43228157544 --- /dev/null +++ b/queue-5.4/scsi-lpfc-allow-reduced-polling-rate-for-nvme_admin_.patch @@ -0,0 +1,74 @@ +From 28f9295460efa500111efad763cb2f6cc7b2dd3a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jun 2022 10:43:28 -0700 +Subject: scsi: lpfc: Allow reduced polling rate for nvme_admin_async_event cmd + completion + +From: James Smart + +[ Upstream commit 2e7e9c0c1ec05f18d320ecc8a31eec59d2af1af9 ] + +NVMe Asynchronous Event Request commands have no command timeout value per +specifications. + +Set WQE option to allow a reduced FLUSH polling rate for I/O error +detection specifically for nvme_admin_async_event commands. + +Link: https://lore.kernel.org/r/20220603174329.63777-9-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_hw4.h | 3 +++ + drivers/scsi/lpfc/lpfc_nvme.c | 11 +++++++++-- + 2 files changed, 12 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_hw4.h b/drivers/scsi/lpfc/lpfc_hw4.h +index b8a772f80d6c..cbea3e0c1a7d 100644 +--- a/drivers/scsi/lpfc/lpfc_hw4.h ++++ b/drivers/scsi/lpfc/lpfc_hw4.h +@@ -4249,6 +4249,9 @@ struct wqe_common { + #define wqe_sup_SHIFT 6 + #define wqe_sup_MASK 0x00000001 + #define wqe_sup_WORD word11 ++#define wqe_ffrq_SHIFT 6 ++#define wqe_ffrq_MASK 0x00000001 ++#define wqe_ffrq_WORD word11 + #define wqe_wqec_SHIFT 7 + #define wqe_wqec_MASK 0x00000001 + #define wqe_wqec_WORD word11 +diff --git a/drivers/scsi/lpfc/lpfc_nvme.c b/drivers/scsi/lpfc/lpfc_nvme.c +index 5a86a1ee0de3..193c1a81cac0 100644 +--- a/drivers/scsi/lpfc/lpfc_nvme.c ++++ b/drivers/scsi/lpfc/lpfc_nvme.c +@@ -1202,7 +1202,8 @@ lpfc_nvme_prep_io_cmd(struct lpfc_vport *vport, + { + struct lpfc_hba *phba = vport->phba; + struct nvmefc_fcp_req *nCmd = lpfc_ncmd->nvmeCmd; +- struct lpfc_iocbq *pwqeq = &(lpfc_ncmd->cur_iocbq); ++ struct nvme_common_command *sqe; ++ struct lpfc_iocbq *pwqeq = &lpfc_ncmd->cur_iocbq; + union lpfc_wqe128 *wqe = &pwqeq->wqe; + uint32_t req_len; + +@@ -1258,8 +1259,14 @@ lpfc_nvme_prep_io_cmd(struct lpfc_vport *vport, + cstat->control_requests++; + } + +- if (pnode->nlp_nvme_info & NLP_NVME_NSLER) ++ if (pnode->nlp_nvme_info & NLP_NVME_NSLER) { + bf_set(wqe_erp, &wqe->generic.wqe_com, 1); ++ sqe = &((struct nvme_fc_cmd_iu *) ++ nCmd->cmdaddr)->sqe.common; ++ if (sqe->opcode == nvme_admin_async_event) ++ bf_set(wqe_ffrq, &wqe->generic.wqe_com, 1); ++ } ++ + /* + * Finish initializing those WQE fields that are independent + * of the nvme_cmnd request_buffer +-- +2.35.1 + diff --git a/queue-5.4/scsi-lpfc-fix-port-stuck-in-bypassed-state-after-lip.patch b/queue-5.4/scsi-lpfc-fix-port-stuck-in-bypassed-state-after-lip.patch new file mode 100644 index 00000000000..6762aa539d6 --- /dev/null +++ b/queue-5.4/scsi-lpfc-fix-port-stuck-in-bypassed-state-after-lip.patch @@ -0,0 +1,50 @@ +From 567703a5e006006e1b01ea56bbc1f6823610d025 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jun 2022 10:43:26 -0700 +Subject: scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT + topology + +From: James Smart + +[ Upstream commit 336d63615466b4c06b9401c987813fd19bdde39b ] + +After issuing a LIP, a specific target vendor does not ACC the FLOGI that +lpfc sends. However, it does send its own FLOGI that lpfc ACCs. The +target then establishes the port IDs by sending a PLOGI. lpfc PLOGI_ACCs +and starts the RPI registration for DID 0x000001. The target then sends a +LOGO to the fabric DID. lpfc is currently treating the LOGO from the +fabric DID as a link down and cleans up all the ndlps. The ndlp for DID +0x000001 is put back into NPR and discovery stops, leaving the port in +stuck in bypassed mode. + +Change lpfc behavior such that if a LOGO is received for the fabric DID in +PT2PT topology skip the lpfc_linkdown_port() routine and just move the +fabric DID back to NPR. + +Link: https://lore.kernel.org/r/20220603174329.63777-7-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_nportdisc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/lpfc/lpfc_nportdisc.c b/drivers/scsi/lpfc/lpfc_nportdisc.c +index df2f7c3d7f84..e6a94f550a57 100644 +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -842,7 +842,8 @@ lpfc_rcv_logo(struct lpfc_vport *vport, struct lpfc_nodelist *ndlp, + else + lpfc_els_rsp_acc(vport, ELS_CMD_ACC, cmdiocb, ndlp, NULL); + if (ndlp->nlp_DID == Fabric_DID) { +- if (vport->port_state <= LPFC_FDISC) ++ if (vport->port_state <= LPFC_FDISC || ++ vport->fc_flag & FC_PT2PT) + goto out; + lpfc_linkdown_port(vport); + spin_lock_irq(shost->host_lock); +-- +2.35.1 + diff --git a/queue-5.4/scsi-pmcraid-fix-missing-resource-cleanup-in-error-c.patch b/queue-5.4/scsi-pmcraid-fix-missing-resource-cleanup-in-error-c.patch new file mode 100644 index 00000000000..f7747fa768d --- /dev/null +++ b/queue-5.4/scsi-pmcraid-fix-missing-resource-cleanup-in-error-c.patch @@ -0,0 +1,37 @@ +From 3763750372fb62fae40285274b22c6efe0659da9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 29 May 2022 23:34:55 +0800 +Subject: scsi: pmcraid: Fix missing resource cleanup in error case + +From: Chengguang Xu + +[ Upstream commit ec1e8adcbdf661c57c395bca342945f4f815add7 ] + +Fix missing resource cleanup (when '(--i) == 0') for error case in +pmcraid_register_interrupt_handler(). + +Link: https://lore.kernel.org/r/20220529153456.4183738-6-cgxu519@mykernel.net +Reviewed-by: Dan Carpenter +Signed-off-by: Chengguang Xu +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/pmcraid.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c +index 398d2af60832..f95a970db8fd 100644 +--- a/drivers/scsi/pmcraid.c ++++ b/drivers/scsi/pmcraid.c +@@ -4532,7 +4532,7 @@ pmcraid_register_interrupt_handler(struct pmcraid_instance *pinstance) + return 0; + + out_unwind: +- while (--i > 0) ++ while (--i >= 0) + free_irq(pci_irq_vector(pdev, i), &pinstance->hrrq_vector[i]); + pci_free_irq_vectors(pdev); + return rc; +-- +2.35.1 + diff --git a/queue-5.4/scsi-vmw_pvscsi-expand-vcpuhint-to-16-bits.patch b/queue-5.4/scsi-vmw_pvscsi-expand-vcpuhint-to-16-bits.patch new file mode 100644 index 00000000000..270911262ce --- /dev/null +++ b/queue-5.4/scsi-vmw_pvscsi-expand-vcpuhint-to-16-bits.patch @@ -0,0 +1,40 @@ +From 788fe4040b4f992e1b005a82cd534da4552e083f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 08:57:00 +0000 +Subject: scsi: vmw_pvscsi: Expand vcpuHint to 16 bits + +From: Wentao Wang + +[ Upstream commit cf71d59c2eceadfcde0fb52e237990a0909880d7 ] + +vcpuHint has been expanded to 16 bit on host to enable routing to more +CPUs. Guest side should align with the change. This change has been tested +with hosts with 8-bit and 16-bit vcpuHint, on both platforms host side can +get correct value. + +Link: https://lore.kernel.org/r/EF35F4D5-5DCC-42C5-BCC4-29DF1729B24C@vmware.com +Signed-off-by: Wentao Wang +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/vmw_pvscsi.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/vmw_pvscsi.h b/drivers/scsi/vmw_pvscsi.h +index 75966d3f326e..d87c12324c03 100644 +--- a/drivers/scsi/vmw_pvscsi.h ++++ b/drivers/scsi/vmw_pvscsi.h +@@ -333,8 +333,8 @@ struct PVSCSIRingReqDesc { + u8 tag; + u8 bus; + u8 target; +- u8 vcpuHint; +- u8 unused[59]; ++ u16 vcpuHint; ++ u8 unused[58]; + } __packed; + + /* +-- +2.35.1 + diff --git a/queue-5.4/series b/queue-5.4/series index d6b021c6014..c94e35a1e5d 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -178,3 +178,27 @@ crypto-drbg-make-reseeding-from-get_random_bytes-synchronous.patch random-avoid-checking-crng_ready-twice-in-random_init.patch random-mark-bootloader-randomness-code-as-__init.patch random-account-for-arch-randomness-in-bits.patch +powerpc-kasan-silence-kasan-warnings-in-__get_wchan.patch +asoc-nau8822-add-operation-for-internal-pll-off-and-.patch +dma-debug-make-things-less-spammy-under-memory-press.patch +asoc-cs42l52-fix-tlv-scales-for-mixer-controls.patch +asoc-cs35l36-update-digital-volume-tlv.patch +asoc-cs53l30-correct-number-of-volume-levels-on-sx-c.patch +asoc-cs42l52-correct-tlv-for-bypass-volume.patch +asoc-cs42l56-correct-typo-in-minimum-level-for-sx-vo.patch +ata-libata-core-fix-null-pointer-deref-in-ata_host_a.patch +asoc-wm8962-fix-suspend-while-playing-music.patch +asoc-es8328-fix-event-generation-for-deemphasis-cont.patch +asoc-wm_adsp-fix-event-generation-for-wm_adsp_fw_put.patch +scsi-vmw_pvscsi-expand-vcpuhint-to-16-bits.patch +scsi-lpfc-fix-port-stuck-in-bypassed-state-after-lip.patch +scsi-lpfc-allow-reduced-polling-rate-for-nvme_admin_.patch +scsi-ipr-fix-missing-incorrect-resource-cleanup-in-e.patch +scsi-pmcraid-fix-missing-resource-cleanup-in-error-c.patch +alsa-hda-realtek-add-hw8326-support.patch +virtio-mmio-fix-missing-put_device-when-vm_cmdline_p.patch +nfc-nfcmrvl-fix-memory-leak-in-nfcmrvl_play_deferred.patch +ipv6-fix-signed-integer-overflow-in-l2tp_ip6_sendmsg.patch +net-ethernet-mtk_eth_soc-fix-misuse-of-mem-alloc-int.patch +netfs-gcc-12-temporarily-disable-wattribute-warning-.patch +random-credit-cpu-and-bootloader-seeds-by-default.patch diff --git a/queue-5.4/virtio-mmio-fix-missing-put_device-when-vm_cmdline_p.patch b/queue-5.4/virtio-mmio-fix-missing-put_device-when-vm_cmdline_p.patch new file mode 100644 index 00000000000..b81f0b02c55 --- /dev/null +++ b/queue-5.4/virtio-mmio-fix-missing-put_device-when-vm_cmdline_p.patch @@ -0,0 +1,37 @@ +From 7f079f54ac6c1f737690c577e9e833f319368bfe Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 2 Jun 2022 08:55:42 +0800 +Subject: virtio-mmio: fix missing put_device() when vm_cmdline_parent + registration failed + +From: chengkaitao + +[ Upstream commit a58a7f97ba11391d2d0d408e0b24f38d86ae748e ] + +The reference must be released when device_register(&vm_cmdline_parent) +failed. Add the corresponding 'put_device()' in the error handling path. + +Signed-off-by: chengkaitao +Message-Id: <20220602005542.16489-1-chengkaitao@didiglobal.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: Sasha Levin +--- + drivers/virtio/virtio_mmio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c +index e09edb5c5e06..74547323aa83 100644 +--- a/drivers/virtio/virtio_mmio.c ++++ b/drivers/virtio/virtio_mmio.c +@@ -669,6 +669,7 @@ static int vm_cmdline_set(const char *device, + if (!vm_cmdline_parent_registered) { + err = device_register(&vm_cmdline_parent); + if (err) { ++ put_device(&vm_cmdline_parent); + pr_err("Failed to register parent device!\n"); + return err; + } +-- +2.35.1 +