From: Greg Kroah-Hartman Date: Mon, 22 Aug 2022 12:45:40 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v4.9.326~43 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7bcdff46b407a3aabf3b605f611b0cd00d4c42a7;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch asoc-tas2770-allow-mono-streams.patch asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch asoc-tas2770-fix-handling-of-mute-unmute.patch asoc-tas2770-set-correct-fsync-polarity.patch iavf-fix-adminq-error-handling.patch iavf-fix-reset-error-handling.patch netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch nios2-add-force_successful_syscall_return.patch nios2-don-t-leave-nulls-in-sys_call_table.patch nios2-fix-syscall-restart-checks.patch nios2-page-fault-et.al.-are-not-restartable-syscalls.patch nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch nios2-traced-syscall-does-need-to-check-the-syscall-number.patch --- diff --git a/queue-5.15/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch b/queue-5.15/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch new file mode 100644 index 00000000000..95a0d530517 --- /dev/null +++ b/queue-5.15/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch @@ -0,0 +1,62 @@ +From b4b5f29a076e52181f63e45a2ad1bc88593072e3 Mon Sep 17 00:00:00 2001 +From: Philipp Zabel +Date: Wed, 10 Aug 2022 12:41:56 +0200 +Subject: ASoC: codec: tlv320aic32x4: fix mono playback via I2S + +From: Philipp Zabel + +commit b4b5f29a076e52181f63e45a2ad1bc88593072e3 upstream. + +The two commits referenced below break mono playback via I2S DAI because +they set BCLK to half the required speed. For PCM transport over I2S, the +number of transmitted channels is always 2, even for mono playback. + +Fixes: dcd79364bff3 ("ASoC: codec: tlv3204: Enable 24 bit audio support") +Fixes: 40b37136287b ("ASoC: tlv320aic32x4: Fix bdiv clock rate derivation") +Signed-off-by: Philipp Zabel +Link: https://lore.kernel.org/r/20220810104156.665452-1-p.zabel@pengutronix.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tlv320aic32x4.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/sound/soc/codecs/tlv320aic32x4.c ++++ b/sound/soc/codecs/tlv320aic32x4.c +@@ -49,6 +49,8 @@ struct aic32x4_priv { + struct aic32x4_setup_data *setup; + struct device *dev; + enum aic32x4_type type; ++ ++ unsigned int fmt; + }; + + static int aic32x4_reset_adc(struct snd_soc_dapm_widget *w, +@@ -611,6 +613,7 @@ static int aic32x4_set_dai_sysclk(struct + static int aic32x4_set_dai_fmt(struct snd_soc_dai *codec_dai, unsigned int fmt) + { + struct snd_soc_component *component = codec_dai->component; ++ struct aic32x4_priv *aic32x4 = snd_soc_component_get_drvdata(component); + u8 iface_reg_1 = 0; + u8 iface_reg_2 = 0; + u8 iface_reg_3 = 0; +@@ -654,6 +657,8 @@ static int aic32x4_set_dai_fmt(struct sn + return -EINVAL; + } + ++ aic32x4->fmt = fmt; ++ + snd_soc_component_update_bits(component, AIC32X4_IFACE1, + AIC32X4_IFACE1_DATATYPE_MASK | + AIC32X4_IFACE1_MASTER_MASK, iface_reg_1); +@@ -758,6 +763,10 @@ static int aic32x4_setup_clocks(struct s + return -EINVAL; + } + ++ /* PCM over I2S is always 2-channel */ ++ if ((aic32x4->fmt & SND_SOC_DAIFMT_FORMAT_MASK) == SND_SOC_DAIFMT_I2S) ++ channels = 2; ++ + madc = DIV_ROUND_UP((32 * adc_resource_class), aosr); + max_dosr = (AIC32X4_MAX_DOSR_FREQ / sample_rate / dosr_increment) * + dosr_increment; diff --git a/queue-5.15/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch b/queue-5.15/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch new file mode 100644 index 00000000000..db504aae2e3 --- /dev/null +++ b/queue-5.15/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch @@ -0,0 +1,40 @@ +From 1eb123ce985e6cf302ac6e3f19862d132d86fa8f Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Aug 2022 18:54:19 +0200 +Subject: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() + +From: Takashi Iwai + +commit 1eb123ce985e6cf302ac6e3f19862d132d86fa8f upstream. + +snprintf() returns the would-be-filled size when the string overflows +the given buffer size, hence using this value may result in the buffer +overflow (although it's unrealistic). + +This patch replaces with a safer version, scnprintf() for papering +over such a potential issue. + +Fixes: 5b10b6298921 ("ASoC: SOF: Add `memory_info` file to debugfs") +Signed-off-by: Takashi Iwai +Link: https://lore.kernel.org/r/20220801165420.25978-3-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/sof/debug.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/sound/soc/sof/debug.c ++++ b/sound/soc/sof/debug.c +@@ -668,9 +668,9 @@ static int memory_info_update(struct snd + } + + for (i = 0, len = 0; i < reply->num_elems; i++) { +- ret = snprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", +- reply->elems[i].zone, reply->elems[i].id, +- reply->elems[i].used, reply->elems[i].free); ++ ret = scnprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", ++ reply->elems[i].zone, reply->elems[i].id, ++ reply->elems[i].used, reply->elems[i].free); + if (ret < 0) + goto error; + len += ret; diff --git a/queue-5.15/asoc-tas2770-allow-mono-streams.patch b/queue-5.15/asoc-tas2770-allow-mono-streams.patch new file mode 100644 index 00000000000..fae4e0f0d98 --- /dev/null +++ b/queue-5.15/asoc-tas2770-allow-mono-streams.patch @@ -0,0 +1,35 @@ +From bf54d97a835dfe62d4d29e245e170c63d0089be7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:44 +0200 +Subject: ASoC: tas2770: Allow mono streams +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit bf54d97a835dfe62d4d29e245e170c63d0089be7 upstream. + +The part is a mono speaker amp, but it can do downmix and switch between +left and right channel, so the right channel range is 1 to 2. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-3-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -507,7 +507,7 @@ static struct snd_soc_dai_driver tas2770 + .id = 0, + .playback = { + .stream_name = "ASI1 Playback", +- .channels_min = 2, ++ .channels_min = 1, + .channels_max = 2, + .rates = TAS2770_RATES, + .formats = TAS2770_FORMATS, diff --git a/queue-5.15/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch b/queue-5.15/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch new file mode 100644 index 00000000000..e679ea352a2 --- /dev/null +++ b/queue-5.15/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch @@ -0,0 +1,75 @@ +From 482c23fbc7e9bf5a7a74defd0735d5346215db58 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:45 +0200 +Subject: ASoC: tas2770: Drop conflicting set_bias_level power setting +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit 482c23fbc7e9bf5a7a74defd0735d5346215db58 upstream. + +The driver is setting the PWR_CTRL field in both the set_bias_level +callback and on DAPM events of the DAC widget (and also in the +mute_stream method). Drop the set_bias_level callback altogether as the +power setting it does is in conflict with the other code paths. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-4-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 33 --------------------------------- + 1 file changed, 33 deletions(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -46,38 +46,6 @@ static void tas2770_reset(struct tas2770 + usleep_range(1000, 2000); + } + +-static int tas2770_set_bias_level(struct snd_soc_component *component, +- enum snd_soc_bias_level level) +-{ +- struct tas2770_priv *tas2770 = +- snd_soc_component_get_drvdata(component); +- +- switch (level) { +- case SND_SOC_BIAS_ON: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); +- break; +- case SND_SOC_BIAS_STANDBY: +- case SND_SOC_BIAS_PREPARE: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); +- break; +- case SND_SOC_BIAS_OFF: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_SHUTDOWN); +- break; +- +- default: +- dev_err(tas2770->dev, "wrong power level setting %d\n", level); +- return -EINVAL; +- } +- +- return 0; +-} +- + #ifdef CONFIG_PM + static int tas2770_codec_suspend(struct snd_soc_component *component) + { +@@ -555,7 +523,6 @@ static const struct snd_soc_component_dr + .probe = tas2770_codec_probe, + .suspend = tas2770_codec_suspend, + .resume = tas2770_codec_resume, +- .set_bias_level = tas2770_set_bias_level, + .controls = tas2770_snd_controls, + .num_controls = ARRAY_SIZE(tas2770_snd_controls), + .dapm_widgets = tas2770_dapm_widgets, diff --git a/queue-5.15/asoc-tas2770-fix-handling-of-mute-unmute.patch b/queue-5.15/asoc-tas2770-fix-handling-of-mute-unmute.patch new file mode 100644 index 00000000000..6464abb8c7c --- /dev/null +++ b/queue-5.15/asoc-tas2770-fix-handling-of-mute-unmute.patch @@ -0,0 +1,135 @@ +From 1e5907bcb3a3b569be0a03ebe668bba2ed320a50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:46 +0200 +Subject: ASoC: tas2770: Fix handling of mute/unmute +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit 1e5907bcb3a3b569be0a03ebe668bba2ed320a50 upstream. + +Because the PWR_CTRL field is modeled as the power state of the DAC +widget, and at the same time it is used to implement mute/unmute, we +need some additional book-keeping to have the right end result no matter +the sequence of calls. Without this fix, one can mute an ongoing stream +by toggling a speaker pin control. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-5-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 57 +++++++++++++++++++++++---------------------- + sound/soc/codecs/tas2770.h | 2 + + 2 files changed, 32 insertions(+), 27 deletions(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -46,6 +46,26 @@ static void tas2770_reset(struct tas2770 + usleep_range(1000, 2000); + } + ++static int tas2770_update_pwr_ctrl(struct tas2770_priv *tas2770) ++{ ++ struct snd_soc_component *component = tas2770->component; ++ unsigned int val; ++ int ret; ++ ++ if (tas2770->dac_powered) ++ val = tas2770->unmuted ? ++ TAS2770_PWR_CTRL_ACTIVE : TAS2770_PWR_CTRL_MUTE; ++ else ++ val = TAS2770_PWR_CTRL_SHUTDOWN; ++ ++ ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, ++ TAS2770_PWR_CTRL_MASK, val); ++ if (ret < 0) ++ return ret; ++ ++ return 0; ++} ++ + #ifdef CONFIG_PM + static int tas2770_codec_suspend(struct snd_soc_component *component) + { +@@ -82,9 +102,7 @@ static int tas2770_codec_resume(struct s + gpiod_set_value_cansleep(tas2770->sdz_gpio, 1); + usleep_range(1000, 2000); + } else { +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); ++ ret = tas2770_update_pwr_ctrl(tas2770); + if (ret < 0) + return ret; + } +@@ -120,24 +138,19 @@ static int tas2770_dac_event(struct snd_ + + switch (event) { + case SND_SOC_DAPM_POST_PMU: +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); ++ tas2770->dac_powered = 1; ++ ret = tas2770_update_pwr_ctrl(tas2770); + break; + case SND_SOC_DAPM_PRE_PMD: +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_SHUTDOWN); ++ tas2770->dac_powered = 0; ++ ret = tas2770_update_pwr_ctrl(tas2770); + break; + default: + dev_err(tas2770->dev, "Not supported evevt\n"); + return -EINVAL; + } + +- if (ret < 0) +- return ret; +- +- return 0; ++ return ret; + } + + static const struct snd_kcontrol_new isense_switch = +@@ -171,21 +184,11 @@ static const struct snd_soc_dapm_route t + static int tas2770_mute(struct snd_soc_dai *dai, int mute, int direction) + { + struct snd_soc_component *component = dai->component; +- int ret; +- +- if (mute) +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); +- else +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); +- +- if (ret < 0) +- return ret; ++ struct tas2770_priv *tas2770 = ++ snd_soc_component_get_drvdata(component); + +- return 0; ++ tas2770->unmuted = !mute; ++ return tas2770_update_pwr_ctrl(tas2770); + } + + static int tas2770_set_bitwidth(struct tas2770_priv *tas2770, int bitwidth) +--- a/sound/soc/codecs/tas2770.h ++++ b/sound/soc/codecs/tas2770.h +@@ -138,6 +138,8 @@ struct tas2770_priv { + struct device *dev; + int v_sense_slot; + int i_sense_slot; ++ bool dac_powered; ++ bool unmuted; + }; + + #endif /* __TAS2770__ */ diff --git a/queue-5.15/asoc-tas2770-set-correct-fsync-polarity.patch b/queue-5.15/asoc-tas2770-set-correct-fsync-polarity.patch new file mode 100644 index 00000000000..be8f3b27ce1 --- /dev/null +++ b/queue-5.15/asoc-tas2770-set-correct-fsync-polarity.patch @@ -0,0 +1,99 @@ +From e9ac31f0a5d0e246b046c20348954519f91a297f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:43 +0200 +Subject: ASoC: tas2770: Set correct FSYNC polarity +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit e9ac31f0a5d0e246b046c20348954519f91a297f upstream. + +Fix setting of FSYNC polarity for DAI formats other than I2S. Also +add support for polarity inversion. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-2-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 20 +++++++++++++++++++- + sound/soc/codecs/tas2770.h | 3 +++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -337,7 +337,7 @@ static int tas2770_set_fmt(struct snd_so + struct snd_soc_component *component = dai->component; + struct tas2770_priv *tas2770 = + snd_soc_component_get_drvdata(component); +- u8 tdm_rx_start_slot = 0, asi_cfg_1 = 0; ++ u8 tdm_rx_start_slot = 0, invert_fpol = 0, fpol_preinv = 0, asi_cfg_1 = 0; + int ret; + + switch (fmt & SND_SOC_DAIFMT_MASTER_MASK) { +@@ -349,9 +349,15 @@ static int tas2770_set_fmt(struct snd_so + } + + switch (fmt & SND_SOC_DAIFMT_INV_MASK) { ++ case SND_SOC_DAIFMT_NB_IF: ++ invert_fpol = 1; ++ fallthrough; + case SND_SOC_DAIFMT_NB_NF: + asi_cfg_1 |= TAS2770_TDM_CFG_REG1_RX_RSING; + break; ++ case SND_SOC_DAIFMT_IB_IF: ++ invert_fpol = 1; ++ fallthrough; + case SND_SOC_DAIFMT_IB_NF: + asi_cfg_1 |= TAS2770_TDM_CFG_REG1_RX_FALING; + break; +@@ -369,15 +375,19 @@ static int tas2770_set_fmt(struct snd_so + switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) { + case SND_SOC_DAIFMT_I2S: + tdm_rx_start_slot = 1; ++ fpol_preinv = 0; + break; + case SND_SOC_DAIFMT_DSP_A: + tdm_rx_start_slot = 0; ++ fpol_preinv = 1; + break; + case SND_SOC_DAIFMT_DSP_B: + tdm_rx_start_slot = 1; ++ fpol_preinv = 1; + break; + case SND_SOC_DAIFMT_LEFT_J: + tdm_rx_start_slot = 0; ++ fpol_preinv = 1; + break; + default: + dev_err(tas2770->dev, +@@ -391,6 +401,14 @@ static int tas2770_set_fmt(struct snd_so + if (ret < 0) + return ret; + ++ ret = snd_soc_component_update_bits(component, TAS2770_TDM_CFG_REG0, ++ TAS2770_TDM_CFG_REG0_FPOL_MASK, ++ (fpol_preinv ^ invert_fpol) ++ ? TAS2770_TDM_CFG_REG0_FPOL_RSING ++ : TAS2770_TDM_CFG_REG0_FPOL_FALING); ++ if (ret < 0) ++ return ret; ++ + return 0; + } + +--- a/sound/soc/codecs/tas2770.h ++++ b/sound/soc/codecs/tas2770.h +@@ -41,6 +41,9 @@ + #define TAS2770_TDM_CFG_REG0_31_44_1_48KHZ 0x6 + #define TAS2770_TDM_CFG_REG0_31_88_2_96KHZ 0x8 + #define TAS2770_TDM_CFG_REG0_31_176_4_192KHZ 0xa ++#define TAS2770_TDM_CFG_REG0_FPOL_MASK BIT(0) ++#define TAS2770_TDM_CFG_REG0_FPOL_RSING 0 ++#define TAS2770_TDM_CFG_REG0_FPOL_FALING 1 + /* TDM Configuration Reg1 */ + #define TAS2770_TDM_CFG_REG1 TAS2770_REG(0X0, 0x0B) + #define TAS2770_TDM_CFG_REG1_MASK GENMASK(5, 1) diff --git a/queue-5.15/iavf-fix-adminq-error-handling.patch b/queue-5.15/iavf-fix-adminq-error-handling.patch new file mode 100644 index 00000000000..32f7a33d9cb --- /dev/null +++ b/queue-5.15/iavf-fix-adminq-error-handling.patch @@ -0,0 +1,82 @@ +From 419831617ed349992c84344dbd9e627f9e68f842 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Patynowski +Date: Tue, 19 Jul 2022 11:16:52 +0200 +Subject: iavf: Fix adminq error handling + +From: Przemyslaw Patynowski + +commit 419831617ed349992c84344dbd9e627f9e68f842 upstream. + +iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent +memory for VF mailbox. +Free DMA regions for both ASQ and ARQ in case error happens during +configuration of ASQ/ARQ registers. +Without this change it is possible to see when unloading interface: +74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] +One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent] + +Fixes: d358aa9a7a2d ("i40evf: init code and hardware support") +Signed-off-by: Przemyslaw Patynowski +Signed-off-by: Jedrzej Jagielski +Tested-by: Marek Szlosek +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_adminq.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_adminq.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_adminq.c +@@ -324,6 +324,7 @@ static enum iavf_status iavf_config_arq_ + static enum iavf_status iavf_init_asq(struct iavf_hw *hw) + { + enum iavf_status ret_code = 0; ++ int i; + + if (hw->aq.asq.count > 0) { + /* queue already initialized */ +@@ -354,12 +355,17 @@ static enum iavf_status iavf_init_asq(st + /* initialize base registers */ + ret_code = iavf_config_asq_regs(hw); + if (ret_code) +- goto init_adminq_free_rings; ++ goto init_free_asq_bufs; + + /* success! */ + hw->aq.asq.count = hw->aq.num_asq_entries; + goto init_adminq_exit; + ++init_free_asq_bufs: ++ for (i = 0; i < hw->aq.num_asq_entries; i++) ++ iavf_free_dma_mem(hw, &hw->aq.asq.r.asq_bi[i]); ++ iavf_free_virt_mem(hw, &hw->aq.asq.dma_head); ++ + init_adminq_free_rings: + iavf_free_adminq_asq(hw); + +@@ -383,6 +389,7 @@ init_adminq_exit: + static enum iavf_status iavf_init_arq(struct iavf_hw *hw) + { + enum iavf_status ret_code = 0; ++ int i; + + if (hw->aq.arq.count > 0) { + /* queue already initialized */ +@@ -413,12 +420,16 @@ static enum iavf_status iavf_init_arq(st + /* initialize base registers */ + ret_code = iavf_config_arq_regs(hw); + if (ret_code) +- goto init_adminq_free_rings; ++ goto init_free_arq_bufs; + + /* success! */ + hw->aq.arq.count = hw->aq.num_arq_entries; + goto init_adminq_exit; + ++init_free_arq_bufs: ++ for (i = 0; i < hw->aq.num_arq_entries; i++) ++ iavf_free_dma_mem(hw, &hw->aq.arq.r.arq_bi[i]); ++ iavf_free_virt_mem(hw, &hw->aq.arq.dma_head); + init_adminq_free_rings: + iavf_free_adminq_arq(hw); + diff --git a/queue-5.15/iavf-fix-reset-error-handling.patch b/queue-5.15/iavf-fix-reset-error-handling.patch new file mode 100644 index 00000000000..9e22ec5a8e4 --- /dev/null +++ b/queue-5.15/iavf-fix-reset-error-handling.patch @@ -0,0 +1,101 @@ +From 31071173771e079f7bc08dacd61e0db913262fbf Mon Sep 17 00:00:00 2001 +From: Przemyslaw Patynowski +Date: Tue, 19 Jul 2022 11:16:54 +0200 +Subject: iavf: Fix reset error handling + +From: Przemyslaw Patynowski + +commit 31071173771e079f7bc08dacd61e0db913262fbf upstream. + +Do not call iavf_close in iavf_reset_task error handling. Doing so can +lead to double call of napi_disable, which can lead to deadlock there. +Removing VF would lead to iavf_remove task being stuck, because it +requires crit_lock, which is held by iavf_close. +Call iavf_disable_vf if reset fail, so that driver will clean up +remaining invalid resources. +During rapid VF resets, HW can fail to setup VF mailbox. Wrong +error handling can lead to iavf_remove being stuck with: +[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53 +... +[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds. +[ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 +[ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +[ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000 +[ 5267.190347] Call Trace: +[ 5267.190647] +[ 5267.190927] __schedule+0x460/0x9f0 +[ 5267.191264] schedule+0x44/0xb0 +[ 5267.191563] schedule_preempt_disabled+0x14/0x20 +[ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 +[ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] +[ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] +[ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 +[ 5267.193285] pci_device_remove+0x36/0xb0 +[ 5267.193619] device_release_driver_internal+0xc1/0x150 +[ 5267.193974] pci_stop_bus_device+0x69/0x90 +[ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 +[ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 +[ 5267.195130] sriov_disable+0x2f/0xe0 +[ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] +[ 5267.196056] ? pci_get_device+0x4f/0x70 +[ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] +[ 5267.196995] sriov_numvfs_store+0xfe/0x140 +[ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 +[ 5267.197918] new_sync_write+0x10c/0x190 +[ 5267.198404] vfs_write+0x24e/0x2d0 +[ 5267.198886] ksys_write+0x5c/0xd0 +[ 5267.199367] do_syscall_64+0x3a/0x80 +[ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 +[ 5267.200317] RIP: 0033:0x7f5b381205c8 +[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 +[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 +[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 +[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 +[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 +[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 +[ 5267.206041] +[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks +[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 +[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 +[ 5267.209623] Call Trace: +[ 5267.210569] +[ 5267.211480] dump_stack_lvl+0x33/0x42 +[ 5267.212472] panic+0x107/0x294 +[ 5267.213467] watchdog.cold.8+0xc/0xbb +[ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 +[ 5267.215511] kthread+0xf4/0x120 +[ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 +[ 5267.217505] ret_from_fork+0x22/0x30 +[ 5267.218459] + +Fixes: f0db78928783 ("i40evf: use netdev variable in reset task") +Signed-off-by: Przemyslaw Patynowski +Signed-off-by: Jedrzej Jagielski +Tested-by: Marek Szlosek +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_main.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_main.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_main.c +@@ -2414,12 +2414,15 @@ continue_reset: + + return; + reset_err: ++ if (running) { ++ set_bit(__IAVF_VSI_DOWN, adapter->vsi.state); ++ iavf_free_traffic_irqs(adapter); ++ } ++ iavf_disable_vf(adapter); ++ + mutex_unlock(&adapter->client_lock); + mutex_unlock(&adapter->crit_lock); +- if (running) +- iavf_change_state(adapter, __IAVF_RUNNING); + dev_err(&adapter->pdev->dev, "failed to allocate resources during reinit\n"); +- iavf_close(netdev); + } + + /** diff --git a/queue-5.15/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch b/queue-5.15/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch new file mode 100644 index 00000000000..cccaa2149a3 --- /dev/null +++ b/queue-5.15/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch @@ -0,0 +1,109 @@ +From 3400278328285a8c2f121904496aff5e7b610a01 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 9 Aug 2022 13:22:01 +0200 +Subject: netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access + +From: Pablo Neira Ayuso + +commit 3400278328285a8c2f121904496aff5e7b610a01 upstream. + +The generation ID is bumped from the commit path while holding the +mutex, however, netlink dump operations rely on RCU. + +This patch also adds missing cb->base_eq initialization in +nf_tables_dump_set(). + +Fixes: 38e029f14a97 ("netfilter: nf_tables: set NLM_F_DUMP_INTR if netlink dumping is stale") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nf_tables_api.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -837,7 +837,7 @@ static int nf_tables_dump_tables(struct + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -1626,7 +1626,7 @@ static int nf_tables_dump_chains(struct + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -3054,7 +3054,7 @@ static int nf_tables_dump_rules(struct s + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -4036,7 +4036,7 @@ static int nf_tables_dump_sets(struct sk + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (ctx->family != NFPROTO_UNSPEC && +@@ -4964,6 +4964,8 @@ static int nf_tables_dump_set(struct sk_ + + rcu_read_lock(); + nft_net = nft_pernet(net); ++ cb->seq = READ_ONCE(nft_net->base_seq); ++ + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (dump_ctx->ctx.family != NFPROTO_UNSPEC && + dump_ctx->ctx.family != table->family) +@@ -6796,7 +6798,7 @@ static int nf_tables_dump_obj(struct sk_ + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -7728,7 +7730,7 @@ static int nf_tables_dump_flowtable(stru + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -8612,6 +8614,7 @@ static int nf_tables_commit(struct net * + struct nft_trans_elem *te; + struct nft_chain *chain; + struct nft_table *table; ++ unsigned int base_seq; + LIST_HEAD(adl); + int err; + +@@ -8661,9 +8664,12 @@ static int nf_tables_commit(struct net * + * Bump generation counter, invalidate any dump in progress. + * Cannot fail after this point. + */ +- while (++nft_net->base_seq == 0) ++ base_seq = READ_ONCE(nft_net->base_seq); ++ while (++base_seq == 0) + ; + ++ WRITE_ONCE(nft_net->base_seq, base_seq); ++ + /* step 3. Start new generation, rules_gen_X now in use. */ + net->nft.gencursor = nft_gencursor_next(net); + diff --git a/queue-5.15/nios2-add-force_successful_syscall_return.patch b/queue-5.15/nios2-add-force_successful_syscall_return.patch new file mode 100644 index 00000000000..e73fb22bfd4 --- /dev/null +++ b/queue-5.15/nios2-add-force_successful_syscall_return.patch @@ -0,0 +1,61 @@ +From fd0c153daad135d0ec1a53c5dbe6936a724d6ae1 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:09:45 +0100 +Subject: nios2: add force_successful_syscall_return() + +From: Al Viro + +commit fd0c153daad135d0ec1a53c5dbe6936a724d6ae1 upstream. + +If we use the ancient SysV syscall ABI, we'd better have tell the +kernel how to claim that a negative return value is a success. +Use ->orig_r2 for that - it's inaccessible via ptrace, so it's +a fair game for changes and it's normally[*] non-negative on return +from syscall. Set to -1; syscall is not going to be restart-worthy +by definition, so we won't interfere with that use either. + +[*] the only exception is rt_sigreturn(), where we skip the entire +messing with r1/r2 anyway. + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/include/asm/ptrace.h | 2 ++ + arch/nios2/kernel/entry.S | 6 ++++++ + 2 files changed, 8 insertions(+) + +--- a/arch/nios2/include/asm/ptrace.h ++++ b/arch/nios2/include/asm/ptrace.h +@@ -74,6 +74,8 @@ extern void show_regs(struct pt_regs *); + ((struct pt_regs *)((unsigned long)current_thread_info() + THREAD_SIZE)\ + - 1) + ++#define force_successful_syscall_return() (current_pt_regs()->orig_r2 = -1) ++ + int do_syscall_trace_enter(void); + void do_syscall_trace_exit(void); + #endif /* __ASSEMBLY__ */ +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -213,6 +213,9 @@ local_restart: + translate_rc_and_ret: + movi r1, 0 + bge r2, zero, 3f ++ ldw r1, PT_ORIG_R2(sp) ++ addi r1, r1, 1 ++ beq r1, zero, 3f + sub r2, zero, r2 + movi r1, 1 + 3: +@@ -276,6 +279,9 @@ traced_system_call: + translate_rc_and_ret2: + movi r1, 0 + bge r2, zero, 4f ++ ldw r1, PT_ORIG_R2(sp) ++ addi r1, r1, 1 ++ beq r1, zero, 4f + sub r2, zero, r2 + movi r1, 1 + 4: diff --git a/queue-5.15/nios2-don-t-leave-nulls-in-sys_call_table.patch b/queue-5.15/nios2-don-t-leave-nulls-in-sys_call_table.patch new file mode 100644 index 00000000000..a83b33b1518 --- /dev/null +++ b/queue-5.15/nios2-don-t-leave-nulls-in-sys_call_table.patch @@ -0,0 +1,39 @@ +From 45ec746c65097c25e77d24eae8fee0def5b6cc5d Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:06:46 +0100 +Subject: nios2: don't leave NULLs in sys_call_table[] + +From: Al Viro + +commit 45ec746c65097c25e77d24eae8fee0def5b6cc5d upstream. + +fill the gaps in there with sys_ni_syscall, as everyone does... + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/entry.S | 1 - + arch/nios2/kernel/syscall_table.c | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -193,7 +193,6 @@ local_restart: + movhi r11, %hiadj(sys_call_table) + add r1, r1, r11 + ldw r1, %lo(sys_call_table)(r1) +- beq r1, r0, ret_invsyscall + + /* Check if we are being traced */ + GET_THREAD_INFO r11 +--- a/arch/nios2/kernel/syscall_table.c ++++ b/arch/nios2/kernel/syscall_table.c +@@ -13,5 +13,6 @@ + #define __SYSCALL(nr, call) [nr] = (call), + + void *sys_call_table[__NR_syscalls] = { ++ [0 ... __NR_syscalls-1] = sys_ni_syscall, + #include + }; diff --git a/queue-5.15/nios2-fix-syscall-restart-checks.patch b/queue-5.15/nios2-fix-syscall-restart-checks.patch new file mode 100644 index 00000000000..7bf7775e13c --- /dev/null +++ b/queue-5.15/nios2-fix-syscall-restart-checks.patch @@ -0,0 +1,35 @@ +From 2d631bd58fe0ea3e3350212e23c9aba1fb606514 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:08:48 +0100 +Subject: nios2: fix syscall restart checks + +From: Al Viro + +commit 2d631bd58fe0ea3e3350212e23c9aba1fb606514 upstream. + +sys_foo() returns -512 (aka -ERESTARTSYS) => do_signal() sees +512 in r2 and 1 in r1. + +sys_foo() returns 512 => do_signal() sees 512 in r2 and 0 in r1. + +The former is restart-worthy; the latter obviously isn't. + +Fixes: b53e906d255d ("nios2: Signal handling support") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/signal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nios2/kernel/signal.c ++++ b/arch/nios2/kernel/signal.c +@@ -242,7 +242,7 @@ static int do_signal(struct pt_regs *reg + /* + * If we were from a system call, check for system call restarting... + */ +- if (regs->orig_r2 >= 0) { ++ if (regs->orig_r2 >= 0 && regs->r1) { + continue_addr = regs->ea; + restart_addr = continue_addr - 4; + retval = regs->r2; diff --git a/queue-5.15/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch b/queue-5.15/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch new file mode 100644 index 00000000000..fc2926aab78 --- /dev/null +++ b/queue-5.15/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch @@ -0,0 +1,53 @@ +From 8535c239ac674f7ead0f2652932d35c52c4123b2 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:06:04 +0100 +Subject: nios2: page fault et.al. are *not* restartable syscalls... + +From: Al Viro + +commit 8535c239ac674f7ead0f2652932d35c52c4123b2 upstream. + +make sure that ->orig_r2 is negative for everything except +the syscalls. + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/include/asm/entry.h | 3 ++- + arch/nios2/kernel/entry.S | 4 +--- + 2 files changed, 3 insertions(+), 4 deletions(-) + +--- a/arch/nios2/include/asm/entry.h ++++ b/arch/nios2/include/asm/entry.h +@@ -50,7 +50,8 @@ + stw r13, PT_R13(sp) + stw r14, PT_R14(sp) + stw r15, PT_R15(sp) +- stw r2, PT_ORIG_R2(sp) ++ movi r24, -1 ++ stw r24, PT_ORIG_R2(sp) + stw r7, PT_ORIG_R7(sp) + + stw ra, PT_RA(sp) +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -185,6 +185,7 @@ ENTRY(handle_system_call) + ldw r5, PT_R5(sp) + + local_restart: ++ stw r2, PT_ORIG_R2(sp) + /* Check that the requested system call is within limits */ + movui r1, __NR_syscalls + bgeu r2, r1, ret_invsyscall +@@ -336,9 +337,6 @@ external_interrupt: + /* skip if no interrupt is pending */ + beq r12, r0, ret_from_interrupt + +- movi r24, -1 +- stw r24, PT_ORIG_R2(sp) +- + /* + * Process an external hardware interrupt. + */ diff --git a/queue-5.15/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch b/queue-5.15/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch new file mode 100644 index 00000000000..4c06ad1c9da --- /dev/null +++ b/queue-5.15/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch @@ -0,0 +1,27 @@ +From 411a76b7219555c55867466c82d70ce928d6c9e1 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:09:16 +0100 +Subject: nios2: restarts apply only to the first sigframe we build... + +From: Al Viro + +commit 411a76b7219555c55867466c82d70ce928d6c9e1 upstream. + +Fixes: b53e906d255d ("nios2: Signal handling support") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/signal.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/nios2/kernel/signal.c ++++ b/arch/nios2/kernel/signal.c +@@ -264,6 +264,7 @@ static int do_signal(struct pt_regs *reg + regs->ea = restart_addr; + break; + } ++ regs->orig_r2 = -1; + } + + if (get_signal(&ksig)) { diff --git a/queue-5.15/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch b/queue-5.15/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch new file mode 100644 index 00000000000..8b6a0e84d6b --- /dev/null +++ b/queue-5.15/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch @@ -0,0 +1,47 @@ +From 25ba820ef36bdbaf9884adeac69b6e1821a7df76 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:07:21 +0100 +Subject: nios2: traced syscall does need to check the syscall number + +From: Al Viro + +commit 25ba820ef36bdbaf9884adeac69b6e1821a7df76 upstream. + +all checks done before letting the tracer modify the register +state are worthless... + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/entry.S | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -255,9 +255,9 @@ traced_system_call: + ldw r6, PT_R6(sp) + ldw r7, PT_R7(sp) + +- /* Fetch the syscall function, we don't need to check the boundaries +- * since this is already done. +- */ ++ /* Fetch the syscall function. */ ++ movui r1, __NR_syscalls ++ bgeu r2, r1, traced_invsyscall + slli r1, r2, 2 + movhi r11,%hiadj(sys_call_table) + add r1, r1, r11 +@@ -287,6 +287,11 @@ end_translate_rc_and_ret2: + RESTORE_SWITCH_STACK + br ret_from_exception + ++ /* If the syscall number was invalid return ENOSYS */ ++traced_invsyscall: ++ movi r2, -ENOSYS ++ br translate_rc_and_ret2 ++ + Luser_return: + GET_THREAD_INFO r11 /* get thread_info pointer */ + ldw r10, TI_FLAGS(r11) /* get thread_info->flags */ diff --git a/queue-5.15/series b/queue-5.15/series index 8e230377a3b..61a7c8c86ba 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -106,3 +106,18 @@ fs-ntfs3-don-t-clear-upper-bits-accidentally-in-log_replay.patch fs-ntfs3-fix-double-free-on-remount.patch fs-ntfs3-do-not-change-mode-if-ntfs_set_ea-failed.patch fs-ntfs3-fix-missing-i_op-in-ntfs_read_mft.patch +nios2-page-fault-et.al.-are-not-restartable-syscalls.patch +nios2-don-t-leave-nulls-in-sys_call_table.patch +nios2-traced-syscall-does-need-to-check-the-syscall-number.patch +nios2-fix-syscall-restart-checks.patch +nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch +nios2-add-force_successful_syscall_return.patch +iavf-fix-adminq-error-handling.patch +iavf-fix-reset-error-handling.patch +asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch +asoc-tas2770-set-correct-fsync-polarity.patch +asoc-tas2770-allow-mono-streams.patch +asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch +asoc-tas2770-fix-handling-of-mute-unmute.patch +asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch +netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch