From: Sasha Levin Date: Sun, 19 Jan 2025 23:10:07 +0000 (-0500) Subject: Fixes for 6.6 X-Git-Tag: v6.6.73~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7d57aeda048702be6bab8f9168790f2d02b73858;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.6 Signed-off-by: Sasha Levin --- diff --git a/queue-6.6/acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch b/queue-6.6/acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch new file mode 100644 index 0000000000..70271436a3 --- /dev/null +++ b/queue-6.6/acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch @@ -0,0 +1,48 @@ +From 97cc8af09753d9e8121d7af4381afdbf43da5f07 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 28 Dec 2024 17:52:53 +0100 +Subject: ACPI: resource: acpi_dev_irq_override(): Check DMI match last + +From: Hans de Goede + +[ Upstream commit cd4a7b2e6a2437a5502910c08128ea3bad55a80b ] + +acpi_dev_irq_override() gets called approx. 30 times during boot (15 legacy +IRQs * 2 override_table entries). Of these 30 calls at max 1 will match +the non DMI checks done by acpi_dev_irq_override(). The dmi_check_system() +check is by far the most expensive check done by acpi_dev_irq_override(), +make this call the last check done by acpi_dev_irq_override() so that it +will be called at max 1 time instead of 30 times. + +Signed-off-by: Hans de Goede +Reviewed-by: Mario Limonciello +Link: https://patch.msgid.link/20241228165253.42584-1-hdegoede@redhat.com +[ rjw: Subject edit ] +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index c82b255f82bc4..64d83ff3c0d90 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -680,11 +680,11 @@ static bool acpi_dev_irq_override(u32 gsi, u8 triggering, u8 polarity, + for (i = 0; i < ARRAY_SIZE(override_table); i++) { + const struct irq_override_cmp *entry = &override_table[i]; + +- if (dmi_check_system(entry->system) && +- entry->irq == gsi && ++ if (entry->irq == gsi && + entry->triggering == triggering && + entry->polarity == polarity && +- entry->shareable == shareable) ++ entry->shareable == shareable && ++ dmi_check_system(entry->system)) + return entry->override; + } + +-- +2.39.5 + diff --git a/queue-6.6/cachefiles-parse-the-secctx-immediately.patch b/queue-6.6/cachefiles-parse-the-secctx-immediately.patch new file mode 100644 index 0000000000..1ef5739d23 --- /dev/null +++ b/queue-6.6/cachefiles-parse-the-secctx-immediately.patch @@ -0,0 +1,136 @@ +From cdc2120f380492f5e3d48cbc6b073a4b1cc42737 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Dec 2024 13:50:05 +0000 +Subject: cachefiles: Parse the "secctx" immediately + +From: Max Kellermann + +[ Upstream commit e5a8b6446c0d370716f193771ccacf3260a57534 ] + +Instead of storing an opaque string, call security_secctx_to_secid() +right in the "secctx" command handler and store only the numeric +"secid". This eliminates an unnecessary string allocation and allows +the daemon to receive errors when writing the "secctx" command instead +of postponing the error to the "bind" command handler. For example, +if the kernel was built without `CONFIG_SECURITY`, "bind" will return +`EOPNOTSUPP`, but the daemon doesn't know why. With this patch, the +"secctx" will instead return `EOPNOTSUPP` which is the right context +for this error. + +This patch adds a boolean flag `have_secid` because I'm not sure if we +can safely assume that zero is the special secid value for "not set". +This appears to be true for SELinux, Smack and AppArmor, but since +this attribute is not documented, I'm unable to derive a stable +guarantee for that. + +Signed-off-by: Max Kellermann +Signed-off-by: David Howells +Link: https://lore.kernel.org/r/20241209141554.638708-1-max.kellermann@ionos.com/ +Link: https://lore.kernel.org/r/20241213135013.2964079-6-dhowells@redhat.com +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/cachefiles/daemon.c | 14 +++++++------- + fs/cachefiles/internal.h | 3 ++- + fs/cachefiles/security.c | 6 +++--- + 3 files changed, 12 insertions(+), 11 deletions(-) + +diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c +index 89b11336a8369..1806bff8e59bc 100644 +--- a/fs/cachefiles/daemon.c ++++ b/fs/cachefiles/daemon.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -576,7 +577,7 @@ static int cachefiles_daemon_dir(struct cachefiles_cache *cache, char *args) + */ + static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args) + { +- char *secctx; ++ int err; + + _enter(",%s", args); + +@@ -585,16 +586,16 @@ static int cachefiles_daemon_secctx(struct cachefiles_cache *cache, char *args) + return -EINVAL; + } + +- if (cache->secctx) { ++ if (cache->have_secid) { + pr_err("Second security context specified\n"); + return -EINVAL; + } + +- secctx = kstrdup(args, GFP_KERNEL); +- if (!secctx) +- return -ENOMEM; ++ err = security_secctx_to_secid(args, strlen(args), &cache->secid); ++ if (err) ++ return err; + +- cache->secctx = secctx; ++ cache->have_secid = true; + return 0; + } + +@@ -820,7 +821,6 @@ static void cachefiles_daemon_unbind(struct cachefiles_cache *cache) + put_cred(cache->cache_cred); + + kfree(cache->rootdirname); +- kfree(cache->secctx); + kfree(cache->tag); + + _leave(""); +diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h +index 111ad6ecd4baf..4421a12960a66 100644 +--- a/fs/cachefiles/internal.h ++++ b/fs/cachefiles/internal.h +@@ -122,7 +122,6 @@ struct cachefiles_cache { + #define CACHEFILES_STATE_CHANGED 3 /* T if state changed (poll trigger) */ + #define CACHEFILES_ONDEMAND_MODE 4 /* T if in on-demand read mode */ + char *rootdirname; /* name of cache root directory */ +- char *secctx; /* LSM security context */ + char *tag; /* cache binding tag */ + refcount_t unbind_pincount;/* refcount to do daemon unbind */ + struct xarray reqs; /* xarray of pending on-demand requests */ +@@ -130,6 +129,8 @@ struct cachefiles_cache { + struct xarray ondemand_ids; /* xarray for ondemand_id allocation */ + u32 ondemand_id_next; + u32 msg_id_next; ++ u32 secid; /* LSM security id */ ++ bool have_secid; /* whether "secid" was set */ + }; + + static inline bool cachefiles_in_ondemand_mode(struct cachefiles_cache *cache) +diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c +index fe777164f1d89..fc6611886b3b5 100644 +--- a/fs/cachefiles/security.c ++++ b/fs/cachefiles/security.c +@@ -18,7 +18,7 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache) + struct cred *new; + int ret; + +- _enter("{%s}", cache->secctx); ++ _enter("{%u}", cache->have_secid ? cache->secid : 0); + + new = prepare_kernel_cred(current); + if (!new) { +@@ -26,8 +26,8 @@ int cachefiles_get_security_ID(struct cachefiles_cache *cache) + goto error; + } + +- if (cache->secctx) { +- ret = set_security_override_from_ctx(new, cache->secctx); ++ if (cache->have_secid) { ++ ret = set_security_override(new, cache->secid); + if (ret < 0) { + put_cred(new); + pr_err("Security denies permission to nominate security context: error %d\n", +-- +2.39.5 + diff --git a/queue-6.6/fs-fix-missing-declaration-of-init_files.patch b/queue-6.6/fs-fix-missing-declaration-of-init_files.patch new file mode 100644 index 0000000000..9d23658cae --- /dev/null +++ b/queue-6.6/fs-fix-missing-declaration-of-init_files.patch @@ -0,0 +1,37 @@ +From 3c7fb6d00488d02d9fb8aa80919638b47b33fa32 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 17 Dec 2024 07:18:36 +0000 +Subject: fs: fix missing declaration of init_files + +From: Zhang Kunbo + +[ Upstream commit 2b2fc0be98a828cf33a88a28e9745e8599fb05cf ] + +fs/file.c should include include/linux/init_task.h for + declaration of init_files. This fixes the sparse warning: + +fs/file.c:501:21: warning: symbol 'init_files' was not declared. Should it be static? + +Signed-off-by: Zhang Kunbo +Link: https://lore.kernel.org/r/20241217071836.2634868-1-zhangkunbo@huawei.com +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/file.c b/fs/file.c +index bd817e31d7986..a178efc8cf4b5 100644 +--- a/fs/file.c ++++ b/fs/file.c +@@ -21,6 +21,7 @@ + #include + #include + #include ++#include + + #include "internal.h" + +-- +2.39.5 + diff --git a/queue-6.6/hfs-sanity-check-the-root-record.patch b/queue-6.6/hfs-sanity-check-the-root-record.patch new file mode 100644 index 0000000000..d674071695 --- /dev/null +++ b/queue-6.6/hfs-sanity-check-the-root-record.patch @@ -0,0 +1,56 @@ +From 6a7a0dca1b44ac5f1f83a99d0f86a06ca826b534 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 30 Nov 2024 21:14:19 -0800 +Subject: hfs: Sanity check the root record + +From: Leo Stone + +[ Upstream commit b905bafdea21a75d75a96855edd9e0b6051eee30 ] + +In the syzbot reproducer, the hfs_cat_rec for the root dir has type +HFS_CDR_FIL after being read with hfs_bnode_read() in hfs_super_fill(). +This indicates it should be used as an hfs_cat_file, which is 102 bytes. +Only the first 70 bytes of that struct are initialized, however, +because the entrylength passed into hfs_bnode_read() is still the length of +a directory record. This causes uninitialized values to be used later on, +when the hfs_cat_rec union is treated as the larger hfs_cat_file struct. + +Add a check to make sure the retrieved record has the correct type +for the root directory (HFS_CDR_DIR), and make sure we load the correct +number of bytes for a directory record. + +Reported-by: syzbot+2db3c7526ba68f4ea776@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=2db3c7526ba68f4ea776 +Tested-by: syzbot+2db3c7526ba68f4ea776@syzkaller.appspotmail.com +Tested-by: Leo Stone +Signed-off-by: Leo Stone +Link: https://lore.kernel.org/r/20241201051420.77858-1-leocstone@gmail.com +Reviewed-by: Jan Kara +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/hfs/super.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/hfs/super.c b/fs/hfs/super.c +index 6764afa98a6ff..431bdc65f7231 100644 +--- a/fs/hfs/super.c ++++ b/fs/hfs/super.c +@@ -418,11 +418,13 @@ static int hfs_fill_super(struct super_block *sb, void *data, int silent) + goto bail_no_root; + res = hfs_cat_find_brec(sb, HFS_ROOT_CNID, &fd); + if (!res) { +- if (fd.entrylength > sizeof(rec) || fd.entrylength < 0) { ++ if (fd.entrylength != sizeof(rec.dir)) { + res = -EIO; + goto bail_hfs_find; + } + hfs_bnode_read(fd.bnode, &rec, fd.entryoffset, fd.entrylength); ++ if (rec.type != HFS_CDR_DIR) ++ res = -EIO; + } + if (res) + goto bail_hfs_find; +-- +2.39.5 + diff --git a/queue-6.6/iomap-avoid-avoid-truncating-64-bit-offset-to-32-bit.patch b/queue-6.6/iomap-avoid-avoid-truncating-64-bit-offset-to-32-bit.patch new file mode 100644 index 0000000000..02543c708e --- /dev/null +++ b/queue-6.6/iomap-avoid-avoid-truncating-64-bit-offset-to-32-bit.patch @@ -0,0 +1,39 @@ +From 4e3b2335478c5edd3f61de3a93822bf780c6b961 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 8 Jan 2025 20:11:50 -0800 +Subject: iomap: avoid avoid truncating 64-bit offset to 32 bits + +From: Marco Nelissen + +[ Upstream commit c13094b894de289514d84b8db56d1f2931a0bade ] + +on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a +32-bit position due to folio_next_index() returning an unsigned long. +This could lead to an infinite loop when writing to an xfs filesystem. + +Signed-off-by: Marco Nelissen +Link: https://lore.kernel.org/r/20250109041253.2494374-1-marco.nelissen@gmail.com +Reviewed-by: Darrick J. Wong +Reviewed-by: Christoph Hellwig +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/iomap/buffered-io.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c +index a05ee2cbb7793..e7e6701806ad2 100644 +--- a/fs/iomap/buffered-io.c ++++ b/fs/iomap/buffered-io.c +@@ -1095,7 +1095,7 @@ static int iomap_write_delalloc_scan(struct inode *inode, + } + + /* move offset to start of next folio in range */ +- start_byte = folio_next_index(folio) << PAGE_SHIFT; ++ start_byte = folio_pos(folio) + folio_size(folio); + folio_unlock(folio); + folio_put(folio); + } +-- +2.39.5 + diff --git a/queue-6.6/kheaders-ignore-silly-rename-files.patch b/queue-6.6/kheaders-ignore-silly-rename-files.patch new file mode 100644 index 0000000000..ead345c660 --- /dev/null +++ b/queue-6.6/kheaders-ignore-silly-rename-files.patch @@ -0,0 +1,60 @@ +From c8ee34cc063143012ae052660cf3b63e3b8aa648 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 13 Dec 2024 13:50:01 +0000 +Subject: kheaders: Ignore silly-rename files + +From: David Howells + +[ Upstream commit 973b710b8821c3401ad7a25360c89e94b26884ac ] + +Tell tar to ignore silly-rename files (".__afs*" and ".nfs*") when building +the header archive. These occur when a file that is open is unlinked +locally, but hasn't yet been closed. Such files are visible to the user +via the getdents() syscall and so programs may want to do things with them. + +During the kernel build, such files may be made during the processing of +header files and the cleanup may get deferred by fput() which may result in +tar seeing these files when it reads the directory, but they may have +disappeared by the time it tries to open them, causing tar to fail with an +error. Further, we don't want to include them in the tarball if they still +exist. + +With CONFIG_HEADERS_INSTALL=y, something like the following may be seen: + + find: './kernel/.tmp_cpio_dir/include/dt-bindings/reset/.__afs2080': No such file or directory + tar: ./include/linux/greybus/.__afs3C95: File removed before we read it + +The find warning doesn't seem to cause a problem. + +Fix this by telling tar when called from in gen_kheaders.sh to exclude such +files. This only affects afs and nfs; cifs uses the Windows Hidden +attribute to prevent the file from being seen. + +Signed-off-by: David Howells +Link: https://lore.kernel.org/r/20241213135013.2964079-2-dhowells@redhat.com +cc: Masahiro Yamada +cc: Marc Dionne +cc: linux-afs@lists.infradead.org +cc: linux-nfs@vger.kernel.org +cc: linux-kernel@vger.kernel.org +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + kernel/gen_kheaders.sh | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/gen_kheaders.sh b/kernel/gen_kheaders.sh +index 383fd43ac6122..7e1340da5acae 100755 +--- a/kernel/gen_kheaders.sh ++++ b/kernel/gen_kheaders.sh +@@ -89,6 +89,7 @@ find $cpio_dir -type f -print0 | + + # Create archive and try to normalize metadata for reproducibility. + tar "${KBUILD_BUILD_TIMESTAMP:+--mtime=$KBUILD_BUILD_TIMESTAMP}" \ ++ --exclude=".__afs*" --exclude=".nfs*" \ + --owner=0 --group=0 --sort=name --numeric-owner --mode=u=rw,go=r,a+X \ + -I $XZ -cf $tarfile -C $cpio_dir/ . > /dev/null + +-- +2.39.5 + diff --git a/queue-6.6/mac802154-check-local-interfaces-before-deleting-sda.patch b/queue-6.6/mac802154-check-local-interfaces-before-deleting-sda.patch new file mode 100644 index 0000000000..d53475e470 --- /dev/null +++ b/queue-6.6/mac802154-check-local-interfaces-before-deleting-sda.patch @@ -0,0 +1,100 @@ +From 1c3f3d133c33eea695666c412bb4947f763fdc1d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 13 Nov 2024 17:51:29 +0800 +Subject: mac802154: check local interfaces before deleting sdata list + +From: Lizhi Xu + +[ Upstream commit eb09fbeb48709fe66c0d708aed81e910a577a30a ] + +syzkaller reported a corrupted list in ieee802154_if_remove. [1] + +Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 +hardware device from the system. + +CPU0 CPU1 +==== ==== +genl_family_rcv_msg_doit ieee802154_unregister_hw +ieee802154_del_iface ieee802154_remove_interfaces +rdev_del_virtual_intf_deprecated list_del(&sdata->list) +ieee802154_if_remove +list_del_rcu + +The net device has been unregistered, since the rcu grace period, +unregistration must be run before ieee802154_if_remove. + +To avoid this issue, add a check for local->interfaces before deleting +sdata list. + +[1] +kernel BUG at lib/list_debug.c:58! +Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI +CPU: 0 UID: 0 PID: 6277 Comm: syz-executor157 Not tainted 6.12.0-rc6-syzkaller-00005-g557329bcecc2 #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 +RIP: 0010:__list_del_entry_valid_or_report+0xf4/0x140 lib/list_debug.c:56 +Code: e8 a1 7e 00 07 90 0f 0b 48 c7 c7 e0 37 60 8c 4c 89 fe e8 8f 7e 00 07 90 0f 0b 48 c7 c7 40 38 60 8c 4c 89 fe e8 7d 7e 00 07 90 <0f> 0b 48 c7 c7 a0 38 60 8c 4c 89 fe e8 6b 7e 00 07 90 0f 0b 48 c7 +RSP: 0018:ffffc9000490f3d0 EFLAGS: 00010246 +RAX: 000000000000004e RBX: dead000000000122 RCX: d211eee56bb28d00 +RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 +RBP: ffff88805b278dd8 R08: ffffffff8174a12c R09: 1ffffffff2852f0d +R10: dffffc0000000000 R11: fffffbfff2852f0e R12: dffffc0000000000 +R13: dffffc0000000000 R14: dead000000000100 R15: ffff88805b278cc0 +FS: 0000555572f94380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 000056262e4a3000 CR3: 0000000078496000 CR4: 00000000003526f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + __list_del_entry_valid include/linux/list.h:124 [inline] + __list_del_entry include/linux/list.h:215 [inline] + list_del_rcu include/linux/rculist.h:157 [inline] + ieee802154_if_remove+0x86/0x1e0 net/mac802154/iface.c:687 + rdev_del_virtual_intf_deprecated net/ieee802154/rdev-ops.h:24 [inline] + ieee802154_del_iface+0x2c0/0x5c0 net/ieee802154/nl-phy.c:323 + genl_family_rcv_msg_doit net/netlink/genetlink.c:1115 [inline] + genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] + genl_rcv_msg+0xb14/0xec0 net/netlink/genetlink.c:1210 + netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551 + genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 + netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline] + netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357 + netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901 + sock_sendmsg_nosec net/socket.c:729 [inline] + __sock_sendmsg+0x221/0x270 net/socket.c:744 + ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2607 + ___sys_sendmsg net/socket.c:2661 [inline] + __sys_sendmsg+0x292/0x380 net/socket.c:2690 + do_syscall_x64 arch/x86/entry/common.c:52 [inline] + do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 + entry_SYSCALL_64_after_hwframe+0x77/0x7f + +Reported-and-tested-by: syzbot+985f827280dc3a6e7e92@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=985f827280dc3a6e7e92 +Signed-off-by: Lizhi Xu +Reviewed-by: Miquel Raynal +Link: https://lore.kernel.org/20241113095129.1457225-1-lizhi.xu@windriver.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/mac802154/iface.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/mac802154/iface.c b/net/mac802154/iface.c +index c0e2da5072bea..9e4631fade90c 100644 +--- a/net/mac802154/iface.c ++++ b/net/mac802154/iface.c +@@ -684,6 +684,10 @@ void ieee802154_if_remove(struct ieee802154_sub_if_data *sdata) + ASSERT_RTNL(); + + mutex_lock(&sdata->local->iflist_mtx); ++ if (list_empty(&sdata->local->interfaces)) { ++ mutex_unlock(&sdata->local->iflist_mtx); ++ return; ++ } + list_del_rcu(&sdata->list); + mutex_unlock(&sdata->local->iflist_mtx); + +-- +2.39.5 + diff --git a/queue-6.6/nvmet-propagate-npwg-topology.patch b/queue-6.6/nvmet-propagate-npwg-topology.patch new file mode 100644 index 0000000000..6da1137c41 --- /dev/null +++ b/queue-6.6/nvmet-propagate-npwg-topology.patch @@ -0,0 +1,39 @@ +From a1dbf069d639fb13b3d499d2fdbb661fcb62ebac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 17 Dec 2024 18:33:25 -0800 +Subject: nvmet: propagate npwg topology + +From: Luis Chamberlain + +[ Upstream commit b579d6fdc3a9149bb4d2b3133cc0767130ed13e6 ] + +Ensure we propagate npwg to the target as well instead +of assuming its the same logical blocks per physical block. + +This ensures devices with large IUs information properly +propagated on the target. + +Signed-off-by: Luis Chamberlain +Reviewed-by: Sagi Grimberg +Signed-off-by: Keith Busch +Signed-off-by: Sasha Levin +--- + drivers/nvme/target/io-cmd-bdev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/nvme/target/io-cmd-bdev.c b/drivers/nvme/target/io-cmd-bdev.c +index 468833675cc94..c0b342cc93db3 100644 +--- a/drivers/nvme/target/io-cmd-bdev.c ++++ b/drivers/nvme/target/io-cmd-bdev.c +@@ -36,7 +36,7 @@ void nvmet_bdev_set_limits(struct block_device *bdev, struct nvme_id_ns *id) + */ + id->nsfeat |= 1 << 4; + /* NPWG = Namespace Preferred Write Granularity. 0's based */ +- id->npwg = lpp0b; ++ id->npwg = to0based(bdev_io_min(bdev) / bdev_logical_block_size(bdev)); + /* NPWA = Namespace Preferred Write Alignment. 0's based */ + id->npwa = id->npwg; + /* NPDG = Namespace Preferred Deallocate Granularity. 0's based */ +-- +2.39.5 + diff --git a/queue-6.6/poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch b/queue-6.6/poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch new file mode 100644 index 0000000000..c5c772f371 --- /dev/null +++ b/queue-6.6/poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch @@ -0,0 +1,67 @@ +From 7f3e31a6f122c22b8ab374541dd596889a119c76 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jan 2025 17:27:17 +0100 +Subject: poll_wait: add mb() to fix theoretical race between + waitqueue_active() and .poll() + +From: Oleg Nesterov + +[ Upstream commit cacd9ae4bf801ff4125d8961bb9a3ba955e51680 ] + +As the comment above waitqueue_active() explains, it can only be used +if both waker and waiter have mb()'s that pair with each other. However +__pollwait() is broken in this respect. + +This is not pipe-specific, but let's look at pipe_poll() for example: + + poll_wait(...); // -> __pollwait() -> add_wait_queue() + + LOAD(pipe->head); + LOAD(pipe->head); + +In theory these LOAD()'s can leak into the critical section inside +add_wait_queue() and can happen before list_add(entry, wq_head), in this +case pipe_poll() can race with wakeup_pipe_readers/writers which do + + smp_mb(); + if (waitqueue_active(wq_head)) + wake_up_interruptible(wq_head); + +There are more __pollwait()-like functions (grep init_poll_funcptr), and +it seems that at least ep_ptable_queue_proc() has the same problem, so the +patch adds smp_mb() into poll_wait(). + +Link: https://lore.kernel.org/all/20250102163320.GA17691@redhat.com/ +Signed-off-by: Oleg Nesterov +Link: https://lore.kernel.org/r/20250107162717.GA18922@redhat.com +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + include/linux/poll.h | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/include/linux/poll.h b/include/linux/poll.h +index d1ea4f3714a84..fc641b50f1298 100644 +--- a/include/linux/poll.h ++++ b/include/linux/poll.h +@@ -41,8 +41,16 @@ typedef struct poll_table_struct { + + static inline void poll_wait(struct file * filp, wait_queue_head_t * wait_address, poll_table *p) + { +- if (p && p->_qproc && wait_address) ++ if (p && p->_qproc && wait_address) { + p->_qproc(filp, wait_address, p); ++ /* ++ * This memory barrier is paired in the wq_has_sleeper(). ++ * See the comment above prepare_to_wait(), we need to ++ * ensure that subsequent tests in this thread can't be ++ * reordered with __add_wait_queue() in _qproc() paths. ++ */ ++ smp_mb(); ++ } + } + + /* +-- +2.39.5 + diff --git a/queue-6.6/rdma-bnxt_re-fix-to-export-port-num-to-ib_query_qp.patch b/queue-6.6/rdma-bnxt_re-fix-to-export-port-num-to-ib_query_qp.patch new file mode 100644 index 0000000000..8101f9bf3c --- /dev/null +++ b/queue-6.6/rdma-bnxt_re-fix-to-export-port-num-to-ib_query_qp.patch @@ -0,0 +1,81 @@ +From b2ebf58bd86949a50e60f6cb5ae7315ea4c6b2f8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 11 Dec 2024 14:09:30 +0530 +Subject: RDMA/bnxt_re: Fix to export port num to ib_query_qp + +From: Hongguang Gao + +[ Upstream commit 34db8ec931b84d1426423f263b1927539e73b397 ] + +Current driver implementation doesn't populate the port_num +field in query_qp. Adding the code to convert internal firmware +port id to ibv defined port number and export it. + +Reviewed-by: Saravanan Vajravel +Reviewed-by: Kalesh AP +Signed-off-by: Hongguang Gao +Signed-off-by: Selvin Xavier +Link: https://patch.msgid.link/20241211083931.968831-5-kalesh-anakkur.purayil@broadcom.com +Signed-off-by: Leon Romanovsky +Signed-off-by: Sasha Levin +--- + drivers/infiniband/hw/bnxt_re/ib_verbs.c | 1 + + drivers/infiniband/hw/bnxt_re/ib_verbs.h | 4 ++++ + drivers/infiniband/hw/bnxt_re/qplib_fp.c | 1 + + drivers/infiniband/hw/bnxt_re/qplib_fp.h | 1 + + 4 files changed, 7 insertions(+) + +diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.c b/drivers/infiniband/hw/bnxt_re/ib_verbs.c +index 13c65ec582568..08da793969ee5 100644 +--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.c ++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.c +@@ -2220,6 +2220,7 @@ int bnxt_re_query_qp(struct ib_qp *ib_qp, struct ib_qp_attr *qp_attr, + qp_attr->retry_cnt = qplib_qp->retry_cnt; + qp_attr->rnr_retry = qplib_qp->rnr_retry; + qp_attr->min_rnr_timer = qplib_qp->min_rnr_timer; ++ qp_attr->port_num = __to_ib_port_num(qplib_qp->port_id); + qp_attr->rq_psn = qplib_qp->rq.psn; + qp_attr->max_rd_atomic = qplib_qp->max_rd_atomic; + qp_attr->sq_psn = qplib_qp->sq.psn; +diff --git a/drivers/infiniband/hw/bnxt_re/ib_verbs.h b/drivers/infiniband/hw/bnxt_re/ib_verbs.h +index 98baea98fc176..ef910e6e2ccb7 100644 +--- a/drivers/infiniband/hw/bnxt_re/ib_verbs.h ++++ b/drivers/infiniband/hw/bnxt_re/ib_verbs.h +@@ -245,6 +245,10 @@ void bnxt_re_dealloc_ucontext(struct ib_ucontext *context); + int bnxt_re_mmap(struct ib_ucontext *context, struct vm_area_struct *vma); + void bnxt_re_mmap_free(struct rdma_user_mmap_entry *rdma_entry); + ++static inline u32 __to_ib_port_num(u16 port_id) ++{ ++ return (u32)port_id + 1; ++} + + unsigned long bnxt_re_lock_cqs(struct bnxt_re_qp *qp); + void bnxt_re_unlock_cqs(struct bnxt_re_qp *qp, unsigned long flags); +diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c +index 871a49315c880..c4f10498c79d8 100644 +--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c ++++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c +@@ -1460,6 +1460,7 @@ int bnxt_qplib_query_qp(struct bnxt_qplib_res *res, struct bnxt_qplib_qp *qp) + qp->dest_qpn = le32_to_cpu(sb->dest_qp_id); + memcpy(qp->smac, sb->src_mac, 6); + qp->vlan_id = le16_to_cpu(sb->vlan_pcp_vlan_dei_vlan_id); ++ qp->port_id = le16_to_cpu(sb->port_id); + bail: + dma_free_coherent(&rcfw->pdev->dev, sbuf.size, + sbuf.sb, sbuf.dma_addr); +diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.h b/drivers/infiniband/hw/bnxt_re/qplib_fp.h +index b5c53e864fbb3..55fd840359ef2 100644 +--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.h ++++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.h +@@ -297,6 +297,7 @@ struct bnxt_qplib_qp { + u32 dest_qpn; + u8 smac[6]; + u16 vlan_id; ++ u16 port_id; + u8 nw_type; + struct bnxt_qplib_ah ah; + +-- +2.39.5 + diff --git a/queue-6.6/scsi-ufs-core-honor-runtime-system-pm-levels-if-set-.patch b/queue-6.6/scsi-ufs-core-honor-runtime-system-pm-levels-if-set-.patch new file mode 100644 index 0000000000..86598b687f --- /dev/null +++ b/queue-6.6/scsi-ufs-core-honor-runtime-system-pm-levels-if-set-.patch @@ -0,0 +1,50 @@ +From 287882129f683b861014f3213e7608bbf9d5930f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Dec 2024 22:20:42 +0530 +Subject: scsi: ufs: core: Honor runtime/system PM levels if set by host + controller drivers + +From: Manivannan Sadhasivam + +[ Upstream commit bb9850704c043e48c86cc9df90ee102e8a338229 ] + +Otherwise, the default levels will override the levels set by the host +controller drivers. + +Signed-off-by: Manivannan Sadhasivam +Link: https://lore.kernel.org/r/20241219-ufs-qcom-suspend-fix-v3-2-63c4b95a70b9@linaro.org +Reviewed-by: Bart Van Assche +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/ufs/core/ufshcd.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/drivers/ufs/core/ufshcd.c b/drivers/ufs/core/ufshcd.c +index 02696c7f9beff..0ac0b6aaf9c62 100644 +--- a/drivers/ufs/core/ufshcd.c ++++ b/drivers/ufs/core/ufshcd.c +@@ -10483,14 +10483,17 @@ int ufshcd_init(struct ufs_hba *hba, void __iomem *mmio_base, unsigned int irq) + } + + /* +- * Set the default power management level for runtime and system PM. ++ * Set the default power management level for runtime and system PM if ++ * not set by the host controller drivers. + * Default power saving mode is to keep UFS link in Hibern8 state + * and UFS device in sleep state. + */ +- hba->rpm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state( ++ if (!hba->rpm_lvl) ++ hba->rpm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state( + UFS_SLEEP_PWR_MODE, + UIC_LINK_HIBERN8_STATE); +- hba->spm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state( ++ if (!hba->spm_lvl) ++ hba->spm_lvl = ufs_get_desired_pm_lvl_for_dev_link_state( + UFS_SLEEP_PWR_MODE, + UIC_LINK_HIBERN8_STATE); + +-- +2.39.5 + diff --git a/queue-6.6/selftests-tc-testing-reduce-rshift-value.patch b/queue-6.6/selftests-tc-testing-reduce-rshift-value.patch new file mode 100644 index 0000000000..5239fd5b5f --- /dev/null +++ b/queue-6.6/selftests-tc-testing-reduce-rshift-value.patch @@ -0,0 +1,41 @@ +From 1119038dab774c67387ab055cf3b9664d6ae94e4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jan 2025 10:24:58 -0800 +Subject: selftests: tc-testing: reduce rshift value + +From: Jakub Kicinski + +[ Upstream commit e95274dfe86490ec2a5633035c24b2de6722841f ] + +After previous change rshift >= 32 is no longer allowed. +Modify the test to use 31, the test doesn't seem to send +any traffic so the exact value shouldn't matter. + +Reviewed-by: Eric Dumazet +Link: https://patch.msgid.link/20250103182458.1213486-1-kuba@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/tc-testing/tc-tests/filters/flow.json | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json b/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json +index 58189327f6444..383fbda07245c 100644 +--- a/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json ++++ b/tools/testing/selftests/tc-testing/tc-tests/filters/flow.json +@@ -78,10 +78,10 @@ + "setup": [ + "$TC qdisc add dev $DEV1 ingress" + ], +- "cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: handle 1 prio 1 protocol ip flow map key dst rshift 0xff", ++ "cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: handle 1 prio 1 protocol ip flow map key dst rshift 0x1f", + "expExitCode": "0", + "verifyCmd": "$TC filter get dev $DEV1 parent ffff: handle 1 protocol ip prio 1 flow", +- "matchPattern": "filter parent ffff: protocol ip pref 1 flow chain [0-9]+ handle 0x1 map keys dst rshift 255 baseclass", ++ "matchPattern": "filter parent ffff: protocol ip pref 1 flow chain [0-9]+ handle 0x1 map keys dst rshift 31 baseclass", + "matchCount": "1", + "teardown": [ + "$TC qdisc del dev $DEV1 ingress" +-- +2.39.5 + diff --git a/queue-6.6/series b/queue-6.6/series index c9eac30a35..621072fa7f 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -22,3 +22,15 @@ revert-mtd-spi-nor-core-replace-dummy-buswidth-from-.patch i2c-mux-demux-pinctrl-check-initial-mux-selection-to.patch i2c-rcar-fix-nack-handling-when-being-a-target.patch smb-client-fix-double-free-of-tcp_server_info-hostna.patch +mac802154-check-local-interfaces-before-deleting-sda.patch +hfs-sanity-check-the-root-record.patch +fs-fix-missing-declaration-of-init_files.patch +kheaders-ignore-silly-rename-files.patch +cachefiles-parse-the-secctx-immediately.patch +scsi-ufs-core-honor-runtime-system-pm-levels-if-set-.patch +selftests-tc-testing-reduce-rshift-value.patch +acpi-resource-acpi_dev_irq_override-check-dmi-match-.patch +iomap-avoid-avoid-truncating-64-bit-offset-to-32-bit.patch +poll_wait-add-mb-to-fix-theoretical-race-between-wai.patch +rdma-bnxt_re-fix-to-export-port-num-to-ib_query_qp.patch +nvmet-propagate-npwg-topology.patch