From: Greg Kroah-Hartman Date: Mon, 21 Feb 2022 07:18:08 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.9.303~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=811022a239b18dfe6e36274f803c11b226f825dd;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch lockdep-correct-lock_classes-index-mapping.patch --- diff --git a/queue-5.10/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch b/queue-5.10/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch new file mode 100644 index 00000000000..cedc14aa556 --- /dev/null +++ b/queue-5.10/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch @@ -0,0 +1,112 @@ +From ddc204b517e60ae64db34f9832dc41dafa77c751 Mon Sep 17 00:00:00 2001 +From: Waiman Long +Date: Tue, 8 Feb 2022 11:39:12 -0500 +Subject: copy_process(): Move fd_install() out of sighand->siglock critical section + +From: Waiman Long + +commit ddc204b517e60ae64db34f9832dc41dafa77c751 upstream. + +I was made aware of the following lockdep splat: + +[ 2516.308763] ===================================================== +[ 2516.309085] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected +[ 2516.309433] 5.14.0-51.el9.aarch64+debug #1 Not tainted +[ 2516.309703] ----------------------------------------------------- +[ 2516.310149] stress-ng/153663 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: +[ 2516.310512] ffff0000e422b198 (&newf->file_lock){+.+.}-{2:2}, at: fd_install+0x368/0x4f0 +[ 2516.310944] + and this task is already holding: +[ 2516.311248] ffff0000c08140d8 (&sighand->siglock){-.-.}-{2:2}, at: copy_process+0x1e2c/0x3e80 +[ 2516.311804] which would create a new lock dependency: +[ 2516.312066] (&sighand->siglock){-.-.}-{2:2} -> (&newf->file_lock){+.+.}-{2:2} +[ 2516.312446] + but this new dependency connects a HARDIRQ-irq-safe lock: +[ 2516.312983] (&sighand->siglock){-.-.}-{2:2} + : +[ 2516.330700] Possible interrupt unsafe locking scenario: + +[ 2516.331075] CPU0 CPU1 +[ 2516.331328] ---- ---- +[ 2516.331580] lock(&newf->file_lock); +[ 2516.331790] local_irq_disable(); +[ 2516.332231] lock(&sighand->siglock); +[ 2516.332579] lock(&newf->file_lock); +[ 2516.332922] +[ 2516.333069] lock(&sighand->siglock); +[ 2516.333291] + *** DEADLOCK *** +[ 2516.389845] + stack backtrace: +[ 2516.390101] CPU: 3 PID: 153663 Comm: stress-ng Kdump: loaded Not tainted 5.14.0-51.el9.aarch64+debug #1 +[ 2516.390756] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 +[ 2516.391155] Call trace: +[ 2516.391302] dump_backtrace+0x0/0x3e0 +[ 2516.391518] show_stack+0x24/0x30 +[ 2516.391717] dump_stack_lvl+0x9c/0xd8 +[ 2516.391938] dump_stack+0x1c/0x38 +[ 2516.392247] print_bad_irq_dependency+0x620/0x710 +[ 2516.392525] check_irq_usage+0x4fc/0x86c +[ 2516.392756] check_prev_add+0x180/0x1d90 +[ 2516.392988] validate_chain+0x8e0/0xee0 +[ 2516.393215] __lock_acquire+0x97c/0x1e40 +[ 2516.393449] lock_acquire.part.0+0x240/0x570 +[ 2516.393814] lock_acquire+0x90/0xb4 +[ 2516.394021] _raw_spin_lock+0xe8/0x154 +[ 2516.394244] fd_install+0x368/0x4f0 +[ 2516.394451] copy_process+0x1f5c/0x3e80 +[ 2516.394678] kernel_clone+0x134/0x660 +[ 2516.394895] __do_sys_clone3+0x130/0x1f4 +[ 2516.395128] __arm64_sys_clone3+0x5c/0x7c +[ 2516.395478] invoke_syscall.constprop.0+0x78/0x1f0 +[ 2516.395762] el0_svc_common.constprop.0+0x22c/0x2c4 +[ 2516.396050] do_el0_svc+0xb0/0x10c +[ 2516.396252] el0_svc+0x24/0x34 +[ 2516.396436] el0t_64_sync_handler+0xa4/0x12c +[ 2516.396688] el0t_64_sync+0x198/0x19c +[ 2517.491197] NET: Registered PF_ATMPVC protocol family +[ 2517.491524] NET: Registered PF_ATMSVC protocol family +[ 2591.991877] sched: RT throttling activated + +One way to solve this problem is to move the fd_install() call out of +the sighand->siglock critical section. + +Before commit 6fd2fe494b17 ("copy_process(): don't use ksys_close() +on cleanups"), the pidfd installation was done without holding both +the task_list lock and the sighand->siglock. Obviously, holding these +two locks are not really needed to protect the fd_install() call. +So move the fd_install() call down to after the releases of both locks. + +Link: https://lore.kernel.org/r/20220208163912.1084752-1-longman@redhat.com +Fixes: 6fd2fe494b17 ("copy_process(): don't use ksys_close() on cleanups") +Reviewed-by: "Eric W. Biederman" +Signed-off-by: Waiman Long +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + kernel/fork.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -2258,10 +2258,6 @@ static __latent_entropy struct task_stru + goto bad_fork_cancel_cgroup; + } + +- /* past the last point of failure */ +- if (pidfile) +- fd_install(pidfd, pidfile); +- + init_task_pid_links(p); + if (likely(p->pid)) { + ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); +@@ -2310,6 +2306,9 @@ static __latent_entropy struct task_stru + syscall_tracepoint_update(p); + write_unlock_irq(&tasklist_lock); + ++ if (pidfile) ++ fd_install(pidfd, pidfile); ++ + proc_fork_connector(p); + sched_post_fork(p, args); + cgroup_post_fork(p, args); diff --git a/queue-5.10/dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch b/queue-5.10/dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch new file mode 100644 index 00000000000..2b0158964d4 --- /dev/null +++ b/queue-5.10/dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch @@ -0,0 +1,37 @@ +From da2ad87fba0891576aadda9161b8505fde81a84d Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Tue, 11 Jan 2022 09:12:39 +0800 +Subject: dmaengine: sh: rcar-dmac: Check for error num after dma_set_max_seg_size + +From: Jiasheng Jiang + +commit da2ad87fba0891576aadda9161b8505fde81a84d upstream. + +As the possible failure of the dma_set_max_seg_size(), it should be +better to check the return value of the dma_set_max_seg_size(). + +Fixes: 97d49c59e219 ("dmaengine: rcar-dmac: set scatter/gather max segment size") +Reported-by: Geert Uytterhoeven +Signed-off-by: Jiasheng Jiang +Reviewed-by: Geert Uytterhoeven +Link: https://lore.kernel.org/r/20220111011239.452837-1-jiasheng@iscas.ac.cn +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/sh/rcar-dmac.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/dma/sh/rcar-dmac.c ++++ b/drivers/dma/sh/rcar-dmac.c +@@ -1844,7 +1844,10 @@ static int rcar_dmac_probe(struct platfo + + dmac->dev = &pdev->dev; + platform_set_drvdata(pdev, dmac); +- dma_set_max_seg_size(dmac->dev, RCAR_DMATCR_MASK); ++ ret = dma_set_max_seg_size(dmac->dev, RCAR_DMATCR_MASK); ++ if (ret) ++ return ret; ++ + ret = dma_set_mask_and_coherent(dmac->dev, DMA_BIT_MASK(40)); + if (ret) + return ret; diff --git a/queue-5.10/dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch b/queue-5.10/dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch new file mode 100644 index 00000000000..e689632fc87 --- /dev/null +++ b/queue-5.10/dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch @@ -0,0 +1,39 @@ +From e831c7aba950f3ae94002b10321279654525e5ec Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Sat, 8 Jan 2022 08:53:36 +0000 +Subject: dmaengine: stm32-dmamux: Fix PM disable depth imbalance in stm32_dmamux_probe + +From: Miaoqian Lin + +commit e831c7aba950f3ae94002b10321279654525e5ec upstream. + +The pm_runtime_enable will increase power disable depth. +If the probe fails, we should use pm_runtime_disable() to balance +pm_runtime_enable(). + +Fixes: 4f3ceca254e0 ("dmaengine: stm32-dmamux: Add PM Runtime support") +Signed-off-by: Miaoqian Lin +Reviewed-by: Amelie Delaunay +Link: https://lore.kernel.org/r/20220108085336.11992-1-linmq006@gmail.com +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/stm32-dmamux.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/dma/stm32-dmamux.c ++++ b/drivers/dma/stm32-dmamux.c +@@ -292,10 +292,12 @@ static int stm32_dmamux_probe(struct pla + ret = of_dma_router_register(node, stm32_dmamux_route_allocate, + &stm32_dmamux->dmarouter); + if (ret) +- goto err_clk; ++ goto pm_disable; + + return 0; + ++pm_disable: ++ pm_runtime_disable(&pdev->dev); + err_clk: + clk_disable_unprepare(stm32_dmamux->clk); + diff --git a/queue-5.10/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch b/queue-5.10/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch new file mode 100644 index 00000000000..00e3626ed5e --- /dev/null +++ b/queue-5.10/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch @@ -0,0 +1,36 @@ +From 834cea3a252ed4847db076a769ad9efe06afe2d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Tue, 15 Feb 2022 08:27:35 +0100 +Subject: i2c: brcmstb: fix support for DSL and CM variants +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit 834cea3a252ed4847db076a769ad9efe06afe2d5 upstream. + +DSL and CM (Cable Modem) support 8 B max transfer size and have a custom +DT binding for that reason. This driver was checking for a wrong +"compatible" however which resulted in an incorrect setup. + +Fixes: e2e5a2c61837 ("i2c: brcmstb: Adding support for CM and DSL SoCs") +Signed-off-by: Rafał Miłecki +Acked-by: Florian Fainelli +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-brcmstb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-brcmstb.c ++++ b/drivers/i2c/busses/i2c-brcmstb.c +@@ -674,7 +674,7 @@ static int brcmstb_i2c_probe(struct plat + + /* set the data in/out register size for compatible SoCs */ + if (of_device_is_compatible(dev->device->of_node, +- "brcmstb,brcmper-i2c")) ++ "brcm,brcmper-i2c")) + dev->data_regsz = sizeof(u8); + else + dev->data_regsz = sizeof(u32); diff --git a/queue-5.10/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch b/queue-5.10/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch new file mode 100644 index 00000000000..24c8abcafa2 --- /dev/null +++ b/queue-5.10/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch @@ -0,0 +1,40 @@ +From a0d48505a1d68e27220369e2dd1e3573a2f362d2 Mon Sep 17 00:00:00 2001 +From: Vladimir Zapolskiy +Date: Thu, 3 Feb 2022 18:47:00 +0200 +Subject: i2c: qcom-cci: don't delete an unregistered adapter + +From: Vladimir Zapolskiy + +commit a0d48505a1d68e27220369e2dd1e3573a2f362d2 upstream. + +If i2c_add_adapter() fails to add an I2C adapter found on QCOM CCI +controller, on error path i2c_del_adapter() is still called. + +Fortunately there is a sanity check in the I2C core, so the only +visible implication is a printed debug level message: + + i2c-core: attempting to delete unregistered adapter [Qualcomm-CCI] + +Nevertheless it would be reasonable to correct the probe error path. + +Fixes: e517526195de ("i2c: Add Qualcomm CCI I2C driver") +Signed-off-by: Vladimir Zapolskiy +Reviewed-by: Robert Foss +Reviewed-by: Bjorn Andersson +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-qcom-cci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-qcom-cci.c ++++ b/drivers/i2c/busses/i2c-qcom-cci.c +@@ -655,7 +655,7 @@ static int cci_probe(struct platform_dev + return 0; + + error_i2c: +- for (; i >= 0; i--) { ++ for (--i ; i >= 0; i--) { + if (cci->master[i].cci) + i2c_del_adapter(&cci->master[i].adap); + } diff --git a/queue-5.10/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch b/queue-5.10/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch new file mode 100644 index 00000000000..d064b7e7335 --- /dev/null +++ b/queue-5.10/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch @@ -0,0 +1,71 @@ +From 02a4a69667a2ad32f3b52ca906f19628fbdd8a01 Mon Sep 17 00:00:00 2001 +From: Vladimir Zapolskiy +Date: Thu, 3 Feb 2022 18:47:03 +0200 +Subject: i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() + +From: Vladimir Zapolskiy + +commit 02a4a69667a2ad32f3b52ca906f19628fbdd8a01 upstream. + +There is a minor chance for a race, if a pointer to an i2c-bus subnode +is stored and then reused after releasing its reference, and it would +be sufficient to get one more reference under a loop over children +subnodes. + +Fixes: e517526195de ("i2c: Add Qualcomm CCI I2C driver") +Signed-off-by: Vladimir Zapolskiy +Reviewed-by: Robert Foss +Reviewed-by: Bjorn Andersson +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-qcom-cci.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/i2c/busses/i2c-qcom-cci.c ++++ b/drivers/i2c/busses/i2c-qcom-cci.c +@@ -558,7 +558,7 @@ static int cci_probe(struct platform_dev + cci->master[idx].adap.quirks = &cci->data->quirks; + cci->master[idx].adap.algo = &cci_algo; + cci->master[idx].adap.dev.parent = dev; +- cci->master[idx].adap.dev.of_node = child; ++ cci->master[idx].adap.dev.of_node = of_node_get(child); + cci->master[idx].master = idx; + cci->master[idx].cci = cci; + +@@ -643,8 +643,10 @@ static int cci_probe(struct platform_dev + continue; + + ret = i2c_add_adapter(&cci->master[i].adap); +- if (ret < 0) ++ if (ret < 0) { ++ of_node_put(cci->master[i].adap.dev.of_node); + goto error_i2c; ++ } + } + + pm_runtime_set_autosuspend_delay(dev, MSEC_PER_SEC); +@@ -656,8 +658,10 @@ static int cci_probe(struct platform_dev + + error_i2c: + for (--i ; i >= 0; i--) { +- if (cci->master[i].cci) ++ if (cci->master[i].cci) { + i2c_del_adapter(&cci->master[i].adap); ++ of_node_put(cci->master[i].adap.dev.of_node); ++ } + } + error: + disable_irq(cci->irq); +@@ -673,8 +677,10 @@ static int cci_remove(struct platform_de + int i; + + for (i = 0; i < cci->data->num_masters; i++) { +- if (cci->master[i].cci) ++ if (cci->master[i].cci) { + i2c_del_adapter(&cci->master[i].adap); ++ of_node_put(cci->master[i].adap.dev.of_node); ++ } + cci_halt(cci, i); + } + diff --git a/queue-5.10/lockdep-correct-lock_classes-index-mapping.patch b/queue-5.10/lockdep-correct-lock_classes-index-mapping.patch new file mode 100644 index 00000000000..bc3108be795 --- /dev/null +++ b/queue-5.10/lockdep-correct-lock_classes-index-mapping.patch @@ -0,0 +1,70 @@ +From 28df029d53a2fd80c1b8674d47895648ad26dcfb Mon Sep 17 00:00:00 2001 +From: Cheng Jui Wang +Date: Thu, 10 Feb 2022 18:50:11 +0800 +Subject: lockdep: Correct lock_classes index mapping + +From: Cheng Jui Wang + +commit 28df029d53a2fd80c1b8674d47895648ad26dcfb upstream. + +A kernel exception was hit when trying to dump /proc/lockdep_chains after +lockdep report "BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!": + +Unable to handle kernel paging request at virtual address 00054005450e05c3 +... +00054005450e05c3] address between user and kernel address ranges +... +pc : [0xffffffece769b3a8] string+0x50/0x10c +lr : [0xffffffece769ac88] vsnprintf+0x468/0x69c +... + Call trace: + string+0x50/0x10c + vsnprintf+0x468/0x69c + seq_printf+0x8c/0xd8 + print_name+0x64/0xf4 + lc_show+0xb8/0x128 + seq_read_iter+0x3cc/0x5fc + proc_reg_read_iter+0xdc/0x1d4 + +The cause of the problem is the function lock_chain_get_class() will +shift lock_classes index by 1, but the index don't need to be shifted +anymore since commit 01bb6f0af992 ("locking/lockdep: Change the range +of class_idx in held_lock struct") already change the index to start +from 0. + +The lock_classes[-1] located at chain_hlocks array. When printing +lock_classes[-1] after the chain_hlocks entries are modified, the +exception happened. + +The output of lockdep_chains are incorrect due to this problem too. + +Fixes: f611e8cf98ec ("lockdep: Take read/write status in consideration when generate chainkey") +Signed-off-by: Cheng Jui Wang +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Boqun Feng +Link: https://lore.kernel.org/r/20220210105011.21712-1-cheng-jui.wang@mediatek.com +Signed-off-by: Greg Kroah-Hartman +--- + kernel/locking/lockdep.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -3387,7 +3387,7 @@ struct lock_class *lock_chain_get_class( + u16 chain_hlock = chain_hlocks[chain->base + i]; + unsigned int class_idx = chain_hlock_class_idx(chain_hlock); + +- return lock_classes + class_idx - 1; ++ return lock_classes + class_idx; + } + + /* +@@ -3455,7 +3455,7 @@ static void print_chain_keys_chain(struc + hlock_id = chain_hlocks[chain->base + i]; + chain_key = print_chain_key_iteration(hlock_id, chain_key); + +- print_lock_name(lock_classes + chain_hlock_class_idx(hlock_id) - 1); ++ print_lock_name(lock_classes + chain_hlock_class_idx(hlock_id)); + printk("\n"); + } + } diff --git a/queue-5.10/series b/queue-5.10/series index 5285782c19e..ba5c0e213f9 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -112,3 +112,10 @@ scsi-lpfc-fix-pt2pt-nvme-prli-reject-logo-loop.patch edac-fix-calculation-of-returned-address-and-next-offset-in-edac_align_ptr.patch net-sched-limit-tc_act_repeat-loops.patch dmaengine-sh-rcar-dmac-check-for-error-num-after-setting-mask.patch +dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch +dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch +i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch +i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch +copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch +i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch +lockdep-correct-lock_classes-index-mapping.patch