From: Sasha Levin Date: Thu, 3 Mar 2022 12:11:16 +0000 (-0500) Subject: Fixes for 5.16 X-Git-Tag: v4.9.305~113 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8341c6558d837a7c9e6ca9fde2666c04a414523e;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.16 Signed-off-by: Sasha Levin --- diff --git a/queue-5.16/asoc-rt5668-do-not-block-workqueue-if-card-is-unboun.patch b/queue-5.16/asoc-rt5668-do-not-block-workqueue-if-card-is-unboun.patch new file mode 100644 index 00000000000..987511d9ddd --- /dev/null +++ b/queue-5.16/asoc-rt5668-do-not-block-workqueue-if-card-is-unboun.patch @@ -0,0 +1,66 @@ +From 15d87134d40773f482b2d6c198b832d189b92ed7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Feb 2022 17:29:59 +0200 +Subject: ASoC: rt5668: do not block workqueue if card is unbound +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Kai Vehmanen + +[ Upstream commit a6d78661dc903d90a327892bbc34268f3a5f4b9c ] + +The current rt5668_jack_detect_handler() assumes the component +and card will always show up and implements an infinite usleep +loop waiting for them to show up. + +This does not hold true if a codec interrupt (or other +event) occurs when the card is unbound. The codec driver's +remove or shutdown functions cannot cancel the workqueue due +to the wait loop. As a result, code can either end up blocking +the workqueue, or hit a kernel oops when the card is freed. + +Fix the issue by rescheduling the jack detect handler in +case the card is not ready. In case card never shows up, +the shutdown/remove/suspend calls can now cancel the detect +task. + +Signed-off-by: Kai Vehmanen +Reviewed-by: Bard Liao +Reviewed-by: Ranjani Sridharan +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Péter Ujfalusi +Reviewed-by: Shuming Fan +Link: https://lore.kernel.org/r/20220207153000.3452802-2-kai.vehmanen@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5668.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/sound/soc/codecs/rt5668.c b/sound/soc/codecs/rt5668.c +index fb09715bf9328..5b12cbf2ba215 100644 +--- a/sound/soc/codecs/rt5668.c ++++ b/sound/soc/codecs/rt5668.c +@@ -1022,11 +1022,13 @@ static void rt5668_jack_detect_handler(struct work_struct *work) + container_of(work, struct rt5668_priv, jack_detect_work.work); + int val, btn_type; + +- while (!rt5668->component) +- usleep_range(10000, 15000); +- +- while (!rt5668->component->card->instantiated) +- usleep_range(10000, 15000); ++ if (!rt5668->component || !rt5668->component->card || ++ !rt5668->component->card->instantiated) { ++ /* card not yet ready, try later */ ++ mod_delayed_work(system_power_efficient_wq, ++ &rt5668->jack_detect_work, msecs_to_jiffies(15)); ++ return; ++ } + + mutex_lock(&rt5668->calibrate_mutex); + +-- +2.34.1 + diff --git a/queue-5.16/asoc-rt5682-do-not-block-workqueue-if-card-is-unboun.patch b/queue-5.16/asoc-rt5682-do-not-block-workqueue-if-card-is-unboun.patch new file mode 100644 index 00000000000..029a9c4ec96 --- /dev/null +++ b/queue-5.16/asoc-rt5682-do-not-block-workqueue-if-card-is-unboun.patch @@ -0,0 +1,66 @@ +From cce6d9757e0440e4964b0dc549d7d027fc065898 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Feb 2022 17:30:00 +0200 +Subject: ASoC: rt5682: do not block workqueue if card is unbound +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Kai Vehmanen + +[ Upstream commit 4c33de0673ced9c7c37b3bbd9bfe0fda72340b2a ] + +The current rt5682_jack_detect_handler() assumes the component +and card will always show up and implements an infinite usleep +loop waiting for them to show up. + +This does not hold true if a codec interrupt (or other +event) occurs when the card is unbound. The codec driver's +remove or shutdown functions cannot cancel the workqueue due +to the wait loop. As a result, code can either end up blocking +the workqueue, or hit a kernel oops when the card is freed. + +Fix the issue by rescheduling the jack detect handler in +case the card is not ready. In case card never shows up, +the shutdown/remove/suspend calls can now cancel the detect +task. + +Signed-off-by: Kai Vehmanen +Reviewed-by: Bard Liao +Reviewed-by: Ranjani Sridharan +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Péter Ujfalusi +Reviewed-by: Shuming Fan +Link: https://lore.kernel.org/r/20220207153000.3452802-3-kai.vehmanen@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5682.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/sound/soc/codecs/rt5682.c b/sound/soc/codecs/rt5682.c +index 7e6e2f26accd0..e3643ae6de66d 100644 +--- a/sound/soc/codecs/rt5682.c ++++ b/sound/soc/codecs/rt5682.c +@@ -1092,11 +1092,13 @@ void rt5682_jack_detect_handler(struct work_struct *work) + struct snd_soc_dapm_context *dapm; + int val, btn_type; + +- while (!rt5682->component) +- usleep_range(10000, 15000); +- +- while (!rt5682->component->card->instantiated) +- usleep_range(10000, 15000); ++ if (!rt5682->component || !rt5682->component->card || ++ !rt5682->component->card->instantiated) { ++ /* card not yet ready, try later */ ++ mod_delayed_work(system_power_efficient_wq, ++ &rt5682->jack_detect_work, msecs_to_jiffies(15)); ++ return; ++ } + + dapm = snd_soc_component_get_dapm(rt5682->component); + +-- +2.34.1 + diff --git a/queue-5.16/asoc-rt5682s-do-not-block-workqueue-if-card-is-unbou.patch b/queue-5.16/asoc-rt5682s-do-not-block-workqueue-if-card-is-unbou.patch new file mode 100644 index 00000000000..0df21853383 --- /dev/null +++ b/queue-5.16/asoc-rt5682s-do-not-block-workqueue-if-card-is-unbou.patch @@ -0,0 +1,66 @@ +From 6c4cc1b5c04a58cf3db535b6265849e60b390858 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 7 Feb 2022 17:29:58 +0200 +Subject: ASoC: rt5682s: do not block workqueue if card is unbound +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Kai Vehmanen + +[ Upstream commit d7b530fdc45e75a54914a194c4becd9672a4e24f ] + +The current rt5682s_jack_detect_handler() assumes the component +and card will always show up and implements an infinite usleep +loop waiting for them to show up. + +This does not hold true if a codec interrupt (or other +event) occurs when the card is unbound. The codec driver's +remove or shutdown functions cannot cancel the workqueue due +to the wait loop. As a result, code can either end up blocking +the workqueue, or hit a kernel oops when the card is freed. + +Fix the issue by rescheduling the jack detect handler in +case the card is not ready. In case card never shows up, +the shutdown/remove/suspend calls can now cancel the detect +task. + +Signed-off-by: Kai Vehmanen +Reviewed-by: Bard Liao +Reviewed-by: Ranjani Sridharan +Reviewed-by: Pierre-Louis Bossart +Reviewed-by: Péter Ujfalusi +Reviewed-by: Shuming Fan +Link: https://lore.kernel.org/r/20220207153000.3452802-1-kai.vehmanen@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/rt5682s.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/sound/soc/codecs/rt5682s.c b/sound/soc/codecs/rt5682s.c +index d49a4f68566d2..d79b548d23fa4 100644 +--- a/sound/soc/codecs/rt5682s.c ++++ b/sound/soc/codecs/rt5682s.c +@@ -824,11 +824,13 @@ static void rt5682s_jack_detect_handler(struct work_struct *work) + container_of(work, struct rt5682s_priv, jack_detect_work.work); + int val, btn_type; + +- while (!rt5682s->component) +- usleep_range(10000, 15000); +- +- while (!rt5682s->component->card->instantiated) +- usleep_range(10000, 15000); ++ if (!rt5682s->component || !rt5682s->component->card || ++ !rt5682s->component->card->instantiated) { ++ /* card not yet ready, try later */ ++ mod_delayed_work(system_power_efficient_wq, ++ &rt5682s->jack_detect_work, msecs_to_jiffies(15)); ++ return; ++ } + + mutex_lock(&rt5682s->jdet_mutex); + mutex_lock(&rt5682s->calibrate_mutex); +-- +2.34.1 + diff --git a/queue-5.16/block-loop-use-kstatfs.f_bsize-of-backing-file-to-se.patch b/queue-5.16/block-loop-use-kstatfs.f_bsize-of-backing-file-to-se.patch new file mode 100644 index 00000000000..f0ec7521543 --- /dev/null +++ b/queue-5.16/block-loop-use-kstatfs.f_bsize-of-backing-file-to-se.patch @@ -0,0 +1,65 @@ +From 0da038af0f288862fa8d1fed82dbac857ae42990 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Jan 2022 11:58:30 +0800 +Subject: block: loop:use kstatfs.f_bsize of backing file to set discard + granularity + +From: Ming Lei + +[ Upstream commit 06582bc86d7f48d35cd044098ca1e246e8c7c52e ] + +If backing file's filesystem has implemented ->fallocate(), we think the +loop device can support discard, then pass sb->s_blocksize as +discard_granularity. However, some underlying FS, such as overlayfs, +doesn't set sb->s_blocksize, and causes discard_granularity to be set as +zero, then the warning in __blkdev_issue_discard() is triggered. + +Christoph suggested to pass kstatfs.f_bsize as discard granularity, and +this way is fine because kstatfs.f_bsize means 'Optimal transfer block +size', which still matches with definition of discard granularity. + +So fix the issue by setting discard_granularity as kstatfs.f_bsize if it +is available, otherwise claims discard isn't supported. + +Cc: Christoph Hellwig +Cc: Vivek Goyal +Reported-by: Pei Zhang +Signed-off-by: Ming Lei +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220126035830.296465-1-ming.lei@redhat.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + drivers/block/loop.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index c3a36cfaa855a..fdb4798cb0065 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -79,6 +79,7 @@ + #include + #include + #include ++#include + + #include "loop.h" + +@@ -774,8 +775,13 @@ static void loop_config_discard(struct loop_device *lo) + granularity = 0; + + } else { ++ struct kstatfs sbuf; ++ + max_discard_sectors = UINT_MAX >> 9; +- granularity = inode->i_sb->s_blocksize; ++ if (!vfs_statfs(&file->f_path, &sbuf)) ++ granularity = sbuf.f_bsize; ++ else ++ max_discard_sectors = 0; + } + + if (max_discard_sectors) { +-- +2.34.1 + diff --git a/queue-5.16/block-map-add-__gfp_zero-flag-for-alloc_page-in-func.patch b/queue-5.16/block-map-add-__gfp_zero-flag-for-alloc_page-in-func.patch new file mode 100644 index 00000000000..f53dbd602e0 --- /dev/null +++ b/queue-5.16/block-map-add-__gfp_zero-flag-for-alloc_page-in-func.patch @@ -0,0 +1,39 @@ +From d7441483acc310b24c7b1d0b4e714f9f381c7121 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Feb 2022 16:40:38 +0800 +Subject: block-map: add __GFP_ZERO flag for alloc_page in function + bio_copy_kern + +From: Haimin Zhang + +[ Upstream commit cc8f7fe1f5eab010191aa4570f27641876fa1267 ] + +Add __GFP_ZERO flag for alloc_page in function bio_copy_kern to initialize +the buffer of a bio. + +Signed-off-by: Haimin Zhang +Reviewed-by: Chaitanya Kulkarni +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220216084038.15635-1-tcs.kernel@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/blk-map.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/block/blk-map.c b/block/blk-map.c +index 4526adde01564..c7f71d83eff18 100644 +--- a/block/blk-map.c ++++ b/block/blk-map.c +@@ -446,7 +446,7 @@ static struct bio *bio_copy_kern(struct request_queue *q, void *data, + if (bytes > len) + bytes = len; + +- page = alloc_page(GFP_NOIO | gfp_mask); ++ page = alloc_page(GFP_NOIO | __GFP_ZERO | gfp_mask); + if (!page) + goto cleanup; + +-- +2.34.1 + diff --git a/queue-5.16/btrfs-get-rid-of-warning-on-transaction-commit-when-.patch b/queue-5.16/btrfs-get-rid-of-warning-on-transaction-commit-when-.patch new file mode 100644 index 00000000000..c873ef8b94c --- /dev/null +++ b/queue-5.16/btrfs-get-rid-of-warning-on-transaction-commit-when-.patch @@ -0,0 +1,287 @@ +From 2bb2d4b4187302e4a91d06cc88390485c8bda1a3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Feb 2022 15:26:09 +0000 +Subject: btrfs: get rid of warning on transaction commit when using + flushoncommit + +From: Filipe Manana + +[ Upstream commit a0f0cf8341e34e5d2265bfd3a7ad68342da1e2aa ] + +When using the flushoncommit mount option, during almost every transaction +commit we trigger a warning from __writeback_inodes_sb_nr(): + + $ cat fs/fs-writeback.c: + (...) + static void __writeback_inodes_sb_nr(struct super_block *sb, ... + { + (...) + WARN_ON(!rwsem_is_locked(&sb->s_umount)); + (...) + } + (...) + +The trace produced in dmesg looks like the following: + + [947.473890] WARNING: CPU: 5 PID: 930 at fs/fs-writeback.c:2610 __writeback_inodes_sb_nr+0x7e/0xb3 + [947.481623] Modules linked in: nfsd nls_cp437 cifs asn1_decoder cifs_arc4 fscache cifs_md4 ipmi_ssif + [947.489571] CPU: 5 PID: 930 Comm: btrfs-transacti Not tainted 95.16.3-srb-asrock-00001-g36437ad63879 #186 + [947.497969] RIP: 0010:__writeback_inodes_sb_nr+0x7e/0xb3 + [947.502097] Code: 24 10 4c 89 44 24 18 c6 (...) + [947.519760] RSP: 0018:ffffc90000777e10 EFLAGS: 00010246 + [947.523818] RAX: 0000000000000000 RBX: 0000000000963300 RCX: 0000000000000000 + [947.529765] RDX: 0000000000000000 RSI: 000000000000fa51 RDI: ffffc90000777e50 + [947.535740] RBP: ffff888101628a90 R08: ffff888100955800 R09: ffff888100956000 + [947.541701] R10: 0000000000000002 R11: 0000000000000001 R12: ffff888100963488 + [947.547645] R13: ffff888100963000 R14: ffff888112fb7200 R15: ffff888100963460 + [947.553621] FS: 0000000000000000(0000) GS:ffff88841fd40000(0000) knlGS:0000000000000000 + [947.560537] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [947.565122] CR2: 0000000008be50c4 CR3: 000000000220c000 CR4: 00000000001006e0 + [947.571072] Call Trace: + [947.572354] + [947.573266] btrfs_commit_transaction+0x1f1/0x998 + [947.576785] ? start_transaction+0x3ab/0x44e + [947.579867] ? schedule_timeout+0x8a/0xdd + [947.582716] transaction_kthread+0xe9/0x156 + [947.585721] ? btrfs_cleanup_transaction.isra.0+0x407/0x407 + [947.590104] kthread+0x131/0x139 + [947.592168] ? set_kthread_struct+0x32/0x32 + [947.595174] ret_from_fork+0x22/0x30 + [947.597561] + [947.598553] ---[ end trace 644721052755541c ]--- + +This is because we started using writeback_inodes_sb() to flush delalloc +when committing a transaction (when using -o flushoncommit), in order to +avoid deadlocks with filesystem freeze operations. This change was made +by commit ce8ea7cc6eb313 ("btrfs: don't call btrfs_start_delalloc_roots +in flushoncommit"). After that change we started producing that warning, +and every now and then a user reports this since the warning happens too +often, it spams dmesg/syslog, and a user is unsure if this reflects any +problem that might compromise the filesystem's reliability. + +We can not just lock the sb->s_umount semaphore before calling +writeback_inodes_sb(), because that would at least deadlock with +filesystem freezing, since at fs/super.c:freeze_super() sync_filesystem() +is called while we are holding that semaphore in write mode, and that can +trigger a transaction commit, resulting in a deadlock. It would also +trigger the same type of deadlock in the unmount path. Possibly, it could +also introduce some other locking dependencies that lockdep would report. + +To fix this call try_to_writeback_inodes_sb() instead of +writeback_inodes_sb(), because that will try to read lock sb->s_umount +and then will only call writeback_inodes_sb() if it was able to lock it. +This is fine because the cases where it can't read lock sb->s_umount +are during a filesystem unmount or during a filesystem freeze - in those +cases sb->s_umount is write locked and sync_filesystem() is called, which +calls writeback_inodes_sb(). In other words, in all cases where we can't +take a read lock on sb->s_umount, writeback is already being triggered +elsewhere. + +An alternative would be to call btrfs_start_delalloc_roots() with a +number of pages different from LONG_MAX, for example matching the number +of delalloc bytes we currently have, in which case we would end up +starting all delalloc with filemap_fdatawrite_wbc() and not with an +async flush via filemap_flush() - that is only possible after the rather +recent commit e076ab2a2ca70a ("btrfs: shrink delalloc pages instead of +full inodes"). However that creates a whole new can of worms due to new +lock dependencies, which lockdep complains, like for example: + +[ 8948.247280] ====================================================== +[ 8948.247823] WARNING: possible circular locking dependency detected +[ 8948.248353] 5.17.0-rc1-btrfs-next-111 #1 Not tainted +[ 8948.248786] ------------------------------------------------------ +[ 8948.249320] kworker/u16:18/933570 is trying to acquire lock: +[ 8948.249812] ffff9b3de1591690 (sb_internal#2){.+.+}-{0:0}, at: find_free_extent+0x141e/0x1590 [btrfs] +[ 8948.250638] + but task is already holding lock: +[ 8948.251140] ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] +[ 8948.252018] + which lock already depends on the new lock. + +[ 8948.252710] + the existing dependency chain (in reverse order) is: +[ 8948.253343] + -> #2 (&root->delalloc_mutex){+.+.}-{3:3}: +[ 8948.253950] __mutex_lock+0x90/0x900 +[ 8948.254354] start_delalloc_inodes+0x78/0x400 [btrfs] +[ 8948.254859] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] +[ 8948.255408] btrfs_commit_transaction+0x32f/0xc00 [btrfs] +[ 8948.255942] btrfs_mksubvol+0x380/0x570 [btrfs] +[ 8948.256406] btrfs_mksnapshot+0x81/0xb0 [btrfs] +[ 8948.256870] __btrfs_ioctl_snap_create+0x17f/0x190 [btrfs] +[ 8948.257413] btrfs_ioctl_snap_create_v2+0xbb/0x140 [btrfs] +[ 8948.257961] btrfs_ioctl+0x1196/0x3630 [btrfs] +[ 8948.258418] __x64_sys_ioctl+0x83/0xb0 +[ 8948.258793] do_syscall_64+0x3b/0xc0 +[ 8948.259146] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 8948.259709] + -> #1 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}: +[ 8948.260330] __mutex_lock+0x90/0x900 +[ 8948.260692] btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] +[ 8948.261234] btrfs_commit_transaction+0x32f/0xc00 [btrfs] +[ 8948.261766] btrfs_set_free_space_cache_v1_active+0x38/0x60 [btrfs] +[ 8948.262379] btrfs_start_pre_rw_mount+0x119/0x180 [btrfs] +[ 8948.262909] open_ctree+0x1511/0x171e [btrfs] +[ 8948.263359] btrfs_mount_root.cold+0x12/0xde [btrfs] +[ 8948.263863] legacy_get_tree+0x30/0x50 +[ 8948.264242] vfs_get_tree+0x28/0xc0 +[ 8948.264594] vfs_kern_mount.part.0+0x71/0xb0 +[ 8948.265017] btrfs_mount+0x11d/0x3a0 [btrfs] +[ 8948.265462] legacy_get_tree+0x30/0x50 +[ 8948.265851] vfs_get_tree+0x28/0xc0 +[ 8948.266203] path_mount+0x2d4/0xbe0 +[ 8948.266554] __x64_sys_mount+0x103/0x140 +[ 8948.266940] do_syscall_64+0x3b/0xc0 +[ 8948.267300] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 8948.267790] + -> #0 (sb_internal#2){.+.+}-{0:0}: +[ 8948.268322] __lock_acquire+0x12e8/0x2260 +[ 8948.268733] lock_acquire+0xd7/0x310 +[ 8948.269092] start_transaction+0x44c/0x6e0 [btrfs] +[ 8948.269591] find_free_extent+0x141e/0x1590 [btrfs] +[ 8948.270087] btrfs_reserve_extent+0x14b/0x280 [btrfs] +[ 8948.270588] cow_file_range+0x17e/0x490 [btrfs] +[ 8948.271051] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] +[ 8948.271586] writepage_delalloc+0xb5/0x170 [btrfs] +[ 8948.272071] __extent_writepage+0x156/0x3c0 [btrfs] +[ 8948.272579] extent_write_cache_pages+0x263/0x460 [btrfs] +[ 8948.273113] extent_writepages+0x76/0x130 [btrfs] +[ 8948.273573] do_writepages+0xd2/0x1c0 +[ 8948.273942] filemap_fdatawrite_wbc+0x68/0x90 +[ 8948.274371] start_delalloc_inodes+0x17f/0x400 [btrfs] +[ 8948.274876] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] +[ 8948.275417] flush_space+0x1f2/0x630 [btrfs] +[ 8948.275863] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] +[ 8948.276438] process_one_work+0x252/0x5a0 +[ 8948.276829] worker_thread+0x55/0x3b0 +[ 8948.277189] kthread+0xf2/0x120 +[ 8948.277506] ret_from_fork+0x22/0x30 +[ 8948.277868] + other info that might help us debug this: + +[ 8948.278548] Chain exists of: + sb_internal#2 --> &fs_info->delalloc_root_mutex --> &root->delalloc_mutex + +[ 8948.279601] Possible unsafe locking scenario: + +[ 8948.280102] CPU0 CPU1 +[ 8948.280508] ---- ---- +[ 8948.280915] lock(&root->delalloc_mutex); +[ 8948.281271] lock(&fs_info->delalloc_root_mutex); +[ 8948.281915] lock(&root->delalloc_mutex); +[ 8948.282487] lock(sb_internal#2); +[ 8948.282800] + *** DEADLOCK *** + +[ 8948.283333] 4 locks held by kworker/u16:18/933570: +[ 8948.283750] #0: ffff9b3dc00a9d48 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 +[ 8948.284609] #1: ffffa90349dafe70 ((work_completion)(&fs_info->async_data_reclaim_work)){+.+.}-{0:0}, at: process_one_work+0x1d2/0x5a0 +[ 8948.285637] #2: ffff9b3e14db5040 (&fs_info->delalloc_root_mutex){+.+.}-{3:3}, at: btrfs_start_delalloc_roots+0x97/0x2a0 [btrfs] +[ 8948.286674] #3: ffff9b3e09c717d8 (&root->delalloc_mutex){+.+.}-{3:3}, at: start_delalloc_inodes+0x78/0x400 [btrfs] +[ 8948.287596] + stack backtrace: +[ 8948.287975] CPU: 3 PID: 933570 Comm: kworker/u16:18 Not tainted 5.17.0-rc1-btrfs-next-111 #1 +[ 8948.288677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014 +[ 8948.289649] Workqueue: events_unbound btrfs_async_reclaim_data_space [btrfs] +[ 8948.290298] Call Trace: +[ 8948.290517] +[ 8948.290700] dump_stack_lvl+0x59/0x73 +[ 8948.291026] check_noncircular+0xf3/0x110 +[ 8948.291375] ? start_transaction+0x228/0x6e0 [btrfs] +[ 8948.291826] __lock_acquire+0x12e8/0x2260 +[ 8948.292241] lock_acquire+0xd7/0x310 +[ 8948.292714] ? find_free_extent+0x141e/0x1590 [btrfs] +[ 8948.293241] ? lock_is_held_type+0xea/0x140 +[ 8948.293601] start_transaction+0x44c/0x6e0 [btrfs] +[ 8948.294055] ? find_free_extent+0x141e/0x1590 [btrfs] +[ 8948.294518] find_free_extent+0x141e/0x1590 [btrfs] +[ 8948.294957] ? _raw_spin_unlock+0x29/0x40 +[ 8948.295312] ? btrfs_get_alloc_profile+0x124/0x290 [btrfs] +[ 8948.295813] btrfs_reserve_extent+0x14b/0x280 [btrfs] +[ 8948.296270] cow_file_range+0x17e/0x490 [btrfs] +[ 8948.296691] btrfs_run_delalloc_range+0x345/0x7a0 [btrfs] +[ 8948.297175] ? find_lock_delalloc_range+0x247/0x270 [btrfs] +[ 8948.297678] writepage_delalloc+0xb5/0x170 [btrfs] +[ 8948.298123] __extent_writepage+0x156/0x3c0 [btrfs] +[ 8948.298570] extent_write_cache_pages+0x263/0x460 [btrfs] +[ 8948.299061] extent_writepages+0x76/0x130 [btrfs] +[ 8948.299495] do_writepages+0xd2/0x1c0 +[ 8948.299817] ? sched_clock_cpu+0xd/0x110 +[ 8948.300160] ? lock_release+0x155/0x4a0 +[ 8948.300494] filemap_fdatawrite_wbc+0x68/0x90 +[ 8948.300874] ? do_raw_spin_unlock+0x4b/0xa0 +[ 8948.301243] start_delalloc_inodes+0x17f/0x400 [btrfs] +[ 8948.301706] ? lock_release+0x155/0x4a0 +[ 8948.302055] btrfs_start_delalloc_roots+0x194/0x2a0 [btrfs] +[ 8948.302564] flush_space+0x1f2/0x630 [btrfs] +[ 8948.302970] btrfs_async_reclaim_data_space+0x108/0x1b0 [btrfs] +[ 8948.303510] process_one_work+0x252/0x5a0 +[ 8948.303860] ? process_one_work+0x5a0/0x5a0 +[ 8948.304221] worker_thread+0x55/0x3b0 +[ 8948.304543] ? process_one_work+0x5a0/0x5a0 +[ 8948.304904] kthread+0xf2/0x120 +[ 8948.305184] ? kthread_complete_and_exit+0x20/0x20 +[ 8948.305598] ret_from_fork+0x22/0x30 +[ 8948.305921] + +It all comes from the fact that btrfs_start_delalloc_roots() takes the +delalloc_root_mutex, in the transaction commit path we are holding a +read lock on one of the superblock's freeze semaphores (via +sb_start_intwrite()), the async reclaim task can also do a call to +btrfs_start_delalloc_roots(), which ends up triggering writeback with +calls to filemap_fdatawrite_wbc(), resulting in extent allocation which +in turn can call btrfs_start_transaction(), which will result in taking +the freeze semaphore via sb_start_intwrite(), forming a nasty dependency +on all those locks which can be taken in different orders by different +code paths. + +So just adopt the simple approach of calling try_to_writeback_inodes_sb() +at btrfs_start_delalloc_flush(). + +Link: https://lore.kernel.org/linux-btrfs/20220130005258.GA7465@cuci.nl/ +Link: https://lore.kernel.org/linux-btrfs/43acc426-d683-d1b6-729d-c6bc4a2fff4d@gmail.com/ +Link: https://lore.kernel.org/linux-btrfs/6833930a-08d7-6fbc-0141-eb9cdfd6bb4d@gmail.com/ +Link: https://lore.kernel.org/linux-btrfs/20190322041731.GF16651@hungrycats.org/ +Reviewed-by: Omar Sandoval +Signed-off-by: Filipe Manana +[ add more link reports ] +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/transaction.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c +index 27b93a6c41bb4..90aab24165b5f 100644 +--- a/fs/btrfs/transaction.c ++++ b/fs/btrfs/transaction.c +@@ -2013,16 +2013,24 @@ static void btrfs_cleanup_pending_block_groups(struct btrfs_trans_handle *trans) + static inline int btrfs_start_delalloc_flush(struct btrfs_fs_info *fs_info) + { + /* +- * We use writeback_inodes_sb here because if we used ++ * We use try_to_writeback_inodes_sb() here because if we used + * btrfs_start_delalloc_roots we would deadlock with fs freeze. + * Currently are holding the fs freeze lock, if we do an async flush + * we'll do btrfs_join_transaction() and deadlock because we need to + * wait for the fs freeze lock. Using the direct flushing we benefit + * from already being in a transaction and our join_transaction doesn't + * have to re-take the fs freeze lock. ++ * ++ * Note that try_to_writeback_inodes_sb() will only trigger writeback ++ * if it can read lock sb->s_umount. It will always be able to lock it, ++ * except when the filesystem is being unmounted or being frozen, but in ++ * those cases sync_filesystem() is called, which results in calling ++ * writeback_inodes_sb() while holding a write lock on sb->s_umount. ++ * Note that we don't call writeback_inodes_sb() directly, because it ++ * will emit a warning if sb->s_umount is not locked. + */ + if (btrfs_test_opt(fs_info, FLUSHONCOMMIT)) +- writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); ++ try_to_writeback_inodes_sb(fs_info->sb, WB_REASON_SYNC); + return 0; + } + +-- +2.34.1 + diff --git a/queue-5.16/cifs-do-not-use-uninitialized-data-in-the-owner-grou.patch b/queue-5.16/cifs-do-not-use-uninitialized-data-in-the-owner-grou.patch new file mode 100644 index 00000000000..9127a25dd24 --- /dev/null +++ b/queue-5.16/cifs-do-not-use-uninitialized-data-in-the-owner-grou.patch @@ -0,0 +1,46 @@ +From 4de010f1e2d942c40c71e94ae9facffb010095c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Feb 2022 08:16:20 +1000 +Subject: cifs: do not use uninitialized data in the owner/group sid + +From: Ronnie Sahlberg + +[ Upstream commit 26d3dadebbcbddfaf1d9caad42527a28a0ed28d8 ] + +When idsfromsid is used we create a special SID for owner/group. +This structure must be initialized or else the first 5 bytes +of the Authority field of the SID will contain uninitialized data +and thus not be a valid SID. + +Signed-off-by: Ronnie Sahlberg +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsacl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c +index ee3aab3dd4ac6..5df21d63dd04e 100644 +--- a/fs/cifs/cifsacl.c ++++ b/fs/cifs/cifsacl.c +@@ -1297,7 +1297,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, + + if (uid_valid(uid)) { /* chown */ + uid_t id; +- nowner_sid_ptr = kmalloc(sizeof(struct cifs_sid), ++ nowner_sid_ptr = kzalloc(sizeof(struct cifs_sid), + GFP_KERNEL); + if (!nowner_sid_ptr) { + rc = -ENOMEM; +@@ -1326,7 +1326,7 @@ static int build_sec_desc(struct cifs_ntsd *pntsd, struct cifs_ntsd *pnntsd, + } + if (gid_valid(gid)) { /* chgrp */ + gid_t id; +- ngroup_sid_ptr = kmalloc(sizeof(struct cifs_sid), ++ ngroup_sid_ptr = kzalloc(sizeof(struct cifs_sid), + GFP_KERNEL); + if (!ngroup_sid_ptr) { + rc = -ENOMEM; +-- +2.34.1 + diff --git a/queue-5.16/cifs-fix-double-free-race-when-mount-fails-in-cifs_g.patch b/queue-5.16/cifs-fix-double-free-race-when-mount-fails-in-cifs_g.patch new file mode 100644 index 00000000000..03faf599b3a --- /dev/null +++ b/queue-5.16/cifs-fix-double-free-race-when-mount-fails-in-cifs_g.patch @@ -0,0 +1,95 @@ +From 2e2257c43e204d848bbeaaf41216ef16ac55ec87 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Feb 2022 02:59:15 +1000 +Subject: cifs: fix double free race when mount fails in cifs_get_root() + +From: Ronnie Sahlberg + +[ Upstream commit 3d6cc9898efdfb062efb74dc18cfc700e082f5d5 ] + +When cifs_get_root() fails during cifs_smb3_do_mount() we call +deactivate_locked_super() which eventually will call delayed_free() which +will free the context. +In this situation we should not proceed to enter the out: section in +cifs_smb3_do_mount() and free the same resources a second time. + +[Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 +[Thu Feb 10 12:59:06 2022] Read of size 8 at addr ffff888364f4d110 by task swapper/1/0 + +[Thu Feb 10 12:59:06 2022] CPU: 1 PID: 0 Comm: swapper/1 Tainted: G OE 5.17.0-rc3+ #4 +[Thu Feb 10 12:59:06 2022] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.0 12/17/2019 +[Thu Feb 10 12:59:06 2022] Call Trace: +[Thu Feb 10 12:59:06 2022] +[Thu Feb 10 12:59:06 2022] dump_stack_lvl+0x5d/0x78 +[Thu Feb 10 12:59:06 2022] print_address_description.constprop.0+0x24/0x150 +[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 +[Thu Feb 10 12:59:06 2022] kasan_report.cold+0x7d/0x117 +[Thu Feb 10 12:59:06 2022] ? rcu_cblist_dequeue+0x32/0x60 +[Thu Feb 10 12:59:06 2022] __asan_load8+0x86/0xa0 +[Thu Feb 10 12:59:06 2022] rcu_cblist_dequeue+0x32/0x60 +[Thu Feb 10 12:59:06 2022] rcu_core+0x547/0xca0 +[Thu Feb 10 12:59:06 2022] ? call_rcu+0x3c0/0x3c0 +[Thu Feb 10 12:59:06 2022] ? __this_cpu_preempt_check+0x13/0x20 +[Thu Feb 10 12:59:06 2022] ? lock_is_held_type+0xea/0x140 +[Thu Feb 10 12:59:06 2022] rcu_core_si+0xe/0x10 +[Thu Feb 10 12:59:06 2022] __do_softirq+0x1d4/0x67b +[Thu Feb 10 12:59:06 2022] __irq_exit_rcu+0x100/0x150 +[Thu Feb 10 12:59:06 2022] irq_exit_rcu+0xe/0x30 +[Thu Feb 10 12:59:06 2022] sysvec_hyperv_stimer0+0x9d/0xc0 +... +[Thu Feb 10 12:59:07 2022] Freed by task 58179: +[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 +[Thu Feb 10 12:59:07 2022] kasan_set_track+0x25/0x30 +[Thu Feb 10 12:59:07 2022] kasan_set_free_info+0x24/0x40 +[Thu Feb 10 12:59:07 2022] ____kasan_slab_free+0x137/0x170 +[Thu Feb 10 12:59:07 2022] __kasan_slab_free+0x12/0x20 +[Thu Feb 10 12:59:07 2022] slab_free_freelist_hook+0xb3/0x1d0 +[Thu Feb 10 12:59:07 2022] kfree+0xcd/0x520 +[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0x149/0xbe0 [cifs] +[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] +[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 +[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 +[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 +[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 +[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae + +[Thu Feb 10 12:59:07 2022] Last potentially related work creation: +[Thu Feb 10 12:59:07 2022] kasan_save_stack+0x26/0x50 +[Thu Feb 10 12:59:07 2022] __kasan_record_aux_stack+0xb6/0xc0 +[Thu Feb 10 12:59:07 2022] kasan_record_aux_stack_noalloc+0xb/0x10 +[Thu Feb 10 12:59:07 2022] call_rcu+0x76/0x3c0 +[Thu Feb 10 12:59:07 2022] cifs_umount+0xce/0xe0 [cifs] +[Thu Feb 10 12:59:07 2022] cifs_kill_sb+0xc8/0xe0 [cifs] +[Thu Feb 10 12:59:07 2022] deactivate_locked_super+0x5d/0xd0 +[Thu Feb 10 12:59:07 2022] cifs_smb3_do_mount+0xab9/0xbe0 [cifs] +[Thu Feb 10 12:59:07 2022] smb3_get_tree+0x1a0/0x2e0 [cifs] +[Thu Feb 10 12:59:07 2022] vfs_get_tree+0x52/0x140 +[Thu Feb 10 12:59:07 2022] path_mount+0x635/0x10c0 +[Thu Feb 10 12:59:07 2022] __x64_sys_mount+0x1bf/0x210 +[Thu Feb 10 12:59:07 2022] do_syscall_64+0x5c/0xc0 +[Thu Feb 10 12:59:07 2022] entry_SYSCALL_64_after_hwframe+0x44/0xae + +Reported-by: Shyam Prasad N +Reviewed-by: Shyam Prasad N +Signed-off-by: Ronnie Sahlberg +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsfs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c +index dca42aa87d305..99c51391a48da 100644 +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -908,6 +908,7 @@ cifs_smb3_do_mount(struct file_system_type *fs_type, + + out_super: + deactivate_locked_super(sb); ++ return root; + out: + if (cifs_sb) { + kfree(cifs_sb->prepath); +-- +2.34.1 + diff --git a/queue-5.16/cifs-modefromsids-must-add-an-ace-for-authenticated-.patch b/queue-5.16/cifs-modefromsids-must-add-an-ace-for-authenticated-.patch new file mode 100644 index 00000000000..3ae6a2d317d --- /dev/null +++ b/queue-5.16/cifs-modefromsids-must-add-an-ace-for-authenticated-.patch @@ -0,0 +1,55 @@ +From 89c314beaf6dd2477d072b731911df2b5f3a30ef Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Feb 2022 08:40:52 +1000 +Subject: cifs: modefromsids must add an ACE for authenticated users + +From: Ronnie Sahlberg + +[ Upstream commit 0c6f4ebf8835d01866eb686d47578cde80097981 ] + +When we create a file with modefromsids we set an ACL that +has one ACE for the magic modefromsid as well as a second ACE that +grants full access to all authenticated users. + +When later we chante the mode on the file we strip away this, and other, +ACE for authenticated users in set_chmod_dacl() and then just add back/update +the modefromsid ACE. +Thus leaving the file with a single ACE that is for the mode and no ACE +to grant any user any rights to access the file. +Fix this by always adding back also the modefromsid ACE so that we do not +drop the rights to access the file. + +Signed-off-by: Ronnie Sahlberg +Reviewed-by: Shyam Prasad N +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsacl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c +index 5df21d63dd04e..bf861fef2f0c3 100644 +--- a/fs/cifs/cifsacl.c ++++ b/fs/cifs/cifsacl.c +@@ -949,6 +949,9 @@ static void populate_new_aces(char *nacl_base, + pnntace = (struct cifs_ace *) (nacl_base + nsize); + nsize += setup_special_mode_ACE(pnntace, nmode); + num_aces++; ++ pnntace = (struct cifs_ace *) (nacl_base + nsize); ++ nsize += setup_authusers_ACE(pnntace); ++ num_aces++; + goto set_size; + } + +@@ -1613,7 +1616,7 @@ id_mode_to_cifs_acl(struct inode *inode, const char *path, __u64 *pnmode, + nsecdesclen = secdesclen; + if (pnmode && *pnmode != NO_CHANGE_64) { /* chmod */ + if (mode_from_sid) +- nsecdesclen += sizeof(struct cifs_ace); ++ nsecdesclen += 2 * sizeof(struct cifs_ace); + else /* cifsacl */ + nsecdesclen += 5 * sizeof(struct cifs_ace); + } else { /* chown */ +-- +2.34.1 + diff --git a/queue-5.16/dmaengine-shdma-fix-runtime-pm-imbalance-on-error.patch b/queue-5.16/dmaengine-shdma-fix-runtime-pm-imbalance-on-error.patch new file mode 100644 index 00000000000..c8bfa87b8bc --- /dev/null +++ b/queue-5.16/dmaengine-shdma-fix-runtime-pm-imbalance-on-error.patch @@ -0,0 +1,40 @@ +From ca5b90fae047b61a3b28c7fc675d7ca5da89f303 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 15 Jan 2022 21:34:56 -0800 +Subject: dmaengine: shdma: Fix runtime PM imbalance on error + +From: Yongzhi Liu + +[ Upstream commit 455896c53d5b803733ddd84e1bf8a430644439b6 ] + +pm_runtime_get_() increments the runtime PM usage counter even +when it returns an error code, thus a matching decrement is needed on +the error handling path to keep the counter balanced. + +Signed-off-by: Yongzhi Liu +Link: https://lore.kernel.org/r/1642311296-87020-1-git-send-email-lyz_cs@pku.edu.cn +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/sh/shdma-base.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/dma/sh/shdma-base.c b/drivers/dma/sh/shdma-base.c +index 7f72b3f4cd1ae..19ac95c0098f0 100644 +--- a/drivers/dma/sh/shdma-base.c ++++ b/drivers/dma/sh/shdma-base.c +@@ -115,8 +115,10 @@ static dma_cookie_t shdma_tx_submit(struct dma_async_tx_descriptor *tx) + ret = pm_runtime_get(schan->dev); + + spin_unlock_irq(&schan->chan_lock); +- if (ret < 0) ++ if (ret < 0) { + dev_err(schan->dev, "%s(): GET = %d\n", __func__, ret); ++ pm_runtime_put(schan->dev); ++ } + + pm_runtime_barrier(schan->dev); + +-- +2.34.1 + diff --git a/queue-5.16/drm-amd-pm-correct-umd-pstate-clocks-for-dimgrey-cav.patch b/queue-5.16/drm-amd-pm-correct-umd-pstate-clocks-for-dimgrey-cav.patch new file mode 100644 index 00000000000..bcfcc6ba646 --- /dev/null +++ b/queue-5.16/drm-amd-pm-correct-umd-pstate-clocks-for-dimgrey-cav.patch @@ -0,0 +1,91 @@ +From bb24193da4e836d38ec1b9a80012da3826b87768 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jan 2022 14:07:51 +0800 +Subject: drm/amd/pm: correct UMD pstate clocks for Dimgrey Cavefish and Beige + Goby + +From: Evan Quan + +[ Upstream commit 0136f5844b006e2286f873457c3fcba8c45a3735 ] + +Correct the UMD pstate profiling clocks for Dimgrey Cavefish and Beige +Goby. + +Signed-off-by: Evan Quan +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + .../amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 26 +++++++++++++++---- + .../amd/pm/swsmu/smu11/sienna_cichlid_ppt.h | 8 ++++++ + 2 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c +index b55118388d2d7..59e1b92f0d27e 100644 +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c +@@ -1261,21 +1261,37 @@ static int sienna_cichlid_populate_umd_state_clk(struct smu_context *smu) + &dpm_context->dpm_tables.soc_table; + struct smu_umd_pstate_table *pstate_table = + &smu->pstate_table; ++ struct amdgpu_device *adev = smu->adev; + + pstate_table->gfxclk_pstate.min = gfx_table->min; + pstate_table->gfxclk_pstate.peak = gfx_table->max; +- if (gfx_table->max >= SIENNA_CICHLID_UMD_PSTATE_PROFILING_GFXCLK) +- pstate_table->gfxclk_pstate.standard = SIENNA_CICHLID_UMD_PSTATE_PROFILING_GFXCLK; + + pstate_table->uclk_pstate.min = mem_table->min; + pstate_table->uclk_pstate.peak = mem_table->max; +- if (mem_table->max >= SIENNA_CICHLID_UMD_PSTATE_PROFILING_MEMCLK) +- pstate_table->uclk_pstate.standard = SIENNA_CICHLID_UMD_PSTATE_PROFILING_MEMCLK; + + pstate_table->socclk_pstate.min = soc_table->min; + pstate_table->socclk_pstate.peak = soc_table->max; +- if (soc_table->max >= SIENNA_CICHLID_UMD_PSTATE_PROFILING_SOCCLK) ++ ++ switch (adev->asic_type) { ++ case CHIP_SIENNA_CICHLID: ++ case CHIP_NAVY_FLOUNDER: ++ pstate_table->gfxclk_pstate.standard = SIENNA_CICHLID_UMD_PSTATE_PROFILING_GFXCLK; ++ pstate_table->uclk_pstate.standard = SIENNA_CICHLID_UMD_PSTATE_PROFILING_MEMCLK; + pstate_table->socclk_pstate.standard = SIENNA_CICHLID_UMD_PSTATE_PROFILING_SOCCLK; ++ break; ++ case CHIP_DIMGREY_CAVEFISH: ++ pstate_table->gfxclk_pstate.standard = DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_GFXCLK; ++ pstate_table->uclk_pstate.standard = DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_MEMCLK; ++ pstate_table->socclk_pstate.standard = DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_SOCCLK; ++ break; ++ case CHIP_BEIGE_GOBY: ++ pstate_table->gfxclk_pstate.standard = BEIGE_GOBY_UMD_PSTATE_PROFILING_GFXCLK; ++ pstate_table->uclk_pstate.standard = BEIGE_GOBY_UMD_PSTATE_PROFILING_MEMCLK; ++ pstate_table->socclk_pstate.standard = BEIGE_GOBY_UMD_PSTATE_PROFILING_SOCCLK; ++ break; ++ default: ++ break; ++ } + + return 0; + } +diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.h b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.h +index 38cd0ece24f6b..42f705c7a36f8 100644 +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.h ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.h +@@ -33,6 +33,14 @@ typedef enum { + #define SIENNA_CICHLID_UMD_PSTATE_PROFILING_SOCCLK 960 + #define SIENNA_CICHLID_UMD_PSTATE_PROFILING_MEMCLK 1000 + ++#define DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_GFXCLK 1950 ++#define DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_SOCCLK 960 ++#define DIMGREY_CAVEFISH_UMD_PSTATE_PROFILING_MEMCLK 676 ++ ++#define BEIGE_GOBY_UMD_PSTATE_PROFILING_GFXCLK 2200 ++#define BEIGE_GOBY_UMD_PSTATE_PROFILING_SOCCLK 960 ++#define BEIGE_GOBY_UMD_PSTATE_PROFILING_MEMCLK 1000 ++ + extern void sienna_cichlid_set_ppt_funcs(struct smu_context *smu); + + #endif +-- +2.34.1 + diff --git a/queue-5.16/hid-amd_sfh-add-functionality-to-clear-interrupts.patch b/queue-5.16/hid-amd_sfh-add-functionality-to-clear-interrupts.patch new file mode 100644 index 00000000000..cddb8e1c411 --- /dev/null +++ b/queue-5.16/hid-amd_sfh-add-functionality-to-clear-interrupts.patch @@ -0,0 +1,110 @@ +From 29e6a4793dce5eec0be898a43b5435f6575d33cb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Feb 2022 17:51:11 +0530 +Subject: HID: amd_sfh: Add functionality to clear interrupts + +From: Basavaraj Natikar + +[ Upstream commit fb75a3791a8032848c987db29b622878d8fe2b1c ] + +Newer AMD platforms with SFH may generate interrupts on some events +which are unwarranted. Until this is cleared the actual MP2 data +processing maybe stalled in some cases. + +Add a mechanism to clear the pending interrupts (if any) during the +driver initialization and sensor command operations. + +Signed-off-by: Basavaraj Natikar +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 25 ++++++++++++++++++++++++- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 1 + + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index dacac30a6b27a..c7e17b39704c0 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -89,6 +89,20 @@ static void amd_stop_all_sensor_v2(struct amd_mp2_dev *privdata) + writel(cmd_base.ul, privdata->mmio + AMD_C2P_MSG0); + } + ++static void amd_sfh_clear_intr_v2(struct amd_mp2_dev *privdata) ++{ ++ if (readl(privdata->mmio + AMD_P2C_MSG(4))) { ++ writel(0, privdata->mmio + AMD_P2C_MSG(4)); ++ writel(0xf, privdata->mmio + AMD_P2C_MSG(5)); ++ } ++} ++ ++static void amd_sfh_clear_intr(struct amd_mp2_dev *privdata) ++{ ++ if (privdata->mp2_ops->clear_intr) ++ privdata->mp2_ops->clear_intr(privdata); ++} ++ + void amd_start_sensor(struct amd_mp2_dev *privdata, struct amd_mp2_sensor_info info) + { + union sfh_cmd_param cmd_param; +@@ -193,6 +207,7 @@ static void amd_mp2_pci_remove(void *privdata) + struct amd_mp2_dev *mp2 = privdata; + amd_sfh_hid_client_deinit(privdata); + mp2->mp2_ops->stop_all(mp2); ++ amd_sfh_clear_intr(mp2); + } + + static const struct amd_mp2_ops amd_sfh_ops_v2 = { +@@ -200,6 +215,7 @@ static const struct amd_mp2_ops amd_sfh_ops_v2 = { + .stop = amd_stop_sensor_v2, + .stop_all = amd_stop_all_sensor_v2, + .response = amd_sfh_wait_response_v2, ++ .clear_intr = amd_sfh_clear_intr_v2, + }; + + static const struct amd_mp2_ops amd_sfh_ops = { +@@ -262,8 +278,13 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i + mp2_select_ops(privdata); + + rc = amd_sfh_hid_client_init(privdata); +- if (rc) ++ if (rc) { ++ amd_sfh_clear_intr(privdata); ++ dev_err(&pdev->dev, "amd_sfh_hid_client_init failed\n"); + return rc; ++ } ++ ++ amd_sfh_clear_intr(privdata); + + return devm_add_action_or_reset(&pdev->dev, amd_mp2_pci_remove, privdata); + } +@@ -291,6 +312,7 @@ static int __maybe_unused amd_mp2_pci_resume(struct device *dev) + } + + schedule_delayed_work(&cl_data->work_buffer, msecs_to_jiffies(AMD_SFH_IDLE_LOOP)); ++ amd_sfh_clear_intr(mp2); + + return 0; + } +@@ -315,6 +337,7 @@ static int __maybe_unused amd_mp2_pci_suspend(struct device *dev) + } + + cancel_delayed_work_sync(&cl_data->work_buffer); ++ amd_sfh_clear_intr(mp2); + + return 0; + } +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +index 8a9c544c27aef..61de09ba51242 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +@@ -141,5 +141,6 @@ struct amd_mp2_ops { + void (*stop)(struct amd_mp2_dev *privdata, u16 sensor_idx); + void (*stop_all)(struct amd_mp2_dev *privdata); + int (*response)(struct amd_mp2_dev *mp2, u8 sid, u32 sensor_sts); ++ void (*clear_intr)(struct amd_mp2_dev *privdata); + }; + #endif +-- +2.34.1 + diff --git a/queue-5.16/hid-amd_sfh-add-interrupt-handler-to-process-interru.patch b/queue-5.16/hid-amd_sfh-add-interrupt-handler-to-process-interru.patch new file mode 100644 index 00000000000..2e3a94e9728 --- /dev/null +++ b/queue-5.16/hid-amd_sfh-add-interrupt-handler-to-process-interru.patch @@ -0,0 +1,118 @@ +From 3be30f40cd7e2c2c74bedde9d2a29c916602eb1e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Feb 2022 17:51:12 +0530 +Subject: HID: amd_sfh: Add interrupt handler to process interrupts + +From: Basavaraj Natikar + +[ Upstream commit 7f016b35ca7623c71b31facdde080e8ce171a697 ] + +On newer AMD platforms with SFH, it is observed that random interrupts +get generated on the SFH hardware and until this is cleared the firmware +sensor processing is stalled, resulting in no data been received to +driver side. + +Add routines to handle these interrupts, so that firmware operations are +not stalled. + +Signed-off-by: Basavaraj Natikar +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 40 ++++++++++++++++++++++++++ + drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 1 + + 2 files changed, 41 insertions(+) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index c7e17b39704c0..2d7fc2c860eaf 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -103,6 +103,30 @@ static void amd_sfh_clear_intr(struct amd_mp2_dev *privdata) + privdata->mp2_ops->clear_intr(privdata); + } + ++static irqreturn_t amd_sfh_irq_handler(int irq, void *data) ++{ ++ amd_sfh_clear_intr(data); ++ ++ return IRQ_HANDLED; ++} ++ ++static int amd_sfh_irq_init_v2(struct amd_mp2_dev *privdata) ++{ ++ int rc; ++ ++ pci_intx(privdata->pdev, true); ++ ++ rc = devm_request_irq(&privdata->pdev->dev, privdata->pdev->irq, ++ amd_sfh_irq_handler, 0, DRIVER_NAME, privdata); ++ if (rc) { ++ dev_err(&privdata->pdev->dev, "failed to request irq %d err=%d\n", ++ privdata->pdev->irq, rc); ++ return rc; ++ } ++ ++ return 0; ++} ++ + void amd_start_sensor(struct amd_mp2_dev *privdata, struct amd_mp2_sensor_info info) + { + union sfh_cmd_param cmd_param; +@@ -207,6 +231,7 @@ static void amd_mp2_pci_remove(void *privdata) + struct amd_mp2_dev *mp2 = privdata; + amd_sfh_hid_client_deinit(privdata); + mp2->mp2_ops->stop_all(mp2); ++ pci_intx(mp2->pdev, false); + amd_sfh_clear_intr(mp2); + } + +@@ -216,6 +241,7 @@ static const struct amd_mp2_ops amd_sfh_ops_v2 = { + .stop_all = amd_stop_all_sensor_v2, + .response = amd_sfh_wait_response_v2, + .clear_intr = amd_sfh_clear_intr_v2, ++ .init_intr = amd_sfh_irq_init_v2, + }; + + static const struct amd_mp2_ops amd_sfh_ops = { +@@ -241,6 +267,14 @@ static void mp2_select_ops(struct amd_mp2_dev *privdata) + } + } + ++static int amd_sfh_irq_init(struct amd_mp2_dev *privdata) ++{ ++ if (privdata->mp2_ops->init_intr) ++ return privdata->mp2_ops->init_intr(privdata); ++ ++ return 0; ++} ++ + static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *id) + { + struct amd_mp2_dev *privdata; +@@ -277,6 +311,12 @@ static int amd_mp2_pci_probe(struct pci_dev *pdev, const struct pci_device_id *i + + mp2_select_ops(privdata); + ++ rc = amd_sfh_irq_init(privdata); ++ if (rc) { ++ dev_err(&pdev->dev, "amd_sfh_irq_init failed\n"); ++ return rc; ++ } ++ + rc = amd_sfh_hid_client_init(privdata); + if (rc) { + amd_sfh_clear_intr(privdata); +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +index 61de09ba51242..97b99861fae25 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +@@ -142,5 +142,6 @@ struct amd_mp2_ops { + void (*stop_all)(struct amd_mp2_dev *privdata); + int (*response)(struct amd_mp2_dev *mp2, u8 sid, u32 sensor_sts); + void (*clear_intr)(struct amd_mp2_dev *privdata); ++ int (*init_intr)(struct amd_mp2_dev *privdata); + }; + #endif +-- +2.34.1 + diff --git a/queue-5.16/hid-amd_sfh-handle-amd_sfh-work-buffer-in-pm-ops.patch b/queue-5.16/hid-amd_sfh-handle-amd_sfh-work-buffer-in-pm-ops.patch new file mode 100644 index 00000000000..23be397023c --- /dev/null +++ b/queue-5.16/hid-amd_sfh-handle-amd_sfh-work-buffer-in-pm-ops.patch @@ -0,0 +1,48 @@ +From 6d918c1951512c51592b13b70414c404ab36f3ae Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Feb 2022 17:51:08 +0530 +Subject: HID: amd_sfh: Handle amd_sfh work buffer in PM ops + +From: Basavaraj Natikar + +[ Upstream commit 0cf74235f4403b760a37f77271d2ca3424001ff9 ] + +Since in the current amd_sfh design the sensor data is periodically +obtained in the form of poll data, during the suspend/resume cycle, +scheduling a delayed work adds no value. + +So, cancel the work and restart back during the suspend/resume cycle +respectively. + +Signed-off-by: Basavaraj Natikar +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index d3f32ffe299a8..dacac30a6b27a 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -290,6 +290,8 @@ static int __maybe_unused amd_mp2_pci_resume(struct device *dev) + } + } + ++ schedule_delayed_work(&cl_data->work_buffer, msecs_to_jiffies(AMD_SFH_IDLE_LOOP)); ++ + return 0; + } + +@@ -312,6 +314,8 @@ static int __maybe_unused amd_mp2_pci_suspend(struct device *dev) + } + } + ++ cancel_delayed_work_sync(&cl_data->work_buffer); ++ + return 0; + } + +-- +2.34.1 + diff --git a/queue-5.16/i2c-bcm2835-avoid-clock-stretching-timeouts.patch b/queue-5.16/i2c-bcm2835-avoid-clock-stretching-timeouts.patch new file mode 100644 index 00000000000..6fd5bd3a72d --- /dev/null +++ b/queue-5.16/i2c-bcm2835-avoid-clock-stretching-timeouts.patch @@ -0,0 +1,55 @@ +From aadc6f4d784d384a55e08d9937089d875684be35 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 23 Feb 2018 22:42:31 +0100 +Subject: i2c: bcm2835: Avoid clock stretching timeouts + +From: Eric Anholt + +[ Upstream commit 9495b9b31abe525ebd93da58de2c88b9f66d3a0e ] + +The CLKT register contains at poweron 0x40, which at our typical 100kHz +bus rate means .64ms. But there is no specified limit to how long devices +should be able to stretch the clocks, so just disable the timeout. We +still have a timeout wrapping the entire transfer. + +Signed-off-by: Eric Anholt +Signed-off-by: Stefan Wahren +BugLink: https://github.com/raspberrypi/linux/issues/3064 +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-bcm2835.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/drivers/i2c/busses/i2c-bcm2835.c b/drivers/i2c/busses/i2c-bcm2835.c +index 37443edbf7546..ad3b124a2e376 100644 +--- a/drivers/i2c/busses/i2c-bcm2835.c ++++ b/drivers/i2c/busses/i2c-bcm2835.c +@@ -23,6 +23,11 @@ + #define BCM2835_I2C_FIFO 0x10 + #define BCM2835_I2C_DIV 0x14 + #define BCM2835_I2C_DEL 0x18 ++/* ++ * 16-bit field for the number of SCL cycles to wait after rising SCL ++ * before deciding the slave is not responding. 0 disables the ++ * timeout detection. ++ */ + #define BCM2835_I2C_CLKT 0x1c + + #define BCM2835_I2C_C_READ BIT(0) +@@ -477,6 +482,12 @@ static int bcm2835_i2c_probe(struct platform_device *pdev) + adap->dev.of_node = pdev->dev.of_node; + adap->quirks = of_device_get_match_data(&pdev->dev); + ++ /* ++ * Disable the hardware clock stretching timeout. SMBUS ++ * specifies a limit for how long the device can stretch the ++ * clock, but core I2C doesn't. ++ */ ++ bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_CLKT, 0); + bcm2835_i2c_writel(i2c_dev, BCM2835_I2C_C, 0); + + ret = i2c_add_adapter(adap); +-- +2.34.1 + diff --git a/queue-5.16/i2c-cadence-allow-compile_test.patch b/queue-5.16/i2c-cadence-allow-compile_test.patch new file mode 100644 index 00000000000..589febafd03 --- /dev/null +++ b/queue-5.16/i2c-cadence-allow-compile_test.patch @@ -0,0 +1,35 @@ +From 47c98e662a79158bc8b635e91905a6af796672a5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Feb 2022 20:45:48 +0100 +Subject: i2c: cadence: allow COMPILE_TEST + +From: Wolfram Sang + +[ Upstream commit 0b0dcb3882c8f08bdeafa03adb4487e104d26050 ] + +Driver builds fine with COMPILE_TEST. Enable it for wider test coverage +and easier maintenance. + +Signed-off-by: Wolfram Sang +Acked-by: Michal Simek +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig +index dce3928390176..b1c20859fe8c9 100644 +--- a/drivers/i2c/busses/Kconfig ++++ b/drivers/i2c/busses/Kconfig +@@ -488,7 +488,7 @@ config I2C_BRCMSTB + + config I2C_CADENCE + tristate "Cadence I2C Controller" +- depends on ARCH_ZYNQ || ARM64 || XTENSA ++ depends on ARCH_ZYNQ || ARM64 || XTENSA || COMPILE_TEST + help + Say yes here to select Cadence I2C Host Controller. This controller is + e.g. used by Xilinx Zynq. +-- +2.34.1 + diff --git a/queue-5.16/i2c-imx-allow-compile_test.patch b/queue-5.16/i2c-imx-allow-compile_test.patch new file mode 100644 index 00000000000..e41f7771bfa --- /dev/null +++ b/queue-5.16/i2c-imx-allow-compile_test.patch @@ -0,0 +1,35 @@ +From 5864fb4d7a79d9b96909ab3b6496b6c37dabaa6d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Feb 2022 20:46:57 +0100 +Subject: i2c: imx: allow COMPILE_TEST + +From: Wolfram Sang + +[ Upstream commit 2ce4462f2724d1b3cedccea441c6d18bb360629a ] + +Driver builds fine with COMPILE_TEST. Enable it for wider test coverage +and easier maintenance. + +Signed-off-by: Wolfram Sang +Acked-by: Oleksij Rempel +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig +index b1c20859fe8c9..66476c2257553 100644 +--- a/drivers/i2c/busses/Kconfig ++++ b/drivers/i2c/busses/Kconfig +@@ -680,7 +680,7 @@ config I2C_IMG + + config I2C_IMX + tristate "IMX I2C interface" +- depends on ARCH_MXC || ARCH_LAYERSCAPE || COLDFIRE ++ depends on ARCH_MXC || ARCH_LAYERSCAPE || COLDFIRE || COMPILE_TEST + select I2C_SLAVE + help + Say Y here if you want to use the IIC bus controller on +-- +2.34.1 + diff --git a/queue-5.16/i2c-qup-allow-compile_test.patch b/queue-5.16/i2c-qup-allow-compile_test.patch new file mode 100644 index 00000000000..1700bad7d73 --- /dev/null +++ b/queue-5.16/i2c-qup-allow-compile_test.patch @@ -0,0 +1,34 @@ +From 1618155fe5729a5cd9ec088bf28697b407c4e91e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 12 Feb 2022 20:47:07 +0100 +Subject: i2c: qup: allow COMPILE_TEST + +From: Wolfram Sang + +[ Upstream commit 5de717974005fcad2502281e9f82e139ca91f4bb ] + +Driver builds fine with COMPILE_TEST. Enable it for wider test coverage +and easier maintenance. + +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/Kconfig b/drivers/i2c/busses/Kconfig +index 66476c2257553..37233bb483a17 100644 +--- a/drivers/i2c/busses/Kconfig ++++ b/drivers/i2c/busses/Kconfig +@@ -935,7 +935,7 @@ config I2C_QCOM_GENI + + config I2C_QUP + tristate "Qualcomm QUP based I2C controller" +- depends on ARCH_QCOM ++ depends on ARCH_QCOM || COMPILE_TEST + help + If you say yes to this option, support will be included for the + built-in I2C interface on the Qualcomm SoCs. +-- +2.34.1 + diff --git a/queue-5.16/input-clear-btn_right-middle-on-buttonpads.patch b/queue-5.16/input-clear-btn_right-middle-on-buttonpads.patch new file mode 100644 index 00000000000..2f8b7cb651c --- /dev/null +++ b/queue-5.16/input-clear-btn_right-middle-on-buttonpads.patch @@ -0,0 +1,85 @@ +From 13c0054a2f04c7f27f4524fbb79fe353b7342448 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Feb 2022 09:59:16 -0800 +Subject: Input: clear BTN_RIGHT/MIDDLE on buttonpads +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: José Expósito + +[ Upstream commit 37ef4c19b4c659926ce65a7ac709ceaefb211c40 ] + +Buttonpads are expected to map the INPUT_PROP_BUTTONPAD property bit +and the BTN_LEFT key bit. + +As explained in the specification, where a device has a button type +value of 0 (click-pad) or 1 (pressure-pad) there should not be +discrete buttons: +https://docs.microsoft.com/en-us/windows-hardware/design/component-guidelines/touchpad-windows-precision-touchpad-collection#device-capabilities-feature-report + +However, some drivers map the BTN_RIGHT and/or BTN_MIDDLE key bits even +though the device is a buttonpad and therefore does not have those +buttons. + +This behavior has forced userspace applications like libinput to +implement different workarounds and quirks to detect buttonpads and +offer to the user the right set of features and configuration options. +For more information: +https://gitlab.freedesktop.org/libinput/libinput/-/merge_requests/726 + +In order to avoid this issue clear the BTN_RIGHT and BTN_MIDDLE key +bits when the input device is register if the INPUT_PROP_BUTTONPAD +property bit is set. + +Notice that this change will not affect udev because it does not check +for buttons. See systemd/src/udev/udev-builtin-input_id.c. + +List of known affected hardware: + + - Chuwi AeroBook Plus + - Chuwi Gemibook + - Framework Laptop + - GPD Win Max + - Huawei MateBook 2020 + - Prestigio Smartbook 141 C2 + - Purism Librem 14v1 + - StarLite Mk II - AMI firmware + - StarLite Mk II - Coreboot firmware + - StarLite Mk III - AMI firmware + - StarLite Mk III - Coreboot firmware + - StarLabTop Mk IV - AMI firmware + - StarLabTop Mk IV - Coreboot firmware + - StarBook Mk V + +Acked-by: Peter Hutterer +Acked-by: Benjamin Tissoires +Acked-by: Jiri Kosina +Signed-off-by: José Expósito +Link: https://lore.kernel.org/r/20220208174806.17183-1-jose.exposito89@gmail.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/input.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/input/input.c b/drivers/input/input.c +index ccaeb24263854..c3139bc2aa0db 100644 +--- a/drivers/input/input.c ++++ b/drivers/input/input.c +@@ -2285,6 +2285,12 @@ int input_register_device(struct input_dev *dev) + /* KEY_RESERVED is not supposed to be transmitted to userspace. */ + __clear_bit(KEY_RESERVED, dev->keybit); + ++ /* Buttonpads should not map BTN_RIGHT and/or BTN_MIDDLE. */ ++ if (test_bit(INPUT_PROP_BUTTONPAD, dev->propbit)) { ++ __clear_bit(BTN_RIGHT, dev->keybit); ++ __clear_bit(BTN_MIDDLE, dev->keybit); ++ } ++ + /* Make sure that bitmasks not mentioned in dev->evbit are clean. */ + input_cleanse_bitmasks(dev); + +-- +2.34.1 + diff --git a/queue-5.16/kvm-arm64-vgic-read-hw-interrupt-pending-state-from-.patch b/queue-5.16/kvm-arm64-vgic-read-hw-interrupt-pending-state-from-.patch new file mode 100644 index 00000000000..446cdd475a1 --- /dev/null +++ b/queue-5.16/kvm-arm64-vgic-read-hw-interrupt-pending-state-from-.patch @@ -0,0 +1,51 @@ +From b75e323ff88c3e835d47e365bba06ec286e3014d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Feb 2022 09:24:45 +0000 +Subject: KVM: arm64: vgic: Read HW interrupt pending state from the HW + +From: Marc Zyngier + +[ Upstream commit 5bfa685e62e9ba93c303a9a8db646c7228b9b570 ] + +It appears that a read access to GIC[DR]_I[CS]PENDRn doesn't always +result in the pending interrupts being accurately reported if they are +mapped to a HW interrupt. This is particularily visible when acking +the timer interrupt and reading the GICR_ISPENDR1 register immediately +after, for example (the interrupt appears as not-pending while it really +is...). + +This is because a HW interrupt has its 'active and pending state' kept +in the *physical* distributor, and not in the virtual one, as mandated +by the spec (this is what allows the direct deactivation). The virtual +distributor only caries the pending and active *states* (note the +plural, as these are two independent and non-overlapping states). + +Fix it by reading the HW state back, either from the timer itself or +from the distributor if necessary. + +Reported-by: Ricardo Koller +Tested-by: Ricardo Koller +Reviewed-by: Ricardo Koller +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220208123726.3604198-1-maz@kernel.org +Signed-off-by: Sasha Levin +--- + arch/arm64/kvm/vgic/vgic-mmio.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/arm64/kvm/vgic/vgic-mmio.c b/arch/arm64/kvm/vgic/vgic-mmio.c +index 48c6067fc5ecb..f972992682746 100644 +--- a/arch/arm64/kvm/vgic/vgic-mmio.c ++++ b/arch/arm64/kvm/vgic/vgic-mmio.c +@@ -248,6 +248,8 @@ unsigned long vgic_mmio_read_pending(struct kvm_vcpu *vcpu, + IRQCHIP_STATE_PENDING, + &val); + WARN_RATELIMIT(err, "IRQ %d", irq->host_irq); ++ } else if (vgic_irq_is_mapped_level(irq)) { ++ val = vgic_get_phys_line_level(irq); + } else { + val = irq_is_pending(irq); + } +-- +2.34.1 + diff --git a/queue-5.16/mac80211_hwsim-initialize-ieee80211_tx_info-at-hw_sc.patch b/queue-5.16/mac80211_hwsim-initialize-ieee80211_tx_info-at-hw_sc.patch new file mode 100644 index 00000000000..501f31096dc --- /dev/null +++ b/queue-5.16/mac80211_hwsim-initialize-ieee80211_tx_info-at-hw_sc.patch @@ -0,0 +1,51 @@ +From 781185a7fd69d0df83cfd81f60d05179b1c74c12 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 13 Jan 2022 15:02:35 +0900 +Subject: mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work + +From: JaeMan Park + +[ Upstream commit cacfddf82baf1470e5741edeecb187260868f195 ] + +In mac80211_hwsim, the probe_req frame is created and sent while +scanning. It is sent with ieee80211_tx_info which is not initialized. +Uninitialized ieee80211_tx_info can cause problems when using +mac80211_hwsim with wmediumd. wmediumd checks the tx_rates field of +ieee80211_tx_info and doesn't relay probe_req frame to other clients +even if it is a broadcasting message. + +Call ieee80211_tx_prepare_skb() to initialize ieee80211_tx_info for +the probe_req that is created by hw_scan_work in mac80211_hwsim. + +Signed-off-by: JaeMan Park +Link: https://lore.kernel.org/r/20220113060235.546107-1-jaeman@google.com +[fix memory leak] +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/mac80211_hwsim.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c +index 20fae2df848fb..f7cfda9192de2 100644 +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -2336,6 +2336,15 @@ static void hw_scan_work(struct work_struct *work) + if (req->ie_len) + skb_put_data(probe, req->ie, req->ie_len); + ++ if (!ieee80211_tx_prepare_skb(hwsim->hw, ++ hwsim->hw_scan_vif, ++ probe, ++ hwsim->tmp_chan->band, ++ NULL)) { ++ kfree_skb(probe); ++ continue; ++ } ++ + local_bh_disable(); + mac80211_hwsim_tx_frame(hwsim->hw, probe, + hwsim->tmp_chan); +-- +2.34.1 + diff --git a/queue-5.16/mac80211_hwsim-report-noack-frames-in-tx_status.patch b/queue-5.16/mac80211_hwsim-report-noack-frames-in-tx_status.patch new file mode 100644 index 00000000000..f6d810cf915 --- /dev/null +++ b/queue-5.16/mac80211_hwsim-report-noack-frames-in-tx_status.patch @@ -0,0 +1,38 @@ +From e695eaf729dd4f3df6a67d7112ba93cc522bec96 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Jan 2022 22:13:26 +0000 +Subject: mac80211_hwsim: report NOACK frames in tx_status + +From: Benjamin Beichler + +[ Upstream commit 42a79960ffa50bfe9e0bf5d6280be89bf563a5dd ] + +Add IEEE80211_TX_STAT_NOACK_TRANSMITTED to tx_status flags to have proper +statistics for non-acked frames. + +Signed-off-by: Benjamin Beichler +Link: https://lore.kernel.org/r/20220111221327.1499881-1-benjamin.beichler@uni-rostock.de +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/mac80211_hwsim.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c +index 23219f3747f81..20fae2df848fb 100644 +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -3770,6 +3770,10 @@ static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2, + } + txi->flags |= IEEE80211_TX_STAT_ACK; + } ++ ++ if (hwsim_flags & HWSIM_TX_CTL_NO_ACK) ++ txi->flags |= IEEE80211_TX_STAT_NOACK_TRANSMITTED; ++ + ieee80211_tx_status_irqsafe(data2->hw, skb); + return 0; + out: +-- +2.34.1 + diff --git a/queue-5.16/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch b/queue-5.16/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch new file mode 100644 index 00000000000..c2d7f0ac837 --- /dev/null +++ b/queue-5.16/net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch @@ -0,0 +1,38 @@ +From a9a66a6c112da13d91aa0fe4f42e3966a7dd8813 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 15 Feb 2022 12:13:35 +0100 +Subject: net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 + +From: Daniele Palmas + +[ Upstream commit 21e8a96377e6b6debae42164605bf9dcbe5720c5 ] + +Add quirk CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE for Telit FN990 +0x1071 composition in order to avoid bind error. + +Signed-off-by: Daniele Palmas +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/usb/cdc_mbim.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c +index 82bb5ed94c485..c0b8b4aa78f37 100644 +--- a/drivers/net/usb/cdc_mbim.c ++++ b/drivers/net/usb/cdc_mbim.c +@@ -659,6 +659,11 @@ static const struct usb_device_id mbim_devs[] = { + .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, + }, + ++ /* Telit FN990 */ ++ { USB_DEVICE_AND_INTERFACE_INFO(0x1bc7, 0x1071, USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), ++ .driver_info = (unsigned long)&cdc_mbim_info_avoid_altsetting_toggle, ++ }, ++ + /* default entry */ + { USB_INTERFACE_INFO(USB_CLASS_COMM, USB_CDC_SUBCLASS_MBIM, USB_CDC_PROTO_NONE), + .driver_info = (unsigned long)&cdc_mbim_info_zlp, +-- +2.34.1 + diff --git a/queue-5.16/regulator-core-fix-false-positive-in-regulator_late_.patch b/queue-5.16/regulator-core-fix-false-positive-in-regulator_late_.patch new file mode 100644 index 00000000000..7bd4683c744 --- /dev/null +++ b/queue-5.16/regulator-core-fix-false-positive-in-regulator_late_.patch @@ -0,0 +1,74 @@ +From 3da3c0ce897ebf1927c419f4cb98dfd13cd6e4cc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Feb 2022 09:46:45 +0100 +Subject: regulator: core: fix false positive in regulator_late_cleanup() + +From: Oliver Barta + +[ Upstream commit 4e2a354e3775870ca823f1fb29bbbffbe11059a6 ] + +The check done by regulator_late_cleanup() to detect whether a regulator +is on was inconsistent with the check done by _regulator_is_enabled(). +While _regulator_is_enabled() takes the enable GPIO into account, +regulator_late_cleanup() was not doing that. + +This resulted in a false positive, e.g. when a GPIO-controlled fixed +regulator was used, which was not enabled at boot time, e.g. + +reg_disp_1v2: reg_disp_1v2 { + compatible = "regulator-fixed"; + regulator-name = "display_1v2"; + regulator-min-microvolt = <1200000>; + regulator-max-microvolt = <1200000>; + gpio = <&tlmm 148 0>; + enable-active-high; +}; + +Such regulator doesn't have an is_enabled() operation. Nevertheless +it's state can be determined based on the enable GPIO. The check in +regulator_late_cleanup() wrongly assumed that the regulator is on and +tried to disable it. + +Signed-off-by: Oliver Barta +Link: https://lore.kernel.org/r/20220208084645.8686-1-oliver.barta@aptiv.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/regulator/core.c | 13 +++---------- + 1 file changed, 3 insertions(+), 10 deletions(-) + +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index 86aa4141efa92..d2553970a67ba 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -6014,9 +6014,8 @@ core_initcall(regulator_init); + static int regulator_late_cleanup(struct device *dev, void *data) + { + struct regulator_dev *rdev = dev_to_rdev(dev); +- const struct regulator_ops *ops = rdev->desc->ops; + struct regulation_constraints *c = rdev->constraints; +- int enabled, ret; ++ int ret; + + if (c && c->always_on) + return 0; +@@ -6029,14 +6028,8 @@ static int regulator_late_cleanup(struct device *dev, void *data) + if (rdev->use_count) + goto unlock; + +- /* If we can't read the status assume it's always on. */ +- if (ops->is_enabled) +- enabled = ops->is_enabled(rdev); +- else +- enabled = 1; +- +- /* But if reading the status failed, assume that it's off. */ +- if (enabled <= 0) ++ /* If reading the status failed, assume that it's off. */ ++ if (_regulator_is_enabled(rdev) <= 0) + goto unlock; + + if (have_full_constraints()) { +-- +2.34.1 + diff --git a/queue-5.16/selftests-ftrace-do-not-trace-do_softirq-because-of-.patch b/queue-5.16/selftests-ftrace-do-not-trace-do_softirq-because-of-.patch new file mode 100644 index 00000000000..8fde72212d6 --- /dev/null +++ b/queue-5.16/selftests-ftrace-do-not-trace-do_softirq-because-of-.patch @@ -0,0 +1,45 @@ +From c10c43668d07adc571deb30fe4e0b967cb0b6374 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Feb 2022 09:36:57 +0100 +Subject: selftests/ftrace: Do not trace do_softirq because of PREEMPT_RT + +From: Krzysztof Kozlowski + +[ Upstream commit 6fec1ab67f8d60704cc7de64abcfd389ab131542 ] + +The PREEMPT_RT patchset does not use do_softirq() function thus trying +to filter for do_softirq fails for such kernel: + + echo do_softirq + ftracetest: 81: echo: echo: I/O error + +Choose some other visible function for the test. The function does not +have to be actually executed during the test, because it is only testing +filter API interface. + +Signed-off-by: Krzysztof Kozlowski +Reviewed-by: Shuah Khan +Acked-by: Sebastian Andrzej Siewior +Reviewed-by: Steven Rostedt (Google) +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + .../selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc b/tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc +index e96e279e0533a..25432b8cd5bd2 100644 +--- a/tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc ++++ b/tools/testing/selftests/ftrace/test.d/ftrace/func_set_ftrace_file.tc +@@ -19,7 +19,7 @@ fail() { # mesg + + FILTER=set_ftrace_filter + FUNC1="schedule" +-FUNC2="do_softirq" ++FUNC2="scheduler_tick" + + ALL_FUNCS="#### all functions enabled ####" + +-- +2.34.1 + diff --git a/queue-5.16/selftests-seccomp-fix-seccomp-failure-by-adding-miss.patch b/queue-5.16/selftests-seccomp-fix-seccomp-failure-by-adding-miss.patch new file mode 100644 index 00000000000..a8b41df3b05 --- /dev/null +++ b/queue-5.16/selftests-seccomp-fix-seccomp-failure-by-adding-miss.patch @@ -0,0 +1,42 @@ +From f64140a82077a996a5240f5d8af2c39d9cd2e0c9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Feb 2022 12:30:49 -0800 +Subject: selftests/seccomp: Fix seccomp failure by adding missing headers + +From: Sherry Yang + +[ Upstream commit 21bffcb76ee2fbafc7d5946cef10abc9df5cfff7 ] + +seccomp_bpf failed on tests 47 global.user_notification_filter_empty +and 48 global.user_notification_filter_empty_threaded when it's +tested on updated kernel but with old kernel headers. Because old +kernel headers don't have definition of macro __NR_clone3 which is +required for these two tests. Since under selftests/, we can install +headers once for all tests (the default INSTALL_HDR_PATH is +usr/include), fix it by adding usr/include to the list of directories +to be searched. Use "-isystem" to indicate it's a system directory as +the real kernel headers directories are. + +Signed-off-by: Sherry Yang +Tested-by: Sherry Yang +Reviewed-by: Kees Cook +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/seccomp/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/seccomp/Makefile b/tools/testing/selftests/seccomp/Makefile +index 0ebfe8b0e147f..585f7a0c10cbe 100644 +--- a/tools/testing/selftests/seccomp/Makefile ++++ b/tools/testing/selftests/seccomp/Makefile +@@ -1,5 +1,5 @@ + # SPDX-License-Identifier: GPL-2.0 +-CFLAGS += -Wl,-no-as-needed -Wall ++CFLAGS += -Wl,-no-as-needed -Wall -isystem ../../../../usr/include/ + LDFLAGS += -lpthread + + TEST_GEN_PROGS := seccomp_bpf seccomp_benchmark +-- +2.34.1 + diff --git a/queue-5.16/series b/queue-5.16/series index e69de29bb2d..a03d4e74863 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -0,0 +1,27 @@ +mac80211_hwsim-report-noack-frames-in-tx_status.patch +mac80211_hwsim-initialize-ieee80211_tx_info-at-hw_sc.patch +i2c-bcm2835-avoid-clock-stretching-timeouts.patch +asoc-rt5682s-do-not-block-workqueue-if-card-is-unbou.patch +asoc-rt5668-do-not-block-workqueue-if-card-is-unboun.patch +asoc-rt5682-do-not-block-workqueue-if-card-is-unboun.patch +regulator-core-fix-false-positive-in-regulator_late_.patch +input-clear-btn_right-middle-on-buttonpads.patch +btrfs-get-rid-of-warning-on-transaction-commit-when-.patch +kvm-arm64-vgic-read-hw-interrupt-pending-state-from-.patch +block-loop-use-kstatfs.f_bsize-of-backing-file-to-se.patch +tipc-fix-a-bit-overflow-in-tipc_crypto_key_rcv.patch +cifs-do-not-use-uninitialized-data-in-the-owner-grou.patch +cifs-fix-double-free-race-when-mount-fails-in-cifs_g.patch +hid-amd_sfh-handle-amd_sfh-work-buffer-in-pm-ops.patch +hid-amd_sfh-add-functionality-to-clear-interrupts.patch +hid-amd_sfh-add-interrupt-handler-to-process-interru.patch +cifs-modefromsids-must-add-an-ace-for-authenticated-.patch +selftests-seccomp-fix-seccomp-failure-by-adding-miss.patch +drm-amd-pm-correct-umd-pstate-clocks-for-dimgrey-cav.patch +selftests-ftrace-do-not-trace-do_softirq-because-of-.patch +dmaengine-shdma-fix-runtime-pm-imbalance-on-error.patch +i2c-cadence-allow-compile_test.patch +i2c-imx-allow-compile_test.patch +i2c-qup-allow-compile_test.patch +net-usb-cdc_mbim-avoid-altsetting-toggling-for-telit.patch +block-map-add-__gfp_zero-flag-for-alloc_page-in-func.patch diff --git a/queue-5.16/tipc-fix-a-bit-overflow-in-tipc_crypto_key_rcv.patch b/queue-5.16/tipc-fix-a-bit-overflow-in-tipc_crypto_key_rcv.patch new file mode 100644 index 00000000000..49fa90cabb5 --- /dev/null +++ b/queue-5.16/tipc-fix-a-bit-overflow-in-tipc_crypto_key_rcv.patch @@ -0,0 +1,35 @@ +From 256b368c5f0cd5e93d575129dfe605c7bf1ed90c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Feb 2022 12:55:10 +0800 +Subject: tipc: fix a bit overflow in tipc_crypto_key_rcv() + +From: Hangyu Hua + +[ Upstream commit 143de8d97d79316590475dc2a84513c63c863ddf ] + +msg_data_sz return a 32bit value, but size is 16bit. This may lead to a +bit overflow. + +Signed-off-by: Hangyu Hua +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tipc/crypto.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/tipc/crypto.c b/net/tipc/crypto.c +index d293614d5fc65..b5074957e8812 100644 +--- a/net/tipc/crypto.c ++++ b/net/tipc/crypto.c +@@ -2287,7 +2287,7 @@ static bool tipc_crypto_key_rcv(struct tipc_crypto *rx, struct tipc_msg *hdr) + struct tipc_crypto *tx = tipc_net(rx->net)->crypto_tx; + struct tipc_aead_key *skey = NULL; + u16 key_gen = msg_key_gen(hdr); +- u16 size = msg_data_sz(hdr); ++ u32 size = msg_data_sz(hdr); + u8 *data = msg_data(hdr); + unsigned int keylen; + +-- +2.34.1 +