From: Greg Kroah-Hartman Date: Fri, 27 Sep 2024 08:02:02 +0000 (+0200) Subject: 6.1-stable patches X-Git-Tag: v6.1.112~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=86a91dbe1f788d60f600520aa19a14e72cbedb3f;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: can-mcp251xfd-move-mcp251xfd_timestamp_start-stop-into-mcp251xfd_chip_start-stop.patch can-mcp251xfd-properly-indent-labels.patch gpio-prevent-potential-speculation-leaks-in-gpio_device_get_desc.patch gpiolib-cdev-ignore-reconfiguration-without-direction.patch netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch netfilter-nft_set_pipapo-walk-over-current-view-on-netlink-dump.patch revert-wifi-cfg80211-check-wiphy-mutex-is-held-for-wdev-mutex.patch --- diff --git a/queue-6.1/can-mcp251xfd-move-mcp251xfd_timestamp_start-stop-into-mcp251xfd_chip_start-stop.patch b/queue-6.1/can-mcp251xfd-move-mcp251xfd_timestamp_start-stop-into-mcp251xfd_chip_start-stop.patch new file mode 100644 index 00000000000..77ac9d1fe56 --- /dev/null +++ b/queue-6.1/can-mcp251xfd-move-mcp251xfd_timestamp_start-stop-into-mcp251xfd_chip_start-stop.patch @@ -0,0 +1,106 @@ +From a7801540f325d104de5065850a003f1d9bdc6ad3 Mon Sep 17 00:00:00 2001 +From: Marc Kleine-Budde +Date: Wed, 11 Jan 2023 12:10:04 +0100 +Subject: can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() + +From: Marc Kleine-Budde + +commit a7801540f325d104de5065850a003f1d9bdc6ad3 upstream. + +The mcp251xfd wakes up from Low Power or Sleep Mode when SPI activity +is detected. To avoid this, make sure that the timestamp worker is +stopped before shutting down the chip. + +Split the starting of the timestamp worker out of +mcp251xfd_timestamp_init() into the separate function +mcp251xfd_timestamp_start(). + +Call mcp251xfd_timestamp_init() before mcp251xfd_chip_start(), move +mcp251xfd_timestamp_start() to mcp251xfd_chip_start(). In this way, +mcp251xfd_timestamp_stop() can be called unconditionally by +mcp251xfd_chip_stop(). + +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 8 +++++--- + drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c | 7 +++++-- + drivers/net/can/spi/mcp251xfd/mcp251xfd.h | 1 + + 3 files changed, 11 insertions(+), 5 deletions(-) + +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +@@ -744,6 +744,7 @@ static void mcp251xfd_chip_stop(struct m + + mcp251xfd_chip_interrupts_disable(priv); + mcp251xfd_chip_rx_int_disable(priv); ++ mcp251xfd_timestamp_stop(priv); + mcp251xfd_chip_sleep(priv); + } + +@@ -763,6 +764,8 @@ static int mcp251xfd_chip_start(struct m + if (err) + goto out_chip_stop; + ++ mcp251xfd_timestamp_start(priv); ++ + err = mcp251xfd_set_bittiming(priv); + if (err) + goto out_chip_stop; +@@ -1610,11 +1613,12 @@ static int mcp251xfd_open(struct net_dev + if (err) + goto out_mcp251xfd_ring_free; + ++ mcp251xfd_timestamp_init(priv); ++ + err = mcp251xfd_chip_start(priv); + if (err) + goto out_transceiver_disable; + +- mcp251xfd_timestamp_init(priv); + clear_bit(MCP251XFD_FLAGS_DOWN, priv->flags); + can_rx_offload_enable(&priv->offload); + +@@ -1648,7 +1652,6 @@ out_destroy_workqueue: + out_can_rx_offload_disable: + can_rx_offload_disable(&priv->offload); + set_bit(MCP251XFD_FLAGS_DOWN, priv->flags); +- mcp251xfd_timestamp_stop(priv); + out_transceiver_disable: + mcp251xfd_transceiver_disable(priv); + out_mcp251xfd_ring_free: +@@ -1674,7 +1677,6 @@ static int mcp251xfd_stop(struct net_dev + free_irq(ndev->irq, priv); + destroy_workqueue(priv->wq); + can_rx_offload_disable(&priv->offload); +- mcp251xfd_timestamp_stop(priv); + mcp251xfd_chip_stop(priv, CAN_STATE_STOPPED); + mcp251xfd_transceiver_disable(priv); + mcp251xfd_ring_free(priv); +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-timestamp.c +@@ -48,9 +48,12 @@ void mcp251xfd_timestamp_init(struct mcp + cc->shift = 1; + cc->mult = clocksource_hz2mult(priv->can.clock.freq, cc->shift); + +- timecounter_init(&priv->tc, &priv->cc, ktime_get_real_ns()); +- + INIT_DELAYED_WORK(&priv->timestamp, mcp251xfd_timestamp_work); ++} ++ ++void mcp251xfd_timestamp_start(struct mcp251xfd_priv *priv) ++{ ++ timecounter_init(&priv->tc, &priv->cc, ktime_get_real_ns()); + schedule_delayed_work(&priv->timestamp, + MCP251XFD_TIMESTAMP_WORK_DELAY_SEC * HZ); + } +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd.h ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd.h +@@ -939,6 +939,7 @@ int mcp251xfd_ring_alloc(struct mcp251xf + int mcp251xfd_handle_rxif(struct mcp251xfd_priv *priv); + int mcp251xfd_handle_tefif(struct mcp251xfd_priv *priv); + void mcp251xfd_timestamp_init(struct mcp251xfd_priv *priv); ++void mcp251xfd_timestamp_start(struct mcp251xfd_priv *priv); + void mcp251xfd_timestamp_stop(struct mcp251xfd_priv *priv); + + void mcp251xfd_tx_obj_write_sync(struct work_struct *work); diff --git a/queue-6.1/can-mcp251xfd-properly-indent-labels.patch b/queue-6.1/can-mcp251xfd-properly-indent-labels.patch new file mode 100644 index 00000000000..e08053b5fe1 --- /dev/null +++ b/queue-6.1/can-mcp251xfd-properly-indent-labels.patch @@ -0,0 +1,145 @@ +From 51b2a721612236335ddec4f3fb5f59e72a204f3a Mon Sep 17 00:00:00 2001 +From: Marc Kleine-Budde +Date: Thu, 25 Apr 2024 10:14:45 +0200 +Subject: can: mcp251xfd: properly indent labels + +From: Marc Kleine-Budde + +commit 51b2a721612236335ddec4f3fb5f59e72a204f3a upstream. + +To fix the coding style, remove the whitespace in front of labels. + +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c | 34 +++++++++++------------ + drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c | 2 - + drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c | 2 - + drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c | 2 - + 4 files changed, 20 insertions(+), 20 deletions(-) + +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-core.c +@@ -791,7 +791,7 @@ static int mcp251xfd_chip_start(struct m + + return 0; + +- out_chip_stop: ++out_chip_stop: + mcp251xfd_dump(priv); + mcp251xfd_chip_stop(priv, CAN_STATE_STOPPED); + +@@ -1576,7 +1576,7 @@ static irqreturn_t mcp251xfd_irq(int irq + handled = IRQ_HANDLED; + } while (1); + +- out_fail: ++out_fail: + can_rx_offload_threaded_irq_finish(&priv->offload); + + netdev_err(priv->ndev, "IRQ handler returned %d (intf=0x%08x).\n", +@@ -1641,22 +1641,22 @@ static int mcp251xfd_open(struct net_dev + + return 0; + +- out_free_irq: ++out_free_irq: + free_irq(spi->irq, priv); +- out_destroy_workqueue: ++out_destroy_workqueue: + destroy_workqueue(priv->wq); +- out_can_rx_offload_disable: ++out_can_rx_offload_disable: + can_rx_offload_disable(&priv->offload); + set_bit(MCP251XFD_FLAGS_DOWN, priv->flags); + mcp251xfd_timestamp_stop(priv); +- out_transceiver_disable: ++out_transceiver_disable: + mcp251xfd_transceiver_disable(priv); +- out_mcp251xfd_ring_free: ++out_mcp251xfd_ring_free: + mcp251xfd_ring_free(priv); +- out_pm_runtime_put: ++out_pm_runtime_put: + mcp251xfd_chip_stop(priv, CAN_STATE_STOPPED); + pm_runtime_put(ndev->dev.parent); +- out_close_candev: ++out_close_candev: + close_candev(ndev); + + return err; +@@ -1820,9 +1820,9 @@ mcp251xfd_register_get_dev_id(const stru + *effective_speed_hz_slow = xfer[0].effective_speed_hz; + *effective_speed_hz_fast = xfer[1].effective_speed_hz; + +- out_kfree_buf_tx: ++out_kfree_buf_tx: + kfree(buf_tx); +- out_kfree_buf_rx: ++out_kfree_buf_rx: + kfree(buf_rx); + + return err; +@@ -1936,13 +1936,13 @@ static int mcp251xfd_register(struct mcp + + return 0; + +- out_unregister_candev: ++out_unregister_candev: + unregister_candev(ndev); +- out_chip_sleep: ++out_chip_sleep: + mcp251xfd_chip_sleep(priv); +- out_runtime_disable: ++out_runtime_disable: + pm_runtime_disable(ndev->dev.parent); +- out_runtime_put_noidle: ++out_runtime_put_noidle: + pm_runtime_put_noidle(ndev->dev.parent); + mcp251xfd_clks_and_vdd_disable(priv); + +@@ -2162,9 +2162,9 @@ static int mcp251xfd_probe(struct spi_de + + return 0; + +- out_can_rx_offload_del: ++out_can_rx_offload_del: + can_rx_offload_del(&priv->offload); +- out_free_candev: ++out_free_candev: + spi->max_speed_hz = priv->spi_max_speed_hz_orig; + + free_candev(ndev); +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-dump.c +@@ -94,7 +94,7 @@ static void mcp251xfd_dump_registers(con + kfree(buf); + } + +- out: ++out: + mcp251xfd_dump_header(iter, MCP251XFD_DUMP_OBJECT_TYPE_REG, reg); + } + +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-regmap.c +@@ -397,7 +397,7 @@ mcp251xfd_regmap_crc_read(void *context, + + return err; + } +- out: ++out: + memcpy(val_buf, buf_rx->data, val_len); + + return 0; +--- a/drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c ++++ b/drivers/net/can/spi/mcp251xfd/mcp251xfd-tef.c +@@ -219,7 +219,7 @@ int mcp251xfd_handle_tefif(struct mcp251 + total_frame_len += frame_len; + } + +- out_netif_wake_queue: ++out_netif_wake_queue: + len = i; /* number of handled goods TEFs */ + if (len) { + struct mcp251xfd_tef_ring *ring = priv->tef; diff --git a/queue-6.1/gpio-prevent-potential-speculation-leaks-in-gpio_device_get_desc.patch b/queue-6.1/gpio-prevent-potential-speculation-leaks-in-gpio_device_get_desc.patch new file mode 100644 index 00000000000..0621edebb5b --- /dev/null +++ b/queue-6.1/gpio-prevent-potential-speculation-leaks-in-gpio_device_get_desc.patch @@ -0,0 +1,50 @@ +From d795848ecce24a75dfd46481aee066ae6fe39775 Mon Sep 17 00:00:00 2001 +From: Hagar Hemdan +Date: Thu, 23 May 2024 08:53:32 +0000 +Subject: gpio: prevent potential speculation leaks in gpio_device_get_desc() + +From: Hagar Hemdan + +commit d795848ecce24a75dfd46481aee066ae6fe39775 upstream. + +Userspace may trigger a speculative read of an address outside the gpio +descriptor array. +Users can do that by calling gpio_ioctl() with an offset out of range. +Offset is copied from user and then used as an array index to get +the gpio descriptor without sanitization in gpio_device_get_desc(). + +This change ensures that the offset is sanitized by using +array_index_nospec() to mitigate any possibility of speculative +information leaks. + +This bug was discovered and resolved using Coverity Static Analysis +Security Testing (SAST) by Synopsys, Inc. + +Signed-off-by: Hagar Hemdan +Link: https://lore.kernel.org/r/20240523085332.1801-1-hagarhem@amazon.com +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Hugo SIMELIERE +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpiolib.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpio/gpiolib.c ++++ b/drivers/gpio/gpiolib.c +@@ -5,6 +5,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -146,7 +147,7 @@ struct gpio_desc *gpiochip_get_desc(stru + if (hwnum >= gdev->ngpio) + return ERR_PTR(-EINVAL); + +- return &gdev->descs[hwnum]; ++ return &gdev->descs[array_index_nospec(hwnum, gdev->ngpio)]; + } + EXPORT_SYMBOL_GPL(gpiochip_get_desc); + diff --git a/queue-6.1/gpiolib-cdev-ignore-reconfiguration-without-direction.patch b/queue-6.1/gpiolib-cdev-ignore-reconfiguration-without-direction.patch new file mode 100644 index 00000000000..4633d242d79 --- /dev/null +++ b/queue-6.1/gpiolib-cdev-ignore-reconfiguration-without-direction.patch @@ -0,0 +1,68 @@ +From b440396387418fe2feaacd41ca16080e7a8bc9ad Mon Sep 17 00:00:00 2001 +From: Kent Gibson +Date: Wed, 26 Jun 2024 13:29:23 +0800 +Subject: gpiolib: cdev: Ignore reconfiguration without direction + +From: Kent Gibson + +commit b440396387418fe2feaacd41ca16080e7a8bc9ad upstream. + +linereq_set_config() behaves badly when direction is not set. +The configuration validation is borrowed from linereq_create(), where, +to verify the intent of the user, the direction must be set to in order to +effect a change to the electrical configuration of a line. But, when +applied to reconfiguration, that validation does not allow for the unset +direction case, making it possible to clear flags set previously without +specifying the line direction. + +Adding to the inconsistency, those changes are not immediately applied by +linereq_set_config(), but will take effect when the line value is next get +or set. + +For example, by requesting a configuration with no flags set, an output +line with GPIO_V2_LINE_FLAG_ACTIVE_LOW and GPIO_V2_LINE_FLAG_OPEN_DRAIN +set could have those flags cleared, inverting the sense of the line and +changing the line drive to push-pull on the next line value set. + +Skip the reconfiguration of lines for which the direction is not set, and +only reconfigure the lines for which direction is set. + +Fixes: a54756cb24ea ("gpiolib: cdev: support GPIO_V2_LINE_SET_CONFIG_IOCTL") +Signed-off-by: Kent Gibson +Link: https://lore.kernel.org/r/20240626052925.174272-3-warthog618@gmail.com +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpio/gpiolib-cdev.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +--- a/drivers/gpio/gpiolib-cdev.c ++++ b/drivers/gpio/gpiolib-cdev.c +@@ -1523,12 +1523,14 @@ static long linereq_set_config_unlocked( + line = &lr->lines[i]; + desc = lr->lines[i].desc; + flags = gpio_v2_line_config_flags(lc, i); +- gpio_v2_line_config_flags_to_desc_flags(flags, &desc->flags); +- edflags = flags & GPIO_V2_LINE_EDGE_DETECTOR_FLAGS; + /* +- * Lines have to be requested explicitly for input +- * or output, else the line will be treated "as is". ++ * Lines not explicitly reconfigured as input or output ++ * are left unchanged. + */ ++ if (!(flags & GPIO_V2_LINE_DIRECTION_FLAGS)) ++ continue; ++ gpio_v2_line_config_flags_to_desc_flags(flags, &desc->flags); ++ edflags = flags & GPIO_V2_LINE_EDGE_DETECTOR_FLAGS; + if (flags & GPIO_V2_LINE_FLAG_OUTPUT) { + int val = gpio_v2_line_config_output_value(lc, i); + +@@ -1536,7 +1538,7 @@ static long linereq_set_config_unlocked( + ret = gpiod_direction_output(desc, val); + if (ret) + return ret; +- } else if (flags & GPIO_V2_LINE_FLAG_INPUT) { ++ } else { + ret = gpiod_direction_input(desc); + if (ret) + return ret; diff --git a/queue-6.1/netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch b/queue-6.1/netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch new file mode 100644 index 00000000000..96525309c53 --- /dev/null +++ b/queue-6.1/netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch @@ -0,0 +1,45 @@ +From stable+bounces-76611-greg=kroah.com@vger.kernel.org Tue Sep 17 22:25:29 2024 +From: Pablo Neira Ayuso +Date: Tue, 17 Sep 2024 22:25:04 +0200 +Subject: netfilter: nf_tables: missing iterator type in lookup walk +To: netfilter-devel@vger.kernel.org +Cc: gregkh@linuxfoundation.org, sashal@kernel.org, stable@vger.kernel.org +Message-ID: <20240917202504.176664-3-pablo@netfilter.org> + +From: Pablo Neira Ayuso + +commit efefd4f00c967d00ad7abe092554ffbb70c1a793 upstream. + +Add missing decorator type to lookup expression and tighten WARN_ON_ONCE +check in pipapo to spot earlier that this is unset. + +Fixes: 29b359cf6d95 ("netfilter: nft_set_pipapo: walk over current view on netlink dump") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nft_lookup.c | 1 + + net/netfilter/nft_set_pipapo.c | 3 ++- + 2 files changed, 3 insertions(+), 1 deletion(-) + +--- a/net/netfilter/nft_lookup.c ++++ b/net/netfilter/nft_lookup.c +@@ -211,6 +211,7 @@ static int nft_lookup_validate(const str + return 0; + + iter.genmask = nft_genmask_next(ctx->net); ++ iter.type = NFT_ITER_UPDATE; + iter.skip = 0; + iter.count = 0; + iter.err = 0; +--- a/net/netfilter/nft_set_pipapo.c ++++ b/net/netfilter/nft_set_pipapo.c +@@ -2046,7 +2046,8 @@ static void nft_pipapo_walk(const struct + const struct nft_pipapo_field *f; + int i, r; + +- WARN_ON_ONCE(iter->type == NFT_ITER_UNSPEC); ++ WARN_ON_ONCE(iter->type != NFT_ITER_READ && ++ iter->type != NFT_ITER_UPDATE); + + rcu_read_lock(); + if (iter->type == NFT_ITER_READ) diff --git a/queue-6.1/netfilter-nft_set_pipapo-walk-over-current-view-on-netlink-dump.patch b/queue-6.1/netfilter-nft_set_pipapo-walk-over-current-view-on-netlink-dump.patch new file mode 100644 index 00000000000..a266ff822a4 --- /dev/null +++ b/queue-6.1/netfilter-nft_set_pipapo-walk-over-current-view-on-netlink-dump.patch @@ -0,0 +1,114 @@ +From stable+bounces-76610-greg=kroah.com@vger.kernel.org Tue Sep 17 22:25:26 2024 +From: Pablo Neira Ayuso +Date: Tue, 17 Sep 2024 22:25:03 +0200 +Subject: netfilter: nft_set_pipapo: walk over current view on netlink dump +To: netfilter-devel@vger.kernel.org +Cc: gregkh@linuxfoundation.org, sashal@kernel.org, stable@vger.kernel.org +Message-ID: <20240917202504.176664-2-pablo@netfilter.org> + +From: Pablo Neira Ayuso + +commit 29b359cf6d95fd60730533f7f10464e95bd17c73 upstream. + +The generation mask can be updated while netlink dump is in progress. +The pipapo set backend walk iterator cannot rely on it to infer what +view of the datastructure is to be used. Add notation to specify if user +wants to read/update the set. + +Based on patch from Florian Westphal. + +Fixes: 2b84e215f874 ("netfilter: nft_set_pipapo: .walk does not deal with generations") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + include/net/netfilter/nf_tables.h | 13 +++++++++++++ + net/netfilter/nf_tables_api.c | 5 +++++ + net/netfilter/nft_set_pipapo.c | 5 +++-- + 3 files changed, 21 insertions(+), 2 deletions(-) + +--- a/include/net/netfilter/nf_tables.h ++++ b/include/net/netfilter/nf_tables.h +@@ -296,9 +296,22 @@ struct nft_set_elem { + void *priv; + }; + ++/** ++ * enum nft_iter_type - nftables set iterator type ++ * ++ * @NFT_ITER_READ: read-only iteration over set elements ++ * @NFT_ITER_UPDATE: iteration under mutex to update set element state ++ */ ++enum nft_iter_type { ++ NFT_ITER_UNSPEC, ++ NFT_ITER_READ, ++ NFT_ITER_UPDATE, ++}; ++ + struct nft_set; + struct nft_set_iter { + u8 genmask; ++ enum nft_iter_type type:8; + unsigned int count; + unsigned int skip; + int err; +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -628,6 +628,7 @@ static void nft_map_deactivate(const str + { + struct nft_set_iter iter = { + .genmask = nft_genmask_next(ctx->net), ++ .type = NFT_ITER_UPDATE, + .fn = nft_mapelem_deactivate, + }; + +@@ -5143,6 +5144,7 @@ int nf_tables_bind_set(const struct nft_ + } + + iter.genmask = nft_genmask_next(ctx->net); ++ iter.type = NFT_ITER_UPDATE; + iter.skip = 0; + iter.count = 0; + iter.err = 0; +@@ -5218,6 +5220,7 @@ static void nft_map_activate(const struc + { + struct nft_set_iter iter = { + .genmask = nft_genmask_next(ctx->net), ++ .type = NFT_ITER_UPDATE, + .fn = nft_mapelem_activate, + }; + +@@ -5574,6 +5577,7 @@ static int nf_tables_dump_set(struct sk_ + args.cb = cb; + args.skb = skb; + args.iter.genmask = nft_genmask_cur(net); ++ args.iter.type = NFT_ITER_READ; + args.iter.skip = cb->args[0]; + args.iter.count = 0; + args.iter.err = 0; +@@ -6957,6 +6961,7 @@ static int nft_set_flush(struct nft_ctx + { + struct nft_set_iter iter = { + .genmask = genmask, ++ .type = NFT_ITER_UPDATE, + .fn = nft_setelem_flush, + }; + +--- a/net/netfilter/nft_set_pipapo.c ++++ b/net/netfilter/nft_set_pipapo.c +@@ -2042,13 +2042,14 @@ static void nft_pipapo_walk(const struct + struct nft_set_iter *iter) + { + struct nft_pipapo *priv = nft_set_priv(set); +- struct net *net = read_pnet(&set->net); + const struct nft_pipapo_match *m; + const struct nft_pipapo_field *f; + int i, r; + ++ WARN_ON_ONCE(iter->type == NFT_ITER_UNSPEC); ++ + rcu_read_lock(); +- if (iter->genmask == nft_genmask_cur(net)) ++ if (iter->type == NFT_ITER_READ) + m = rcu_dereference(priv->match); + else + m = priv->clone; diff --git a/queue-6.1/revert-wifi-cfg80211-check-wiphy-mutex-is-held-for-wdev-mutex.patch b/queue-6.1/revert-wifi-cfg80211-check-wiphy-mutex-is-held-for-wdev-mutex.patch new file mode 100644 index 00000000000..01671a43db6 --- /dev/null +++ b/queue-6.1/revert-wifi-cfg80211-check-wiphy-mutex-is-held-for-wdev-mutex.patch @@ -0,0 +1,67 @@ +From pkshih@realtek.com Fri Sep 27 09:45:55 2024 +From: Ping-Ke Shih +Date: Thu, 26 Sep 2024 08:30:17 +0800 +Subject: Revert "wifi: cfg80211: check wiphy mutex is held for wdev mutex" +To: +Cc: , +Message-ID: <20240926003017.5427-1-pkshih@realtek.com> + +From: Ping-Ke Shih + +This reverts commit 19d13ec00a8b1d60c5cc06bd0006b91d5bd8d46f which is +commmit 1474bc87fe57deac726cc10203f73daa6c3212f7 upstream. + +The reverted commit is based on implementation of wiphy locking that isn't +planned to redo on a stable kernel, so revert it to avoid warning: + + WARNING: CPU: 0 PID: 9 at net/wireless/core.h:231 disconnect_work+0xb8/0x144 [cfg80211] + CPU: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.6.51-00141-ga1649b6f8ed6 #7 + Hardware name: Freescale i.MX6 SoloX (Device Tree) + Workqueue: events disconnect_work [cfg80211] + unwind_backtrace from show_stack+0x10/0x14 + show_stack from dump_stack_lvl+0x58/0x70 + dump_stack_lvl from __warn+0x70/0x1c0 + __warn from warn_slowpath_fmt+0x16c/0x294 + warn_slowpath_fmt from disconnect_work+0xb8/0x144 [cfg80211] + disconnect_work [cfg80211] from process_one_work+0x204/0x620 + process_one_work from worker_thread+0x1b0/0x474 + worker_thread from kthread+0x10c/0x12c + kthread from ret_from_fork+0x14/0x24 + +Reported-by: petter@technux.se +Closes: https://lore.kernel.org/linux-wireless/9e98937d781c990615ef27ee0c858ff9@technux.se/T/#t +Cc: Johannes Berg +Signed-off-by: Ping-Ke Shih +Signed-off-by: Greg Kroah-Hartman +--- + net/wireless/core.h | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/net/wireless/core.h ++++ b/net/wireless/core.h +@@ -228,7 +228,6 @@ void cfg80211_register_wdev(struct cfg80 + static inline void wdev_lock(struct wireless_dev *wdev) + __acquires(wdev) + { +- lockdep_assert_held(&wdev->wiphy->mtx); + mutex_lock(&wdev->mtx); + __acquire(wdev->mtx); + } +@@ -236,16 +235,11 @@ static inline void wdev_lock(struct wire + static inline void wdev_unlock(struct wireless_dev *wdev) + __releases(wdev) + { +- lockdep_assert_held(&wdev->wiphy->mtx); + __release(wdev->mtx); + mutex_unlock(&wdev->mtx); + } + +-static inline void ASSERT_WDEV_LOCK(struct wireless_dev *wdev) +-{ +- lockdep_assert_held(&wdev->wiphy->mtx); +- lockdep_assert_held(&wdev->mtx); +-} ++#define ASSERT_WDEV_LOCK(wdev) lockdep_assert_held(&(wdev)->mtx) + + static inline bool cfg80211_has_monitors_only(struct cfg80211_registered_device *rdev) + { diff --git a/queue-6.1/series b/queue-6.1/series index aa5be7ab593..0d62cc44a89 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -58,3 +58,10 @@ xfs-set-bnobt-cntbt-numrecs-correctly-when-formatting-new-ags.patch xfs-journal-geometry-is-not-properly-bounds-checked.patch netfilter-nft_socket-make-cgroupsv2-matching-work-with-namespaces.patch netfilter-nft_socket-fix-a-null-vs-is_err-bug-in-nft_socket_cgroup_subtree_level.patch +netfilter-nft_set_pipapo-walk-over-current-view-on-netlink-dump.patch +netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch +revert-wifi-cfg80211-check-wiphy-mutex-is-held-for-wdev-mutex.patch +gpiolib-cdev-ignore-reconfiguration-without-direction.patch +gpio-prevent-potential-speculation-leaks-in-gpio_device_get_desc.patch +can-mcp251xfd-properly-indent-labels.patch +can-mcp251xfd-move-mcp251xfd_timestamp_start-stop-into-mcp251xfd_chip_start-stop.patch