From: Sasha Levin Date: Wed, 22 Mar 2023 19:40:34 +0000 (-0400) Subject: Fixes for 6.1 X-Git-Tag: v5.15.105~84 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8dd1398c7425ae2ed0cb0b091e23b16053cfccf0;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 6.1 Signed-off-by: Sasha Levin --- diff --git a/queue-6.1/drm-amd-display-fix-k1-k2-divider-programming-for-ph.patch b/queue-6.1/drm-amd-display-fix-k1-k2-divider-programming-for-ph.patch new file mode 100644 index 00000000000..0a8a6a8ac68 --- /dev/null +++ b/queue-6.1/drm-amd-display-fix-k1-k2-divider-programming-for-ph.patch @@ -0,0 +1,49 @@ +From 4f0025f198e8e65b4bdacd66e054d06ff6544441 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 30 Jan 2023 13:07:59 -0500 +Subject: drm/amd/display: fix k1 k2 divider programming for phantom streams + +From: Aurabindo Pillai + +[ Upstream commit 3b214bb7185d8284d7d4c53e15127f69a375abf6 ] + +[Why & How] +When k1 and k2 divider programming logic is executed for a phantom +stream, the corresponding master stream should be used for the +calculation. Fix the if condition to use the master stream for checking +signal type instead of the phantom stream. + +Reviewed-by: Alvin Lee +Acked-by: Qingqing Zhuo +Signed-off-by: Aurabindo Pillai +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Stable-dep-of: 709671ffb15d ("drm/amd/display: Remove OTG DIV register write for Virtual signals.") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +index f31d8efadeb75..f108e82e70c8b 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +@@ -1174,13 +1174,13 @@ unsigned int dcn32_calculate_dccg_k1_k2_values(struct pipe_ctx *pipe_ctx, unsign + if (is_dp_128b_132b_signal(pipe_ctx)) { + *k1_div = PIXEL_RATE_DIV_BY_1; + *k2_div = PIXEL_RATE_DIV_BY_1; +- } else if (dc_is_hdmi_tmds_signal(pipe_ctx->stream->signal) || dc_is_dvi_signal(pipe_ctx->stream->signal)) { ++ } else if (dc_is_hdmi_tmds_signal(stream->signal) || dc_is_dvi_signal(stream->signal)) { + *k1_div = PIXEL_RATE_DIV_BY_1; + if (stream->timing.pixel_encoding == PIXEL_ENCODING_YCBCR420) + *k2_div = PIXEL_RATE_DIV_BY_2; + else + *k2_div = PIXEL_RATE_DIV_BY_4; +- } else if (dc_is_dp_signal(pipe_ctx->stream->signal) || dc_is_virtual_signal(pipe_ctx->stream->signal)) { ++ } else if (dc_is_dp_signal(stream->signal) || dc_is_virtual_signal(stream->signal)) { + if (two_pix_per_container) { + *k1_div = PIXEL_RATE_DIV_BY_1; + *k2_div = PIXEL_RATE_DIV_BY_2; +-- +2.39.2 + diff --git a/queue-6.1/drm-amd-display-include-virtual-signal-to-set-k1-and.patch b/queue-6.1/drm-amd-display-include-virtual-signal-to-set-k1-and.patch new file mode 100644 index 00000000000..cc8362b45ba --- /dev/null +++ b/queue-6.1/drm-amd-display-include-virtual-signal-to-set-k1-and.patch @@ -0,0 +1,36 @@ +From 2440232ea9d8b67408d1ab2ffb91d1cf7e1deecb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Oct 2022 14:28:47 -0400 +Subject: drm/amd/display: Include virtual signal to set k1 and k2 values + +From: Eric Bernstein + +[ Upstream commit 368307cef69ccd9bf5511f25e58e3a103be169fb ] + +Reviewed-by: Charlene Liu +Acked-by: Alex Hung +Signed-off-by: Eric Bernstein +Tested-by: Mark Broadworth +Signed-off-by: Alex Deucher +Stable-dep-of: 709671ffb15d ("drm/amd/display: Remove OTG DIV register write for Virtual signals.") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +index d0b46a3e01551..f31d8efadeb75 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +@@ -1180,7 +1180,7 @@ unsigned int dcn32_calculate_dccg_k1_k2_values(struct pipe_ctx *pipe_ctx, unsign + *k2_div = PIXEL_RATE_DIV_BY_2; + else + *k2_div = PIXEL_RATE_DIV_BY_4; +- } else if (dc_is_dp_signal(pipe_ctx->stream->signal)) { ++ } else if (dc_is_dp_signal(pipe_ctx->stream->signal) || dc_is_virtual_signal(pipe_ctx->stream->signal)) { + if (two_pix_per_container) { + *k1_div = PIXEL_RATE_DIV_BY_1; + *k2_div = PIXEL_RATE_DIV_BY_2; +-- +2.39.2 + diff --git a/queue-6.1/drm-amd-display-remove-otg-div-register-write-for-vi.patch b/queue-6.1/drm-amd-display-remove-otg-div-register-write-for-vi.patch new file mode 100644 index 00000000000..26047c43f7a --- /dev/null +++ b/queue-6.1/drm-amd-display-remove-otg-div-register-write-for-vi.patch @@ -0,0 +1,49 @@ +From 83deb9b610b14ab419e7f10573a0a022c6d20d7d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Feb 2023 18:55:07 -0500 +Subject: drm/amd/display: Remove OTG DIV register write for Virtual signals. + +From: Saaem Rizvi + +[ Upstream commit 709671ffb15dcd1b4f6afe2a9d8c67c7c4ead4a1 ] + +[WHY] +Hot plugging and then hot unplugging leads to k1 and k2 values to +change, as signal is detected as a virtual signal on hot unplug. Writing +these values to OTG_PIXEL_RATE_DIV register might cause primary display +to blank (known hw bug). + +[HOW] +No longer write k1 and k2 values to register if signal is virtual, we +have safe guards in place in the case that k1 and k2 is unassigned so +that an unknown value is not written to the register either. + +Cc: stable@vger.kernel.org +Cc: Mario Limonciello +Reviewed-by: Samson Tam +Reviewed-by: Alvin Lee +Acked-by: Qingqing Zhuo +Signed-off-by: Saaem Rizvi +Tested-by: Daniel Wheeler +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +index f108e82e70c8b..1a85509c12f23 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c ++++ b/drivers/gpu/drm/amd/display/dc/dcn32/dcn32_hwseq.c +@@ -1180,7 +1180,7 @@ unsigned int dcn32_calculate_dccg_k1_k2_values(struct pipe_ctx *pipe_ctx, unsign + *k2_div = PIXEL_RATE_DIV_BY_2; + else + *k2_div = PIXEL_RATE_DIV_BY_4; +- } else if (dc_is_dp_signal(stream->signal) || dc_is_virtual_signal(stream->signal)) { ++ } else if (dc_is_dp_signal(stream->signal)) { + if (two_pix_per_container) { + *k1_div = PIXEL_RATE_DIV_BY_1; + *k2_div = PIXEL_RATE_DIV_BY_2; +-- +2.39.2 + diff --git a/queue-6.1/interconnect-qcom-osm-l3-fix-icc_onecell_data-alloca.patch b/queue-6.1/interconnect-qcom-osm-l3-fix-icc_onecell_data-alloca.patch new file mode 100644 index 00000000000..329e10031d4 --- /dev/null +++ b/queue-6.1/interconnect-qcom-osm-l3-fix-icc_onecell_data-alloca.patch @@ -0,0 +1,43 @@ +From b03f8e8c6fa7970227e655f9607f0b22bfdb9a27 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Jan 2023 02:22:19 +0200 +Subject: interconnect: qcom: osm-l3: fix icc_onecell_data allocation + +From: Dmitry Baryshkov + +[ Upstream commit f77ebdda0ee652124061c2ac42399bb6c367e729 ] + +This is a struct with a trailing zero-length array of icc_node pointers +but it's allocated as if it were a single array of icc_nodes instead. + +Fortunately this overallocates memory rather then allocating less memory +than required. + +Fix by replacing devm_kcalloc() with devm_kzalloc() and struct_size() +macro. + +Fixes: 5bc9900addaf ("interconnect: qcom: Add OSM L3 interconnect provider support") +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20230105002221.1416479-2-dmitry.baryshkov@linaro.org +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/qcom/osm-l3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/interconnect/qcom/osm-l3.c b/drivers/interconnect/qcom/osm-l3.c +index 333adb21e7176..46b538e6c07b6 100644 +--- a/drivers/interconnect/qcom/osm-l3.c ++++ b/drivers/interconnect/qcom/osm-l3.c +@@ -294,7 +294,7 @@ static int qcom_osm_l3_probe(struct platform_device *pdev) + qnodes = desc->nodes; + num_nodes = desc->num_nodes; + +- data = devm_kcalloc(&pdev->dev, num_nodes, sizeof(*node), GFP_KERNEL); ++ data = devm_kzalloc(&pdev->dev, struct_size(data, nodes, num_nodes), GFP_KERNEL); + if (!data) + return -ENOMEM; + +-- +2.39.2 + diff --git a/queue-6.1/interconnect-qcom-qcm2290-fix-master_snoc_bimc_nrt.patch b/queue-6.1/interconnect-qcom-qcm2290-fix-master_snoc_bimc_nrt.patch new file mode 100644 index 00000000000..b09d30ecb45 --- /dev/null +++ b/queue-6.1/interconnect-qcom-qcm2290-fix-master_snoc_bimc_nrt.patch @@ -0,0 +1,43 @@ +From b7bc171dcded9fa4de4a8fb5ca80991bb338bae4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 3 Jan 2023 15:21:20 +0100 +Subject: interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT + +From: Konrad Dybcio + +[ Upstream commit 633a12fda6536a1a17bcea29502e777e86a4547e ] + +Due to what seems to be a copy-paste error, the _NRT master was +identical to the _RT master, which should not be the case.. Fix it +using the values available from the downstream kernel [1]. + +[1] https://android.googlesource.com/kernel/msm-extra/devicetree/+/refs/heads/android-msm-bramble-4.19-android11-qpr1/qcom/scuba-bus.dtsi#127 +Fixes: 1a14b1ac3935 ("interconnect: qcom: Add QCM2290 driver support") +Signed-off-by: Konrad Dybcio +Acked-by: Shawn Guo +Link: https://lore.kernel.org/r/20230103142120.15605-1-konrad.dybcio@linaro.org +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/qcom/qcm2290.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/interconnect/qcom/qcm2290.c b/drivers/interconnect/qcom/qcm2290.c +index 0da612d6398c5..a29cdb4fac03f 100644 +--- a/drivers/interconnect/qcom/qcm2290.c ++++ b/drivers/interconnect/qcom/qcm2290.c +@@ -147,9 +147,9 @@ static struct qcom_icc_node mas_snoc_bimc_nrt = { + .name = "mas_snoc_bimc_nrt", + .buswidth = 16, + .qos.ap_owned = true, +- .qos.qos_port = 2, ++ .qos.qos_port = 3, + .qos.qos_mode = NOC_QOS_MODE_BYPASS, +- .mas_rpm_id = 163, ++ .mas_rpm_id = 164, + .slv_rpm_id = -1, + .num_links = ARRAY_SIZE(mas_snoc_bimc_nrt_links), + .links = mas_snoc_bimc_nrt_links, +-- +2.39.2 + diff --git a/queue-6.1/interconnect-qcom-sm8450-switch-to-qcom_icc_rpmh_-fu.patch b/queue-6.1/interconnect-qcom-sm8450-switch-to-qcom_icc_rpmh_-fu.patch new file mode 100644 index 00000000000..5105103b487 --- /dev/null +++ b/queue-6.1/interconnect-qcom-sm8450-switch-to-qcom_icc_rpmh_-fu.patch @@ -0,0 +1,141 @@ +From 088cbf4c775619e84362a4896b8c5b17748a1aaa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Jan 2023 02:22:20 +0200 +Subject: interconnect: qcom: sm8450: switch to qcom_icc_rpmh_* function + +From: Dmitry Baryshkov + +[ Upstream commit 87e8fab1917a2b3f6e3dedfd1cdf22a1416e6676 ] + +Change sm8450 interconnect driver to use generic qcom_icc_rpmh_* +functions rather than embedding a copy of thema. This also fixes an +overallocation of memory for icc_onecell_data structure. + +Fixes: fafc114a468e ("interconnect: qcom: Add SM8450 interconnect provider driver") +Signed-off-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20230105002221.1416479-3-dmitry.baryshkov@linaro.org +Signed-off-by: Georgi Djakov +Signed-off-by: Sasha Levin +--- + drivers/interconnect/qcom/sm8450.c | 98 +----------------------------- + 1 file changed, 2 insertions(+), 96 deletions(-) + +diff --git a/drivers/interconnect/qcom/sm8450.c b/drivers/interconnect/qcom/sm8450.c +index e3a12e3d6e061..2d7a8e7b85ec2 100644 +--- a/drivers/interconnect/qcom/sm8450.c ++++ b/drivers/interconnect/qcom/sm8450.c +@@ -1844,100 +1844,6 @@ static const struct qcom_icc_desc sm8450_system_noc = { + .num_bcms = ARRAY_SIZE(system_noc_bcms), + }; + +-static int qnoc_probe(struct platform_device *pdev) +-{ +- const struct qcom_icc_desc *desc; +- struct icc_onecell_data *data; +- struct icc_provider *provider; +- struct qcom_icc_node * const *qnodes; +- struct qcom_icc_provider *qp; +- struct icc_node *node; +- size_t num_nodes, i; +- int ret; +- +- desc = device_get_match_data(&pdev->dev); +- if (!desc) +- return -EINVAL; +- +- qnodes = desc->nodes; +- num_nodes = desc->num_nodes; +- +- qp = devm_kzalloc(&pdev->dev, sizeof(*qp), GFP_KERNEL); +- if (!qp) +- return -ENOMEM; +- +- data = devm_kcalloc(&pdev->dev, num_nodes, sizeof(*node), GFP_KERNEL); +- if (!data) +- return -ENOMEM; +- +- provider = &qp->provider; +- provider->dev = &pdev->dev; +- provider->set = qcom_icc_set; +- provider->pre_aggregate = qcom_icc_pre_aggregate; +- provider->aggregate = qcom_icc_aggregate; +- provider->xlate_extended = qcom_icc_xlate_extended; +- INIT_LIST_HEAD(&provider->nodes); +- provider->data = data; +- +- qp->dev = &pdev->dev; +- qp->bcms = desc->bcms; +- qp->num_bcms = desc->num_bcms; +- +- qp->voter = of_bcm_voter_get(qp->dev, NULL); +- if (IS_ERR(qp->voter)) +- return PTR_ERR(qp->voter); +- +- ret = icc_provider_add(provider); +- if (ret) { +- dev_err(&pdev->dev, "error adding interconnect provider\n"); +- return ret; +- } +- +- for (i = 0; i < qp->num_bcms; i++) +- qcom_icc_bcm_init(qp->bcms[i], &pdev->dev); +- +- for (i = 0; i < num_nodes; i++) { +- size_t j; +- +- if (!qnodes[i]) +- continue; +- +- node = icc_node_create(qnodes[i]->id); +- if (IS_ERR(node)) { +- ret = PTR_ERR(node); +- goto err; +- } +- +- node->name = qnodes[i]->name; +- node->data = qnodes[i]; +- icc_node_add(node, provider); +- +- for (j = 0; j < qnodes[i]->num_links; j++) +- icc_link_create(node, qnodes[i]->links[j]); +- +- data->nodes[i] = node; +- } +- data->num_nodes = num_nodes; +- +- platform_set_drvdata(pdev, qp); +- +- return 0; +-err: +- icc_nodes_remove(provider); +- icc_provider_del(provider); +- return ret; +-} +- +-static int qnoc_remove(struct platform_device *pdev) +-{ +- struct qcom_icc_provider *qp = platform_get_drvdata(pdev); +- +- icc_nodes_remove(&qp->provider); +- icc_provider_del(&qp->provider); +- +- return 0; +-} +- + static const struct of_device_id qnoc_of_match[] = { + { .compatible = "qcom,sm8450-aggre1-noc", + .data = &sm8450_aggre1_noc}, +@@ -1966,8 +1872,8 @@ static const struct of_device_id qnoc_of_match[] = { + MODULE_DEVICE_TABLE(of, qnoc_of_match); + + static struct platform_driver qnoc_driver = { +- .probe = qnoc_probe, +- .remove = qnoc_remove, ++ .probe = qcom_icc_rpmh_probe, ++ .remove = qcom_icc_rpmh_remove, + .driver = { + .name = "qnoc-sm8450", + .of_match_table = qnoc_of_match, +-- +2.39.2 + diff --git a/queue-6.1/mptcp-refactor-passive-socket-initialization.patch b/queue-6.1/mptcp-refactor-passive-socket-initialization.patch new file mode 100644 index 00000000000..b1336ba7539 --- /dev/null +++ b/queue-6.1/mptcp-refactor-passive-socket-initialization.patch @@ -0,0 +1,148 @@ +From 29914bd3b7463e1dde6cf6a1fec48002be2c9c81 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Mar 2023 15:49:58 +0100 +Subject: mptcp: refactor passive socket initialization + +From: Paolo Abeni + +[ Upstream commit 3a236aef280ed5122b2d47087eb514d0921ae033 ] + +After commit 30e51b923e43 ("mptcp: fix unreleased socket in accept queue") +unaccepted msk sockets go throu complete shutdown, we don't need anymore +to delay inserting the first subflow into the subflow lists. + +The reference counting deserve some extra care, as __mptcp_close() is +unaware of the request socket linkage to the first subflow. + +Please note that this is more a refactoring than a fix but because this +modification is needed to include other corrections, see the following +commits. Then a Fixes tag has been added here to help the stable team. + +Fixes: 30e51b923e43 ("mptcp: fix unreleased socket in accept queue") +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Abeni +Reviewed-by: Matthieu Baerts +Tested-by: Christoph Paasch +Signed-off-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + net/mptcp/protocol.c | 17 ----------------- + net/mptcp/subflow.c | 27 +++++++++++++++++++++------ + 2 files changed, 21 insertions(+), 23 deletions(-) + +diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c +index 938cccab331dd..777f795246ed2 100644 +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -834,7 +834,6 @@ static bool __mptcp_finish_join(struct mptcp_sock *msk, struct sock *ssk) + if (sk->sk_socket && !ssk->sk_socket) + mptcp_sock_graft(ssk, sk->sk_socket); + +- mptcp_propagate_sndbuf((struct sock *)msk, ssk); + mptcp_sockopt_sync_locked(msk, ssk); + return true; + } +@@ -3729,22 +3728,6 @@ static int mptcp_stream_accept(struct socket *sock, struct socket *newsock, + + lock_sock(newsk); + +- /* PM/worker can now acquire the first subflow socket +- * lock without racing with listener queue cleanup, +- * we can notify it, if needed. +- * +- * Even if remote has reset the initial subflow by now +- * the refcnt is still at least one. +- */ +- subflow = mptcp_subflow_ctx(msk->first); +- list_add(&subflow->node, &msk->conn_list); +- sock_hold(msk->first); +- if (mptcp_is_fully_established(newsk)) +- mptcp_pm_fully_established(msk, msk->first, GFP_KERNEL); +- +- mptcp_rcv_space_init(msk, msk->first); +- mptcp_propagate_sndbuf(newsk, msk->first); +- + /* set ssk->sk_socket of accept()ed flows to mptcp socket. + * This is needed so NOSPACE flag can be set from tcp stack. + */ +diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c +index 1e10a38ccf9d0..fe815103060c6 100644 +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -355,6 +355,12 @@ void mptcp_subflow_reset(struct sock *ssk) + struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(ssk); + struct sock *sk = subflow->conn; + ++ /* mptcp_mp_fail_no_response() can reach here on an already closed ++ * socket ++ */ ++ if (ssk->sk_state == TCP_CLOSE) ++ return; ++ + /* must hold: tcp_done() could drop last reference on parent */ + sock_hold(sk); + +@@ -685,6 +691,7 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + struct mptcp_options_received mp_opt; + bool fallback, fallback_is_fatal; + struct sock *new_msk = NULL; ++ struct mptcp_sock *owner; + struct sock *child; + + pr_debug("listener=%p, req=%p, conn=%p", listener, req, listener->conn); +@@ -759,6 +766,8 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + ctx->setsockopt_seq = listener->setsockopt_seq; + + if (ctx->mp_capable) { ++ owner = mptcp_sk(new_msk); ++ + /* this can't race with mptcp_close(), as the msk is + * not yet exposted to user-space + */ +@@ -767,14 +776,14 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + /* record the newly created socket as the first msk + * subflow, but don't link it yet into conn_list + */ +- WRITE_ONCE(mptcp_sk(new_msk)->first, child); ++ WRITE_ONCE(owner->first, child); + + /* new mpc subflow takes ownership of the newly + * created mptcp socket + */ + mptcp_sk(new_msk)->setsockopt_seq = ctx->setsockopt_seq; +- mptcp_pm_new_connection(mptcp_sk(new_msk), child, 1); +- mptcp_token_accept(subflow_req, mptcp_sk(new_msk)); ++ mptcp_pm_new_connection(owner, child, 1); ++ mptcp_token_accept(subflow_req, owner); + ctx->conn = new_msk; + new_msk = NULL; + +@@ -782,15 +791,21 @@ static struct sock *subflow_syn_recv_sock(const struct sock *sk, + * uses the correct data + */ + mptcp_copy_inaddrs(ctx->conn, child); ++ mptcp_propagate_sndbuf(ctx->conn, child); ++ ++ mptcp_rcv_space_init(owner, child); ++ list_add(&ctx->node, &owner->conn_list); ++ sock_hold(child); + + /* with OoO packets we can reach here without ingress + * mpc option + */ +- if (mp_opt.suboptions & OPTIONS_MPTCP_MPC) ++ if (mp_opt.suboptions & OPTIONS_MPTCP_MPC) { + mptcp_subflow_fully_established(ctx, &mp_opt); ++ mptcp_pm_fully_established(owner, child, GFP_ATOMIC); ++ ctx->pm_notified = 1; ++ } + } else if (ctx->mp_join) { +- struct mptcp_sock *owner; +- + owner = subflow_req->msk; + if (!owner) { + subflow_add_reset_reason(skb, MPTCP_RST_EPROHIBIT); +-- +2.39.2 + diff --git a/queue-6.1/perf-core-fix-perf_output_begin-parameter-is-incorre.patch b/queue-6.1/perf-core-fix-perf_output_begin-parameter-is-incorre.patch new file mode 100644 index 00000000000..b4402c81bd8 --- /dev/null +++ b/queue-6.1/perf-core-fix-perf_output_begin-parameter-is-incorre.patch @@ -0,0 +1,64 @@ +From 59ec8d00ae0bc4e4f6e6ede9e12264f5981bee88 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Mar 2023 04:47:35 +0000 +Subject: perf/core: Fix perf_output_begin parameter is incorrectly invoked in + perf_event_bpf_output + +From: Yang Jihong + +[ Upstream commit eb81a2ed4f52be831c9fb879752d89645a312c13 ] + +syzkaller reportes a KASAN issue with stack-out-of-bounds. +The call trace is as follows: + dump_stack+0x9c/0xd3 + print_address_description.constprop.0+0x19/0x170 + __kasan_report.cold+0x6c/0x84 + kasan_report+0x3a/0x50 + __perf_event_header__init_id+0x34/0x290 + perf_event_header__init_id+0x48/0x60 + perf_output_begin+0x4a4/0x560 + perf_event_bpf_output+0x161/0x1e0 + perf_iterate_sb_cpu+0x29e/0x340 + perf_iterate_sb+0x4c/0xc0 + perf_event_bpf_event+0x194/0x2c0 + __bpf_prog_put.constprop.0+0x55/0xf0 + __cls_bpf_delete_prog+0xea/0x120 [cls_bpf] + cls_bpf_delete_prog_work+0x1c/0x30 [cls_bpf] + process_one_work+0x3c2/0x730 + worker_thread+0x93/0x650 + kthread+0x1b8/0x210 + ret_from_fork+0x1f/0x30 + +commit 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") +use on-stack struct perf_sample_data of the caller function. + +However, perf_event_bpf_output uses incorrect parameter to convert +small-sized data (struct perf_bpf_event) into large-sized data +(struct perf_sample_data), which causes memory overwriting occurs in +__perf_event_header__init_id. + +Fixes: 267fb27352b6 ("perf: Reduce stack usage of perf_output_begin()") +Signed-off-by: Yang Jihong +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20230314044735.56551-1-yangjihong1@huawei.com +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 227ada7240295..6c4e78cd7a8b5 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -9009,7 +9009,7 @@ static void perf_event_bpf_output(struct perf_event *event, void *data) + + perf_event_header__init_id(&bpf_event->event_id.header, + &sample, event); +- ret = perf_output_begin(&handle, data, event, ++ ret = perf_output_begin(&handle, &sample, event, + bpf_event->event_id.header.size); + if (ret) + return; +-- +2.39.2 + diff --git a/queue-6.1/perf-fix-perf_event_context-time.patch b/queue-6.1/perf-fix-perf_event_context-time.patch new file mode 100644 index 00000000000..eacaaab2a11 --- /dev/null +++ b/queue-6.1/perf-fix-perf_event_context-time.patch @@ -0,0 +1,42 @@ +From c953a2c5ed43f37c2de6b1a6ff9b8f56ff2d3b8d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Mar 2023 10:16:08 -0700 +Subject: perf: fix perf_event_context->time + +From: Song Liu + +[ Upstream commit baf1b12a67f5b24f395baca03e442ce27cab0c18 ] + +Time readers rely on perf_event_context->[time|timestamp|timeoffset] to get +accurate time_enabled and time_running for an event. The difference between +ctx->timestamp and ctx->time is the among of time when the context is not +enabled. __update_context_time(ctx, false) is used to increase timestamp, +but not time. Therefore, it should only be called in ctx_sched_in() when +EVENT_TIME was not enabled. + +Fixes: 09f5e7dc7ad7 ("perf: Fix perf_event_read_local() time") +Signed-off-by: Song Liu +Signed-off-by: Peter Zijlstra (Intel) +Acked-by: Namhyung Kim +Link: https://lkml.kernel.org/r/20230313171608.298734-1-song@kernel.org +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 6c4e78cd7a8b5..2aa286b4151b3 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -3830,7 +3830,7 @@ ctx_sched_in(struct perf_event_context *ctx, + if (likely(!ctx->nr_events)) + return; + +- if (is_active ^ EVENT_TIME) { ++ if (!(is_active & EVENT_TIME)) { + /* start ctx time */ + __update_context_time(ctx, false); + perf_cgroup_set_timestamp(cpuctx); +-- +2.39.2 + diff --git a/queue-6.1/series b/queue-6.1/series new file mode 100644 index 00000000000..fa4e98791a5 --- /dev/null +++ b/queue-6.1/series @@ -0,0 +1,10 @@ +interconnect-qcom-osm-l3-fix-icc_onecell_data-alloca.patch +interconnect-qcom-sm8450-switch-to-qcom_icc_rpmh_-fu.patch +interconnect-qcom-qcm2290-fix-master_snoc_bimc_nrt.patch +perf-core-fix-perf_output_begin-parameter-is-incorre.patch +perf-fix-perf_event_context-time.patch +tracing-hwlat-replace-sched_setaffinity-with-set_cpu.patch +drm-amd-display-include-virtual-signal-to-set-k1-and.patch +drm-amd-display-fix-k1-k2-divider-programming-for-ph.patch +drm-amd-display-remove-otg-div-register-write-for-vi.patch +mptcp-refactor-passive-socket-initialization.patch diff --git a/queue-6.1/tracing-hwlat-replace-sched_setaffinity-with-set_cpu.patch b/queue-6.1/tracing-hwlat-replace-sched_setaffinity-with-set_cpu.patch new file mode 100644 index 00000000000..effc1e190af --- /dev/null +++ b/queue-6.1/tracing-hwlat-replace-sched_setaffinity-with-set_cpu.patch @@ -0,0 +1,70 @@ +From c23dd43f9985aac30584636142f52003f0d525c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 16 Mar 2023 16:45:35 +0200 +Subject: tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr + +From: Costa Shulyupin + +[ Upstream commit 71c7a30442b724717a30d5e7d1662ba4904eb3d4 ] + +There is a problem with the behavior of hwlat in a container, +resulting in incorrect output. A warning message is generated: +"cpumask changed while in round-robin mode, switching to mode none", +and the tracing_cpumask is ignored. This issue arises because +the kernel thread, hwlatd, is not a part of the container, and +the function sched_setaffinity is unable to locate it using its PID. +Additionally, the task_struct of hwlatd is already known. +Ultimately, the function set_cpus_allowed_ptr achieves +the same outcome as sched_setaffinity, but employs task_struct +instead of PID. + +Test case: + + # cd /sys/kernel/tracing + # echo 0 > tracing_on + # echo round-robin > hwlat_detector/mode + # echo hwlat > current_tracer + # unshare --fork --pid bash -c 'echo 1 > tracing_on' + # dmesg -c + +Actual behavior: + +[573502.809060] hwlat_detector: cpumask changed while in round-robin mode, switching to mode none + +Link: https://lore.kernel.org/linux-trace-kernel/20230316144535.1004952-1-costa.shul@redhat.com + +Cc: Masami Hiramatsu +Fixes: 0330f7aa8ee63 ("tracing: Have hwlat trace migrate across tracing_cpumask CPUs") +Signed-off-by: Costa Shulyupin +Acked-by: Daniel Bristot de Oliveira +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace_hwlat.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/trace/trace_hwlat.c b/kernel/trace/trace_hwlat.c +index c4945f8adc119..2f37a6e68aa9f 100644 +--- a/kernel/trace/trace_hwlat.c ++++ b/kernel/trace/trace_hwlat.c +@@ -339,7 +339,7 @@ static void move_to_next_cpu(void) + cpumask_clear(current_mask); + cpumask_set_cpu(next_cpu, current_mask); + +- sched_setaffinity(0, current_mask); ++ set_cpus_allowed_ptr(current, current_mask); + return; + + change_mode: +@@ -446,7 +446,7 @@ static int start_single_kthread(struct trace_array *tr) + + } + +- sched_setaffinity(kthread->pid, current_mask); ++ set_cpus_allowed_ptr(kthread, current_mask); + + kdata->kthread = kthread; + wake_up_process(kthread); +-- +2.39.2 +