From: Greg Kroah-Hartman Date: Mon, 20 Mar 2023 11:02:52 +0000 (+0100) Subject: 5.15-stable patches X-Git-Tag: v4.14.311~33 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9be29d6981185e4de61dc1e629704be0abb30c41;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: alsa-hda-intel-dsp-config-add-mtl-pci-id.patch alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch cifs-fix-smb2_set_path_size.patch drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch drm-shmem-helper-remove-another-errant-put-in-error-path.patch drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch mptcp-avoid-setting-tcp_close-state-twice.patch mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch mptcp-fix-possible-deadlock-in-subflow_error_report.patch revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch tracing-check-field-value-in-hist_field_name.patch tracing-make-splice_read-available-again.patch tracing-make-tracepoint-lockdep-check-actually-test-something.patch --- diff --git a/queue-5.15/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch b/queue-5.15/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch new file mode 100644 index 00000000000..0b76a442078 --- /dev/null +++ b/queue-5.15/alsa-hda-intel-dsp-config-add-mtl-pci-id.patch @@ -0,0 +1,40 @@ +From bbdf904b13a62bb8b1272d92a7dde082dff86fbb Mon Sep 17 00:00:00 2001 +From: Bard Liao +Date: Mon, 6 Mar 2023 15:41:01 +0800 +Subject: ALSA: hda: intel-dsp-config: add MTL PCI id + +From: Bard Liao + +commit bbdf904b13a62bb8b1272d92a7dde082dff86fbb upstream. + +Use SOF as default audio driver. + +Signed-off-by: Bard Liao +Reviewed-by: Gongjun Song +Reviewed-by: Kai Vehmanen +Cc: +Link: https://lore.kernel.org/r/20230306074101.3906707-1-yung-chuan.liao@linux.intel.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/hda/intel-dsp-config.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/sound/hda/intel-dsp-config.c ++++ b/sound/hda/intel-dsp-config.c +@@ -376,6 +376,15 @@ static const struct config_entry config_ + }, + #endif + ++/* Meteor Lake */ ++#if IS_ENABLED(CONFIG_SND_SOC_SOF_METEORLAKE) ++ /* Meteorlake-P */ ++ { ++ .flags = FLAG_SOF | FLAG_SOF_ONLY_IF_DMIC_OR_SOUNDWIRE, ++ .device = 0x7e28, ++ }, ++#endif ++ + }; + + static const struct config_entry *snd_intel_dsp_find_config diff --git a/queue-5.15/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch b/queue-5.15/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch new file mode 100644 index 00000000000..170c611781f --- /dev/null +++ b/queue-5.15/alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch @@ -0,0 +1,32 @@ +From a86e79e3015f5dd8e1b01ccfa49bd5c6e41047a1 Mon Sep 17 00:00:00 2001 +From: "Hamidreza H. Fard" +Date: Tue, 7 Mar 2023 16:37:41 +0000 +Subject: ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro + +From: Hamidreza H. Fard + +commit a86e79e3015f5dd8e1b01ccfa49bd5c6e41047a1 upstream. + +Samsung Galaxy Book2 Pro (13" 2022 NP930XED-KA1DE) with codec SSID +144d:c868 requires the same workaround for enabling the speaker amp +like other Samsung models with ALC298 code. + +Signed-off-by: Hamidreza H. Fard +Cc: +Link: https://lore.kernel.org/r/20230307163741.3878-1-nitocris@posteo.net +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9166,6 +9166,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x144d, 0xc830, "Samsung Galaxy Book Ion (NT950XCJ-X716A)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x144d, 0xc832, "Samsung Galaxy Book Flex Alpha (NP730QCJ)", ALC256_FIXUP_SAMSUNG_HEADPHONE_VERY_QUIET), + SND_PCI_QUIRK(0x144d, 0xca03, "Samsung Galaxy Book2 Pro 360 (NP930QED)", ALC298_FIXUP_SAMSUNG_AMP), ++ SND_PCI_QUIRK(0x144d, 0xc868, "Samsung Galaxy Book2 Pro (NP930XED)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x1458, 0xfa53, "Gigabyte BXBT-2807", ALC283_FIXUP_HEADSET_MIC), + SND_PCI_QUIRK(0x1462, 0xb120, "MSI Cubi MS-B120", ALC283_FIXUP_HEADSET_MIC), + SND_PCI_QUIRK(0x1462, 0xb171, "Cubi N 8GL (MS-B171)", ALC283_FIXUP_HEADSET_MIC), diff --git a/queue-5.15/cifs-fix-smb2_set_path_size.patch b/queue-5.15/cifs-fix-smb2_set_path_size.patch new file mode 100644 index 00000000000..d2113e59706 --- /dev/null +++ b/queue-5.15/cifs-fix-smb2_set_path_size.patch @@ -0,0 +1,63 @@ +From 211baef0eabf4169ce4f73ebd917749d1a7edd74 Mon Sep 17 00:00:00 2001 +From: Volker Lendecke +Date: Mon, 13 Mar 2023 16:09:54 +0100 +Subject: cifs: Fix smb2_set_path_size() + +From: Volker Lendecke + +commit 211baef0eabf4169ce4f73ebd917749d1a7edd74 upstream. + +If cifs_get_writable_path() finds a writable file, smb2_compound_op() +must use that file's FID and not the COMPOUND_FID. + +Cc: stable@vger.kernel.org +Signed-off-by: Volker Lendecke +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/smb2inode.c | 31 ++++++++++++++++++++++++------- + 1 file changed, 24 insertions(+), 7 deletions(-) + +--- a/fs/cifs/smb2inode.c ++++ b/fs/cifs/smb2inode.c +@@ -223,15 +223,32 @@ smb2_compound_op(const unsigned int xid, + size[0] = 8; /* sizeof __le64 */ + data[0] = ptr; + +- rc = SMB2_set_info_init(tcon, server, +- &rqst[num_rqst], COMPOUND_FID, +- COMPOUND_FID, current->tgid, +- FILE_END_OF_FILE_INFORMATION, +- SMB2_O_INFO_FILE, 0, data, size); ++ if (cfile) { ++ rc = SMB2_set_info_init(tcon, server, ++ &rqst[num_rqst], ++ cfile->fid.persistent_fid, ++ cfile->fid.volatile_fid, ++ current->tgid, ++ FILE_END_OF_FILE_INFORMATION, ++ SMB2_O_INFO_FILE, 0, ++ data, size); ++ } else { ++ rc = SMB2_set_info_init(tcon, server, ++ &rqst[num_rqst], ++ COMPOUND_FID, ++ COMPOUND_FID, ++ current->tgid, ++ FILE_END_OF_FILE_INFORMATION, ++ SMB2_O_INFO_FILE, 0, ++ data, size); ++ if (!rc) { ++ smb2_set_next_command(tcon, &rqst[num_rqst]); ++ smb2_set_related(&rqst[num_rqst]); ++ } ++ } + if (rc) + goto finished; +- smb2_set_next_command(tcon, &rqst[num_rqst]); +- smb2_set_related(&rqst[num_rqst++]); ++ num_rqst++; + trace_smb3_set_eof_enter(xid, ses->Suid, tcon->tid, full_path); + break; + case SMB2_OP_SET_INFO: diff --git a/queue-5.15/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch b/queue-5.15/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch new file mode 100644 index 00000000000..2eaaf2e430e --- /dev/null +++ b/queue-5.15/drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch @@ -0,0 +1,111 @@ +From a9386ee9681585794dbab95d4ce6826f73d19af6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?B=C5=82a=C5=BCej=20Szczygie=C5=82?= +Date: Sun, 5 Mar 2023 00:44:31 +0100 +Subject: drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Błażej Szczygieł + +commit a9386ee9681585794dbab95d4ce6826f73d19af6 upstream. + +Always setup overdrive tables after resume. Preserve only some +user-defined settings in user_overdrive_table if they're set. + +Copy restored user_overdrive_table into od_table to get correct +values. + +On cold boot, BTC was triggered and GfxVfCurve was calibrated. We +got VfCurve settings (a). On resuming back, BTC will be triggered +again and GfxVfCurve will be recalibrated. VfCurve settings (b) +got may be different from those of cold boot. So if we reuse +those VfCurve settings (a) got on cold boot on suspend, we can +run into discrepencies. + +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1897 +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2276 +Reviewed-by: Evan Quan +Signed-off-by: Błażej Szczygieł +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 43 ++++++++++++---- + 1 file changed, 33 insertions(+), 10 deletions(-) + +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c +@@ -2013,16 +2013,9 @@ static int sienna_cichlid_set_default_od + (OverDriveTable_t *)smu->smu_table.boot_overdrive_table; + OverDriveTable_t *user_od_table = + (OverDriveTable_t *)smu->smu_table.user_overdrive_table; ++ OverDriveTable_t user_od_table_bak; + int ret = 0; + +- /* +- * For S3/S4/Runpm resume, no need to setup those overdrive tables again as +- * - either they already have the default OD settings got during cold bootup +- * - or they have some user customized OD settings which cannot be overwritten +- */ +- if (smu->adev->in_suspend) +- return 0; +- + ret = smu_cmn_update_table(smu, SMU_TABLE_OVERDRIVE, + 0, (void *)boot_od_table, false); + if (ret) { +@@ -2033,7 +2026,23 @@ static int sienna_cichlid_set_default_od + sienna_cichlid_dump_od_table(smu, boot_od_table); + + memcpy(od_table, boot_od_table, sizeof(OverDriveTable_t)); +- memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t)); ++ ++ /* ++ * For S3/S4/Runpm resume, we need to setup those overdrive tables again, ++ * but we have to preserve user defined values in "user_od_table". ++ */ ++ if (!smu->adev->in_suspend) { ++ memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t)); ++ smu->user_dpm_profile.user_od = false; ++ } else if (smu->user_dpm_profile.user_od) { ++ memcpy(&user_od_table_bak, user_od_table, sizeof(OverDriveTable_t)); ++ memcpy(user_od_table, boot_od_table, sizeof(OverDriveTable_t)); ++ user_od_table->GfxclkFmin = user_od_table_bak.GfxclkFmin; ++ user_od_table->GfxclkFmax = user_od_table_bak.GfxclkFmax; ++ user_od_table->UclkFmin = user_od_table_bak.UclkFmin; ++ user_od_table->UclkFmax = user_od_table_bak.UclkFmax; ++ user_od_table->VddGfxOffset = user_od_table_bak.VddGfxOffset; ++ } + + return 0; + } +@@ -2243,6 +2252,20 @@ static int sienna_cichlid_od_edit_dpm_ta + return ret; + } + ++static int sienna_cichlid_restore_user_od_settings(struct smu_context *smu) ++{ ++ struct smu_table_context *table_context = &smu->smu_table; ++ OverDriveTable_t *od_table = table_context->overdrive_table; ++ OverDriveTable_t *user_od_table = table_context->user_overdrive_table; ++ int res; ++ ++ res = smu_v11_0_restore_user_od_settings(smu); ++ if (res == 0) ++ memcpy(od_table, user_od_table, sizeof(OverDriveTable_t)); ++ ++ return res; ++} ++ + static int sienna_cichlid_run_btc(struct smu_context *smu) + { + return smu_cmn_send_smc_msg(smu, SMU_MSG_RunDcBtc, NULL); +@@ -3980,7 +4003,7 @@ static const struct pptable_funcs sienna + .set_soft_freq_limited_range = smu_v11_0_set_soft_freq_limited_range, + .set_default_od_settings = sienna_cichlid_set_default_od_settings, + .od_edit_dpm_table = sienna_cichlid_od_edit_dpm_table, +- .restore_user_od_settings = smu_v11_0_restore_user_od_settings, ++ .restore_user_od_settings = sienna_cichlid_restore_user_od_settings, + .run_btc = sienna_cichlid_run_btc, + .set_power_source = smu_v11_0_set_power_source, + .get_pp_feature_mask = smu_cmn_get_pp_feature_mask, diff --git a/queue-5.15/drm-shmem-helper-remove-another-errant-put-in-error-path.patch b/queue-5.15/drm-shmem-helper-remove-another-errant-put-in-error-path.patch new file mode 100644 index 00000000000..7774e815c95 --- /dev/null +++ b/queue-5.15/drm-shmem-helper-remove-another-errant-put-in-error-path.patch @@ -0,0 +1,43 @@ +From ee9adb7a45516cfa536ca92253d7ae59d56db9e4 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Mon, 9 Jan 2023 00:13:11 +0300 +Subject: drm/shmem-helper: Remove another errant put in error path + +From: Dmitry Osipenko + +commit ee9adb7a45516cfa536ca92253d7ae59d56db9e4 upstream. + +drm_gem_shmem_mmap() doesn't own reference in error code path, resulting +in the dma-buf shmem GEM object getting prematurely freed leading to a +later use-after-free. + +Fixes: f49a51bfdc8e ("drm/shme-helpers: Fix dma_buf_mmap forwarding bug") +Cc: stable@vger.kernel.org +Signed-off-by: Dmitry Osipenko +Reviewed-by: Rob Clark +Link: https://patchwork.freedesktop.org/patch/msgid/20230108211311.3950107-1-dmitry.osipenko@collabora.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_gem_shmem_helper.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/drm_gem_shmem_helper.c ++++ b/drivers/gpu/drm/drm_gem_shmem_helper.c +@@ -591,11 +591,14 @@ int drm_gem_shmem_mmap(struct drm_gem_sh + int ret; + + if (obj->import_attach) { +- /* Drop the reference drm_gem_mmap_obj() acquired.*/ +- drm_gem_object_put(obj); + vma->vm_private_data = NULL; ++ ret = dma_buf_mmap(obj->dma_buf, vma, 0); ++ ++ /* Drop the reference drm_gem_mmap_obj() acquired.*/ ++ if (!ret) ++ drm_gem_object_put(obj); + +- return dma_buf_mmap(obj->dma_buf, vma, 0); ++ return ret; + } + + ret = drm_gem_shmem_get_pages(shmem); diff --git a/queue-5.15/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch b/queue-5.15/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch new file mode 100644 index 00000000000..c114009607f --- /dev/null +++ b/queue-5.15/drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch @@ -0,0 +1,49 @@ +From c22f2ff8724b49dce2ae797e9fbf4bc0fa91112f Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 6 Mar 2023 11:32:42 +0100 +Subject: drm/sun4i: fix missing component unbind on bind errors + +From: Johan Hovold + +commit c22f2ff8724b49dce2ae797e9fbf4bc0fa91112f upstream. + +Make sure to unbind all subcomponents when binding the aggregate device +fails. + +Fixes: 9026e0d122ac ("drm: Add Allwinner A10 Display Engine support") +Cc: stable@vger.kernel.org # 4.7 +Cc: Maxime Ripard +Signed-off-by: Johan Hovold +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20230306103242.4775-1-johan+linaro@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/sun4i/sun4i_drv.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/sun4i/sun4i_drv.c ++++ b/drivers/gpu/drm/sun4i/sun4i_drv.c +@@ -94,12 +94,12 @@ static int sun4i_drv_bind(struct device + /* drm_vblank_init calls kcalloc, which can fail */ + ret = drm_vblank_init(drm, drm->mode_config.num_crtc); + if (ret) +- goto cleanup_mode_config; ++ goto unbind_all; + + /* Remove early framebuffers (ie. simplefb) */ + ret = drm_aperture_remove_framebuffers(false, &sun4i_drv_driver); + if (ret) +- goto cleanup_mode_config; ++ goto unbind_all; + + sun4i_framebuffer_init(drm); + +@@ -118,6 +118,8 @@ static int sun4i_drv_bind(struct device + + finish_poll: + drm_kms_helper_poll_fini(drm); ++unbind_all: ++ component_unbind_all(dev, NULL); + cleanup_mode_config: + drm_mode_config_cleanup(drm); + of_reserved_mem_device_release(dev); diff --git a/queue-5.15/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch b/queue-5.15/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch new file mode 100644 index 00000000000..07e91635d8d --- /dev/null +++ b/queue-5.15/kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch @@ -0,0 +1,57 @@ +From 112e66017bff7f2837030f34c2bc19501e9212d5 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Fri, 10 Mar 2023 11:10:56 -0500 +Subject: KVM: nVMX: add missing consistency checks for CR0 and CR4 + +From: Paolo Bonzini + +commit 112e66017bff7f2837030f34c2bc19501e9212d5 upstream. + +The effective values of the guest CR0 and CR4 registers may differ from +those included in the VMCS12. In particular, disabling EPT forces +CR4.PAE=1 and disabling unrestricted guest mode forces CR0.PG=CR0.PE=1. + +Therefore, checks on these bits cannot be delegated to the processor +and must be performed by KVM. + +Reported-by: Reima ISHII +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kvm/vmx/nested.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/arch/x86/kvm/vmx/nested.c ++++ b/arch/x86/kvm/vmx/nested.c +@@ -2991,7 +2991,7 @@ static int nested_vmx_check_guest_state( + struct vmcs12 *vmcs12, + enum vm_entry_failure_code *entry_failure_code) + { +- bool ia32e; ++ bool ia32e = !!(vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE); + + *entry_failure_code = ENTRY_FAIL_DEFAULT; + +@@ -3017,6 +3017,13 @@ static int nested_vmx_check_guest_state( + vmcs12->guest_ia32_perf_global_ctrl))) + return -EINVAL; + ++ if (CC((vmcs12->guest_cr0 & (X86_CR0_PG | X86_CR0_PE)) == X86_CR0_PG)) ++ return -EINVAL; ++ ++ if (CC(ia32e && !(vmcs12->guest_cr4 & X86_CR4_PAE)) || ++ CC(ia32e && !(vmcs12->guest_cr0 & X86_CR0_PG))) ++ return -EINVAL; ++ + /* + * If the load IA32_EFER VM-entry control is 1, the following checks + * are performed on the field for the IA32_EFER MSR: +@@ -3028,7 +3035,6 @@ static int nested_vmx_check_guest_state( + */ + if (to_vmx(vcpu)->nested.nested_run_pending && + (vmcs12->vm_entry_controls & VM_ENTRY_LOAD_IA32_EFER)) { +- ia32e = (vmcs12->vm_entry_controls & VM_ENTRY_IA32E_MODE) != 0; + if (CC(!kvm_valid_efer(vcpu, vmcs12->guest_ia32_efer)) || + CC(ia32e != !!(vmcs12->guest_ia32_efer & EFER_LMA)) || + CC(((vmcs12->guest_cr0 & X86_CR0_PG) && diff --git a/queue-5.15/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch b/queue-5.15/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch new file mode 100644 index 00000000000..bd997da70c8 --- /dev/null +++ b/queue-5.15/mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch @@ -0,0 +1,46 @@ +From 822467a48e938e661965d09df5fcac66f7291050 Mon Sep 17 00:00:00 2001 +From: Geliang Tang +Date: Thu, 9 Mar 2023 15:50:02 +0100 +Subject: mptcp: add ro_after_init for tcp{,v6}_prot_override + +From: Geliang Tang + +commit 822467a48e938e661965d09df5fcac66f7291050 upstream. + +Add __ro_after_init labels for the variables tcp_prot_override and +tcpv6_prot_override, just like other variables adjacent to them, to +indicate that they are initialised from the init hooks and no writes +occur afterwards. + +Fixes: b19bc2945b40 ("mptcp: implement delegated actions") +Cc: stable@vger.kernel.org +Fixes: 51fa7f8ebf0e ("mptcp: mark ops structures as ro_after_init") +Signed-off-by: Geliang Tang +Reviewed-by: Matthieu Baerts +Signed-off-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -514,7 +514,7 @@ static struct request_sock_ops mptcp_sub + static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init; + static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init; + static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init; +-static struct proto tcpv6_prot_override; ++static struct proto tcpv6_prot_override __ro_after_init; + + static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb) + { +@@ -817,7 +817,7 @@ dispose_child: + } + + static struct inet_connection_sock_af_ops subflow_specific __ro_after_init; +-static struct proto tcp_prot_override; ++static struct proto tcp_prot_override __ro_after_init; + + enum mapping_status { + MAPPING_OK, diff --git a/queue-5.15/mptcp-avoid-setting-tcp_close-state-twice.patch b/queue-5.15/mptcp-avoid-setting-tcp_close-state-twice.patch new file mode 100644 index 00000000000..edae50a6ea4 --- /dev/null +++ b/queue-5.15/mptcp-avoid-setting-tcp_close-state-twice.patch @@ -0,0 +1,35 @@ +From 3ba14528684f528566fb7d956bfbfb958b591d86 Mon Sep 17 00:00:00 2001 +From: Matthieu Baerts +Date: Thu, 9 Mar 2023 15:50:03 +0100 +Subject: mptcp: avoid setting TCP_CLOSE state twice + +From: Matthieu Baerts + +commit 3ba14528684f528566fb7d956bfbfb958b591d86 upstream. + +tcp_set_state() is called from tcp_done() already. + +There is then no need to first set the state to TCP_CLOSE, then call +tcp_done(). + +Fixes: d582484726c4 ("mptcp: fix fallback for MP_JOIN subflows") +Cc: stable@vger.kernel.org +Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/362 +Acked-by: Paolo Abeni +Signed-off-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -358,7 +358,6 @@ void mptcp_subflow_reset(struct sock *ss + /* must hold: tcp_done() could drop last reference on parent */ + sock_hold(sk); + +- tcp_set_state(ssk, TCP_CLOSE); + tcp_send_active_reset(ssk, GFP_ATOMIC); + tcp_done(ssk); + if (!test_and_set_bit(MPTCP_WORK_CLOSE_SUBFLOW, &mptcp_sk(sk)->flags) && diff --git a/queue-5.15/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch b/queue-5.15/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch new file mode 100644 index 00000000000..e3f4430ad27 --- /dev/null +++ b/queue-5.15/mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch @@ -0,0 +1,69 @@ +From cee4034a3db1d30c3243dd51506a9d4ab1a849fa Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 9 Mar 2023 15:50:04 +0100 +Subject: mptcp: fix lockdep false positive in mptcp_pm_nl_create_listen_socket() + +From: Paolo Abeni + +commit cee4034a3db1d30c3243dd51506a9d4ab1a849fa upstream. + +Christoph reports a lockdep splat in the mptcp_subflow_create_socket() +error path, when such function is invoked by +mptcp_pm_nl_create_listen_socket(). + +Such code path acquires two separates, nested socket lock, with the +internal lock operation lacking the "nested" annotation. Adding that +in sock_release() for mptcp's sake only could be confusing. + +Instead just add a new lockclass to the in-kernel msk socket, +re-initializing the lockdep infra after the socket creation. + +Fixes: ad2171009d96 ("mptcp: fix locking for in-kernel listener creation") +Cc: stable@vger.kernel.org +Reported-by: Christoph Paasch +Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/354 +Signed-off-by: Paolo Abeni +Reviewed-by: Matthieu Baerts +Tested-by: Christoph Paasch +Signed-off-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/pm_netlink.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +--- a/net/mptcp/pm_netlink.c ++++ b/net/mptcp/pm_netlink.c +@@ -886,9 +886,13 @@ out: + return ret; + } + ++static struct lock_class_key mptcp_slock_keys[2]; ++static struct lock_class_key mptcp_keys[2]; ++ + static int mptcp_pm_nl_create_listen_socket(struct sock *sk, + struct mptcp_pm_addr_entry *entry) + { ++ bool is_ipv6 = sk->sk_family == AF_INET6; + int addrlen = sizeof(struct sockaddr_in); + struct sockaddr_storage addr; + struct socket *ssock; +@@ -907,6 +911,18 @@ static int mptcp_pm_nl_create_listen_soc + goto out; + } + ++ /* The subflow socket lock is acquired in a nested to the msk one ++ * in several places, even by the TCP stack, and this msk is a kernel ++ * socket: lockdep complains. Instead of propagating the _nested ++ * modifiers in several places, re-init the lock class for the msk ++ * socket to an mptcp specific one. ++ */ ++ sock_lock_init_class_and_name(newsk, ++ is_ipv6 ? "mlock-AF_INET6" : "mlock-AF_INET", ++ &mptcp_slock_keys[is_ipv6], ++ is_ipv6 ? "msk_lock-AF_INET6" : "msk_lock-AF_INET", ++ &mptcp_keys[is_ipv6]); ++ + lock_sock(newsk); + ssock = __mptcp_nmpc_socket(mptcp_sk(newsk)); + release_sock(newsk); diff --git a/queue-5.15/mptcp-fix-possible-deadlock-in-subflow_error_report.patch b/queue-5.15/mptcp-fix-possible-deadlock-in-subflow_error_report.patch new file mode 100644 index 00000000000..3a4069a1ad0 --- /dev/null +++ b/queue-5.15/mptcp-fix-possible-deadlock-in-subflow_error_report.patch @@ -0,0 +1,54 @@ +From b7a679ba7c652587b85294f4953f33ac0b756d40 Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 9 Mar 2023 15:49:57 +0100 +Subject: mptcp: fix possible deadlock in subflow_error_report + +From: Paolo Abeni + +commit b7a679ba7c652587b85294f4953f33ac0b756d40 upstream. + +Christoph reported a possible deadlock while the TCP stack +destroys an unaccepted subflow due to an incoming reset: the +MPTCP socket error path tries to acquire the msk-level socket +lock while TCP still owns the listener socket accept queue +spinlock, and the reverse dependency already exists in the +TCP stack. + +Note that the above is actually a lockdep false positive, as +the chain involves two separate sockets. A different per-socket +lockdep key will address the issue, but such a change will be +quite invasive. + +Instead, we can simply stop earlier the socket error handling +for orphaned or unaccepted subflows, breaking the critical +lockdep chain. Error handling in such a scenario is a no-op. + +Reported-and-tested-by: Christoph Paasch +Fixes: 15cc10453398 ("mptcp: deliver ssk errors to msk") +Cc: stable@vger.kernel.org +Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/355 +Signed-off-by: Paolo Abeni +Reviewed-by: Matthieu Baerts +Signed-off-by: Matthieu Baerts +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/subflow.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -1316,6 +1316,13 @@ static void subflow_error_report(struct + { + struct sock *sk = mptcp_subflow_ctx(ssk)->conn; + ++ /* bail early if this is a no-op, so that we avoid introducing a ++ * problematic lockdep dependency between TCP accept queue lock ++ * and msk socket spinlock ++ */ ++ if (!sk->sk_socket) ++ return; ++ + mptcp_data_lock(sk); + if (!sock_owned_by_user(sk)) + __mptcp_error_report(sk); diff --git a/queue-5.15/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch b/queue-5.15/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch new file mode 100644 index 00000000000..d3ebf8d99e8 --- /dev/null +++ b/queue-5.15/revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch @@ -0,0 +1,139 @@ +From e921050022f1f12d5029d1487a7dfc46cde15523 Mon Sep 17 00:00:00 2001 +From: Sergey Matyukevich +Date: Sun, 26 Feb 2023 18:01:36 +0300 +Subject: Revert "riscv: mm: notify remote harts about mmu cache updates" + +From: Sergey Matyukevich + +commit e921050022f1f12d5029d1487a7dfc46cde15523 upstream. + +This reverts the remaining bits of commit 4bd1d80efb5a ("riscv: mm: +notify remote harts harts about mmu cache updates"). + +According to bug reports, suggested approach to fix stale TLB entries +is not sufficient. It needs to be replaced by a more robust solution. + +Fixes: 4bd1d80efb5a ("riscv: mm: notify remote harts about mmu cache updates") +Reported-by: Zong Li +Reported-by: Lad Prabhakar +Signed-off-by: Sergey Matyukevich +Cc: stable@vger.kernel.org +Reviewed-by: Guo Ren +Link: https://lore.kernel.org/r/20230226150137.1919750-2-geomatsi@gmail.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/include/asm/mmu.h | 2 -- + arch/riscv/include/asm/tlbflush.h | 18 ------------------ + arch/riscv/mm/context.c | 10 ---------- + arch/riscv/mm/tlbflush.c | 28 +++++++++++++++++----------- + 4 files changed, 17 insertions(+), 41 deletions(-) + +--- a/arch/riscv/include/asm/mmu.h ++++ b/arch/riscv/include/asm/mmu.h +@@ -19,8 +19,6 @@ typedef struct { + #ifdef CONFIG_SMP + /* A local icache flush is needed before user execution can resume. */ + cpumask_t icache_stale_mask; +- /* A local tlb flush is needed before user execution can resume. */ +- cpumask_t tlb_stale_mask; + #endif + } mm_context_t; + +--- a/arch/riscv/include/asm/tlbflush.h ++++ b/arch/riscv/include/asm/tlbflush.h +@@ -22,24 +22,6 @@ static inline void local_flush_tlb_page( + { + ALT_FLUSH_TLB_PAGE(__asm__ __volatile__ ("sfence.vma %0" : : "r" (addr) : "memory")); + } +- +-static inline void local_flush_tlb_all_asid(unsigned long asid) +-{ +- __asm__ __volatile__ ("sfence.vma x0, %0" +- : +- : "r" (asid) +- : "memory"); +-} +- +-static inline void local_flush_tlb_page_asid(unsigned long addr, +- unsigned long asid) +-{ +- __asm__ __volatile__ ("sfence.vma %0, %1" +- : +- : "r" (addr), "r" (asid) +- : "memory"); +-} +- + #else /* CONFIG_MMU */ + #define local_flush_tlb_all() do { } while (0) + #define local_flush_tlb_page(addr) do { } while (0) +--- a/arch/riscv/mm/context.c ++++ b/arch/riscv/mm/context.c +@@ -196,16 +196,6 @@ switch_mm_fast: + + if (need_flush_tlb) + local_flush_tlb_all(); +-#ifdef CONFIG_SMP +- else { +- cpumask_t *mask = &mm->context.tlb_stale_mask; +- +- if (cpumask_test_cpu(cpu, mask)) { +- cpumask_clear_cpu(cpu, mask); +- local_flush_tlb_all_asid(cntx & asid_mask); +- } +- } +-#endif + } + + static void set_mm_noasid(struct mm_struct *mm) +--- a/arch/riscv/mm/tlbflush.c ++++ b/arch/riscv/mm/tlbflush.c +@@ -5,7 +5,23 @@ + #include + #include + #include +-#include ++ ++static inline void local_flush_tlb_all_asid(unsigned long asid) ++{ ++ __asm__ __volatile__ ("sfence.vma x0, %0" ++ : ++ : "r" (asid) ++ : "memory"); ++} ++ ++static inline void local_flush_tlb_page_asid(unsigned long addr, ++ unsigned long asid) ++{ ++ __asm__ __volatile__ ("sfence.vma %0, %1" ++ : ++ : "r" (addr), "r" (asid) ++ : "memory"); ++} + + void flush_tlb_all(void) + { +@@ -15,7 +31,6 @@ void flush_tlb_all(void) + static void __sbi_tlb_flush_range(struct mm_struct *mm, unsigned long start, + unsigned long size, unsigned long stride) + { +- struct cpumask *pmask = &mm->context.tlb_stale_mask; + struct cpumask *cmask = mm_cpumask(mm); + struct cpumask hmask; + unsigned int cpuid; +@@ -30,15 +45,6 @@ static void __sbi_tlb_flush_range(struct + if (static_branch_unlikely(&use_asid_allocator)) { + unsigned long asid = atomic_long_read(&mm->context.id); + +- /* +- * TLB will be immediately flushed on harts concurrently +- * executing this MM context. TLB flush on other harts +- * is deferred until this MM context migrates there. +- */ +- cpumask_setall(pmask); +- cpumask_clear_cpu(cpuid, pmask); +- cpumask_andnot(pmask, pmask, cmask); +- + if (broadcast) { + riscv_cpuid_to_hartid_mask(cmask, &hmask); + sbi_remote_sfence_vma_asid(cpumask_bits(&hmask), diff --git a/queue-5.15/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch b/queue-5.15/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch new file mode 100644 index 00000000000..c38bb0919d7 --- /dev/null +++ b/queue-5.15/riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch @@ -0,0 +1,139 @@ +From 82dd33fde0268cc622d3d1ac64971f3f61634142 Mon Sep 17 00:00:00 2001 +From: Guo Ren +Date: Sun, 26 Feb 2023 18:01:37 +0300 +Subject: riscv: asid: Fixup stale TLB entry cause application crash + +From: Guo Ren + +commit 82dd33fde0268cc622d3d1ac64971f3f61634142 upstream. + +After use_asid_allocator is enabled, the userspace application will +crash by stale TLB entries. Because only using cpumask_clear_cpu without +local_flush_tlb_all couldn't guarantee CPU's TLB entries were fresh. +Then set_mm_asid would cause the user space application to get a stale +value by stale TLB entry, but set_mm_noasid is okay. + +Here is the symptom of the bug: +unhandled signal 11 code 0x1 (coredump) + 0x0000003fd6d22524 <+4>: auipc s0,0x70 + 0x0000003fd6d22528 <+8>: ld s0,-148(s0) # 0x3fd6d92490 +=> 0x0000003fd6d2252c <+12>: ld a5,0(s0) +(gdb) i r s0 +s0 0x8082ed1cc3198b21 0x8082ed1cc3198b21 +(gdb) x /2x 0x3fd6d92490 +0x3fd6d92490: 0xd80ac8a8 0x0000003f +The core dump file shows that register s0 is wrong, but the value in +memory is correct. Because 'ld s0, -148(s0)' used a stale mapping entry +in TLB and got a wrong result from an incorrect physical address. + +When the task ran on CPU0, which loaded/speculative-loaded the value of +address(0x3fd6d92490), then the first version of the mapping entry was +PTWed into CPU0's TLB. +When the task switched from CPU0 to CPU1 (No local_tlb_flush_all here by +asid), it happened to write a value on the address (0x3fd6d92490). It +caused do_page_fault -> wp_page_copy -> ptep_clear_flush -> +ptep_get_and_clear & flush_tlb_page. +The flush_tlb_page used mm_cpumask(mm) to determine which CPUs need TLB +flush, but CPU0 had cleared the CPU0's mm_cpumask in the previous +switch_mm. So we only flushed the CPU1 TLB and set the second version +mapping of the PTE. When the task switched from CPU1 to CPU0 again, CPU0 +still used a stale TLB mapping entry which contained a wrong target +physical address. It raised a bug when the task happened to read that +value. + + CPU0 CPU1 + - switch 'task' in + - read addr (Fill stale mapping + entry into TLB) + - switch 'task' out (no tlb_flush) + - switch 'task' in (no tlb_flush) + - write addr cause pagefault + do_page_fault() (change to + new addr mapping) + wp_page_copy() + ptep_clear_flush() + ptep_get_and_clear() + & flush_tlb_page() + write new value into addr + - switch 'task' out (no tlb_flush) + - switch 'task' in (no tlb_flush) + - read addr again (Use stale + mapping entry in TLB) + get wrong value from old phyical + addr, BUG! + +The solution is to keep all CPUs' footmarks of cpumask(mm) in switch_mm, +which could guarantee to invalidate all stale TLB entries during TLB +flush. + +Fixes: 65d4b9c53017 ("RISC-V: Implement ASID allocator") +Signed-off-by: Guo Ren +Signed-off-by: Guo Ren +Tested-by: Lad Prabhakar +Tested-by: Zong Li +Tested-by: Sergey Matyukevich +Cc: Anup Patel +Cc: Palmer Dabbelt +Cc: stable@vger.kernel.org +Reviewed-by: Andrew Jones +Link: https://lore.kernel.org/r/20230226150137.1919750-3-geomatsi@gmail.com +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/mm/context.c | 30 ++++++++++++++++++++---------- + 1 file changed, 20 insertions(+), 10 deletions(-) + +--- a/arch/riscv/mm/context.c ++++ b/arch/riscv/mm/context.c +@@ -205,12 +205,24 @@ static void set_mm_noasid(struct mm_stru + local_flush_tlb_all(); + } + +-static inline void set_mm(struct mm_struct *mm, unsigned int cpu) ++static inline void set_mm(struct mm_struct *prev, ++ struct mm_struct *next, unsigned int cpu) + { +- if (static_branch_unlikely(&use_asid_allocator)) +- set_mm_asid(mm, cpu); +- else +- set_mm_noasid(mm); ++ /* ++ * The mm_cpumask indicates which harts' TLBs contain the virtual ++ * address mapping of the mm. Compared to noasid, using asid ++ * can't guarantee that stale TLB entries are invalidated because ++ * the asid mechanism wouldn't flush TLB for every switch_mm for ++ * performance. So when using asid, keep all CPUs footmarks in ++ * cpumask() until mm reset. ++ */ ++ cpumask_set_cpu(cpu, mm_cpumask(next)); ++ if (static_branch_unlikely(&use_asid_allocator)) { ++ set_mm_asid(next, cpu); ++ } else { ++ cpumask_clear_cpu(cpu, mm_cpumask(prev)); ++ set_mm_noasid(next); ++ } + } + + static int __init asids_init(void) +@@ -262,7 +274,8 @@ static int __init asids_init(void) + } + early_initcall(asids_init); + #else +-static inline void set_mm(struct mm_struct *mm, unsigned int cpu) ++static inline void set_mm(struct mm_struct *prev, ++ struct mm_struct *next, unsigned int cpu) + { + /* Nothing to do here when there is no MMU */ + } +@@ -315,10 +328,7 @@ void switch_mm(struct mm_struct *prev, s + */ + cpu = smp_processor_id(); + +- cpumask_clear_cpu(cpu, mm_cpumask(prev)); +- cpumask_set_cpu(cpu, mm_cpumask(next)); +- +- set_mm(next, cpu); ++ set_mm(prev, next, cpu); + + flush_icache_deferred(next, cpu); + } diff --git a/queue-5.15/series b/queue-5.15/series index 83c9390eb29..f443b350666 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -78,3 +78,19 @@ firmware-xilinx-don-t-make-a-sleepable-memory-allocation-from-an-atomic-context. s390-ipl-add-missing-intersection-check-to-ipl_report-handling.patch interconnect-fix-mem-leak-when-freeing-nodes.patch interconnect-exynos-fix-node-leak-in-probe-pm-qos-error-path.patch +tracing-make-splice_read-available-again.patch +tracing-check-field-value-in-hist_field_name.patch +tracing-make-tracepoint-lockdep-check-actually-test-something.patch +cifs-fix-smb2_set_path_size.patch +kvm-nvmx-add-missing-consistency-checks-for-cr0-and-cr4.patch +alsa-hda-intel-dsp-config-add-mtl-pci-id.patch +alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch +revert-riscv-mm-notify-remote-harts-about-mmu-cache-updates.patch +riscv-asid-fixup-stale-tlb-entry-cause-application-crash.patch +drm-shmem-helper-remove-another-errant-put-in-error-path.patch +drm-sun4i-fix-missing-component-unbind-on-bind-errors.patch +drm-amd-pm-fix-sienna-cichlid-incorrect-od-volage-after-resume.patch +mptcp-fix-possible-deadlock-in-subflow_error_report.patch +mptcp-add-ro_after_init-for-tcp-v6-_prot_override.patch +mptcp-avoid-setting-tcp_close-state-twice.patch +mptcp-fix-lockdep-false-positive-in-mptcp_pm_nl_create_listen_socket.patch diff --git a/queue-5.15/tracing-check-field-value-in-hist_field_name.patch b/queue-5.15/tracing-check-field-value-in-hist_field_name.patch new file mode 100644 index 00000000000..7f96b33c5b1 --- /dev/null +++ b/queue-5.15/tracing-check-field-value-in-hist_field_name.patch @@ -0,0 +1,43 @@ +From 9f116f76fa8c04c81aef33ad870dbf9a158e5b70 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Wed, 1 Mar 2023 20:00:53 -0500 +Subject: tracing: Check field value in hist_field_name() + +From: Steven Rostedt (Google) + +commit 9f116f76fa8c04c81aef33ad870dbf9a158e5b70 upstream. + +The function hist_field_name() cannot handle being passed a NULL field +parameter. It should never be NULL, but due to a previous bug, NULL was +passed to the function and the kernel crashed due to a NULL dereference. +Mark Rutland reported this to me on IRC. + +The bug was fixed, but to prevent future bugs from crashing the kernel, +check the field and add a WARN_ON() if it is NULL. + +Link: https://lkml.kernel.org/r/20230302020810.762384440@goodmis.org + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Andrew Morton +Reported-by: Mark Rutland +Fixes: c6afad49d127f ("tracing: Add hist trigger 'sym' and 'sym-offset' modifiers") +Tested-by: Mark Rutland +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_events_hist.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/kernel/trace/trace_events_hist.c ++++ b/kernel/trace/trace_events_hist.c +@@ -1127,6 +1127,9 @@ static const char *hist_field_name(struc + { + const char *field_name = ""; + ++ if (WARN_ON_ONCE(!field)) ++ return field_name; ++ + if (level > 1) + return field_name; + diff --git a/queue-5.15/tracing-make-splice_read-available-again.patch b/queue-5.15/tracing-make-splice_read-available-again.patch new file mode 100644 index 00000000000..f235af9d621 --- /dev/null +++ b/queue-5.15/tracing-make-splice_read-available-again.patch @@ -0,0 +1,40 @@ +From e400be674a1a40e9dcb2e95f84d6c1fd2d88f31d Mon Sep 17 00:00:00 2001 +From: Sung-hun Kim +Date: Tue, 14 Mar 2023 10:37:07 +0900 +Subject: tracing: Make splice_read available again + +From: Sung-hun Kim + +commit e400be674a1a40e9dcb2e95f84d6c1fd2d88f31d upstream. + +Since the commit 36e2c7421f02 ("fs: don't allow splice read/write +without explicit ops") is applied to the kernel, splice() and +sendfile() calls on the trace file (/sys/kernel/debug/tracing +/trace) return EINVAL. + +This patch restores these system calls by initializing splice_read +in file_operations of the trace file. This patch only enables such +functionalities for the read case. + +Link: https://lore.kernel.org/linux-trace-kernel/20230314013707.28814-1-sfoon.kim@samsung.com + +Cc: stable@vger.kernel.org +Fixes: 36e2c7421f02 ("fs: don't allow splice read/write without explicit ops") +Signed-off-by: Sung-hun Kim +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -5093,6 +5093,8 @@ loff_t tracing_lseek(struct file *file, + static const struct file_operations tracing_fops = { + .open = tracing_open, + .read = seq_read, ++ .read_iter = seq_read_iter, ++ .splice_read = generic_file_splice_read, + .write = tracing_write_stub, + .llseek = tracing_lseek, + .release = tracing_release, diff --git a/queue-5.15/tracing-make-tracepoint-lockdep-check-actually-test-something.patch b/queue-5.15/tracing-make-tracepoint-lockdep-check-actually-test-something.patch new file mode 100644 index 00000000000..abd610e6487 --- /dev/null +++ b/queue-5.15/tracing-make-tracepoint-lockdep-check-actually-test-something.patch @@ -0,0 +1,86 @@ +From c2679254b9c9980d9045f0f722cf093a2b1f7590 Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Fri, 10 Mar 2023 17:28:56 -0500 +Subject: tracing: Make tracepoint lockdep check actually test something + +From: Steven Rostedt (Google) + +commit c2679254b9c9980d9045f0f722cf093a2b1f7590 upstream. + +A while ago where the trace events had the following: + + rcu_read_lock_sched_notrace(); + rcu_dereference_sched(...); + rcu_read_unlock_sched_notrace(); + +If the tracepoint is enabled, it could trigger RCU issues if called in +the wrong place. And this warning was only triggered if lockdep was +enabled. If the tracepoint was never enabled with lockdep, the bug would +not be caught. To handle this, the above sequence was done when lockdep +was enabled regardless if the tracepoint was enabled or not (although the +always enabled code really didn't do anything, it would still trigger a +warning). + +But a lot has changed since that lockdep code was added. One is, that +sequence no longer triggers any warning. Another is, the tracepoint when +enabled doesn't even do that sequence anymore. + +The main check we care about today is whether RCU is "watching" or not. +So if lockdep is enabled, always check if rcu_is_watching() which will +trigger a warning if it is not (tracepoints require RCU to be watching). + +Note, that old sequence did add a bit of overhead when lockdep was enabled, +and with the latest kernel updates, would cause the system to slow down +enough to trigger kernel "stalled" warnings. + +Link: http://lore.kernel.org/lkml/20140806181801.GA4605@redhat.com +Link: http://lore.kernel.org/lkml/20140807175204.C257CAC5@viggo.jf.intel.com +Link: https://lore.kernel.org/lkml/20230307184645.521db5c9@gandalf.local.home/ +Link: https://lore.kernel.org/linux-trace-kernel/20230310172856.77406446@gandalf.local.home + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Dave Hansen +Cc: "Paul E. McKenney" +Cc: Mathieu Desnoyers +Cc: Joel Fernandes +Acked-by: Peter Zijlstra (Intel) +Acked-by: Paul E. McKenney +Fixes: e6753f23d961 ("tracepoint: Make rcuidle tracepoint callers use SRCU") +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/tracepoint.h | 15 ++++++--------- + 1 file changed, 6 insertions(+), 9 deletions(-) + +--- a/include/linux/tracepoint.h ++++ b/include/linux/tracepoint.h +@@ -231,12 +231,11 @@ static inline struct tracepoint *tracepo + * not add unwanted padding between the beginning of the section and the + * structure. Force alignment to the same alignment as the section start. + * +- * When lockdep is enabled, we make sure to always do the RCU portions of +- * the tracepoint code, regardless of whether tracing is on. However, +- * don't check if the condition is false, due to interaction with idle +- * instrumentation. This lets us find RCU issues triggered with tracepoints +- * even when this tracepoint is off. This code has no purpose other than +- * poking RCU a bit. ++ * When lockdep is enabled, we make sure to always test if RCU is ++ * "watching" regardless if the tracepoint is enabled or not. Tracepoints ++ * require RCU to be active, and it should always warn at the tracepoint ++ * site if it is not watching, as it will need to be active when the ++ * tracepoint is enabled. + */ + #define __DECLARE_TRACE(name, proto, args, cond, data_proto) \ + extern int __traceiter_##name(data_proto); \ +@@ -249,9 +248,7 @@ static inline struct tracepoint *tracepo + TP_ARGS(args), \ + TP_CONDITION(cond), 0); \ + if (IS_ENABLED(CONFIG_LOCKDEP) && (cond)) { \ +- rcu_read_lock_sched_notrace(); \ +- rcu_dereference_sched(__tracepoint_##name.funcs);\ +- rcu_read_unlock_sched_notrace(); \ ++ WARN_ON_ONCE(!rcu_is_watching()); \ + } \ + } \ + __DECLARE_TRACE_RCU(name, PARAMS(proto), PARAMS(args), \