From: Sasha Levin Date: Tue, 12 Nov 2019 14:27:14 +0000 (-0500) Subject: fixes for 5.3 X-Git-Tag: v4.4.201~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=abfdb28e1d69a332b591fcb20cd0ff36840767e2;p=thirdparty%2Fkernel%2Fstable-queue.git fixes for 5.3 Signed-off-by: Sasha Levin --- diff --git a/queue-5.3/arm-dts-stm32-change-joystick-pinctrl-definition-on-.patch b/queue-5.3/arm-dts-stm32-change-joystick-pinctrl-definition-on-.patch new file mode 100644 index 00000000000..7c86be98bcc --- /dev/null +++ b/queue-5.3/arm-dts-stm32-change-joystick-pinctrl-definition-on-.patch @@ -0,0 +1,37 @@ +From 78b122e00fbcf957ab007a2793ae56107b8e04e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 4 Nov 2019 11:55:29 +0100 +Subject: ARM: dts: stm32: change joystick pinctrl definition on + stm32mp157c-ev1 + +From: Amelie Delaunay + +[ Upstream commit f4d6e0f79bcde7810890563bac8e0f3479fe6d03 ] + +Pins used for joystick are all configured as input. "push-pull" is not a +valid setting for an input pin. + +Fixes: a502b343ebd0 ("pinctrl: stmfx: update pinconf settings") +Signed-off-by: Alexandre Torgue +Signed-off-by: Amelie Delaunay +Signed-off-by: Alexandre Torgue +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/stm32mp157c-ev1.dts | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/arch/arm/boot/dts/stm32mp157c-ev1.dts b/arch/arm/boot/dts/stm32mp157c-ev1.dts +index feb8f7727270b..541bad97248ab 100644 +--- a/arch/arm/boot/dts/stm32mp157c-ev1.dts ++++ b/arch/arm/boot/dts/stm32mp157c-ev1.dts +@@ -206,7 +206,6 @@ + + joystick_pins: joystick { + pins = "gpio0", "gpio1", "gpio2", "gpio3", "gpio4"; +- drive-push-pull; + bias-pull-down; + }; + +-- +2.20.1 + diff --git a/queue-5.3/arm64-errata-update-stale-comment.patch b/queue-5.3/arm64-errata-update-stale-comment.patch new file mode 100644 index 00000000000..662dfc01a1f --- /dev/null +++ b/queue-5.3/arm64-errata-update-stale-comment.patch @@ -0,0 +1,40 @@ +From 76a9ddb7a0f1c96006ff186d071d18780bdada43 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 23 Sep 2019 11:12:29 +0200 +Subject: arm64: errata: Update stale comment + +From: Thierry Reding + +[ Upstream commit 7a292b6c7c9c35afee01ce3b2248f705869d0ff1 ] + +Commit 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack +thereof") renamed the caller of the install_bp_hardening_cb() function +but forgot to update a comment, which can be confusing when trying to +follow the code flow. + +Fixes: 73f381660959 ("arm64: Advertise mitigation of Spectre-v2, or lack thereof") +Signed-off-by: Thierry Reding +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/cpu_errata.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c +index ed4c2f28f1576..169549f939e25 100644 +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -129,8 +129,8 @@ static void install_bp_hardening_cb(bp_hardening_cb_t fn, + int cpu, slot = -1; + + /* +- * enable_smccc_arch_workaround_1() passes NULL for the hyp_vecs +- * start/end if we're a guest. Skip the hyp-vectors work. ++ * detect_harden_bp_fw() passes NULL for the hyp_vecs start/end if ++ * we're a guest. Skip the hyp-vectors work. + */ + if (!hyp_vecs_start) { + __this_cpu_write(bp_hardening_data.fn, fn); +-- +2.20.1 + diff --git a/queue-5.3/asoc-sof-intel-hda-stream-fix-the-config_-prefix-mis.patch b/queue-5.3/asoc-sof-intel-hda-stream-fix-the-config_-prefix-mis.patch new file mode 100644 index 00000000000..c30f6afa3d5 --- /dev/null +++ b/queue-5.3/asoc-sof-intel-hda-stream-fix-the-config_-prefix-mis.patch @@ -0,0 +1,47 @@ +From 6e43ac5d72556976c329b84d5511b9bebae4dffc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 25 Oct 2019 17:15:38 -0500 +Subject: ASoC: SOF: Intel: hda-stream: fix the CONFIG_ prefix missing + +From: Keyon Jie + +[ Upstream commit f792bd173a6fd51d1a4dde04263085ce67486aa3 ] + +We are missing the 'CONFIG_' prefix when using the kernel configure item +SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1, here correct them. + +Fixes: 43b2ab9009b13b ('ASoC: SOF: Intel: hda: Disable DMI L1 entry during capture') +Signed-off-by: Keyon Jie +Signed-off-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20191025221538.6668-1-pierre-louis.bossart@linux.intel.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/sof/intel/hda-stream.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/sof/intel/hda-stream.c b/sound/soc/sof/intel/hda-stream.c +index 2c74471884025..0c11fceb28a7a 100644 +--- a/sound/soc/sof/intel/hda-stream.c ++++ b/sound/soc/sof/intel/hda-stream.c +@@ -190,7 +190,7 @@ hda_dsp_stream_get(struct snd_sof_dev *sdev, int direction) + * Workaround to address a known issue with host DMA that results + * in xruns during pause/release in capture scenarios. + */ +- if (!IS_ENABLED(SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1)) ++ if (!IS_ENABLED(CONFIG_SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1)) + if (stream && direction == SNDRV_PCM_STREAM_CAPTURE) + snd_sof_dsp_update_bits(sdev, HDA_DSP_HDA_BAR, + HDA_VS_INTEL_EM2, +@@ -228,7 +228,7 @@ int hda_dsp_stream_put(struct snd_sof_dev *sdev, int direction, int stream_tag) + spin_unlock_irq(&bus->reg_lock); + + /* Enable DMI L1 entry if there are no capture streams open */ +- if (!IS_ENABLED(SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1)) ++ if (!IS_ENABLED(CONFIG_SND_SOC_SOF_HDA_ALWAYS_ENABLE_DMI_L1)) + if (!active_capture_stream) + snd_sof_dsp_update_bits(sdev, HDA_DSP_HDA_BAR, + HDA_VS_INTEL_EM2, +-- +2.20.1 + diff --git a/queue-5.3/bonding-fix-using-uninitialized-mode_lock.patch b/queue-5.3/bonding-fix-using-uninitialized-mode_lock.patch new file mode 100644 index 00000000000..b527b161ac0 --- /dev/null +++ b/queue-5.3/bonding-fix-using-uninitialized-mode_lock.patch @@ -0,0 +1,113 @@ +From fb62b84e97715d7ef8d26606f5cd096931bf2f9b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 29 Oct 2019 09:12:32 +0000 +Subject: bonding: fix using uninitialized mode_lock + +From: Taehee Yoo + +[ Upstream commit ad9bd8daf2f9938572b0604e1280fefa8f338581 ] + +When a bonding interface is being created, it setups its mode and options. +At that moment, it uses mode_lock so mode_lock should be initialized +before that moment. + +rtnl_newlink() + rtnl_create_link() + alloc_netdev_mqs() + ->setup() //bond_setup() + ->newlink //bond_newlink + bond_changelink() + register_netdevice() + ->ndo_init() //bond_init() + +After commit 089bca2caed0 ("bonding: use dynamic lockdep key instead of +subclass"), mode_lock is initialized in bond_init(). +So in the bond_changelink(), un-initialized mode_lock can be used. +mode_lock should be initialized in bond_setup(). +This patch partially reverts commit 089bca2caed0 ("bonding: use dynamic +lockdep key instead of subclass") + +Test command: + ip link add bond0 type bond mode 802.3ad lacp_rate 0 + +Splat looks like: +[ 60.615127] INFO: trying to register non-static key. +[ 60.615900] the code is fine but needs lockdep annotation. +[ 60.616697] turning off the locking correctness validator. +[ 60.617490] CPU: 1 PID: 957 Comm: ip Not tainted 5.4.0-rc3+ #109 +[ 60.618350] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006 +[ 60.619481] Call Trace: +[ 60.619918] dump_stack+0x7c/0xbb +[ 60.620453] register_lock_class+0x1215/0x14d0 +[ 60.621131] ? alloc_netdev_mqs+0x7b3/0xcc0 +[ 60.621771] ? is_bpf_text_address+0x86/0xf0 +[ 60.622416] ? is_dynamic_key+0x230/0x230 +[ 60.623032] ? unwind_get_return_address+0x5f/0xa0 +[ 60.623757] ? create_prof_cpu_mask+0x20/0x20 +[ 60.624408] ? arch_stack_walk+0x83/0xb0 +[ 60.625023] __lock_acquire+0xd8/0x3de0 +[ 60.625616] ? stack_trace_save+0x82/0xb0 +[ 60.626225] ? stack_trace_consume_entry+0x160/0x160 +[ 60.626957] ? deactivate_slab.isra.80+0x2c5/0x800 +[ 60.627668] ? register_lock_class+0x14d0/0x14d0 +[ 60.628380] ? alloc_netdev_mqs+0x7b3/0xcc0 +[ 60.629020] ? save_stack+0x69/0x80 +[ 60.629574] ? save_stack+0x19/0x80 +[ 60.630121] ? __kasan_kmalloc.constprop.4+0xa0/0xd0 +[ 60.630859] ? __kmalloc_node+0x16f/0x480 +[ 60.631472] ? alloc_netdev_mqs+0x7b3/0xcc0 +[ 60.632121] ? rtnl_create_link+0x2ed/0xad0 +[ 60.634388] ? __rtnl_newlink+0xad4/0x11b0 +[ 60.635024] lock_acquire+0x164/0x3b0 +[ 60.635608] ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding] +[ 60.636463] _raw_spin_lock_bh+0x38/0x70 +[ 60.637084] ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding] +[ 60.637930] bond_3ad_update_lacp_rate+0x91/0x200 [bonding] +[ 60.638753] ? bond_3ad_lacpdu_recv+0xb30/0xb30 [bonding] +[ 60.639552] ? bond_opt_get_val+0x180/0x180 [bonding] +[ 60.640307] ? ___slab_alloc+0x5aa/0x610 +[ 60.640925] bond_option_lacp_rate_set+0x71/0x140 [bonding] +[ 60.641751] __bond_opt_set+0x1ff/0xbb0 [bonding] +[ 60.643217] ? kasan_unpoison_shadow+0x30/0x40 +[ 60.643924] bond_changelink+0x9a4/0x1700 [bonding] +[ 60.644653] ? memset+0x1f/0x40 +[ 60.742941] ? bond_slave_changelink+0x1a0/0x1a0 [bonding] +[ 60.752694] ? alloc_netdev_mqs+0x8ea/0xcc0 +[ 60.753330] ? rtnl_create_link+0x2ed/0xad0 +[ 60.753964] bond_newlink+0x1e/0x60 [bonding] +[ 60.754612] __rtnl_newlink+0xb9f/0x11b0 +[ ... ] + +Reported-by: syzbot+8da67f407bcba2c72e6e@syzkaller.appspotmail.com +Reported-by: syzbot+0d083911ab18b710da71@syzkaller.appspotmail.com +Fixes: 089bca2caed0 ("bonding: use dynamic lockdep key instead of subclass") +Signed-off-by: Taehee Yoo +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/bonding/bond_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index c3df99f8c3835..8550822095be6 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -4297,6 +4297,7 @@ void bond_setup(struct net_device *bond_dev) + { + struct bonding *bond = netdev_priv(bond_dev); + ++ spin_lock_init(&bond->mode_lock); + bond->params = bonding_defaults; + + /* Initialize pointers */ +@@ -4772,7 +4773,6 @@ static int bond_init(struct net_device *bond_dev) + bond->nest_level = SINGLE_DEPTH_NESTING; + netdev_lockdep_set_classes(bond_dev); + +- spin_lock_init(&bond->mode_lock); + spin_lock_init(&bond->stats_lock); + lockdep_register_key(&bond->stats_lock_key); + lockdep_set_class(&bond->stats_lock, &bond->stats_lock_key); +-- +2.20.1 + diff --git a/queue-5.3/net-ibmvnic-unlock-rtnl_lock-in-reset-so-linkwatch_e.patch b/queue-5.3/net-ibmvnic-unlock-rtnl_lock-in-reset-so-linkwatch_e.patch new file mode 100644 index 00000000000..5f89752a32b --- /dev/null +++ b/queue-5.3/net-ibmvnic-unlock-rtnl_lock-in-reset-so-linkwatch_e.patch @@ -0,0 +1,410 @@ +From 3bcba9a4421a682c0ce3423938dc8ed3ce4981ac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Sep 2019 16:11:22 -0400 +Subject: net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run + +From: Juliet Kim + +[ Upstream commit b27507bb59ed504d7fa4d6a35f25a8cc39903b54 ] + +Commit a5681e20b541 ("net/ibmnvic: Fix deadlock problem in reset") +made the change to hold the RTNL lock during a reset to avoid deadlock +but linkwatch_event is fired during the reset and needs the RTNL lock. +That keeps linkwatch_event process from proceeding until the reset +is complete. The reset process cannot tolerate the linkwatch_event +processing after reset completes, so release the RTNL lock during the +process to allow a chance for linkwatch_event to run during reset. +This does not guarantee that the linkwatch_event will be processed as +soon as link state changes, but is an improvement over the current code +where linkwatch_event processing is always delayed, which prevents +transmissions on the device from being deactivated leading transmit +watchdog timer to time-out. + +Release the RTNL lock before link state change and re-acquire after +the link state change to allow linkwatch_event to grab the RTNL lock +and run during the reset. + +Fixes: a5681e20b541 ("net/ibmnvic: Fix deadlock problem in reset") +Signed-off-by: Juliet Kim +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/ibm/ibmvnic.c | 224 ++++++++++++++++++++--------- + drivers/net/ethernet/ibm/ibmvnic.h | 1 + + 2 files changed, 157 insertions(+), 68 deletions(-) + +diff --git a/drivers/net/ethernet/ibm/ibmvnic.c b/drivers/net/ethernet/ibm/ibmvnic.c +index 964e7d62f4b13..5ef7704cd98d8 100644 +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -1723,6 +1723,86 @@ static int ibmvnic_set_mac(struct net_device *netdev, void *p) + return rc; + } + ++/** ++ * do_change_param_reset returns zero if we are able to keep processing reset ++ * events, or non-zero if we hit a fatal error and must halt. ++ */ ++static int do_change_param_reset(struct ibmvnic_adapter *adapter, ++ struct ibmvnic_rwi *rwi, ++ u32 reset_state) ++{ ++ struct net_device *netdev = adapter->netdev; ++ int i, rc; ++ ++ netdev_dbg(adapter->netdev, "Change param resetting driver (%d)\n", ++ rwi->reset_reason); ++ ++ netif_carrier_off(netdev); ++ adapter->reset_reason = rwi->reset_reason; ++ ++ ibmvnic_cleanup(netdev); ++ ++ if (reset_state == VNIC_OPEN) { ++ rc = __ibmvnic_close(netdev); ++ if (rc) ++ return rc; ++ } ++ ++ release_resources(adapter); ++ release_sub_crqs(adapter, 1); ++ release_crq_queue(adapter); ++ ++ adapter->state = VNIC_PROBED; ++ ++ rc = init_crq_queue(adapter); ++ ++ if (rc) { ++ netdev_err(adapter->netdev, ++ "Couldn't initialize crq. rc=%d\n", rc); ++ return rc; ++ } ++ ++ rc = ibmvnic_reset_init(adapter); ++ if (rc) ++ return IBMVNIC_INIT_FAILED; ++ ++ /* If the adapter was in PROBE state prior to the reset, ++ * exit here. ++ */ ++ if (reset_state == VNIC_PROBED) ++ return 0; ++ ++ rc = ibmvnic_login(netdev); ++ if (rc) { ++ adapter->state = reset_state; ++ return rc; ++ } ++ ++ rc = init_resources(adapter); ++ if (rc) ++ return rc; ++ ++ ibmvnic_disable_irqs(adapter); ++ ++ adapter->state = VNIC_CLOSED; ++ ++ if (reset_state == VNIC_CLOSED) ++ return 0; ++ ++ rc = __ibmvnic_open(netdev); ++ if (rc) ++ return IBMVNIC_OPEN_FAILED; ++ ++ /* refresh device's multicast list */ ++ ibmvnic_set_multi(netdev); ++ ++ /* kick napi */ ++ for (i = 0; i < adapter->req_rx_queues; i++) ++ napi_schedule(&adapter->napi[i]); ++ ++ return 0; ++} ++ + /** + * do_reset returns zero if we are able to keep processing reset events, or + * non-zero if we hit a fatal error and must halt. +@@ -1738,6 +1818,8 @@ static int do_reset(struct ibmvnic_adapter *adapter, + netdev_dbg(adapter->netdev, "Re-setting driver (%d)\n", + rwi->reset_reason); + ++ rtnl_lock(); ++ + netif_carrier_off(netdev); + adapter->reset_reason = rwi->reset_reason; + +@@ -1751,16 +1833,25 @@ static int do_reset(struct ibmvnic_adapter *adapter, + if (reset_state == VNIC_OPEN && + adapter->reset_reason != VNIC_RESET_MOBILITY && + adapter->reset_reason != VNIC_RESET_FAILOVER) { +- rc = __ibmvnic_close(netdev); ++ adapter->state = VNIC_CLOSING; ++ ++ /* Release the RTNL lock before link state change and ++ * re-acquire after the link state change to allow ++ * linkwatch_event to grab the RTNL lock and run during ++ * a reset. ++ */ ++ rtnl_unlock(); ++ rc = set_link_state(adapter, IBMVNIC_LOGICAL_LNK_DN); ++ rtnl_lock(); + if (rc) +- return rc; +- } ++ goto out; + +- if (adapter->reset_reason == VNIC_RESET_CHANGE_PARAM || +- adapter->wait_for_reset) { +- release_resources(adapter); +- release_sub_crqs(adapter, 1); +- release_crq_queue(adapter); ++ if (adapter->state != VNIC_CLOSING) { ++ rc = -1; ++ goto out; ++ } ++ ++ adapter->state = VNIC_CLOSED; + } + + if (adapter->reset_reason != VNIC_RESET_NON_FATAL) { +@@ -1769,9 +1860,7 @@ static int do_reset(struct ibmvnic_adapter *adapter, + */ + adapter->state = VNIC_PROBED; + +- if (adapter->wait_for_reset) { +- rc = init_crq_queue(adapter); +- } else if (adapter->reset_reason == VNIC_RESET_MOBILITY) { ++ if (adapter->reset_reason == VNIC_RESET_MOBILITY) { + rc = ibmvnic_reenable_crq_queue(adapter); + release_sub_crqs(adapter, 1); + } else { +@@ -1783,36 +1872,35 @@ static int do_reset(struct ibmvnic_adapter *adapter, + if (rc) { + netdev_err(adapter->netdev, + "Couldn't initialize crq. rc=%d\n", rc); +- return rc; ++ goto out; + } + + rc = ibmvnic_reset_init(adapter); +- if (rc) +- return IBMVNIC_INIT_FAILED; ++ if (rc) { ++ rc = IBMVNIC_INIT_FAILED; ++ goto out; ++ } + + /* If the adapter was in PROBE state prior to the reset, + * exit here. + */ +- if (reset_state == VNIC_PROBED) +- return 0; ++ if (reset_state == VNIC_PROBED) { ++ rc = 0; ++ goto out; ++ } + + rc = ibmvnic_login(netdev); + if (rc) { + adapter->state = reset_state; +- return rc; ++ goto out; + } + +- if (adapter->reset_reason == VNIC_RESET_CHANGE_PARAM || +- adapter->wait_for_reset) { +- rc = init_resources(adapter); +- if (rc) +- return rc; +- } else if (adapter->req_rx_queues != old_num_rx_queues || +- adapter->req_tx_queues != old_num_tx_queues || +- adapter->req_rx_add_entries_per_subcrq != +- old_num_rx_slots || +- adapter->req_tx_entries_per_subcrq != +- old_num_tx_slots) { ++ if (adapter->req_rx_queues != old_num_rx_queues || ++ adapter->req_tx_queues != old_num_tx_queues || ++ adapter->req_rx_add_entries_per_subcrq != ++ old_num_rx_slots || ++ adapter->req_tx_entries_per_subcrq != ++ old_num_tx_slots) { + release_rx_pools(adapter); + release_tx_pools(adapter); + release_napi(adapter); +@@ -1820,32 +1908,30 @@ static int do_reset(struct ibmvnic_adapter *adapter, + + rc = init_resources(adapter); + if (rc) +- return rc; ++ goto out; + + } else { + rc = reset_tx_pools(adapter); + if (rc) +- return rc; ++ goto out; + + rc = reset_rx_pools(adapter); + if (rc) +- return rc; ++ goto out; + } + ibmvnic_disable_irqs(adapter); + } + adapter->state = VNIC_CLOSED; + +- if (reset_state == VNIC_CLOSED) +- return 0; ++ if (reset_state == VNIC_CLOSED) { ++ rc = 0; ++ goto out; ++ } + + rc = __ibmvnic_open(netdev); + if (rc) { +- if (list_empty(&adapter->rwi_list)) +- adapter->state = VNIC_CLOSED; +- else +- adapter->state = reset_state; +- +- return 0; ++ rc = IBMVNIC_OPEN_FAILED; ++ goto out; + } + + /* refresh device's multicast list */ +@@ -1855,11 +1941,15 @@ static int do_reset(struct ibmvnic_adapter *adapter, + for (i = 0; i < adapter->req_rx_queues; i++) + napi_schedule(&adapter->napi[i]); + +- if (adapter->reset_reason != VNIC_RESET_FAILOVER && +- adapter->reset_reason != VNIC_RESET_CHANGE_PARAM) ++ if (adapter->reset_reason != VNIC_RESET_FAILOVER) + call_netdevice_notifiers(NETDEV_NOTIFY_PEERS, netdev); + +- return 0; ++ rc = 0; ++ ++out: ++ rtnl_unlock(); ++ ++ return rc; + } + + static int do_hard_reset(struct ibmvnic_adapter *adapter, +@@ -1919,14 +2009,8 @@ static int do_hard_reset(struct ibmvnic_adapter *adapter, + return 0; + + rc = __ibmvnic_open(netdev); +- if (rc) { +- if (list_empty(&adapter->rwi_list)) +- adapter->state = VNIC_CLOSED; +- else +- adapter->state = reset_state; +- +- return 0; +- } ++ if (rc) ++ return IBMVNIC_OPEN_FAILED; + + return 0; + } +@@ -1965,20 +2049,11 @@ static void __ibmvnic_reset(struct work_struct *work) + { + struct ibmvnic_rwi *rwi; + struct ibmvnic_adapter *adapter; +- bool we_lock_rtnl = false; + u32 reset_state; + int rc = 0; + + adapter = container_of(work, struct ibmvnic_adapter, ibmvnic_reset); + +- /* netif_set_real_num_xx_queues needs to take rtnl lock here +- * unless wait_for_reset is set, in which case the rtnl lock +- * has already been taken before initializing the reset +- */ +- if (!adapter->wait_for_reset) { +- rtnl_lock(); +- we_lock_rtnl = true; +- } + reset_state = adapter->state; + + rwi = get_next_rwi(adapter); +@@ -1990,14 +2065,32 @@ static void __ibmvnic_reset(struct work_struct *work) + break; + } + +- if (adapter->force_reset_recovery) { +- adapter->force_reset_recovery = false; +- rc = do_hard_reset(adapter, rwi, reset_state); ++ if (rwi->reset_reason == VNIC_RESET_CHANGE_PARAM) { ++ /* CHANGE_PARAM requestor holds rtnl_lock */ ++ rc = do_change_param_reset(adapter, rwi, reset_state); ++ } else if (adapter->force_reset_recovery) { ++ /* Transport event occurred during previous reset */ ++ if (adapter->wait_for_reset) { ++ /* Previous was CHANGE_PARAM; caller locked */ ++ adapter->force_reset_recovery = false; ++ rc = do_hard_reset(adapter, rwi, reset_state); ++ } else { ++ rtnl_lock(); ++ adapter->force_reset_recovery = false; ++ rc = do_hard_reset(adapter, rwi, reset_state); ++ rtnl_unlock(); ++ } + } else { + rc = do_reset(adapter, rwi, reset_state); + } + kfree(rwi); +- if (rc && rc != IBMVNIC_INIT_FAILED && ++ if (rc == IBMVNIC_OPEN_FAILED) { ++ if (list_empty(&adapter->rwi_list)) ++ adapter->state = VNIC_CLOSED; ++ else ++ adapter->state = reset_state; ++ rc = 0; ++ } else if (rc && rc != IBMVNIC_INIT_FAILED && + !adapter->force_reset_recovery) + break; + +@@ -2005,7 +2098,6 @@ static void __ibmvnic_reset(struct work_struct *work) + } + + if (adapter->wait_for_reset) { +- adapter->wait_for_reset = false; + adapter->reset_done_rc = rc; + complete(&adapter->reset_done); + } +@@ -2016,8 +2108,6 @@ static void __ibmvnic_reset(struct work_struct *work) + } + + adapter->resetting = false; +- if (we_lock_rtnl) +- rtnl_unlock(); + } + + static int ibmvnic_reset(struct ibmvnic_adapter *adapter, +@@ -2078,8 +2168,6 @@ static int ibmvnic_reset(struct ibmvnic_adapter *adapter, + + return 0; + err: +- if (adapter->wait_for_reset) +- adapter->wait_for_reset = false; + return -ret; + } + +diff --git a/drivers/net/ethernet/ibm/ibmvnic.h b/drivers/net/ethernet/ibm/ibmvnic.h +index 70bd286f89325..9d3d35cc91d6f 100644 +--- a/drivers/net/ethernet/ibm/ibmvnic.h ++++ b/drivers/net/ethernet/ibm/ibmvnic.h +@@ -20,6 +20,7 @@ + #define IBMVNIC_INVALID_MAP -1 + #define IBMVNIC_STATS_TIMEOUT 1 + #define IBMVNIC_INIT_FAILED 2 ++#define IBMVNIC_OPEN_FAILED 3 + + /* basic structures plus 100 2k buffers */ + #define IBMVNIC_IO_ENTITLEMENT_DEFAULT 610305 +-- +2.20.1 + diff --git a/queue-5.3/netfilter-ipset-copy-the-right-mac-address-in-hash-i.patch b/queue-5.3/netfilter-ipset-copy-the-right-mac-address-in-hash-i.patch new file mode 100644 index 00000000000..bd351eaf988 --- /dev/null +++ b/queue-5.3/netfilter-ipset-copy-the-right-mac-address-in-hash-i.patch @@ -0,0 +1,71 @@ +From e2c06a16bf5457e54611d2111c12dfc14a128635 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Oct 2019 19:18:14 +0200 +Subject: netfilter: ipset: Copy the right MAC address in hash:ip,mac IPv6 sets + +From: Stefano Brivio + +[ Upstream commit 97664bc2c77e2b65cdedddcae2643fc93291d958 ] + +Same as commit 1b4a75108d5b ("netfilter: ipset: Copy the right MAC +address in bitmap:ip,mac and hash:ip,mac sets"), another copy and paste +went wrong in commit 8cc4ccf58379 ("netfilter: ipset: Allow matching on +destination MAC address for mac and ipmac sets"). + +When I fixed this for IPv4 in 1b4a75108d5b, I didn't realise that +hash:ip,mac sets also support IPv6 as family, and this is covered by a +separate function, hash_ipmac6_kadt(). + +In hash:ip,mac sets, the first dimension is the IP address, and the +second dimension is the MAC address: check the IPSET_DIM_TWO_SRC flag +in flags while deciding which MAC address to copy, destination or +source. + +This way, mixing source and destination matches for the two dimensions +of ip,mac hash type works as expected, also for IPv6. With this setup: + + ip netns add A + ip link add veth1 type veth peer name veth2 netns A + ip addr add 2001:db8::1/64 dev veth1 + ip -net A addr add 2001:db8::2/64 dev veth2 + ip link set veth1 up + ip -net A link set veth2 up + + dst=$(ip netns exec A cat /sys/class/net/veth2/address) + + ip netns exec A ipset create test_hash hash:ip,mac family inet6 + ip netns exec A ipset add test_hash 2001:db8::1,${dst} + ip netns exec A ip6tables -A INPUT -p icmpv6 --icmpv6-type 135 -j ACCEPT + ip netns exec A ip6tables -A INPUT -m set ! --match-set test_hash src,dst -j DROP + +ipset now correctly matches a test packet: + + # ping -c1 2001:db8::2 >/dev/null + # echo $? + 0 + +Reported-by: Chen, Yi +Fixes: 8cc4ccf58379 ("netfilter: ipset: Allow matching on destination MAC address for mac and ipmac sets") +Signed-off-by: Stefano Brivio +Signed-off-by: Jozsef Kadlecsik +Signed-off-by: Sasha Levin +--- + net/netfilter/ipset/ip_set_hash_ipmac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/netfilter/ipset/ip_set_hash_ipmac.c b/net/netfilter/ipset/ip_set_hash_ipmac.c +index 24d8f4df4230c..4ce563eb927d4 100644 +--- a/net/netfilter/ipset/ip_set_hash_ipmac.c ++++ b/net/netfilter/ipset/ip_set_hash_ipmac.c +@@ -209,7 +209,7 @@ hash_ipmac6_kadt(struct ip_set *set, const struct sk_buff *skb, + (skb_mac_header(skb) + ETH_HLEN) > skb->data) + return -EINVAL; + +- if (opt->flags & IPSET_DIM_ONE_SRC) ++ if (opt->flags & IPSET_DIM_TWO_SRC) + ether_addr_copy(e.ether, eth_hdr(skb)->h_source); + else + ether_addr_copy(e.ether, eth_hdr(skb)->h_dest); +-- +2.20.1 + diff --git a/queue-5.3/series b/queue-5.3/series index 074effee466..6e9f1c626fd 100644 --- a/queue-5.3/series +++ b/queue-5.3/series @@ -191,3 +191,10 @@ clk-imx8m-use-sys_pll1_800m-as-intermediate-parent-o.patch timekeeping-vsyscall-update-vdso-data-unconditionall.patch mm-filemap.c-don-t-initiate-writeback-if-mapping-has-no-dirty-pages.patch cgroup-writeback-don-t-switch-wbs-immediately-on-dead-wbs-if-the-memcg-is-dead.patch +arm-dts-stm32-change-joystick-pinctrl-definition-on-.patch +asoc-sof-intel-hda-stream-fix-the-config_-prefix-mis.patch +usbip-fix-free-of-unallocated-memory-in-vhci-tx.patch +bonding-fix-using-uninitialized-mode_lock.patch +netfilter-ipset-copy-the-right-mac-address-in-hash-i.patch +arm64-errata-update-stale-comment.patch +net-ibmvnic-unlock-rtnl_lock-in-reset-so-linkwatch_e.patch diff --git a/queue-5.3/usbip-fix-free-of-unallocated-memory-in-vhci-tx.patch b/queue-5.3/usbip-fix-free-of-unallocated-memory-in-vhci-tx.patch new file mode 100644 index 00000000000..2f76fd20b96 --- /dev/null +++ b/queue-5.3/usbip-fix-free-of-unallocated-memory-in-vhci-tx.patch @@ -0,0 +1,47 @@ +From 41782c303912a67f4cd8cebbc7c9a2f1b219e3e4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Oct 2019 18:30:17 +0900 +Subject: usbip: Fix free of unallocated memory in vhci tx + +From: Suwan Kim + +[ Upstream commit d4d8257754c3300ea2a465dadf8d2b02c713c920 ] + +iso_buffer should be set to NULL after use and free in the while loop. +In the case of isochronous URB in the while loop, iso_buffer is +allocated and after sending it to server, buffer is deallocated. And +then, if the next URB in the while loop is not a isochronous pipe, +iso_buffer still holds the previously deallocated buffer address and +kfree tries to free wrong buffer address. + +Fixes: ea44d190764b ("usbip: Implement SG support to vhci-hcd and stub driver") +Reported-by: kbuild test robot +Reported-by: Julia Lawall +Signed-off-by: Suwan Kim +Reviewed-by: Julia Lawall +Acked-by: Shuah Khan +Link: https://lore.kernel.org/r/20191022093017.8027-1-suwan.kim027@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/usb/usbip/vhci_tx.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/usb/usbip/vhci_tx.c b/drivers/usb/usbip/vhci_tx.c +index c3803785f6eff..0ae40a13a9fea 100644 +--- a/drivers/usb/usbip/vhci_tx.c ++++ b/drivers/usb/usbip/vhci_tx.c +@@ -147,7 +147,10 @@ static int vhci_send_cmd_submit(struct vhci_device *vdev) + } + + kfree(iov); ++ /* This is only for isochronous case */ + kfree(iso_buffer); ++ iso_buffer = NULL; ++ + usbip_dbg_vhci_tx("send txdata\n"); + + total_size += txsize; +-- +2.20.1 +