From: Sasha Levin Date: Sun, 19 Jun 2022 13:03:27 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v5.4.200~59 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=becfc44dc72234c4797b152c907e9631e77e4a29;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/arm64-ftrace-consistently-handle-plts.patch b/queue-5.10/arm64-ftrace-consistently-handle-plts.patch new file mode 100644 index 00000000000..b5cdfc3359d --- /dev/null +++ b/queue-5.10/arm64-ftrace-consistently-handle-plts.patch @@ -0,0 +1,305 @@ +From 3d3c72a623ade9d67d8dcbcf4d5ce06000824784 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Jun 2022 09:09:43 +0100 +Subject: arm64: ftrace: consistently handle PLTs. + +From: Mark Rutland + +[ Upstream commit a6253579977e4c6f7818eeb05bf2bc65678a7187 ] + +Sometimes it is necessary to use a PLT entry to call an ftrace +trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(), +with each having *almost* identical logic, but this is not handled by +ftrace_modify_call() since its introduction in commit: + + 3b23e4991fb66f6d ("arm64: implement ftrace with regs") + +Due to this, if we ever were to call ftrace_modify_call() for a callsite +which requires a PLT entry for a trampoline, then either: + +a) If the old addr requires a trampoline, ftrace_modify_call() will use + an out-of-range address to generate the 'old' branch instruction. + This will result in warnings from aarch64_insn_gen_branch_imm() and + ftrace_modify_code(), and no instructions will be modified. As + ftrace_modify_call() will return an error, this will result in + subsequent internal ftrace errors. + +b) If the old addr does not require a trampoline, but the new addr does, + ftrace_modify_call() will use an out-of-range address to generate the + 'new' branch instruction. This will result in warnings from + aarch64_insn_gen_branch_imm(), and ftrace_modify_code() will replace + the 'old' branch with a BRK. This will result in a kernel panic when + this BRK is later executed. + +Practically speaking, case (a) is vastly more likely than case (b), and +typically this will result in internal ftrace errors that don't +necessarily affect the rest of the system. This can be demonstrated with +an out-of-tree test module which triggers ftrace_modify_call(), e.g. + +| # insmod test_ftrace.ko +| test_ftrace: Function test_function raw=0xffffb3749399201c, callsite=0xffffb37493992024 +| branch_imm_common: offset out of range +| branch_imm_common: offset out of range +| ------------[ ftrace bug ]------------ +| ftrace failed to modify +| [] test_function+0x8/0x38 [test_ftrace] +| actual: 1d:00:00:94 +| Updating ftrace call site to call a different ftrace function +| ftrace record flags: e0000002 +| (2) R +| expected tramp: ffffb374ae42ed54 +| ------------[ cut here ]------------ +| WARNING: CPU: 0 PID: 165 at kernel/trace/ftrace.c:2085 ftrace_bug+0x280/0x2b0 +| Modules linked in: test_ftrace(+) +| CPU: 0 PID: 165 Comm: insmod Not tainted 5.19.0-rc2-00002-g4d9ead8b45ce #13 +| Hardware name: linux,dummy-virt (DT) +| pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) +| pc : ftrace_bug+0x280/0x2b0 +| lr : ftrace_bug+0x280/0x2b0 +| sp : ffff80000839ba00 +| x29: ffff80000839ba00 x28: 0000000000000000 x27: ffff80000839bcf0 +| x26: ffffb37493994180 x25: ffffb374b0991c28 x24: ffffb374b0d70000 +| x23: 00000000ffffffea x22: ffffb374afcc33b0 x21: ffffb374b08f9cc8 +| x20: ffff572b8462c000 x19: ffffb374b08f9000 x18: ffffffffffffffff +| x17: 6c6c6163202c6331 x16: ffffb374ae5ad110 x15: ffffb374b0d51ee4 +| x14: 0000000000000000 x13: 3435646532346561 x12: 3437336266666666 +| x11: 203a706d61727420 x10: 6465746365707865 x9 : ffffb374ae5149e8 +| x8 : 336266666666203a x7 : 706d617274206465 x6 : 00000000fffff167 +| x5 : ffff572bffbc4a08 x4 : 00000000fffff167 x3 : 0000000000000000 +| x2 : 0000000000000000 x1 : ffff572b84461e00 x0 : 0000000000000022 +| Call trace: +| ftrace_bug+0x280/0x2b0 +| ftrace_replace_code+0x98/0xa0 +| ftrace_modify_all_code+0xe0/0x144 +| arch_ftrace_update_code+0x14/0x20 +| ftrace_startup+0xf8/0x1b0 +| register_ftrace_function+0x38/0x90 +| test_ftrace_init+0xd0/0x1000 [test_ftrace] +| do_one_initcall+0x50/0x2b0 +| do_init_module+0x50/0x1f0 +| load_module+0x17c8/0x1d64 +| __do_sys_finit_module+0xa8/0x100 +| __arm64_sys_finit_module+0x2c/0x3c +| invoke_syscall+0x50/0x120 +| el0_svc_common.constprop.0+0xdc/0x100 +| do_el0_svc+0x3c/0xd0 +| el0_svc+0x34/0xb0 +| el0t_64_sync_handler+0xbc/0x140 +| el0t_64_sync+0x18c/0x190 +| ---[ end trace 0000000000000000 ]--- + +We can solve this by consistently determining whether to use a PLT entry +for an address. + +Note that since (the earlier) commit: + + f1a54ae9af0da4d7 ("arm64: module/ftrace: intialize PLT at load time") + +... we can consistently determine the PLT address that a given callsite +will use, and therefore ftrace_make_nop() does not need to skip +validation when a PLT is in use. + +This patch factors the existing logic out of ftrace_make_call() and +ftrace_make_nop() into a common ftrace_find_callable_addr() helper +function, which is used by ftrace_make_call(), ftrace_make_nop(), and +ftrace_modify_call(). In ftrace_make_nop() the patching is consistently +validated by ftrace_modify_code() as we can always determine what the +old instruction should have been. + +Fixes: 3b23e4991fb6 ("arm64: implement ftrace with regs") +Signed-off-by: Mark Rutland +Cc: Ard Biesheuvel +Cc: Will Deacon +Tested-by: "Ivan T. Ivanov" +Reviewed-by: Chengming Zhou +Reviewed-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220614080944.1349146-3-mark.rutland@arm.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/ftrace.c | 137 ++++++++++++++++++------------------- + 1 file changed, 66 insertions(+), 71 deletions(-) + +diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c +index e21a01b99999..3724bab278b2 100644 +--- a/arch/arm64/kernel/ftrace.c ++++ b/arch/arm64/kernel/ftrace.c +@@ -77,47 +77,76 @@ static struct plt_entry *get_ftrace_plt(struct module *mod, unsigned long addr) + } + + /* +- * Turn on the call to ftrace_caller() in instrumented function ++ * Find the address the callsite must branch to in order to reach '*addr'. ++ * ++ * Due to the limited range of 'BL' instructions, modules may be placed too far ++ * away to branch directly and must use a PLT. ++ * ++ * Returns true when '*addr' contains a reachable target address, or has been ++ * modified to contain a PLT address. Returns false otherwise. + */ +-int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) ++static bool ftrace_find_callable_addr(struct dyn_ftrace *rec, ++ struct module *mod, ++ unsigned long *addr) + { + unsigned long pc = rec->ip; +- u32 old, new; +- long offset = (long)addr - (long)pc; ++ long offset = (long)*addr - (long)pc; ++ struct plt_entry *plt; + +- if (offset < -SZ_128M || offset >= SZ_128M) { +- struct module *mod; +- struct plt_entry *plt; ++ /* ++ * When the target is within range of the 'BL' instruction, use 'addr' ++ * as-is and branch to that directly. ++ */ ++ if (offset >= -SZ_128M && offset < SZ_128M) ++ return true; + +- if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS)) +- return -EINVAL; ++ /* ++ * When the target is outside of the range of a 'BL' instruction, we ++ * must use a PLT to reach it. We can only place PLTs for modules, and ++ * only when module PLT support is built-in. ++ */ ++ if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS)) ++ return false; + +- /* +- * On kernels that support module PLTs, the offset between the +- * branch instruction and its target may legally exceed the +- * range of an ordinary relative 'bl' opcode. In this case, we +- * need to branch via a trampoline in the module. +- * +- * NOTE: __module_text_address() must be called with preemption +- * disabled, but we can rely on ftrace_lock to ensure that 'mod' +- * retains its validity throughout the remainder of this code. +- */ ++ /* ++ * 'mod' is only set at module load time, but if we end up ++ * dealing with an out-of-range condition, we can assume it ++ * is due to a module being loaded far away from the kernel. ++ * ++ * NOTE: __module_text_address() must be called with preemption ++ * disabled, but we can rely on ftrace_lock to ensure that 'mod' ++ * retains its validity throughout the remainder of this code. ++ */ ++ if (!mod) { + preempt_disable(); + mod = __module_text_address(pc); + preempt_enable(); ++ } + +- if (WARN_ON(!mod)) +- return -EINVAL; ++ if (WARN_ON(!mod)) ++ return false; + +- plt = get_ftrace_plt(mod, addr); +- if (!plt) { +- pr_err("ftrace: no module PLT for %ps\n", (void *)addr); +- return -EINVAL; +- } +- +- addr = (unsigned long)plt; ++ plt = get_ftrace_plt(mod, *addr); ++ if (!plt) { ++ pr_err("ftrace: no module PLT for %ps\n", (void *)*addr); ++ return false; + } + ++ *addr = (unsigned long)plt; ++ return true; ++} ++ ++/* ++ * Turn on the call to ftrace_caller() in instrumented function ++ */ ++int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) ++{ ++ unsigned long pc = rec->ip; ++ u32 old, new; ++ ++ if (!ftrace_find_callable_addr(rec, NULL, &addr)) ++ return -EINVAL; ++ + old = aarch64_insn_gen_nop(); + new = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK); + +@@ -131,6 +160,11 @@ int ftrace_modify_call(struct dyn_ftrace *rec, unsigned long old_addr, + unsigned long pc = rec->ip; + u32 old, new; + ++ if (!ftrace_find_callable_addr(rec, NULL, &old_addr)) ++ return -EINVAL; ++ if (!ftrace_find_callable_addr(rec, NULL, &addr)) ++ return -EINVAL; ++ + old = aarch64_insn_gen_branch_imm(pc, old_addr, + AARCH64_INSN_BRANCH_LINK); + new = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK); +@@ -180,54 +214,15 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec, + unsigned long addr) + { + unsigned long pc = rec->ip; +- bool validate = true; + u32 old = 0, new; +- long offset = (long)addr - (long)pc; + +- if (offset < -SZ_128M || offset >= SZ_128M) { +- u32 replaced; +- +- if (!IS_ENABLED(CONFIG_ARM64_MODULE_PLTS)) +- return -EINVAL; +- +- /* +- * 'mod' is only set at module load time, but if we end up +- * dealing with an out-of-range condition, we can assume it +- * is due to a module being loaded far away from the kernel. +- */ +- if (!mod) { +- preempt_disable(); +- mod = __module_text_address(pc); +- preempt_enable(); +- +- if (WARN_ON(!mod)) +- return -EINVAL; +- } +- +- /* +- * The instruction we are about to patch may be a branch and +- * link instruction that was redirected via a PLT entry. In +- * this case, the normal validation will fail, but we can at +- * least check that we are dealing with a branch and link +- * instruction that points into the right module. +- */ +- if (aarch64_insn_read((void *)pc, &replaced)) +- return -EFAULT; +- +- if (!aarch64_insn_is_bl(replaced) || +- !within_module(pc + aarch64_get_branch_offset(replaced), +- mod)) +- return -EINVAL; +- +- validate = false; +- } else { +- old = aarch64_insn_gen_branch_imm(pc, addr, +- AARCH64_INSN_BRANCH_LINK); +- } ++ if (!ftrace_find_callable_addr(rec, mod, &addr)) ++ return -EINVAL; + ++ old = aarch64_insn_gen_branch_imm(pc, addr, AARCH64_INSN_BRANCH_LINK); + new = aarch64_insn_gen_nop(); + +- return ftrace_modify_code(pc, old, new, validate); ++ return ftrace_modify_code(pc, old, new, true); + } + + void arch_ftrace_update_code(int command) +-- +2.35.1 + diff --git a/queue-5.10/arm64-ftrace-fix-branch-range-checks.patch b/queue-5.10/arm64-ftrace-fix-branch-range-checks.patch new file mode 100644 index 00000000000..15e272c8462 --- /dev/null +++ b/queue-5.10/arm64-ftrace-fix-branch-range-checks.patch @@ -0,0 +1,86 @@ +From dd09e4e793e4fa2de3c58686de751e913dccdfe0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Jun 2022 09:09:42 +0100 +Subject: arm64: ftrace: fix branch range checks + +From: Mark Rutland + +[ Upstream commit 3eefdf9d1e406f3da47470b2854347009ffcb6fa ] + +The branch range checks in ftrace_make_call() and ftrace_make_nop() are +incorrect, erroneously permitting a forwards branch of 128M and +erroneously rejecting a backwards branch of 128M. + +This is because both functions calculate the offset backwards, +calculating the offset *from* the target *to* the branch, rather than +the other way around as the later comparisons expect. + +If an out-of-range branch were erroeously permitted, this would later be +rejected by aarch64_insn_gen_branch_imm() as branch_imm_common() checks +the bounds correctly, resulting in warnings and the placement of a BRK +instruction. Note that this can only happen for a forwards branch of +exactly 128M, and so the caller would need to be exactly 128M bytes +below the relevant ftrace trampoline. + +If an in-range branch were erroeously rejected, then: + +* For modules when CONFIG_ARM64_MODULE_PLTS=y, this would result in the + use of a PLT entry, which is benign. + + Note that this is the common case, as this is selected by + CONFIG_RANDOMIZE_BASE (and therefore RANDOMIZE_MODULE_REGION_FULL), + which distributions typically seelct. This is also selected by + CONFIG_ARM64_ERRATUM_843419. + +* For modules when CONFIG_ARM64_MODULE_PLTS=n, this would result in + internal ftrace failures. + +* For core kernel text, this would result in internal ftrace failues. + + Note that for this to happen, the kernel text would need to be at + least 128M bytes in size, and typical configurations are smaller tha + this. + +Fix this by calculating the offset *from* the branch *to* the target in +both functions. + +Fixes: f8af0b364e24 ("arm64: ftrace: don't validate branch via PLT in ftrace_make_nop()") +Fixes: e71a4e1bebaf ("arm64: ftrace: add support for far branches to dynamic ftrace") +Signed-off-by: Mark Rutland +Cc: Ard Biesheuvel +Cc: Will Deacon +Tested-by: "Ivan T. Ivanov" +Reviewed-by: Chengming Zhou +Reviewed-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220614080944.1349146-2-mark.rutland@arm.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/kernel/ftrace.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/kernel/ftrace.c b/arch/arm64/kernel/ftrace.c +index 86a5cf9bc19a..e21a01b99999 100644 +--- a/arch/arm64/kernel/ftrace.c ++++ b/arch/arm64/kernel/ftrace.c +@@ -83,7 +83,7 @@ int ftrace_make_call(struct dyn_ftrace *rec, unsigned long addr) + { + unsigned long pc = rec->ip; + u32 old, new; +- long offset = (long)pc - (long)addr; ++ long offset = (long)addr - (long)pc; + + if (offset < -SZ_128M || offset >= SZ_128M) { + struct module *mod; +@@ -182,7 +182,7 @@ int ftrace_make_nop(struct module *mod, struct dyn_ftrace *rec, + unsigned long pc = rec->ip; + bool validate = true; + u32 old = 0, new; +- long offset = (long)pc - (long)addr; ++ long offset = (long)addr - (long)pc; + + if (offset < -SZ_128M || offset >= SZ_128M) { + u32 replaced; +-- +2.35.1 + diff --git a/queue-5.10/block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch b/queue-5.10/block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch new file mode 100644 index 00000000000..aa707606a17 --- /dev/null +++ b/queue-5.10/block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch @@ -0,0 +1,61 @@ +From 4848349e6c5b7c7dace25d2aeb9e55351d0834d2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Jun 2022 14:00:04 -0700 +Subject: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() + +From: Bart Van Assche + +[ Upstream commit 14dc7a18abbe4176f5626c13c333670da8e06aa1 ] + +This patch prevents that test nvme/004 triggers the following: + +UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 +index 512 is out of range for type 'long unsigned int [512]' +Call Trace: + show_stack+0x52/0x58 + dump_stack_lvl+0x49/0x5e + dump_stack+0x10/0x12 + ubsan_epilogue+0x9/0x3b + __ubsan_handle_out_of_bounds.cold+0x44/0x49 + blk_mq_alloc_request_hctx+0x304/0x310 + __nvme_submit_sync_cmd+0x70/0x200 [nvme_core] + nvmf_connect_io_queue+0x23e/0x2a0 [nvme_fabrics] + nvme_loop_connect_io_queues+0x8d/0xb0 [nvme_loop] + nvme_loop_create_ctrl+0x58e/0x7d0 [nvme_loop] + nvmf_create_ctrl+0x1d7/0x4d0 [nvme_fabrics] + nvmf_dev_write+0xae/0x111 [nvme_fabrics] + vfs_write+0x144/0x560 + ksys_write+0xb7/0x140 + __x64_sys_write+0x42/0x50 + do_syscall_64+0x35/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Cc: Christoph Hellwig +Cc: Ming Lei +Fixes: 20e4d8139319 ("blk-mq: simplify queue mapping & schedule with each possisble CPU") +Signed-off-by: Bart Van Assche +Reviewed-by: Christoph Hellwig +Reviewed-by: Ming Lei +Link: https://lore.kernel.org/r/20220615210004.1031820-1-bvanassche@acm.org +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/blk-mq.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/block/blk-mq.c b/block/blk-mq.c +index 15a11a217cd0..c5d82b21a1cc 100644 +--- a/block/blk-mq.c ++++ b/block/blk-mq.c +@@ -466,6 +466,8 @@ struct request *blk_mq_alloc_request_hctx(struct request_queue *q, + if (!blk_mq_hw_queue_mapped(data.hctx)) + goto out_queue_exit; + cpu = cpumask_first_and(data.hctx->cpumask, cpu_online_mask); ++ if (cpu >= nr_cpu_ids) ++ goto out_queue_exit; + data.ctx = __blk_mq_get_ctx(q, cpu); + + if (!q->elevator) +-- +2.35.1 + diff --git a/queue-5.10/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch b/queue-5.10/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch new file mode 100644 index 00000000000..fea453ecc5a --- /dev/null +++ b/queue-5.10/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch @@ -0,0 +1,52 @@ +From c0b87982004abfa50d3ae02ff10bbd4833749ac1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 12 Jun 2022 02:22:30 +0900 +Subject: certs/blacklist_hashes.c: fix const confusion in certs blacklist +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Masahiro Yamada + +[ Upstream commit 6a1c3767d82ed8233de1263aa7da81595e176087 ] + +This file fails to compile as follows: + + CC certs/blacklist_hashes.o +certs/blacklist_hashes.c:4:1: error: ignoring attribute ‘section (".init.data")’ because it conflicts with previous ‘section (".init.rodata")’ [-Werror=attributes] + 4 | const char __initdata *const blacklist_hashes[] = { + | ^~~~~ +In file included from certs/blacklist_hashes.c:2: +certs/blacklist.h:5:38: note: previous declaration here + 5 | extern const char __initconst *const blacklist_hashes[]; + | ^~~~~~~~~~~~~~~~ + +Apply the same fix as commit 2be04df5668d ("certs/blacklist_nohashes.c: +fix const confusion in certs blacklist"). + +Fixes: 734114f8782f ("KEYS: Add a system blacklist keyring") +Signed-off-by: Masahiro Yamada +Reviewed-by: Jarkko Sakkinen +Reviewed-by: Mickaël Salaün +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Sasha Levin +--- + certs/blacklist_hashes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/certs/blacklist_hashes.c b/certs/blacklist_hashes.c +index 344892337be0..d5961aa3d338 100644 +--- a/certs/blacklist_hashes.c ++++ b/certs/blacklist_hashes.c +@@ -1,7 +1,7 @@ + // SPDX-License-Identifier: GPL-2.0 + #include "blacklist.h" + +-const char __initdata *const blacklist_hashes[] = { ++const char __initconst *const blacklist_hashes[] = { + #include CONFIG_SYSTEM_BLACKLIST_HASH_LIST + , NULL + }; +-- +2.35.1 + diff --git a/queue-5.10/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch b/queue-5.10/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch new file mode 100644 index 00000000000..3fa2a781bdd --- /dev/null +++ b/queue-5.10/clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch @@ -0,0 +1,52 @@ +From 8e27c3520ff1acc0540542b174647a68331bb752 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 6 Jun 2022 14:02:38 +0900 +Subject: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() + +From: Masahiro Yamada + +[ Upstream commit 245b993d8f6c4e25f19191edfbd8080b645e12b1 ] + +EXPORT_SYMBOL and __init is a bad combination because the .init.text +section is freed up after the initialization. Hence, modules cannot +use symbols annotated __init. The access to a freed symbol may end up +with kernel panic. + +modpost used to detect it, but it has been broken for a decade. + +Recently, I fixed modpost so it started to warn it again, then this +showed up in linux-next builds. + +There are two ways to fix it: + + - Remove __init + - Remove EXPORT_SYMBOL + +I chose the latter for this case because the only in-tree call-site, +arch/x86/kernel/cpu/mshyperv.c is never compiled as modular. +(CONFIG_HYPERVISOR_GUEST is boolean) + +Fixes: dd2cb348613b ("clocksource/drivers: Continue making Hyper-V clocksource ISA agnostic") +Reported-by: Stephen Rothwell +Signed-off-by: Masahiro Yamada +Reviewed-by: Vitaly Kuznetsov +Reviewed-by: Michael Kelley +Link: https://lore.kernel.org/r/20220606050238.4162200-1-masahiroy@kernel.org +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + drivers/clocksource/hyperv_timer.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/clocksource/hyperv_timer.c b/drivers/clocksource/hyperv_timer.c +index ba04cb381cd3..7c617d8dff3f 100644 +--- a/drivers/clocksource/hyperv_timer.c ++++ b/drivers/clocksource/hyperv_timer.c +@@ -472,4 +472,3 @@ void __init hv_init_clocksource(void) + hv_sched_clock_offset = hv_read_reference_counter(); + hv_setup_sched_clock(read_hv_sched_clock_msr); + } +-EXPORT_SYMBOL_GPL(hv_init_clocksource); +-- +2.35.1 + diff --git a/queue-5.10/drivers-hv-vmbus-release-cpu-lock-in-error-case.patch b/queue-5.10/drivers-hv-vmbus-release-cpu-lock-in-error-case.patch new file mode 100644 index 00000000000..93e01c1da91 --- /dev/null +++ b/queue-5.10/drivers-hv-vmbus-release-cpu-lock-in-error-case.patch @@ -0,0 +1,36 @@ +From 9b14a6443b534adb2b1d92b39b17a9bd4b3bc157 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Jun 2022 10:16:36 -0700 +Subject: Drivers: hv: vmbus: Release cpu lock in error case + +From: Saurabh Sengar + +[ Upstream commit 656c5ba50b7172a0ea25dc1b37606bd51d01fe8d ] + +In case of invalid sub channel, release cpu lock before returning. + +Fixes: a949e86c0d780 ("Drivers: hv: vmbus: Resolve race between init_vp_index() and CPU hotplug") +Signed-off-by: Saurabh Sengar +Reviewed-by: Michael Kelley +Link: https://lore.kernel.org/r/1654794996-13244-1-git-send-email-ssengar@linux.microsoft.com +Signed-off-by: Wei Liu +Signed-off-by: Sasha Levin +--- + drivers/hv/channel_mgmt.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/hv/channel_mgmt.c b/drivers/hv/channel_mgmt.c +index 5dbb949b1afd..10188b1a6a08 100644 +--- a/drivers/hv/channel_mgmt.c ++++ b/drivers/hv/channel_mgmt.c +@@ -606,6 +606,7 @@ static void vmbus_process_offer(struct vmbus_channel *newchannel) + */ + if (newchannel->offermsg.offer.sub_channel_index == 0) { + mutex_unlock(&vmbus_connection.channel_mutex); ++ cpus_read_unlock(); + /* + * Don't call free_channel(), because newchannel->kobj + * is not initialized yet. +-- +2.35.1 + diff --git a/queue-5.10/drm-i915-reset-fix-error_state_read-ptr-offset-use.patch b/queue-5.10/drm-i915-reset-fix-error_state_read-ptr-offset-use.patch new file mode 100644 index 00000000000..47d07fffb83 --- /dev/null +++ b/queue-5.10/drm-i915-reset-fix-error_state_read-ptr-offset-use.patch @@ -0,0 +1,144 @@ +From 7075592de823aa7400c132db133e87abed6d7a22 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Mar 2022 16:43:11 -0800 +Subject: drm/i915/reset: Fix error_state_read ptr + offset use + +From: Alan Previn + +[ Upstream commit c9b576d0c7bf55aeae1a736da7974fa202c4394d ] + +Fix our pointer offset usage in error_state_read +when there is no i915_gpu_coredump but buf offset +is non-zero. + +This fixes a kernel page fault can happen when +multiple tests are running concurrently in a loop +and one is producing engine resets and consuming +the i915 error_state dump while the other is +forcing full GT resets. (takes a while to trigger). + +The dmesg call trace: + +[ 5590.803000] BUG: unable to handle page fault for address: + ffffffffa0b0e000 +[ 5590.803009] #PF: supervisor read access in kernel mode +[ 5590.803013] #PF: error_code(0x0000) - not-present page +[ 5590.803016] PGD 5814067 P4D 5814067 PUD 5815063 PMD 109de4067 + PTE 0 +[ 5590.803022] Oops: 0000 [#1] PREEMPT SMP NOPTI +[ 5590.803026] CPU: 5 PID: 13656 Comm: i915_hangman Tainted: G U + 5.17.0-rc5-ups69-guc-err-capt-rev6+ #136 +[ 5590.803033] Hardware name: Intel Corporation Alder Lake Client + Platform/AlderLake-M LP4x RVP, BIOS ADLPFWI1.R00. + 3031.A02.2201171222 01/17/2022 +[ 5590.803039] RIP: 0010:memcpy_erms+0x6/0x10 +[ 5590.803045] Code: fe ff ff cc eb 1e 0f 1f 00 48 89 f8 48 89 d1 + 48 c1 e9 03 83 e2 07 f3 48 a5 89 d1 f3 a4 c3 + 66 0f 1f 44 00 00 48 89 f8 48 89 d1 a4 + c3 0f 1f 80 00 00 00 00 48 89 f8 48 83 fa 20 + 72 7e 40 38 fe +[ 5590.803054] RSP: 0018:ffffc90003a8fdf0 EFLAGS: 00010282 +[ 5590.803057] RAX: ffff888107ee9000 RBX: ffff888108cb1a00 + RCX: 0000000000000f8f +[ 5590.803061] RDX: 0000000000001000 RSI: ffffffffa0b0e000 + RDI: ffff888107ee9071 +[ 5590.803065] RBP: 0000000000000000 R08: 0000000000000001 + R09: 0000000000000001 +[ 5590.803069] R10: 0000000000000001 R11: 0000000000000002 + R12: 0000000000000019 +[ 5590.803073] R13: 0000000000174fff R14: 0000000000001000 + R15: ffff888107ee9000 +[ 5590.803077] FS: 00007f62a99bee80(0000) GS:ffff88849f880000(0000) + knlGS:0000000000000000 +[ 5590.803082] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 5590.803085] CR2: ffffffffa0b0e000 CR3: 000000010a1a8004 + CR4: 0000000000770ee0 +[ 5590.803089] PKRU: 55555554 +[ 5590.803091] Call Trace: +[ 5590.803093] +[ 5590.803096] error_state_read+0xa1/0xd0 [i915] +[ 5590.803175] kernfs_fop_read_iter+0xb2/0x1b0 +[ 5590.803180] new_sync_read+0x116/0x1a0 +[ 5590.803185] vfs_read+0x114/0x1b0 +[ 5590.803189] ksys_read+0x63/0xe0 +[ 5590.803193] do_syscall_64+0x38/0xc0 +[ 5590.803197] entry_SYSCALL_64_after_hwframe+0x44/0xae +[ 5590.803201] RIP: 0033:0x7f62aaea5912 +[ 5590.803204] Code: c0 e9 b2 fe ff ff 50 48 8d 3d 5a b9 0c 00 e8 05 + 19 02 00 0f 1f 44 00 00 f3 0f 1e fa 64 8b 04 25 + 18 00 00 00 85 c0 75 10 0f 05 <48> 3d 00 f0 ff + ff 77 56 c3 0f 1f 44 00 00 48 83 ec 28 48 89 54 24 +[ 5590.803213] RSP: 002b:00007fff5b659ae8 EFLAGS: 00000246 + ORIG_RAX: 0000000000000000 +[ 5590.803218] RAX: ffffffffffffffda RBX: 0000000000100000 + RCX: 00007f62aaea5912 +[ 5590.803221] RDX: 000000000008b000 RSI: 00007f62a8c4000f + RDI: 0000000000000006 +[ 5590.803225] RBP: 00007f62a8bcb00f R08: 0000000000200010 + R09: 0000000000101000 +[ 5590.803229] R10: 0000000000000001 R11: 0000000000000246 + R12: 0000000000000006 +[ 5590.803233] R13: 0000000000075000 R14: 00007f62a8acb010 + R15: 0000000000200000 +[ 5590.803238] +[ 5590.803240] Modules linked in: i915 ttm drm_buddy drm_dp_helper + drm_kms_helper syscopyarea sysfillrect sysimgblt + fb_sys_fops prime_numbers nfnetlink br_netfilter + overlay mei_pxp mei_hdcp x86_pkg_temp_thermal + coretemp kvm_intel snd_hda_codec_hdmi snd_hda_intel + snd_intel_dspcfg snd_hda_codec snd_hwdep + snd_hda_core snd_pcm mei_me mei fuse ip_tables + x_tables crct10dif_pclmul e1000e crc32_pclmul ptp + i2c_i801 ghash_clmulni_intel i2c_smbus pps_core + [last unloa ded: ttm] +[ 5590.803277] CR2: ffffffffa0b0e000 +[ 5590.803280] ---[ end trace 0000000000000000 ]--- + +Fixes: 0e39037b3165 ("drm/i915: Cache the error string") +Signed-off-by: Alan Previn +Reviewed-by: John Harrison +Signed-off-by: John Harrison +Link: https://patchwork.freedesktop.org/patch/msgid/20220311004311.514198-2-alan.previn.teres.alexis@intel.com +(cherry picked from commit 3304033a1e69cd81a2044b4422f0d7e593afb4e6) +Signed-off-by: Jani Nikula +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/i915/i915_sysfs.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/i915/i915_sysfs.c b/drivers/gpu/drm/i915/i915_sysfs.c +index 45d32ef42787..ac40a95374d3 100644 +--- a/drivers/gpu/drm/i915/i915_sysfs.c ++++ b/drivers/gpu/drm/i915/i915_sysfs.c +@@ -500,7 +500,14 @@ static ssize_t error_state_read(struct file *filp, struct kobject *kobj, + struct device *kdev = kobj_to_dev(kobj); + struct drm_i915_private *i915 = kdev_minor_to_i915(kdev); + struct i915_gpu_coredump *gpu; +- ssize_t ret; ++ ssize_t ret = 0; ++ ++ /* ++ * FIXME: Concurrent clients triggering resets and reading + clearing ++ * dumps can cause inconsistent sysfs reads when a user calls in with a ++ * non-zero offset to complete a prior partial read but the ++ * gpu_coredump has been cleared or replaced. ++ */ + + gpu = i915_first_error_state(i915); + if (IS_ERR(gpu)) { +@@ -512,8 +519,10 @@ static ssize_t error_state_read(struct file *filp, struct kobject *kobj, + const char *str = "No error state collected\n"; + size_t len = strlen(str); + +- ret = min_t(size_t, count, len - off); +- memcpy(buf, str + off, ret); ++ if (off < len) { ++ ret = min_t(size_t, count, len - off); ++ memcpy(buf, str + off, ret); ++ } + } + + return ret; +-- +2.35.1 + diff --git a/queue-5.10/i40e-fix-adding-adq-filter-to-tc0.patch b/queue-5.10/i40e-fix-adding-adq-filter-to-tc0.patch new file mode 100644 index 00000000000..a3d41172c1e --- /dev/null +++ b/queue-5.10/i40e-fix-adding-adq-filter-to-tc0.patch @@ -0,0 +1,45 @@ +From 5c2b204cb3da5bd23b33b00e39ed6ba4753b14fd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Apr 2022 14:27:08 +0200 +Subject: i40e: Fix adding ADQ filter to TC0 + +From: Grzegorz Szczurek + +[ Upstream commit c3238d36c3a2be0a29a9d848d6c51e1b14be6692 ] + +Procedure of configure tc flower filters erroneously allows to create +filters on TC0 where unfiltered packets are also directed by default. +Issue was caused by insufficient checks of hw_tc parameter specifying +the hardware traffic class to pass matching packets to. + +Fix checking hw_tc parameter which blocks creation of filters on TC0. + +Fixes: 2f4b411a3d67 ("i40e: Enable cloud filters via tc-flower") +Signed-off-by: Grzegorz Szczurek +Signed-off-by: Jedrzej Jagielski +Tested-by: Bharathi Sreenivas +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c +index 4a18a7c7dd4c..614f3e995100 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -8163,6 +8163,11 @@ static int i40e_configure_clsflower(struct i40e_vsi *vsi, + return -EOPNOTSUPP; + } + ++ if (!tc) { ++ dev_err(&pf->pdev->dev, "Unable to add filter because of invalid destination"); ++ return -EINVAL; ++ } ++ + if (test_bit(__I40E_RESET_RECOVERY_PENDING, pf->state) || + test_bit(__I40E_RESET_INTR_RECEIVED, pf->state)) + return -EBUSY; +-- +2.35.1 + diff --git a/queue-5.10/i40e-fix-calculating-the-number-of-queue-pairs.patch b/queue-5.10/i40e-fix-calculating-the-number-of-queue-pairs.patch new file mode 100644 index 00000000000..b35ca6b42a4 --- /dev/null +++ b/queue-5.10/i40e-fix-calculating-the-number-of-queue-pairs.patch @@ -0,0 +1,41 @@ +From 100687170209a80bef9f60414d6e309987b0ce83 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Apr 2022 14:40:23 +0200 +Subject: i40e: Fix calculating the number of queue pairs + +From: Grzegorz Szczurek + +[ Upstream commit 0bb050670ac90a167ecfa3f9590f92966c9a3677 ] + +If ADQ is enabled for a VF, then actual number of queue pair +is a number of currently available traffic classes for this VF. + +Without this change the configuration of the Rx/Tx queues +fails with error. + +Fixes: d29e0d233e0d ("i40e: missing input validation on VF message handling by the PF") +Signed-off-by: Grzegorz Szczurek +Signed-off-by: Jedrzej Jagielski +Tested-by: Bharathi Sreenivas +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +index 9181e007e039..1947c5a77550 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c +@@ -2228,7 +2228,7 @@ static int i40e_vc_config_queues_msg(struct i40e_vf *vf, u8 *msg) + } + + if (vf->adq_enabled) { +- for (i = 0; i < I40E_MAX_VF_VSI; i++) ++ for (i = 0; i < vf->num_tc; i++) + num_qps_all += vf->ch[i].num_qps; + if (num_qps_all != qci->num_queue_pairs) { + aq_ret = I40E_ERR_PARAM; +-- +2.35.1 + diff --git a/queue-5.10/i40e-fix-call-trace-in-setup_tx_descriptors.patch b/queue-5.10/i40e-fix-call-trace-in-setup_tx_descriptors.patch new file mode 100644 index 00000000000..b085da37a5e --- /dev/null +++ b/queue-5.10/i40e-fix-call-trace-in-setup_tx_descriptors.patch @@ -0,0 +1,83 @@ +From 7bee2fc14f9461a75d521f3cf41315eee4ca5da0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 May 2022 16:01:45 +0200 +Subject: i40e: Fix call trace in setup_tx_descriptors + +From: Aleksandr Loktionov + +[ Upstream commit fd5855e6b1358e816710afee68a1d2bc685176ca ] + +After PF reset and ethtool -t there was call trace in dmesg +sometimes leading to panic. When there was some time, around 5 +seconds, between reset and test there were no errors. + +Problem was that pf reset calls i40e_vsi_close in prep_for_reset +and ethtool -t calls i40e_vsi_close in diag_test. If there was not +enough time between those commands the second i40e_vsi_close starts +before previous i40e_vsi_close was done which leads to crash. + +Add check to diag_test if pf is in reset and don't start offline +tests if it is true. +Add netif_info("testing failed") into unhappy path of i40e_diag_test() + +Fixes: e17bc411aea8 ("i40e: Disable offline diagnostics if VFs are enabled") +Fixes: 510efb2682b3 ("i40e: Fix ethtool offline diagnostic with netqueues") +Signed-off-by: Michal Jaron +Signed-off-by: Aleksandr Loktionov +Tested-by: Gurucharan (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Sasha Levin +--- + .../net/ethernet/intel/i40e/i40e_ethtool.c | 25 +++++++++++++------ + 1 file changed, 17 insertions(+), 8 deletions(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c +index a2bdb2906519..63054061966e 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c +@@ -2582,15 +2582,16 @@ static void i40e_diag_test(struct net_device *netdev, + + set_bit(__I40E_TESTING, pf->state); + ++ if (test_bit(__I40E_RESET_RECOVERY_PENDING, pf->state) || ++ test_bit(__I40E_RESET_INTR_RECEIVED, pf->state)) { ++ dev_warn(&pf->pdev->dev, ++ "Cannot start offline testing when PF is in reset state.\n"); ++ goto skip_ol_tests; ++ } ++ + if (i40e_active_vfs(pf) || i40e_active_vmdqs(pf)) { + dev_warn(&pf->pdev->dev, + "Please take active VFs and Netqueues offline and restart the adapter before running NIC diagnostics\n"); +- data[I40E_ETH_TEST_REG] = 1; +- data[I40E_ETH_TEST_EEPROM] = 1; +- data[I40E_ETH_TEST_INTR] = 1; +- data[I40E_ETH_TEST_LINK] = 1; +- eth_test->flags |= ETH_TEST_FL_FAILED; +- clear_bit(__I40E_TESTING, pf->state); + goto skip_ol_tests; + } + +@@ -2637,9 +2638,17 @@ static void i40e_diag_test(struct net_device *netdev, + data[I40E_ETH_TEST_INTR] = 0; + } + +-skip_ol_tests: +- + netif_info(pf, drv, netdev, "testing finished\n"); ++ return; ++ ++skip_ol_tests: ++ data[I40E_ETH_TEST_REG] = 1; ++ data[I40E_ETH_TEST_EEPROM] = 1; ++ data[I40E_ETH_TEST_INTR] = 1; ++ data[I40E_ETH_TEST_LINK] = 1; ++ eth_test->flags |= ETH_TEST_FL_FAILED; ++ clear_bit(__I40E_TESTING, pf->state); ++ netif_info(pf, drv, netdev, "testing failed\n"); + } + + static void i40e_get_wol(struct net_device *netdev, +-- +2.35.1 + diff --git a/queue-5.10/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch b/queue-5.10/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch new file mode 100644 index 00000000000..657b76dfbd8 --- /dev/null +++ b/queue-5.10/misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch @@ -0,0 +1,47 @@ +From 6331791e875a3442acd901f42ca8c0924a0b136d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 16:30:26 +0400 +Subject: misc: atmel-ssc: Fix IRQ check in ssc_probe + +From: Miaoqian Lin + +[ Upstream commit 1c245358ce0b13669f6d1625f7a4e05c41f28980 ] + +platform_get_irq() returns negative error number instead 0 on failure. +And the doc of platform_get_irq() provides a usage example: + + int irq = platform_get_irq(pdev, 0); + if (irq < 0) + return irq; + +Fix the check of return value to catch errors correctly. + +Fixes: eb1f2930609b ("Driver for the Atmel on-chip SSC on AT32AP and AT91") +Reviewed-by: Claudiu Beznea +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220601123026.7119-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/misc/atmel-ssc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/misc/atmel-ssc.c b/drivers/misc/atmel-ssc.c +index d6cd5537126c..69f9b0336410 100644 +--- a/drivers/misc/atmel-ssc.c ++++ b/drivers/misc/atmel-ssc.c +@@ -232,9 +232,9 @@ static int ssc_probe(struct platform_device *pdev) + clk_disable_unprepare(ssc->clk); + + ssc->irq = platform_get_irq(pdev, 0); +- if (!ssc->irq) { ++ if (ssc->irq < 0) { + dev_dbg(&pdev->dev, "could not get irq\n"); +- return -ENXIO; ++ return ssc->irq; + } + + mutex_lock(&user_lock); +-- +2.35.1 + diff --git a/queue-5.10/mlxsw-spectrum_cnt-reorder-counter-pools.patch b/queue-5.10/mlxsw-spectrum_cnt-reorder-counter-pools.patch new file mode 100644 index 00000000000..5d5a761a137 --- /dev/null +++ b/queue-5.10/mlxsw-spectrum_cnt-reorder-counter-pools.patch @@ -0,0 +1,51 @@ +From 8d4e3f9507cb2dc2857a6aee362632ad6ae631c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jun 2022 15:50:17 +0300 +Subject: mlxsw: spectrum_cnt: Reorder counter pools + +From: Petr Machata + +[ Upstream commit 4b7a632ac4e7101ceefee8484d5c2ca505d347b3 ] + +Both RIF and ACL flow counters use a 24-bit SW-managed counter address to +communicate which counter they want to bind. + +In a number of Spectrum FW releases, binding a RIF counter is broken and +slices the counter index to 16 bits. As a result, on Spectrum-2 and above, +no more than about 410 RIF counters can be effectively used. This +translates to 205 netdevices for which L3 HW stats can be enabled. (This +does not happen on Spectrum-1, because there are fewer counters available +overall and the counter index never exceeds 16 bits.) + +Binding counters to ACLs does not have this issue. Therefore reorder the +counter allocation scheme so that RIF counters come first and therefore get +lower indices that are below the 16-bit barrier. + +Fixes: 98e60dce4da1 ("Merge branch 'mlxsw-Introduce-initial-Spectrum-2-support'") +Reported-by: Maksym Yaremchuk +Signed-off-by: Petr Machata +Signed-off-by: Ido Schimmel +Link: https://lore.kernel.org/r/20220613125017.2018162-1-idosch@nvidia.com +Signed-off-by: Paolo Abeni +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mellanox/mlxsw/spectrum_cnt.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_cnt.h b/drivers/net/ethernet/mellanox/mlxsw/spectrum_cnt.h +index a68d931090dd..15c8d4de8350 100644 +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_cnt.h ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_cnt.h +@@ -8,8 +8,8 @@ + #include "spectrum.h" + + enum mlxsw_sp_counter_sub_pool_id { +- MLXSW_SP_COUNTER_SUB_POOL_FLOW, + MLXSW_SP_COUNTER_SUB_POOL_RIF, ++ MLXSW_SP_COUNTER_SUB_POOL_FLOW, + }; + + int mlxsw_sp_counter_alloc(struct mlxsw_sp *mlxsw_sp, +-- +2.35.1 + diff --git a/queue-5.10/net-ax25-fix-deadlock-caused-by-skb_recv_datagram-in.patch b/queue-5.10/net-ax25-fix-deadlock-caused-by-skb_recv_datagram-in.patch new file mode 100644 index 00000000000..c2367860dcd --- /dev/null +++ b/queue-5.10/net-ax25-fix-deadlock-caused-by-skb_recv_datagram-in.patch @@ -0,0 +1,125 @@ +From 257a43b4a72d3a1cf5b4d0b25b7f9cbe2d1267f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 14 Jun 2022 17:25:57 +0800 +Subject: net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg + +From: Duoming Zhou + +[ Upstream commit 219b51a6f040fa5367adadd7d58c4dda0896a01d ] + +The skb_recv_datagram() in ax25_recvmsg() will hold lock_sock +and block until it receives a packet from the remote. If the client +doesn`t connect to server and calls read() directly, it will not +receive any packets forever. As a result, the deadlock will happen. + +The fail log caused by deadlock is shown below: + +[ 369.606973] INFO: task ax25_deadlock:157 blocked for more than 245 seconds. +[ 369.608919] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +[ 369.613058] Call Trace: +[ 369.613315] +[ 369.614072] __schedule+0x2f9/0xb20 +[ 369.615029] schedule+0x49/0xb0 +[ 369.615734] __lock_sock+0x92/0x100 +[ 369.616763] ? destroy_sched_domains_rcu+0x20/0x20 +[ 369.617941] lock_sock_nested+0x6e/0x70 +[ 369.618809] ax25_bind+0xaa/0x210 +[ 369.619736] __sys_bind+0xca/0xf0 +[ 369.620039] ? do_futex+0xae/0x1b0 +[ 369.620387] ? __x64_sys_futex+0x7c/0x1c0 +[ 369.620601] ? fpregs_assert_state_consistent+0x19/0x40 +[ 369.620613] __x64_sys_bind+0x11/0x20 +[ 369.621791] do_syscall_64+0x3b/0x90 +[ 369.622423] entry_SYSCALL_64_after_hwframe+0x46/0xb0 +[ 369.623319] RIP: 0033:0x7f43c8aa8af7 +[ 369.624301] RSP: 002b:00007f43c8197ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 +[ 369.625756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f43c8aa8af7 +[ 369.626724] RDX: 0000000000000010 RSI: 000055768e2021d0 RDI: 0000000000000005 +[ 369.628569] RBP: 00007f43c8197f00 R08: 0000000000000011 R09: 00007f43c8198700 +[ 369.630208] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff845e6afe +[ 369.632240] R13: 00007fff845e6aff R14: 00007f43c8197fc0 R15: 00007f43c8198700 + +This patch replaces skb_recv_datagram() with an open-coded variant of it +releasing the socket lock before the __skb_wait_for_more_packets() call +and re-acquiring it after such call in order that other functions that +need socket lock could be executed. + +what's more, the socket lock will be released only when recvmsg() will +block and that should produce nicer overall behavior. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Suggested-by: Thomas Osterried +Signed-off-by: Duoming Zhou +Reported-by: Thomas Habets +Acked-by: Paolo Abeni +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ax25/af_ax25.c | 34 ++++++++++++++++++++++++++++------ + 1 file changed, 28 insertions(+), 6 deletions(-) + +diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c +index 5fff027f25fa..a1f4cb836fcf 100644 +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1653,9 +1653,12 @@ static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, + int flags) + { + struct sock *sk = sock->sk; +- struct sk_buff *skb; ++ struct sk_buff *skb, *last; ++ struct sk_buff_head *sk_queue; + int copied; + int err = 0; ++ int off = 0; ++ long timeo; + + lock_sock(sk); + /* +@@ -1667,11 +1670,29 @@ static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, + goto out; + } + +- /* Now we can treat all alike */ +- skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, +- flags & MSG_DONTWAIT, &err); +- if (skb == NULL) +- goto out; ++ /* We need support for non-blocking reads. */ ++ sk_queue = &sk->sk_receive_queue; ++ skb = __skb_try_recv_datagram(sk, sk_queue, flags, &off, &err, &last); ++ /* If no packet is available, release_sock(sk) and try again. */ ++ if (!skb) { ++ if (err != -EAGAIN) ++ goto out; ++ release_sock(sk); ++ timeo = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); ++ while (timeo && !__skb_wait_for_more_packets(sk, sk_queue, &err, ++ &timeo, last)) { ++ skb = __skb_try_recv_datagram(sk, sk_queue, flags, &off, ++ &err, &last); ++ if (skb) ++ break; ++ ++ if (err != -EAGAIN) ++ goto done; ++ } ++ if (!skb) ++ goto done; ++ lock_sock(sk); ++ } + + if (!sk_to_ax25(sk)->pidincl) + skb_pull(skb, 1); /* Remove PID */ +@@ -1718,6 +1739,7 @@ static int ax25_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, + out: + release_sock(sk); + ++done: + return err; + } + +-- +2.35.1 + diff --git a/queue-5.10/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch b/queue-5.10/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch new file mode 100644 index 00000000000..59055f67f9c --- /dev/null +++ b/queue-5.10/net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch @@ -0,0 +1,39 @@ +From 90e096f076d49e2b5eb859251cee0e9d222ec742 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 13 Jun 2022 22:53:50 +0200 +Subject: net: bgmac: Fix an erroneous kfree() in bgmac_remove() + +From: Christophe JAILLET + +[ Upstream commit d7dd6eccfbc95ac47a12396f84e7e1b361db654b ] + +'bgmac' is part of a managed resource allocated with bgmac_alloc(). It +should not be freed explicitly. + +Remove the erroneous kfree() from the .remove() function. + +Fixes: 34a5102c3235 ("net: bgmac: allocate struct bgmac just once & don't copy it") +Signed-off-by: Christophe JAILLET +Reviewed-by: Florian Fainelli +Link: https://lore.kernel.org/r/a026153108dd21239036a032b95c25b5cece253b.1655153616.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/broadcom/bgmac-bcma.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/drivers/net/ethernet/broadcom/bgmac-bcma.c b/drivers/net/ethernet/broadcom/bgmac-bcma.c +index a5fd161ab5ee..26746197515f 100644 +--- a/drivers/net/ethernet/broadcom/bgmac-bcma.c ++++ b/drivers/net/ethernet/broadcom/bgmac-bcma.c +@@ -323,7 +323,6 @@ static void bgmac_remove(struct bcma_device *core) + bcma_mdio_mii_unregister(bgmac->mii_bus); + bgmac_enet_remove(bgmac); + bcma_set_drvdata(core, NULL); +- kfree(bgmac); + } + + static struct bcma_driver bgmac_bcma_driver = { +-- +2.35.1 + diff --git a/queue-5.10/nvme-add-device-name-to-warning-in-uuid_show.patch b/queue-5.10/nvme-add-device-name-to-warning-in-uuid_show.patch new file mode 100644 index 00000000000..c53bd3df842 --- /dev/null +++ b/queue-5.10/nvme-add-device-name-to-warning-in-uuid_show.patch @@ -0,0 +1,48 @@ +From adcb14dee5a2a01ffa2ac2f5a6d3fb403eecee95 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jun 2022 17:55:55 +0200 +Subject: nvme: add device name to warning in uuid_show() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Thomas Weißschuh + +[ Upstream commit 1fc766b5c08417248e0008bca14c3572ac0f1c26 ] + +This provides more context to users. + +Old message: + +[ 00.000000] No UUID available providing old NGUID + +New message: + +[ 00.000000] block nvme0n1: No UUID available providing old NGUID + +Fixes: d934f9848a77 ("nvme: provide UUID value to userspace") +Signed-off-by: Thomas Weißschuh +Signed-off-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + drivers/nvme/host/core.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c +index c8c8c567a000..0aa68da51ed7 100644 +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -3372,8 +3372,8 @@ static ssize_t uuid_show(struct device *dev, struct device_attribute *attr, + * we have no UUID set + */ + if (uuid_is_null(&ids->uuid)) { +- printk_ratelimited(KERN_WARNING +- "No UUID available providing old NGUID\n"); ++ dev_warn_ratelimited(dev, ++ "No UUID available providing old NGUID\n"); + return sysfs_emit(buf, "%pU\n", ids->nguid); + } + return sysfs_emit(buf, "%pU\n", &ids->uuid); +-- +2.35.1 + diff --git a/queue-5.10/nvme-use-sysfs_emit-instead-of-sprintf.patch b/queue-5.10/nvme-use-sysfs_emit-instead-of-sprintf.patch new file mode 100644 index 00000000000..febadefab62 --- /dev/null +++ b/queue-5.10/nvme-use-sysfs_emit-instead-of-sprintf.patch @@ -0,0 +1,190 @@ +From 98121baebf8568a7f3da4cd51f3dba1f1ef287ff Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 11:54:10 +0200 +Subject: nvme: use sysfs_emit instead of sprintf + +From: Daniel Wagner + +[ Upstream commit bff4bcf3cfc1595e0ef2aeb774b2403c88de1486 ] + +sysfs_emit is the recommended API to use for formatting strings to be +returned to user space. It is equivalent to scnprintf and aware of the +PAGE_SIZE buffer size. + +Suggested-by: Chaitanya Kulkarni +Signed-off-by: Daniel Wagner +Signed-off-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + drivers/nvme/host/core.c | 40 +++++++++++++++++------------------ + drivers/nvme/host/multipath.c | 8 +++---- + 2 files changed, 24 insertions(+), 24 deletions(-) + +diff --git a/drivers/nvme/host/core.c b/drivers/nvme/host/core.c +index d301f0280ff6..c8c8c567a000 100644 +--- a/drivers/nvme/host/core.c ++++ b/drivers/nvme/host/core.c +@@ -2813,8 +2813,8 @@ static ssize_t subsys_##field##_show(struct device *dev, \ + { \ + struct nvme_subsystem *subsys = \ + container_of(dev, struct nvme_subsystem, dev); \ +- return sprintf(buf, "%.*s\n", \ +- (int)sizeof(subsys->field), subsys->field); \ ++ return sysfs_emit(buf, "%.*s\n", \ ++ (int)sizeof(subsys->field), subsys->field); \ + } \ + static SUBSYS_ATTR_RO(field, S_IRUGO, subsys_##field##_show); + +@@ -3335,13 +3335,13 @@ static ssize_t wwid_show(struct device *dev, struct device_attribute *attr, + int model_len = sizeof(subsys->model); + + if (!uuid_is_null(&ids->uuid)) +- return sprintf(buf, "uuid.%pU\n", &ids->uuid); ++ return sysfs_emit(buf, "uuid.%pU\n", &ids->uuid); + + if (memchr_inv(ids->nguid, 0, sizeof(ids->nguid))) +- return sprintf(buf, "eui.%16phN\n", ids->nguid); ++ return sysfs_emit(buf, "eui.%16phN\n", ids->nguid); + + if (memchr_inv(ids->eui64, 0, sizeof(ids->eui64))) +- return sprintf(buf, "eui.%8phN\n", ids->eui64); ++ return sysfs_emit(buf, "eui.%8phN\n", ids->eui64); + + while (serial_len > 0 && (subsys->serial[serial_len - 1] == ' ' || + subsys->serial[serial_len - 1] == '\0')) +@@ -3350,7 +3350,7 @@ static ssize_t wwid_show(struct device *dev, struct device_attribute *attr, + subsys->model[model_len - 1] == '\0')) + model_len--; + +- return sprintf(buf, "nvme.%04x-%*phN-%*phN-%08x\n", subsys->vendor_id, ++ return sysfs_emit(buf, "nvme.%04x-%*phN-%*phN-%08x\n", subsys->vendor_id, + serial_len, subsys->serial, model_len, subsys->model, + head->ns_id); + } +@@ -3359,7 +3359,7 @@ static DEVICE_ATTR_RO(wwid); + static ssize_t nguid_show(struct device *dev, struct device_attribute *attr, + char *buf) + { +- return sprintf(buf, "%pU\n", dev_to_ns_head(dev)->ids.nguid); ++ return sysfs_emit(buf, "%pU\n", dev_to_ns_head(dev)->ids.nguid); + } + static DEVICE_ATTR_RO(nguid); + +@@ -3374,23 +3374,23 @@ static ssize_t uuid_show(struct device *dev, struct device_attribute *attr, + if (uuid_is_null(&ids->uuid)) { + printk_ratelimited(KERN_WARNING + "No UUID available providing old NGUID\n"); +- return sprintf(buf, "%pU\n", ids->nguid); ++ return sysfs_emit(buf, "%pU\n", ids->nguid); + } +- return sprintf(buf, "%pU\n", &ids->uuid); ++ return sysfs_emit(buf, "%pU\n", &ids->uuid); + } + static DEVICE_ATTR_RO(uuid); + + static ssize_t eui_show(struct device *dev, struct device_attribute *attr, + char *buf) + { +- return sprintf(buf, "%8ph\n", dev_to_ns_head(dev)->ids.eui64); ++ return sysfs_emit(buf, "%8ph\n", dev_to_ns_head(dev)->ids.eui64); + } + static DEVICE_ATTR_RO(eui); + + static ssize_t nsid_show(struct device *dev, struct device_attribute *attr, + char *buf) + { +- return sprintf(buf, "%d\n", dev_to_ns_head(dev)->ns_id); ++ return sysfs_emit(buf, "%d\n", dev_to_ns_head(dev)->ns_id); + } + static DEVICE_ATTR_RO(nsid); + +@@ -3455,7 +3455,7 @@ static ssize_t field##_show(struct device *dev, \ + struct device_attribute *attr, char *buf) \ + { \ + struct nvme_ctrl *ctrl = dev_get_drvdata(dev); \ +- return sprintf(buf, "%.*s\n", \ ++ return sysfs_emit(buf, "%.*s\n", \ + (int)sizeof(ctrl->subsys->field), ctrl->subsys->field); \ + } \ + static DEVICE_ATTR(field, S_IRUGO, field##_show, NULL); +@@ -3469,7 +3469,7 @@ static ssize_t field##_show(struct device *dev, \ + struct device_attribute *attr, char *buf) \ + { \ + struct nvme_ctrl *ctrl = dev_get_drvdata(dev); \ +- return sprintf(buf, "%d\n", ctrl->field); \ ++ return sysfs_emit(buf, "%d\n", ctrl->field); \ + } \ + static DEVICE_ATTR(field, S_IRUGO, field##_show, NULL); + +@@ -3517,9 +3517,9 @@ static ssize_t nvme_sysfs_show_state(struct device *dev, + + if ((unsigned)ctrl->state < ARRAY_SIZE(state_name) && + state_name[ctrl->state]) +- return sprintf(buf, "%s\n", state_name[ctrl->state]); ++ return sysfs_emit(buf, "%s\n", state_name[ctrl->state]); + +- return sprintf(buf, "unknown state\n"); ++ return sysfs_emit(buf, "unknown state\n"); + } + + static DEVICE_ATTR(state, S_IRUGO, nvme_sysfs_show_state, NULL); +@@ -3571,9 +3571,9 @@ static ssize_t nvme_ctrl_loss_tmo_show(struct device *dev, + struct nvmf_ctrl_options *opts = ctrl->opts; + + if (ctrl->opts->max_reconnects == -1) +- return sprintf(buf, "off\n"); +- return sprintf(buf, "%d\n", +- opts->max_reconnects * opts->reconnect_delay); ++ return sysfs_emit(buf, "off\n"); ++ return sysfs_emit(buf, "%d\n", ++ opts->max_reconnects * opts->reconnect_delay); + } + + static ssize_t nvme_ctrl_loss_tmo_store(struct device *dev, +@@ -3603,8 +3603,8 @@ static ssize_t nvme_ctrl_reconnect_delay_show(struct device *dev, + struct nvme_ctrl *ctrl = dev_get_drvdata(dev); + + if (ctrl->opts->reconnect_delay == -1) +- return sprintf(buf, "off\n"); +- return sprintf(buf, "%d\n", ctrl->opts->reconnect_delay); ++ return sysfs_emit(buf, "off\n"); ++ return sysfs_emit(buf, "%d\n", ctrl->opts->reconnect_delay); + } + + static ssize_t nvme_ctrl_reconnect_delay_store(struct device *dev, +diff --git a/drivers/nvme/host/multipath.c b/drivers/nvme/host/multipath.c +index a9e15c8f907b..379d6818a063 100644 +--- a/drivers/nvme/host/multipath.c ++++ b/drivers/nvme/host/multipath.c +@@ -624,8 +624,8 @@ static ssize_t nvme_subsys_iopolicy_show(struct device *dev, + struct nvme_subsystem *subsys = + container_of(dev, struct nvme_subsystem, dev); + +- return sprintf(buf, "%s\n", +- nvme_iopolicy_names[READ_ONCE(subsys->iopolicy)]); ++ return sysfs_emit(buf, "%s\n", ++ nvme_iopolicy_names[READ_ONCE(subsys->iopolicy)]); + } + + static ssize_t nvme_subsys_iopolicy_store(struct device *dev, +@@ -650,7 +650,7 @@ SUBSYS_ATTR_RW(iopolicy, S_IRUGO | S_IWUSR, + static ssize_t ana_grpid_show(struct device *dev, struct device_attribute *attr, + char *buf) + { +- return sprintf(buf, "%d\n", nvme_get_ns_from_dev(dev)->ana_grpid); ++ return sysfs_emit(buf, "%d\n", nvme_get_ns_from_dev(dev)->ana_grpid); + } + DEVICE_ATTR_RO(ana_grpid); + +@@ -659,7 +659,7 @@ static ssize_t ana_state_show(struct device *dev, struct device_attribute *attr, + { + struct nvme_ns *ns = nvme_get_ns_from_dev(dev); + +- return sprintf(buf, "%s\n", nvme_ana_state_names[ns->ana_state]); ++ return sysfs_emit(buf, "%s\n", nvme_ana_state_names[ns->ana_state]); + } + DEVICE_ATTR_RO(ana_state); + +-- +2.35.1 + diff --git a/queue-5.10/pnfs-avoid-a-live-lock-condition-in-pnfs_update_layo.patch b/queue-5.10/pnfs-avoid-a-live-lock-condition-in-pnfs_update_layo.patch new file mode 100644 index 00000000000..fd532b5ee67 --- /dev/null +++ b/queue-5.10/pnfs-avoid-a-live-lock-condition-in-pnfs_update_layo.patch @@ -0,0 +1,106 @@ +From d4538700dc14f31d9c95c62cddf76bc2ee67a4d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 31 May 2022 11:03:07 -0400 +Subject: pNFS: Avoid a live lock condition in pnfs_update_layout() + +From: Trond Myklebust + +[ Upstream commit 880265c77ac415090090d1fe72a188fee71cb458 ] + +If we're about to send the first layoutget for an empty layout, we want +to make sure that we drain out the existing pending layoutget calls +first. The reason is that these layouts may have been already implicitly +returned to the server by a recall to which the client gave a +NFS4ERR_NOMATCHING_LAYOUT response. + +The problem is that wait_var_event_killable() could in principle see the +plh_outstanding count go back to '1' when the first process to wake up +starts sending a new layoutget. If it fails to get a layout, then this +loop can continue ad infinitum... + +Fixes: 0b77f97a7e42 ("NFSv4/pnfs: Fix layoutget behaviour after invalidation") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/callback_proc.c | 1 + + fs/nfs/pnfs.c | 15 +++++++++------ + fs/nfs/pnfs.h | 1 + + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/fs/nfs/callback_proc.c b/fs/nfs/callback_proc.c +index a5209643ac36..bfdd21224073 100644 +--- a/fs/nfs/callback_proc.c ++++ b/fs/nfs/callback_proc.c +@@ -283,6 +283,7 @@ static u32 initiate_file_draining(struct nfs_client *clp, + rv = NFS4_OK; + break; + case -ENOENT: ++ set_bit(NFS_LAYOUT_DRAIN, &lo->plh_flags); + /* Embrace your forgetfulness! */ + rv = NFS4ERR_NOMATCHING_LAYOUT; + +diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c +index 69bb50d0ee3f..21436721745b 100644 +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -469,6 +469,7 @@ pnfs_mark_layout_stateid_invalid(struct pnfs_layout_hdr *lo, + pnfs_clear_lseg_state(lseg, lseg_list); + pnfs_clear_layoutreturn_info(lo); + pnfs_free_returned_lsegs(lo, lseg_list, &range, 0); ++ set_bit(NFS_LAYOUT_DRAIN, &lo->plh_flags); + if (test_bit(NFS_LAYOUT_RETURN, &lo->plh_flags) && + !test_and_set_bit(NFS_LAYOUT_RETURN_LOCK, &lo->plh_flags)) + pnfs_clear_layoutreturn_waitbit(lo); +@@ -1923,8 +1924,9 @@ static void nfs_layoutget_begin(struct pnfs_layout_hdr *lo) + + static void nfs_layoutget_end(struct pnfs_layout_hdr *lo) + { +- if (atomic_dec_and_test(&lo->plh_outstanding)) +- wake_up_var(&lo->plh_outstanding); ++ if (atomic_dec_and_test(&lo->plh_outstanding) && ++ test_and_clear_bit(NFS_LAYOUT_DRAIN, &lo->plh_flags)) ++ wake_up_bit(&lo->plh_flags, NFS_LAYOUT_DRAIN); + } + + static bool pnfs_is_first_layoutget(struct pnfs_layout_hdr *lo) +@@ -2031,11 +2033,11 @@ pnfs_update_layout(struct inode *ino, + * If the layout segment list is empty, but there are outstanding + * layoutget calls, then they might be subject to a layoutrecall. + */ +- if ((list_empty(&lo->plh_segs) || !pnfs_layout_is_valid(lo)) && ++ if (test_bit(NFS_LAYOUT_DRAIN, &lo->plh_flags) && + atomic_read(&lo->plh_outstanding) != 0) { + spin_unlock(&ino->i_lock); +- lseg = ERR_PTR(wait_var_event_killable(&lo->plh_outstanding, +- !atomic_read(&lo->plh_outstanding))); ++ lseg = ERR_PTR(wait_on_bit(&lo->plh_flags, NFS_LAYOUT_DRAIN, ++ TASK_KILLABLE)); + if (IS_ERR(lseg)) + goto out_put_layout_hdr; + pnfs_put_layout_hdr(lo); +@@ -2414,7 +2416,8 @@ pnfs_layout_process(struct nfs4_layoutget *lgp) + goto out_forget; + } + +- if (!pnfs_layout_is_valid(lo) && !pnfs_is_first_layoutget(lo)) ++ if (test_bit(NFS_LAYOUT_DRAIN, &lo->plh_flags) && ++ !pnfs_is_first_layoutget(lo)) + goto out_forget; + + if (nfs4_stateid_match_other(&lo->plh_stateid, &res->stateid)) { +diff --git a/fs/nfs/pnfs.h b/fs/nfs/pnfs.h +index 11d9ed9addc0..a7cf84a6673b 100644 +--- a/fs/nfs/pnfs.h ++++ b/fs/nfs/pnfs.h +@@ -107,6 +107,7 @@ enum { + NFS_LAYOUT_FIRST_LAYOUTGET, /* Serialize first layoutget */ + NFS_LAYOUT_INODE_FREEING, /* The inode is being freed */ + NFS_LAYOUT_HASHED, /* The layout visible */ ++ NFS_LAYOUT_DRAIN, + }; + + enum layoutdriver_policy_flags { +-- +2.35.1 + diff --git a/queue-5.10/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch b/queue-5.10/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch new file mode 100644 index 00000000000..4608e329e81 --- /dev/null +++ b/queue-5.10/pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch @@ -0,0 +1,42 @@ +From 29912ec04d65aa01547149513bb18c01b53c6088 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 31 May 2022 11:03:06 -0400 +Subject: pNFS: Don't keep retrying if the server replied + NFS4ERR_LAYOUTUNAVAILABLE + +From: Trond Myklebust + +[ Upstream commit fe44fb23d6ccde4c914c44ef74ab8d9d9ba02bea ] + +If the server tells us that a pNFS layout is not available for a +specific file, then we should not keep pounding it with further +layoutget requests. + +Fixes: 183d9e7b112a ("pnfs: rework LAYOUTGET retry handling") +Signed-off-by: Trond Myklebust +Signed-off-by: Anna Schumaker +Signed-off-by: Sasha Levin +--- + fs/nfs/pnfs.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/fs/nfs/pnfs.c b/fs/nfs/pnfs.c +index 8c0803d98008..69bb50d0ee3f 100644 +--- a/fs/nfs/pnfs.c ++++ b/fs/nfs/pnfs.c +@@ -2155,6 +2155,12 @@ pnfs_update_layout(struct inode *ino, + case -ERECALLCONFLICT: + case -EAGAIN: + break; ++ case -ENODATA: ++ /* The server returned NFS4ERR_LAYOUTUNAVAILABLE */ ++ pnfs_layout_set_fail_bit( ++ lo, pnfs_iomode_to_fail_bit(iomode)); ++ lseg = NULL; ++ goto out_put_layout_hdr; + default: + if (!nfs_error_is_fatal(PTR_ERR(lseg))) { + pnfs_layout_clear_fail_bit(lo, pnfs_iomode_to_fail_bit(iomode)); +-- +2.35.1 + diff --git a/queue-5.10/series b/queue-5.10/series index 82ac0353757..a99a39058ca 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -32,3 +32,22 @@ netfs-gcc-12-temporarily-disable-wattribute-warning-.patch mips-loongson-3-fix-compile-mips-cpu_hwmon-as-module.patch gpio-dwapb-don-t-print-error-on-eprobe_defer.patch random-credit-cpu-and-bootloader-seeds-by-default.patch +pnfs-don-t-keep-retrying-if-the-server-replied-nfs4e.patch +pnfs-avoid-a-live-lock-condition-in-pnfs_update_layo.patch +clocksource-hyper-v-unexport-__init-annotated-hv_ini.patch +i40e-fix-adding-adq-filter-to-tc0.patch +i40e-fix-calculating-the-number-of-queue-pairs.patch +i40e-fix-call-trace-in-setup_tx_descriptors.patch +drivers-hv-vmbus-release-cpu-lock-in-error-case.patch +tty-goldfish-fix-free_irq-on-remove.patch +misc-atmel-ssc-fix-irq-check-in-ssc_probe.patch +drm-i915-reset-fix-error_state_read-ptr-offset-use.patch +nvme-use-sysfs_emit-instead-of-sprintf.patch +nvme-add-device-name-to-warning-in-uuid_show.patch +mlxsw-spectrum_cnt-reorder-counter-pools.patch +net-bgmac-fix-an-erroneous-kfree-in-bgmac_remove.patch +net-ax25-fix-deadlock-caused-by-skb_recv_datagram-in.patch +arm64-ftrace-fix-branch-range-checks.patch +arm64-ftrace-consistently-handle-plts.patch +certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch +block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch diff --git a/queue-5.10/tty-goldfish-fix-free_irq-on-remove.patch b/queue-5.10/tty-goldfish-fix-free_irq-on-remove.patch new file mode 100644 index 00000000000..d997dc3f5b1 --- /dev/null +++ b/queue-5.10/tty-goldfish-fix-free_irq-on-remove.patch @@ -0,0 +1,51 @@ +From 85c86e9d7d3f39cd29bcf442ff7b44b114fe49c5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Jun 2022 16:17:04 +0200 +Subject: tty: goldfish: Fix free_irq() on remove + +From: Vincent Whitchurch + +[ Upstream commit 499e13aac6c762e1e828172b0f0f5275651d6512 ] + +Pass the correct dev_id to free_irq() to fix this splat when the driver +is unbound: + + WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq + Trying to free already-free IRQ 65 + Call Trace: + warn_slowpath_fmt + free_irq + goldfish_tty_remove + platform_remove + device_remove + device_release_driver_internal + device_driver_detach + unbind_store + drv_attr_store + ... + +Fixes: 465893e18878e119 ("tty: goldfish: support platform_device with id -1") +Signed-off-by: Vincent Whitchurch +Link: https://lore.kernel.org/r/20220609141704.1080024-1-vincent.whitchurch@axis.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/tty/goldfish.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/tty/goldfish.c b/drivers/tty/goldfish.c +index abc84d84f638..9180ca5e4dcd 100644 +--- a/drivers/tty/goldfish.c ++++ b/drivers/tty/goldfish.c +@@ -428,7 +428,7 @@ static int goldfish_tty_remove(struct platform_device *pdev) + tty_unregister_device(goldfish_tty_driver, qtty->console.index); + iounmap(qtty->base); + qtty->base = NULL; +- free_irq(qtty->irq, pdev); ++ free_irq(qtty->irq, qtty); + tty_port_destroy(&qtty->port); + goldfish_tty_current_line_count--; + if (goldfish_tty_current_line_count == 0) +-- +2.35.1 +