From: Greg Kroah-Hartman Date: Tue, 10 Dec 2024 09:20:03 +0000 (+0100) Subject: 5.4-stable patches X-Git-Tag: v6.6.65~32 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d41d318786f8254db8251b3a95bba64e95bfb6cb;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch bcache-revert-replacing-is_err_or_null-with-is_err-again.patch nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch --- diff --git a/queue-5.4/alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch b/queue-5.4/alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch new file mode 100644 index 00000000000..e17244327bc --- /dev/null +++ b/queue-5.4/alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch @@ -0,0 +1,43 @@ +From a7de2b873f3dbcda02d504536f1ec6dc50e3f6c4 Mon Sep 17 00:00:00 2001 +From: Marie Ramlow +Date: Sat, 30 Nov 2024 17:52:40 +0100 +Subject: ALSA: usb-audio: add mixer mapping for Corsair HS80 + +From: Marie Ramlow + +commit a7de2b873f3dbcda02d504536f1ec6dc50e3f6c4 upstream. + +The Corsair HS80 RGB Wireless is a USB headset with a mic and a sidetone +feature. It has the same quirk as the Virtuoso series. +This labels the mixers appropriately, so applications don't +move the sidetone volume when they actually intend to move the main +headset volume. + +Signed-off-by: Marie Ramlow +cc: +Link: https://patch.msgid.link/20241130165240.17838-1-me@nycode.dev +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/mixer_maps.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/sound/usb/mixer_maps.c ++++ b/sound/usb/mixer_maps.c +@@ -528,6 +528,16 @@ static const struct usbmix_ctl_map usbmi + .id = USB_ID(0x05a7, 0x1020), + .map = bose_companion5_map, + }, ++ { ++ /* Corsair HS80 RGB Wireless (wired mode) */ ++ .id = USB_ID(0x1b1c, 0x0a6a), ++ .map = corsair_virtuoso_map, ++ }, ++ { ++ /* Corsair HS80 RGB Wireless (wireless mode) */ ++ .id = USB_ID(0x1b1c, 0x0a6b), ++ .map = corsair_virtuoso_map, ++ }, + { /* Gigabyte TRX40 Aorus Master (rear panel + front mic) */ + .id = USB_ID(0x0414, 0xa001), + .map = aorus_master_alc1220vb_map, diff --git a/queue-5.4/bcache-revert-replacing-is_err_or_null-with-is_err-again.patch b/queue-5.4/bcache-revert-replacing-is_err_or_null-with-is_err-again.patch new file mode 100644 index 00000000000..c50d607163f --- /dev/null +++ b/queue-5.4/bcache-revert-replacing-is_err_or_null-with-is_err-again.patch @@ -0,0 +1,46 @@ +From b2e382ae12a63560fca35050498e19e760adf8c0 Mon Sep 17 00:00:00 2001 +From: Liequan Che +Date: Mon, 2 Dec 2024 19:56:38 +0800 +Subject: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again + +From: Liequan Che + +commit b2e382ae12a63560fca35050498e19e760adf8c0 upstream. + +Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in +node allocations") leads a NULL pointer deference in cache_set_flush(). + +1721 if (!IS_ERR_OR_NULL(c->root)) +1722 list_add(&c->root->list, &c->btree_cache); + +>From the above code in cache_set_flush(), if previous registration code +fails before allocating c->root, it is possible c->root is NULL as what +it is initialized. __bch_btree_node_alloc() never returns NULL but +c->root is possible to be NULL at above line 1721. + +This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. + +Fixes: 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") +Signed-off-by: Liequan Che +Cc: stable@vger.kernel.org +Cc: Zheng Wang +Reviewed-by: Mingzhe Zou +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20241202115638.28957-1-colyli@suse.de +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/md/bcache/super.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/md/bcache/super.c ++++ b/drivers/md/bcache/super.c +@@ -1635,7 +1635,7 @@ static void cache_set_flush(struct closu + if (!IS_ERR_OR_NULL(c->gc_thread)) + kthread_stop(c->gc_thread); + +- if (!IS_ERR(c->root)) ++ if (!IS_ERR_OR_NULL(c->root)) + list_add(&c->root->list, &c->btree_cache); + + /* diff --git a/queue-5.4/nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch b/queue-5.4/nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch new file mode 100644 index 00000000000..271e4b324a3 --- /dev/null +++ b/queue-5.4/nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch @@ -0,0 +1,53 @@ +From 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Wed, 20 Nov 2024 02:23:37 +0900 +Subject: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() + +From: Ryusuke Konishi + +commit 985ebec4ab0a28bb5910c3b1481a40fbf7f9e61d upstream. + +Syzbot reported that when searching for records in a directory where the +inode's i_size is corrupted and has a large value, memory access outside +the folio/page range may occur, or a use-after-free bug may be detected if +KASAN is enabled. + +This is because nilfs_last_byte(), which is called by nilfs_find_entry() +and others to calculate the number of valid bytes of directory data in a +page from i_size and the page index, loses the upper 32 bits of the 64-bit +size information due to an inappropriate type of local variable to which +the i_size value is assigned. + +This caused a large byte offset value due to underflow in the end address +calculation in the calling nilfs_find_entry(), resulting in memory access +that exceeds the folio/page size. + +Fix this issue by changing the type of the local variable causing the bit +loss from "unsigned int" to "u64". The return value of nilfs_last_byte() +is also of type "unsigned int", but it is truncated so as not to exceed +PAGE_SIZE and no bit loss occurs, so no change is required. + +Link: https://lkml.kernel.org/r/20241119172403.9292-1-konishi.ryusuke@gmail.com +Fixes: 2ba466d74ed7 ("nilfs2: directory entry operations") +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+96d5d14c47d97015c624@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=96d5d14c47d97015c624 +Tested-by: syzbot+96d5d14c47d97015c624@syzkaller.appspotmail.com +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/nilfs2/dir.c ++++ b/fs/nilfs2/dir.c +@@ -76,7 +76,7 @@ static inline void nilfs_put_page(struct + */ + static unsigned int nilfs_last_byte(struct inode *inode, unsigned long page_nr) + { +- unsigned int last_byte = inode->i_size; ++ u64 last_byte = inode->i_size; + + last_byte -= page_nr << PAGE_SHIFT; + if (last_byte > PAGE_SIZE) diff --git a/queue-5.4/scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch b/queue-5.4/scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch new file mode 100644 index 00000000000..b8ce62dc19d --- /dev/null +++ b/queue-5.4/scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch @@ -0,0 +1,46 @@ +From 4812b7796c144f63a1094f79a5eb8fbdad8d7ebc Mon Sep 17 00:00:00 2001 +From: Quinn Tran +Date: Fri, 15 Nov 2024 18:33:11 +0530 +Subject: scsi: qla2xxx: Fix NVMe and NPIV connect issue + +From: Quinn Tran + +commit 4812b7796c144f63a1094f79a5eb8fbdad8d7ebc upstream. + +NVMe controller fails to send connect command due to failure to locate +hw context buffer for NVMe queue 0 (blk_mq_hw_ctx, hctx_idx=0). The +cause of the issue is NPIV host did not initialize the vha->irq_offset +field. This field is given to blk-mq (blk_mq_pci_map_queues) to help +locate the beginning of IO Queues which in turn help locate NVMe queue +0. + +Initialize this field to allow NVMe to work properly with NPIV host. + + kernel: nvme nvme5: Connect command failed, errno: -18 + kernel: nvme nvme5: qid 0: secure concatenation is not supported + kernel: nvme nvme5: NVME-FC{5}: create_assoc failed, assoc_id 2e9100 ret 401 + kernel: nvme nvme5: NVME-FC{5}: reset: Reconnect attempt failed (401) + kernel: nvme nvme5: NVME-FC{5}: Reconnect attempt in 2 seconds + +Cc: stable@vger.kernel.org +Fixes: f0783d43dde4 ("scsi: qla2xxx: Use correct number of vectors for online CPUs") +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20241115130313.46826-6-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_mid.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_mid.c ++++ b/drivers/scsi/qla2xxx/qla_mid.c +@@ -492,6 +492,7 @@ qla24xx_create_vhost(struct fc_vport *fc + return(NULL); + } + ++ vha->irq_offset = QLA_BASE_VECTORS; + host = vha->host; + fc_vport->dd_data = vha; + /* New host info */ diff --git a/queue-5.4/scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch b/queue-5.4/scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch new file mode 100644 index 00000000000..7652767b3d3 --- /dev/null +++ b/queue-5.4/scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch @@ -0,0 +1,45 @@ +From 833c70e212fc40d3e98da941796f4c7bcaecdf58 Mon Sep 17 00:00:00 2001 +From: Saurav Kashyap +Date: Fri, 15 Nov 2024 18:33:10 +0530 +Subject: scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt + +From: Saurav Kashyap + +commit 833c70e212fc40d3e98da941796f4c7bcaecdf58 upstream. + +Firmware supports multiple sg_cnt for request and response for CT +commands, so remove the redundant check. A check is there where sg_cnt +for request and response should be same. This is not required as driver +and FW have code to handle multiple and different sg_cnt on request and +response. + +Cc: stable@vger.kernel.org +Signed-off-by: Saurav Kashyap +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20241115130313.46826-5-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_bsg.c | 10 ---------- + 1 file changed, 10 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_bsg.c ++++ b/drivers/scsi/qla2xxx/qla_bsg.c +@@ -462,16 +462,6 @@ qla2x00_process_ct(struct bsg_job *bsg_j + goto done; + } + +- if ((req_sg_cnt != bsg_job->request_payload.sg_cnt) || +- (rsp_sg_cnt != bsg_job->reply_payload.sg_cnt)) { +- ql_log(ql_log_warn, vha, 0x7011, +- "request_sg_cnt: %x dma_request_sg_cnt: %x reply_sg_cnt:%x " +- "dma_reply_sg_cnt: %x\n", bsg_job->request_payload.sg_cnt, +- req_sg_cnt, bsg_job->reply_payload.sg_cnt, rsp_sg_cnt); +- rval = -EAGAIN; +- goto done_unmap_sg; +- } +- + if (!vha->flags.online) { + ql_log(ql_log_warn, vha, 0x7012, + "Host is not online.\n"); diff --git a/queue-5.4/scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch b/queue-5.4/scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch new file mode 100644 index 00000000000..0bf2ef1c2ca --- /dev/null +++ b/queue-5.4/scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch @@ -0,0 +1,36 @@ +From e4e268f898c8a08f0a1188677e15eadbc06e98f6 Mon Sep 17 00:00:00 2001 +From: Anil Gurumurthy +Date: Fri, 15 Nov 2024 18:33:12 +0530 +Subject: scsi: qla2xxx: Supported speed displayed incorrectly for VPorts + +From: Anil Gurumurthy + +commit e4e268f898c8a08f0a1188677e15eadbc06e98f6 upstream. + +The fc_function_template for vports was missing the +.show_host_supported_speeds. The base port had the same. + +Add .show_host_supported_speeds to the vport template as well. + +Cc: stable@vger.kernel.org +Fixes: 2c3dfe3f6ad8 ("[SCSI] qla2xxx: add support for NPIV") +Signed-off-by: Anil Gurumurthy +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20241115130313.46826-7-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qla2xxx/qla_attr.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/qla2xxx/qla_attr.c ++++ b/drivers/scsi/qla2xxx/qla_attr.c +@@ -3070,6 +3070,7 @@ struct fc_function_template qla2xxx_tran + .show_host_node_name = 1, + .show_host_port_name = 1, + .show_host_supported_classes = 1, ++ .show_host_supported_speeds = 1, + + .get_host_port_id = qla2x00_get_host_port_id, + .show_host_port_id = 1, diff --git a/queue-5.4/series b/queue-5.4/series index d346620a45c..9360796cc6e 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -253,3 +253,10 @@ ocfs2-free-inode-when-ocfs2_get_init_inode-fails.patch bpf-handle-bpf_exist-and-bpf_noexist-for-lpm-trie.patch bpf-fix-exact-match-conditions-in-trie_get_next_key.patch hid-wacom-fix-when-get-product-name-maybe-null-pointer.patch +tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch +alsa-usb-audio-add-mixer-mapping-for-corsair-hs80.patch +scsi-qla2xxx-fix-nvme-and-npiv-connect-issue.patch +scsi-qla2xxx-supported-speed-displayed-incorrectly-for-vports.patch +scsi-qla2xxx-remove-check-req_sg_cnt-should-be-equal-to-rsp_sg_cnt.patch +nilfs2-fix-potential-out-of-bounds-memory-access-in-nilfs_find_entry.patch +bcache-revert-replacing-is_err_or_null-with-is_err-again.patch diff --git a/queue-5.4/tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch b/queue-5.4/tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch new file mode 100644 index 00000000000..eede3b0fba3 --- /dev/null +++ b/queue-5.4/tracing-fix-cmp_entries_dup-to-respect-sort-comparison-rules.patch @@ -0,0 +1,52 @@ +From e63fbd5f6810ed756bbb8a1549c7d4132968baa9 Mon Sep 17 00:00:00 2001 +From: Kuan-Wei Chiu +Date: Wed, 4 Dec 2024 04:22:28 +0800 +Subject: tracing: Fix cmp_entries_dup() to respect sort() comparison rules + +From: Kuan-Wei Chiu + +commit e63fbd5f6810ed756bbb8a1549c7d4132968baa9 upstream. + +The cmp_entries_dup() function used as the comparator for sort() +violated the symmetry and transitivity properties required by the +sorting algorithm. Specifically, it returned 1 whenever memcmp() was +non-zero, which broke the following expectations: + +* Symmetry: If x < y, then y > x. +* Transitivity: If x < y and y < z, then x < z. + +These violations could lead to incorrect sorting and failure to +correctly identify duplicate elements. + +Fix the issue by directly returning the result of memcmp(), which +adheres to the required comparison properties. + +Cc: stable@vger.kernel.org +Fixes: 08d43a5fa063 ("tracing: Add lock-free tracing_map") +Link: https://lore.kernel.org/20241203202228.1274403-1-visitorckw@gmail.com +Signed-off-by: Kuan-Wei Chiu +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/tracing_map.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/kernel/trace/tracing_map.c ++++ b/kernel/trace/tracing_map.c +@@ -845,15 +845,11 @@ int tracing_map_init(struct tracing_map + static int cmp_entries_dup(const void *A, const void *B) + { + const struct tracing_map_sort_entry *a, *b; +- int ret = 0; + + a = *(const struct tracing_map_sort_entry **)A; + b = *(const struct tracing_map_sort_entry **)B; + +- if (memcmp(a->key, b->key, a->elt->map->key_size)) +- ret = 1; +- +- return ret; ++ return memcmp(a->key, b->key, a->elt->map->key_size); + } + + static int cmp_entries_sum(const void *A, const void *B)