From: Greg Kroah-Hartman Date: Sat, 13 May 2023 06:53:21 +0000 (+0900) Subject: 5.15-stable patches X-Git-Tag: v4.14.315~94 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=db0f9f4e59544cf00405e04801ee29af0e352049;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: arm-dts-exynos-fix-wm8960-clock-name-in-itop-elite.patch arm-dts-s5pv210-correct-mipi-csis-clock-name.patch btrfs-don-t-free-qgroup-space-unless-specified.patch btrfs-fix-btrfs_prev_leaf-to-not-return-the-same-key-twice.patch btrfs-fix-encoded-write-i_size-corruption-with-no-holes.patch btrfs-fix-space-cache-inconsistency-after-error-loading-it-from-disk.patch btrfs-print-tree-parent-bytenr-must-be-aligned-to-sector-size.patch btrfs-zero-the-buffer-before-marking-it-dirty-in-btrfs_redirty_list_add.patch btrfs-zoned-fix-wrong-use-of-bitops-api-in-btrfs_ensure_empty_zones.patch cifs-fix-pcchunk-length-type-in-smb2_copychunk_range.patch cifs-release-leases-for-deferred-close-handles-when-freezing.patch drm-bridge-lt8912b-fix-dsi-video-mode.patch drm-msm-fix-null-deref-on-irq-uninstall.patch drm-msm-fix-null-deref-on-snapshot-tear-down.patch drm-panel-otm8009a-set-backlight-parent-to-panel-device.patch f2fs-fix-potential-corruption-when-moving-a-directory.patch inotify-avoid-reporting-event-with-invalid-wd.patch platform-x86-touchscreen_dmi-add-info-for-the-dexp-ursus-kx210i.patch platform-x86-touchscreen_dmi-add-upside-down-quirk-for-gdix1002-ts-on-the-juno-tablet.patch remoteproc-imx_rproc-call-of_node_put-on-iteration-error.patch remoteproc-st-call-of_node_put-on-iteration-error.patch remoteproc-stm32-call-of_node_put-on-iteration-error.patch sh-init-use-of_early_flattree-for-early-init.patch sh-math-emu-fix-macro-redefined-warning.patch sh-mcount.s-fix-build-error-when-printk-is-not-enabled.patch sh-nmi_debug-fix-return-value-of-__setup-handler.patch smb3-fix-problem-remounting-a-share-after-shutdown.patch smb3-force-unmount-was-failing-to-close-deferred-close-files.patch x86-retbleed-fix-return-thunk-alignment.patch --- diff --git a/queue-5.15/arm-dts-exynos-fix-wm8960-clock-name-in-itop-elite.patch b/queue-5.15/arm-dts-exynos-fix-wm8960-clock-name-in-itop-elite.patch new file mode 100644 index 00000000000..18a5c877499 --- /dev/null +++ b/queue-5.15/arm-dts-exynos-fix-wm8960-clock-name-in-itop-elite.patch @@ -0,0 +1,32 @@ +From 6c950c20da38debf1ed531e0b972bd8b53d1c11f Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 17 Feb 2023 16:06:27 +0100 +Subject: ARM: dts: exynos: fix WM8960 clock name in Itop Elite + +From: Krzysztof Kozlowski + +commit 6c950c20da38debf1ed531e0b972bd8b53d1c11f upstream. + +The WM8960 Linux driver expects the clock to be named "mclk". Otherwise +the clock will be ignored and not prepared/enabled by the driver. + +Cc: +Fixes: 339b2fb36a67 ("ARM: dts: exynos: Add TOPEET itop elite based board") +Link: https://lore.kernel.org/r/20230217150627.779764-3-krzysztof.kozlowski@linaro.org +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/exynos4412-itop-elite.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/dts/exynos4412-itop-elite.dts ++++ b/arch/arm/boot/dts/exynos4412-itop-elite.dts +@@ -179,7 +179,7 @@ + compatible = "wlf,wm8960"; + reg = <0x1a>; + clocks = <&pmu_system_controller 0>; +- clock-names = "MCLK1"; ++ clock-names = "mclk"; + wlf,shared-lrclk; + #sound-dai-cells = <0>; + }; diff --git a/queue-5.15/arm-dts-s5pv210-correct-mipi-csis-clock-name.patch b/queue-5.15/arm-dts-s5pv210-correct-mipi-csis-clock-name.patch new file mode 100644 index 00000000000..ca6240e51e2 --- /dev/null +++ b/queue-5.15/arm-dts-s5pv210-correct-mipi-csis-clock-name.patch @@ -0,0 +1,32 @@ +From 665b9459bb53b8f19bd1541567e1fe9782c83c4b Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Sun, 12 Feb 2023 19:58:18 +0100 +Subject: ARM: dts: s5pv210: correct MIPI CSIS clock name + +From: Krzysztof Kozlowski + +commit 665b9459bb53b8f19bd1541567e1fe9782c83c4b upstream. + +The Samsung S5P/Exynos MIPI CSIS bindings and Linux driver expect first +clock name to be "csis". Otherwise the driver fails to probe. + +Fixes: 94ad0f6d9278 ("ARM: dts: Add Device tree for s5pv210 SoC") +Cc: +Link: https://lore.kernel.org/r/20230212185818.43503-2-krzysztof.kozlowski@linaro.org +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/s5pv210.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/boot/dts/s5pv210.dtsi ++++ b/arch/arm/boot/dts/s5pv210.dtsi +@@ -582,7 +582,7 @@ + interrupts = <29>; + clocks = <&clocks CLK_CSIS>, + <&clocks SCLK_CSIS>; +- clock-names = "clk_csis", ++ clock-names = "csis", + "sclk_csis"; + bus-width = <4>; + status = "disabled"; diff --git a/queue-5.15/btrfs-don-t-free-qgroup-space-unless-specified.patch b/queue-5.15/btrfs-don-t-free-qgroup-space-unless-specified.patch new file mode 100644 index 00000000000..da03dc0bb28 --- /dev/null +++ b/queue-5.15/btrfs-don-t-free-qgroup-space-unless-specified.patch @@ -0,0 +1,87 @@ +From d246331b78cbef86237f9c22389205bc9b4e1cc1 Mon Sep 17 00:00:00 2001 +From: Josef Bacik +Date: Tue, 2 May 2023 16:00:06 -0400 +Subject: btrfs: don't free qgroup space unless specified + +From: Josef Bacik + +commit d246331b78cbef86237f9c22389205bc9b4e1cc1 upstream. + +Boris noticed in his simple quotas testing that he was getting a leak +with Sweet Tea's change to subvol create that stopped doing a +transaction commit. This was just a side effect of that change. + +In the delayed inode code we have an optimization that will free extra +reservations if we think we can pack a dir item into an already modified +leaf. Previously this wouldn't be triggered in the subvolume create +case because we'd commit the transaction, it was still possible but +much harder to trigger. It could actually be triggered if we did a +mkdir && subvol create with qgroups enabled. + +This occurs because in btrfs_insert_delayed_dir_index(), which gets +called when we're adding the dir item, we do the following: + + btrfs_block_rsv_release(fs_info, trans->block_rsv, bytes, NULL); + +if we're able to skip reserving space. + +The problem here is that trans->block_rsv points at the temporary block +rsv for the subvolume create, which has qgroup reservations in the block +rsv. + +This is a problem because btrfs_block_rsv_release() will do the +following: + + if (block_rsv->qgroup_rsv_reserved >= block_rsv->qgroup_rsv_size) { + qgroup_to_release = block_rsv->qgroup_rsv_reserved - + block_rsv->qgroup_rsv_size; + block_rsv->qgroup_rsv_reserved = block_rsv->qgroup_rsv_size; + } + +The temporary block rsv just has ->qgroup_rsv_reserved set, +->qgroup_rsv_size == 0. The optimization in +btrfs_insert_delayed_dir_index() sets ->qgroup_rsv_reserved = 0. Then +later on when we call btrfs_subvolume_release_metadata() which has + + btrfs_block_rsv_release(fs_info, rsv, (u64)-1, &qgroup_to_release); + btrfs_qgroup_convert_reserved_meta(root, qgroup_to_release); + +qgroup_to_release is set to 0, and we do not convert the reserved +metadata space. + +The problem here is that the block rsv code has been unconditionally +messing with ->qgroup_rsv_reserved, because the main place this is used +is delalloc, and any time we call btrfs_block_rsv_release() we do it +with qgroup_to_release set, and thus do the proper accounting. + +The subvolume code is the only other code that uses the qgroup +reservation stuff, but it's intermingled with the above optimization, +and thus was getting its reservation freed out from underneath it and +thus leaking the reserved space. + +The solution is to simply not mess with the qgroup reservations if we +don't have qgroup_to_release set. This works with the existing code as +anything that messes with the delalloc reservations always have +qgroup_to_release set. This fixes the leak that Boris was observing. + +Reviewed-by: Qu Wenruo +CC: stable@vger.kernel.org # 5.4+ +Signed-off-by: Josef Bacik +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/block-rsv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/block-rsv.c ++++ b/fs/btrfs/block-rsv.c +@@ -121,7 +121,8 @@ static u64 block_rsv_release_bytes(struc + } else { + num_bytes = 0; + } +- if (block_rsv->qgroup_rsv_reserved >= block_rsv->qgroup_rsv_size) { ++ if (qgroup_to_release_ret && ++ block_rsv->qgroup_rsv_reserved >= block_rsv->qgroup_rsv_size) { + qgroup_to_release = block_rsv->qgroup_rsv_reserved - + block_rsv->qgroup_rsv_size; + block_rsv->qgroup_rsv_reserved = block_rsv->qgroup_rsv_size; diff --git a/queue-5.15/btrfs-fix-btrfs_prev_leaf-to-not-return-the-same-key-twice.patch b/queue-5.15/btrfs-fix-btrfs_prev_leaf-to-not-return-the-same-key-twice.patch new file mode 100644 index 00000000000..72fbb7542b9 --- /dev/null +++ b/queue-5.15/btrfs-fix-btrfs_prev_leaf-to-not-return-the-same-key-twice.patch @@ -0,0 +1,136 @@ +From 6f932d4ef007d6a4ae03badcb749fbb8f49196f6 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Wed, 12 Apr 2023 11:33:09 +0100 +Subject: btrfs: fix btrfs_prev_leaf() to not return the same key twice + +From: Filipe Manana + +commit 6f932d4ef007d6a4ae03badcb749fbb8f49196f6 upstream. + +A call to btrfs_prev_leaf() may end up returning a path that points to the +same item (key) again. This happens if while btrfs_prev_leaf(), after we +release the path, a concurrent insertion happens, which moves items off +from a sibling into the front of the previous leaf, and an item with the +computed previous key does not exists. + +For example, suppose we have the two following leaves: + + Leaf A + + ------------------------------------------------------------- + | ... key (300 96 10) key (300 96 15) key (300 96 16) | + ------------------------------------------------------------- + slot 20 slot 21 slot 22 + + Leaf B + + ------------------------------------------------------------- + | key (300 96 20) key (300 96 21) key (300 96 22) ... | + ------------------------------------------------------------- + slot 0 slot 1 slot 2 + +If we call btrfs_prev_leaf(), from btrfs_previous_item() for example, with +a path pointing to leaf B and slot 0 and the following happens: + +1) At btrfs_prev_leaf() we compute the previous key to search as: + (300 96 19), which is a key that does not exists in the tree; + +2) Then we call btrfs_release_path() at btrfs_prev_leaf(); + +3) Some other task inserts a key at leaf A, that sorts before the key at + slot 20, for example it has an objectid of 299. In order to make room + for the new key, the key at slot 22 is moved to the front of leaf B. + This happens at push_leaf_right(), called from split_leaf(). + + After this leaf B now looks like: + + -------------------------------------------------------------------------------- + | key (300 96 16) key (300 96 20) key (300 96 21) key (300 96 22) ... | + -------------------------------------------------------------------------------- + slot 0 slot 1 slot 2 slot 3 + +4) At btrfs_prev_leaf() we call btrfs_search_slot() for the computed + previous key: (300 96 19). Since the key does not exists, + btrfs_search_slot() returns 1 and with a path pointing to leaf B + and slot 1, the item with key (300 96 20); + +5) This makes btrfs_prev_leaf() return a path that points to slot 1 of + leaf B, the same key as before it was called, since the key at slot 0 + of leaf B (300 96 16) is less than the computed previous key, which is + (300 96 19); + +6) As a consequence btrfs_previous_item() returns a path that points again + to the item with key (300 96 20). + +For some users of btrfs_prev_leaf() or btrfs_previous_item() this may not +be functional a problem, despite not making sense to return a new path +pointing again to the same item/key. However for a caller such as +tree-log.c:log_dir_items(), this has a bad consequence, as it can result +in not logging some dir index deletions in case the directory is being +logged without holding the inode's VFS lock (logging triggered while +logging a child inode for example) - for the example scenario above, in +case the dir index keys 17, 18 and 19 were deleted in the current +transaction. + +CC: stable@vger.kernel.org # 4.14+ +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/ctree.c | 32 +++++++++++++++++++++++++++++++- + 1 file changed, 31 insertions(+), 1 deletion(-) + +--- a/fs/btrfs/ctree.c ++++ b/fs/btrfs/ctree.c +@@ -4189,10 +4189,12 @@ int btrfs_del_items(struct btrfs_trans_h + int btrfs_prev_leaf(struct btrfs_root *root, struct btrfs_path *path) + { + struct btrfs_key key; ++ struct btrfs_key orig_key; + struct btrfs_disk_key found_key; + int ret; + + btrfs_item_key_to_cpu(path->nodes[0], &key, 0); ++ orig_key = key; + + if (key.offset > 0) { + key.offset--; +@@ -4209,8 +4211,36 @@ int btrfs_prev_leaf(struct btrfs_root *r + + btrfs_release_path(path); + ret = btrfs_search_slot(NULL, root, &key, path, 0, 0); +- if (ret < 0) ++ if (ret <= 0) + return ret; ++ ++ /* ++ * Previous key not found. Even if we were at slot 0 of the leaf we had ++ * before releasing the path and calling btrfs_search_slot(), we now may ++ * be in a slot pointing to the same original key - this can happen if ++ * after we released the path, one of more items were moved from a ++ * sibling leaf into the front of the leaf we had due to an insertion ++ * (see push_leaf_right()). ++ * If we hit this case and our slot is > 0 and just decrement the slot ++ * so that the caller does not process the same key again, which may or ++ * may not break the caller, depending on its logic. ++ */ ++ if (path->slots[0] < btrfs_header_nritems(path->nodes[0])) { ++ btrfs_item_key(path->nodes[0], &found_key, path->slots[0]); ++ ret = comp_keys(&found_key, &orig_key); ++ if (ret == 0) { ++ if (path->slots[0] > 0) { ++ path->slots[0]--; ++ return 0; ++ } ++ /* ++ * At slot 0, same key as before, it means orig_key is ++ * the lowest, leftmost, key in the tree. We're done. ++ */ ++ return 1; ++ } ++ } ++ + btrfs_item_key(path->nodes[0], &found_key, 0); + ret = comp_keys(&found_key, &key); + /* diff --git a/queue-5.15/btrfs-fix-encoded-write-i_size-corruption-with-no-holes.patch b/queue-5.15/btrfs-fix-encoded-write-i_size-corruption-with-no-holes.patch new file mode 100644 index 00000000000..ce54470d44a --- /dev/null +++ b/queue-5.15/btrfs-fix-encoded-write-i_size-corruption-with-no-holes.patch @@ -0,0 +1,92 @@ +From e7db9e5c6b9615b287d01f0231904fbc1fbde9c5 Mon Sep 17 00:00:00 2001 +From: Boris Burkov +Date: Fri, 28 Apr 2023 14:02:11 -0700 +Subject: btrfs: fix encoded write i_size corruption with no-holes + +From: Boris Burkov + +commit e7db9e5c6b9615b287d01f0231904fbc1fbde9c5 upstream. + +We have observed a btrfs filesystem corruption on workloads using +no-holes and encoded writes via send stream v2. The symptom is that a +file appears to be truncated to the end of its last aligned extent, even +though the final unaligned extent and even the file extent and otherwise +correctly updated inode item have been written. + +So if we were writing out a 1MiB+X file via 8 128K extents and one +extent of length X, i_size would be set to 1MiB, but the ninth extent, +nbyte, etc. would all appear correct otherwise. + +The source of the race is a narrow (one line of code) window in which a +no-holes fs has read in an updated i_size, but has not yet set a shared +disk_i_size variable to write. Therefore, if two ordered extents run in +parallel (par for the course for receive workloads), the following +sequence can play out: (following "threads" a bit loosely, since there +are callbacks involved for endio but extra threads aren't needed to +cause the issue) + + ENC-WR1 (second to last) ENC-WR2 (last) + ------- ------- + btrfs_do_encoded_write + set i_size = 1M + submit bio B1 ending at 1M + endio B1 + btrfs_inode_safe_disk_i_size_write + local i_size = 1M + falls off a cliff for some reason + btrfs_do_encoded_write + set i_size = 1M+X + submit bio B2 ending at 1M+X + endio B2 + btrfs_inode_safe_disk_i_size_write + local i_size = 1M+X + disk_i_size = 1M+X + disk_i_size = 1M + btrfs_delayed_update_inode + btrfs_delayed_update_inode + +And the delayed inode ends up filled with nbytes=1M+X and isize=1M, and +writes respect i_size and present a corrupted file missing its last +extents. + +Fix this by holding the inode lock in the no-holes case so that a thread +can't sneak in a write to disk_i_size that gets overwritten with an out +of date i_size. + +Fixes: 41a2ee75aab0 ("btrfs: introduce per-inode file extent tree") +CC: stable@vger.kernel.org # 5.10+ +Reviewed-by: Josef Bacik +Signed-off-by: Boris Burkov +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/file-item.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/file-item.c ++++ b/fs/btrfs/file-item.c +@@ -47,13 +47,13 @@ void btrfs_inode_safe_disk_i_size_write( + u64 start, end, i_size; + int ret; + ++ spin_lock(&inode->lock); + i_size = new_i_size ?: i_size_read(&inode->vfs_inode); + if (btrfs_fs_incompat(fs_info, NO_HOLES)) { + inode->disk_i_size = i_size; +- return; ++ goto out_unlock; + } + +- spin_lock(&inode->lock); + ret = find_contiguous_extent_bit(&inode->file_extent_tree, 0, &start, + &end, EXTENT_DIRTY); + if (!ret && start == 0) +@@ -61,6 +61,7 @@ void btrfs_inode_safe_disk_i_size_write( + else + i_size = 0; + inode->disk_i_size = i_size; ++out_unlock: + spin_unlock(&inode->lock); + } + diff --git a/queue-5.15/btrfs-fix-space-cache-inconsistency-after-error-loading-it-from-disk.patch b/queue-5.15/btrfs-fix-space-cache-inconsistency-after-error-loading-it-from-disk.patch new file mode 100644 index 00000000000..360370c0453 --- /dev/null +++ b/queue-5.15/btrfs-fix-space-cache-inconsistency-after-error-loading-it-from-disk.patch @@ -0,0 +1,57 @@ +From 0004ff15ea26015a0a3a6182dca3b9d1df32e2b7 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Thu, 4 May 2023 12:04:18 +0100 +Subject: btrfs: fix space cache inconsistency after error loading it from disk + +From: Filipe Manana + +commit 0004ff15ea26015a0a3a6182dca3b9d1df32e2b7 upstream. + +When loading a free space cache from disk, at __load_free_space_cache(), +if we fail to insert a bitmap entry, we still increment the number of +total bitmaps in the btrfs_free_space_ctl structure, which is incorrect +since we failed to add the bitmap entry. On error we then empty the +cache by calling __btrfs_remove_free_space_cache(), which will result +in getting the total bitmaps counter set to 1. + +A failure to load a free space cache is not critical, so if a failure +happens we just rebuild the cache by scanning the extent tree, which +happens at block-group.c:caching_thread(). Yet the failure will result +in having the total bitmaps of the btrfs_free_space_ctl always bigger +by 1 then the number of bitmap entries we have. So fix this by having +the total bitmaps counter be incremented only if we successfully added +the bitmap entry. + +Fixes: a67509c30079 ("Btrfs: add a io_ctl struct and helpers for dealing with the space cache") +Reviewed-by: Anand Jain +CC: stable@vger.kernel.org # 4.4+ +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/free-space-cache.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/fs/btrfs/free-space-cache.c ++++ b/fs/btrfs/free-space-cache.c +@@ -825,15 +825,16 @@ static int __load_free_space_cache(struc + } + spin_lock(&ctl->tree_lock); + ret = link_free_space(ctl, e); +- ctl->total_bitmaps++; +- recalculate_thresholds(ctl); +- spin_unlock(&ctl->tree_lock); + if (ret) { ++ spin_unlock(&ctl->tree_lock); + btrfs_err(fs_info, + "Duplicate entries in free space cache, dumping"); + kmem_cache_free(btrfs_free_space_cachep, e); + goto free_cache; + } ++ ctl->total_bitmaps++; ++ recalculate_thresholds(ctl); ++ spin_unlock(&ctl->tree_lock); + list_add_tail(&e->list, &bitmaps); + } + diff --git a/queue-5.15/btrfs-print-tree-parent-bytenr-must-be-aligned-to-sector-size.patch b/queue-5.15/btrfs-print-tree-parent-bytenr-must-be-aligned-to-sector-size.patch new file mode 100644 index 00000000000..912b08fe9cc --- /dev/null +++ b/queue-5.15/btrfs-print-tree-parent-bytenr-must-be-aligned-to-sector-size.patch @@ -0,0 +1,42 @@ +From c87f318e6f47696b4040b58f460d5c17ea0280e6 Mon Sep 17 00:00:00 2001 +From: Anastasia Belova +Date: Wed, 26 Apr 2023 14:53:23 +0300 +Subject: btrfs: print-tree: parent bytenr must be aligned to sector size + +From: Anastasia Belova + +commit c87f318e6f47696b4040b58f460d5c17ea0280e6 upstream. + +Check nodesize to sectorsize in alignment check in print_extent_item. +The comment states that and this is correct, similar check is done +elsewhere in the functions. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Fixes: ea57788eb76d ("btrfs: require only sector size alignment for parent eb bytenr") +CC: stable@vger.kernel.org # 4.14+ +Reviewed-by: Qu Wenruo +Signed-off-by: Anastasia Belova +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/print-tree.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/btrfs/print-tree.c ++++ b/fs/btrfs/print-tree.c +@@ -147,10 +147,10 @@ static void print_extent_item(struct ext + pr_cont("shared data backref parent %llu count %u\n", + offset, btrfs_shared_data_ref_count(eb, sref)); + /* +- * offset is supposed to be a tree block which +- * must be aligned to nodesize. ++ * Offset is supposed to be a tree block which must be ++ * aligned to sectorsize. + */ +- if (!IS_ALIGNED(offset, eb->fs_info->nodesize)) ++ if (!IS_ALIGNED(offset, eb->fs_info->sectorsize)) + pr_info( + "\t\t\t(parent %llu not aligned to sectorsize %u)\n", + offset, eb->fs_info->sectorsize); diff --git a/queue-5.15/btrfs-zero-the-buffer-before-marking-it-dirty-in-btrfs_redirty_list_add.patch b/queue-5.15/btrfs-zero-the-buffer-before-marking-it-dirty-in-btrfs_redirty_list_add.patch new file mode 100644 index 00000000000..84a3da20024 --- /dev/null +++ b/queue-5.15/btrfs-zero-the-buffer-before-marking-it-dirty-in-btrfs_redirty_list_add.patch @@ -0,0 +1,43 @@ +From c83b56d1dd87cf67492bb770c26d6f87aee70ed6 Mon Sep 17 00:00:00 2001 +From: Christoph Hellwig +Date: Mon, 8 May 2023 07:58:37 -0700 +Subject: btrfs: zero the buffer before marking it dirty in btrfs_redirty_list_add + +From: Christoph Hellwig + +commit c83b56d1dd87cf67492bb770c26d6f87aee70ed6 upstream. + +btrfs_redirty_list_add zeroes the buffer data and sets the +EXTENT_BUFFER_NO_CHECK to make sure writeback is fine with a bogus +header. But it does that after already marking the buffer dirty, which +means that writeback could already be looking at the buffer. + +Switch the order of operations around so that the buffer is only marked +dirty when we're ready to write it. + +Fixes: d3575156f662 ("btrfs: zoned: redirty released extent buffers") +CC: stable@vger.kernel.org # 5.15+ +Signed-off-by: Christoph Hellwig +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/zoned.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/fs/btrfs/zoned.c ++++ b/fs/btrfs/zoned.c +@@ -1347,11 +1347,11 @@ void btrfs_redirty_list_add(struct btrfs + !list_empty(&eb->release_list)) + return; + ++ memzero_extent_buffer(eb, 0, eb->len); ++ set_bit(EXTENT_BUFFER_NO_CHECK, &eb->bflags); + set_extent_buffer_dirty(eb); + set_extent_bits_nowait(&trans->dirty_pages, eb->start, + eb->start + eb->len - 1, EXTENT_DIRTY); +- memzero_extent_buffer(eb, 0, eb->len); +- set_bit(EXTENT_BUFFER_NO_CHECK, &eb->bflags); + + spin_lock(&trans->releasing_ebs_lock); + list_add_tail(&eb->release_list, &trans->releasing_ebs); diff --git a/queue-5.15/btrfs-zoned-fix-wrong-use-of-bitops-api-in-btrfs_ensure_empty_zones.patch b/queue-5.15/btrfs-zoned-fix-wrong-use-of-bitops-api-in-btrfs_ensure_empty_zones.patch new file mode 100644 index 00000000000..a4dd1086d93 --- /dev/null +++ b/queue-5.15/btrfs-zoned-fix-wrong-use-of-bitops-api-in-btrfs_ensure_empty_zones.patch @@ -0,0 +1,45 @@ +From 631003e2333c12cc1b52df06a707365b7363a159 Mon Sep 17 00:00:00 2001 +From: Naohiro Aota +Date: Tue, 18 Apr 2023 17:45:24 +0900 +Subject: btrfs: zoned: fix wrong use of bitops API in btrfs_ensure_empty_zones + +From: Naohiro Aota + +commit 631003e2333c12cc1b52df06a707365b7363a159 upstream. + +find_next_bit and find_next_zero_bit take @size as the second parameter and +@offset as the third parameter. They are specified opposite in +btrfs_ensure_empty_zones(). Thanks to the later loop, it never failed to +detect the empty zones. Fix them and (maybe) return the result a bit +faster. + +Note: the naming is a bit confusing, size has two meanings here, bitmap +and our range size. + +Fixes: 1cd6121f2a38 ("btrfs: zoned: implement zoned chunk allocator") +CC: stable@vger.kernel.org # 5.15+ +Signed-off-by: Naohiro Aota +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/zoned.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/fs/btrfs/zoned.c ++++ b/fs/btrfs/zoned.c +@@ -1014,12 +1014,12 @@ int btrfs_ensure_empty_zones(struct btrf + return -ERANGE; + + /* All the zones are conventional */ +- if (find_next_bit(zinfo->seq_zones, begin, end) == end) ++ if (find_next_bit(zinfo->seq_zones, end, begin) == end) + return 0; + + /* All the zones are sequential and empty */ +- if (find_next_zero_bit(zinfo->seq_zones, begin, end) == end && +- find_next_zero_bit(zinfo->empty_zones, begin, end) == end) ++ if (find_next_zero_bit(zinfo->seq_zones, end, begin) == end && ++ find_next_zero_bit(zinfo->empty_zones, end, begin) == end) + return 0; + + for (pos = start; pos < start + size; pos += zinfo->zone_size) { diff --git a/queue-5.15/cifs-fix-pcchunk-length-type-in-smb2_copychunk_range.patch b/queue-5.15/cifs-fix-pcchunk-length-type-in-smb2_copychunk_range.patch new file mode 100644 index 00000000000..0a7d85966b9 --- /dev/null +++ b/queue-5.15/cifs-fix-pcchunk-length-type-in-smb2_copychunk_range.patch @@ -0,0 +1,34 @@ +From d66cde50c3c868af7abddafce701bb86e4a93039 Mon Sep 17 00:00:00 2001 +From: Pawel Witek +Date: Fri, 5 May 2023 17:14:59 +0200 +Subject: cifs: fix pcchunk length type in smb2_copychunk_range + +From: Pawel Witek + +commit d66cde50c3c868af7abddafce701bb86e4a93039 upstream. + +Change type of pcchunk->Length from u32 to u64 to match +smb2_copychunk_range arguments type. Fixes the problem where performing +server-side copy with CIFS_IOC_COPYCHUNK_FILE ioctl resulted in incomplete +copy of large files while returning -EINVAL. + +Fixes: 9bf0c9cd4314 ("CIFS: Fix SMB2/SMB3 Copy offload support (refcopy) for large files") +Cc: +Signed-off-by: Pawel Witek +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/smb2ops.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/cifs/smb2ops.c ++++ b/fs/cifs/smb2ops.c +@@ -1893,7 +1893,7 @@ smb2_copychunk_range(const unsigned int + pcchunk->SourceOffset = cpu_to_le64(src_off); + pcchunk->TargetOffset = cpu_to_le64(dest_off); + pcchunk->Length = +- cpu_to_le32(min_t(u32, len, tcon->max_bytes_chunk)); ++ cpu_to_le32(min_t(u64, len, tcon->max_bytes_chunk)); + + /* Request server copy to target from src identified by key */ + kfree(retbuf); diff --git a/queue-5.15/cifs-release-leases-for-deferred-close-handles-when-freezing.patch b/queue-5.15/cifs-release-leases-for-deferred-close-handles-when-freezing.patch new file mode 100644 index 00000000000..c8269bc42d2 --- /dev/null +++ b/queue-5.15/cifs-release-leases-for-deferred-close-handles-when-freezing.patch @@ -0,0 +1,53 @@ +From d39fc592ef8ae9a89c5e85c8d9f760937a57d5ba Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Wed, 10 May 2023 17:42:21 -0500 +Subject: cifs: release leases for deferred close handles when freezing + +From: Steve French + +commit d39fc592ef8ae9a89c5e85c8d9f760937a57d5ba upstream. + +We should not be caching closed files when freeze is invoked on an fs +(so we can release resources more gracefully). + +Fixes xfstests generic/068 generic/390 generic/491 + +Reviewed-by: David Howells +Cc: +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/cifsfs.c | 15 +++++++++++++++ + 1 file changed, 15 insertions(+) + +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -730,6 +730,20 @@ static void cifs_umount_begin(struct sup + return; + } + ++static int cifs_freeze(struct super_block *sb) ++{ ++ struct cifs_sb_info *cifs_sb = CIFS_SB(sb); ++ struct cifs_tcon *tcon; ++ ++ if (cifs_sb == NULL) ++ return 0; ++ ++ tcon = cifs_sb_master_tcon(cifs_sb); ++ ++ cifs_close_all_deferred_files(tcon); ++ return 0; ++} ++ + #ifdef CONFIG_CIFS_STATS2 + static int cifs_show_stats(struct seq_file *s, struct dentry *root) + { +@@ -761,6 +775,7 @@ static const struct super_operations cif + as opens */ + .show_options = cifs_show_options, + .umount_begin = cifs_umount_begin, ++ .freeze_fs = cifs_freeze, + #ifdef CONFIG_CIFS_STATS2 + .show_stats = cifs_show_stats, + #endif diff --git a/queue-5.15/drm-bridge-lt8912b-fix-dsi-video-mode.patch b/queue-5.15/drm-bridge-lt8912b-fix-dsi-video-mode.patch new file mode 100644 index 00000000000..257ef04a0fc --- /dev/null +++ b/queue-5.15/drm-bridge-lt8912b-fix-dsi-video-mode.patch @@ -0,0 +1,34 @@ +From f435b7ef3b360d689df2ffa8326352cd07940d92 Mon Sep 17 00:00:00 2001 +From: Francesco Dolcini +Date: Thu, 30 Mar 2023 11:31:31 +0200 +Subject: drm/bridge: lt8912b: Fix DSI Video Mode + +From: Francesco Dolcini + +commit f435b7ef3b360d689df2ffa8326352cd07940d92 upstream. + +LT8912 DSI port supports only Non-Burst mode video operation with Sync +Events and continuous clock on clock lane, correct dsi mode flags +according to that removing MIPI_DSI_MODE_VIDEO_BURST flag. + +Cc: +Fixes: 30e2ae943c26 ("drm/bridge: Introduce LT8912B DSI to HDMI bridge") +Signed-off-by: Francesco Dolcini +Reviewed-by: Robert Foss +Signed-off-by: Robert Foss +Link: https://patchwork.freedesktop.org/patch/msgid/20230330093131.424828-1-francesco@dolcini.it +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/bridge/lontium-lt8912b.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/gpu/drm/bridge/lontium-lt8912b.c ++++ b/drivers/gpu/drm/bridge/lontium-lt8912b.c +@@ -494,7 +494,6 @@ static int lt8912_attach_dsi(struct lt89 + dsi->format = MIPI_DSI_FMT_RGB888; + + dsi->mode_flags = MIPI_DSI_MODE_VIDEO | +- MIPI_DSI_MODE_VIDEO_BURST | + MIPI_DSI_MODE_LPM | + MIPI_DSI_MODE_NO_EOT_PACKET; + diff --git a/queue-5.15/drm-msm-fix-null-deref-on-irq-uninstall.patch b/queue-5.15/drm-msm-fix-null-deref-on-irq-uninstall.patch new file mode 100644 index 00000000000..33383b0e5dc --- /dev/null +++ b/queue-5.15/drm-msm-fix-null-deref-on-irq-uninstall.patch @@ -0,0 +1,43 @@ +From cd459c005de3e2b855a8cc7768e633ce9d018e9f Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 6 Mar 2023 11:07:16 +0100 +Subject: drm/msm: fix NULL-deref on irq uninstall + +From: Johan Hovold + +commit cd459c005de3e2b855a8cc7768e633ce9d018e9f upstream. + +In case of early initialisation errors and on platforms that do not use +the DPU controller, the deinitilisation code can be called with the kms +pointer set to NULL. + +Fixes: f026e431cf86 ("drm/msm: Convert to Linux IRQ interfaces") +Cc: stable@vger.kernel.org # 5.14 +Cc: Thomas Zimmermann +Signed-off-by: Johan Hovold +Reviewed-by: Dmitry Baryshkov +Patchwork: https://patchwork.freedesktop.org/patch/525104/ +Link: https://lore.kernel.org/r/20230306100722.28485-5-johan+linaro@kernel.org +Signed-off-by: Dmitry Baryshkov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/msm/msm_drv.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/msm/msm_drv.c ++++ b/drivers/gpu/drm/msm/msm_drv.c +@@ -364,9 +364,11 @@ static int msm_drm_uninit(struct device + + drm_mode_config_cleanup(ddev); + +- pm_runtime_get_sync(dev); +- msm_irq_uninstall(ddev); +- pm_runtime_put_sync(dev); ++ if (kms) { ++ pm_runtime_get_sync(dev); ++ msm_irq_uninstall(ddev); ++ pm_runtime_put_sync(dev); ++ } + + if (kms && kms->funcs) + kms->funcs->destroy(kms); diff --git a/queue-5.15/drm-msm-fix-null-deref-on-snapshot-tear-down.patch b/queue-5.15/drm-msm-fix-null-deref-on-snapshot-tear-down.patch new file mode 100644 index 00000000000..bd4cb611410 --- /dev/null +++ b/queue-5.15/drm-msm-fix-null-deref-on-snapshot-tear-down.patch @@ -0,0 +1,38 @@ +From a465353b9250802f87b97123e33a17f51277f0b1 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 6 Mar 2023 11:07:15 +0100 +Subject: drm/msm: fix NULL-deref on snapshot tear down + +From: Johan Hovold + +commit a465353b9250802f87b97123e33a17f51277f0b1 upstream. + +In case of early initialisation errors and on platforms that do not use +the DPU controller, the deinitilisation code can be called with the kms +pointer set to NULL. + +Fixes: 98659487b845 ("drm/msm: add support to take dpu snapshot") +Cc: stable@vger.kernel.org # 5.14 +Cc: Abhinav Kumar +Signed-off-by: Johan Hovold +Reviewed-by: Dmitry Baryshkov +Patchwork: https://patchwork.freedesktop.org/patch/525099/ +Link: https://lore.kernel.org/r/20230306100722.28485-4-johan+linaro@kernel.org +Signed-off-by: Dmitry Baryshkov +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/msm/msm_drv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/msm/msm_drv.c ++++ b/drivers/gpu/drm/msm/msm_drv.c +@@ -359,7 +359,8 @@ static int msm_drm_uninit(struct device + msm_fbdev_free(ddev); + #endif + +- msm_disp_snapshot_destroy(ddev); ++ if (kms) ++ msm_disp_snapshot_destroy(ddev); + + drm_mode_config_cleanup(ddev); + diff --git a/queue-5.15/drm-panel-otm8009a-set-backlight-parent-to-panel-device.patch b/queue-5.15/drm-panel-otm8009a-set-backlight-parent-to-panel-device.patch new file mode 100644 index 00000000000..4b8f2be4ed7 --- /dev/null +++ b/queue-5.15/drm-panel-otm8009a-set-backlight-parent-to-panel-device.patch @@ -0,0 +1,37 @@ +From ab4f869fba6119997f7630d600049762a2b014fa Mon Sep 17 00:00:00 2001 +From: James Cowgill +Date: Wed, 12 Apr 2023 17:35:07 +0000 +Subject: drm/panel: otm8009a: Set backlight parent to panel device + +From: James Cowgill + +commit ab4f869fba6119997f7630d600049762a2b014fa upstream. + +This is the logical place to put the backlight device, and it also +fixes a kernel crash if the MIPI host is removed. Previously the +backlight device would be unregistered twice when this happened - once +as a child of the MIPI host through `mipi_dsi_host_unregister`, and +once when the panel device is destroyed. + +Fixes: 12a6cbd4f3f1 ("drm/panel: otm8009a: Use new backlight API") +Signed-off-by: James Cowgill +Cc: stable@vger.kernel.org +Reviewed-by: Neil Armstrong +Signed-off-by: Neil Armstrong +Link: https://patchwork.freedesktop.org/patch/msgid/20230412173450.199592-1-james.cowgill@blaize.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/panel/panel-orisetech-otm8009a.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c ++++ b/drivers/gpu/drm/panel/panel-orisetech-otm8009a.c +@@ -444,7 +444,7 @@ static int otm8009a_probe(struct mipi_ds + DRM_MODE_CONNECTOR_DSI); + + ctx->bl_dev = devm_backlight_device_register(dev, dev_name(dev), +- dsi->host->dev, ctx, ++ dev, ctx, + &otm8009a_backlight_ops, + NULL); + if (IS_ERR(ctx->bl_dev)) { diff --git a/queue-5.15/f2fs-fix-potential-corruption-when-moving-a-directory.patch b/queue-5.15/f2fs-fix-potential-corruption-when-moving-a-directory.patch new file mode 100644 index 00000000000..37f1fb668bb --- /dev/null +++ b/queue-5.15/f2fs-fix-potential-corruption-when-moving-a-directory.patch @@ -0,0 +1,65 @@ +From d94772154e524b329a168678836745d2773a6e02 Mon Sep 17 00:00:00 2001 +From: Jaegeuk Kim +Date: Thu, 6 Apr 2023 11:18:48 -0700 +Subject: f2fs: fix potential corruption when moving a directory + +From: Jaegeuk Kim + +commit d94772154e524b329a168678836745d2773a6e02 upstream. + +F2FS has the same issue in ext4_rename causing crash revealed by +xfstests/generic/707. + +See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory") + +CC: stable@vger.kernel.org +Signed-off-by: Jaegeuk Kim +Signed-off-by: Greg Kroah-Hartman +--- + fs/f2fs/namei.c | 16 +++++++++++++++- + 1 file changed, 15 insertions(+), 1 deletion(-) + +--- a/fs/f2fs/namei.c ++++ b/fs/f2fs/namei.c +@@ -991,12 +991,20 @@ static int f2fs_rename(struct inode *old + goto out; + } + ++ /* ++ * Copied from ext4_rename: we need to protect against old.inode ++ * directory getting converted from inline directory format into ++ * a normal one. ++ */ ++ if (S_ISDIR(old_inode->i_mode)) ++ inode_lock_nested(old_inode, I_MUTEX_NONDIR2); ++ + err = -ENOENT; + old_entry = f2fs_find_entry(old_dir, &old_dentry->d_name, &old_page); + if (!old_entry) { + if (IS_ERR(old_page)) + err = PTR_ERR(old_page); +- goto out; ++ goto out_unlock_old; + } + + if (S_ISDIR(old_inode->i_mode)) { +@@ -1104,6 +1112,9 @@ static int f2fs_rename(struct inode *old + + f2fs_unlock_op(sbi); + ++ if (S_ISDIR(old_inode->i_mode)) ++ inode_unlock(old_inode); ++ + if (IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir)) + f2fs_sync_fs(sbi->sb, 1); + +@@ -1118,6 +1129,9 @@ out_dir: + f2fs_put_page(old_dir_page, 0); + out_old: + f2fs_put_page(old_page, 0); ++out_unlock_old: ++ if (S_ISDIR(old_inode->i_mode)) ++ inode_unlock(old_inode); + out: + if (whiteout) + iput(whiteout); diff --git a/queue-5.15/inotify-avoid-reporting-event-with-invalid-wd.patch b/queue-5.15/inotify-avoid-reporting-event-with-invalid-wd.patch new file mode 100644 index 00000000000..d29275d0eb7 --- /dev/null +++ b/queue-5.15/inotify-avoid-reporting-event-with-invalid-wd.patch @@ -0,0 +1,61 @@ +From c915d8f5918bea7c3962b09b8884ca128bfd9b0c Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Mon, 24 Apr 2023 18:32:19 +0200 +Subject: inotify: Avoid reporting event with invalid wd + +From: Jan Kara + +commit c915d8f5918bea7c3962b09b8884ca128bfd9b0c upstream. + +When inotify_freeing_mark() races with inotify_handle_inode_event() it +can happen that inotify_handle_inode_event() sees that i_mark->wd got +already reset to -1 and reports this value to userspace which can +confuse the inotify listener. Avoid the problem by validating that wd is +sensible (and pretend the mark got removed before the event got +generated otherwise). + +CC: stable@vger.kernel.org +Fixes: 7e790dd5fc93 ("inotify: fix error paths in inotify_update_watch") +Message-Id: <20230424163219.9250-1-jack@suse.cz> +Reported-by: syzbot+4a06d4373fd52f0b2f9c@syzkaller.appspotmail.com +Reviewed-by: Amir Goldstein +Signed-off-by: Jan Kara +Signed-off-by: Greg Kroah-Hartman +--- + fs/notify/inotify/inotify_fsnotify.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/fs/notify/inotify/inotify_fsnotify.c ++++ b/fs/notify/inotify/inotify_fsnotify.c +@@ -65,7 +65,7 @@ int inotify_handle_inode_event(struct fs + struct fsnotify_event *fsn_event; + struct fsnotify_group *group = inode_mark->group; + int ret; +- int len = 0; ++ int len = 0, wd; + int alloc_len = sizeof(struct inotify_event_info); + struct mem_cgroup *old_memcg; + +@@ -81,6 +81,13 @@ int inotify_handle_inode_event(struct fs + fsn_mark); + + /* ++ * We can be racing with mark being detached. Don't report event with ++ * invalid wd. ++ */ ++ wd = READ_ONCE(i_mark->wd); ++ if (wd == -1) ++ return 0; ++ /* + * Whoever is interested in the event, pays for the allocation. Do not + * trigger OOM killer in the target monitoring memcg as it may have + * security repercussion. +@@ -110,7 +117,7 @@ int inotify_handle_inode_event(struct fs + fsn_event = &event->fse; + fsnotify_init_event(fsn_event); + event->mask = mask; +- event->wd = i_mark->wd; ++ event->wd = wd; + event->sync_cookie = cookie; + event->name_len = len; + if (len) diff --git a/queue-5.15/platform-x86-touchscreen_dmi-add-info-for-the-dexp-ursus-kx210i.patch b/queue-5.15/platform-x86-touchscreen_dmi-add-info-for-the-dexp-ursus-kx210i.patch new file mode 100644 index 00000000000..c403d0a8e96 --- /dev/null +++ b/queue-5.15/platform-x86-touchscreen_dmi-add-info-for-the-dexp-ursus-kx210i.patch @@ -0,0 +1,61 @@ +From 4b65f95c87c35699bc6ad540d6b9dd7f950d0924 Mon Sep 17 00:00:00 2001 +From: Andrey Avdeev +Date: Sun, 30 Apr 2023 11:01:10 +0300 +Subject: platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i + +From: Andrey Avdeev + +commit 4b65f95c87c35699bc6ad540d6b9dd7f950d0924 upstream. + +Add touchscreen info for the Dexp Ursus KX210i + +Signed-off-by: Andrey Avdeev +Link: https://lore.kernel.org/r/ZE4gRgzRQCjXFYD0@avdeevavpc +Cc: stable@vger.kernel.org +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/touchscreen_dmi.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +--- a/drivers/platform/x86/touchscreen_dmi.c ++++ b/drivers/platform/x86/touchscreen_dmi.c +@@ -327,6 +327,22 @@ static const struct ts_dmi_data dexp_urs + .properties = dexp_ursus_7w_props, + }; + ++static const struct property_entry dexp_ursus_kx210i_props[] = { ++ PROPERTY_ENTRY_U32("touchscreen-min-x", 5), ++ PROPERTY_ENTRY_U32("touchscreen-min-y", 2), ++ PROPERTY_ENTRY_U32("touchscreen-size-x", 1720), ++ PROPERTY_ENTRY_U32("touchscreen-size-y", 1137), ++ PROPERTY_ENTRY_STRING("firmware-name", "gsl1680-dexp-ursus-kx210i.fw"), ++ PROPERTY_ENTRY_U32("silead,max-fingers", 10), ++ PROPERTY_ENTRY_BOOL("silead,home-button"), ++ { } ++}; ++ ++static const struct ts_dmi_data dexp_ursus_kx210i_data = { ++ .acpi_name = "MSSL1680:00", ++ .properties = dexp_ursus_kx210i_props, ++}; ++ + static const struct property_entry digma_citi_e200_props[] = { + PROPERTY_ENTRY_U32("touchscreen-size-x", 1980), + PROPERTY_ENTRY_U32("touchscreen-size-y", 1500), +@@ -1167,6 +1183,14 @@ const struct dmi_system_id touchscreen_d + }, + }, + { ++ /* DEXP Ursus KX210i */ ++ .driver_data = (void *)&dexp_ursus_kx210i_data, ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "INSYDE Corp."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "S107I"), ++ }, ++ }, ++ { + /* Digma Citi E200 */ + .driver_data = (void *)&digma_citi_e200_data, + .matches = { diff --git a/queue-5.15/platform-x86-touchscreen_dmi-add-upside-down-quirk-for-gdix1002-ts-on-the-juno-tablet.patch b/queue-5.15/platform-x86-touchscreen_dmi-add-upside-down-quirk-for-gdix1002-ts-on-the-juno-tablet.patch new file mode 100644 index 00000000000..db3b5a58e41 --- /dev/null +++ b/queue-5.15/platform-x86-touchscreen_dmi-add-upside-down-quirk-for-gdix1002-ts-on-the-juno-tablet.patch @@ -0,0 +1,54 @@ +From 6abfa99ce52f61a31bcfc2aaaae09006f5665495 Mon Sep 17 00:00:00 2001 +From: Hans de Goede +Date: Fri, 5 May 2023 23:03:23 +0200 +Subject: platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet + +From: Hans de Goede + +commit 6abfa99ce52f61a31bcfc2aaaae09006f5665495 upstream. + +The Juno Computers Juno Tablet has an upside-down mounted Goodix +touchscreen. Add a quirk to invert both axis to correct for this. + +Link: https://junocomputers.com/us/product/juno-tablet/ +Cc: stable@vger.kernel.org +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20230505210323.43177-1-hdegoede@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/platform/x86/touchscreen_dmi.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +--- a/drivers/platform/x86/touchscreen_dmi.c ++++ b/drivers/platform/x86/touchscreen_dmi.c +@@ -381,6 +381,11 @@ static const struct ts_dmi_data glavey_t + .properties = glavey_tm800a550l_props, + }; + ++static const struct ts_dmi_data gdix1002_00_upside_down_data = { ++ .acpi_name = "GDIX1002:00", ++ .properties = gdix1001_upside_down_props, ++}; ++ + static const struct property_entry gp_electronic_t701_props[] = { + PROPERTY_ENTRY_U32("touchscreen-size-x", 960), + PROPERTY_ENTRY_U32("touchscreen-size-y", 640), +@@ -1281,6 +1286,18 @@ const struct dmi_system_id touchscreen_d + }, + }, + { ++ /* Juno Tablet */ ++ .driver_data = (void *)&gdix1002_00_upside_down_data, ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Default string"), ++ /* Both product- and board-name being "Default string" is somewhat rare */ ++ DMI_MATCH(DMI_PRODUCT_NAME, "Default string"), ++ DMI_MATCH(DMI_BOARD_NAME, "Default string"), ++ /* Above matches are too generic, add partial bios-version match */ ++ DMI_MATCH(DMI_BIOS_VERSION, "JP2V1."), ++ }, ++ }, ++ { + /* Mediacom WinPad 7.0 W700 (same hw as Wintron surftab 7") */ + .driver_data = (void *)&trekstor_surftab_wintron70_data, + .matches = { diff --git a/queue-5.15/remoteproc-imx_rproc-call-of_node_put-on-iteration-error.patch b/queue-5.15/remoteproc-imx_rproc-call-of_node_put-on-iteration-error.patch new file mode 100644 index 00000000000..1b8b7041808 --- /dev/null +++ b/queue-5.15/remoteproc-imx_rproc-call-of_node_put-on-iteration-error.patch @@ -0,0 +1,49 @@ +From 5ef074e805ecfd9a16dbb7b6b88bbfa8abad7054 Mon Sep 17 00:00:00 2001 +From: Mathieu Poirier +Date: Mon, 20 Mar 2023 16:18:25 -0600 +Subject: remoteproc: imx_rproc: Call of_node_put() on iteration error + +From: Mathieu Poirier + +commit 5ef074e805ecfd9a16dbb7b6b88bbfa8abad7054 upstream. + +Function of_phandle_iterator_next() calls of_node_put() on the last +device_node it iterated over, but when the loop exits prematurely it has +to be called explicitly. + +Fixes: b29b4249f8f0 ("remoteproc: imx_rproc: add i.MX specific parse fw hook") +Cc: stable@vger.kernel.org +Signed-off-by: Mathieu Poirier +Reviewed-by: Peng Fan +Link: https://lore.kernel.org/r/20230320221826.2728078-5-mathieu.poirier@linaro.org +Signed-off-by: Mathieu Poirier +Signed-off-by: Greg Kroah-Hartman +--- + drivers/remoteproc/imx_rproc.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/remoteproc/imx_rproc.c ++++ b/drivers/remoteproc/imx_rproc.c +@@ -452,6 +452,7 @@ static int imx_rproc_prepare(struct rpro + + rmem = of_reserved_mem_lookup(it.node); + if (!rmem) { ++ of_node_put(it.node); + dev_err(priv->dev, "unable to acquire memory-region\n"); + return -EINVAL; + } +@@ -464,10 +465,12 @@ static int imx_rproc_prepare(struct rpro + imx_rproc_mem_alloc, imx_rproc_mem_release, + it.node->name); + +- if (mem) ++ if (mem) { + rproc_coredump_add_segment(rproc, da, rmem->size); +- else ++ } else { ++ of_node_put(it.node); + return -ENOMEM; ++ } + + rproc_add_carveout(rproc, mem); + } diff --git a/queue-5.15/remoteproc-st-call-of_node_put-on-iteration-error.patch b/queue-5.15/remoteproc-st-call-of_node_put-on-iteration-error.patch new file mode 100644 index 00000000000..fc03f58bc8b --- /dev/null +++ b/queue-5.15/remoteproc-st-call-of_node_put-on-iteration-error.patch @@ -0,0 +1,46 @@ +From 8a74918948b40317a5b5bab9739d13dcb5de2784 Mon Sep 17 00:00:00 2001 +From: Mathieu Poirier +Date: Mon, 20 Mar 2023 16:18:23 -0600 +Subject: remoteproc: st: Call of_node_put() on iteration error + +From: Mathieu Poirier + +commit 8a74918948b40317a5b5bab9739d13dcb5de2784 upstream. + +Function of_phandle_iterator_next() calls of_node_put() on the last +device_node it iterated over, but when the loop exits prematurely it has +to be called explicitly. + +Fixes: 3df52ed7f269 ("remoteproc: st: add reserved memory support") +Cc: stable@vger.kernel.org +Signed-off-by: Mathieu Poirier +Reviewed-by: Arnaud Pouliquen +Link: https://lore.kernel.org/r/20230320221826.2728078-3-mathieu.poirier@linaro.org +Signed-off-by: Mathieu Poirier +Signed-off-by: Greg Kroah-Hartman +--- + drivers/remoteproc/st_remoteproc.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/remoteproc/st_remoteproc.c ++++ b/drivers/remoteproc/st_remoteproc.c +@@ -129,6 +129,7 @@ static int st_rproc_parse_fw(struct rpro + while (of_phandle_iterator_next(&it) == 0) { + rmem = of_reserved_mem_lookup(it.node); + if (!rmem) { ++ of_node_put(it.node); + dev_err(dev, "unable to acquire memory-region\n"); + return -EINVAL; + } +@@ -150,8 +151,10 @@ static int st_rproc_parse_fw(struct rpro + it.node->name); + } + +- if (!mem) ++ if (!mem) { ++ of_node_put(it.node); + return -ENOMEM; ++ } + + rproc_add_carveout(rproc, mem); + index++; diff --git a/queue-5.15/remoteproc-stm32-call-of_node_put-on-iteration-error.patch b/queue-5.15/remoteproc-stm32-call-of_node_put-on-iteration-error.patch new file mode 100644 index 00000000000..1a119d96d9b --- /dev/null +++ b/queue-5.15/remoteproc-stm32-call-of_node_put-on-iteration-error.patch @@ -0,0 +1,52 @@ +From ccadca5baf5124a880f2bb50ed1ec265415f025b Mon Sep 17 00:00:00 2001 +From: Mathieu Poirier +Date: Mon, 20 Mar 2023 16:18:22 -0600 +Subject: remoteproc: stm32: Call of_node_put() on iteration error + +From: Mathieu Poirier + +commit ccadca5baf5124a880f2bb50ed1ec265415f025b upstream. + +Function of_phandle_iterator_next() calls of_node_put() on the last +device_node it iterated over, but when the loop exits prematurely it has +to be called explicitly. + +Fixes: 13140de09cc2 ("remoteproc: stm32: add an ST stm32_rproc driver") +Cc: stable@vger.kernel.org +Signed-off-by: Mathieu Poirier +Reviewed-by: Arnaud Pouliquen +Link: https://lore.kernel.org/r/20230320221826.2728078-2-mathieu.poirier@linaro.org +Signed-off-by: Mathieu Poirier +Signed-off-by: Greg Kroah-Hartman +--- + drivers/remoteproc/stm32_rproc.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/remoteproc/stm32_rproc.c ++++ b/drivers/remoteproc/stm32_rproc.c +@@ -223,11 +223,13 @@ static int stm32_rproc_prepare(struct rp + while (of_phandle_iterator_next(&it) == 0) { + rmem = of_reserved_mem_lookup(it.node); + if (!rmem) { ++ of_node_put(it.node); + dev_err(dev, "unable to acquire memory-region\n"); + return -EINVAL; + } + + if (stm32_rproc_pa_to_da(rproc, rmem->base, &da) < 0) { ++ of_node_put(it.node); + dev_err(dev, "memory region not valid %pa\n", + &rmem->base); + return -EINVAL; +@@ -254,8 +256,10 @@ static int stm32_rproc_prepare(struct rp + it.node->name); + } + +- if (!mem) ++ if (!mem) { ++ of_node_put(it.node); + return -ENOMEM; ++ } + + rproc_add_carveout(rproc, mem); + index++; diff --git a/queue-5.15/series b/queue-5.15/series index c882aafbe1d..8aeb7c8167b 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -61,3 +61,32 @@ crypto-engine-fix-crypto_queue-backlog-handling.patch perf-symbols-fix-return-incorrect-build_id-size-in-e.patch perf-evlist-refactor-evlist__for_each_cpu.patch perf-stat-separate-bperf-from-bpf_profiler.patch +x86-retbleed-fix-return-thunk-alignment.patch +btrfs-fix-btrfs_prev_leaf-to-not-return-the-same-key-twice.patch +btrfs-zoned-fix-wrong-use-of-bitops-api-in-btrfs_ensure_empty_zones.patch +btrfs-fix-encoded-write-i_size-corruption-with-no-holes.patch +btrfs-don-t-free-qgroup-space-unless-specified.patch +btrfs-zero-the-buffer-before-marking-it-dirty-in-btrfs_redirty_list_add.patch +btrfs-print-tree-parent-bytenr-must-be-aligned-to-sector-size.patch +btrfs-fix-space-cache-inconsistency-after-error-loading-it-from-disk.patch +cifs-fix-pcchunk-length-type-in-smb2_copychunk_range.patch +cifs-release-leases-for-deferred-close-handles-when-freezing.patch +platform-x86-touchscreen_dmi-add-upside-down-quirk-for-gdix1002-ts-on-the-juno-tablet.patch +platform-x86-touchscreen_dmi-add-info-for-the-dexp-ursus-kx210i.patch +inotify-avoid-reporting-event-with-invalid-wd.patch +smb3-fix-problem-remounting-a-share-after-shutdown.patch +smb3-force-unmount-was-failing-to-close-deferred-close-files.patch +sh-math-emu-fix-macro-redefined-warning.patch +sh-mcount.s-fix-build-error-when-printk-is-not-enabled.patch +sh-init-use-of_early_flattree-for-early-init.patch +sh-nmi_debug-fix-return-value-of-__setup-handler.patch +remoteproc-stm32-call-of_node_put-on-iteration-error.patch +remoteproc-st-call-of_node_put-on-iteration-error.patch +remoteproc-imx_rproc-call-of_node_put-on-iteration-error.patch +arm-dts-exynos-fix-wm8960-clock-name-in-itop-elite.patch +arm-dts-s5pv210-correct-mipi-csis-clock-name.patch +drm-bridge-lt8912b-fix-dsi-video-mode.patch +drm-msm-fix-null-deref-on-snapshot-tear-down.patch +drm-msm-fix-null-deref-on-irq-uninstall.patch +f2fs-fix-potential-corruption-when-moving-a-directory.patch +drm-panel-otm8009a-set-backlight-parent-to-panel-device.patch diff --git a/queue-5.15/sh-init-use-of_early_flattree-for-early-init.patch b/queue-5.15/sh-init-use-of_early_flattree-for-early-init.patch new file mode 100644 index 00000000000..1651880afc5 --- /dev/null +++ b/queue-5.15/sh-init-use-of_early_flattree-for-early-init.patch @@ -0,0 +1,89 @@ +From 6cba655543c7959f8a6d2979b9d40a6a66b7ed4f Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sun, 5 Mar 2023 20:00:33 -0800 +Subject: sh: init: use OF_EARLY_FLATTREE for early init + +From: Randy Dunlap + +commit 6cba655543c7959f8a6d2979b9d40a6a66b7ed4f upstream. + +When CONFIG_OF_EARLY_FLATTREE and CONFIG_SH_DEVICE_TREE are not set, +SH3 build fails with a call to early_init_dt_scan(), so in +arch/sh/kernel/setup.c and arch/sh/kernel/head_32.S, use +CONFIG_OF_EARLY_FLATTREE instead of CONFIG_OF_FLATTREE. + +Fixes this build error: +../arch/sh/kernel/setup.c: In function 'sh_fdt_init': +../arch/sh/kernel/setup.c:262:26: error: implicit declaration of function 'early_init_dt_scan' [-Werror=implicit-function-declaration] + 262 | if (!dt_virt || !early_init_dt_scan(dt_virt)) { + +Fixes: 03767daa1387 ("sh: fix build regression with CONFIG_OF && !CONFIG_OF_FLATTREE") +Fixes: eb6b6930a70f ("sh: fix memory corruption of unflattened device tree") +Signed-off-by: Randy Dunlap +Suggested-by: Rob Herring +Cc: Frank Rowand +Cc: devicetree@vger.kernel.org +Cc: Rich Felker +Cc: Yoshinori Sato +Cc: Geert Uytterhoeven +Cc: John Paul Adrian Glaubitz +Cc: linux-sh@vger.kernel.org +Cc: stable@vger.kernel.org +Reviewed-by: John Paul Adrian Glaubitz +Link: https://lore.kernel.org/r/20230306040037.20350-4-rdunlap@infradead.org +Signed-off-by: John Paul Adrian Glaubitz +Signed-off-by: Greg Kroah-Hartman +--- + arch/sh/kernel/head_32.S | 6 +++--- + arch/sh/kernel/setup.c | 4 ++-- + 2 files changed, 5 insertions(+), 5 deletions(-) + +--- a/arch/sh/kernel/head_32.S ++++ b/arch/sh/kernel/head_32.S +@@ -64,7 +64,7 @@ ENTRY(_stext) + ldc r0, r6_bank + #endif + +-#ifdef CONFIG_OF_FLATTREE ++#ifdef CONFIG_OF_EARLY_FLATTREE + mov r4, r12 ! Store device tree blob pointer in r12 + #endif + +@@ -315,7 +315,7 @@ ENTRY(_stext) + 10: + #endif + +-#ifdef CONFIG_OF_FLATTREE ++#ifdef CONFIG_OF_EARLY_FLATTREE + mov.l 8f, r0 ! Make flat device tree available early. + jsr @r0 + mov r12, r4 +@@ -346,7 +346,7 @@ ENTRY(stack_start) + 5: .long start_kernel + 6: .long cpu_init + 7: .long init_thread_union +-#if defined(CONFIG_OF_FLATTREE) ++#if defined(CONFIG_OF_EARLY_FLATTREE) + 8: .long sh_fdt_init + #endif + +--- a/arch/sh/kernel/setup.c ++++ b/arch/sh/kernel/setup.c +@@ -244,7 +244,7 @@ void __init __weak plat_early_device_set + { + } + +-#ifdef CONFIG_OF_FLATTREE ++#ifdef CONFIG_OF_EARLY_FLATTREE + void __ref sh_fdt_init(phys_addr_t dt_phys) + { + static int done = 0; +@@ -326,7 +326,7 @@ void __init setup_arch(char **cmdline_p) + /* Let earlyprintk output early console messages */ + sh_early_platform_driver_probe("earlyprintk", 1, 1); + +-#ifdef CONFIG_OF_FLATTREE ++#ifdef CONFIG_OF_EARLY_FLATTREE + #ifdef CONFIG_USE_BUILTIN_DTB + unflatten_and_copy_device_tree(); + #else diff --git a/queue-5.15/sh-math-emu-fix-macro-redefined-warning.patch b/queue-5.15/sh-math-emu-fix-macro-redefined-warning.patch new file mode 100644 index 00000000000..de8de10da1a --- /dev/null +++ b/queue-5.15/sh-math-emu-fix-macro-redefined-warning.patch @@ -0,0 +1,47 @@ +From 58a49ad90939386a8682e842c474a0d2c00ec39c Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sun, 5 Mar 2023 20:00:34 -0800 +Subject: sh: math-emu: fix macro redefined warning + +From: Randy Dunlap + +commit 58a49ad90939386a8682e842c474a0d2c00ec39c upstream. + +Fix a warning that was reported by the kernel test robot: + +In file included from ../include/math-emu/soft-fp.h:27, + from ../arch/sh/math-emu/math.c:22: +../arch/sh/include/asm/sfp-machine.h:17: warning: "__BYTE_ORDER" redefined + 17 | #define __BYTE_ORDER __BIG_ENDIAN +In file included from ../arch/sh/math-emu/math.c:21: +../arch/sh/math-emu/sfp-util.h:71: note: this is the location of the previous definition + 71 | #define __BYTE_ORDER __LITTLE_ENDIAN + +Fixes: b929926f01f2 ("sh: define __BIG_ENDIAN for math-emu") +Signed-off-by: Randy Dunlap +Reported-by: kernel test robot +Link: lore.kernel.org/r/202111121827.6v6SXtVv-lkp@intel.com +Cc: John Paul Adrian Glaubitz +Cc: Yoshinori Sato +Cc: Rich Felker +Cc: linux-sh@vger.kernel.org +Reviewed-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org +Reviewed-by: John Paul Adrian Glaubitz +Link: https://lore.kernel.org/r/20230306040037.20350-5-rdunlap@infradead.org +Signed-off-by: John Paul Adrian Glaubitz +Signed-off-by: Greg Kroah-Hartman +--- + arch/sh/math-emu/sfp-util.h | 4 ---- + 1 file changed, 4 deletions(-) + +--- a/arch/sh/math-emu/sfp-util.h ++++ b/arch/sh/math-emu/sfp-util.h +@@ -67,7 +67,3 @@ + } while (0) + + #define abort() return 0 +- +-#define __BYTE_ORDER __LITTLE_ENDIAN +- +- diff --git a/queue-5.15/sh-mcount.s-fix-build-error-when-printk-is-not-enabled.patch b/queue-5.15/sh-mcount.s-fix-build-error-when-printk-is-not-enabled.patch new file mode 100644 index 00000000000..f34a31fd26e --- /dev/null +++ b/queue-5.15/sh-mcount.s-fix-build-error-when-printk-is-not-enabled.patch @@ -0,0 +1,41 @@ +From c2bd1e18c6f85c0027da2e5e7753b9bfd9f8e6dc Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sun, 5 Mar 2023 20:00:37 -0800 +Subject: sh: mcount.S: fix build error when PRINTK is not enabled + +From: Randy Dunlap + +commit c2bd1e18c6f85c0027da2e5e7753b9bfd9f8e6dc upstream. + +Fix a build error in mcount.S when CONFIG_PRINTK is not enabled. +Fixes this build error: + +sh2-linux-ld: arch/sh/lib/mcount.o: in function `stack_panic': +(.text+0xec): undefined reference to `dump_stack' + +Fixes: e460ab27b6c3 ("sh: Fix up stack overflow check with ftrace disabled.") +Signed-off-by: Randy Dunlap +Cc: John Paul Adrian Glaubitz +Cc: Yoshinori Sato +Cc: Rich Felker +Suggested-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org +Reviewed-by: John Paul Adrian Glaubitz +Link: https://lore.kernel.org/r/20230306040037.20350-8-rdunlap@infradead.org +Signed-off-by: John Paul Adrian Glaubitz +Signed-off-by: Greg Kroah-Hartman +--- + arch/sh/Kconfig.debug | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/sh/Kconfig.debug ++++ b/arch/sh/Kconfig.debug +@@ -15,7 +15,7 @@ config SH_STANDARD_BIOS + + config STACK_DEBUG + bool "Check for stack overflows" +- depends on DEBUG_KERNEL ++ depends on DEBUG_KERNEL && PRINTK + help + This option will cause messages to be printed if free stack space + drops below a certain limit. Saying Y here will add overhead to diff --git a/queue-5.15/sh-nmi_debug-fix-return-value-of-__setup-handler.patch b/queue-5.15/sh-nmi_debug-fix-return-value-of-__setup-handler.patch new file mode 100644 index 00000000000..18170e9313f --- /dev/null +++ b/queue-5.15/sh-nmi_debug-fix-return-value-of-__setup-handler.patch @@ -0,0 +1,53 @@ +From d1155e4132de712a9d3066e2667ceaad39a539c5 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Sun, 5 Mar 2023 20:00:32 -0800 +Subject: sh: nmi_debug: fix return value of __setup handler + +From: Randy Dunlap + +commit d1155e4132de712a9d3066e2667ceaad39a539c5 upstream. + +__setup() handlers should return 1 to obsolete_checksetup() in +init/main.c to indicate that the boot option has been handled. +A return of 0 causes the boot option/value to be listed as an Unknown +kernel parameter and added to init's (limited) argument or environment +strings. Also, error return codes don't mean anything to +obsolete_checksetup() -- only non-zero (usually 1) or zero. +So return 1 from nmi_debug_setup(). + +Fixes: 1e1030dccb10 ("sh: nmi_debug support.") +Signed-off-by: Randy Dunlap +Reported-by: Igor Zhbanov +Link: lore.kernel.org/r/64644a2f-4a20-bab3-1e15-3b2cdd0defe3@omprussia.ru +Cc: John Paul Adrian Glaubitz +Cc: Yoshinori Sato +Cc: Rich Felker +Cc: linux-sh@vger.kernel.org +Cc: stable@vger.kernel.org +Reviewed-by: John Paul Adrian Glaubitz +Link: https://lore.kernel.org/r/20230306040037.20350-3-rdunlap@infradead.org +Signed-off-by: John Paul Adrian Glaubitz +Signed-off-by: Greg Kroah-Hartman +--- + arch/sh/kernel/nmi_debug.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/sh/kernel/nmi_debug.c ++++ b/arch/sh/kernel/nmi_debug.c +@@ -49,7 +49,7 @@ static int __init nmi_debug_setup(char * + register_die_notifier(&nmi_debug_nb); + + if (*str != '=') +- return 0; ++ return 1; + + for (p = str + 1; *p; p = sep + 1) { + sep = strchr(p, ','); +@@ -70,6 +70,6 @@ static int __init nmi_debug_setup(char * + break; + } + +- return 0; ++ return 1; + } + __setup("nmi_debug", nmi_debug_setup); diff --git a/queue-5.15/smb3-fix-problem-remounting-a-share-after-shutdown.patch b/queue-5.15/smb3-fix-problem-remounting-a-share-after-shutdown.patch new file mode 100644 index 00000000000..e97352a06e2 --- /dev/null +++ b/queue-5.15/smb3-fix-problem-remounting-a-share-after-shutdown.patch @@ -0,0 +1,40 @@ +From 716a3cf317456fa01d54398bb14ab354f50ed6a2 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Tue, 9 May 2023 01:37:19 -0500 +Subject: smb3: fix problem remounting a share after shutdown + +From: Steve French + +commit 716a3cf317456fa01d54398bb14ab354f50ed6a2 upstream. + +xfstests generic/392 showed a problem where even after a +shutdown call was made on a mount, we would still attempt +to use the (now inaccessible) superblock if another mount +was attempted for the same share. + +Reported-by: David Howells +Reviewed-by: David Howells +Cc: +Fixes: 087f757b0129 ("cifs: add shutdown support") +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/connect.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -2474,6 +2474,13 @@ cifs_match_super(struct super_block *sb, + + spin_lock(&cifs_tcp_ses_lock); + cifs_sb = CIFS_SB(sb); ++ ++ /* We do not want to use a superblock that has been shutdown */ ++ if (CIFS_MOUNT_SHUTDOWN & cifs_sb->mnt_cifs_flags) { ++ spin_unlock(&cifs_tcp_ses_lock); ++ return 0; ++ } ++ + tlink = cifs_get_tlink(cifs_sb_master_tlink(cifs_sb)); + if (tlink == NULL) { + /* can not match superblock if tlink were ever null */ diff --git a/queue-5.15/smb3-force-unmount-was-failing-to-close-deferred-close-files.patch b/queue-5.15/smb3-force-unmount-was-failing-to-close-deferred-close-files.patch new file mode 100644 index 00000000000..95979dec112 --- /dev/null +++ b/queue-5.15/smb3-force-unmount-was-failing-to-close-deferred-close-files.patch @@ -0,0 +1,49 @@ +From 2cb6f968775a9fd60c90a6042b9550bcec3ea087 Mon Sep 17 00:00:00 2001 +From: Steve French +Date: Tue, 9 May 2023 01:00:42 -0500 +Subject: SMB3: force unmount was failing to close deferred close files + +From: Steve French + +commit 2cb6f968775a9fd60c90a6042b9550bcec3ea087 upstream. + +In investigating a failure with xfstest generic/392 it +was noticed that mounts were reusing a superblock that should +already have been freed. This turned out to be related to +deferred close files keeping a reference count until the +closetimeo expired. + +Currently the only way an fs knows that mount is beginning is +when force unmount is called, but when this, ie umount_begin(), +is called all deferred close files on the share (tree +connection) should be closed immediately (unless shared by +another mount) to avoid using excess resources on the server +and to avoid reusing a superblock which should already be freed. + +In umount_begin, close all deferred close handles for that +share if this is the last mount using that share on this +client (ie send the SMB3 close request over the wire for those +that have been already closed by the app but that we have +kept a handle lease open for and have not sent closes to the +server for yet). + +Reported-by: David Howells +Acked-by: Bharath SM +Cc: +Fixes: 78c09634f7dc ("Cifs: Fix kernel oops caused by deferred close for files.") +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/cifsfs.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -715,6 +715,7 @@ static void cifs_umount_begin(struct sup + tcon->tidStatus = CifsExiting; + spin_unlock(&cifs_tcp_ses_lock); + ++ cifs_close_all_deferred_files(tcon); + /* cancel_brl_requests(tcon); */ /* BB mark all brl mids as exiting */ + /* cancel_notify_requests(tcon); */ + if (tcon->ses && tcon->ses->server) { diff --git a/queue-5.15/x86-retbleed-fix-return-thunk-alignment.patch b/queue-5.15/x86-retbleed-fix-return-thunk-alignment.patch new file mode 100644 index 00000000000..7ccb2b95156 --- /dev/null +++ b/queue-5.15/x86-retbleed-fix-return-thunk-alignment.patch @@ -0,0 +1,48 @@ +From 9a48d604672220545d209e9996c2a1edbb5637f6 Mon Sep 17 00:00:00 2001 +From: "Borislav Petkov (AMD)" +Date: Fri, 12 May 2023 23:12:26 +0200 +Subject: x86/retbleed: Fix return thunk alignment + +From: Borislav Petkov (AMD) + +commit 9a48d604672220545d209e9996c2a1edbb5637f6 upstream. + +SYM_FUNC_START_LOCAL_NOALIGN() adds an endbr leading to this layout +(leaving only the last 2 bytes of the address): + + 3bff : + 3bff: f3 0f 1e fa endbr64 + 3c03: f6 test $0xcc,%bl + + 3c04 <__x86_return_thunk>: + 3c04: c3 ret + 3c05: cc int3 + 3c06: 0f ae e8 lfence + +However, "the RET at __x86_return_thunk must be on a 64 byte boundary, +for alignment within the BTB." + +Use SYM_START instead. + +Signed-off-by: Borislav Petkov (AMD) +Reviewed-by: Thomas Gleixner +Cc: +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/lib/retpoline.S | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/x86/lib/retpoline.S ++++ b/arch/x86/lib/retpoline.S +@@ -86,8 +86,8 @@ SYM_CODE_END(__x86_indirect_thunk_array) + */ + .align 64 + .skip 63, 0xcc +-SYM_FUNC_START_NOALIGN(zen_untrain_ret); +- ++SYM_START(zen_untrain_ret, SYM_L_GLOBAL, SYM_A_NONE) ++ ANNOTATE_NOENDBR + /* + * As executed from zen_untrain_ret, this is: + *