From: Greg Kroah-Hartman Date: Mon, 22 Aug 2022 11:46:55 +0000 (+0200) Subject: 5.19-stable patches X-Git-Tag: v4.9.326~44 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e786830d36ed604142bd3b748f626879dc23f451;p=thirdparty%2Fkernel%2Fstable-queue.git 5.19-stable patches added patches: asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch asoc-dpcm-don-t-pick-up-be-without-substream.patch asoc-intel-avs-fix-potential-buffer-overflow-by-snprintf.patch asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch asoc-sof-intel-hda-fix-potential-buffer-overflow-by-snprintf.patch asoc-tas2770-allow-mono-streams.patch asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch asoc-tas2770-fix-handling-of-mute-unmute.patch asoc-tas2770-set-correct-fsync-polarity.patch iavf-fix-adminq-error-handling.patch iavf-fix-deadlock-in-initialization.patch iavf-fix-null-pointer-dereference-in-iavf_get_link_ksettings.patch iavf-fix-reset-error-handling.patch ib-iser-fix-login-with-authentication.patch netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch netfilter-nfnetlink-re-enable-conntrack-expectation-events.patch nios2-add-force_successful_syscall_return.patch nios2-don-t-leave-nulls-in-sys_call_table.patch nios2-fix-syscall-restart-checks.patch nios2-page-fault-et.al.-are-not-restartable-syscalls.patch nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch nios2-traced-syscall-does-need-to-check-the-syscall-number.patch rdma-cxgb4-fix-accept-failure-due-to-increased-cpl_t5_pass_accept_rpl-size.patch rdma-mlx5-use-the-proper-number-of-ports.patch --- diff --git a/queue-5.19/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch b/queue-5.19/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch new file mode 100644 index 00000000000..95a0d530517 --- /dev/null +++ b/queue-5.19/asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch @@ -0,0 +1,62 @@ +From b4b5f29a076e52181f63e45a2ad1bc88593072e3 Mon Sep 17 00:00:00 2001 +From: Philipp Zabel +Date: Wed, 10 Aug 2022 12:41:56 +0200 +Subject: ASoC: codec: tlv320aic32x4: fix mono playback via I2S + +From: Philipp Zabel + +commit b4b5f29a076e52181f63e45a2ad1bc88593072e3 upstream. + +The two commits referenced below break mono playback via I2S DAI because +they set BCLK to half the required speed. For PCM transport over I2S, the +number of transmitted channels is always 2, even for mono playback. + +Fixes: dcd79364bff3 ("ASoC: codec: tlv3204: Enable 24 bit audio support") +Fixes: 40b37136287b ("ASoC: tlv320aic32x4: Fix bdiv clock rate derivation") +Signed-off-by: Philipp Zabel +Link: https://lore.kernel.org/r/20220810104156.665452-1-p.zabel@pengutronix.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tlv320aic32x4.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/sound/soc/codecs/tlv320aic32x4.c ++++ b/sound/soc/codecs/tlv320aic32x4.c +@@ -49,6 +49,8 @@ struct aic32x4_priv { + struct aic32x4_setup_data *setup; + struct device *dev; + enum aic32x4_type type; ++ ++ unsigned int fmt; + }; + + static int aic32x4_reset_adc(struct snd_soc_dapm_widget *w, +@@ -611,6 +613,7 @@ static int aic32x4_set_dai_sysclk(struct + static int aic32x4_set_dai_fmt(struct snd_soc_dai *codec_dai, unsigned int fmt) + { + struct snd_soc_component *component = codec_dai->component; ++ struct aic32x4_priv *aic32x4 = snd_soc_component_get_drvdata(component); + u8 iface_reg_1 = 0; + u8 iface_reg_2 = 0; + u8 iface_reg_3 = 0; +@@ -654,6 +657,8 @@ static int aic32x4_set_dai_fmt(struct sn + return -EINVAL; + } + ++ aic32x4->fmt = fmt; ++ + snd_soc_component_update_bits(component, AIC32X4_IFACE1, + AIC32X4_IFACE1_DATATYPE_MASK | + AIC32X4_IFACE1_MASTER_MASK, iface_reg_1); +@@ -758,6 +763,10 @@ static int aic32x4_setup_clocks(struct s + return -EINVAL; + } + ++ /* PCM over I2S is always 2-channel */ ++ if ((aic32x4->fmt & SND_SOC_DAIFMT_FORMAT_MASK) == SND_SOC_DAIFMT_I2S) ++ channels = 2; ++ + madc = DIV_ROUND_UP((32 * adc_resource_class), aosr); + max_dosr = (AIC32X4_MAX_DOSR_FREQ / sample_rate / dosr_increment) * + dosr_increment; diff --git a/queue-5.19/asoc-dpcm-don-t-pick-up-be-without-substream.patch b/queue-5.19/asoc-dpcm-don-t-pick-up-be-without-substream.patch new file mode 100644 index 00000000000..074ff5c56d1 --- /dev/null +++ b/queue-5.19/asoc-dpcm-don-t-pick-up-be-without-substream.patch @@ -0,0 +1,53 @@ +From 754590651ccbbcc74a7c20907be4bb15d642bde3 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Aug 2022 19:05:10 +0200 +Subject: ASoC: DPCM: Don't pick up BE without substream +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Takashi Iwai + +commit 754590651ccbbcc74a7c20907be4bb15d642bde3 upstream. + +When DPCM tries to add valid BE connections at dpcm_add_paths(), it +doesn't check whether the picked BE actually supports for the given +stream direction. Due to that, when an asymmetric BE stream is +present, it picks up wrongly and this may result in a NULL dereference +at a later point where the code assumes the existence of a +corresponding BE substream. + +This patch adds the check for the presence of the substream for the +target BE for avoiding the problem above. + +Note that we have already some fix for non-existing BE substream at +commit 6246f283d5e0 ("ASoC: dpcm: skip missing substream while +applying symmetry"). But the code path we've hit recently is rather +happening before the previous fix. So this patch tries to fix at +picking up a BE instead of parsing BE lists. + +Fixes: bbf7d3b1c4f4 ("ASoC: soc-pcm: align BE 'atomicity' with that of the FE") +Reported-by: Alex Natalsson +Cc: Pierre-Louis Bossart +Cc: Péter Ujfalusi +Link: https://lore.kernel.org/r/CADs9LoPZH_D+eJ9qjTxSLE5jGyhKsjMN7g2NighZ16biVxsyKw@mail.gmail.com +Signed-off-by: Takashi Iwai +Link: https://lore.kernel.org/r/20220801170510.26582-1-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/soc-pcm.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/soc/soc-pcm.c ++++ b/sound/soc/soc-pcm.c +@@ -1318,6 +1318,9 @@ static struct snd_soc_pcm_runtime *dpcm_ + if (!be->dai_link->no_pcm) + continue; + ++ if (!snd_soc_dpcm_get_substream(be, stream)) ++ continue; ++ + for_each_rtd_dais(be, i, dai) { + w = snd_soc_dai_get_widget(dai, stream); + diff --git a/queue-5.19/asoc-intel-avs-fix-potential-buffer-overflow-by-snprintf.patch b/queue-5.19/asoc-intel-avs-fix-potential-buffer-overflow-by-snprintf.patch new file mode 100644 index 00000000000..dccc9a2d78f --- /dev/null +++ b/queue-5.19/asoc-intel-avs-fix-potential-buffer-overflow-by-snprintf.patch @@ -0,0 +1,39 @@ +From ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Aug 2022 18:54:18 +0200 +Subject: ASoC: Intel: avs: Fix potential buffer overflow by snprintf() + +From: Takashi Iwai + +commit ca3b7b9dc9bc1fa552f4697b7cccfa0258a44d00 upstream. + +snprintf() returns the would-be-filled size when the string overflows +the given buffer size, hence using this value may result in a buffer +overflow (although it's unrealistic). + +This patch replaces it with a safer version, scnprintf() for papering +over such a potential issue. + +Fixes: f1b3b320bd65 ("ASoC: Intel: avs: Generic soc component driver") +Signed-off-by: Takashi Iwai +Acked-by: Cezary Rojewski +Link: https://lore.kernel.org/r/20220801165420.25978-2-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/intel/avs/pcm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/sound/soc/intel/avs/pcm.c ++++ b/sound/soc/intel/avs/pcm.c +@@ -636,8 +636,8 @@ static ssize_t topology_name_read(struct + char buf[64]; + size_t len; + +- len = snprintf(buf, sizeof(buf), "%s/%s\n", component->driver->topology_name_prefix, +- mach->tplg_filename); ++ len = scnprintf(buf, sizeof(buf), "%s/%s\n", component->driver->topology_name_prefix, ++ mach->tplg_filename); + + return simple_read_from_buffer(user_buf, count, ppos, buf, len); + } diff --git a/queue-5.19/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch b/queue-5.19/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch new file mode 100644 index 00000000000..c084876227a --- /dev/null +++ b/queue-5.19/asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch @@ -0,0 +1,40 @@ +From 1eb123ce985e6cf302ac6e3f19862d132d86fa8f Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Aug 2022 18:54:19 +0200 +Subject: ASoC: SOF: debug: Fix potential buffer overflow by snprintf() + +From: Takashi Iwai + +commit 1eb123ce985e6cf302ac6e3f19862d132d86fa8f upstream. + +snprintf() returns the would-be-filled size when the string overflows +the given buffer size, hence using this value may result in the buffer +overflow (although it's unrealistic). + +This patch replaces with a safer version, scnprintf() for papering +over such a potential issue. + +Fixes: 5b10b6298921 ("ASoC: SOF: Add `memory_info` file to debugfs") +Signed-off-by: Takashi Iwai +Link: https://lore.kernel.org/r/20220801165420.25978-3-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/sof/debug.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/sound/soc/sof/debug.c ++++ b/sound/soc/sof/debug.c +@@ -252,9 +252,9 @@ static int memory_info_update(struct snd + } + + for (i = 0, len = 0; i < reply->num_elems; i++) { +- ret = snprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", +- reply->elems[i].zone, reply->elems[i].id, +- reply->elems[i].used, reply->elems[i].free); ++ ret = scnprintf(buf + len, buff_size - len, "zone %d.%d used %#8x free %#8x\n", ++ reply->elems[i].zone, reply->elems[i].id, ++ reply->elems[i].used, reply->elems[i].free); + if (ret < 0) + goto error; + len += ret; diff --git a/queue-5.19/asoc-sof-intel-hda-fix-potential-buffer-overflow-by-snprintf.patch b/queue-5.19/asoc-sof-intel-hda-fix-potential-buffer-overflow-by-snprintf.patch new file mode 100644 index 00000000000..817c4fa6429 --- /dev/null +++ b/queue-5.19/asoc-sof-intel-hda-fix-potential-buffer-overflow-by-snprintf.patch @@ -0,0 +1,36 @@ +From 94c1ceb043c1a002de9649bb630c8e8347645982 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Mon, 1 Aug 2022 18:54:20 +0200 +Subject: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() + +From: Takashi Iwai + +commit 94c1ceb043c1a002de9649bb630c8e8347645982 upstream. + +snprintf() returns the would-be-filled size when the string overflows +the given buffer size, hence using this value may result in the buffer +overflow (although it's unrealistic). + +This patch replaces with a safer version, scnprintf() for papering +over such a potential issue. + +Fixes: 29c8e4398f02 ("ASoC: SOF: Intel: hda: add extended rom status dump to error log") +Signed-off-by: Takashi Iwai +Link: https://lore.kernel.org/r/20220801165420.25978-4-tiwai@suse.de +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/sof/intel/hda.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/sof/intel/hda.c ++++ b/sound/soc/sof/intel/hda.c +@@ -467,7 +467,7 @@ static void hda_dsp_dump_ext_rom_status( + chip = get_chip_info(sdev->pdata); + for (i = 0; i < HDA_EXT_ROM_STATUS_SIZE; i++) { + value = snd_sof_dsp_read(sdev, HDA_DSP_BAR, chip->rom_status_reg + i * 0x4); +- len += snprintf(msg + len, sizeof(msg) - len, " 0x%x", value); ++ len += scnprintf(msg + len, sizeof(msg) - len, " 0x%x", value); + } + + dev_printk(level, sdev->dev, "extended rom status: %s", msg); diff --git a/queue-5.19/asoc-tas2770-allow-mono-streams.patch b/queue-5.19/asoc-tas2770-allow-mono-streams.patch new file mode 100644 index 00000000000..fae4e0f0d98 --- /dev/null +++ b/queue-5.19/asoc-tas2770-allow-mono-streams.patch @@ -0,0 +1,35 @@ +From bf54d97a835dfe62d4d29e245e170c63d0089be7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:44 +0200 +Subject: ASoC: tas2770: Allow mono streams +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit bf54d97a835dfe62d4d29e245e170c63d0089be7 upstream. + +The part is a mono speaker amp, but it can do downmix and switch between +left and right channel, so the right channel range is 1 to 2. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-3-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -507,7 +507,7 @@ static struct snd_soc_dai_driver tas2770 + .id = 0, + .playback = { + .stream_name = "ASI1 Playback", +- .channels_min = 2, ++ .channels_min = 1, + .channels_max = 2, + .rates = TAS2770_RATES, + .formats = TAS2770_FORMATS, diff --git a/queue-5.19/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch b/queue-5.19/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch new file mode 100644 index 00000000000..e679ea352a2 --- /dev/null +++ b/queue-5.19/asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch @@ -0,0 +1,75 @@ +From 482c23fbc7e9bf5a7a74defd0735d5346215db58 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:45 +0200 +Subject: ASoC: tas2770: Drop conflicting set_bias_level power setting +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit 482c23fbc7e9bf5a7a74defd0735d5346215db58 upstream. + +The driver is setting the PWR_CTRL field in both the set_bias_level +callback and on DAPM events of the DAC widget (and also in the +mute_stream method). Drop the set_bias_level callback altogether as the +power setting it does is in conflict with the other code paths. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-4-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 33 --------------------------------- + 1 file changed, 33 deletions(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -46,38 +46,6 @@ static void tas2770_reset(struct tas2770 + usleep_range(1000, 2000); + } + +-static int tas2770_set_bias_level(struct snd_soc_component *component, +- enum snd_soc_bias_level level) +-{ +- struct tas2770_priv *tas2770 = +- snd_soc_component_get_drvdata(component); +- +- switch (level) { +- case SND_SOC_BIAS_ON: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); +- break; +- case SND_SOC_BIAS_STANDBY: +- case SND_SOC_BIAS_PREPARE: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); +- break; +- case SND_SOC_BIAS_OFF: +- snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_SHUTDOWN); +- break; +- +- default: +- dev_err(tas2770->dev, "wrong power level setting %d\n", level); +- return -EINVAL; +- } +- +- return 0; +-} +- + #ifdef CONFIG_PM + static int tas2770_codec_suspend(struct snd_soc_component *component) + { +@@ -555,7 +523,6 @@ static const struct snd_soc_component_dr + .probe = tas2770_codec_probe, + .suspend = tas2770_codec_suspend, + .resume = tas2770_codec_resume, +- .set_bias_level = tas2770_set_bias_level, + .controls = tas2770_snd_controls, + .num_controls = ARRAY_SIZE(tas2770_snd_controls), + .dapm_widgets = tas2770_dapm_widgets, diff --git a/queue-5.19/asoc-tas2770-fix-handling-of-mute-unmute.patch b/queue-5.19/asoc-tas2770-fix-handling-of-mute-unmute.patch new file mode 100644 index 00000000000..6464abb8c7c --- /dev/null +++ b/queue-5.19/asoc-tas2770-fix-handling-of-mute-unmute.patch @@ -0,0 +1,135 @@ +From 1e5907bcb3a3b569be0a03ebe668bba2ed320a50 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:46 +0200 +Subject: ASoC: tas2770: Fix handling of mute/unmute +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit 1e5907bcb3a3b569be0a03ebe668bba2ed320a50 upstream. + +Because the PWR_CTRL field is modeled as the power state of the DAC +widget, and at the same time it is used to implement mute/unmute, we +need some additional book-keeping to have the right end result no matter +the sequence of calls. Without this fix, one can mute an ongoing stream +by toggling a speaker pin control. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-5-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 57 +++++++++++++++++++++++---------------------- + sound/soc/codecs/tas2770.h | 2 + + 2 files changed, 32 insertions(+), 27 deletions(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -46,6 +46,26 @@ static void tas2770_reset(struct tas2770 + usleep_range(1000, 2000); + } + ++static int tas2770_update_pwr_ctrl(struct tas2770_priv *tas2770) ++{ ++ struct snd_soc_component *component = tas2770->component; ++ unsigned int val; ++ int ret; ++ ++ if (tas2770->dac_powered) ++ val = tas2770->unmuted ? ++ TAS2770_PWR_CTRL_ACTIVE : TAS2770_PWR_CTRL_MUTE; ++ else ++ val = TAS2770_PWR_CTRL_SHUTDOWN; ++ ++ ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, ++ TAS2770_PWR_CTRL_MASK, val); ++ if (ret < 0) ++ return ret; ++ ++ return 0; ++} ++ + #ifdef CONFIG_PM + static int tas2770_codec_suspend(struct snd_soc_component *component) + { +@@ -82,9 +102,7 @@ static int tas2770_codec_resume(struct s + gpiod_set_value_cansleep(tas2770->sdz_gpio, 1); + usleep_range(1000, 2000); + } else { +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); ++ ret = tas2770_update_pwr_ctrl(tas2770); + if (ret < 0) + return ret; + } +@@ -120,24 +138,19 @@ static int tas2770_dac_event(struct snd_ + + switch (event) { + case SND_SOC_DAPM_POST_PMU: +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); ++ tas2770->dac_powered = 1; ++ ret = tas2770_update_pwr_ctrl(tas2770); + break; + case SND_SOC_DAPM_PRE_PMD: +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_SHUTDOWN); ++ tas2770->dac_powered = 0; ++ ret = tas2770_update_pwr_ctrl(tas2770); + break; + default: + dev_err(tas2770->dev, "Not supported evevt\n"); + return -EINVAL; + } + +- if (ret < 0) +- return ret; +- +- return 0; ++ return ret; + } + + static const struct snd_kcontrol_new isense_switch = +@@ -171,21 +184,11 @@ static const struct snd_soc_dapm_route t + static int tas2770_mute(struct snd_soc_dai *dai, int mute, int direction) + { + struct snd_soc_component *component = dai->component; +- int ret; +- +- if (mute) +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_MUTE); +- else +- ret = snd_soc_component_update_bits(component, TAS2770_PWR_CTRL, +- TAS2770_PWR_CTRL_MASK, +- TAS2770_PWR_CTRL_ACTIVE); +- +- if (ret < 0) +- return ret; ++ struct tas2770_priv *tas2770 = ++ snd_soc_component_get_drvdata(component); + +- return 0; ++ tas2770->unmuted = !mute; ++ return tas2770_update_pwr_ctrl(tas2770); + } + + static int tas2770_set_bitwidth(struct tas2770_priv *tas2770, int bitwidth) +--- a/sound/soc/codecs/tas2770.h ++++ b/sound/soc/codecs/tas2770.h +@@ -138,6 +138,8 @@ struct tas2770_priv { + struct device *dev; + int v_sense_slot; + int i_sense_slot; ++ bool dac_powered; ++ bool unmuted; + }; + + #endif /* __TAS2770__ */ diff --git a/queue-5.19/asoc-tas2770-set-correct-fsync-polarity.patch b/queue-5.19/asoc-tas2770-set-correct-fsync-polarity.patch new file mode 100644 index 00000000000..be8f3b27ce1 --- /dev/null +++ b/queue-5.19/asoc-tas2770-set-correct-fsync-polarity.patch @@ -0,0 +1,99 @@ +From e9ac31f0a5d0e246b046c20348954519f91a297f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Martin=20Povi=C5=A1er?= +Date: Mon, 8 Aug 2022 16:12:43 +0200 +Subject: ASoC: tas2770: Set correct FSYNC polarity +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Martin Povišer + +commit e9ac31f0a5d0e246b046c20348954519f91a297f upstream. + +Fix setting of FSYNC polarity for DAI formats other than I2S. Also +add support for polarity inversion. + +Fixes: 1a476abc723e ("tas2770: add tas2770 smart PA kernel driver") +Signed-off-by: Martin Povišer +Link: https://lore.kernel.org/r/20220808141246.5749-2-povik+lin@cutebit.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/tas2770.c | 20 +++++++++++++++++++- + sound/soc/codecs/tas2770.h | 3 +++ + 2 files changed, 22 insertions(+), 1 deletion(-) + +--- a/sound/soc/codecs/tas2770.c ++++ b/sound/soc/codecs/tas2770.c +@@ -337,7 +337,7 @@ static int tas2770_set_fmt(struct snd_so + struct snd_soc_component *component = dai->component; + struct tas2770_priv *tas2770 = + snd_soc_component_get_drvdata(component); +- u8 tdm_rx_start_slot = 0, asi_cfg_1 = 0; ++ u8 tdm_rx_start_slot = 0, invert_fpol = 0, fpol_preinv = 0, asi_cfg_1 = 0; + int ret; + + switch (fmt & SND_SOC_DAIFMT_MASTER_MASK) { +@@ -349,9 +349,15 @@ static int tas2770_set_fmt(struct snd_so + } + + switch (fmt & SND_SOC_DAIFMT_INV_MASK) { ++ case SND_SOC_DAIFMT_NB_IF: ++ invert_fpol = 1; ++ fallthrough; + case SND_SOC_DAIFMT_NB_NF: + asi_cfg_1 |= TAS2770_TDM_CFG_REG1_RX_RSING; + break; ++ case SND_SOC_DAIFMT_IB_IF: ++ invert_fpol = 1; ++ fallthrough; + case SND_SOC_DAIFMT_IB_NF: + asi_cfg_1 |= TAS2770_TDM_CFG_REG1_RX_FALING; + break; +@@ -369,15 +375,19 @@ static int tas2770_set_fmt(struct snd_so + switch (fmt & SND_SOC_DAIFMT_FORMAT_MASK) { + case SND_SOC_DAIFMT_I2S: + tdm_rx_start_slot = 1; ++ fpol_preinv = 0; + break; + case SND_SOC_DAIFMT_DSP_A: + tdm_rx_start_slot = 0; ++ fpol_preinv = 1; + break; + case SND_SOC_DAIFMT_DSP_B: + tdm_rx_start_slot = 1; ++ fpol_preinv = 1; + break; + case SND_SOC_DAIFMT_LEFT_J: + tdm_rx_start_slot = 0; ++ fpol_preinv = 1; + break; + default: + dev_err(tas2770->dev, +@@ -391,6 +401,14 @@ static int tas2770_set_fmt(struct snd_so + if (ret < 0) + return ret; + ++ ret = snd_soc_component_update_bits(component, TAS2770_TDM_CFG_REG0, ++ TAS2770_TDM_CFG_REG0_FPOL_MASK, ++ (fpol_preinv ^ invert_fpol) ++ ? TAS2770_TDM_CFG_REG0_FPOL_RSING ++ : TAS2770_TDM_CFG_REG0_FPOL_FALING); ++ if (ret < 0) ++ return ret; ++ + return 0; + } + +--- a/sound/soc/codecs/tas2770.h ++++ b/sound/soc/codecs/tas2770.h +@@ -41,6 +41,9 @@ + #define TAS2770_TDM_CFG_REG0_31_44_1_48KHZ 0x6 + #define TAS2770_TDM_CFG_REG0_31_88_2_96KHZ 0x8 + #define TAS2770_TDM_CFG_REG0_31_176_4_192KHZ 0xa ++#define TAS2770_TDM_CFG_REG0_FPOL_MASK BIT(0) ++#define TAS2770_TDM_CFG_REG0_FPOL_RSING 0 ++#define TAS2770_TDM_CFG_REG0_FPOL_FALING 1 + /* TDM Configuration Reg1 */ + #define TAS2770_TDM_CFG_REG1 TAS2770_REG(0X0, 0x0B) + #define TAS2770_TDM_CFG_REG1_MASK GENMASK(5, 1) diff --git a/queue-5.19/iavf-fix-adminq-error-handling.patch b/queue-5.19/iavf-fix-adminq-error-handling.patch new file mode 100644 index 00000000000..32f7a33d9cb --- /dev/null +++ b/queue-5.19/iavf-fix-adminq-error-handling.patch @@ -0,0 +1,82 @@ +From 419831617ed349992c84344dbd9e627f9e68f842 Mon Sep 17 00:00:00 2001 +From: Przemyslaw Patynowski +Date: Tue, 19 Jul 2022 11:16:52 +0200 +Subject: iavf: Fix adminq error handling + +From: Przemyslaw Patynowski + +commit 419831617ed349992c84344dbd9e627f9e68f842 upstream. + +iavf_alloc_asq_bufs/iavf_alloc_arq_bufs allocates with dma_alloc_coherent +memory for VF mailbox. +Free DMA regions for both ASQ and ARQ in case error happens during +configuration of ASQ/ARQ registers. +Without this change it is possible to see when unloading interface: +74626.583369: dma_debug_device_change: device driver has pending DMA allocations while released from device [count=32] +One of leaked entries details: [device address=0x0000000b27ff9000] [size=4096 bytes] [mapped with DMA_BIDIRECTIONAL] [mapped as coherent] + +Fixes: d358aa9a7a2d ("i40evf: init code and hardware support") +Signed-off-by: Przemyslaw Patynowski +Signed-off-by: Jedrzej Jagielski +Tested-by: Marek Szlosek +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_adminq.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_adminq.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_adminq.c +@@ -324,6 +324,7 @@ static enum iavf_status iavf_config_arq_ + static enum iavf_status iavf_init_asq(struct iavf_hw *hw) + { + enum iavf_status ret_code = 0; ++ int i; + + if (hw->aq.asq.count > 0) { + /* queue already initialized */ +@@ -354,12 +355,17 @@ static enum iavf_status iavf_init_asq(st + /* initialize base registers */ + ret_code = iavf_config_asq_regs(hw); + if (ret_code) +- goto init_adminq_free_rings; ++ goto init_free_asq_bufs; + + /* success! */ + hw->aq.asq.count = hw->aq.num_asq_entries; + goto init_adminq_exit; + ++init_free_asq_bufs: ++ for (i = 0; i < hw->aq.num_asq_entries; i++) ++ iavf_free_dma_mem(hw, &hw->aq.asq.r.asq_bi[i]); ++ iavf_free_virt_mem(hw, &hw->aq.asq.dma_head); ++ + init_adminq_free_rings: + iavf_free_adminq_asq(hw); + +@@ -383,6 +389,7 @@ init_adminq_exit: + static enum iavf_status iavf_init_arq(struct iavf_hw *hw) + { + enum iavf_status ret_code = 0; ++ int i; + + if (hw->aq.arq.count > 0) { + /* queue already initialized */ +@@ -413,12 +420,16 @@ static enum iavf_status iavf_init_arq(st + /* initialize base registers */ + ret_code = iavf_config_arq_regs(hw); + if (ret_code) +- goto init_adminq_free_rings; ++ goto init_free_arq_bufs; + + /* success! */ + hw->aq.arq.count = hw->aq.num_arq_entries; + goto init_adminq_exit; + ++init_free_arq_bufs: ++ for (i = 0; i < hw->aq.num_arq_entries; i++) ++ iavf_free_dma_mem(hw, &hw->aq.arq.r.arq_bi[i]); ++ iavf_free_virt_mem(hw, &hw->aq.arq.dma_head); + init_adminq_free_rings: + iavf_free_adminq_arq(hw); + diff --git a/queue-5.19/iavf-fix-deadlock-in-initialization.patch b/queue-5.19/iavf-fix-deadlock-in-initialization.patch new file mode 100644 index 00000000000..9c62f691b72 --- /dev/null +++ b/queue-5.19/iavf-fix-deadlock-in-initialization.patch @@ -0,0 +1,71 @@ +From cbe9e51126305832cf407ee6bb556ce831488ffe Mon Sep 17 00:00:00 2001 +From: Ivan Vecera +Date: Mon, 8 Aug 2022 19:58:45 +0200 +Subject: iavf: Fix deadlock in initialization + +From: Ivan Vecera + +commit cbe9e51126305832cf407ee6bb556ce831488ffe upstream. + +Fix deadlock that occurs when iavf interface is a part of failover +configuration. + +1. Mutex crit_lock is taken at the beginning of iavf_watchdog_task() +2. Function iavf_init_config_adapter() is called when adapter + state is __IAVF_INIT_CONFIG_ADAPTER +3. iavf_init_config_adapter() calls register_netdevice() that emits + NETDEV_REGISTER event +4. Notifier function failover_event() then calls + net_failover_slave_register() that calls dev_open() +5. dev_open() calls iavf_open() that tries to take crit_lock in + end-less loop + +Stack trace: +... +[ 790.251876] usleep_range_state+0x5b/0x80 +[ 790.252547] iavf_open+0x37/0x1d0 [iavf] +[ 790.253139] __dev_open+0xcd/0x160 +[ 790.253699] dev_open+0x47/0x90 +[ 790.254323] net_failover_slave_register+0x122/0x220 [net_failover] +[ 790.255213] failover_slave_register.part.7+0xd2/0x180 [failover] +[ 790.256050] failover_event+0x122/0x1ab [failover] +[ 790.256821] notifier_call_chain+0x47/0x70 +[ 790.257510] register_netdevice+0x20f/0x550 +[ 790.258263] iavf_watchdog_task+0x7c8/0xea0 [iavf] +[ 790.259009] process_one_work+0x1a7/0x360 +[ 790.259705] worker_thread+0x30/0x390 + +To fix the situation we should check the current adapter state after +first unsuccessful mutex_trylock() and return with -EBUSY if it is +__IAVF_INIT_CONFIG_ADAPTER. + +Fixes: 226d528512cf ("iavf: fix locking of critical sections") +Signed-off-by: Ivan Vecera +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_main.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_main.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_main.c +@@ -3989,8 +3989,17 @@ static int iavf_open(struct net_device * + return -EIO; + } + +- while (!mutex_trylock(&adapter->crit_lock)) ++ while (!mutex_trylock(&adapter->crit_lock)) { ++ /* If we are in __IAVF_INIT_CONFIG_ADAPTER state the crit_lock ++ * is already taken and iavf_open is called from an upper ++ * device's notifier reacting on NETDEV_REGISTER event. ++ * We have to leave here to avoid dead lock. ++ */ ++ if (adapter->state == __IAVF_INIT_CONFIG_ADAPTER) ++ return -EBUSY; ++ + usleep_range(500, 1000); ++ } + + if (adapter->state != __IAVF_DOWN) { + err = -EBUSY; diff --git a/queue-5.19/iavf-fix-null-pointer-dereference-in-iavf_get_link_ksettings.patch b/queue-5.19/iavf-fix-null-pointer-dereference-in-iavf_get_link_ksettings.patch new file mode 100644 index 00000000000..142c8648bff --- /dev/null +++ b/queue-5.19/iavf-fix-null-pointer-dereference-in-iavf_get_link_ksettings.patch @@ -0,0 +1,84 @@ +From 541a1af451b0cb3779e915d48d08efb17915207b Mon Sep 17 00:00:00 2001 +From: Przemyslaw Patynowski +Date: Tue, 19 Jul 2022 11:16:53 +0200 +Subject: iavf: Fix NULL pointer dereference in iavf_get_link_ksettings + +From: Przemyslaw Patynowski + +commit 541a1af451b0cb3779e915d48d08efb17915207b upstream. + +Fix possible NULL pointer dereference, due to freeing of adapter->vf_res +in iavf_init_get_resources. Previous commit introduced a regression, +where receiving IAVF_ERR_ADMIN_QUEUE_NO_WORK from iavf_get_vf_config +would free adapter->vf_res. However, netdev is still registered, so +ethtool_ops can be called. Calling iavf_get_link_ksettings with no vf_res, +will result with: +[ 9385.242676] BUG: kernel NULL pointer dereference, address: 0000000000000008 +[ 9385.242683] #PF: supervisor read access in kernel mode +[ 9385.242686] #PF: error_code(0x0000) - not-present page +[ 9385.242690] PGD 0 P4D 0 +[ 9385.242696] Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI +[ 9385.242701] CPU: 6 PID: 3217 Comm: pmdalinux Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 +[ 9385.242708] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 +[ 9385.242710] RIP: 0010:iavf_get_link_ksettings+0x29/0xd0 [iavf] +[ 9385.242745] Code: 00 0f 1f 44 00 00 b8 01 ef ff ff 48 c7 46 30 00 00 00 00 48 c7 46 38 00 00 00 00 c6 46 0b 00 66 89 46 08 48 8b 87 68 0e 00 00 40 08 80 75 50 8b 87 5c 0e 00 00 83 f8 08 74 7a 76 1d 83 f8 20 +[ 9385.242749] RSP: 0018:ffffc0560ec7fbd0 EFLAGS: 00010246 +[ 9385.242755] RAX: 0000000000000000 RBX: ffffc0560ec7fc08 RCX: 0000000000000000 +[ 9385.242759] RDX: ffffffffc0ad4550 RSI: ffffc0560ec7fc08 RDI: ffffa0fc66674000 +[ 9385.242762] RBP: 00007ffd1fb2bf50 R08: b6a2d54b892363ee R09: ffffa101dc14fb00 +[ 9385.242765] R10: 0000000000000000 R11: 0000000000000004 R12: ffffa0fc66674000 +[ 9385.242768] R13: 0000000000000000 R14: ffffa0fc66674000 R15: 00000000ffffffa1 +[ 9385.242771] FS: 00007f93711a2980(0000) GS:ffffa0fad72c0000(0000) knlGS:0000000000000000 +[ 9385.242775] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 9385.242778] CR2: 0000000000000008 CR3: 0000000a8e61c003 CR4: 00000000003706e0 +[ 9385.242781] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 9385.242784] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 9385.242787] Call Trace: +[ 9385.242791] +[ 9385.242793] ethtool_get_settings+0x71/0x1a0 +[ 9385.242814] __dev_ethtool+0x426/0x2f40 +[ 9385.242823] ? slab_post_alloc_hook+0x4f/0x280 +[ 9385.242836] ? kmem_cache_alloc_trace+0x15d/0x2f0 +[ 9385.242841] ? dev_ethtool+0x59/0x170 +[ 9385.242848] dev_ethtool+0xa7/0x170 +[ 9385.242856] dev_ioctl+0xc3/0x520 +[ 9385.242866] sock_do_ioctl+0xa0/0xe0 +[ 9385.242877] sock_ioctl+0x22f/0x320 +[ 9385.242885] __x64_sys_ioctl+0x84/0xc0 +[ 9385.242896] do_syscall_64+0x3a/0x80 +[ 9385.242904] entry_SYSCALL_64_after_hwframe+0x46/0xb0 +[ 9385.242918] RIP: 0033:0x7f93702396db +[ 9385.242923] Code: 73 01 c3 48 8b 0d ad 57 38 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 7d 57 38 00 f7 d8 64 89 01 48 +[ 9385.242927] RSP: 002b:00007ffd1fb2bf18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 +[ 9385.242932] RAX: ffffffffffffffda RBX: 000055671b1d2fe0 RCX: 00007f93702396db +[ 9385.242935] RDX: 00007ffd1fb2bf20 RSI: 0000000000008946 RDI: 0000000000000007 +[ 9385.242937] RBP: 00007ffd1fb2bf20 R08: 0000000000000003 R09: 0030763066307330 +[ 9385.242940] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd1fb2bf80 +[ 9385.242942] R13: 0000000000000007 R14: 0000556719f6de90 R15: 00007ffd1fb2c1b0 +[ 9385.242948] +[ 9385.242949] Modules linked in: iavf(E) xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nft_compat nf_nat_tftp nft_objref nf_conntrack_tftp bridge stp llc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables rfkill nfnetlink vfat fat irdma ib_uverbs ib_core intel_rapl_msr intel_rapl_common sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm iTCO_wdt iTCO_vendor_support ice irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel rapl i40e pcspkr intel_cstate joydev mei_me intel_uncore mxm_wmi mei ipmi_ssif lpc_ich ipmi_si acpi_power_meter xfs libcrc32c mgag200 i2c_algo_bit drm_shmem_helper drm_kms_helper sd_mod t10_pi crc64_rocksoft crc64 syscopyarea sg sysfillrect sysimgblt fb_sys_fops drm ixgbe ahci libahci libata crc32c_intel mdio dca wmi dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse +[ 9385.243065] [last unloaded: iavf] + +Dereference happens in if (ADV_LINK_SUPPORT(adapter)) statement + +Fixes: 209f2f9c7181 ("iavf: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 negotiation") +Signed-off-by: Przemyslaw Patynowski +Signed-off-by: Jedrzej Jagielski +Tested-by: Marek Szlosek +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_main.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_main.c +@@ -2281,7 +2281,7 @@ static void iavf_init_get_resources(stru + err = iavf_get_vf_config(adapter); + if (err == -EALREADY) { + err = iavf_send_vf_config_msg(adapter); +- goto err_alloc; ++ goto err; + } else if (err == -EINVAL) { + /* We only get -EINVAL if the device is in a very bad + * state or if we've been disabled for previous bad diff --git a/queue-5.19/iavf-fix-reset-error-handling.patch b/queue-5.19/iavf-fix-reset-error-handling.patch new file mode 100644 index 00000000000..ba61d9497d0 --- /dev/null +++ b/queue-5.19/iavf-fix-reset-error-handling.patch @@ -0,0 +1,101 @@ +From 31071173771e079f7bc08dacd61e0db913262fbf Mon Sep 17 00:00:00 2001 +From: Przemyslaw Patynowski +Date: Tue, 19 Jul 2022 11:16:54 +0200 +Subject: iavf: Fix reset error handling + +From: Przemyslaw Patynowski + +commit 31071173771e079f7bc08dacd61e0db913262fbf upstream. + +Do not call iavf_close in iavf_reset_task error handling. Doing so can +lead to double call of napi_disable, which can lead to deadlock there. +Removing VF would lead to iavf_remove task being stuck, because it +requires crit_lock, which is held by iavf_close. +Call iavf_disable_vf if reset fail, so that driver will clean up +remaining invalid resources. +During rapid VF resets, HW can fail to setup VF mailbox. Wrong +error handling can lead to iavf_remove being stuck with: +[ 5218.999087] iavf 0000:82:01.0: Failed to init adminq: -53 +... +[ 5267.189211] INFO: task repro.sh:11219 blocked for more than 30 seconds. +[ 5267.189520] Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 +[ 5267.189764] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +[ 5267.190062] task:repro.sh state:D stack: 0 pid:11219 ppid: 8162 flags:0x00000000 +[ 5267.190347] Call Trace: +[ 5267.190647] +[ 5267.190927] __schedule+0x460/0x9f0 +[ 5267.191264] schedule+0x44/0xb0 +[ 5267.191563] schedule_preempt_disabled+0x14/0x20 +[ 5267.191890] __mutex_lock.isra.12+0x6e3/0xac0 +[ 5267.192237] ? iavf_remove+0xf9/0x6c0 [iavf] +[ 5267.192565] iavf_remove+0x12a/0x6c0 [iavf] +[ 5267.192911] ? _raw_spin_unlock_irqrestore+0x1e/0x40 +[ 5267.193285] pci_device_remove+0x36/0xb0 +[ 5267.193619] device_release_driver_internal+0xc1/0x150 +[ 5267.193974] pci_stop_bus_device+0x69/0x90 +[ 5267.194361] pci_stop_and_remove_bus_device+0xe/0x20 +[ 5267.194735] pci_iov_remove_virtfn+0xba/0x120 +[ 5267.195130] sriov_disable+0x2f/0xe0 +[ 5267.195506] ice_free_vfs+0x7d/0x2f0 [ice] +[ 5267.196056] ? pci_get_device+0x4f/0x70 +[ 5267.196496] ice_sriov_configure+0x78/0x1a0 [ice] +[ 5267.196995] sriov_numvfs_store+0xfe/0x140 +[ 5267.197466] kernfs_fop_write_iter+0x12e/0x1c0 +[ 5267.197918] new_sync_write+0x10c/0x190 +[ 5267.198404] vfs_write+0x24e/0x2d0 +[ 5267.198886] ksys_write+0x5c/0xd0 +[ 5267.199367] do_syscall_64+0x3a/0x80 +[ 5267.199827] entry_SYSCALL_64_after_hwframe+0x46/0xb0 +[ 5267.200317] RIP: 0033:0x7f5b381205c8 +[ 5267.200814] RSP: 002b:00007fff8c7e8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 +[ 5267.201981] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f5b381205c8 +[ 5267.202620] RDX: 0000000000000002 RSI: 00005569420ee900 RDI: 0000000000000001 +[ 5267.203426] RBP: 00005569420ee900 R08: 000000000000000a R09: 00007f5b38180820 +[ 5267.204327] R10: 000000000000000a R11: 0000000000000246 R12: 00007f5b383c06e0 +[ 5267.205193] R13: 0000000000000002 R14: 00007f5b383bb880 R15: 0000000000000002 +[ 5267.206041] +[ 5267.206970] Kernel panic - not syncing: hung_task: blocked tasks +[ 5267.207809] CPU: 48 PID: 551 Comm: khungtaskd Kdump: loaded Tainted: G S E 5.18.0-04958-ga54ce3703613-dirty #1 +[ 5267.208726] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.11.0 11/02/2019 +[ 5267.209623] Call Trace: +[ 5267.210569] +[ 5267.211480] dump_stack_lvl+0x33/0x42 +[ 5267.212472] panic+0x107/0x294 +[ 5267.213467] watchdog.cold.8+0xc/0xbb +[ 5267.214413] ? proc_dohung_task_timeout_secs+0x30/0x30 +[ 5267.215511] kthread+0xf4/0x120 +[ 5267.216459] ? kthread_complete_and_exit+0x20/0x20 +[ 5267.217505] ret_from_fork+0x22/0x30 +[ 5267.218459] + +Fixes: f0db78928783 ("i40evf: use netdev variable in reset task") +Signed-off-by: Przemyslaw Patynowski +Signed-off-by: Jedrzej Jagielski +Tested-by: Marek Szlosek +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/iavf/iavf_main.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/intel/iavf/iavf_main.c ++++ b/drivers/net/ethernet/intel/iavf/iavf_main.c +@@ -2998,12 +2998,15 @@ continue_reset: + + return; + reset_err: ++ if (running) { ++ set_bit(__IAVF_VSI_DOWN, adapter->vsi.state); ++ iavf_free_traffic_irqs(adapter); ++ } ++ iavf_disable_vf(adapter); ++ + mutex_unlock(&adapter->client_lock); + mutex_unlock(&adapter->crit_lock); +- if (running) +- iavf_change_state(adapter, __IAVF_RUNNING); + dev_err(&adapter->pdev->dev, "failed to allocate resources during reinit\n"); +- iavf_close(netdev); + } + + /** diff --git a/queue-5.19/ib-iser-fix-login-with-authentication.patch b/queue-5.19/ib-iser-fix-login-with-authentication.patch new file mode 100644 index 00000000000..2fc557af299 --- /dev/null +++ b/queue-5.19/ib-iser-fix-login-with-authentication.patch @@ -0,0 +1,68 @@ +From d6d142cb7f79bec6051c5ecf744b7a5309c5a0ee Mon Sep 17 00:00:00 2001 +From: Sergey Gorenko +Date: Fri, 5 Aug 2022 09:01:35 +0300 +Subject: IB/iser: Fix login with authentication + +From: Sergey Gorenko + +commit d6d142cb7f79bec6051c5ecf744b7a5309c5a0ee upstream. + +The iSER Initiator uses two types of receive buffers: + + - one big login buffer posted by iser_post_recvl(); + - several small message buffers posted by iser_post_recvm(). + +The login buffer is used at the login phase and full feature phase in +the discovery session. It may take a few requests and responses to +complete the login phase. The message buffers are only used in the +normal operational session at the full feature phase. + +After the commit referred in the fixes line, the login operation fails +if the authentication is enabled. That happens because the Initiator +posts a small receive buffer after the first response from Target. So, +the next send operation fails because Target's second response does not +fit into the small receive buffer. + +This commit adds additional checks to prevent posting small receive +buffers until the full feature phase. + +Fixes: 39b169ea0d36 ("IB/iser: Fix RNR errors") +Link: https://lore.kernel.org/r/20220805060135.18493-1-sergeygo@nvidia.com +Signed-off-by: Sergey Gorenko +Reviewed-by: Max Gurtovoy +Signed-off-by: Leon Romanovsky +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/ulp/iser/iser_initiator.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/infiniband/ulp/iser/iser_initiator.c ++++ b/drivers/infiniband/ulp/iser/iser_initiator.c +@@ -537,6 +537,7 @@ void iser_login_rsp(struct ib_cq *cq, st + struct iscsi_hdr *hdr; + char *data; + int length; ++ bool full_feature_phase; + + if (unlikely(wc->status != IB_WC_SUCCESS)) { + iser_err_comp(wc, "login_rsp"); +@@ -550,6 +551,9 @@ void iser_login_rsp(struct ib_cq *cq, st + hdr = desc->rsp + sizeof(struct iser_ctrl); + data = desc->rsp + ISER_HEADERS_LEN; + length = wc->byte_len - ISER_HEADERS_LEN; ++ full_feature_phase = ((hdr->flags & ISCSI_FULL_FEATURE_PHASE) == ++ ISCSI_FULL_FEATURE_PHASE) && ++ (hdr->flags & ISCSI_FLAG_CMD_FINAL); + + iser_dbg("op 0x%x itt 0x%x dlen %d\n", hdr->opcode, + hdr->itt, length); +@@ -560,7 +564,8 @@ void iser_login_rsp(struct ib_cq *cq, st + desc->rsp_dma, ISER_RX_LOGIN_SIZE, + DMA_FROM_DEVICE); + +- if (iser_conn->iscsi_conn->session->discovery_sess) ++ if (!full_feature_phase || ++ iser_conn->iscsi_conn->session->discovery_sess) + return; + + /* Post the first RX buffer that is skipped in iser_post_rx_bufs() */ diff --git a/queue-5.19/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch b/queue-5.19/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch new file mode 100644 index 00000000000..a2f07c250be --- /dev/null +++ b/queue-5.19/netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch @@ -0,0 +1,109 @@ +From 3400278328285a8c2f121904496aff5e7b610a01 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 9 Aug 2022 13:22:01 +0200 +Subject: netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access + +From: Pablo Neira Ayuso + +commit 3400278328285a8c2f121904496aff5e7b610a01 upstream. + +The generation ID is bumped from the commit path while holding the +mutex, however, netlink dump operations rely on RCU. + +This patch also adds missing cb->base_eq initialization in +nf_tables_dump_set(). + +Fixes: 38e029f14a97 ("netfilter: nf_tables: set NLM_F_DUMP_INTR if netlink dumping is stale") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nf_tables_api.c | 20 +++++++++++++------- + 1 file changed, 13 insertions(+), 7 deletions(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -889,7 +889,7 @@ static int nf_tables_dump_tables(struct + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -1705,7 +1705,7 @@ static int nf_tables_dump_chains(struct + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -3149,7 +3149,7 @@ static int nf_tables_dump_rules(struct s + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -4133,7 +4133,7 @@ static int nf_tables_dump_sets(struct sk + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (ctx->family != NFPROTO_UNSPEC && +@@ -5061,6 +5061,8 @@ static int nf_tables_dump_set(struct sk_ + + rcu_read_lock(); + nft_net = nft_pernet(net); ++ cb->seq = READ_ONCE(nft_net->base_seq); ++ + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (dump_ctx->ctx.family != NFPROTO_UNSPEC && + dump_ctx->ctx.family != table->family) +@@ -6887,7 +6889,7 @@ static int nf_tables_dump_obj(struct sk_ + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -7819,7 +7821,7 @@ static int nf_tables_dump_flowtable(stru + + rcu_read_lock(); + nft_net = nft_pernet(net); +- cb->seq = nft_net->base_seq; ++ cb->seq = READ_ONCE(nft_net->base_seq); + + list_for_each_entry_rcu(table, &nft_net->tables, list) { + if (family != NFPROTO_UNSPEC && family != table->family) +@@ -8752,6 +8754,7 @@ static int nf_tables_commit(struct net * + struct nft_trans_elem *te; + struct nft_chain *chain; + struct nft_table *table; ++ unsigned int base_seq; + LIST_HEAD(adl); + int err; + +@@ -8801,9 +8804,12 @@ static int nf_tables_commit(struct net * + * Bump generation counter, invalidate any dump in progress. + * Cannot fail after this point. + */ +- while (++nft_net->base_seq == 0) ++ base_seq = READ_ONCE(nft_net->base_seq); ++ while (++base_seq == 0) + ; + ++ WRITE_ONCE(nft_net->base_seq, base_seq); ++ + /* step 3. Start new generation, rules_gen_X now in use. */ + net->nft.gencursor = nft_gencursor_next(net); + diff --git a/queue-5.19/netfilter-nfnetlink-re-enable-conntrack-expectation-events.patch b/queue-5.19/netfilter-nfnetlink-re-enable-conntrack-expectation-events.patch new file mode 100644 index 00000000000..2355cdce5b3 --- /dev/null +++ b/queue-5.19/netfilter-nfnetlink-re-enable-conntrack-expectation-events.patch @@ -0,0 +1,161 @@ +From 0b2f3212b551a87fe936701fa0813032861a3308 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Fri, 5 Aug 2022 10:59:57 +0200 +Subject: netfilter: nfnetlink: re-enable conntrack expectation events + +From: Florian Westphal + +commit 0b2f3212b551a87fe936701fa0813032861a3308 upstream. + +To avoid allocation of the conntrack extension area when possible, +the default behaviour was changed to only allocate the event extension +if a userspace program is subscribed to a notification group. + +Problem is that while 'conntrack -E' does enable the event allocation +behind the scenes, 'conntrack -E expect' does not: no expectation events +are delivered unless user sets +"net.netfilter.nf_conntrack_events" back to 1 (always on). + +Fix the autodetection to also consider EXP type group. + +We need to track the 6 event groups (3+3, new/update/destroy for events and +for expectations each) independently, else we'd disable events again +if an expectation group becomes empty while there is still an active +event group. + +Fixes: 2794cdb0b97b ("netfilter: nfnetlink: allow to detect if ctnetlink listeners exist") +Reported-by: Yi Chen +Signed-off-by: Florian Westphal +Signed-off-by: Greg Kroah-Hartman +--- + include/net/netns/conntrack.h | 2 - + net/netfilter/nfnetlink.c | 83 +++++++++++++++++++++++++++++++++++------- + 2 files changed, 72 insertions(+), 13 deletions(-) + +--- a/include/net/netns/conntrack.h ++++ b/include/net/netns/conntrack.h +@@ -95,7 +95,7 @@ struct nf_ip_net { + + struct netns_ct { + #ifdef CONFIG_NF_CONNTRACK_EVENTS +- bool ctnetlink_has_listener; ++ u8 ctnetlink_has_listener; + bool ecache_dwork_pending; + #endif + u8 sysctl_log_invalid; /* Log invalid packets */ +--- a/net/netfilter/nfnetlink.c ++++ b/net/netfilter/nfnetlink.c +@@ -44,6 +44,10 @@ MODULE_DESCRIPTION("Netfilter messages v + + static unsigned int nfnetlink_pernet_id __read_mostly; + ++#ifdef CONFIG_NF_CONNTRACK_EVENTS ++static DEFINE_SPINLOCK(nfnl_grp_active_lock); ++#endif ++ + struct nfnl_net { + struct sock *nfnl; + }; +@@ -654,6 +658,44 @@ static void nfnetlink_rcv(struct sk_buff + netlink_rcv_skb(skb, nfnetlink_rcv_msg); + } + ++static void nfnetlink_bind_event(struct net *net, unsigned int group) ++{ ++#ifdef CONFIG_NF_CONNTRACK_EVENTS ++ int type, group_bit; ++ u8 v; ++ ++ /* All NFNLGRP_CONNTRACK_* group bits fit into u8. ++ * The other groups are not relevant and can be ignored. ++ */ ++ if (group >= 8) ++ return; ++ ++ type = nfnl_group2type[group]; ++ ++ switch (type) { ++ case NFNL_SUBSYS_CTNETLINK: ++ break; ++ case NFNL_SUBSYS_CTNETLINK_EXP: ++ break; ++ default: ++ return; ++ } ++ ++ group_bit = (1 << group); ++ ++ spin_lock(&nfnl_grp_active_lock); ++ v = READ_ONCE(net->ct.ctnetlink_has_listener); ++ if ((v & group_bit) == 0) { ++ v |= group_bit; ++ ++ /* read concurrently without nfnl_grp_active_lock held. */ ++ WRITE_ONCE(net->ct.ctnetlink_has_listener, v); ++ } ++ ++ spin_unlock(&nfnl_grp_active_lock); ++#endif ++} ++ + static int nfnetlink_bind(struct net *net, int group) + { + const struct nfnetlink_subsystem *ss; +@@ -670,28 +712,45 @@ static int nfnetlink_bind(struct net *ne + if (!ss) + request_module_nowait("nfnetlink-subsys-%d", type); + +-#ifdef CONFIG_NF_CONNTRACK_EVENTS +- if (type == NFNL_SUBSYS_CTNETLINK) { +- nfnl_lock(NFNL_SUBSYS_CTNETLINK); +- WRITE_ONCE(net->ct.ctnetlink_has_listener, true); +- nfnl_unlock(NFNL_SUBSYS_CTNETLINK); +- } +-#endif ++ nfnetlink_bind_event(net, group); + return 0; + } + + static void nfnetlink_unbind(struct net *net, int group) + { + #ifdef CONFIG_NF_CONNTRACK_EVENTS ++ int type, group_bit; ++ + if (group <= NFNLGRP_NONE || group > NFNLGRP_MAX) + return; + +- if (nfnl_group2type[group] == NFNL_SUBSYS_CTNETLINK) { +- nfnl_lock(NFNL_SUBSYS_CTNETLINK); +- if (!nfnetlink_has_listeners(net, group)) +- WRITE_ONCE(net->ct.ctnetlink_has_listener, false); +- nfnl_unlock(NFNL_SUBSYS_CTNETLINK); ++ type = nfnl_group2type[group]; ++ ++ switch (type) { ++ case NFNL_SUBSYS_CTNETLINK: ++ break; ++ case NFNL_SUBSYS_CTNETLINK_EXP: ++ break; ++ default: ++ return; ++ } ++ ++ /* ctnetlink_has_listener is u8 */ ++ if (group >= 8) ++ return; ++ ++ group_bit = (1 << group); ++ ++ spin_lock(&nfnl_grp_active_lock); ++ if (!nfnetlink_has_listeners(net, group)) { ++ u8 v = READ_ONCE(net->ct.ctnetlink_has_listener); ++ ++ v &= ~group_bit; ++ ++ /* read concurrently without nfnl_grp_active_lock held. */ ++ WRITE_ONCE(net->ct.ctnetlink_has_listener, v); + } ++ spin_unlock(&nfnl_grp_active_lock); + #endif + } + diff --git a/queue-5.19/nios2-add-force_successful_syscall_return.patch b/queue-5.19/nios2-add-force_successful_syscall_return.patch new file mode 100644 index 00000000000..e73fb22bfd4 --- /dev/null +++ b/queue-5.19/nios2-add-force_successful_syscall_return.patch @@ -0,0 +1,61 @@ +From fd0c153daad135d0ec1a53c5dbe6936a724d6ae1 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:09:45 +0100 +Subject: nios2: add force_successful_syscall_return() + +From: Al Viro + +commit fd0c153daad135d0ec1a53c5dbe6936a724d6ae1 upstream. + +If we use the ancient SysV syscall ABI, we'd better have tell the +kernel how to claim that a negative return value is a success. +Use ->orig_r2 for that - it's inaccessible via ptrace, so it's +a fair game for changes and it's normally[*] non-negative on return +from syscall. Set to -1; syscall is not going to be restart-worthy +by definition, so we won't interfere with that use either. + +[*] the only exception is rt_sigreturn(), where we skip the entire +messing with r1/r2 anyway. + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/include/asm/ptrace.h | 2 ++ + arch/nios2/kernel/entry.S | 6 ++++++ + 2 files changed, 8 insertions(+) + +--- a/arch/nios2/include/asm/ptrace.h ++++ b/arch/nios2/include/asm/ptrace.h +@@ -74,6 +74,8 @@ extern void show_regs(struct pt_regs *); + ((struct pt_regs *)((unsigned long)current_thread_info() + THREAD_SIZE)\ + - 1) + ++#define force_successful_syscall_return() (current_pt_regs()->orig_r2 = -1) ++ + int do_syscall_trace_enter(void); + void do_syscall_trace_exit(void); + #endif /* __ASSEMBLY__ */ +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -213,6 +213,9 @@ local_restart: + translate_rc_and_ret: + movi r1, 0 + bge r2, zero, 3f ++ ldw r1, PT_ORIG_R2(sp) ++ addi r1, r1, 1 ++ beq r1, zero, 3f + sub r2, zero, r2 + movi r1, 1 + 3: +@@ -276,6 +279,9 @@ traced_system_call: + translate_rc_and_ret2: + movi r1, 0 + bge r2, zero, 4f ++ ldw r1, PT_ORIG_R2(sp) ++ addi r1, r1, 1 ++ beq r1, zero, 4f + sub r2, zero, r2 + movi r1, 1 + 4: diff --git a/queue-5.19/nios2-don-t-leave-nulls-in-sys_call_table.patch b/queue-5.19/nios2-don-t-leave-nulls-in-sys_call_table.patch new file mode 100644 index 00000000000..a83b33b1518 --- /dev/null +++ b/queue-5.19/nios2-don-t-leave-nulls-in-sys_call_table.patch @@ -0,0 +1,39 @@ +From 45ec746c65097c25e77d24eae8fee0def5b6cc5d Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:06:46 +0100 +Subject: nios2: don't leave NULLs in sys_call_table[] + +From: Al Viro + +commit 45ec746c65097c25e77d24eae8fee0def5b6cc5d upstream. + +fill the gaps in there with sys_ni_syscall, as everyone does... + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/entry.S | 1 - + arch/nios2/kernel/syscall_table.c | 1 + + 2 files changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -193,7 +193,6 @@ local_restart: + movhi r11, %hiadj(sys_call_table) + add r1, r1, r11 + ldw r1, %lo(sys_call_table)(r1) +- beq r1, r0, ret_invsyscall + + /* Check if we are being traced */ + GET_THREAD_INFO r11 +--- a/arch/nios2/kernel/syscall_table.c ++++ b/arch/nios2/kernel/syscall_table.c +@@ -13,5 +13,6 @@ + #define __SYSCALL(nr, call) [nr] = (call), + + void *sys_call_table[__NR_syscalls] = { ++ [0 ... __NR_syscalls-1] = sys_ni_syscall, + #include + }; diff --git a/queue-5.19/nios2-fix-syscall-restart-checks.patch b/queue-5.19/nios2-fix-syscall-restart-checks.patch new file mode 100644 index 00000000000..7bf7775e13c --- /dev/null +++ b/queue-5.19/nios2-fix-syscall-restart-checks.patch @@ -0,0 +1,35 @@ +From 2d631bd58fe0ea3e3350212e23c9aba1fb606514 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:08:48 +0100 +Subject: nios2: fix syscall restart checks + +From: Al Viro + +commit 2d631bd58fe0ea3e3350212e23c9aba1fb606514 upstream. + +sys_foo() returns -512 (aka -ERESTARTSYS) => do_signal() sees +512 in r2 and 1 in r1. + +sys_foo() returns 512 => do_signal() sees 512 in r2 and 0 in r1. + +The former is restart-worthy; the latter obviously isn't. + +Fixes: b53e906d255d ("nios2: Signal handling support") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/signal.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nios2/kernel/signal.c ++++ b/arch/nios2/kernel/signal.c +@@ -242,7 +242,7 @@ static int do_signal(struct pt_regs *reg + /* + * If we were from a system call, check for system call restarting... + */ +- if (regs->orig_r2 >= 0) { ++ if (regs->orig_r2 >= 0 && regs->r1) { + continue_addr = regs->ea; + restart_addr = continue_addr - 4; + retval = regs->r2; diff --git a/queue-5.19/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch b/queue-5.19/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch new file mode 100644 index 00000000000..fc2926aab78 --- /dev/null +++ b/queue-5.19/nios2-page-fault-et.al.-are-not-restartable-syscalls.patch @@ -0,0 +1,53 @@ +From 8535c239ac674f7ead0f2652932d35c52c4123b2 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:06:04 +0100 +Subject: nios2: page fault et.al. are *not* restartable syscalls... + +From: Al Viro + +commit 8535c239ac674f7ead0f2652932d35c52c4123b2 upstream. + +make sure that ->orig_r2 is negative for everything except +the syscalls. + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/include/asm/entry.h | 3 ++- + arch/nios2/kernel/entry.S | 4 +--- + 2 files changed, 3 insertions(+), 4 deletions(-) + +--- a/arch/nios2/include/asm/entry.h ++++ b/arch/nios2/include/asm/entry.h +@@ -50,7 +50,8 @@ + stw r13, PT_R13(sp) + stw r14, PT_R14(sp) + stw r15, PT_R15(sp) +- stw r2, PT_ORIG_R2(sp) ++ movi r24, -1 ++ stw r24, PT_ORIG_R2(sp) + stw r7, PT_ORIG_R7(sp) + + stw ra, PT_RA(sp) +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -185,6 +185,7 @@ ENTRY(handle_system_call) + ldw r5, PT_R5(sp) + + local_restart: ++ stw r2, PT_ORIG_R2(sp) + /* Check that the requested system call is within limits */ + movui r1, __NR_syscalls + bgeu r2, r1, ret_invsyscall +@@ -336,9 +337,6 @@ external_interrupt: + /* skip if no interrupt is pending */ + beq r12, r0, ret_from_interrupt + +- movi r24, -1 +- stw r24, PT_ORIG_R2(sp) +- + /* + * Process an external hardware interrupt. + */ diff --git a/queue-5.19/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch b/queue-5.19/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch new file mode 100644 index 00000000000..4c06ad1c9da --- /dev/null +++ b/queue-5.19/nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch @@ -0,0 +1,27 @@ +From 411a76b7219555c55867466c82d70ce928d6c9e1 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:09:16 +0100 +Subject: nios2: restarts apply only to the first sigframe we build... + +From: Al Viro + +commit 411a76b7219555c55867466c82d70ce928d6c9e1 upstream. + +Fixes: b53e906d255d ("nios2: Signal handling support") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/signal.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/nios2/kernel/signal.c ++++ b/arch/nios2/kernel/signal.c +@@ -264,6 +264,7 @@ static int do_signal(struct pt_regs *reg + regs->ea = restart_addr; + break; + } ++ regs->orig_r2 = -1; + } + + if (get_signal(&ksig)) { diff --git a/queue-5.19/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch b/queue-5.19/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch new file mode 100644 index 00000000000..8b6a0e84d6b --- /dev/null +++ b/queue-5.19/nios2-traced-syscall-does-need-to-check-the-syscall-number.patch @@ -0,0 +1,47 @@ +From 25ba820ef36bdbaf9884adeac69b6e1821a7df76 Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Mon, 8 Aug 2022 16:07:21 +0100 +Subject: nios2: traced syscall does need to check the syscall number + +From: Al Viro + +commit 25ba820ef36bdbaf9884adeac69b6e1821a7df76 upstream. + +all checks done before letting the tracer modify the register +state are worthless... + +Fixes: 82ed08dd1b0e ("nios2: Exception handling") +Signed-off-by: Al Viro +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/kernel/entry.S | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/arch/nios2/kernel/entry.S ++++ b/arch/nios2/kernel/entry.S +@@ -255,9 +255,9 @@ traced_system_call: + ldw r6, PT_R6(sp) + ldw r7, PT_R7(sp) + +- /* Fetch the syscall function, we don't need to check the boundaries +- * since this is already done. +- */ ++ /* Fetch the syscall function. */ ++ movui r1, __NR_syscalls ++ bgeu r2, r1, traced_invsyscall + slli r1, r2, 2 + movhi r11,%hiadj(sys_call_table) + add r1, r1, r11 +@@ -287,6 +287,11 @@ end_translate_rc_and_ret2: + RESTORE_SWITCH_STACK + br ret_from_exception + ++ /* If the syscall number was invalid return ENOSYS */ ++traced_invsyscall: ++ movi r2, -ENOSYS ++ br translate_rc_and_ret2 ++ + Luser_return: + GET_THREAD_INFO r11 /* get thread_info pointer */ + ldw r10, TI_FLAGS(r11) /* get thread_info->flags */ diff --git a/queue-5.19/rdma-cxgb4-fix-accept-failure-due-to-increased-cpl_t5_pass_accept_rpl-size.patch b/queue-5.19/rdma-cxgb4-fix-accept-failure-due-to-increased-cpl_t5_pass_accept_rpl-size.patch new file mode 100644 index 00000000000..b94799b6a9e --- /dev/null +++ b/queue-5.19/rdma-cxgb4-fix-accept-failure-due-to-increased-cpl_t5_pass_accept_rpl-size.patch @@ -0,0 +1,89 @@ +From ef0162298abf46b881e4a4d0c604d1a066228647 Mon Sep 17 00:00:00 2001 +From: Potnuri Bharat Teja +Date: Wed, 10 Aug 2022 00:11:18 +0530 +Subject: RDMA/cxgb4: fix accept failure due to increased cpl_t5_pass_accept_rpl size + +From: Potnuri Bharat Teja + +commit ef0162298abf46b881e4a4d0c604d1a066228647 upstream. + +Commit 'c2ed5611afd7' has increased the cpl_t5_pass_accept_rpl{} structure +size by 8B to avoid roundup. cpl_t5_pass_accept_rpl{} is a HW specific +structure and increasing its size will lead to unwanted adapter errors. +Current commit reverts the cpl_t5_pass_accept_rpl{} back to its original +and allocates zeroed skb buffer there by avoiding the memset for iss field. +Reorder code to minimize chip type checks. + +Fixes: c2ed5611afd7 ("iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl") +Link: https://lore.kernel.org/r/20220809184118.2029-1-rahul.lakkireddy@chelsio.com +Signed-off-by: Potnuri Bharat Teja +Signed-off-by: Rahul Lakkireddy +Reviewed-by: Kees Cook +Signed-off-by: Leon Romanovsky +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/cxgb4/cm.c | 25 ++++++++------------- + drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 2 +- + 2 files changed, 10 insertions(+), 17 deletions(-) + +diff --git a/drivers/infiniband/hw/cxgb4/cm.c b/drivers/infiniband/hw/cxgb4/cm.c +index c16017f6e8db..14392c942f49 100644 +--- a/drivers/infiniband/hw/cxgb4/cm.c ++++ b/drivers/infiniband/hw/cxgb4/cm.c +@@ -2468,31 +2468,24 @@ static int accept_cr(struct c4iw_ep *ep, struct sk_buff *skb, + opt2 |= CCTRL_ECN_V(1); + } + +- skb_get(skb); +- rpl = cplhdr(skb); + if (!is_t4(adapter_type)) { +- BUILD_BUG_ON(sizeof(*rpl5) != roundup(sizeof(*rpl5), 16)); +- skb_trim(skb, sizeof(*rpl5)); +- rpl5 = (void *)rpl; +- INIT_TP_WR(rpl5, ep->hwtid); +- } else { +- skb_trim(skb, sizeof(*rpl)); +- INIT_TP_WR(rpl, ep->hwtid); +- } +- OPCODE_TID(rpl) = cpu_to_be32(MK_OPCODE_TID(CPL_PASS_ACCEPT_RPL, +- ep->hwtid)); +- +- if (CHELSIO_CHIP_VERSION(adapter_type) > CHELSIO_T4) { + u32 isn = (prandom_u32() & ~7UL) - 1; ++ ++ skb = get_skb(skb, roundup(sizeof(*rpl5), 16), GFP_KERNEL); ++ rpl5 = __skb_put_zero(skb, roundup(sizeof(*rpl5), 16)); ++ rpl = (void *)rpl5; ++ INIT_TP_WR_CPL(rpl5, CPL_PASS_ACCEPT_RPL, ep->hwtid); + opt2 |= T5_OPT_2_VALID_F; + opt2 |= CONG_CNTRL_V(CONG_ALG_TAHOE); + opt2 |= T5_ISS_F; +- rpl5 = (void *)rpl; +- memset_after(rpl5, 0, iss); + if (peer2peer) + isn += 4; + rpl5->iss = cpu_to_be32(isn); + pr_debug("iss %u\n", be32_to_cpu(rpl5->iss)); ++ } else { ++ skb = get_skb(skb, sizeof(*rpl), GFP_KERNEL); ++ rpl = __skb_put_zero(skb, sizeof(*rpl)); ++ INIT_TP_WR_CPL(rpl, CPL_PASS_ACCEPT_RPL, ep->hwtid); + } + + rpl->opt0 = cpu_to_be64(opt0); +diff --git a/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h b/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h +index 26433a62d7f0..fed5f93bf620 100644 +--- a/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h ++++ b/drivers/net/ethernet/chelsio/cxgb4/t4_msg.h +@@ -497,7 +497,7 @@ struct cpl_t5_pass_accept_rpl { + __be32 opt2; + __be64 opt0; + __be32 iss; +- __be32 rsvd[3]; ++ __be32 rsvd; + }; + + struct cpl_act_open_req { +-- +2.37.2 + diff --git a/queue-5.19/rdma-mlx5-use-the-proper-number-of-ports.patch b/queue-5.19/rdma-mlx5-use-the-proper-number-of-ports.patch new file mode 100644 index 00000000000..a545a2c43c9 --- /dev/null +++ b/queue-5.19/rdma-mlx5-use-the-proper-number-of-ports.patch @@ -0,0 +1,72 @@ +From 4b83c3caf289b80acecc539c79f10a6937cc42dd Mon Sep 17 00:00:00 2001 +From: Mark Bloch +Date: Mon, 8 Aug 2022 10:48:06 +0300 +Subject: RDMA/mlx5: Use the proper number of ports + +From: Mark Bloch + +commit 4b83c3caf289b80acecc539c79f10a6937cc42dd upstream. + +The cited commit allowed the driver to operate over HCAs that have +4 physical ports. Use the number of ports of the RDMA device in the for +loop instead of using the struct size. + +Fixes: 4cd14d44b11d ("net/mlx5: Support devices with more than 2 ports") +Link: https://lore.kernel.org/r/a54a56c2ede16044a29d119209b35189c662ac72.1659944855.git.leonro@nvidia.com +Signed-off-by: Mark Bloch +Signed-off-by: Leon Romanovsky +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/mlx5/main.c | 34 +++++++++++++++---------------- + 1 file changed, 16 insertions(+), 18 deletions(-) + +diff --git a/drivers/infiniband/hw/mlx5/main.c b/drivers/infiniband/hw/mlx5/main.c +index a174a0eee8dc..fc94a1b25485 100644 +--- a/drivers/infiniband/hw/mlx5/main.c ++++ b/drivers/infiniband/hw/mlx5/main.c +@@ -2738,26 +2738,24 @@ static int set_has_smi_cap(struct mlx5_ib_dev *dev) + int err; + int port; + +- for (port = 1; port <= ARRAY_SIZE(dev->port_caps); port++) { +- dev->port_caps[port - 1].has_smi = false; +- if (MLX5_CAP_GEN(dev->mdev, port_type) == +- MLX5_CAP_PORT_TYPE_IB) { +- if (MLX5_CAP_GEN(dev->mdev, ib_virt)) { +- err = mlx5_query_hca_vport_context(dev->mdev, 0, +- port, 0, +- &vport_ctx); +- if (err) { +- mlx5_ib_err(dev, "query_hca_vport_context for port=%d failed %d\n", +- port, err); +- return err; +- } +- dev->port_caps[port - 1].has_smi = +- vport_ctx.has_smi; +- } else { +- dev->port_caps[port - 1].has_smi = true; +- } ++ if (MLX5_CAP_GEN(dev->mdev, port_type) != MLX5_CAP_PORT_TYPE_IB) ++ return 0; ++ ++ for (port = 1; port <= dev->num_ports; port++) { ++ if (!MLX5_CAP_GEN(dev->mdev, ib_virt)) { ++ dev->port_caps[port - 1].has_smi = true; ++ continue; + } ++ err = mlx5_query_hca_vport_context(dev->mdev, 0, port, 0, ++ &vport_ctx); ++ if (err) { ++ mlx5_ib_err(dev, "query_hca_vport_context for port=%d failed %d\n", ++ port, err); ++ return err; ++ } ++ dev->port_caps[port - 1].has_smi = vport_ctx.has_smi; + } ++ + return 0; + } + +-- +2.37.2 + diff --git a/queue-5.19/series b/queue-5.19/series index 0f2a91f032b..0d299b37c3d 100644 --- a/queue-5.19/series +++ b/queue-5.19/series @@ -163,3 +163,27 @@ fs-ntfs3-don-t-clear-upper-bits-accidentally-in-log_replay.patch fs-ntfs3-fix-double-free-on-remount.patch fs-ntfs3-do-not-change-mode-if-ntfs_set_ea-failed.patch fs-ntfs3-fix-missing-i_op-in-ntfs_read_mft.patch +nios2-page-fault-et.al.-are-not-restartable-syscalls.patch +nios2-don-t-leave-nulls-in-sys_call_table.patch +nios2-traced-syscall-does-need-to-check-the-syscall-number.patch +nios2-fix-syscall-restart-checks.patch +nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch +nios2-add-force_successful_syscall_return.patch +iavf-fix-adminq-error-handling.patch +iavf-fix-null-pointer-dereference-in-iavf_get_link_ksettings.patch +iavf-fix-reset-error-handling.patch +iavf-fix-deadlock-in-initialization.patch +asoc-intel-avs-fix-potential-buffer-overflow-by-snprintf.patch +asoc-sof-debug-fix-potential-buffer-overflow-by-snprintf.patch +asoc-sof-intel-hda-fix-potential-buffer-overflow-by-snprintf.patch +asoc-dpcm-don-t-pick-up-be-without-substream.patch +asoc-tas2770-set-correct-fsync-polarity.patch +asoc-tas2770-allow-mono-streams.patch +asoc-tas2770-drop-conflicting-set_bias_level-power-setting.patch +asoc-tas2770-fix-handling-of-mute-unmute.patch +asoc-codec-tlv320aic32x4-fix-mono-playback-via-i2s.patch +ib-iser-fix-login-with-authentication.patch +rdma-mlx5-use-the-proper-number-of-ports.patch +rdma-cxgb4-fix-accept-failure-due-to-increased-cpl_t5_pass_accept_rpl-size.patch +netfilter-nfnetlink-re-enable-conntrack-expectation-events.patch +netfilter-nf_tables-use-read_once-and-write_once-for-shared-generation-id-access.patch