From: Greg Kroah-Hartman Date: Sun, 11 Jul 2021 18:13:08 +0000 (+0200) Subject: 5.13-stable patches X-Git-Tag: v5.4.132~22 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eba51ba06390df029abdef060e64d98ccec55b2b;p=thirdparty%2Fkernel%2Fstable-queue.git 5.13-stable patches added patches: block-return-the-correct-bvec-when-checking-for-gaps.patch erofs-fix-error-return-code-in-erofs_read_superblock.patch exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch io_uring-fix-blocking-inline-submission.patch mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch media-exynos4-is-remove-a-now-unused-integer.patch mmc-block-disable-cmdq-on-the-ioctl-path.patch mmc-vub3000-fix-control-request-direction.patch scsi-fc-correct-rhba-attributes-length.patch scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch --- diff --git a/queue-5.13/block-return-the-correct-bvec-when-checking-for-gaps.patch b/queue-5.13/block-return-the-correct-bvec-when-checking-for-gaps.patch new file mode 100644 index 00000000000..d63b7fbda09 --- /dev/null +++ b/queue-5.13/block-return-the-correct-bvec-when-checking-for-gaps.patch @@ -0,0 +1,81 @@ +From c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 Mon Sep 17 00:00:00 2001 +From: Long Li +Date: Mon, 7 Jun 2021 12:34:05 -0700 +Subject: block: return the correct bvec when checking for gaps + +From: Long Li + +commit c9c9762d4d44dcb1b2ba90cfb4122dc11ceebf31 upstream. + +After commit 07173c3ec276 ("block: enable multipage bvecs"), a bvec can +have multiple pages. But bio_will_gap() still assumes one page bvec while +checking for merging. If the pages in the bvec go across the +seg_boundary_mask, this check for merging can potentially succeed if only +the 1st page is tested, and can fail if all the pages are tested. + +Later, when SCSI builds the SG list the same check for merging is done in +__blk_segment_map_sg_merge() with all the pages in the bvec tested. This +time the check may fail if the pages in bvec go across the +seg_boundary_mask (but tested okay in bio_will_gap() earlier, so those +BIOs were merged). If this check fails, we end up with a broken SG list +for drivers assuming the SG list not having offsets in intermediate pages. +This results in incorrect pages written to the disk. + +Fix this by returning the multi-page bvec when testing gaps for merging. + +Cc: Jens Axboe +Cc: Johannes Thumshirn +Cc: Pavel Begunkov +Cc: Ming Lei +Cc: Tejun Heo +Cc: "Matthew Wilcox (Oracle)" +Cc: Jeffle Xu +Cc: linux-kernel@vger.kernel.org +Cc: stable@vger.kernel.org +Fixes: 07173c3ec276 ("block: enable multipage bvecs") +Signed-off-by: Long Li +Reviewed-by: Ming Lei +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/1623094445-22332-1-git-send-email-longli@linuxonhyperv.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + include/linux/bio.h | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +--- a/include/linux/bio.h ++++ b/include/linux/bio.h +@@ -44,9 +44,6 @@ static inline unsigned int bio_max_segs( + #define bio_offset(bio) bio_iter_offset((bio), (bio)->bi_iter) + #define bio_iovec(bio) bio_iter_iovec((bio), (bio)->bi_iter) + +-#define bio_multiple_segments(bio) \ +- ((bio)->bi_iter.bi_size != bio_iovec(bio).bv_len) +- + #define bvec_iter_sectors(iter) ((iter).bi_size >> 9) + #define bvec_iter_end_sector(iter) ((iter).bi_sector + bvec_iter_sectors((iter))) + +@@ -271,7 +268,7 @@ static inline void bio_clear_flag(struct + + static inline void bio_get_first_bvec(struct bio *bio, struct bio_vec *bv) + { +- *bv = bio_iovec(bio); ++ *bv = mp_bvec_iter_bvec(bio->bi_io_vec, bio->bi_iter); + } + + static inline void bio_get_last_bvec(struct bio *bio, struct bio_vec *bv) +@@ -279,10 +276,9 @@ static inline void bio_get_last_bvec(str + struct bvec_iter iter = bio->bi_iter; + int idx; + +- if (unlikely(!bio_multiple_segments(bio))) { +- *bv = bio_iovec(bio); +- return; +- } ++ bio_get_first_bvec(bio, bv); ++ if (bv->bv_len == bio->bi_iter.bi_size) ++ return; /* this bio only has a single bvec */ + + bio_advance_iter(bio, &iter, iter.bi_size); + diff --git a/queue-5.13/erofs-fix-error-return-code-in-erofs_read_superblock.patch b/queue-5.13/erofs-fix-error-return-code-in-erofs_read_superblock.patch new file mode 100644 index 00000000000..73792aa94cd --- /dev/null +++ b/queue-5.13/erofs-fix-error-return-code-in-erofs_read_superblock.patch @@ -0,0 +1,37 @@ +From 0508c1ad0f264a24c4643701823a45f6c9bd8146 Mon Sep 17 00:00:00 2001 +From: Wei Yongjun +Date: Wed, 19 May 2021 14:16:57 +0000 +Subject: erofs: fix error return code in erofs_read_superblock() + +From: Wei Yongjun + +commit 0508c1ad0f264a24c4643701823a45f6c9bd8146 upstream. + +'ret' will be overwritten to 0 if erofs_sb_has_sb_chksum() return true, +thus 0 will return in some error handling cases. Fix to return negative +error code -EINVAL instead of 0. + +Link: https://lore.kernel.org/r/20210519141657.3062715-1-weiyongjun1@huawei.com +Fixes: b858a4844cfb ("erofs: support superblock checksum") +Cc: stable # 5.5+ +Reported-by: Hulk Robot +Signed-off-by: Wei Yongjun +Reviewed-by: Gao Xiang +Reviewed-by: Chao Yu +Signed-off-by: Gao Xiang +Signed-off-by: Greg Kroah-Hartman + +--- + fs/erofs/super.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/erofs/super.c ++++ b/fs/erofs/super.c +@@ -285,6 +285,7 @@ static int erofs_read_superblock(struct + goto out; + } + ++ ret = -EINVAL; + blkszbits = dsb->blkszbits; + /* 9(512 bytes) + LOG_SECTORS_PER_BLOCK == LOG_BLOCK_SIZE */ + if (blkszbits != LOG_BLOCK_SIZE) { diff --git a/queue-5.13/exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch b/queue-5.13/exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch new file mode 100644 index 00000000000..3db145bd5b6 --- /dev/null +++ b/queue-5.13/exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch @@ -0,0 +1,69 @@ +From 1e5654de0f51890f88abd409ebf4867782431e81 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Fri, 11 Jun 2021 09:40:24 +0900 +Subject: exfat: handle wrong stream entry size in exfat_readdir() + +From: Namjae Jeon + +commit 1e5654de0f51890f88abd409ebf4867782431e81 upstream. + +The compatibility issue between linux exfat and exfat of some camera +company was reported from Florian. In their exfat, if the number of files +exceeds any limit, the DataLength in stream entry of the directory is +no longer updated. So some files created from camera does not show in +linux exfat. because linux exfat doesn't allow that cpos becomes larger +than DataLength of stream entry. This patch check DataLength in stream +entry only if the type is ALLOC_NO_FAT_CHAIN and add the check ensure +that dentry offset does not exceed max dentries size(256 MB) to avoid +the circular FAT chain issue. + +Fixes: ca06197382bd ("exfat: add directory operations") +Cc: stable@vger.kernel.org # v5.9 +Reported-by: Florian Cramer +Reviewed-by: Sungjong Seo +Tested-by: Chris Down +Signed-off-by: Namjae Jeon +Signed-off-by: Greg Kroah-Hartman + +--- + fs/exfat/dir.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/fs/exfat/dir.c ++++ b/fs/exfat/dir.c +@@ -63,7 +63,7 @@ static void exfat_get_uniname_from_ext_e + static int exfat_readdir(struct inode *inode, loff_t *cpos, struct exfat_dir_entry *dir_entry) + { + int i, dentries_per_clu, dentries_per_clu_bits = 0, num_ext; +- unsigned int type, clu_offset; ++ unsigned int type, clu_offset, max_dentries; + sector_t sector; + struct exfat_chain dir, clu; + struct exfat_uni_name uni_name; +@@ -86,6 +86,8 @@ static int exfat_readdir(struct inode *i + + dentries_per_clu = sbi->dentries_per_clu; + dentries_per_clu_bits = ilog2(dentries_per_clu); ++ max_dentries = (unsigned int)min_t(u64, MAX_EXFAT_DENTRIES, ++ (u64)sbi->num_clusters << dentries_per_clu_bits); + + clu_offset = dentry >> dentries_per_clu_bits; + exfat_chain_dup(&clu, &dir); +@@ -109,7 +111,7 @@ static int exfat_readdir(struct inode *i + } + } + +- while (clu.dir != EXFAT_EOF_CLUSTER) { ++ while (clu.dir != EXFAT_EOF_CLUSTER && dentry < max_dentries) { + i = dentry & (dentries_per_clu - 1); + + for ( ; i < dentries_per_clu; i++, dentry++) { +@@ -245,7 +247,7 @@ static int exfat_iterate(struct file *fi + if (err) + goto unlock; + get_new: +- if (cpos >= i_size_read(inode)) ++ if (ei->flags == ALLOC_NO_FAT_CHAIN && cpos >= i_size_read(inode)) + goto end_of_dir; + + err = exfat_readdir(inode, &cpos, &de); diff --git a/queue-5.13/fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch b/queue-5.13/fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch new file mode 100644 index 00000000000..ef64c21344d --- /dev/null +++ b/queue-5.13/fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch @@ -0,0 +1,60 @@ +From 77f30bfcfcf484da7208affd6a9e63406420bf91 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Thu, 27 May 2021 16:52:36 -0700 +Subject: fscrypt: don't ignore minor_hash when hash is 0 + +From: Eric Biggers + +commit 77f30bfcfcf484da7208affd6a9e63406420bf91 upstream. + +When initializing a no-key name, fscrypt_fname_disk_to_usr() sets the +minor_hash to 0 if the (major) hash is 0. + +This doesn't make sense because 0 is a valid hash code, so we shouldn't +ignore the filesystem-provided minor_hash in that case. Fix this by +removing the special case for 'hash == 0'. + +This is an old bug that appears to have originated when the encryption +code in ext4 and f2fs was moved into fs/crypto/. The original ext4 and +f2fs code passed the hash by pointer instead of by value. So +'if (hash)' actually made sense then, as it was checking whether a +pointer was NULL. But now the hashes are passed by value, and +filesystems just pass 0 for any hashes they don't have. There is no +need to handle this any differently from the hashes actually being 0. + +It is difficult to reproduce this bug, as it only made a difference in +the case where a filename's 32-bit major hash happened to be 0. +However, it probably had the largest chance of causing problems on +ubifs, since ubifs uses minor_hash to do lookups of no-key names, in +addition to using it as a readdir cookie. ext4 only uses minor_hash as +a readdir cookie, and f2fs doesn't use minor_hash at all. + +Fixes: 0b81d0779072 ("fs crypto: move per-file encryption from f2fs tree to fs/crypto") +Cc: # v4.6+ +Link: https://lore.kernel.org/r/20210527235236.2376556-1-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman + +--- + fs/crypto/fname.c | 10 +++------- + 1 file changed, 3 insertions(+), 7 deletions(-) + +--- a/fs/crypto/fname.c ++++ b/fs/crypto/fname.c +@@ -344,13 +344,9 @@ int fscrypt_fname_disk_to_usr(const stru + offsetof(struct fscrypt_nokey_name, sha256)); + BUILD_BUG_ON(BASE64_CHARS(FSCRYPT_NOKEY_NAME_MAX) > NAME_MAX); + +- if (hash) { +- nokey_name.dirhash[0] = hash; +- nokey_name.dirhash[1] = minor_hash; +- } else { +- nokey_name.dirhash[0] = 0; +- nokey_name.dirhash[1] = 0; +- } ++ nokey_name.dirhash[0] = hash; ++ nokey_name.dirhash[1] = minor_hash; ++ + if (iname->len <= sizeof(nokey_name.bytes)) { + memcpy(nokey_name.bytes, iname->name, iname->len); + size = offsetof(struct fscrypt_nokey_name, bytes[iname->len]); diff --git a/queue-5.13/fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch b/queue-5.13/fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch new file mode 100644 index 00000000000..a940947d977 --- /dev/null +++ b/queue-5.13/fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch @@ -0,0 +1,98 @@ +From 2fc2b430f559fdf32d5d1dd5ceaa40e12fb77bdf Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Sat, 5 Jun 2021 00:50:33 -0700 +Subject: fscrypt: fix derivation of SipHash keys on big endian CPUs + +From: Eric Biggers + +commit 2fc2b430f559fdf32d5d1dd5ceaa40e12fb77bdf upstream. + +Typically, the cryptographic APIs that fscrypt uses take keys as byte +arrays, which avoids endianness issues. However, siphash_key_t is an +exception. It is defined as 'u64 key[2];', i.e. the 128-bit key is +expected to be given directly as two 64-bit words in CPU endianness. + +fscrypt_derive_dirhash_key() and fscrypt_setup_iv_ino_lblk_32_key() +forgot to take this into account. Therefore, the SipHash keys used to +index encrypted+casefolded directories differ on big endian vs. little +endian platforms, as do the SipHash keys used to hash inode numbers for +IV_INO_LBLK_32-encrypted directories. This makes such directories +non-portable between these platforms. + +Fix this by always using the little endian order. This is a breaking +change for big endian platforms, but this should be fine in practice +since these features (encrypt+casefold support, and the IV_INO_LBLK_32 +flag) aren't known to actually be used on any big endian platforms yet. + +Fixes: aa408f835d02 ("fscrypt: derive dirhash key for casefolded directories") +Fixes: e3b1078bedd3 ("fscrypt: add support for IV_INO_LBLK_32 policies") +Cc: # v5.6+ +Link: https://lore.kernel.org/r/20210605075033.54424-1-ebiggers@kernel.org +Signed-off-by: Eric Biggers +Signed-off-by: Greg Kroah-Hartman + +--- + fs/crypto/keysetup.c | 40 ++++++++++++++++++++++++++++++++-------- + 1 file changed, 32 insertions(+), 8 deletions(-) + +--- a/fs/crypto/keysetup.c ++++ b/fs/crypto/keysetup.c +@@ -210,15 +210,40 @@ out_unlock: + return err; + } + ++/* ++ * Derive a SipHash key from the given fscrypt master key and the given ++ * application-specific information string. ++ * ++ * Note that the KDF produces a byte array, but the SipHash APIs expect the key ++ * as a pair of 64-bit words. Therefore, on big endian CPUs we have to do an ++ * endianness swap in order to get the same results as on little endian CPUs. ++ */ ++static int fscrypt_derive_siphash_key(const struct fscrypt_master_key *mk, ++ u8 context, const u8 *info, ++ unsigned int infolen, siphash_key_t *key) ++{ ++ int err; ++ ++ err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, context, info, infolen, ++ (u8 *)key, sizeof(*key)); ++ if (err) ++ return err; ++ ++ BUILD_BUG_ON(sizeof(*key) != 16); ++ BUILD_BUG_ON(ARRAY_SIZE(key->key) != 2); ++ le64_to_cpus(&key->key[0]); ++ le64_to_cpus(&key->key[1]); ++ return 0; ++} ++ + int fscrypt_derive_dirhash_key(struct fscrypt_info *ci, + const struct fscrypt_master_key *mk) + { + int err; + +- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, HKDF_CONTEXT_DIRHASH_KEY, +- ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE, +- (u8 *)&ci->ci_dirhash_key, +- sizeof(ci->ci_dirhash_key)); ++ err = fscrypt_derive_siphash_key(mk, HKDF_CONTEXT_DIRHASH_KEY, ++ ci->ci_nonce, FSCRYPT_FILE_NONCE_SIZE, ++ &ci->ci_dirhash_key); + if (err) + return err; + ci->ci_dirhash_key_initialized = true; +@@ -253,10 +278,9 @@ static int fscrypt_setup_iv_ino_lblk_32_ + if (mk->mk_ino_hash_key_initialized) + goto unlock; + +- err = fscrypt_hkdf_expand(&mk->mk_secret.hkdf, +- HKDF_CONTEXT_INODE_HASH_KEY, NULL, 0, +- (u8 *)&mk->mk_ino_hash_key, +- sizeof(mk->mk_ino_hash_key)); ++ err = fscrypt_derive_siphash_key(mk, ++ HKDF_CONTEXT_INODE_HASH_KEY, ++ NULL, 0, &mk->mk_ino_hash_key); + if (err) + goto unlock; + /* pairs with smp_load_acquire() above */ diff --git a/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch b/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch new file mode 100644 index 00000000000..d6e2dd03d91 --- /dev/null +++ b/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch @@ -0,0 +1,35 @@ +From ed7eb2592286ead7d3bfdf8adf65e65392167cc4 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Wed, 23 Jun 2021 09:04:13 -0600 +Subject: io_uring: add IOPOLL and reserved field checks to IORING_OP_RENAMEAT + +From: Jens Axboe + +commit ed7eb2592286ead7d3bfdf8adf65e65392167cc4 upstream. + +We can't support IOPOLL with non-pollable request types, and we should +check for unused/reserved fields like we do for other request types. + +Fixes: 80a261fd0032 ("io_uring: add support for IORING_OP_RENAMEAT") +Cc: stable@vger.kernel.org +Reported-by: Dmitry Kadashev +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -3453,6 +3453,10 @@ static int io_renameat_prep(struct io_ki + struct io_rename *ren = &req->rename; + const char __user *oldf, *newf; + ++ if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) ++ return -EINVAL; ++ if (sqe->ioprio || sqe->buf_index) ++ return -EINVAL; + if (unlikely(req->flags & REQ_F_FIXED_FILE)) + return -EBADF; + diff --git a/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch b/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch new file mode 100644 index 00000000000..2fc6d9ddfd2 --- /dev/null +++ b/queue-5.13/io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch @@ -0,0 +1,35 @@ +From 22634bc5620d29765e5199c7b230a372c7ddcda2 Mon Sep 17 00:00:00 2001 +From: Jens Axboe +Date: Wed, 23 Jun 2021 09:07:45 -0600 +Subject: io_uring: add IOPOLL and reserved field checks to IORING_OP_UNLINKAT + +From: Jens Axboe + +commit 22634bc5620d29765e5199c7b230a372c7ddcda2 upstream. + +We can't support IOPOLL with non-pollable request types, and we should +check for unused/reserved fields like we do for other request types. + +Fixes: 14a1143b68ee ("io_uring: add support for IORING_OP_UNLINKAT") +Cc: stable@vger.kernel.org +Reported-by: Dmitry Kadashev +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -3504,6 +3504,10 @@ static int io_unlinkat_prep(struct io_ki + struct io_unlink *un = &req->unlink; + const char __user *fname; + ++ if (unlikely(req->ctx->flags & IORING_SETUP_IOPOLL)) ++ return -EINVAL; ++ if (sqe->ioprio || sqe->off || sqe->len || sqe->buf_index) ++ return -EINVAL; + if (unlikely(req->flags & REQ_F_FIXED_FILE)) + return -EBADF; + diff --git a/queue-5.13/io_uring-fix-blocking-inline-submission.patch b/queue-5.13/io_uring-fix-blocking-inline-submission.patch new file mode 100644 index 00000000000..9651b635983 --- /dev/null +++ b/queue-5.13/io_uring-fix-blocking-inline-submission.patch @@ -0,0 +1,40 @@ +From 976517f162a05f4315b2373fd11585c395506259 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 9 Jun 2021 12:07:25 +0100 +Subject: io_uring: fix blocking inline submission + +From: Pavel Begunkov + +commit 976517f162a05f4315b2373fd11585c395506259 upstream. + +There is a complaint against sys_io_uring_enter() blocking if it submits +stdin reads. The problem is in __io_file_supports_async(), which +sees that it's a cdev and allows it to be processed inline. + +Punt char devices using generic rules of io_file_supports_async(), +including checking for presence of *_iter() versions of rw callbacks. +Apparently, it will affect most of cdevs with some exceptions like +null and zero devices. + +Cc: stable@vger.kernel.org +Reported-by: Birk Hirdman +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/d60270856b8a4560a639ef5f76e55eb563633599.1623236455.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman + +--- + fs/io_uring.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -2621,7 +2621,7 @@ static bool __io_file_supports_async(str + return true; + return false; + } +- if (S_ISCHR(mode) || S_ISSOCK(mode)) ++ if (S_ISSOCK(mode)) + return true; + if (S_ISREG(mode)) { + if (IS_ENABLED(CONFIG_BLOCK) && diff --git a/queue-5.13/mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch b/queue-5.13/mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch new file mode 100644 index 00000000000..6d8686e0d63 --- /dev/null +++ b/queue-5.13/mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch @@ -0,0 +1,51 @@ +From d6fbfdbc12745ce24bcd348dbf7e652353b3e59c Mon Sep 17 00:00:00 2001 +From: Sibi Sankar +Date: Wed, 16 Jun 2021 23:12:58 +0530 +Subject: mailbox: qcom-ipcc: Fix IPCC mbox channel exhaustion + +From: Sibi Sankar + +commit d6fbfdbc12745ce24bcd348dbf7e652353b3e59c upstream. + +Fix IPCC (Inter-Processor Communication Controller) channel exhaustion by +setting the channel private data to NULL on mbox shutdown. + +Err Logs: +remoteproc: MBA booted without debug policy, loading mpss +remoteproc: glink-edge: failed to acquire IPC channel +remoteproc: failed to probe subdevices for remoteproc: -16 + +Fixes: fa74a0257f45 ("mailbox: Add support for Qualcomm IPCC") +Signed-off-by: Sibi Sankar +Cc: stable@vger.kernel.org +Reviewed-by: Bjorn Andersson +Reviewed-by: Manivannan Sadhasivam +Signed-off-by: Jassi Brar +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mailbox/qcom-ipcc.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/mailbox/qcom-ipcc.c ++++ b/drivers/mailbox/qcom-ipcc.c +@@ -155,6 +155,11 @@ static int qcom_ipcc_mbox_send_data(stru + return 0; + } + ++static void qcom_ipcc_mbox_shutdown(struct mbox_chan *chan) ++{ ++ chan->con_priv = NULL; ++} ++ + static struct mbox_chan *qcom_ipcc_mbox_xlate(struct mbox_controller *mbox, + const struct of_phandle_args *ph) + { +@@ -184,6 +189,7 @@ static struct mbox_chan *qcom_ipcc_mbox_ + + static const struct mbox_chan_ops ipcc_mbox_chan_ops = { + .send_data = qcom_ipcc_mbox_send_data, ++ .shutdown = qcom_ipcc_mbox_shutdown, + }; + + static int qcom_ipcc_setup_mbox(struct qcom_ipcc *ipcc) diff --git a/queue-5.13/media-exynos4-is-remove-a-now-unused-integer.patch b/queue-5.13/media-exynos4-is-remove-a-now-unused-integer.patch new file mode 100644 index 00000000000..18b9aebd828 --- /dev/null +++ b/queue-5.13/media-exynos4-is-remove-a-now-unused-integer.patch @@ -0,0 +1,31 @@ +From 29dd19e3ac7b2a8671ebeac02859232ce0e34f58 Mon Sep 17 00:00:00 2001 +From: Mauro Carvalho Chehab +Date: Tue, 11 May 2021 17:03:21 +0200 +Subject: media: exynos4-is: remove a now unused integer + +From: Mauro Carvalho Chehab + +commit 29dd19e3ac7b2a8671ebeac02859232ce0e34f58 upstream. + +The usage of pm_runtime_resume_and_get() removed the need of a +temporary integer. So, drop it. + +Fixes: 59f96244af94 ("media: exynos4-is: fix pm_runtime_get_sync() usage count") +Reported-by: Stephen Rothwell +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/media/platform/exynos4-is/media-dev.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/media/platform/exynos4-is/media-dev.c ++++ b/drivers/media/platform/exynos4-is/media-dev.c +@@ -1284,7 +1284,6 @@ static DEVICE_ATTR(subdev_conf_mode, S_I + static int cam_clk_prepare(struct clk_hw *hw) + { + struct cam_clk *camclk = to_cam_clk(hw); +- int ret; + + if (camclk->fmd->pmf == NULL) + return -ENODEV; diff --git a/queue-5.13/mmc-block-disable-cmdq-on-the-ioctl-path.patch b/queue-5.13/mmc-block-disable-cmdq-on-the-ioctl-path.patch new file mode 100644 index 00000000000..0b1d9f4e912 --- /dev/null +++ b/queue-5.13/mmc-block-disable-cmdq-on-the-ioctl-path.patch @@ -0,0 +1,59 @@ +From 70b52f09080565030a530a784f1c9948a7f48ca3 Mon Sep 17 00:00:00 2001 +From: Bean Huo +Date: Tue, 4 May 2021 22:32:09 +0200 +Subject: mmc: block: Disable CMDQ on the ioctl path +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Bean Huo + +commit 70b52f09080565030a530a784f1c9948a7f48ca3 upstream. + +According to the eMMC Spec: +"When command queuing is enabled (CMDQ Mode En bit in CMDQ_MODE_EN +field is set to ‘1’) class 11 commands are the only method through +which data transfer tasks can be issued. Existing data transfer +commands, namely CMD18/CMD17 and CMD25/CMD24, are not supported when +command queuing is enabled." +which means if CMDQ is enabled, the FFU commands will not be supported. +To fix this issue, just simply disable CMDQ on the ioctl path, and +re-enable CMDQ once ioctl request is completed. + +Tested-by: Michael Brunner +Signed-off-by: Bean Huo +Acked-by: Adrian Hunter +Fixes: 1e8e55b67030 (mmc: block: Add CQE support) +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20210504203209.361597-1-huobean@gmail.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/core/block.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/drivers/mmc/core/block.c ++++ b/drivers/mmc/core/block.c +@@ -1004,6 +1004,12 @@ static void mmc_blk_issue_drv_op(struct + + switch (mq_rq->drv_op) { + case MMC_DRV_OP_IOCTL: ++ if (card->ext_csd.cmdq_en) { ++ ret = mmc_cmdq_disable(card); ++ if (ret) ++ break; ++ } ++ fallthrough; + case MMC_DRV_OP_IOCTL_RPMB: + idata = mq_rq->drv_op_data; + for (i = 0, ret = 0; i < mq_rq->ioc_count; i++) { +@@ -1014,6 +1020,8 @@ static void mmc_blk_issue_drv_op(struct + /* Always switch back to main area after RPMB access */ + if (rpmb_ioctl) + mmc_blk_part_switch(card, 0); ++ else if (card->reenable_cmdq && !card->ext_csd.cmdq_en) ++ mmc_cmdq_enable(card); + break; + case MMC_DRV_OP_BOOT_WP: + ret = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL, EXT_CSD_BOOT_WP, diff --git a/queue-5.13/mmc-vub3000-fix-control-request-direction.patch b/queue-5.13/mmc-vub3000-fix-control-request-direction.patch new file mode 100644 index 00000000000..57240b9b2f6 --- /dev/null +++ b/queue-5.13/mmc-vub3000-fix-control-request-direction.patch @@ -0,0 +1,38 @@ +From 3c0bb3107703d2c58f7a0a7a2060bb57bc120326 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Fri, 21 May 2021 15:30:26 +0200 +Subject: mmc: vub3000: fix control-request direction + +From: Johan Hovold + +commit 3c0bb3107703d2c58f7a0a7a2060bb57bc120326 upstream. + +The direction of the pipe argument must match the request-type direction +bit or control requests may fail depending on the host-controller-driver +implementation. + +Fix the SET_ROM_WAIT_STATES request which erroneously used +usb_rcvctrlpipe(). + +Fixes: 88095e7b473a ("mmc: Add new VUB300 USB-to-SD/SDIO/MMC driver") +Cc: stable@vger.kernel.org # 3.0 +Signed-off-by: Johan Hovold +Link: https://lore.kernel.org/r/20210521133026.17296-1-johan@kernel.org +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/mmc/host/vub300.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/mmc/host/vub300.c ++++ b/drivers/mmc/host/vub300.c +@@ -2279,7 +2279,7 @@ static int vub300_probe(struct usb_inter + if (retval < 0) + goto error5; + retval = +- usb_control_msg(vub300->udev, usb_rcvctrlpipe(vub300->udev, 0), ++ usb_control_msg(vub300->udev, usb_sndctrlpipe(vub300->udev, 0), + SET_ROM_WAIT_STATES, + USB_DIR_OUT | USB_TYPE_VENDOR | USB_RECIP_DEVICE, + firmware_rom_wait_states, 0x0000, NULL, 0, HZ); diff --git a/queue-5.13/scsi-fc-correct-rhba-attributes-length.patch b/queue-5.13/scsi-fc-correct-rhba-attributes-length.patch new file mode 100644 index 00000000000..30f431aacad --- /dev/null +++ b/queue-5.13/scsi-fc-correct-rhba-attributes-length.patch @@ -0,0 +1,37 @@ +From 40445fd2c9fa427297acdfcc2c573ff10493f209 Mon Sep 17 00:00:00 2001 +From: Javed Hasan +Date: Thu, 3 Jun 2021 03:14:03 -0700 +Subject: scsi: fc: Correct RHBA attributes length + +From: Javed Hasan + +commit 40445fd2c9fa427297acdfcc2c573ff10493f209 upstream. + +As per the FC-GS-5 specification, attribute lengths of node_name and +manufacturer should in range of "4 to 64 Bytes" only. + +Link: https://lore.kernel.org/r/20210603101404.7841-2-jhasan@marvell.com +Fixes: e721eb0616f6 ("scsi: scsi_transport_fc: Match HBA Attribute Length with HBAAPI V2.0 definitions") +CC: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Javed Hasan +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + include/scsi/fc/fc_ms.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/scsi/fc/fc_ms.h ++++ b/include/scsi/fc/fc_ms.h +@@ -63,8 +63,8 @@ enum fc_fdmi_hba_attr_type { + * HBA Attribute Length + */ + #define FC_FDMI_HBA_ATTR_NODENAME_LEN 8 +-#define FC_FDMI_HBA_ATTR_MANUFACTURER_LEN 80 +-#define FC_FDMI_HBA_ATTR_SERIALNUMBER_LEN 80 ++#define FC_FDMI_HBA_ATTR_MANUFACTURER_LEN 64 ++#define FC_FDMI_HBA_ATTR_SERIALNUMBER_LEN 64 + #define FC_FDMI_HBA_ATTR_MODEL_LEN 256 + #define FC_FDMI_HBA_ATTR_MODELDESCR_LEN 256 + #define FC_FDMI_HBA_ATTR_HARDWAREVERSION_LEN 256 diff --git a/queue-5.13/scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch b/queue-5.13/scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch new file mode 100644 index 00000000000..0a2239a2306 --- /dev/null +++ b/queue-5.13/scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch @@ -0,0 +1,40 @@ +From 8f70328c068f9f5c5db82848724cb276f657b9cd Mon Sep 17 00:00:00 2001 +From: Javed Hasan +Date: Thu, 3 Jun 2021 03:14:04 -0700 +Subject: scsi: libfc: Correct the condition check and invalid argument passed + +From: Javed Hasan + +commit 8f70328c068f9f5c5db82848724cb276f657b9cd upstream. + +Incorrect condition check was leading to data corruption. + +Link: https://lore.kernel.org/r/20210603101404.7841-3-jhasan@marvell.com +Fixes: 8fd9efca86d0 ("scsi: libfc: Work around -Warray-bounds warning") +CC: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Javed Hasan +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/libfc/fc_encode.h | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/libfc/fc_encode.h ++++ b/drivers/scsi/libfc/fc_encode.h +@@ -166,9 +166,11 @@ static inline int fc_ct_ns_fill(struct f + static inline void fc_ct_ms_fill_attr(struct fc_fdmi_attr_entry *entry, + const char *in, size_t len) + { +- int copied = strscpy(entry->value, in, len); +- if (copied > 0) +- memset(entry->value, copied, len - copied); ++ int copied; ++ ++ copied = strscpy((char *)&entry->value, in, len); ++ if (copied > 0 && (copied + 1) < len) ++ memset((entry->value + copied + 1), 0, len - copied - 1); + } + + /** diff --git a/queue-5.13/scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch b/queue-5.13/scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch new file mode 100644 index 00000000000..ffe26eceeed --- /dev/null +++ b/queue-5.13/scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch @@ -0,0 +1,74 @@ +From 4012baeab6ca22b7f7beb121b6d0da0a62942fdd Mon Sep 17 00:00:00 2001 +From: James Smart +Date: Fri, 14 May 2021 12:55:53 -0700 +Subject: scsi: lpfc: Fix Node recovery when driver is handling simultaneous PLOGIs + +From: James Smart + +commit 4012baeab6ca22b7f7beb121b6d0da0a62942fdd upstream. + +When lpfc is handling a solicited and unsolicited PLOGI with another +initiator, the remote initiator is never recovered. The node for the +initiator is erroneouosly removed and all resources released. + +In lpfc_cmpl_els_plogi(), when lpfc_els_retry() returns a failure code, the +driver is calling the state machine with a device remove event because the +remote port is not currently registered with the SCSI or NVMe +transports. The issue is that on a PLOGI "collision" the driver correctly +aborts the solicited PLOGI and allows the unsolicited PLOGI to complete the +process, but this process is interrupted with a device_rm event. + +Introduce logic in the PLOGI completion to capture the PLOGI collision +event and jump out of the routine. This will avoid removal of the node. +If there is no collision, the normal node removal will occur. + +Fixes: 52edb2caf675 ("scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails") +Cc: # v5.11+ +Link: https://lore.kernel.org/r/20210514195559.119853-6-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/lpfc/lpfc_els.c | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -1998,9 +1998,20 @@ lpfc_cmpl_els_plogi(struct lpfc_hba *phb + lpfc_disc_state_machine(vport, ndlp, cmdiocb, + NLP_EVT_CMPL_PLOGI); + +- /* As long as this node is not registered with the scsi or nvme +- * transport, it is no longer an active node. Otherwise +- * devloss handles the final cleanup. ++ /* If a PLOGI collision occurred, the node needs to continue ++ * with the reglogin process. ++ */ ++ spin_lock_irq(&ndlp->lock); ++ if ((ndlp->nlp_flag & (NLP_ACC_REGLOGIN | NLP_RCV_PLOGI)) && ++ ndlp->nlp_state == NLP_STE_REG_LOGIN_ISSUE) { ++ spin_unlock_irq(&ndlp->lock); ++ goto out; ++ } ++ spin_unlock_irq(&ndlp->lock); ++ ++ /* No PLOGI collision and the node is not registered with the ++ * scsi or nvme transport. It is no longer an active node. Just ++ * start the device remove process. + */ + if (!(ndlp->fc4_xpt_flags & (SCSI_XPT_REGD | NVME_XPT_REGD))) { + spin_lock_irq(&ndlp->lock); +@@ -4620,6 +4631,10 @@ out: + (vport && vport->port_type == LPFC_NPIV_PORT) && + ndlp->nlp_flag & NLP_RELEASE_RPI) { + lpfc_sli4_free_rpi(phba, ndlp->nlp_rpi); ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR; ++ ndlp->nlp_flag &= ~NLP_RELEASE_RPI; ++ spin_unlock_irq(&ndlp->lock); + lpfc_drop_node(vport, ndlp); + } + diff --git a/queue-5.13/scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch b/queue-5.13/scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch new file mode 100644 index 00000000000..5979fef01c2 --- /dev/null +++ b/queue-5.13/scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch @@ -0,0 +1,365 @@ +From 01131e7aae5d30e23e3cdd1eebe51bbc5489ae8f Mon Sep 17 00:00:00 2001 +From: James Smart +Date: Fri, 14 May 2021 12:55:49 -0700 +Subject: scsi: lpfc: Fix unreleased RPIs when NPIV ports are created + +From: James Smart + +commit 01131e7aae5d30e23e3cdd1eebe51bbc5489ae8f upstream. + +While testing NPIV and watching logins and used RPI levels, it was seen the +used RPI count was much higher than the number of remote ports discovered. + +Code inspection showed that remote port removals on any NPIV instance are +releasing the RPI, but not performing an UNREG_RPI with the adapter thus +the reference counting never fully drops and the RPI is never fully +released. This was happening on NPIV nodes due to a log of fabric ELS's to +fabric addresses. This lack of UNREG_RPI was introduced by a prior node +rework patch that performed the UNREG_RPI as part of node cleanup. + +To resolve the issue, do the following: + + - Restore the RPI release code, but move the location to so that it is in + line with the new node cleanup design. + + - NPIV ports now release the RPI and drop the node when the caller sets + the NLP_RELEASE_RPI flag. + + - Set the NLP_RELEASE_RPI flag in node cleanup which will trigger a + release of RPI to free pool. + + - Ensure there's an UNREG_RPI at LOGO completion so that RPI release is + completed. + + - Stop offline_prep from skipping nodes that are UNUSED. The RPI may + not have been released. + + - Stop the default RPI handling in lpfc_cmpl_els_rsp() for SLI4. + + - Fixed up debugfs RPI displays for better debugging. + +Fixes: a70e63eee1c1 ("scsi: lpfc: Fix NPIV Fabric Node reference counting") +Link: https://lore.kernel.org/r/20210514195559.119853-2-jsmart2021@gmail.com +Cc: # v5.11+ +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/lpfc/lpfc_debugfs.c | 7 --- + drivers/scsi/lpfc/lpfc_els.c | 79 +++++++++++++++++++++++++++++-------- + drivers/scsi/lpfc/lpfc_hbadisc.c | 27 +++++++++++- + drivers/scsi/lpfc/lpfc_init.c | 7 --- + drivers/scsi/lpfc/lpfc_nportdisc.c | 25 +++++++---- + drivers/scsi/lpfc/lpfc_sli.c | 10 +++- + 6 files changed, 115 insertions(+), 40 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -868,11 +868,8 @@ lpfc_debugfs_nodelist_data(struct lpfc_v + len += scnprintf(buf+len, size-len, + "WWNN x%llx ", + wwn_to_u64(ndlp->nlp_nodename.u.wwn)); +- if (ndlp->nlp_flag & NLP_RPI_REGISTERED) +- len += scnprintf(buf+len, size-len, "RPI:%04d ", +- ndlp->nlp_rpi); +- else +- len += scnprintf(buf+len, size-len, "RPI:none "); ++ len += scnprintf(buf+len, size-len, "RPI:x%04x ", ++ ndlp->nlp_rpi); + len += scnprintf(buf+len, size-len, "flag:x%08x ", + ndlp->nlp_flag); + if (!ndlp->nlp_type) +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -2869,6 +2869,11 @@ lpfc_cmpl_els_logo(struct lpfc_hba *phba + * log into the remote port. + */ + if (ndlp->nlp_flag & NLP_TARGET_REMOVE) { ++ spin_lock_irq(&ndlp->lock); ++ if (phba->sli_rev == LPFC_SLI_REV4) ++ ndlp->nlp_flag |= NLP_RELEASE_RPI; ++ ndlp->nlp_flag &= ~NLP_NPR_2B_DISC; ++ spin_unlock_irq(&ndlp->lock); + lpfc_disc_state_machine(vport, ndlp, cmdiocb, + NLP_EVT_DEVICE_RM); + lpfc_els_free_iocb(phba, cmdiocb); +@@ -4371,6 +4376,7 @@ lpfc_cmpl_els_logo_acc(struct lpfc_hba * + struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *) cmdiocb->context1; + struct lpfc_vport *vport = cmdiocb->vport; + IOCB_t *irsp; ++ u32 xpt_flags = 0, did_mask = 0; + + irsp = &rspiocb->iocb; + lpfc_debugfs_disc_trc(vport, LPFC_DISC_TRC_ELS_RSP, +@@ -4386,9 +4392,20 @@ lpfc_cmpl_els_logo_acc(struct lpfc_hba * + if (ndlp->nlp_state == NLP_STE_NPR_NODE) { + /* NPort Recovery mode or node is just allocated */ + if (!lpfc_nlp_not_used(ndlp)) { +- /* If the ndlp is being used by another discovery +- * thread, just unregister the RPI. ++ /* A LOGO is completing and the node is in NPR state. ++ * If this a fabric node that cleared its transport ++ * registration, release the rpi. + */ ++ xpt_flags = SCSI_XPT_REGD | NVME_XPT_REGD; ++ did_mask = ndlp->nlp_DID & Fabric_DID_MASK; ++ if (did_mask == Fabric_DID_MASK && ++ !(ndlp->fc4_xpt_flags & xpt_flags)) { ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_flag &= ~NLP_NPR_2B_DISC; ++ if (phba->sli_rev == LPFC_SLI_REV4) ++ ndlp->nlp_flag |= NLP_RELEASE_RPI; ++ spin_unlock_irq(&ndlp->lock); ++ } + lpfc_unreg_rpi(vport, ndlp); + } else { + /* Indicate the node has already released, should +@@ -4424,28 +4441,37 @@ lpfc_mbx_cmpl_dflt_rpi(struct lpfc_hba * + { + struct lpfc_dmabuf *mp = (struct lpfc_dmabuf *)(pmb->ctx_buf); + struct lpfc_nodelist *ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; ++ u32 mbx_flag = pmb->mbox_flag; ++ u32 mbx_cmd = pmb->u.mb.mbxCommand; + + pmb->ctx_buf = NULL; + pmb->ctx_ndlp = NULL; + +- lpfc_mbuf_free(phba, mp->virt, mp->phys); +- kfree(mp); +- mempool_free(pmb, phba->mbox_mem_pool); + if (ndlp) { + lpfc_printf_vlog(ndlp->vport, KERN_INFO, LOG_NODE, +- "0006 rpi x%x DID:%x flg:%x %d x%px\n", ++ "0006 rpi x%x DID:%x flg:%x %d x%px " ++ "mbx_cmd x%x mbx_flag x%x x%px\n", + ndlp->nlp_rpi, ndlp->nlp_DID, ndlp->nlp_flag, +- kref_read(&ndlp->kref), +- ndlp); +- /* This is the end of the default RPI cleanup logic for +- * this ndlp and it could get released. Clear the nlp_flags to +- * prevent any further processing. ++ kref_read(&ndlp->kref), ndlp, mbx_cmd, ++ mbx_flag, pmb); ++ ++ /* This ends the default/temporary RPI cleanup logic for this ++ * ndlp and the node and rpi needs to be released. Free the rpi ++ * first on an UNREG_LOGIN and then release the final ++ * references. + */ ++ spin_lock_irq(&ndlp->lock); + ndlp->nlp_flag &= ~NLP_REG_LOGIN_SEND; ++ if (mbx_cmd == MBX_UNREG_LOGIN) ++ ndlp->nlp_flag &= ~NLP_UNREG_INP; ++ spin_unlock_irq(&ndlp->lock); + lpfc_nlp_put(ndlp); +- lpfc_nlp_not_used(ndlp); ++ lpfc_drop_node(ndlp->vport, ndlp); + } + ++ lpfc_mbuf_free(phba, mp->virt, mp->phys); ++ kfree(mp); ++ mempool_free(pmb, phba->mbox_mem_pool); + return; + } + +@@ -4503,11 +4529,11 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, + /* ELS response tag completes */ + lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS, + "0110 ELS response tag x%x completes " +- "Data: x%x x%x x%x x%x x%x x%x x%x\n", ++ "Data: x%x x%x x%x x%x x%x x%x x%x x%x x%px\n", + cmdiocb->iocb.ulpIoTag, rspiocb->iocb.ulpStatus, + rspiocb->iocb.un.ulpWord[4], rspiocb->iocb.ulpTimeout, + ndlp->nlp_DID, ndlp->nlp_flag, ndlp->nlp_state, +- ndlp->nlp_rpi); ++ ndlp->nlp_rpi, kref_read(&ndlp->kref), mbox); + if (mbox) { + if ((rspiocb->iocb.ulpStatus == 0) && + (ndlp->nlp_flag & NLP_ACC_REGLOGIN)) { +@@ -4587,6 +4613,16 @@ out: + spin_unlock_irq(&ndlp->lock); + } + ++ /* An SLI4 NPIV instance wants to drop the node at this point under ++ * these conditions and release the RPI. ++ */ ++ if (phba->sli_rev == LPFC_SLI_REV4 && ++ (vport && vport->port_type == LPFC_NPIV_PORT) && ++ ndlp->nlp_flag & NLP_RELEASE_RPI) { ++ lpfc_sli4_free_rpi(phba, ndlp->nlp_rpi); ++ lpfc_drop_node(vport, ndlp); ++ } ++ + /* Release the originating I/O reference. */ + lpfc_els_free_iocb(phba, cmdiocb); + lpfc_nlp_put(ndlp); +@@ -4775,10 +4811,10 @@ lpfc_els_rsp_acc(struct lpfc_vport *vpor + lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS, + "0128 Xmit ELS ACC response Status: x%x, IoTag: x%x, " + "XRI: x%x, DID: x%x, nlp_flag: x%x nlp_state: x%x " +- "RPI: x%x, fc_flag x%x\n", ++ "RPI: x%x, fc_flag x%x refcnt %d\n", + rc, elsiocb->iotag, elsiocb->sli4_xritag, + ndlp->nlp_DID, ndlp->nlp_flag, ndlp->nlp_state, +- ndlp->nlp_rpi, vport->fc_flag); ++ ndlp->nlp_rpi, vport->fc_flag, kref_read(&ndlp->kref)); + return 0; + } + +@@ -4856,6 +4892,17 @@ lpfc_els_rsp_reject(struct lpfc_vport *v + return 1; + } + ++ /* The NPIV instance is rejecting this unsolicited ELS. Make sure the ++ * node's assigned RPI needs to be released as this node will get ++ * freed. ++ */ ++ if (phba->sli_rev == LPFC_SLI_REV4 && ++ vport->port_type == LPFC_NPIV_PORT) { ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_flag |= NLP_RELEASE_RPI; ++ spin_unlock_irq(&ndlp->lock); ++ } ++ + rc = lpfc_sli_issue_iocb(phba, LPFC_ELS_RING, elsiocb, 0); + if (rc == IOCB_ERROR) { + lpfc_els_free_iocb(phba, elsiocb); +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -4789,12 +4789,17 @@ lpfc_nlp_logo_unreg(struct lpfc_hba *phb + ndlp->nlp_defer_did = NLP_EVT_NOTHING_PENDING; + lpfc_issue_els_plogi(vport, ndlp->nlp_DID, 0); + } else { ++ /* NLP_RELEASE_RPI is only set for SLI4 ports. */ + if (ndlp->nlp_flag & NLP_RELEASE_RPI) { + lpfc_sli4_free_rpi(vport->phba, ndlp->nlp_rpi); ++ spin_lock_irq(&ndlp->lock); + ndlp->nlp_flag &= ~NLP_RELEASE_RPI; + ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR; ++ spin_unlock_irq(&ndlp->lock); + } ++ spin_lock_irq(&ndlp->lock); + ndlp->nlp_flag &= ~NLP_UNREG_INP; ++ spin_unlock_irq(&ndlp->lock); + } + } + +@@ -5129,8 +5134,10 @@ lpfc_cleanup_node(struct lpfc_vport *vpo + list_del_init(&ndlp->dev_loss_evt.evt_listp); + list_del_init(&ndlp->recovery_evt.evt_listp); + lpfc_cleanup_vports_rrqs(vport, ndlp); ++ + if (phba->sli_rev == LPFC_SLI_REV4) + ndlp->nlp_flag |= NLP_RELEASE_RPI; ++ + return 0; + } + +@@ -6176,8 +6183,23 @@ lpfc_nlp_release(struct kref *kref) + lpfc_cancel_retry_delay_tmo(vport, ndlp); + lpfc_cleanup_node(vport, ndlp); + +- /* Clear Node key fields to give other threads notice +- * that this node memory is not valid anymore. ++ /* Not all ELS transactions have registered the RPI with the port. ++ * In these cases the rpi usage is temporary and the node is ++ * released when the WQE is completed. Catch this case to free the ++ * RPI to the pool. Because this node is in the release path, a lock ++ * is unnecessary. All references are gone and the node has been ++ * dequeued. ++ */ ++ if (ndlp->nlp_flag & NLP_RELEASE_RPI) { ++ if (ndlp->nlp_rpi != LPFC_RPI_ALLOC_ERROR && ++ !(ndlp->nlp_flag & (NLP_RPI_REGISTERED | NLP_UNREG_INP))) { ++ lpfc_sli4_free_rpi(vport->phba, ndlp->nlp_rpi); ++ ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR; ++ } ++ } ++ ++ /* The node is not freed back to memory, it is released to a pool so ++ * the node fields need to be cleaned up. + */ + ndlp->vport = NULL; + ndlp->nlp_state = NLP_STE_FREED_NODE; +@@ -6257,6 +6279,7 @@ lpfc_nlp_not_used(struct lpfc_nodelist * + "node not used: did:x%x flg:x%x refcnt:x%x", + ndlp->nlp_DID, ndlp->nlp_flag, + kref_read(&ndlp->kref)); ++ + if (kref_read(&ndlp->kref) == 1) + if (lpfc_nlp_put(ndlp)) + return 1; +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -3532,13 +3532,6 @@ lpfc_offline_prep(struct lpfc_hba *phba, + list_for_each_entry_safe(ndlp, next_ndlp, + &vports[i]->fc_nodes, + nlp_listp) { +- if (ndlp->nlp_state == NLP_STE_UNUSED_NODE) { +- /* Driver must assume RPI is invalid for +- * any unused or inactive node. +- */ +- ndlp->nlp_rpi = LPFC_RPI_ALLOC_ERROR; +- continue; +- } + + spin_lock_irq(&ndlp->lock); + ndlp->nlp_flag &= ~NLP_NPR_ADISC; +--- a/drivers/scsi/lpfc/lpfc_nportdisc.c ++++ b/drivers/scsi/lpfc/lpfc_nportdisc.c +@@ -567,15 +567,24 @@ lpfc_rcv_plogi(struct lpfc_vport *vport, + /* no deferred ACC */ + kfree(save_iocb); + +- /* In order to preserve RPIs, we want to cleanup +- * the default RPI the firmware created to rcv +- * this ELS request. The only way to do this is +- * to register, then unregister the RPI. ++ /* This is an NPIV SLI4 instance that does not need to register ++ * a default RPI. + */ +- spin_lock_irq(&ndlp->lock); +- ndlp->nlp_flag |= (NLP_RM_DFLT_RPI | NLP_ACC_REGLOGIN | +- NLP_RCV_PLOGI); +- spin_unlock_irq(&ndlp->lock); ++ if (phba->sli_rev == LPFC_SLI_REV4) { ++ mempool_free(login_mbox, phba->mbox_mem_pool); ++ login_mbox = NULL; ++ } else { ++ /* In order to preserve RPIs, we want to cleanup ++ * the default RPI the firmware created to rcv ++ * this ELS request. The only way to do this is ++ * to register, then unregister the RPI. ++ */ ++ spin_lock_irq(&ndlp->lock); ++ ndlp->nlp_flag |= (NLP_RM_DFLT_RPI | NLP_ACC_REGLOGIN | ++ NLP_RCV_PLOGI); ++ spin_unlock_irq(&ndlp->lock); ++ } ++ + stat.un.b.lsRjtRsnCode = LSRJT_INVALID_CMD; + stat.un.b.lsRjtRsnCodeExp = LSEXP_NOTHING_MORE; + rc = lpfc_els_rsp_reject(vport, stat.un.lsRjtError, cmdiocb, +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -13625,9 +13625,15 @@ lpfc_sli4_sp_handle_mbox_event(struct lp + if (mcqe_status == MB_CQE_STATUS_SUCCESS) { + mp = (struct lpfc_dmabuf *)(pmb->ctx_buf); + ndlp = (struct lpfc_nodelist *)pmb->ctx_ndlp; +- /* Reg_LOGIN of dflt RPI was successful. Now lets get +- * RID of the PPI using the same mbox buffer. ++ ++ /* Reg_LOGIN of dflt RPI was successful. Mark the ++ * node as having an UNREG_LOGIN in progress to stop ++ * an unsolicited PLOGI from the same NPortId from ++ * starting another mailbox transaction. + */ ++ spin_lock_irqsave(&ndlp->lock, iflags); ++ ndlp->nlp_flag |= NLP_UNREG_INP; ++ spin_unlock_irqrestore(&ndlp->lock, iflags); + lpfc_unreg_login(phba, vport->vpi, + pmbox->un.varWords[0], pmb); + pmb->mbox_cmpl = lpfc_mbx_cmpl_dflt_rpi; diff --git a/queue-5.13/scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch b/queue-5.13/scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch new file mode 100644 index 00000000000..3e2d24a8153 --- /dev/null +++ b/queue-5.13/scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch @@ -0,0 +1,56 @@ +From 79db830162b733f5f3ee80f0673eeeb0245fe38b Mon Sep 17 00:00:00 2001 +From: Chandrakanth Patil +Date: Fri, 28 May 2021 18:43:03 +0530 +Subject: scsi: megaraid_sas: Send all non-RW I/Os for TYPE_ENCLOSURE device through firmware + +From: Chandrakanth Patil + +commit 79db830162b733f5f3ee80f0673eeeb0245fe38b upstream. + +The driver issues all non-ReadWrite I/Os for TYPE_ENCLOSURE devices through +the fast path with invalid dev handle. Fast path in turn directs all the +I/Os to the firmware. As firmware stopped handling those I/Os from SAS3.5 +generation of controllers (Ventura generation and onwards) this will lead +to I/O failures. + +Switch the driver to issue all the non-ReadWrite I/Os for TYPE_ENCLOSURE +devices directly to firmware for SAS3.5 generation of controllers and +later. + +Link: https://lore.kernel.org/r/20210528131307.25683-2-chandrakanth.patil@broadcom.com +Cc: # v5.11+ +Signed-off-by: Chandrakanth Patil +Signed-off-by: Sumit Saxena +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/scsi/megaraid/megaraid_sas_fusion.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/megaraid/megaraid_sas_fusion.c ++++ b/drivers/scsi/megaraid/megaraid_sas_fusion.c +@@ -3203,6 +3203,8 @@ megasas_build_io_fusion(struct megasas_i + { + int sge_count; + u8 cmd_type; ++ u16 pd_index = 0; ++ u8 drive_type = 0; + struct MPI2_RAID_SCSI_IO_REQUEST *io_request = cmd->io_request; + struct MR_PRIV_DEVICE *mr_device_priv_data; + mr_device_priv_data = scp->device->hostdata; +@@ -3237,8 +3239,12 @@ megasas_build_io_fusion(struct megasas_i + megasas_build_syspd_fusion(instance, scp, cmd, true); + break; + case NON_READ_WRITE_SYSPDIO: +- if (instance->secure_jbod_support || +- mr_device_priv_data->is_tm_capable) ++ pd_index = MEGASAS_PD_INDEX(scp); ++ drive_type = instance->pd_list[pd_index].driveType; ++ if ((instance->secure_jbod_support || ++ mr_device_priv_data->is_tm_capable) || ++ (instance->adapter_type >= VENTURA_SERIES && ++ drive_type == TYPE_ENCLOSURE)) + megasas_build_syspd_fusion(instance, scp, cmd, false); + else + megasas_build_syspd_fusion(instance, scp, cmd, true); diff --git a/queue-5.13/scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch b/queue-5.13/scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch new file mode 100644 index 00000000000..7aee7915ff4 --- /dev/null +++ b/queue-5.13/scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch @@ -0,0 +1,116 @@ +From 6ecdafaec79d4b3388a5b017245f23a0ff9d852d Mon Sep 17 00:00:00 2001 +From: Varun Prakash +Date: Wed, 14 Apr 2021 18:09:09 +0530 +Subject: scsi: target: cxgbit: Unmap DMA buffer before calling target_execute_cmd() + +From: Varun Prakash + +commit 6ecdafaec79d4b3388a5b017245f23a0ff9d852d upstream. + +Instead of calling dma_unmap_sg() after completing WRITE I/O, call +dma_unmap_sg() before calling target_execute_cmd() to sync the DMA buffer. + +Link: https://lore.kernel.org/r/1618403949-3443-1-git-send-email-varun@chelsio.com +Cc: # 5.4+ +Signed-off-by: Varun Prakash +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/target/iscsi/cxgbit/cxgbit_ddp.c | 19 ++++++++++--------- + drivers/target/iscsi/cxgbit/cxgbit_target.c | 21 ++++++++++++++++++--- + 2 files changed, 28 insertions(+), 12 deletions(-) + +--- a/drivers/target/iscsi/cxgbit/cxgbit_ddp.c ++++ b/drivers/target/iscsi/cxgbit/cxgbit_ddp.c +@@ -265,12 +265,13 @@ void cxgbit_unmap_cmd(struct iscsi_conn + struct cxgbit_cmd *ccmd = iscsit_priv_cmd(cmd); + + if (ccmd->release) { +- struct cxgbi_task_tag_info *ttinfo = &ccmd->ttinfo; +- +- if (ttinfo->sgl) { ++ if (cmd->se_cmd.se_cmd_flags & SCF_PASSTHROUGH_SG_TO_MEM_NOALLOC) { ++ put_page(sg_page(&ccmd->sg)); ++ } else { + struct cxgbit_sock *csk = conn->context; + struct cxgbit_device *cdev = csk->com.cdev; + struct cxgbi_ppm *ppm = cdev2ppm(cdev); ++ struct cxgbi_task_tag_info *ttinfo = &ccmd->ttinfo; + + /* Abort the TCP conn if DDP is not complete to + * avoid any possibility of DDP after freeing +@@ -280,14 +281,14 @@ void cxgbit_unmap_cmd(struct iscsi_conn + cmd->se_cmd.data_length)) + cxgbit_abort_conn(csk); + ++ if (unlikely(ttinfo->sgl)) { ++ dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl, ++ ttinfo->nents, DMA_FROM_DEVICE); ++ ttinfo->nents = 0; ++ ttinfo->sgl = NULL; ++ } + cxgbi_ppm_ppod_release(ppm, ttinfo->idx); +- +- dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl, +- ttinfo->nents, DMA_FROM_DEVICE); +- } else { +- put_page(sg_page(&ccmd->sg)); + } +- + ccmd->release = false; + } + } +--- a/drivers/target/iscsi/cxgbit/cxgbit_target.c ++++ b/drivers/target/iscsi/cxgbit/cxgbit_target.c +@@ -997,17 +997,18 @@ static int cxgbit_handle_iscsi_dataout(s + struct scatterlist *sg_start; + struct iscsi_conn *conn = csk->conn; + struct iscsi_cmd *cmd = NULL; ++ struct cxgbit_cmd *ccmd; ++ struct cxgbi_task_tag_info *ttinfo; + struct cxgbit_lro_pdu_cb *pdu_cb = cxgbit_rx_pdu_cb(csk->skb); + struct iscsi_data *hdr = (struct iscsi_data *)pdu_cb->hdr; + u32 data_offset = be32_to_cpu(hdr->offset); +- u32 data_len = pdu_cb->dlen; ++ u32 data_len = ntoh24(hdr->dlength); + int rc, sg_nents, sg_off; + bool dcrc_err = false; + + if (pdu_cb->flags & PDUCBF_RX_DDP_CMP) { + u32 offset = be32_to_cpu(hdr->offset); + u32 ddp_data_len; +- u32 payload_length = ntoh24(hdr->dlength); + bool success = false; + + cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt, 0); +@@ -1022,7 +1023,7 @@ static int cxgbit_handle_iscsi_dataout(s + cmd->data_sn = be32_to_cpu(hdr->datasn); + + rc = __iscsit_check_dataout_hdr(conn, (unsigned char *)hdr, +- cmd, payload_length, &success); ++ cmd, data_len, &success); + if (rc < 0) + return rc; + else if (!success) +@@ -1060,6 +1061,20 @@ static int cxgbit_handle_iscsi_dataout(s + cxgbit_skb_copy_to_sg(csk->skb, sg_start, sg_nents, skip); + } + ++ ccmd = iscsit_priv_cmd(cmd); ++ ttinfo = &ccmd->ttinfo; ++ ++ if (ccmd->release && ttinfo->sgl && ++ (cmd->se_cmd.data_length == (cmd->write_data_done + data_len))) { ++ struct cxgbit_device *cdev = csk->com.cdev; ++ struct cxgbi_ppm *ppm = cdev2ppm(cdev); ++ ++ dma_unmap_sg(&ppm->pdev->dev, ttinfo->sgl, ttinfo->nents, ++ DMA_FROM_DEVICE); ++ ttinfo->nents = 0; ++ ttinfo->sgl = NULL; ++ } ++ + check_payload: + + rc = iscsit_check_dataout_payload(cmd, hdr, dcrc_err); diff --git a/queue-5.13/series b/queue-5.13/series index d21d401b4b8..fcedbc57770 100644 --- a/queue-5.13/series +++ b/queue-5.13/series @@ -780,3 +780,22 @@ selftests-vm-pkeys-refill-shadow-register-after-impl.patch perf-llvm-return-enomem-when-asprintf-fails.patch i2c-mpc-restore-reread-of-i2c-status-register.patch csky-syscache-fixup-duplicate-cache-flush.patch +exfat-handle-wrong-stream-entry-size-in-exfat_readdir.patch +scsi-megaraid_sas-send-all-non-rw-i-os-for-type_enclosure-device-through-firmware.patch +scsi-fc-correct-rhba-attributes-length.patch +scsi-target-cxgbit-unmap-dma-buffer-before-calling-target_execute_cmd.patch +scsi-lpfc-fix-unreleased-rpis-when-npiv-ports-are-created.patch +scsi-lpfc-fix-node-recovery-when-driver-is-handling-simultaneous-plogis.patch +scsi-libfc-correct-the-condition-check-and-invalid-argument-passed.patch +mailbox-qcom-ipcc-fix-ipcc-mbox-channel-exhaustion.patch +fscrypt-don-t-ignore-minor_hash-when-hash-is-0.patch +fscrypt-fix-derivation-of-siphash-keys-on-big-endian-cpus.patch +tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch +erofs-fix-error-return-code-in-erofs_read_superblock.patch +block-return-the-correct-bvec-when-checking-for-gaps.patch +io_uring-fix-blocking-inline-submission.patch +io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_renameat.patch +io_uring-add-iopoll-and-reserved-field-checks-to-ioring_op_unlinkat.patch +mmc-block-disable-cmdq-on-the-ioctl-path.patch +mmc-vub3000-fix-control-request-direction.patch +media-exynos4-is-remove-a-now-unused-integer.patch diff --git a/queue-5.13/tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch b/queue-5.13/tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch new file mode 100644 index 00000000000..433514ebb47 --- /dev/null +++ b/queue-5.13/tpm-replace-warn_once-with-dev_err_once-in-tpm_tis_status.patch @@ -0,0 +1,81 @@ +From 0178f9d0f60ba07e09bab57381a3ef18e2c1fd7f Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Wed, 9 Jun 2021 16:26:19 +0300 +Subject: tpm: Replace WARN_ONCE() with dev_err_once() in tpm_tis_status() + +From: Jarkko Sakkinen + +commit 0178f9d0f60ba07e09bab57381a3ef18e2c1fd7f upstream. + +Do not tear down the system when getting invalid status from a TPM chip. +This can happen when panic-on-warn is used. + +Instead, introduce TPM_TIS_INVALID_STATUS bitflag and use it to trigger +once the error reporting per chip. In addition, print out the value of +TPM_STS for improved forensics. + +Link: https://lore.kernel.org/keyrings/YKzlTR1AzUigShtZ@kroah.com/ +Fixes: 55707d531af6 ("tpm_tis: Add a check for invalid status") +Cc: stable@vger.kernel.org +Signed-off-by: Jarkko Sakkinen +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/char/tpm/tpm_tis_core.c | 25 ++++++++++++++++++------- + drivers/char/tpm/tpm_tis_core.h | 3 ++- + 2 files changed, 20 insertions(+), 8 deletions(-) + +--- a/drivers/char/tpm/tpm_tis_core.c ++++ b/drivers/char/tpm/tpm_tis_core.c +@@ -196,13 +196,24 @@ static u8 tpm_tis_status(struct tpm_chip + return 0; + + if (unlikely((status & TPM_STS_READ_ZERO) != 0)) { +- /* +- * If this trips, the chances are the read is +- * returning 0xff because the locality hasn't been +- * acquired. Usually because tpm_try_get_ops() hasn't +- * been called before doing a TPM operation. +- */ +- WARN_ONCE(1, "TPM returned invalid status\n"); ++ if (!test_and_set_bit(TPM_TIS_INVALID_STATUS, &priv->flags)) { ++ /* ++ * If this trips, the chances are the read is ++ * returning 0xff because the locality hasn't been ++ * acquired. Usually because tpm_try_get_ops() hasn't ++ * been called before doing a TPM operation. ++ */ ++ dev_err(&chip->dev, "invalid TPM_STS.x 0x%02x, dumping stack for forensics\n", ++ status); ++ ++ /* ++ * Dump stack for forensics, as invalid TPM_STS.x could be ++ * potentially triggered by impaired tpm_try_get_ops() or ++ * tpm_find_get_ops(). ++ */ ++ dump_stack(); ++ } ++ + return 0; + } + +--- a/drivers/char/tpm/tpm_tis_core.h ++++ b/drivers/char/tpm/tpm_tis_core.h +@@ -83,6 +83,7 @@ enum tis_defaults { + + enum tpm_tis_flags { + TPM_TIS_ITPM_WORKAROUND = BIT(0), ++ TPM_TIS_INVALID_STATUS = BIT(1), + }; + + struct tpm_tis_data { +@@ -90,7 +91,7 @@ struct tpm_tis_data { + int locality; + int irq; + bool irq_tested; +- unsigned int flags; ++ unsigned long flags; + void __iomem *ilb_base_addr; + u16 clkrun_enabled; + wait_queue_head_t int_queue;