From: Greg Kroah-Hartman Date: Mon, 22 Jan 2024 19:23:17 +0000 (-0800) Subject: 6.7-stable patches X-Git-Tag: v4.19.306~63 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee3431b77a2beff001efc3f87bdce2151c2e0aae;p=thirdparty%2Fkernel%2Fstable-queue.git 6.7-stable patches added patches: alsa-hda-realtek-enable-headset-mic-on-lenovo-m70-gen5.patch alsa-hda-realtek-enable-mute-micmute-leds-and-limit-mic-boost-on-hp-zbook.patch alsa-hda-relatek-enable-mute-led-on-hp-laptop-15s-fq2xxx.patch alsa-oxygen-fix-right-channel-of-capture-volume-mixer.patch ceph-select-fs_encryption_algs-if-fs_encryption.patch ksmbd-fix-uaf-issue-in-ksmbd_tcp_new_connection.patch ksmbd-only-v2-leases-handle-the-directory.patch ksmbd-validate-mech-token-in-session-setup.patch loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch --- diff --git a/queue-6.7/alsa-hda-realtek-enable-headset-mic-on-lenovo-m70-gen5.patch b/queue-6.7/alsa-hda-realtek-enable-headset-mic-on-lenovo-m70-gen5.patch new file mode 100644 index 00000000000..afb8c29f147 --- /dev/null +++ b/queue-6.7/alsa-hda-realtek-enable-headset-mic-on-lenovo-m70-gen5.patch @@ -0,0 +1,31 @@ +From fb3c007fde80d9d3b4207943e74c150c9116cead Mon Sep 17 00:00:00 2001 +From: Bin Li +Date: Wed, 17 Jan 2024 23:41:23 +0800 +Subject: ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 + +From: Bin Li + +commit fb3c007fde80d9d3b4207943e74c150c9116cead upstream. + +Lenovo M70 Gen5 is equipped with ALC623, and it needs +ALC283_FIXUP_HEADSET_MIC quirk to make its headset mic work. + +Signed-off-by: Bin Li +Cc: +Link: https://lore.kernel.org/r/20240117154123.21578-1-bin.li@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -10220,6 +10220,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x17aa, 0x3176, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC), + SND_PCI_QUIRK(0x17aa, 0x3178, "ThinkCentre Station", ALC283_FIXUP_HEADSET_MIC), + SND_PCI_QUIRK(0x17aa, 0x31af, "ThinkCentre Station", ALC623_FIXUP_LENOVO_THINKSTATION_P340), ++ SND_PCI_QUIRK(0x17aa, 0x334b, "Lenovo ThinkCentre M70 Gen5", ALC283_FIXUP_HEADSET_MIC), + SND_PCI_QUIRK(0x17aa, 0x3801, "Lenovo Yoga9 14IAP7", ALC287_FIXUP_YOGA9_14IAP7_BASS_SPK_PIN), + SND_PCI_QUIRK(0x17aa, 0x3802, "Lenovo Yoga DuetITL 2021", ALC287_FIXUP_YOGA7_14ITL_SPEAKERS), + SND_PCI_QUIRK(0x17aa, 0x3813, "Legion 7i 15IMHG05", ALC287_FIXUP_LEGION_15IMHG05_SPEAKERS), diff --git a/queue-6.7/alsa-hda-realtek-enable-mute-micmute-leds-and-limit-mic-boost-on-hp-zbook.patch b/queue-6.7/alsa-hda-realtek-enable-mute-micmute-leds-and-limit-mic-boost-on-hp-zbook.patch new file mode 100644 index 00000000000..065fedc4208 --- /dev/null +++ b/queue-6.7/alsa-hda-realtek-enable-mute-micmute-leds-and-limit-mic-boost-on-hp-zbook.patch @@ -0,0 +1,31 @@ +From b018cee7369896c7a15bfdbe88f168f3dbd8ba27 Mon Sep 17 00:00:00 2001 +From: Yo-Jung Lin +Date: Tue, 16 Jan 2024 10:07:19 +0800 +Subject: ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook + +From: Yo-Jung Lin + +commit b018cee7369896c7a15bfdbe88f168f3dbd8ba27 upstream. + +On some HP ZBooks, the audio LEDs can be enabled by +ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF. So use it accordingly. + +Signed-off-by: Yo-Jung Lin +Cc: +Link: https://lore.kernel.org/r/20240116020722.27236-1-leo.lin@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9943,6 +9943,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8c71, "HP EliteBook 845 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), ++ SND_PCI_QUIRK(0x103c, 0x8c97, "HP ZBook", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), + SND_PCI_QUIRK(0x103c, 0x8ca4, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8ca7, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8cf5, "HP ZBook Studio 16", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED), diff --git a/queue-6.7/alsa-hda-relatek-enable-mute-led-on-hp-laptop-15s-fq2xxx.patch b/queue-6.7/alsa-hda-relatek-enable-mute-led-on-hp-laptop-15s-fq2xxx.patch new file mode 100644 index 00000000000..4a6fb7f5448 --- /dev/null +++ b/queue-6.7/alsa-hda-relatek-enable-mute-led-on-hp-laptop-15s-fq2xxx.patch @@ -0,0 +1,35 @@ +From bc7863d18677df66b2c7a0e172c91296ff380f11 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=C3=87a=C4=9Fhan=20Demir?= +Date: Mon, 15 Jan 2024 20:23:03 +0300 +Subject: ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Çağhan Demir + +commit bc7863d18677df66b2c7a0e172c91296ff380f11 upstream. + +This HP Laptop uses ALC236 codec with COEF 0x07 idx 1 controlling +the mute LED. This patch enables the already existing quirk for +this device. + +Signed-off-by: Çağhan Demir +Cc: +Link: https://lore.kernel.org/r/20240115172303.4718-1-caghandemir@marun.edu.tr +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9848,6 +9848,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x87f5, "HP", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x87f6, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), + SND_PCI_QUIRK(0x103c, 0x87f7, "HP Spectre x360 14", ALC245_FIXUP_HP_X360_AMP), ++ SND_PCI_QUIRK(0x103c, 0x87fe, "HP Laptop 15s-fq2xxx", ALC236_FIXUP_HP_MUTE_LED_COEFBIT2), + SND_PCI_QUIRK(0x103c, 0x8805, "HP ProBook 650 G8 Notebook PC", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x880d, "HP EliteBook 830 G8 Notebook PC", ALC285_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8811, "HP Spectre x360 15-eb1xxx", ALC285_FIXUP_HP_SPECTRE_X360_EB1), diff --git a/queue-6.7/alsa-oxygen-fix-right-channel-of-capture-volume-mixer.patch b/queue-6.7/alsa-oxygen-fix-right-channel-of-capture-volume-mixer.patch new file mode 100644 index 00000000000..4a0bff9b9e2 --- /dev/null +++ b/queue-6.7/alsa-oxygen-fix-right-channel-of-capture-volume-mixer.patch @@ -0,0 +1,35 @@ +From a03cfad512ac24a35184d7d87ec0d5489e1cb763 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 12 Jan 2024 12:10:23 +0100 +Subject: ALSA: oxygen: Fix right channel of capture volume mixer + +From: Takashi Iwai + +commit a03cfad512ac24a35184d7d87ec0d5489e1cb763 upstream. + +There was a typo in oxygen mixer code that didn't update the right +channel value properly for the capture volume. Let's fix it. + +This trivial fix was originally reported on Bugzilla. + +Fixes: a3601560496d ("[ALSA] oxygen: add front panel controls") +Cc: +Link: https://bugzilla.kernel.org/show_bug.cgi?id=156561 +Link: https://lore.kernel.org/r/20240112111023.6208-1-tiwai@suse.de +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/oxygen/oxygen_mixer.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/pci/oxygen/oxygen_mixer.c ++++ b/sound/pci/oxygen/oxygen_mixer.c +@@ -718,7 +718,7 @@ static int ac97_fp_rec_volume_put(struct + oldreg = oxygen_read_ac97(chip, 1, AC97_REC_GAIN); + newreg = oldreg & ~0x0707; + newreg = newreg | (value->value.integer.value[0] & 7); +- newreg = newreg | ((value->value.integer.value[0] & 7) << 8); ++ newreg = newreg | ((value->value.integer.value[1] & 7) << 8); + change = newreg != oldreg; + if (change) + oxygen_write_ac97(chip, 1, AC97_REC_GAIN, newreg); diff --git a/queue-6.7/ceph-select-fs_encryption_algs-if-fs_encryption.patch b/queue-6.7/ceph-select-fs_encryption_algs-if-fs_encryption.patch new file mode 100644 index 00000000000..104ea4b6f7c --- /dev/null +++ b/queue-6.7/ceph-select-fs_encryption_algs-if-fs_encryption.patch @@ -0,0 +1,36 @@ +From 9c896d6bc3dfef86659a6a1fb25ccdea5dbef6a3 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Wed, 22 Nov 2023 19:08:38 -0800 +Subject: ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION + +From: Eric Biggers + +commit 9c896d6bc3dfef86659a6a1fb25ccdea5dbef6a3 upstream. + +The kconfig options for filesystems that support FS_ENCRYPTION are +supposed to select FS_ENCRYPTION_ALGS. This is needed to ensure that +required crypto algorithms get enabled as loadable modules or builtin as +is appropriate for the set of enabled filesystems. Do this for CEPH_FS +so that there aren't any missing algorithms if someone happens to have +CEPH_FS as their only enabled filesystem that supports encryption. + +Cc: stable@vger.kernel.org +Fixes: f061feda6c54 ("ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr") +Signed-off-by: Eric Biggers +Reviewed-by: Xiubo Li +Signed-off-by: Ilya Dryomov +Signed-off-by: Greg Kroah-Hartman +--- + fs/ceph/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/ceph/Kconfig ++++ b/fs/ceph/Kconfig +@@ -7,6 +7,7 @@ config CEPH_FS + select CRYPTO_AES + select CRYPTO + select NETFS_SUPPORT ++ select FS_ENCRYPTION_ALGS if FS_ENCRYPTION + default n + help + Choose Y or M here to include support for mounting the diff --git a/queue-6.7/ksmbd-fix-uaf-issue-in-ksmbd_tcp_new_connection.patch b/queue-6.7/ksmbd-fix-uaf-issue-in-ksmbd_tcp_new_connection.patch new file mode 100644 index 00000000000..b438b1c0f9c --- /dev/null +++ b/queue-6.7/ksmbd-fix-uaf-issue-in-ksmbd_tcp_new_connection.patch @@ -0,0 +1,108 @@ +From 38d20c62903d669693a1869aa68c4dd5674e2544 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Sat, 13 Jan 2024 15:30:07 +0900 +Subject: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() + +From: Namjae Jeon + +commit 38d20c62903d669693a1869aa68c4dd5674e2544 upstream. + +The race is between the handling of a new TCP connection and +its disconnection. It leads to UAF on `struct tcp_transport` in +ksmbd_tcp_new_connection() function. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22991 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/connection.c | 6 ------ + fs/smb/server/connection.h | 1 - + fs/smb/server/transport_rdma.c | 11 ++++++----- + fs/smb/server/transport_tcp.c | 13 +++++++------ + 4 files changed, 13 insertions(+), 18 deletions(-) + +--- a/fs/smb/server/connection.c ++++ b/fs/smb/server/connection.c +@@ -415,13 +415,7 @@ static void stop_sessions(void) + again: + down_read(&conn_list_lock); + list_for_each_entry(conn, &conn_list, conns_list) { +- struct task_struct *task; +- + t = conn->transport; +- task = t->handler; +- if (task) +- ksmbd_debug(CONN, "Stop session handler %s/%d\n", +- task->comm, task_pid_nr(task)); + ksmbd_conn_set_exiting(conn); + if (t->ops->shutdown) { + up_read(&conn_list_lock); +--- a/fs/smb/server/connection.h ++++ b/fs/smb/server/connection.h +@@ -135,7 +135,6 @@ struct ksmbd_transport_ops { + struct ksmbd_transport { + struct ksmbd_conn *conn; + struct ksmbd_transport_ops *ops; +- struct task_struct *handler; + }; + + #define KSMBD_TCP_RECV_TIMEOUT (7 * HZ) +--- a/fs/smb/server/transport_rdma.c ++++ b/fs/smb/server/transport_rdma.c +@@ -2039,6 +2039,7 @@ static bool rdma_frwr_is_supported(struc + static int smb_direct_handle_connect_request(struct rdma_cm_id *new_cm_id) + { + struct smb_direct_transport *t; ++ struct task_struct *handler; + int ret; + + if (!rdma_frwr_is_supported(&new_cm_id->device->attrs)) { +@@ -2056,11 +2057,11 @@ static int smb_direct_handle_connect_req + if (ret) + goto out_err; + +- KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, +- KSMBD_TRANS(t)->conn, "ksmbd:r%u", +- smb_direct_port); +- if (IS_ERR(KSMBD_TRANS(t)->handler)) { +- ret = PTR_ERR(KSMBD_TRANS(t)->handler); ++ handler = kthread_run(ksmbd_conn_handler_loop, ++ KSMBD_TRANS(t)->conn, "ksmbd:r%u", ++ smb_direct_port); ++ if (IS_ERR(handler)) { ++ ret = PTR_ERR(handler); + pr_err("Can't start thread\n"); + goto out_err; + } +--- a/fs/smb/server/transport_tcp.c ++++ b/fs/smb/server/transport_tcp.c +@@ -185,6 +185,7 @@ static int ksmbd_tcp_new_connection(stru + struct sockaddr *csin; + int rc = 0; + struct tcp_transport *t; ++ struct task_struct *handler; + + t = alloc_transport(client_sk); + if (!t) { +@@ -199,13 +200,13 @@ static int ksmbd_tcp_new_connection(stru + goto out_error; + } + +- KSMBD_TRANS(t)->handler = kthread_run(ksmbd_conn_handler_loop, +- KSMBD_TRANS(t)->conn, +- "ksmbd:%u", +- ksmbd_tcp_get_port(csin)); +- if (IS_ERR(KSMBD_TRANS(t)->handler)) { ++ handler = kthread_run(ksmbd_conn_handler_loop, ++ KSMBD_TRANS(t)->conn, ++ "ksmbd:%u", ++ ksmbd_tcp_get_port(csin)); ++ if (IS_ERR(handler)) { + pr_err("cannot start conn thread\n"); +- rc = PTR_ERR(KSMBD_TRANS(t)->handler); ++ rc = PTR_ERR(handler); + free_transport(t); + } + return rc; diff --git a/queue-6.7/ksmbd-only-v2-leases-handle-the-directory.patch b/queue-6.7/ksmbd-only-v2-leases-handle-the-directory.patch new file mode 100644 index 00000000000..434441a5b8d --- /dev/null +++ b/queue-6.7/ksmbd-only-v2-leases-handle-the-directory.patch @@ -0,0 +1,37 @@ +From 77bebd186442a7d703b796784db7495129cc3e70 Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Mon, 15 Jan 2024 10:24:54 +0900 +Subject: ksmbd: only v2 leases handle the directory + +From: Namjae Jeon + +commit 77bebd186442a7d703b796784db7495129cc3e70 upstream. + +When smb2 leases is disable, ksmbd can send oplock break notification +and cause wait oplock break ack timeout. It may appear like hang when +accessing a directory. This patch make only v2 leases handle the +directory. + +Cc: stable@vger.kernel.org +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/oplock.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/fs/smb/server/oplock.c ++++ b/fs/smb/server/oplock.c +@@ -1191,6 +1191,12 @@ int smb_grant_oplock(struct ksmbd_work * + bool prev_op_has_lease; + __le32 prev_op_state = 0; + ++ /* Only v2 leases handle the directory */ ++ if (S_ISDIR(file_inode(fp->filp)->i_mode)) { ++ if (!lctx || lctx->version != 2) ++ return 0; ++ } ++ + opinfo = alloc_opinfo(work, pid, tid); + if (!opinfo) + return -ENOMEM; diff --git a/queue-6.7/ksmbd-validate-mech-token-in-session-setup.patch b/queue-6.7/ksmbd-validate-mech-token-in-session-setup.patch new file mode 100644 index 00000000000..76be7809fd7 --- /dev/null +++ b/queue-6.7/ksmbd-validate-mech-token-in-session-setup.patch @@ -0,0 +1,104 @@ +From 92e470163d96df8db6c4fa0f484e4a229edb903d Mon Sep 17 00:00:00 2001 +From: Namjae Jeon +Date: Sat, 13 Jan 2024 15:11:41 +0900 +Subject: ksmbd: validate mech token in session setup + +From: Namjae Jeon + +commit 92e470163d96df8db6c4fa0f484e4a229edb903d upstream. + +If client send invalid mech token in session setup request, ksmbd +validate and make the error if it is invalid. + +Cc: stable@vger.kernel.org +Reported-by: zdi-disclosures@trendmicro.com # ZDI-CAN-22890 +Signed-off-by: Namjae Jeon +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/server/asn1.c | 5 +++++ + fs/smb/server/connection.h | 1 + + fs/smb/server/smb2pdu.c | 22 +++++++++++++++++----- + 3 files changed, 23 insertions(+), 5 deletions(-) + +--- a/fs/smb/server/asn1.c ++++ b/fs/smb/server/asn1.c +@@ -214,10 +214,15 @@ static int ksmbd_neg_token_alloc(void *c + { + struct ksmbd_conn *conn = context; + ++ if (!vlen) ++ return -EINVAL; ++ + conn->mechToken = kmemdup_nul(value, vlen, GFP_KERNEL); + if (!conn->mechToken) + return -ENOMEM; + ++ conn->mechTokenLen = (unsigned int)vlen; ++ + return 0; + } + +--- a/fs/smb/server/connection.h ++++ b/fs/smb/server/connection.h +@@ -88,6 +88,7 @@ struct ksmbd_conn { + __u16 dialect; + + char *mechToken; ++ unsigned int mechTokenLen; + + struct ksmbd_conn_ops *conn_ops; + +--- a/fs/smb/server/smb2pdu.c ++++ b/fs/smb/server/smb2pdu.c +@@ -1414,7 +1414,10 @@ static struct ksmbd_user *session_user(s + char *name; + unsigned int name_off, name_len, secbuf_len; + +- secbuf_len = le16_to_cpu(req->SecurityBufferLength); ++ if (conn->use_spnego && conn->mechToken) ++ secbuf_len = conn->mechTokenLen; ++ else ++ secbuf_len = le16_to_cpu(req->SecurityBufferLength); + if (secbuf_len < sizeof(struct authenticate_message)) { + ksmbd_debug(SMB, "blob len %d too small\n", secbuf_len); + return NULL; +@@ -1505,7 +1508,10 @@ static int ntlm_authenticate(struct ksmb + struct authenticate_message *authblob; + + authblob = user_authblob(conn, req); +- sz = le16_to_cpu(req->SecurityBufferLength); ++ if (conn->use_spnego && conn->mechToken) ++ sz = conn->mechTokenLen; ++ else ++ sz = le16_to_cpu(req->SecurityBufferLength); + rc = ksmbd_decode_ntlmssp_auth_blob(authblob, sz, conn, sess); + if (rc) { + set_user_flag(sess->user, KSMBD_USER_FLAG_BAD_PASSWORD); +@@ -1778,8 +1784,7 @@ int smb2_sess_setup(struct ksmbd_work *w + + negblob_off = le16_to_cpu(req->SecurityBufferOffset); + negblob_len = le16_to_cpu(req->SecurityBufferLength); +- if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer) || +- negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { ++ if (negblob_off < offsetof(struct smb2_sess_setup_req, Buffer)) { + rc = -EINVAL; + goto out_err; + } +@@ -1788,8 +1793,15 @@ int smb2_sess_setup(struct ksmbd_work *w + negblob_off); + + if (decode_negotiation_token(conn, negblob, negblob_len) == 0) { +- if (conn->mechToken) ++ if (conn->mechToken) { + negblob = (struct negotiate_message *)conn->mechToken; ++ negblob_len = conn->mechTokenLen; ++ } ++ } ++ ++ if (negblob_len < offsetof(struct negotiate_message, NegotiateFlags)) { ++ rc = -EINVAL; ++ goto out_err; + } + + if (server_conf.auth_mechs & conn->auth_mechs) { diff --git a/queue-6.7/loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch b/queue-6.7/loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch new file mode 100644 index 00000000000..15e3d5136ee --- /dev/null +++ b/queue-6.7/loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch @@ -0,0 +1,117 @@ +From c2396651309eba291c15e32db8fbe44c738b5921 Mon Sep 17 00:00:00 2001 +From: Xi Ruoyao +Date: Wed, 17 Jan 2024 12:43:08 +0800 +Subject: LoongArch: Fix and simplify fcsr initialization on execve() + +From: Xi Ruoyao + +commit c2396651309eba291c15e32db8fbe44c738b5921 upstream. + +There has been a lingering bug in LoongArch Linux systems causing some +GCC tests to intermittently fail (see Closes link). I've made a minimal +reproducer: + + zsh% cat measure.s + .align 4 + .globl _start + _start: + movfcsr2gr $a0, $fcsr0 + bstrpick.w $a0, $a0, 16, 16 + beqz $a0, .ok + break 0 + .ok: + li.w $a7, 93 + syscall 0 + zsh% cc mesaure.s -o measure -nostdlib + zsh% echo $((1.0/3)) + 0.33333333333333331 + zsh% while ./measure; do ; done + +This while loop should not stop as POSIX is clear that execve must set +fenv to the default, where FCSR should be zero. But in fact it will +just stop after running for a while (normally less than 30 seconds). +Note that "$((1.0/3))" is needed to reproduce this issue because it +raises FE_INVALID and makes fcsr0 non-zero. + +The problem is we are currently relying on SET_PERSONALITY2() to reset +current->thread.fpu.fcsr. But SET_PERSONALITY2() is executed before +start_thread which calls lose_fpu(0). We can see if kernel preempt is +enabled, we may switch to another thread after SET_PERSONALITY2() but +before lose_fpu(0). Then bad thing happens: during the thread switch +the value of the fcsr0 register is stored into current->thread.fpu.fcsr, +making it dirty again. + +The issue can be fixed by setting current->thread.fpu.fcsr after +lose_fpu(0) because lose_fpu() clears TIF_USEDFPU, then the thread +switch won't touch current->thread.fpu.fcsr. + +The only other architecture setting FCSR in SET_PERSONALITY2() is MIPS. +I've ran a similar test on MIPS with mainline kernel and it turns out +MIPS is buggy, too. Anyway MIPS do this for supporting different FP +flavors (NaN encodings, etc.) which do not exist on LoongArch. So for +LoongArch, we can simply remove the current->thread.fpu.fcsr setting +from SET_PERSONALITY2() and do it in start_thread(), after lose_fpu(0). + +The while loop failing with the mainline kernel has survived one hour +after this change on LoongArch. + +Fixes: 803b0fc5c3f2baa ("LoongArch: Add process management") +Closes: https://github.com/loongson-community/discussions/issues/7 +Link: https://lore.kernel.org/linux-mips/7a6aa1bbdbbe2e63ae96ff163fab0349f58f1b9e.camel@xry111.site/ +Cc: stable@vger.kernel.org +Signed-off-by: Xi Ruoyao +Signed-off-by: Huacai Chen +Signed-off-by: Greg Kroah-Hartman +--- + arch/loongarch/include/asm/elf.h | 5 ----- + arch/loongarch/kernel/elf.c | 5 ----- + arch/loongarch/kernel/process.c | 1 + + 3 files changed, 1 insertion(+), 10 deletions(-) + +--- a/arch/loongarch/include/asm/elf.h ++++ b/arch/loongarch/include/asm/elf.h +@@ -241,8 +241,6 @@ void loongarch_dump_regs64(u64 *uregs, c + do { \ + current->thread.vdso = &vdso_info; \ + \ +- loongarch_set_personality_fcsr(state); \ +- \ + if (personality(current->personality) != PER_LINUX) \ + set_personality(PER_LINUX); \ + } while (0) +@@ -259,7 +257,6 @@ do { \ + clear_thread_flag(TIF_32BIT_ADDR); \ + \ + current->thread.vdso = &vdso_info; \ +- loongarch_set_personality_fcsr(state); \ + \ + p = personality(current->personality); \ + if (p != PER_LINUX32 && p != PER_LINUX) \ +@@ -340,6 +337,4 @@ extern int arch_elf_pt_proc(void *ehdr, + extern int arch_check_elf(void *ehdr, bool has_interpreter, void *interp_ehdr, + struct arch_elf_state *state); + +-extern void loongarch_set_personality_fcsr(struct arch_elf_state *state); +- + #endif /* _ASM_ELF_H */ +--- a/arch/loongarch/kernel/elf.c ++++ b/arch/loongarch/kernel/elf.c +@@ -23,8 +23,3 @@ int arch_check_elf(void *_ehdr, bool has + { + return 0; + } +- +-void loongarch_set_personality_fcsr(struct arch_elf_state *state) +-{ +- current->thread.fpu.fcsr = boot_cpu_data.fpu_csr0; +-} +--- a/arch/loongarch/kernel/process.c ++++ b/arch/loongarch/kernel/process.c +@@ -85,6 +85,7 @@ void start_thread(struct pt_regs *regs, + regs->csr_euen = euen; + lose_fpu(0); + lose_lbt(0); ++ current->thread.fpu.fcsr = boot_cpu_data.fpu_csr0; + + clear_thread_flag(TIF_LSX_CTX_LIVE); + clear_thread_flag(TIF_LASX_CTX_LIVE); diff --git a/queue-6.7/series b/queue-6.7/series index c3c77e290f9..949b753b238 100644 --- a/queue-6.7/series +++ b/queue-6.7/series @@ -415,3 +415,12 @@ serial-core-imx-do-not-set-rs485-enabled-if-it-is-not-supported.patch serial-imx-ensure-that-imx_uart_rs485_config-is-called-with-enabled-clock.patch serial-8250_exar-set-missing-rs485_supported-flag.patch serial-omap-do-not-override-settings-for-rs485-support.patch +alsa-oxygen-fix-right-channel-of-capture-volume-mixer.patch +alsa-hda-relatek-enable-mute-led-on-hp-laptop-15s-fq2xxx.patch +alsa-hda-realtek-enable-mute-micmute-leds-and-limit-mic-boost-on-hp-zbook.patch +alsa-hda-realtek-enable-headset-mic-on-lenovo-m70-gen5.patch +ksmbd-validate-mech-token-in-session-setup.patch +ksmbd-fix-uaf-issue-in-ksmbd_tcp_new_connection.patch +ksmbd-only-v2-leases-handle-the-directory.patch +ceph-select-fs_encryption_algs-if-fs_encryption.patch +loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch