From 30ee28a14d456570fba92290d516e82c7513ddf8 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 19 May 2021 18:43:08 -0400 Subject: [PATCH] Fixes for 5.12 Signed-off-by: Sasha Levin --- ...-fix-reference-count-leak-in-enable_.patch | 43 ++++ ...-change-the-dac-ctl-name-for-lo-spk-.patch | 64 ++++++ ...t-force-of-dcefclk-on-navi10-and-sie.patch | 70 ++++++ ...-v7-refactor-v7_invalidate_l1-to-avo.patch | 105 +++++++++ ...e-pause-unpause-function-graph-trace.patch | 87 ++++++++ ...5-1-kernel-fix-interrupted-smc-calls.patch | 87 ++++++++ ...k-reexpand-iov_iter-after-read-write.patch | 171 ++++++++++++++ ...ble-races-between-assigning-rx_handl.patch | 86 ++++++++ ...t-allow-access-to-mds-private-inodes.patch | 130 +++++++++++ ...obber-i_snap_caps-on-non-i_new-inode.patch | 53 +++++ .../ceph-fix-fscache-invalidation.patch | 47 ++++ ...a-fix-crash-on-loading-unloading-dri.patch | 57 +++++ ...fix-two-cursor-duplication-when-usin.patch | 147 +++++++++++++ ...ix-to-avoid-null-pointer-dereference.patch | 86 ++++++++ ...-quirk-to-ignore-ec-wakeups-on-dell-.patch | 57 +++++ ...-do-not-bind-to-i2c-hid-compatible-a.patch | 132 +++++++++++ ...-workaround-for-x86-bios-es-which-br.patch | 128 +++++++++++ ...urn-depot_lock-spinlock-to-raw_spinl.patch | 80 +++++++ ...xgb4-fix-leak-if-sk_buff-is-not-used.patch | 73 ++++++ ...b-can-contain-struct-hsr_ethhdr-in-f.patch | 42 ++++ ...t-enable-rx-fifo-overflow-interrupts.patch | 94 ++++++++ ...invalidation-in-nfs_set_cache_invali.patch | 39 ++++ ...l_pagecache-should-mark-the-change-a.patch | 35 +++ ...met-remove-unsupported-command-noise.patch | 58 +++++ ...tegra194-mcfg-quirks-for-ecam-errata.patch | 208 ++++++++++++++++++ ...ntime-pm-imbalance-in-pex_ep_event_p.patch | 41 ++++ .../pci-thunder-fix-compile-testing.patch | 101 +++++++++ ...rome-cros_ec_typec-add-dp-mode-check.patch | 41 ++++ ...cv-use-ld-instead-of-cc-to-link-vdso.patch | 95 ++++++++ ...around-mcount-name-prior-to-clang-13.patch | 123 +++++++++++ ...mcount.pl-fix-risc-v-regex-for-clang.patch | 43 ++++ ...illegal-memory-access-on-abort-iocbs.patch | 60 +++++ ...-return-from-tcmu_handle_completions.patch | 52 +++++ queue-5.12/series | 36 +++ ...-don-t-leak-send_ctxt-on-send-errors.patch | 48 ++++ .../um-disable-config_gcov-with-modules.patch | 76 +++++++ .../um-mark-all-kernel-symbols-as-local.patch | 111 ++++++++++ 37 files changed, 3006 insertions(+) create mode 100644 queue-5.12/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch create mode 100644 queue-5.12/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch create mode 100644 queue-5.12/amdgpu-pm-prevent-force-of-dcefclk-on-navi10-and-sie.patch create mode 100644 queue-5.12/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch create mode 100644 queue-5.12/arm-9066-1-ftrace-pause-unpause-function-graph-trace.patch create mode 100644 queue-5.12/arm-9075-1-kernel-fix-interrupted-smc-calls.patch create mode 100644 queue-5.12/block-reexpand-iov_iter-after-read-write.patch create mode 100644 queue-5.12/bridge-fix-possible-races-between-assigning-rx_handl.patch create mode 100644 queue-5.12/ceph-don-t-allow-access-to-mds-private-inodes.patch create mode 100644 queue-5.12/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch create mode 100644 queue-5.12/ceph-fix-fscache-invalidation.patch create mode 100644 queue-5.12/dmaengine-dw-edma-fix-crash-on-loading-unloading-dri.patch create mode 100644 queue-5.12/drm-amd-display-fix-two-cursor-duplication-when-usin.patch create mode 100644 queue-5.12/f2fs-fix-to-avoid-null-pointer-dereference.patch create mode 100644 queue-5.12/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch create mode 100644 queue-5.12/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch create mode 100644 queue-5.12/input-silead-add-workaround-for-x86-bios-es-which-br.patch create mode 100644 queue-5.12/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch create mode 100644 queue-5.12/net-cxgb4-fix-leak-if-sk_buff-is-not-used.patch create mode 100644 queue-5.12/net-hsr-check-skb-can-contain-struct-hsr_ethhdr-in-f.patch create mode 100644 queue-5.12/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch create mode 100644 queue-5.12/nfs-fix-fscache-invalidation-in-nfs_set_cache_invali.patch create mode 100644 queue-5.12/nfs-nfs_ino_reval_pagecache-should-mark-the-change-a.patch create mode 100644 queue-5.12/nvmet-remove-unsupported-command-noise.patch create mode 100644 queue-5.12/pci-tegra-add-tegra194-mcfg-quirks-for-ecam-errata.patch create mode 100644 queue-5.12/pci-tegra-fix-runtime-pm-imbalance-in-pex_ep_event_p.patch create mode 100644 queue-5.12/pci-thunder-fix-compile-testing.patch create mode 100644 queue-5.12/platform-chrome-cros_ec_typec-add-dp-mode-check.patch create mode 100644 queue-5.12/riscv-use-ld-instead-of-cc-to-link-vdso.patch create mode 100644 queue-5.12/riscv-workaround-mcount-name-prior-to-clang-13.patch create mode 100644 queue-5.12/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch create mode 100644 queue-5.12/scsi-lpfc-fix-illegal-memory-access-on-abort-iocbs.patch create mode 100644 queue-5.12/scsi-target-tcmu-return-from-tcmu_handle_completions.patch create mode 100644 queue-5.12/svcrdma-don-t-leak-send_ctxt-on-send-errors.patch create mode 100644 queue-5.12/um-disable-config_gcov-with-modules.patch create mode 100644 queue-5.12/um-mark-all-kernel-symbols-as-local.patch diff --git a/queue-5.12/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch b/queue-5.12/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch new file mode 100644 index 00000000000..497c144ee41 --- /dev/null +++ b/queue-5.12/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch @@ -0,0 +1,43 @@ +From ef11cdfa89a9180fbd494a50e68cbeafd9d81da4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:26:00 +0800 +Subject: ACPI / hotplug / PCI: Fix reference count leak in enable_slot() + +From: Feilong Lin + +[ Upstream commit 3bbfd319034ddce59e023837a4aa11439460509b ] + +In enable_slot(), if pci_get_slot() returns NULL, we clear the SLOT_ENABLED +flag. When pci_get_slot() finds a device, it increments the device's +reference count. In this case, we did not call pci_dev_put() to decrement +the reference count, so the memory of the device (struct pci_dev type) will +eventually leak. + +Call pci_dev_put() to decrement its reference count when pci_get_slot() +returns a PCI device. + +Link: https://lore.kernel.org/r/b411af88-5049-a1c6-83ac-d104a1f429be@huawei.com +Signed-off-by: Feilong Lin +Signed-off-by: Zhiqiang Liu +Signed-off-by: Bjorn Helgaas +Reviewed-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/pci/hotplug/acpiphp_glue.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c +index 3365c93abf0e..f031302ad401 100644 +--- a/drivers/pci/hotplug/acpiphp_glue.c ++++ b/drivers/pci/hotplug/acpiphp_glue.c +@@ -533,6 +533,7 @@ static void enable_slot(struct acpiphp_slot *slot, bool bridge) + slot->flags &= ~SLOT_ENABLED; + continue; + } ++ pci_dev_put(dev); + } + } + +-- +2.30.2 + diff --git a/queue-5.12/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch b/queue-5.12/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch new file mode 100644 index 00000000000..d3934ece589 --- /dev/null +++ b/queue-5.12/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch @@ -0,0 +1,64 @@ +From e45134ebd3943d18392b1800277d3ec438f27050 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 4 May 2021 15:39:17 +0800 +Subject: ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + +From: Hui Wang + +[ Upstream commit f48652bbe3ae62ba2835a396b7e01f063e51c4cd ] + +Without this change, the DAC ctl's name could be changed only when +the machine has both Speaker and Headphone, but we met some machines +which only has Lineout and Headhpone, and the Lineout and Headphone +share the Audio Mixer0 and DAC0, the ctl's name is set to "Front". + +On most of machines, the "Front" is used for Speaker only or Lineout +only, but on this machine it is shared by Lineout and Headphone, +This introduces an issue in the pipewire and pulseaudio, suppose users +want the Headphone to be on and the Speaker/Lineout to be off, they +could turn off the "Front", this works on most of the machines, but on +this machine, the "Front" couldn't be turned off otherwise the +headphone will be off too. Here we do some change to let the ctl's +name change to "Headphone+LO" on this machine, and pipewire and +pulseaudio already could handle "Headphone+LO" and "Speaker+LO". +(https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/747) + +BugLink: http://bugs.launchpad.net/bugs/804178 +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20210504073917.22406-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/hda_generic.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c +index f5cba7afd1c6..ff0fb2d16d82 100644 +--- a/sound/pci/hda/hda_generic.c ++++ b/sound/pci/hda/hda_generic.c +@@ -1202,11 +1202,17 @@ static const char *get_line_out_pfx(struct hda_codec *codec, int ch, + *index = ch; + return "Headphone"; + case AUTO_PIN_LINE_OUT: +- /* This deals with the case where we have two DACs and +- * one LO, one HP and one Speaker */ +- if (!ch && cfg->speaker_outs && cfg->hp_outs) { +- bool hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); +- bool spk_lo_shared = !path_has_mixer(codec, spec->speaker_paths[0], ctl_type); ++ /* This deals with the case where one HP or one Speaker or ++ * one HP + one Speaker need to share the DAC with LO ++ */ ++ if (!ch) { ++ bool hp_lo_shared = false, spk_lo_shared = false; ++ ++ if (cfg->speaker_outs) ++ spk_lo_shared = !path_has_mixer(codec, ++ spec->speaker_paths[0], ctl_type); ++ if (cfg->hp_outs) ++ hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); + if (hp_lo_shared && spk_lo_shared) + return spec->vmaster_mute.hook ? "PCM" : "Master"; + if (hp_lo_shared) +-- +2.30.2 + diff --git a/queue-5.12/amdgpu-pm-prevent-force-of-dcefclk-on-navi10-and-sie.patch b/queue-5.12/amdgpu-pm-prevent-force-of-dcefclk-on-navi10-and-sie.patch new file mode 100644 index 00000000000..2a96b79e04d --- /dev/null +++ b/queue-5.12/amdgpu-pm-prevent-force-of-dcefclk-on-navi10-and-sie.patch @@ -0,0 +1,70 @@ +From 715911f928b333834d7ca477b1d45af9a07c444d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Apr 2021 00:34:35 -0400 +Subject: amdgpu/pm: Prevent force of DCEFCLK on NAVI10 and SIENNA_CICHLID + +From: Darren Powell + +[ Upstream commit b117b3964f38a988cb79825950dbd607c02237f3 ] + +Writing to dcefclk causes the gpu to become unresponsive, and requires a reboot. +Patch ignores a .force_clk_levels(SMU_DCEFCLK) call and issues an +info message. + +Signed-off-by: Darren Powell +Reviewed-by: Kenneth Feng +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c | 5 ++++- + drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c | 4 +++- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c +index 6e641f1513d8..fbff3df72e6c 100644 +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c +@@ -1110,7 +1110,6 @@ static int navi10_force_clk_levels(struct smu_context *smu, + case SMU_SOCCLK: + case SMU_MCLK: + case SMU_UCLK: +- case SMU_DCEFCLK: + case SMU_FCLK: + /* There is only 2 levels for fine grained DPM */ + if (navi10_is_support_fine_grained_dpm(smu, clk_type)) { +@@ -1130,6 +1129,10 @@ static int navi10_force_clk_levels(struct smu_context *smu, + if (ret) + return size; + break; ++ case SMU_DCEFCLK: ++ dev_info(smu->adev->dev,"Setting DCEFCLK min/max dpm level is not supported!\n"); ++ break; ++ + default: + break; + } +diff --git a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c +index af73e1430af5..61438940c26e 100644 +--- a/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c ++++ b/drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c +@@ -1127,7 +1127,6 @@ static int sienna_cichlid_force_clk_levels(struct smu_context *smu, + case SMU_SOCCLK: + case SMU_MCLK: + case SMU_UCLK: +- case SMU_DCEFCLK: + case SMU_FCLK: + /* There is only 2 levels for fine grained DPM */ + if (sienna_cichlid_is_support_fine_grained_dpm(smu, clk_type)) { +@@ -1147,6 +1146,9 @@ static int sienna_cichlid_force_clk_levels(struct smu_context *smu, + if (ret) + goto forec_level_out; + break; ++ case SMU_DCEFCLK: ++ dev_info(smu->adev->dev,"Setting DCEFCLK min/max dpm level is not supported!\n"); ++ break; + default: + break; + } +-- +2.30.2 + diff --git a/queue-5.12/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch b/queue-5.12/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch new file mode 100644 index 00000000000..f96621deb8b --- /dev/null +++ b/queue-5.12/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch @@ -0,0 +1,105 @@ +From 7d49c220722cbe13e5b1f6663bdbf075a4077729 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Feb 2021 09:23:09 +0100 +Subject: ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering + r5/r6 + +From: Ard Biesheuvel + +[ Upstream commit f9e7a99fb6b86aa6a00e53b34ee6973840e005aa ] + +The cache invalidation code in v7_invalidate_l1 can be tweaked to +re-read the associativity from CCSIDR, and keep the way identifier +component in a single register that is assigned in the outer loop. This +way, we need 2 registers less. + +Given that the number of sets is typically much larger than the +associativity, rearrange the code so that the outer loop has the fewer +number of iterations, ensuring that the re-read of CCSIDR only occurs a +handful of times in practice. + +Fix the whitespace while at it, and update the comment to indicate that +this code is no longer a clone of anything else. + +Acked-by: Nicolas Pitre +Signed-off-by: Ard Biesheuvel +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/mm/cache-v7.S | 51 +++++++++++++++++++++--------------------- + 1 file changed, 25 insertions(+), 26 deletions(-) + +diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S +index dc8f152f3556..e3bc1d6e13d0 100644 +--- a/arch/arm/mm/cache-v7.S ++++ b/arch/arm/mm/cache-v7.S +@@ -33,41 +33,40 @@ icache_size: + * processor. We fix this by performing an invalidate, rather than a + * clean + invalidate, before jumping into the kernel. + * +- * This function is cloned from arch/arm/mach-tegra/headsmp.S, and needs +- * to be called for both secondary cores startup and primary core resume +- * procedures. ++ * This function needs to be called for both secondary cores startup and ++ * primary core resume procedures. + */ + ENTRY(v7_invalidate_l1) + mov r0, #0 + mcr p15, 2, r0, c0, c0, 0 + mrc p15, 1, r0, c0, c0, 0 + +- movw r1, #0x7fff +- and r2, r1, r0, lsr #13 ++ movw r3, #0x3ff ++ and r3, r3, r0, lsr #3 @ 'Associativity' in CCSIDR[12:3] ++ clz r1, r3 @ WayShift ++ mov r2, #1 ++ mov r3, r3, lsl r1 @ NumWays-1 shifted into bits [31:...] ++ movs r1, r2, lsl r1 @ #1 shifted left by same amount ++ moveq r1, #1 @ r1 needs value > 0 even if only 1 way + +- movw r1, #0x3ff ++ and r2, r0, #0x7 ++ add r2, r2, #4 @ SetShift + +- and r3, r1, r0, lsr #3 @ NumWays - 1 +- add r2, r2, #1 @ NumSets ++1: movw r4, #0x7fff ++ and r0, r4, r0, lsr #13 @ 'NumSets' in CCSIDR[27:13] + +- and r0, r0, #0x7 +- add r0, r0, #4 @ SetShift +- +- clz r1, r3 @ WayShift +- add r4, r3, #1 @ NumWays +-1: sub r2, r2, #1 @ NumSets-- +- mov r3, r4 @ Temp = NumWays +-2: subs r3, r3, #1 @ Temp-- +- mov r5, r3, lsl r1 +- mov r6, r2, lsl r0 +- orr r5, r5, r6 @ Reg = (Temp< +Date: Wed, 24 Feb 2021 13:25:53 +0100 +Subject: ARM: 9066/1: ftrace: pause/unpause function graph tracer in + cpu_suspend() + +From: louis.wang + +[ Upstream commit 8252ca87c7a2111502ee13994956f8c309faad7f ] + +Enabling function_graph tracer on ARM causes kernel panic, because the +function graph tracer updates the "return address" of a function in order +to insert a trace callback on function exit, it saves the function's +original return address in a return trace stack, but cpu_suspend() may not +return through the normal return path. + +cpu_suspend() will resume directly via the cpu_resume path, but the return +trace stack has been set-up by the subfunctions of cpu_suspend(), which +makes the "return address" inconsistent with cpu_suspend(). + +This patch refers to Commit de818bd4522c40ea02a81b387d2fa86f989c9623 +("arm64: kernel: pause/unpause function graph tracer in cpu_suspend()"), + +fixes the issue by pausing/resuming the function graph tracer on the thread +executing cpu_suspend(), so that the function graph tracer state is kept +consistent across functions that enter power down states and never return +by effectively disabling graph tracer while they are executing. + +Signed-off-by: louis.wang +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/suspend.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c +index 24bd20564be7..43f0a3ebf390 100644 +--- a/arch/arm/kernel/suspend.c ++++ b/arch/arm/kernel/suspend.c +@@ -1,4 +1,5 @@ + // SPDX-License-Identifier: GPL-2.0 ++#include + #include + #include + #include +@@ -25,6 +26,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + if (!idmap_pgd) + return -EINVAL; + ++ /* ++ * Function graph tracer state gets incosistent when the kernel ++ * calls functions that never return (aka suspend finishers) hence ++ * disable graph tracing during their execution. ++ */ ++ pause_graph_tracing(); ++ + /* + * Provide a temporary page table with an identity mapping for + * the MMU-enable code, required for resuming. On successful +@@ -32,6 +40,9 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + * back to the correct page tables. + */ + ret = __cpu_suspend(arg, fn, __mpidr); ++ ++ unpause_graph_tracing(); ++ + if (ret == 0) { + cpu_switch_mm(mm->pgd, mm); + local_flush_bp_all(); +@@ -45,7 +56,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + { + u32 __mpidr = cpu_logical_map(smp_processor_id()); +- return __cpu_suspend(arg, fn, __mpidr); ++ int ret; ++ ++ pause_graph_tracing(); ++ ret = __cpu_suspend(arg, fn, __mpidr); ++ unpause_graph_tracing(); ++ ++ return ret; + } + #define idmap_pgd NULL + #endif +-- +2.30.2 + diff --git a/queue-5.12/arm-9075-1-kernel-fix-interrupted-smc-calls.patch b/queue-5.12/arm-9075-1-kernel-fix-interrupted-smc-calls.patch new file mode 100644 index 00000000000..f64611fa903 --- /dev/null +++ b/queue-5.12/arm-9075-1-kernel-fix-interrupted-smc-calls.patch @@ -0,0 +1,87 @@ +From eb11050510fc6c6a4acd1a17a0e40632df24bee2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Apr 2021 04:41:16 +0100 +Subject: ARM: 9075/1: kernel: Fix interrupted SMC calls + +From: Manivannan Sadhasivam + +[ Upstream commit 57ac51667d8cd62731223d687e5fe7b41c502f89 ] + +On Qualcomm ARM32 platforms, the SMC call can return before it has +completed. If this occurs, the call can be restarted, but it requires +using the returned session ID value from the interrupted SMC call. + +The ARM32 SMCC code already has the provision to add platform specific +quirks for things like this. So let's make use of it and add the +Qualcomm specific quirk (ARM_SMCCC_QUIRK_QCOM_A6) used by the QCOM_SCM +driver. + +This change is similar to the below one added for ARM64 a while ago: +commit 82bcd087029f ("firmware: qcom: scm: Fix interrupted SCM calls") + +Without this change, the Qualcomm ARM32 platforms like SDX55 will return +-EINVAL for SMC calls used for modem firmware loading and validation. + +Signed-off-by: Manivannan Sadhasivam +Reviewed-by: Bjorn Andersson +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/asm-offsets.c | 3 +++ + arch/arm/kernel/smccc-call.S | 11 ++++++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/kernel/asm-offsets.c b/arch/arm/kernel/asm-offsets.c +index be8050b0c3df..70993af22d80 100644 +--- a/arch/arm/kernel/asm-offsets.c ++++ b/arch/arm/kernel/asm-offsets.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include "signal.h" + + /* +@@ -148,6 +149,8 @@ int main(void) + DEFINE(SLEEP_SAVE_SP_PHYS, offsetof(struct sleep_save_sp, save_ptr_stash_phys)); + DEFINE(SLEEP_SAVE_SP_VIRT, offsetof(struct sleep_save_sp, save_ptr_stash)); + #endif ++ DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); ++ DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); + BLANK(); + DEFINE(DMA_BIDIRECTIONAL, DMA_BIDIRECTIONAL); + DEFINE(DMA_TO_DEVICE, DMA_TO_DEVICE); +diff --git a/arch/arm/kernel/smccc-call.S b/arch/arm/kernel/smccc-call.S +index 00664c78faca..931df62a7831 100644 +--- a/arch/arm/kernel/smccc-call.S ++++ b/arch/arm/kernel/smccc-call.S +@@ -3,7 +3,9 @@ + * Copyright (c) 2015, Linaro Limited + */ + #include ++#include + ++#include + #include + #include + #include +@@ -27,7 +29,14 @@ UNWIND( .fnstart) + UNWIND( .save {r4-r7}) + ldm r12, {r4-r7} + \instr +- pop {r4-r7} ++ ldr r4, [sp, #36] ++ cmp r4, #0 ++ beq 1f // No quirk structure ++ ldr r5, [r4, #ARM_SMCCC_QUIRK_ID_OFFS] ++ cmp r5, #ARM_SMCCC_QUIRK_QCOM_A6 ++ bne 1f // No quirk present ++ str r6, [r4, #ARM_SMCCC_QUIRK_STATE_OFFS] ++1: pop {r4-r7} + ldr r12, [sp, #(4 * 4)] + stm r12, {r0-r3} + bx lr +-- +2.30.2 + diff --git a/queue-5.12/block-reexpand-iov_iter-after-read-write.patch b/queue-5.12/block-reexpand-iov_iter-after-read-write.patch new file mode 100644 index 00000000000..d148897b84a --- /dev/null +++ b/queue-5.12/block-reexpand-iov_iter-after-read-write.patch @@ -0,0 +1,171 @@ +From e3eaf5b39cc252dc9b9f229e9fc90168a555b469 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 15:18:07 +0800 +Subject: block: reexpand iov_iter after read/write + +From: yangerkun + +[ Upstream commit cf7b39a0cbf6bf57aa07a008d46cf695add05b4c ] + +We get a bug: + +BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x11c/0x404 +lib/iov_iter.c:1139 +Read of size 8 at addr ffff0000d3fb11f8 by task + +CPU: 0 PID: 12582 Comm: syz-executor.2 Not tainted +5.10.0-00843-g352c8610ccd2 #2 +Hardware name: linux,dummy-virt (DT) +Call trace: + dump_backtrace+0x0/0x2d0 arch/arm64/kernel/stacktrace.c:132 + show_stack+0x28/0x34 arch/arm64/kernel/stacktrace.c:196 + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x110/0x164 lib/dump_stack.c:118 + print_address_description+0x78/0x5c8 mm/kasan/report.c:385 + __kasan_report mm/kasan/report.c:545 [inline] + kasan_report+0x148/0x1e4 mm/kasan/report.c:562 + check_memory_region_inline mm/kasan/generic.c:183 [inline] + __asan_load8+0xb4/0xbc mm/kasan/generic.c:252 + iov_iter_revert+0x11c/0x404 lib/iov_iter.c:1139 + io_read fs/io_uring.c:3421 [inline] + io_issue_sqe+0x2344/0x2d64 fs/io_uring.c:5943 + __io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260 + io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326 + io_submit_sqe fs/io_uring.c:6395 [inline] + io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624 + __do_sys_io_uring_enter fs/io_uring.c:9013 [inline] + __se_sys_io_uring_enter fs/io_uring.c:8960 [inline] + __arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960 + __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] + invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] + el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] + do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227 + el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 + el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 + el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 + +Allocated by task 12570: + stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 + kasan_save_stack mm/kasan/common.c:48 [inline] + kasan_set_track mm/kasan/common.c:56 [inline] + __kasan_kmalloc+0xdc/0x120 mm/kasan/common.c:461 + kasan_kmalloc+0xc/0x14 mm/kasan/common.c:475 + __kmalloc+0x23c/0x334 mm/slub.c:3970 + kmalloc include/linux/slab.h:557 [inline] + __io_alloc_async_data+0x68/0x9c fs/io_uring.c:3210 + io_setup_async_rw fs/io_uring.c:3229 [inline] + io_read fs/io_uring.c:3436 [inline] + io_issue_sqe+0x2954/0x2d64 fs/io_uring.c:5943 + __io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260 + io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326 + io_submit_sqe fs/io_uring.c:6395 [inline] + io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624 + __do_sys_io_uring_enter fs/io_uring.c:9013 [inline] + __se_sys_io_uring_enter fs/io_uring.c:8960 [inline] + __arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960 + __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] + invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] + el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] + do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227 + el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 + el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 + el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 + +Freed by task 12570: + stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 + kasan_save_stack mm/kasan/common.c:48 [inline] + kasan_set_track+0x38/0x6c mm/kasan/common.c:56 + kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:355 + __kasan_slab_free+0x124/0x150 mm/kasan/common.c:422 + kasan_slab_free+0x10/0x1c mm/kasan/common.c:431 + slab_free_hook mm/slub.c:1544 [inline] + slab_free_freelist_hook mm/slub.c:1577 [inline] + slab_free mm/slub.c:3142 [inline] + kfree+0x104/0x38c mm/slub.c:4124 + io_dismantle_req fs/io_uring.c:1855 [inline] + __io_free_req+0x70/0x254 fs/io_uring.c:1867 + io_put_req_find_next fs/io_uring.c:2173 [inline] + __io_queue_sqe+0x1fc/0x520 fs/io_uring.c:6279 + __io_req_task_submit+0x154/0x21c fs/io_uring.c:2051 + io_req_task_submit+0x2c/0x44 fs/io_uring.c:2063 + task_work_run+0xdc/0x128 kernel/task_work.c:151 + get_signal+0x6f8/0x980 kernel/signal.c:2562 + do_signal+0x108/0x3a4 arch/arm64/kernel/signal.c:658 + do_notify_resume+0xbc/0x25c arch/arm64/kernel/signal.c:722 + work_pending+0xc/0x180 + +blkdev_read_iter can truncate iov_iter's count since the count + pos may +exceed the size of the blkdev. This will confuse io_read that we have +consume the iovec. And once we do the iov_iter_revert in io_read, we +will trigger the slab-out-of-bounds. Fix it by reexpand the count with +size has been truncated. + +blkdev_write_iter can trigger the problem too. + +Signed-off-by: yangerkun +Acked-by: Pavel Begunkov +Link: https://lore.kernel.org/r/20210401071807.3328235-1-yangerkun@huawei.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/block_dev.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/fs/block_dev.c b/fs/block_dev.c +index 09d6f7229db9..a5a6a7930e5e 100644 +--- a/fs/block_dev.c ++++ b/fs/block_dev.c +@@ -1684,6 +1684,7 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) + struct inode *bd_inode = bdev_file_inode(file); + loff_t size = i_size_read(bd_inode); + struct blk_plug plug; ++ size_t shorted = 0; + ssize_t ret; + + if (bdev_read_only(I_BDEV(bd_inode))) +@@ -1701,12 +1702,17 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) + if ((iocb->ki_flags & (IOCB_NOWAIT | IOCB_DIRECT)) == IOCB_NOWAIT) + return -EOPNOTSUPP; + +- iov_iter_truncate(from, size - iocb->ki_pos); ++ size -= iocb->ki_pos; ++ if (iov_iter_count(from) > size) { ++ shorted = iov_iter_count(from) - size; ++ iov_iter_truncate(from, size); ++ } + + blk_start_plug(&plug); + ret = __generic_file_write_iter(iocb, from); + if (ret > 0) + ret = generic_write_sync(iocb, ret); ++ iov_iter_reexpand(from, iov_iter_count(from) + shorted); + blk_finish_plug(&plug); + return ret; + } +@@ -1718,13 +1724,21 @@ ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to) + struct inode *bd_inode = bdev_file_inode(file); + loff_t size = i_size_read(bd_inode); + loff_t pos = iocb->ki_pos; ++ size_t shorted = 0; ++ ssize_t ret; + + if (pos >= size) + return 0; + + size -= pos; +- iov_iter_truncate(to, size); +- return generic_file_read_iter(iocb, to); ++ if (iov_iter_count(to) > size) { ++ shorted = iov_iter_count(to) - size; ++ iov_iter_truncate(to, size); ++ } ++ ++ ret = generic_file_read_iter(iocb, to); ++ iov_iter_reexpand(to, iov_iter_count(to) + shorted); ++ return ret; + } + EXPORT_SYMBOL_GPL(blkdev_read_iter); + +-- +2.30.2 + diff --git a/queue-5.12/bridge-fix-possible-races-between-assigning-rx_handl.patch b/queue-5.12/bridge-fix-possible-races-between-assigning-rx_handl.patch new file mode 100644 index 00000000000..ab9e23f35de --- /dev/null +++ b/queue-5.12/bridge-fix-possible-races-between-assigning-rx_handl.patch @@ -0,0 +1,86 @@ +From 6e27240d41df3c49b71b7667cf3839e66c24bc22 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Apr 2021 22:38:14 +0800 +Subject: bridge: Fix possible races between assigning rx_handler_data and + setting IFF_BRIDGE_PORT bit + +From: Zhang Zhengming + +[ Upstream commit 59259ff7a81b9eb6213891c6451221e567f8f22f ] + +There is a crash in the function br_get_link_af_size_filtered, +as the port_exists(dev) is true and the rx_handler_data of dev is NULL. +But the rx_handler_data of dev is correct saved in vmcore. + +The oops looks something like: + ... + pc : br_get_link_af_size_filtered+0x28/0x1c8 [bridge] + ... + Call trace: + br_get_link_af_size_filtered+0x28/0x1c8 [bridge] + if_nlmsg_size+0x180/0x1b0 + rtnl_calcit.isra.12+0xf8/0x148 + rtnetlink_rcv_msg+0x334/0x370 + netlink_rcv_skb+0x64/0x130 + rtnetlink_rcv+0x28/0x38 + netlink_unicast+0x1f0/0x250 + netlink_sendmsg+0x310/0x378 + sock_sendmsg+0x4c/0x70 + __sys_sendto+0x120/0x150 + __arm64_sys_sendto+0x30/0x40 + el0_svc_common+0x78/0x130 + el0_svc_handler+0x38/0x78 + el0_svc+0x8/0xc + +In br_add_if(), we found there is no guarantee that +assigning rx_handler_data to dev->rx_handler_data +will before setting the IFF_BRIDGE_PORT bit of priv_flags. +So there is a possible data competition: + +CPU 0: CPU 1: +(RCU read lock) (RTNL lock) +rtnl_calcit() br_add_slave() + if_nlmsg_size() br_add_if() + br_get_link_af_size_filtered() -> netdev_rx_handler_register + ... + // The order is not guaranteed + ... -> dev->priv_flags |= IFF_BRIDGE_PORT; + // The IFF_BRIDGE_PORT bit of priv_flags has been set + -> if (br_port_exists(dev)) { + // The dev->rx_handler_data has NOT been assigned + -> p = br_port_get_rcu(dev); + .... + -> rcu_assign_pointer(dev->rx_handler_data, rx_handler_data); + ... + +Fix it in br_get_link_af_size_filtered, using br_port_get_check_rcu() and checking the return value. + +Signed-off-by: Zhang Zhengming +Reviewed-by: Zhao Lei +Reviewed-by: Wang Xiaogang +Suggested-by: Nikolay Aleksandrov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/bridge/br_netlink.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c +index 0456593aceec..e4e6e991313e 100644 +--- a/net/bridge/br_netlink.c ++++ b/net/bridge/br_netlink.c +@@ -103,8 +103,9 @@ static size_t br_get_link_af_size_filtered(const struct net_device *dev, + + rcu_read_lock(); + if (netif_is_bridge_port(dev)) { +- p = br_port_get_rcu(dev); +- vg = nbp_vlan_group_rcu(p); ++ p = br_port_get_check_rcu(dev); ++ if (p) ++ vg = nbp_vlan_group_rcu(p); + } else if (dev->priv_flags & IFF_EBRIDGE) { + br = netdev_priv(dev); + vg = br_vlan_group_rcu(br); +-- +2.30.2 + diff --git a/queue-5.12/ceph-don-t-allow-access-to-mds-private-inodes.patch b/queue-5.12/ceph-don-t-allow-access-to-mds-private-inodes.patch new file mode 100644 index 00000000000..a35758c8bff --- /dev/null +++ b/queue-5.12/ceph-don-t-allow-access-to-mds-private-inodes.patch @@ -0,0 +1,130 @@ +From db04478741d0b9156828c9104acf3f8475204b90 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 13:55:11 -0400 +Subject: ceph: don't allow access to MDS-private inodes + +From: Jeff Layton + +[ Upstream commit d4f6b31d721779d91b5e2f8072478af73b196c34 ] + +The MDS reserves a set of inodes for its own usage, and these should +never be accessible to clients. Add a new helper to vet a proposed +inode number against that range, and complain loudly and refuse to +create or look it up if it's in it. + +Also, ensure that the MDS doesn't try to delegate inodes that are in +that range or lower. Print a warning if it does, and don't save the +range in the xarray. + +URL: https://tracker.ceph.com/issues/49922 +Signed-off-by: Jeff Layton +Reviewed-by: Xiubo Li +Signed-off-by: Ilya Dryomov +Signed-off-by: Sasha Levin +--- + fs/ceph/export.c | 8 ++++++++ + fs/ceph/inode.c | 3 +++ + fs/ceph/mds_client.c | 7 +++++++ + fs/ceph/super.h | 24 ++++++++++++++++++++++++ + 4 files changed, 42 insertions(+) + +diff --git a/fs/ceph/export.c b/fs/ceph/export.c +index baa6368bece5..042bb4a02c0a 100644 +--- a/fs/ceph/export.c ++++ b/fs/ceph/export.c +@@ -129,6 +129,10 @@ static struct inode *__lookup_inode(struct super_block *sb, u64 ino) + + vino.ino = ino; + vino.snap = CEPH_NOSNAP; ++ ++ if (ceph_vino_is_reserved(vino)) ++ return ERR_PTR(-ESTALE); ++ + inode = ceph_find_inode(sb, vino); + if (!inode) { + struct ceph_mds_request *req; +@@ -214,6 +218,10 @@ static struct dentry *__snapfh_to_dentry(struct super_block *sb, + vino.ino = sfh->ino; + vino.snap = sfh->snapid; + } ++ ++ if (ceph_vino_is_reserved(vino)) ++ return ERR_PTR(-ESTALE); ++ + inode = ceph_find_inode(sb, vino); + if (inode) + return d_obtain_alias(inode); +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 2fd1c48ac5d7..179d2ef69a24 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -56,6 +56,9 @@ struct inode *ceph_get_inode(struct super_block *sb, struct ceph_vino vino) + { + struct inode *inode; + ++ if (ceph_vino_is_reserved(vino)) ++ return ERR_PTR(-EREMOTEIO); ++ + inode = iget5_locked(sb, (unsigned long)vino.ino, ceph_ino_compare, + ceph_set_ino_cb, &vino); + if (!inode) +diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c +index d87bd852ed96..298cb0b3d28c 100644 +--- a/fs/ceph/mds_client.c ++++ b/fs/ceph/mds_client.c +@@ -433,6 +433,13 @@ static int ceph_parse_deleg_inos(void **p, void *end, + + ceph_decode_64_safe(p, end, start, bad); + ceph_decode_64_safe(p, end, len, bad); ++ ++ /* Don't accept a delegation of system inodes */ ++ if (start < CEPH_INO_SYSTEM_BASE) { ++ pr_warn_ratelimited("ceph: ignoring reserved inode range delegation (start=0x%llx len=0x%llx)\n", ++ start, len); ++ continue; ++ } + while (len--) { + int err = xa_insert(&s->s_delegated_inos, ino = start++, + DELEGATED_INO_AVAILABLE, +diff --git a/fs/ceph/super.h b/fs/ceph/super.h +index c48bb30c8d70..1d2fe70439bd 100644 +--- a/fs/ceph/super.h ++++ b/fs/ceph/super.h +@@ -529,10 +529,34 @@ static inline int ceph_ino_compare(struct inode *inode, void *data) + ci->i_vino.snap == pvino->snap; + } + ++/* ++ * The MDS reserves a set of inodes for its own usage. These should never ++ * be accessible by clients, and so the MDS has no reason to ever hand these ++ * out. The range is CEPH_MDS_INO_MDSDIR_OFFSET..CEPH_INO_SYSTEM_BASE. ++ * ++ * These come from src/mds/mdstypes.h in the ceph sources. ++ */ ++#define CEPH_MAX_MDS 0x100 ++#define CEPH_NUM_STRAY 10 ++#define CEPH_MDS_INO_MDSDIR_OFFSET (1 * CEPH_MAX_MDS) ++#define CEPH_INO_SYSTEM_BASE ((6*CEPH_MAX_MDS) + (CEPH_MAX_MDS * CEPH_NUM_STRAY)) ++ ++static inline bool ceph_vino_is_reserved(const struct ceph_vino vino) ++{ ++ if (vino.ino < CEPH_INO_SYSTEM_BASE && ++ vino.ino >= CEPH_MDS_INO_MDSDIR_OFFSET) { ++ WARN_RATELIMIT(1, "Attempt to access reserved inode number 0x%llx", vino.ino); ++ return true; ++ } ++ return false; ++} + + static inline struct inode *ceph_find_inode(struct super_block *sb, + struct ceph_vino vino) + { ++ if (ceph_vino_is_reserved(vino)) ++ return NULL; ++ + /* + * NB: The hashval will be run through the fs/inode.c hash function + * anyway, so there is no need to squash the inode number down to +-- +2.30.2 + diff --git a/queue-5.12/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch b/queue-5.12/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch new file mode 100644 index 00000000000..ddc780f9cc3 --- /dev/null +++ b/queue-5.12/ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch @@ -0,0 +1,53 @@ +From 62fd6e2438f0a984930bc5bd403ec6d8ba6d3fb8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Mar 2021 07:38:01 -0500 +Subject: ceph: don't clobber i_snap_caps on non-I_NEW inode + +From: Jeff Layton + +[ Upstream commit d3c51ae1b8cce5bdaf91a1ce32b33cf5626075dc ] + +We want the snapdir to mirror the non-snapped directory's attributes for +most things, but i_snap_caps represents the caps granted on the snapshot +directory by the MDS itself. A misbehaving MDS could issue different +caps for the snapdir and we lose them here. + +Only reset i_snap_caps when the inode is I_NEW. Also, move the setting +of i_op and i_fop inside the if block since they should never change +anyway. + +Reported-by: Al Viro +Signed-off-by: Jeff Layton +Signed-off-by: Ilya Dryomov +Signed-off-by: Sasha Levin +--- + fs/ceph/inode.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 4418d4be2907..2fd1c48ac5d7 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -87,14 +87,15 @@ struct inode *ceph_get_snapdir(struct inode *parent) + inode->i_mtime = parent->i_mtime; + inode->i_ctime = parent->i_ctime; + inode->i_atime = parent->i_atime; +- inode->i_op = &ceph_snapdir_iops; +- inode->i_fop = &ceph_snapdir_fops; +- ci->i_snap_caps = CEPH_CAP_PIN; /* so we can open */ + ci->i_rbytes = 0; + ci->i_btime = ceph_inode(parent)->i_btime; + +- if (inode->i_state & I_NEW) ++ if (inode->i_state & I_NEW) { ++ inode->i_op = &ceph_snapdir_iops; ++ inode->i_fop = &ceph_snapdir_fops; ++ ci->i_snap_caps = CEPH_CAP_PIN; /* so we can open */ + unlock_new_inode(inode); ++ } + + return inode; + } +-- +2.30.2 + diff --git a/queue-5.12/ceph-fix-fscache-invalidation.patch b/queue-5.12/ceph-fix-fscache-invalidation.patch new file mode 100644 index 00000000000..5e764bc814a --- /dev/null +++ b/queue-5.12/ceph-fix-fscache-invalidation.patch @@ -0,0 +1,47 @@ +From ce6497ba80c7e87f31172bff87418390e7b3698f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Jan 2021 18:05:37 -0500 +Subject: ceph: fix fscache invalidation + +From: Jeff Layton + +[ Upstream commit 10a7052c7868bc7bc72d947f5aac6f768928db87 ] + +Ensure that we invalidate the fscache whenever we invalidate the +pagecache. + +Signed-off-by: Jeff Layton +Signed-off-by: Ilya Dryomov +Signed-off-by: Sasha Levin +--- + fs/ceph/caps.c | 1 + + fs/ceph/inode.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c +index 570731c4d019..d405ba801492 100644 +--- a/fs/ceph/caps.c ++++ b/fs/ceph/caps.c +@@ -1867,6 +1867,7 @@ static int try_nonblocking_invalidate(struct inode *inode) + u32 invalidating_gen = ci->i_rdcache_gen; + + spin_unlock(&ci->i_ceph_lock); ++ ceph_fscache_invalidate(inode); + invalidate_mapping_pages(&inode->i_data, 0, -1); + spin_lock(&ci->i_ceph_lock); + +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 156f849f5385..4418d4be2907 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -1863,6 +1863,7 @@ static void ceph_do_invalidate_pages(struct inode *inode) + orig_gen = ci->i_rdcache_gen; + spin_unlock(&ci->i_ceph_lock); + ++ ceph_fscache_invalidate(inode); + if (invalidate_inode_pages2(inode->i_mapping) < 0) { + pr_err("invalidate_pages %p fails\n", inode); + } +-- +2.30.2 + diff --git a/queue-5.12/dmaengine-dw-edma-fix-crash-on-loading-unloading-dri.patch b/queue-5.12/dmaengine-dw-edma-fix-crash-on-loading-unloading-dri.patch new file mode 100644 index 00000000000..665b96ffc42 --- /dev/null +++ b/queue-5.12/dmaengine-dw-edma-fix-crash-on-loading-unloading-dri.patch @@ -0,0 +1,57 @@ +From 17c5452fe1b1b59756b42a8bedd4e3cee247628d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 20:04:06 +0100 +Subject: dmaengine: dw-edma: Fix crash on loading/unloading driver + +From: Gustavo Pimentel + +[ Upstream commit e970dcc4bd8e0a1376e794fc81d41d0fc98262dd ] + +When the driver is compiled as a module and loaded if we try to unload +it, the Kernel shows a crash log. This Kernel crash is due to the +dma_async_device_unregister() call done after deleting the channels, +this patch fixes this issue. + +Signed-off-by: Gustavo Pimentel +Link: https://lore.kernel.org/r/4aa850c035cf7ee488f1d3fb6dee0e37be0dce0a.1613674948.git.gustavo.pimentel@synopsys.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/dw-edma/dw-edma-core.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/drivers/dma/dw-edma/dw-edma-core.c b/drivers/dma/dw-edma/dw-edma-core.c +index 08d71dafa001..58c8cc8fe0e1 100644 +--- a/drivers/dma/dw-edma/dw-edma-core.c ++++ b/drivers/dma/dw-edma/dw-edma-core.c +@@ -937,22 +937,21 @@ int dw_edma_remove(struct dw_edma_chip *chip) + /* Power management */ + pm_runtime_disable(dev); + ++ /* Deregister eDMA device */ ++ dma_async_device_unregister(&dw->wr_edma); + list_for_each_entry_safe(chan, _chan, &dw->wr_edma.channels, + vc.chan.device_node) { +- list_del(&chan->vc.chan.device_node); + tasklet_kill(&chan->vc.task); ++ list_del(&chan->vc.chan.device_node); + } + ++ dma_async_device_unregister(&dw->rd_edma); + list_for_each_entry_safe(chan, _chan, &dw->rd_edma.channels, + vc.chan.device_node) { +- list_del(&chan->vc.chan.device_node); + tasklet_kill(&chan->vc.task); ++ list_del(&chan->vc.chan.device_node); + } + +- /* Deregister eDMA device */ +- dma_async_device_unregister(&dw->wr_edma); +- dma_async_device_unregister(&dw->rd_edma); +- + /* Turn debugfs off */ + dw_edma_v0_core_debugfs_off(); + +-- +2.30.2 + diff --git a/queue-5.12/drm-amd-display-fix-two-cursor-duplication-when-usin.patch b/queue-5.12/drm-amd-display-fix-two-cursor-duplication-when-usin.patch new file mode 100644 index 00000000000..7c0ced5d5be --- /dev/null +++ b/queue-5.12/drm-amd-display-fix-two-cursor-duplication-when-usin.patch @@ -0,0 +1,147 @@ +From c2f23ff31704f1fd3f7edf190468e184757a1f9c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Apr 2021 20:06:04 -0400 +Subject: drm/amd/display: Fix two cursor duplication when using overlay + +From: Rodrigo Siqueira + +[ Upstream commit 16e9b3e58bc3fce7391539e0eb3fd167cbf9951f ] + +Our driver supports overlay planes, and as expected, some userspace +compositor takes advantage of these features. If the userspace is not +enabling the cursor, they can use multiple planes as they please. +Nevertheless, we start to have constraints when userspace tries to +enable hardware cursor with various planes. Basically, we cannot draw +the cursor at the same size and position on two separated pipes since it +uses extra bandwidth and DML only run with one cursor. + +For those reasons, when we enable hardware cursor and multiple planes, +our driver should accept variations like the ones described below: + + +-------------+ +--------------+ + | +---------+ | | | + | |Primary | | | Primary | + | | | | | Overlay | + | +---------+ | | | + |Overlay | | | + +-------------+ +--------------+ + +In this scenario, we can have the desktop UI in the overlay and some +other framebuffer attached to the primary plane (e.g., video). However, +userspace needs to obey some rules and avoid scenarios like the ones +described below (when enabling hw cursor): + + +--------+ + |Overlay | + +-------------+ +-----+-------+ +-| |--+ + | +--------+ | +--------+ | | +--------+ | + | |Overlay | | |Overlay | | | | + | | | | | | | | | + | +--------+ | +--------+ | | | + | Primary | | Primary | | Primary | + +-------------+ +-------------+ +-------------+ + + +-------------+ +-------------+ + | +--------+ | Primary | + | |Overlay | | | + | | | | | + | +--------+ | +--------+ | + | Primary | | |Overlay | | + +-------------+ +-| |--+ + +--------+ + +If the userspace violates some of the above scenarios, our driver needs +to reject the commit; otherwise, we can have unexpected behavior. Since +we don't have a proper driver validation for the above case, we can see +some problems like a duplicate cursor in applications that use multiple +planes. This commit fixes the cursor issue and others by adding adequate +verification for multiple planes. + +Change since V1 (Harry and Sean): +- Remove cursor verification from the equation. + +Cc: Louis Li +Cc: Nicholas Kazlauskas +Cc: Harry Wentland +Cc: Hersen Wu +Cc: Sean Paul +Signed-off-by: Rodrigo Siqueira +Reviewed-by: Harry Wentland +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + .../gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 51 +++++++++++++++++++ + 1 file changed, 51 insertions(+) + +diff --git a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +index 71e07ebc8f88..b63f55ea8758 100644 +--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c ++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c +@@ -9344,6 +9344,53 @@ static int add_affected_mst_dsc_crtcs(struct drm_atomic_state *state, struct drm + } + #endif + ++static int validate_overlay(struct drm_atomic_state *state) ++{ ++ int i; ++ struct drm_plane *plane; ++ struct drm_plane_state *old_plane_state, *new_plane_state; ++ struct drm_plane_state *primary_state, *overlay_state = NULL; ++ ++ /* Check if primary plane is contained inside overlay */ ++ for_each_oldnew_plane_in_state_reverse(state, plane, old_plane_state, new_plane_state, i) { ++ if (plane->type == DRM_PLANE_TYPE_OVERLAY) { ++ if (drm_atomic_plane_disabling(plane->state, new_plane_state)) ++ return 0; ++ ++ overlay_state = new_plane_state; ++ continue; ++ } ++ } ++ ++ /* check if we're making changes to the overlay plane */ ++ if (!overlay_state) ++ return 0; ++ ++ /* check if overlay plane is enabled */ ++ if (!overlay_state->crtc) ++ return 0; ++ ++ /* find the primary plane for the CRTC that the overlay is enabled on */ ++ primary_state = drm_atomic_get_plane_state(state, overlay_state->crtc->primary); ++ if (IS_ERR(primary_state)) ++ return PTR_ERR(primary_state); ++ ++ /* check if primary plane is enabled */ ++ if (!primary_state->crtc) ++ return 0; ++ ++ /* Perform the bounds check to ensure the overlay plane covers the primary */ ++ if (primary_state->crtc_x < overlay_state->crtc_x || ++ primary_state->crtc_y < overlay_state->crtc_y || ++ primary_state->crtc_x + primary_state->crtc_w > overlay_state->crtc_x + overlay_state->crtc_w || ++ primary_state->crtc_y + primary_state->crtc_h > overlay_state->crtc_y + overlay_state->crtc_h) { ++ DRM_DEBUG_ATOMIC("Overlay plane is enabled with hardware cursor but does not fully cover primary plane\n"); ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++ + /** + * amdgpu_dm_atomic_check() - Atomic check implementation for AMDgpu DM. + * @dev: The DRM device +@@ -9518,6 +9565,10 @@ static int amdgpu_dm_atomic_check(struct drm_device *dev, + goto fail; + } + ++ ret = validate_overlay(state); ++ if (ret) ++ goto fail; ++ + /* Add new/modified planes */ + for_each_oldnew_plane_in_state_reverse(state, plane, old_plane_state, new_plane_state, i) { + ret = dm_update_plane_state(dc, state, plane, +-- +2.30.2 + diff --git a/queue-5.12/f2fs-fix-to-avoid-null-pointer-dereference.patch b/queue-5.12/f2fs-fix-to-avoid-null-pointer-dereference.patch new file mode 100644 index 00000000000..56f763cee7a --- /dev/null +++ b/queue-5.12/f2fs-fix-to-avoid-null-pointer-dereference.patch @@ -0,0 +1,86 @@ +From 334728a3a50e6b4f24f7eb28dd6f0fbe26d4412d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Apr 2021 17:30:50 +0800 +Subject: f2fs: fix to avoid NULL pointer dereference + +From: Yi Chen + +[ Upstream commit 594b6d0428ae304e0b44457398beb458b938f005 ] + +Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 +pc : f2fs_put_page+0x1c/0x26c +lr : __revoke_inmem_pages+0x544/0x75c +f2fs_put_page+0x1c/0x26c +__revoke_inmem_pages+0x544/0x75c +__f2fs_commit_inmem_pages+0x364/0x3c0 +f2fs_commit_inmem_pages+0xc8/0x1a0 +f2fs_ioc_commit_atomic_write+0xa4/0x15c +f2fs_ioctl+0x5b0/0x1574 +file_ioctl+0x154/0x320 +do_vfs_ioctl+0x164/0x740 +__arm64_sys_ioctl+0x78/0xa4 +el0_svc_common+0xbc/0x1d0 +el0_svc_handler+0x74/0x98 +el0_svc+0x8/0xc + +In f2fs_put_page, we access page->mapping is NULL. +The root cause is: +In some cases, the page refcount and ATOMIC_WRITTEN_PAGE +flag miss set for page-priavte flag has been set. +We add f2fs_bug_on like this: + +f2fs_register_inmem_page() +{ + ... + f2fs_set_page_private(page, ATOMIC_WRITTEN_PAGE); + + f2fs_bug_on(F2FS_I_SB(inode), !IS_ATOMIC_WRITTEN_PAGE(page)); + ... +} + +The bug on stack follow link this: +PC is at f2fs_register_inmem_page+0x238/0x2b4 +LR is at f2fs_register_inmem_page+0x2a8/0x2b4 +f2fs_register_inmem_page+0x238/0x2b4 +f2fs_set_data_page_dirty+0x104/0x164 +set_page_dirty+0x78/0xc8 +f2fs_write_end+0x1b4/0x444 +generic_perform_write+0x144/0x1cc +__generic_file_write_iter+0xc4/0x174 +f2fs_file_write_iter+0x2c0/0x350 +__vfs_write+0x104/0x134 +vfs_write+0xe8/0x19c +SyS_pwrite64+0x78/0xb8 + +To fix this issue, let's add page refcount add page-priavte flag. +The page-private flag is not cleared and needs further analysis. + +Signed-off-by: Chao Yu +Signed-off-by: Ge Qiu +Signed-off-by: Dehe Gu +Signed-off-by: Yi Chen +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/segment.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/fs/f2fs/segment.c b/fs/f2fs/segment.c +index 77456d228f2a..bb6d86255741 100644 +--- a/fs/f2fs/segment.c ++++ b/fs/f2fs/segment.c +@@ -186,7 +186,10 @@ void f2fs_register_inmem_page(struct inode *inode, struct page *page) + { + struct inmem_pages *new; + +- f2fs_set_page_private(page, ATOMIC_WRITTEN_PAGE); ++ if (PagePrivate(page)) ++ set_page_private(page, (unsigned long)ATOMIC_WRITTEN_PAGE); ++ else ++ f2fs_set_page_private(page, ATOMIC_WRITTEN_PAGE); + + new = f2fs_kmem_cache_alloc(inmem_entry_slab, GFP_NOFS); + +-- +2.30.2 + diff --git a/queue-5.12/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch b/queue-5.12/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch new file mode 100644 index 00000000000..a044f661c1d --- /dev/null +++ b/queue-5.12/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch @@ -0,0 +1,57 @@ +From f6b790510d16dfe73943d4e7b8ff4c15e3502046 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 18:27:40 +0200 +Subject: gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro + 5055 + +From: Hans de Goede + +[ Upstream commit da91ece226729c76f60708efc275ebd4716ad089 ] + +Like some other Bay and Cherry Trail SoC based devices the Dell Venue +10 Pro 5055 has an embedded-controller which uses ACPI GPIO events to +report events instead of using the standard ACPI EC interface for this. + +The EC interrupt is only used to report battery-level changes and +it keeps doing this while the system is suspended, causing the system +to not stay suspended. + +Add an ignore-wake quirk for the GPIO pin used by the EC to fix the +spurious wakeups from suspend. + +Signed-off-by: Hans de Goede +Acked-by: Andy Shevchenko +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpiolib-acpi.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c +index 1aacd2a5a1fd..174839f3772f 100644 +--- a/drivers/gpio/gpiolib-acpi.c ++++ b/drivers/gpio/gpiolib-acpi.c +@@ -1438,6 +1438,20 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] __initconst = { + .no_edge_events_on_boot = true, + }, + }, ++ { ++ /* ++ * The Dell Venue 10 Pro 5055, with Bay Trail SoC + TI PMIC uses an ++ * external embedded-controller connected via I2C + an ACPI GPIO ++ * event handler on INT33FFC:02 pin 12, causing spurious wakeups. ++ */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Venue 10 Pro 5055"), ++ }, ++ .driver_data = &(struct acpi_gpiolib_dmi_quirk) { ++ .ignore_wake = "INT33FC:02@12", ++ }, ++ }, + { + /* + * HP X2 10 models with Cherry Trail SoC + TI PMIC use an +-- +2.30.2 + diff --git a/queue-5.12/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch b/queue-5.12/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch new file mode 100644 index 00000000000..12808856d93 --- /dev/null +++ b/queue-5.12/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch @@ -0,0 +1,132 @@ +From 667358238f81e494c1922282c4fd6fd1ae50a063 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Apr 2021 22:29:07 -0700 +Subject: Input: elants_i2c - do not bind to i2c-hid compatible ACPI + instantiated devices + +From: Hans de Goede + +[ Upstream commit 65299e8bfb24774e6340e93ae49f6626598917c8 ] + +Several users have been reporting that elants_i2c gives several errors +during probe and that their touchscreen does not work on their Lenovo AMD +based laptops with a touchscreen with a ELAN0001 ACPI hardware-id: + +[ 0.550596] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vcc33 not found, using dummy regulator +[ 0.551836] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vccio not found, using dummy regulator +[ 0.560932] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.562427] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.595925] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.597974] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.621893] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.622504] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.632650] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (4d 61 69 6e): -121 +[ 0.634256] elants_i2c i2c-ELAN0001:00: boot failed: -121 +[ 0.699212] elants_i2c i2c-ELAN0001:00: invalid 'hello' packet: 00 00 ff ff +[ 1.630506] elants_i2c i2c-ELAN0001:00: Failed to read fw id: -121 +[ 1.645508] elants_i2c i2c-ELAN0001:00: unknown packet 00 00 ff ff + +Despite these errors, the elants_i2c driver stays bound to the device +(it returns 0 from its probe method despite the errors), blocking the +i2c-hid driver from binding. + +Manually unbinding the elants_i2c driver and binding the i2c-hid driver +makes the touchscreen work. + +Check if the ACPI-fwnode for the touchscreen contains one of the i2c-hid +compatiblity-id strings and if it has the I2C-HID spec's DSM to get the +HID descriptor address, If it has both then make elants_i2c not bind, +so that the i2c-hid driver can bind. + +This assumes that non of the (older) elan touchscreens which actually +need the elants_i2c driver falsely advertise an i2c-hid compatiblity-id ++ DSM in their ACPI-fwnodes. If some of them actually do have this +false advertising, then this change may lead to regressions. + +While at it also drop the unnecessary DEVICE_NAME prefixing of the +"I2C check functionality error", dev_err already outputs the driver-name. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207759 +Acked-by: Benjamin Tissoires +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210405202756.16830-1-hdegoede@redhat.com + +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/touchscreen/elants_i2c.c | 44 ++++++++++++++++++++++++-- + 1 file changed, 42 insertions(+), 2 deletions(-) + +diff --git a/drivers/input/touchscreen/elants_i2c.c b/drivers/input/touchscreen/elants_i2c.c +index 5f7706febcb0..17540bdb1eaf 100644 +--- a/drivers/input/touchscreen/elants_i2c.c ++++ b/drivers/input/touchscreen/elants_i2c.c +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + #include + + /* Device, Driver information */ +@@ -1334,6 +1335,40 @@ static void elants_i2c_power_off(void *_data) + } + } + ++#ifdef CONFIG_ACPI ++static const struct acpi_device_id i2c_hid_ids[] = { ++ {"ACPI0C50", 0 }, ++ {"PNP0C50", 0 }, ++ { }, ++}; ++ ++static const guid_t i2c_hid_guid = ++ GUID_INIT(0x3CDFF6F7, 0x4267, 0x4555, ++ 0xAD, 0x05, 0xB3, 0x0A, 0x3D, 0x89, 0x38, 0xDE); ++ ++static bool elants_acpi_is_hid_device(struct device *dev) ++{ ++ acpi_handle handle = ACPI_HANDLE(dev); ++ union acpi_object *obj; ++ ++ if (acpi_match_device_ids(ACPI_COMPANION(dev), i2c_hid_ids)) ++ return false; ++ ++ obj = acpi_evaluate_dsm_typed(handle, &i2c_hid_guid, 1, 1, NULL, ACPI_TYPE_INTEGER); ++ if (obj) { ++ ACPI_FREE(obj); ++ return true; ++ } ++ ++ return false; ++} ++#else ++static bool elants_acpi_is_hid_device(struct device *dev) ++{ ++ return false; ++} ++#endif ++ + static int elants_i2c_probe(struct i2c_client *client, + const struct i2c_device_id *id) + { +@@ -1342,9 +1377,14 @@ static int elants_i2c_probe(struct i2c_client *client, + unsigned long irqflags; + int error; + ++ /* Don't bind to i2c-hid compatible devices, these are handled by the i2c-hid drv. */ ++ if (elants_acpi_is_hid_device(&client->dev)) { ++ dev_warn(&client->dev, "This device appears to be an I2C-HID device, not binding\n"); ++ return -ENODEV; ++ } ++ + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { +- dev_err(&client->dev, +- "%s: i2c check functionality error\n", DEVICE_NAME); ++ dev_err(&client->dev, "I2C check functionality error\n"); + return -ENXIO; + } + +-- +2.30.2 + diff --git a/queue-5.12/input-silead-add-workaround-for-x86-bios-es-which-br.patch b/queue-5.12/input-silead-add-workaround-for-x86-bios-es-which-br.patch new file mode 100644 index 00000000000..d26b14abddd --- /dev/null +++ b/queue-5.12/input-silead-add-workaround-for-x86-bios-es-which-br.patch @@ -0,0 +1,128 @@ +From 95b4eec38d472c7e3958742d6b34f0fcd7a8a8dc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Apr 2021 22:29:49 -0700 +Subject: Input: silead - add workaround for x86 BIOS-es which bring the chip + up in a stuck state + +From: Hans de Goede + +[ Upstream commit e479187748a8f151a85116a7091c599b121fdea5 ] + +Some buggy BIOS-es bring up the touchscreen-controller in a stuck +state where it blocks the I2C bus. Specifically this happens on +the Jumper EZpad 7 tablet model. + +After much poking at this problem I have found that the following steps +are necessary to unstuck the chip / bus: + +1. Turn off the Silead chip. +2. Try to do an I2C transfer with the chip, this will fail in response to + which the I2C-bus-driver will call: i2c_recover_bus() which will unstuck + the I2C-bus. Note the unstuck-ing of the I2C bus only works if we first + drop the chip of the bus by turning it off. +3. Turn the chip back on. + +On the x86/ACPI systems were this problem is seen, step 1. and 3. require +making ACPI calls and dealing with ACPI Power Resources. This commit adds +a workaround which runtime-suspends the chip to turn it off, leaving it up +to the ACPI subsystem to deal with all the ACPI specific details. + +There is no good way to detect this bug, so the workaround gets activated +by a new "silead,stuck-controller-bug" boolean device-property. Since this +is only used on x86/ACPI, this will be set by model specific device-props +set by drivers/platform/x86/touchscreen_dmi.c. Therefor this new +device-property is not documented in the DT-bindings. + +Dmesg will contain the following messages on systems where the workaround +is activated: + +[ 54.309029] silead_ts i2c-MSSL1680:00: [Firmware Bug]: Stuck I2C bus: please ignore the next 'controller timed out' error +[ 55.373593] i2c_designware 808622C1:04: controller timed out +[ 55.582186] silead_ts i2c-MSSL1680:00: Silead chip ID: 0x80360000 + +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210405202745.16777-1-hdegoede@redhat.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/touchscreen/silead.c | 44 +++++++++++++++++++++++++++--- + 1 file changed, 40 insertions(+), 4 deletions(-) + +diff --git a/drivers/input/touchscreen/silead.c b/drivers/input/touchscreen/silead.c +index 8fa2f3b7cfd8..e8b6c3137420 100644 +--- a/drivers/input/touchscreen/silead.c ++++ b/drivers/input/touchscreen/silead.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -335,10 +336,8 @@ static int silead_ts_get_id(struct i2c_client *client) + + error = i2c_smbus_read_i2c_block_data(client, SILEAD_REG_ID, + sizeof(chip_id), (u8 *)&chip_id); +- if (error < 0) { +- dev_err(&client->dev, "Chip ID read error %d\n", error); ++ if (error < 0) + return error; +- } + + data->chip_id = le32_to_cpu(chip_id); + dev_info(&client->dev, "Silead chip ID: 0x%8X", data->chip_id); +@@ -351,12 +350,49 @@ static int silead_ts_setup(struct i2c_client *client) + int error; + u32 status; + ++ /* ++ * Some buggy BIOS-es bring up the chip in a stuck state where it ++ * blocks the I2C bus. The following steps are necessary to ++ * unstuck the chip / bus: ++ * 1. Turn off the Silead chip. ++ * 2. Try to do an I2C transfer with the chip, this will fail in ++ * response to which the I2C-bus-driver will call: ++ * i2c_recover_bus() which will unstuck the I2C-bus. Note the ++ * unstuck-ing of the I2C bus only works if we first drop the ++ * chip off the bus by turning it off. ++ * 3. Turn the chip back on. ++ * ++ * On the x86/ACPI systems were this problem is seen, step 1. and ++ * 3. require making ACPI calls and dealing with ACPI Power ++ * Resources. The workaround below runtime-suspends the chip to ++ * turn it off, leaving it up to the ACPI subsystem to deal with ++ * this. ++ */ ++ ++ if (device_property_read_bool(&client->dev, ++ "silead,stuck-controller-bug")) { ++ pm_runtime_set_active(&client->dev); ++ pm_runtime_enable(&client->dev); ++ pm_runtime_allow(&client->dev); ++ ++ pm_runtime_suspend(&client->dev); ++ ++ dev_warn(&client->dev, FW_BUG "Stuck I2C bus: please ignore the next 'controller timed out' error\n"); ++ silead_ts_get_id(client); ++ ++ /* The forbid will also resume the device */ ++ pm_runtime_forbid(&client->dev); ++ pm_runtime_disable(&client->dev); ++ } ++ + silead_ts_set_power(client, SILEAD_POWER_OFF); + silead_ts_set_power(client, SILEAD_POWER_ON); + + error = silead_ts_get_id(client); +- if (error) ++ if (error) { ++ dev_err(&client->dev, "Chip ID read error %d\n", error); + return error; ++ } + + error = silead_ts_init(client); + if (error) +-- +2.30.2 + diff --git a/queue-5.12/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch b/queue-5.12/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch new file mode 100644 index 00000000000..5bdaa3e2aff --- /dev/null +++ b/queue-5.12/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch @@ -0,0 +1,80 @@ +From dde402bdb025061dd8cb24f62560bfb1e46f2ade Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 May 2021 18:03:40 -0700 +Subject: lib: stackdepot: turn depot_lock spinlock to raw_spinlock + +From: Zqiang + +[ Upstream commit 78564b9434878d686c5f88c4488b20cccbcc42bc ] + +In RT system, the spin_lock will be replaced by sleepable rt_mutex lock, +in __call_rcu(), disable interrupts before calling +kasan_record_aux_stack(), will trigger this calltrace: + + BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:951 + in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 19, name: pgdatinit0 + Call Trace: + ___might_sleep.cold+0x1b2/0x1f1 + rt_spin_lock+0x3b/0xb0 + stack_depot_save+0x1b9/0x440 + kasan_save_stack+0x32/0x40 + kasan_record_aux_stack+0xa5/0xb0 + __call_rcu+0x117/0x880 + __exit_signal+0xafb/0x1180 + release_task+0x1d6/0x480 + exit_notify+0x303/0x750 + do_exit+0x678/0xcf0 + kthread+0x364/0x4f0 + ret_from_fork+0x22/0x30 + +Replace spinlock with raw_spinlock. + +Link: https://lkml.kernel.org/r/20210329084009.27013-1-qiang.zhang@windriver.com +Signed-off-by: Zqiang +Reported-by: Andrew Halaney +Cc: Alexander Potapenko +Cc: Gustavo A. R. Silva +Cc: Vijayanand Jitta +Cc: Vinayak Menon +Cc: Yogesh Lal +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + lib/stackdepot.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/stackdepot.c b/lib/stackdepot.c +index 49f67a0c6e5d..df9179f4f441 100644 +--- a/lib/stackdepot.c ++++ b/lib/stackdepot.c +@@ -71,7 +71,7 @@ static void *stack_slabs[STACK_ALLOC_MAX_SLABS]; + static int depot_index; + static int next_slab_inited; + static size_t depot_offset; +-static DEFINE_SPINLOCK(depot_lock); ++static DEFINE_RAW_SPINLOCK(depot_lock); + + static bool init_stack_slab(void **prealloc) + { +@@ -305,7 +305,7 @@ depot_stack_handle_t stack_depot_save(unsigned long *entries, + prealloc = page_address(page); + } + +- spin_lock_irqsave(&depot_lock, flags); ++ raw_spin_lock_irqsave(&depot_lock, flags); + + found = find_stack(*bucket, entries, nr_entries, hash); + if (!found) { +@@ -329,7 +329,7 @@ depot_stack_handle_t stack_depot_save(unsigned long *entries, + WARN_ON(!init_stack_slab(&prealloc)); + } + +- spin_unlock_irqrestore(&depot_lock, flags); ++ raw_spin_unlock_irqrestore(&depot_lock, flags); + exit: + if (prealloc) { + /* Nobody used this memory, ok to free it. */ +-- +2.30.2 + diff --git a/queue-5.12/net-cxgb4-fix-leak-if-sk_buff-is-not-used.patch b/queue-5.12/net-cxgb4-fix-leak-if-sk_buff-is-not-used.patch new file mode 100644 index 00000000000..2027bd9aff9 --- /dev/null +++ b/queue-5.12/net-cxgb4-fix-leak-if-sk_buff-is-not-used.patch @@ -0,0 +1,73 @@ +From 0a309f71e5e6e2e901ba98c4ba6f4ebeb3cfef6e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 5 May 2021 14:54:50 +0200 +Subject: net:CXGB4: fix leak if sk_buff is not used +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Íñigo Huguet + +[ Upstream commit 52bfcdd87e83d9e69d22da5f26b1512ffc81deed ] + +An sk_buff is allocated to send a flow control message, but it's not +sent in all cases: in case the state is not appropiate to send it or if +it can't be enqueued. + +In the first of these 2 cases, the sk_buff was discarded but not freed, +producing a memory leak. + +Signed-off-by: Íñigo Huguet +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/chelsio/cxgb4/sge.c | 16 +++++++++------- + 1 file changed, 9 insertions(+), 7 deletions(-) + +diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c +index 256fae15e032..1e5f2edb70cf 100644 +--- a/drivers/net/ethernet/chelsio/cxgb4/sge.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c +@@ -2563,12 +2563,12 @@ int cxgb4_ethofld_send_flowc(struct net_device *dev, u32 eotid, u32 tc) + spin_lock_bh(&eosw_txq->lock); + if (tc != FW_SCHED_CLS_NONE) { + if (eosw_txq->state != CXGB4_EO_STATE_CLOSED) +- goto out_unlock; ++ goto out_free_skb; + + next_state = CXGB4_EO_STATE_FLOWC_OPEN_SEND; + } else { + if (eosw_txq->state != CXGB4_EO_STATE_ACTIVE) +- goto out_unlock; ++ goto out_free_skb; + + next_state = CXGB4_EO_STATE_FLOWC_CLOSE_SEND; + } +@@ -2604,17 +2604,19 @@ int cxgb4_ethofld_send_flowc(struct net_device *dev, u32 eotid, u32 tc) + eosw_txq_flush_pending_skbs(eosw_txq); + + ret = eosw_txq_enqueue(eosw_txq, skb); +- if (ret) { +- dev_consume_skb_any(skb); +- goto out_unlock; +- } ++ if (ret) ++ goto out_free_skb; + + eosw_txq->state = next_state; + eosw_txq->flowc_idx = eosw_txq->pidx; + eosw_txq_advance(eosw_txq, 1); + ethofld_xmit(dev, eosw_txq); + +-out_unlock: ++ spin_unlock_bh(&eosw_txq->lock); ++ return 0; ++ ++out_free_skb: ++ dev_consume_skb_any(skb); + spin_unlock_bh(&eosw_txq->lock); + return ret; + } +-- +2.30.2 + diff --git a/queue-5.12/net-hsr-check-skb-can-contain-struct-hsr_ethhdr-in-f.patch b/queue-5.12/net-hsr-check-skb-can-contain-struct-hsr_ethhdr-in-f.patch new file mode 100644 index 00000000000..7e5fe29101e --- /dev/null +++ b/queue-5.12/net-hsr-check-skb-can-contain-struct-hsr_ethhdr-in-f.patch @@ -0,0 +1,42 @@ +From 885b82134cee5d30eb2cccda906bb4d29b279f9e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 2 May 2021 22:34:42 +0100 +Subject: net: hsr: check skb can contain struct hsr_ethhdr in fill_frame_info + +From: Phillip Potter + +[ Upstream commit 2e9f60932a2c19e8a11b4a69d419f107024b05a0 ] + +Check at start of fill_frame_info that the MAC header in the supplied +skb is large enough to fit a struct hsr_ethhdr, as otherwise this is +not a valid HSR frame. If it is too small, return an error which will +then cause the callers to clean up the skb. Fixes a KMSAN-found +uninit-value bug reported by syzbot at: +https://syzkaller.appspot.com/bug?id=f7e9b601f1414f814f7602a82b6619a8d80bce3f + +Reported-by: syzbot+e267bed19bfc5478fb33@syzkaller.appspotmail.com +Signed-off-by: Phillip Potter +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/hsr/hsr_forward.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/net/hsr/hsr_forward.c b/net/hsr/hsr_forward.c +index b218e4594009..6852e9bccf5b 100644 +--- a/net/hsr/hsr_forward.c ++++ b/net/hsr/hsr_forward.c +@@ -520,6 +520,10 @@ static int fill_frame_info(struct hsr_frame_info *frame, + struct ethhdr *ethhdr; + __be16 proto; + ++ /* Check if skb contains hsr_ethhdr */ ++ if (skb->mac_len < sizeof(struct hsr_ethhdr)) ++ return -EINVAL; ++ + memset(frame, 0, sizeof(*frame)); + frame->is_supervision = is_supervision_frame(port->hsr, skb); + frame->node_src = hsr_get_node(port, &hsr->node_db, skb, +-- +2.30.2 + diff --git a/queue-5.12/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch b/queue-5.12/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch new file mode 100644 index 00000000000..15f9492c91e --- /dev/null +++ b/queue-5.12/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch @@ -0,0 +1,94 @@ +From 85725a2acaf39f99be02d1030c3ba25e059e0366 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 May 2021 16:33:12 +0200 +Subject: net: stmmac: Do not enable RX FIFO overflow interrupts + +From: Yannick Vignon + +[ Upstream commit 8a7cb245cf28cb3e541e0d6c8624b95d079e155b ] + +The RX FIFO overflows when the system is not able to process all received +packets and they start accumulating (first in the DMA queue in memory, +then in the FIFO). An interrupt is then raised for each overflowing packet +and handled in stmmac_interrupt(). This is counter-productive, since it +brings the system (or more likely, one CPU core) to its knees to process +the FIFO overflow interrupts. + +stmmac_interrupt() handles overflow interrupts by writing the rx tail ptr +into the corresponding hardware register (according to the MAC spec, this +has the effect of restarting the MAC DMA). However, without freeing any rx +descriptors, the DMA stops right away, and another overflow interrupt is +raised as the FIFO overflows again. Since the DMA is already restarted at +the end of stmmac_rx_refill() after freeing descriptors, disabling FIFO +overflow interrupts and the corresponding handling code has no side effect, +and eliminates the interrupt storm when the RX FIFO overflows. + +Signed-off-by: Yannick Vignon +Link: https://lore.kernel.org/r/20210506143312.20784-1-yannick.vignon@oss.nxp.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 7 +------ + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 ++------------ + 2 files changed, 3 insertions(+), 18 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +index 62aa0e95beb7..a7249e4071f1 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +@@ -222,7 +222,7 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode, + u32 channel, int fifosz, u8 qmode) + { + unsigned int rqs = fifosz / 256 - 1; +- u32 mtl_rx_op, mtl_rx_int; ++ u32 mtl_rx_op; + + mtl_rx_op = readl(ioaddr + MTL_CHAN_RX_OP_MODE(channel)); + +@@ -283,11 +283,6 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode, + } + + writel(mtl_rx_op, ioaddr + MTL_CHAN_RX_OP_MODE(channel)); +- +- /* Enable MTL RX overflow */ +- mtl_rx_int = readl(ioaddr + MTL_CHAN_INT_CTRL(channel)); +- writel(mtl_rx_int | MTL_RX_OVERFLOW_INT_EN, +- ioaddr + MTL_CHAN_INT_CTRL(channel)); + } + + static void dwmac4_dma_tx_chan_op_mode(void __iomem *ioaddr, int mode, +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index c6f24abf6432..369d7cde3993 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -4168,7 +4168,6 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id) + /* To handle GMAC own interrupts */ + if ((priv->plat->has_gmac) || xmac) { + int status = stmmac_host_irq_status(priv, priv->hw, &priv->xstats); +- int mtl_status; + + if (unlikely(status)) { + /* For LPI we need to save the tx status */ +@@ -4179,17 +4178,8 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id) + } + + for (queue = 0; queue < queues_count; queue++) { +- struct stmmac_rx_queue *rx_q = &priv->rx_queue[queue]; +- +- mtl_status = stmmac_host_mtl_irq_status(priv, priv->hw, +- queue); +- if (mtl_status != -EINVAL) +- status |= mtl_status; +- +- if (status & CORE_IRQ_MTL_RX_OVERFLOW) +- stmmac_set_rx_tail_ptr(priv, priv->ioaddr, +- rx_q->rx_tail_addr, +- queue); ++ status = stmmac_host_mtl_irq_status(priv, priv->hw, ++ queue); + } + + /* PCS link status */ +-- +2.30.2 + diff --git a/queue-5.12/nfs-fix-fscache-invalidation-in-nfs_set_cache_invali.patch b/queue-5.12/nfs-fix-fscache-invalidation-in-nfs_set_cache_invali.patch new file mode 100644 index 00000000000..93a48a385a5 --- /dev/null +++ b/queue-5.12/nfs-fix-fscache-invalidation-in-nfs_set_cache_invali.patch @@ -0,0 +1,39 @@ +From 0dd0433dbf3184016bc72b99632f2fa1892d6705 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Mar 2021 16:23:39 -0400 +Subject: NFS: Fix fscache invalidation in nfs_set_cache_invalid() + +From: Trond Myklebust + +[ Upstream commit beab450d8ea93cdf4c6cb7714bdc31a9e0f34738 ] + +Ensure that we invalidate the fscache before we strip the +NFS_INO_INVALID_DATA flag. + +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/inode.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c +index 7cfeee3eeef7..8de5b3b9da91 100644 +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -223,11 +223,11 @@ void nfs_set_cache_invalid(struct inode *inode, unsigned long flags) + + if (!nfs_has_xattr_cache(nfsi)) + flags &= ~NFS_INO_INVALID_XATTR; ++ if (flags & NFS_INO_INVALID_DATA) ++ nfs_fscache_invalidate(inode); + if (inode->i_mapping->nrpages == 0) + flags &= ~(NFS_INO_INVALID_DATA|NFS_INO_DATA_INVAL_DEFER); + nfsi->cache_validity |= flags; +- if (flags & NFS_INO_INVALID_DATA) +- nfs_fscache_invalidate(inode); + } + EXPORT_SYMBOL_GPL(nfs_set_cache_invalid); + +-- +2.30.2 + diff --git a/queue-5.12/nfs-nfs_ino_reval_pagecache-should-mark-the-change-a.patch b/queue-5.12/nfs-nfs_ino_reval_pagecache-should-mark-the-change-a.patch new file mode 100644 index 00000000000..7756c60c99b --- /dev/null +++ b/queue-5.12/nfs-nfs_ino_reval_pagecache-should-mark-the-change-a.patch @@ -0,0 +1,35 @@ +From ffa6f942a0a1abb7dcc7302fcceb29dad2f6e35f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 20:46:36 -0400 +Subject: NFS: NFS_INO_REVAL_PAGECACHE should mark the change attribute invalid + +From: Trond Myklebust + +[ Upstream commit 50c7a7994dd20af56e4d47e90af10bab71b71001 ] + +When we're looking to revalidate the page cache, we should just ensure +that we mark the change attribute invalid. + +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/inode.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c +index 8de5b3b9da91..ae8bc84e39fb 100644 +--- a/fs/nfs/inode.c ++++ b/fs/nfs/inode.c +@@ -219,7 +219,8 @@ void nfs_set_cache_invalid(struct inode *inode, unsigned long flags) + | NFS_INO_INVALID_SIZE + | NFS_INO_REVAL_PAGECACHE + | NFS_INO_INVALID_XATTR); +- } ++ } else if (flags & NFS_INO_REVAL_PAGECACHE) ++ flags |= NFS_INO_INVALID_CHANGE | NFS_INO_INVALID_SIZE; + + if (!nfs_has_xattr_cache(nfsi)) + flags &= ~NFS_INO_INVALID_XATTR; +-- +2.30.2 + diff --git a/queue-5.12/nvmet-remove-unsupported-command-noise.patch b/queue-5.12/nvmet-remove-unsupported-command-noise.patch new file mode 100644 index 00000000000..f4cd1b6124f --- /dev/null +++ b/queue-5.12/nvmet-remove-unsupported-command-noise.patch @@ -0,0 +1,58 @@ +From 8140b48219f5ef6f2597363ddbd77f581e6f88b3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 28 Apr 2021 21:25:58 -0700 +Subject: nvmet: remove unsupported command noise + +From: Keith Busch + +[ Upstream commit 4a20342572f66c5b20a1ee680f5ac0a13703748f ] + +Nothing can stop a host from submitting invalid commands. The target +just needs to respond with an appropriate status, but that's not a +target error. Demote invalid command messages to the debug level so +these events don't spam the kernel logs. + +Reported-by: Yi Zhang +Signed-off-by: Keith Busch +Reviewed-by: Klaus Jensen +Reviewed-by: Chaitanya Kulkarni +Signed-off-by: Christoph Hellwig +Signed-off-by: Sasha Levin +--- + drivers/nvme/target/admin-cmd.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/nvme/target/admin-cmd.c b/drivers/nvme/target/admin-cmd.c +index 81224447605b..5a1ab49908c3 100644 +--- a/drivers/nvme/target/admin-cmd.c ++++ b/drivers/nvme/target/admin-cmd.c +@@ -307,7 +307,7 @@ static void nvmet_execute_get_log_page(struct nvmet_req *req) + case NVME_LOG_ANA: + return nvmet_execute_get_log_page_ana(req); + } +- pr_err("unhandled lid %d on qid %d\n", ++ pr_debug("unhandled lid %d on qid %d\n", + req->cmd->get_log_page.lid, req->sq->qid); + req->error_loc = offsetof(struct nvme_get_log_page_command, lid); + nvmet_req_complete(req, NVME_SC_INVALID_FIELD | NVME_SC_DNR); +@@ -659,7 +659,7 @@ static void nvmet_execute_identify(struct nvmet_req *req) + return nvmet_execute_identify_desclist(req); + } + +- pr_err("unhandled identify cns %d on qid %d\n", ++ pr_debug("unhandled identify cns %d on qid %d\n", + req->cmd->identify.cns, req->sq->qid); + req->error_loc = offsetof(struct nvme_identify, cns); + nvmet_req_complete(req, NVME_SC_INVALID_FIELD | NVME_SC_DNR); +@@ -977,7 +977,7 @@ u16 nvmet_parse_admin_cmd(struct nvmet_req *req) + return 0; + } + +- pr_err("unhandled cmd %d on qid %d\n", cmd->common.opcode, ++ pr_debug("unhandled cmd %d on qid %d\n", cmd->common.opcode, + req->sq->qid); + req->error_loc = offsetof(struct nvme_common_command, opcode); + return NVME_SC_INVALID_OPCODE | NVME_SC_DNR; +-- +2.30.2 + diff --git a/queue-5.12/pci-tegra-add-tegra194-mcfg-quirks-for-ecam-errata.patch b/queue-5.12/pci-tegra-add-tegra194-mcfg-quirks-for-ecam-errata.patch new file mode 100644 index 00000000000..1ebe2451b8d --- /dev/null +++ b/queue-5.12/pci-tegra-add-tegra194-mcfg-quirks-for-ecam-errata.patch @@ -0,0 +1,208 @@ +From d54f73f64c682b69410aee5c484298458d2c8ba6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 16 Apr 2021 19:15:37 +0530 +Subject: PCI: tegra: Add Tegra194 MCFG quirks for ECAM errata + +From: Vidya Sagar + +[ Upstream commit 7f100744749e4fe547dece3bb6557fae5f0a7252 ] + +The PCIe controller in Tegra194 SoC is not ECAM-compliant. With the +current hardware design, ECAM can be enabled only for one controller (the +C5 controller) with bus numbers starting from 160 instead of 0. A different +approach is taken to avoid this abnormal way of enabling ECAM for just one +controller but to enable configuration space access for all the other +controllers. In this approach, ops are added through MCFG quirk mechanism +which access the configuration spaces by dynamically programming iATU +(internal AddressTranslation Unit) to generate respective configuration +accesses just like the way it is done in DesignWare core sub-system. + +This issue is specific to Tegra194 and it would be fixed in the future +generations of Tegra SoCs. + +Link: https://lore.kernel.org/r/20210416134537.19474-1-vidyas@nvidia.com +Signed-off-by: Vidya Sagar +Signed-off-by: Bjorn Helgaas +Signed-off-by: Sasha Levin +--- + drivers/acpi/pci_mcfg.c | 7 ++ + drivers/pci/controller/dwc/Makefile | 2 +- + drivers/pci/controller/dwc/pcie-tegra194.c | 102 +++++++++++++++++++++ + include/linux/pci-ecam.h | 1 + + 4 files changed, 111 insertions(+), 1 deletion(-) + +diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c +index 95f23acd5b80..53cab975f612 100644 +--- a/drivers/acpi/pci_mcfg.c ++++ b/drivers/acpi/pci_mcfg.c +@@ -116,6 +116,13 @@ static struct mcfg_fixup mcfg_quirks[] = { + THUNDER_ECAM_QUIRK(2, 12), + THUNDER_ECAM_QUIRK(2, 13), + ++ { "NVIDIA", "TEGRA194", 1, 0, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ { "NVIDIA", "TEGRA194", 1, 1, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ { "NVIDIA", "TEGRA194", 1, 2, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ { "NVIDIA", "TEGRA194", 1, 3, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ { "NVIDIA", "TEGRA194", 1, 4, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ { "NVIDIA", "TEGRA194", 1, 5, MCFG_BUS_ANY, &tegra194_pcie_ops}, ++ + #define XGENE_V1_ECAM_MCFG(rev, seg) \ + {"APM ", "XGENE ", rev, seg, MCFG_BUS_ANY, \ + &xgene_v1_pcie_ecam_ops } +diff --git a/drivers/pci/controller/dwc/Makefile b/drivers/pci/controller/dwc/Makefile +index a751553fa0db..dbb981876556 100644 +--- a/drivers/pci/controller/dwc/Makefile ++++ b/drivers/pci/controller/dwc/Makefile +@@ -17,7 +17,6 @@ obj-$(CONFIG_PCIE_INTEL_GW) += pcie-intel-gw.o + obj-$(CONFIG_PCIE_KIRIN) += pcie-kirin.o + obj-$(CONFIG_PCIE_HISI_STB) += pcie-histb.o + obj-$(CONFIG_PCI_MESON) += pci-meson.o +-obj-$(CONFIG_PCIE_TEGRA194) += pcie-tegra194.o + obj-$(CONFIG_PCIE_UNIPHIER) += pcie-uniphier.o + obj-$(CONFIG_PCIE_UNIPHIER_EP) += pcie-uniphier-ep.o + +@@ -34,4 +33,5 @@ obj-$(CONFIG_PCIE_UNIPHIER_EP) += pcie-uniphier-ep.o + ifdef CONFIG_PCI + obj-$(CONFIG_ARM64) += pcie-al.o + obj-$(CONFIG_ARM64) += pcie-hisi.o ++obj-$(CONFIG_ARM64) += pcie-tegra194.o + endif +diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c +index 0e94190ca4e8..926a8def2e26 100644 +--- a/drivers/pci/controller/dwc/pcie-tegra194.c ++++ b/drivers/pci/controller/dwc/pcie-tegra194.c +@@ -22,6 +22,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include +@@ -311,6 +313,104 @@ struct tegra_pcie_dw_of_data { + enum dw_pcie_device_mode mode; + }; + ++#if defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS) ++struct tegra194_pcie_ecam { ++ void __iomem *config_base; ++ void __iomem *iatu_base; ++ void __iomem *dbi_base; ++}; ++ ++static int tegra194_acpi_init(struct pci_config_window *cfg) ++{ ++ struct device *dev = cfg->parent; ++ struct tegra194_pcie_ecam *pcie_ecam; ++ ++ pcie_ecam = devm_kzalloc(dev, sizeof(*pcie_ecam), GFP_KERNEL); ++ if (!pcie_ecam) ++ return -ENOMEM; ++ ++ pcie_ecam->config_base = cfg->win; ++ pcie_ecam->iatu_base = cfg->win + SZ_256K; ++ pcie_ecam->dbi_base = cfg->win + SZ_512K; ++ cfg->priv = pcie_ecam; ++ ++ return 0; ++} ++ ++static void atu_reg_write(struct tegra194_pcie_ecam *pcie_ecam, int index, ++ u32 val, u32 reg) ++{ ++ u32 offset = PCIE_GET_ATU_OUTB_UNR_REG_OFFSET(index); ++ ++ writel(val, pcie_ecam->iatu_base + offset + reg); ++} ++ ++static void program_outbound_atu(struct tegra194_pcie_ecam *pcie_ecam, ++ int index, int type, u64 cpu_addr, ++ u64 pci_addr, u64 size) ++{ ++ atu_reg_write(pcie_ecam, index, lower_32_bits(cpu_addr), ++ PCIE_ATU_LOWER_BASE); ++ atu_reg_write(pcie_ecam, index, upper_32_bits(cpu_addr), ++ PCIE_ATU_UPPER_BASE); ++ atu_reg_write(pcie_ecam, index, lower_32_bits(pci_addr), ++ PCIE_ATU_LOWER_TARGET); ++ atu_reg_write(pcie_ecam, index, lower_32_bits(cpu_addr + size - 1), ++ PCIE_ATU_LIMIT); ++ atu_reg_write(pcie_ecam, index, upper_32_bits(pci_addr), ++ PCIE_ATU_UPPER_TARGET); ++ atu_reg_write(pcie_ecam, index, type, PCIE_ATU_CR1); ++ atu_reg_write(pcie_ecam, index, PCIE_ATU_ENABLE, PCIE_ATU_CR2); ++} ++ ++static void __iomem *tegra194_map_bus(struct pci_bus *bus, ++ unsigned int devfn, int where) ++{ ++ struct pci_config_window *cfg = bus->sysdata; ++ struct tegra194_pcie_ecam *pcie_ecam = cfg->priv; ++ u32 busdev; ++ int type; ++ ++ if (bus->number < cfg->busr.start || bus->number > cfg->busr.end) ++ return NULL; ++ ++ if (bus->number == cfg->busr.start) { ++ if (PCI_SLOT(devfn) == 0) ++ return pcie_ecam->dbi_base + where; ++ else ++ return NULL; ++ } ++ ++ busdev = PCIE_ATU_BUS(bus->number) | PCIE_ATU_DEV(PCI_SLOT(devfn)) | ++ PCIE_ATU_FUNC(PCI_FUNC(devfn)); ++ ++ if (bus->parent->number == cfg->busr.start) { ++ if (PCI_SLOT(devfn) == 0) ++ type = PCIE_ATU_TYPE_CFG0; ++ else ++ return NULL; ++ } else { ++ type = PCIE_ATU_TYPE_CFG1; ++ } ++ ++ program_outbound_atu(pcie_ecam, 0, type, cfg->res.start, busdev, ++ SZ_256K); ++ ++ return pcie_ecam->config_base + where; ++} ++ ++const struct pci_ecam_ops tegra194_pcie_ops = { ++ .init = tegra194_acpi_init, ++ .pci_ops = { ++ .map_bus = tegra194_map_bus, ++ .read = pci_generic_config_read, ++ .write = pci_generic_config_write, ++ } ++}; ++#endif /* defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS) */ ++ ++#ifdef CONFIG_PCIE_TEGRA194 ++ + static inline struct tegra_pcie_dw *to_tegra_pcie(struct dw_pcie *pci) + { + return container_of(pci, struct tegra_pcie_dw, pci); +@@ -2311,3 +2411,5 @@ MODULE_DEVICE_TABLE(of, tegra_pcie_dw_of_match); + MODULE_AUTHOR("Vidya Sagar "); + MODULE_DESCRIPTION("NVIDIA PCIe host controller driver"); + MODULE_LICENSE("GPL v2"); ++ ++#endif /* CONFIG_PCIE_TEGRA194 */ +diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h +index 65d3d83015c3..fbdadd4d8377 100644 +--- a/include/linux/pci-ecam.h ++++ b/include/linux/pci-ecam.h +@@ -85,6 +85,7 @@ extern const struct pci_ecam_ops pci_thunder_ecam_ops; /* Cavium ThunderX 1.x */ + extern const struct pci_ecam_ops xgene_v1_pcie_ecam_ops; /* APM X-Gene PCIe v1 */ + extern const struct pci_ecam_ops xgene_v2_pcie_ecam_ops; /* APM X-Gene PCIe v2.x */ + extern const struct pci_ecam_ops al_pcie_ops; /* Amazon Annapurna Labs PCIe */ ++extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */ + #endif + + #if IS_ENABLED(CONFIG_PCI_HOST_COMMON) +-- +2.30.2 + diff --git a/queue-5.12/pci-tegra-fix-runtime-pm-imbalance-in-pex_ep_event_p.patch b/queue-5.12/pci-tegra-fix-runtime-pm-imbalance-in-pex_ep_event_p.patch new file mode 100644 index 00000000000..62307331071 --- /dev/null +++ b/queue-5.12/pci-tegra-fix-runtime-pm-imbalance-in-pex_ep_event_p.patch @@ -0,0 +1,41 @@ +From 7186bb8523c9c73e23673ed4e9b557ca04e358c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 8 Apr 2021 15:26:58 +0800 +Subject: PCI: tegra: Fix runtime PM imbalance in + pex_ep_event_pex_rst_deassert() + +From: Dinghao Liu + +[ Upstream commit 5859c926d1f052ee61b5815b14658875c14f6243 ] + +pm_runtime_get_sync() will increase the runtime PM counter +even it returns an error. Thus a pairing decrement is needed +to prevent refcount leak. Fix this by replacing this API with +pm_runtime_resume_and_get(), which will not change the runtime +PM counter on error. + +Link: https://lore.kernel.org/r/20210408072700.15791-1-dinghao.liu@zju.edu.cn +Signed-off-by: Dinghao Liu +Signed-off-by: Lorenzo Pieralisi +Acked-by: Thierry Reding +Signed-off-by: Sasha Levin +--- + drivers/pci/controller/dwc/pcie-tegra194.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c +index 6fa216e52d14..0e94190ca4e8 100644 +--- a/drivers/pci/controller/dwc/pcie-tegra194.c ++++ b/drivers/pci/controller/dwc/pcie-tegra194.c +@@ -1645,7 +1645,7 @@ static void pex_ep_event_pex_rst_deassert(struct tegra_pcie_dw *pcie) + if (pcie->ep_state == EP_STATE_ENABLED) + return; + +- ret = pm_runtime_get_sync(dev); ++ ret = pm_runtime_resume_and_get(dev); + if (ret < 0) { + dev_err(dev, "Failed to get runtime sync for PCIe dev: %d\n", + ret); +-- +2.30.2 + diff --git a/queue-5.12/pci-thunder-fix-compile-testing.patch b/queue-5.12/pci-thunder-fix-compile-testing.patch new file mode 100644 index 00000000000..2a30e6eeace --- /dev/null +++ b/queue-5.12/pci-thunder-fix-compile-testing.patch @@ -0,0 +1,101 @@ +From fb37317553c93b7497d66c6617410ec64d3c7d13 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 16:24:47 +0100 +Subject: PCI: thunder: Fix compile testing + +From: Arnd Bergmann + +[ Upstream commit 16f7ae5906dfbeff54f74ec75d0563bb3a87ab0b ] + +Compile-testing these drivers is currently broken. Enabling it causes a +couple of build failures though: + + drivers/pci/controller/pci-thunder-ecam.c:119:30: error: shift count >= width of type [-Werror,-Wshift-count-overflow] + drivers/pci/controller/pci-thunder-pem.c:54:2: error: implicit declaration of function 'writeq' [-Werror,-Wimplicit-function-declaration] + drivers/pci/controller/pci-thunder-pem.c:392:8: error: implicit declaration of function 'acpi_get_rc_resources' [-Werror,-Wimplicit-function-declaration] + +Fix them with the obvious one-line changes. + +Link: https://lore.kernel.org/r/20210308152501.2135937-2-arnd@kernel.org +Signed-off-by: Arnd Bergmann +Signed-off-by: Bjorn Helgaas +Reviewed-by: Kuppuswamy Sathyanarayanan +Reviewed-by: Robert Richter +Signed-off-by: Sasha Levin +--- + drivers/pci/controller/pci-thunder-ecam.c | 2 +- + drivers/pci/controller/pci-thunder-pem.c | 13 +++++++------ + drivers/pci/pci.h | 6 ++++++ + 3 files changed, 14 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/controller/pci-thunder-ecam.c b/drivers/pci/controller/pci-thunder-ecam.c +index f964fd26f7e0..ffd84656544f 100644 +--- a/drivers/pci/controller/pci-thunder-ecam.c ++++ b/drivers/pci/controller/pci-thunder-ecam.c +@@ -116,7 +116,7 @@ static int thunder_ecam_p2_config_read(struct pci_bus *bus, unsigned int devfn, + * the config space access window. Since we are working with + * the high-order 32 bits, shift everything down by 32 bits. + */ +- node_bits = (cfg->res.start >> 32) & (1 << 12); ++ node_bits = upper_32_bits(cfg->res.start) & (1 << 12); + + v |= node_bits; + set_val(v, where, size, val); +diff --git a/drivers/pci/controller/pci-thunder-pem.c b/drivers/pci/controller/pci-thunder-pem.c +index 1a3f70ac61fc..0660b9da204f 100644 +--- a/drivers/pci/controller/pci-thunder-pem.c ++++ b/drivers/pci/controller/pci-thunder-pem.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + #include "../pci.h" + + #if defined(CONFIG_PCI_HOST_THUNDER_PEM) || (defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS)) +@@ -324,9 +325,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg, + * structure here for the BAR. + */ + bar4_start = res_pem->start + 0xf00000; +- pem_pci->ea_entry[0] = (u32)bar4_start | 2; +- pem_pci->ea_entry[1] = (u32)(res_pem->end - bar4_start) & ~3u; +- pem_pci->ea_entry[2] = (u32)(bar4_start >> 32); ++ pem_pci->ea_entry[0] = lower_32_bits(bar4_start) | 2; ++ pem_pci->ea_entry[1] = lower_32_bits(res_pem->end - bar4_start) & ~3u; ++ pem_pci->ea_entry[2] = upper_32_bits(bar4_start); + + cfg->priv = pem_pci; + return 0; +@@ -334,9 +335,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg, + + #if defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS) + +-#define PEM_RES_BASE 0x87e0c0000000UL +-#define PEM_NODE_MASK GENMASK(45, 44) +-#define PEM_INDX_MASK GENMASK(26, 24) ++#define PEM_RES_BASE 0x87e0c0000000ULL ++#define PEM_NODE_MASK GENMASK_ULL(45, 44) ++#define PEM_INDX_MASK GENMASK_ULL(26, 24) + #define PEM_MIN_DOM_IN_NODE 4 + #define PEM_MAX_DOM_IN_NODE 10 + +diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h +index ef7c4661314f..9684b468267f 100644 +--- a/drivers/pci/pci.h ++++ b/drivers/pci/pci.h +@@ -624,6 +624,12 @@ static inline int pci_dev_specific_reset(struct pci_dev *dev, int probe) + #if defined(CONFIG_PCI_QUIRKS) && defined(CONFIG_ARM64) + int acpi_get_rc_resources(struct device *dev, const char *hid, u16 segment, + struct resource *res); ++#else ++static inline int acpi_get_rc_resources(struct device *dev, const char *hid, ++ u16 segment, struct resource *res) ++{ ++ return -ENODEV; ++} + #endif + + int pci_rebar_get_current_size(struct pci_dev *pdev, int bar); +-- +2.30.2 + diff --git a/queue-5.12/platform-chrome-cros_ec_typec-add-dp-mode-check.patch b/queue-5.12/platform-chrome-cros_ec_typec-add-dp-mode-check.patch new file mode 100644 index 00000000000..99680fe632d --- /dev/null +++ b/queue-5.12/platform-chrome-cros_ec_typec-add-dp-mode-check.patch @@ -0,0 +1,41 @@ +From ab650bf01e9d4126ab2ac1080b915beec7737bac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 20 Apr 2021 21:21:09 -0700 +Subject: platform/chrome: cros_ec_typec: Add DP mode check + +From: Prashant Malani + +[ Upstream commit c5bb32f57bf3a30ed03be51f7be0840325ba8b4a ] + +There are certain transitional situations where the dp_mode field in the +PD_CONTROL response might not be populated with the right DP pin +assignment value yet. Add a check for that to avoid sending an invalid +value to the Type C mode switch. + +Signed-off-by: Prashant Malani +Signed-off-by: Enric Balletbo i Serra +Link: https://lore.kernel.org/r/20210421042108.2002-1-pmalani@chromium.org +Signed-off-by: Sasha Levin +--- + drivers/platform/chrome/cros_ec_typec.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/platform/chrome/cros_ec_typec.c b/drivers/platform/chrome/cros_ec_typec.c +index 0811562deecc..24be8f550ae0 100644 +--- a/drivers/platform/chrome/cros_ec_typec.c ++++ b/drivers/platform/chrome/cros_ec_typec.c +@@ -483,6 +483,11 @@ static int cros_typec_enable_dp(struct cros_typec_data *typec, + return -ENOTSUPP; + } + ++ if (!pd_ctrl->dp_mode) { ++ dev_err(typec->dev, "No valid DP mode provided.\n"); ++ return -EINVAL; ++ } ++ + /* Status VDO. */ + dp_data.status = DP_STATUS_ENABLED; + if (port->mux_flags & USB_PD_MUX_HPD_IRQ) +-- +2.30.2 + diff --git a/queue-5.12/riscv-use-ld-instead-of-cc-to-link-vdso.patch b/queue-5.12/riscv-use-ld-instead-of-cc-to-link-vdso.patch new file mode 100644 index 00000000000..c85e4b82959 --- /dev/null +++ b/queue-5.12/riscv-use-ld-instead-of-cc-to-link-vdso.patch @@ -0,0 +1,95 @@ +From 04e9fda0e0f4cf86ab07b794fc530170c210cc9d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 14:51:56 -0700 +Subject: riscv: Use $(LD) instead of $(CC) to link vDSO + +From: Nathan Chancellor + +[ Upstream commit 7f3d349065d0c643f7f7013fbf9bc9f2c90b675f ] + +Currently, the VDSO is being linked through $(CC). This does not match +how the rest of the kernel links objects, which is through the $(LD) +variable. + +When linking with clang, there are a couple of warnings about flags that +will not be used during the link: + +clang-12: warning: argument unused during compilation: '-no-pie' [-Wunused-command-line-argument] +clang-12: warning: argument unused during compilation: '-pg' [-Wunused-command-line-argument] + +'-no-pie' was added in commit 85602bea297f ("RISC-V: build vdso-dummy.o +with -no-pie") to override '-pie' getting added to the ld command from +distribution versions of GCC that enable PIE by default. It is +technically no longer needed after commit c2c81bb2f691 ("RISC-V: Fix the +VDSO symbol generaton for binutils-2.35+"), which removed vdso-dummy.o +in favor of generating vdso-syms.S from vdso.so with $(NM) but this also +resolves the issue in case it ever comes back due to having full control +over the $(LD) command. '-pg' is for function tracing, it is not used +during linking as clang states. + +These flags could be removed/filtered to fix the warnings but it is +easier to just match the rest of the kernel and use $(LD) directly for +linking. See commits + + fe00e50b2db8 ("ARM: 8858/1: vdso: use $(LD) instead of $(CC) to link VDSO") + 691efbedc60d ("arm64: vdso: use $(LD) instead of $(CC) to link VDSO") + 2ff906994b6c ("MIPS: VDSO: Use $(LD) instead of $(CC) to link VDSO") + 2b2a25845d53 ("s390/vdso: Use $(LD) instead of $(CC) to link vDSO") + +for more information. + +The flags are converted to linker flags and '--eh-frame-hdr' is added to +match what is added by GCC implicitly, which can be seen by adding '-v' +to GCC's invocation. + +Additionally, since this area is being modified, use the $(OBJCOPY) +variable instead of an open coded $(CROSS_COMPILE)objcopy so that the +user's choice of objcopy binary is respected. + +Link: https://github.com/ClangBuiltLinux/linux/issues/803 +Link: https://github.com/ClangBuiltLinux/linux/issues/970 +Signed-off-by: Nathan Chancellor +Reviewed-by: Fangrui Song +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/vdso/Makefile | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile +index 71a315e73cbe..ca2b40dfd24b 100644 +--- a/arch/riscv/kernel/vdso/Makefile ++++ b/arch/riscv/kernel/vdso/Makefile +@@ -41,11 +41,10 @@ KASAN_SANITIZE := n + $(obj)/vdso.o: $(obj)/vdso.so + + # link rule for the .so file, .lds has to be first +-SYSCFLAGS_vdso.so.dbg = $(c_flags) + $(obj)/vdso.so.dbg: $(src)/vdso.lds $(obj-vdso) FORCE + $(call if_changed,vdsold) +-SYSCFLAGS_vdso.so.dbg = -shared -s -Wl,-soname=linux-vdso.so.1 \ +- -Wl,--build-id=sha1 -Wl,--hash-style=both ++LDFLAGS_vdso.so.dbg = -shared -s -soname=linux-vdso.so.1 \ ++ --build-id=sha1 --hash-style=both --eh-frame-hdr + + # We also create a special relocatable object that should mirror the symbol + # table and layout of the linked DSO. With ld --just-symbols we can then +@@ -60,13 +59,10 @@ $(obj)/%.so: $(obj)/%.so.dbg FORCE + + # actual build commands + # The DSO images are built using a special linker script +-# Add -lgcc so rv32 gets static muldi3 and lshrdi3 definitions. + # Make sure only to export the intended __vdso_xxx symbol offsets. + quiet_cmd_vdsold = VDSOLD $@ +- cmd_vdsold = $(CC) $(KBUILD_CFLAGS) $(call cc-option, -no-pie) -nostdlib -nostartfiles $(SYSCFLAGS_$(@F)) \ +- -Wl,-T,$(filter-out FORCE,$^) -o $@.tmp && \ +- $(CROSS_COMPILE)objcopy \ +- $(patsubst %, -G __vdso_%, $(vdso-syms)) $@.tmp $@ && \ ++ cmd_vdsold = $(LD) $(ld_flags) -T $(filter-out FORCE,$^) -o $@.tmp && \ ++ $(OBJCOPY) $(patsubst %, -G __vdso_%, $(vdso-syms)) $@.tmp $@ && \ + rm $@.tmp + + # Extracts symbol offsets from the VDSO, converting them into an assembly file +-- +2.30.2 + diff --git a/queue-5.12/riscv-workaround-mcount-name-prior-to-clang-13.patch b/queue-5.12/riscv-workaround-mcount-name-prior-to-clang-13.patch new file mode 100644 index 00000000000..06be14946eb --- /dev/null +++ b/queue-5.12/riscv-workaround-mcount-name-prior-to-clang-13.patch @@ -0,0 +1,123 @@ +From 92758a8a7e3f928bfa58b77bb3f645541a8fc711 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:38:06 -0700 +Subject: riscv: Workaround mcount name prior to clang-13 + +From: Nathan Chancellor + +[ Upstream commit 7ce04771503074a7de7f539cc43f5e1b385cb99b ] + +Prior to clang 13.0.0, the RISC-V name for the mcount symbol was +"mcount", which differs from the GCC version of "_mcount", which results +in the following errors: + +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_level': +main.c:(.text+0xe): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_start': +main.c:(.text+0x4e): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_finish': +main.c:(.text+0x92): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `.LBB32_28': +main.c:(.text+0x30c): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `free_initmem': +main.c:(.text+0x54c): undefined reference to `mcount' + +This has been corrected in https://reviews.llvm.org/D98881 but the +minimum supported clang version is 10.0.1. To avoid build errors and to +gain a working function tracer, adjust the name of the mcount symbol for +older versions of clang in mount.S and recordmcount.pl. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1331 +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/include/asm/ftrace.h | 14 ++++++++++++-- + arch/riscv/kernel/mcount.S | 10 +++++----- + scripts/recordmcount.pl | 2 +- + 3 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h +index 845002cc2e57..04dad3380041 100644 +--- a/arch/riscv/include/asm/ftrace.h ++++ b/arch/riscv/include/asm/ftrace.h +@@ -13,9 +13,19 @@ + #endif + #define HAVE_FUNCTION_GRAPH_RET_ADDR_PTR + ++/* ++ * Clang prior to 13 had "mcount" instead of "_mcount": ++ * https://reviews.llvm.org/D98881 ++ */ ++#if defined(CONFIG_CC_IS_GCC) || CONFIG_CLANG_VERSION >= 130000 ++#define MCOUNT_NAME _mcount ++#else ++#define MCOUNT_NAME mcount ++#endif ++ + #define ARCH_SUPPORTS_FTRACE_OPS 1 + #ifndef __ASSEMBLY__ +-void _mcount(void); ++void MCOUNT_NAME(void); + static inline unsigned long ftrace_call_adjust(unsigned long addr) + { + return addr; +@@ -36,7 +46,7 @@ struct dyn_arch_ftrace { + * both auipc and jalr at the same time. + */ + +-#define MCOUNT_ADDR ((unsigned long)_mcount) ++#define MCOUNT_ADDR ((unsigned long)MCOUNT_NAME) + #define JALR_SIGN_MASK (0x00000800) + #define JALR_OFFSET_MASK (0x00000fff) + #define AUIPC_OFFSET_MASK (0xfffff000) +diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S +index 8a5593ff9ff3..6d462681c9c0 100644 +--- a/arch/riscv/kernel/mcount.S ++++ b/arch/riscv/kernel/mcount.S +@@ -47,8 +47,8 @@ + + ENTRY(ftrace_stub) + #ifdef CONFIG_DYNAMIC_FTRACE +- .global _mcount +- .set _mcount, ftrace_stub ++ .global MCOUNT_NAME ++ .set MCOUNT_NAME, ftrace_stub + #endif + ret + ENDPROC(ftrace_stub) +@@ -78,7 +78,7 @@ ENDPROC(return_to_handler) + #endif + + #ifndef CONFIG_DYNAMIC_FTRACE +-ENTRY(_mcount) ++ENTRY(MCOUNT_NAME) + la t4, ftrace_stub + #ifdef CONFIG_FUNCTION_GRAPH_TRACER + la t0, ftrace_graph_return +@@ -124,6 +124,6 @@ do_trace: + jalr t5 + RESTORE_ABI_STATE + ret +-ENDPROC(_mcount) ++ENDPROC(MCOUNT_NAME) + #endif +-EXPORT_SYMBOL(_mcount) ++EXPORT_SYMBOL(MCOUNT_NAME) +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl +index a36df04cfa09..7b83a1aaec98 100755 +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -392,7 +392,7 @@ if ($arch eq "x86_64") { + $mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$"; + } elsif ($arch eq "riscv") { + $function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:"; +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_?mcount\$"; + $type = ".quad"; + $alignment = 2; + } elsif ($arch eq "nds32") { +-- +2.30.2 + diff --git a/queue-5.12/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch b/queue-5.12/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch new file mode 100644 index 00000000000..bb1bfac84d2 --- /dev/null +++ b/queue-5.12/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch @@ -0,0 +1,43 @@ +From f7554d9fcac18aad45ea4d9f1fccfeca7df62118 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:38:05 -0700 +Subject: scripts/recordmcount.pl: Fix RISC-V regex for clang + +From: Nathan Chancellor + +[ Upstream commit 2f095504f4b9cf75856d6a9cf90299cf75aa46c5 ] + +Clang can generate R_RISCV_CALL_PLT relocations to _mcount: + +$ llvm-objdump -dr build/riscv/init/main.o | rg mcount + 000000000000000e: R_RISCV_CALL_PLT _mcount + 000000000000004e: R_RISCV_CALL_PLT _mcount + +After this, the __start_mcount_loc section is properly generated and +function tracing still works. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1331 +Signed-off-by: Nathan Chancellor +Reviewed-by: Fangrui Song +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + scripts/recordmcount.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl +index 867860ea57da..a36df04cfa09 100755 +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -392,7 +392,7 @@ if ($arch eq "x86_64") { + $mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$"; + } elsif ($arch eq "riscv") { + $function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:"; +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL\\s_mcount\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$"; + $type = ".quad"; + $alignment = 2; + } elsif ($arch eq "nds32") { +-- +2.30.2 + diff --git a/queue-5.12/scsi-lpfc-fix-illegal-memory-access-on-abort-iocbs.patch b/queue-5.12/scsi-lpfc-fix-illegal-memory-access-on-abort-iocbs.patch new file mode 100644 index 00000000000..296694f782c --- /dev/null +++ b/queue-5.12/scsi-lpfc-fix-illegal-memory-access-on-abort-iocbs.patch @@ -0,0 +1,60 @@ +From 5aed35a10dc335a75ed0b8132261e2be67b50b5a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Apr 2021 16:44:33 -0700 +Subject: scsi: lpfc: Fix illegal memory access on Abort IOCBs + +From: James Smart + +[ Upstream commit e1364711359f3ced054bda9920477c8bf93b74c5 ] + +In devloss timer handler and in backend calls to terminate remote port I/O, +there is logic to walk through all active IOCBs and validate them to +potentially trigger an abort request. This logic is causing illegal memory +accesses which leads to a crash. Abort IOCBs, which may be on the list, do +not have an associated lpfc_io_buf struct. The driver is trying to map an +lpfc_io_buf struct on the IOCB and which results in a bogus address thus +the issue. + +Fix by skipping over ABORT IOCBs (CLOSE IOCBs are ABORTS that don't send +ABTS) in the IOCB scan logic. + +Link: https://lore.kernel.org/r/20210421234433.102079-1-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_sli.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/drivers/scsi/lpfc/lpfc_sli.c b/drivers/scsi/lpfc/lpfc_sli.c +index bd31feb3d5e1..920cf329268b 100644 +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -11807,13 +11807,20 @@ lpfc_sli_validate_fcp_iocb(struct lpfc_iocbq *iocbq, struct lpfc_vport *vport, + lpfc_ctx_cmd ctx_cmd) + { + struct lpfc_io_buf *lpfc_cmd; ++ IOCB_t *icmd = NULL; + int rc = 1; + + if (!iocbq || iocbq->vport != vport) + return rc; + +- if (!(iocbq->iocb_flag & LPFC_IO_FCP) || +- !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ)) ++ if (!(iocbq->iocb_flag & LPFC_IO_FCP) || ++ !(iocbq->iocb_flag & LPFC_IO_ON_TXCMPLQ) || ++ iocbq->iocb_flag & LPFC_DRIVER_ABORTED) ++ return rc; ++ ++ icmd = &iocbq->iocb; ++ if (icmd->ulpCommand == CMD_ABORT_XRI_CN || ++ icmd->ulpCommand == CMD_CLOSE_XRI_CN) + return rc; + + lpfc_cmd = container_of(iocbq, struct lpfc_io_buf, cur_iocbq); +-- +2.30.2 + diff --git a/queue-5.12/scsi-target-tcmu-return-from-tcmu_handle_completions.patch b/queue-5.12/scsi-target-tcmu-return-from-tcmu_handle_completions.patch new file mode 100644 index 00000000000..3eec485756b --- /dev/null +++ b/queue-5.12/scsi-target-tcmu-return-from-tcmu_handle_completions.patch @@ -0,0 +1,52 @@ +From 78e55f3962789cc8f546fe3e51efc50b64a4fba6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 23 Apr 2021 17:01:23 +0200 +Subject: scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id + not found + +From: Bodo Stroesser + +[ Upstream commit 9814b55cde0588b6d9bc496cee43f87316cbc6f1 ] + +If tcmu_handle_completions() finds an invalid cmd_id while looping over cmd +responses from userspace it sets TCMU_DEV_BIT_BROKEN and breaks the +loop. This means that it does further handling for the tcmu device. + +Skip that handling by replacing 'break' with 'return'. + +Additionally change tcmu_handle_completions() from unsigned int to bool, +since the value used in return already is bool. + +Link: https://lore.kernel.org/r/20210423150123.24468-1-bostroesser@gmail.com +Signed-off-by: Bodo Stroesser +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_user.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c +index bf73cd5f4b04..6809c970be03 100644 +--- a/drivers/target/target_core_user.c ++++ b/drivers/target/target_core_user.c +@@ -1377,7 +1377,7 @@ static int tcmu_run_tmr_queue(struct tcmu_dev *udev) + return 1; + } + +-static unsigned int tcmu_handle_completions(struct tcmu_dev *udev) ++static bool tcmu_handle_completions(struct tcmu_dev *udev) + { + struct tcmu_mailbox *mb; + struct tcmu_cmd *cmd; +@@ -1420,7 +1420,7 @@ static unsigned int tcmu_handle_completions(struct tcmu_dev *udev) + pr_err("cmd_id %u not found, ring is broken\n", + entry->hdr.cmd_id); + set_bit(TCMU_DEV_BIT_BROKEN, &udev->flags); +- break; ++ return false; + } + + tcmu_handle_completion(cmd, entry); +-- +2.30.2 + diff --git a/queue-5.12/series b/queue-5.12/series index 4536464f122..c291f7791aa 100644 --- a/queue-5.12/series +++ b/queue-5.12/series @@ -3,3 +3,39 @@ drm-i915-display-fix-compiler-warning-about-array-overrun.patch airo-work-around-stack-usage-warning.patch kgdb-fix-gcc-11-warning-on-indentation.patch usb-sl811-hcd-improve-misleading-indentation.patch +arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch +pci-thunder-fix-compile-testing.patch +dmaengine-dw-edma-fix-crash-on-loading-unloading-dri.patch +arm-9066-1-ftrace-pause-unpause-function-graph-trace.patch +nfs-fix-fscache-invalidation-in-nfs_set_cache_invali.patch +acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch +pci-tegra-fix-runtime-pm-imbalance-in-pex_ep_event_p.patch +input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch +input-silead-add-workaround-for-x86-bios-es-which-br.patch +nfs-nfs_ino_reval_pagecache-should-mark-the-change-a.patch +f2fs-fix-to-avoid-null-pointer-dereference.patch +svcrdma-don-t-leak-send_ctxt-on-send-errors.patch +um-mark-all-kernel-symbols-as-local.patch +um-disable-config_gcov-with-modules.patch +pci-tegra-add-tegra194-mcfg-quirks-for-ecam-errata.patch +arm-9075-1-kernel-fix-interrupted-smc-calls.patch +platform-chrome-cros_ec_typec-add-dp-mode-check.patch +riscv-use-ld-instead-of-cc-to-link-vdso.patch +scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch +riscv-workaround-mcount-name-prior-to-clang-13.patch +scsi-lpfc-fix-illegal-memory-access-on-abort-iocbs.patch +ceph-fix-fscache-invalidation.patch +ceph-don-t-clobber-i_snap_caps-on-non-i_new-inode.patch +ceph-don-t-allow-access-to-mds-private-inodes.patch +scsi-target-tcmu-return-from-tcmu_handle_completions.patch +amdgpu-pm-prevent-force-of-dcefclk-on-navi10-and-sie.patch +bridge-fix-possible-races-between-assigning-rx_handl.patch +net-hsr-check-skb-can-contain-struct-hsr_ethhdr-in-f.patch +nvmet-remove-unsupported-command-noise.patch +drm-amd-display-fix-two-cursor-duplication-when-usin.patch +gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch +net-cxgb4-fix-leak-if-sk_buff-is-not-used.patch +alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch +block-reexpand-iov_iter-after-read-write.patch +lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch +net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch diff --git a/queue-5.12/svcrdma-don-t-leak-send_ctxt-on-send-errors.patch b/queue-5.12/svcrdma-don-t-leak-send_ctxt-on-send-errors.patch new file mode 100644 index 00000000000..7b081fef2da --- /dev/null +++ b/queue-5.12/svcrdma-don-t-leak-send_ctxt-on-send-errors.patch @@ -0,0 +1,48 @@ +From 04fa22d94b2abf958ab1136b5b1b6ac42816456d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Apr 2021 17:53:22 -0400 +Subject: svcrdma: Don't leak send_ctxt on Send errors + +From: Chuck Lever + +[ Upstream commit 351461f332db5670056a9c6bce6916027f91072f ] + +Address a rare send_ctxt leak in the svc_rdma_sendto() error paths. + +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + net/sunrpc/xprtrdma/svc_rdma_sendto.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c +index 52c759a8543e..3669661457c1 100644 +--- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c ++++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c +@@ -958,7 +958,7 @@ int svc_rdma_sendto(struct svc_rqst *rqstp) + p = xdr_reserve_space(&sctxt->sc_stream, + rpcrdma_fixed_maxsz * sizeof(*p)); + if (!p) +- goto err0; ++ goto err1; + + ret = svc_rdma_send_reply_chunk(rdma, rctxt, &rqstp->rq_res); + if (ret < 0) +@@ -970,11 +970,11 @@ int svc_rdma_sendto(struct svc_rqst *rqstp) + *p = pcl_is_empty(&rctxt->rc_reply_pcl) ? rdma_msg : rdma_nomsg; + + if (svc_rdma_encode_read_list(sctxt) < 0) +- goto err0; ++ goto err1; + if (svc_rdma_encode_write_list(rctxt, sctxt) < 0) +- goto err0; ++ goto err1; + if (svc_rdma_encode_reply_chunk(rctxt, sctxt, ret) < 0) +- goto err0; ++ goto err1; + + ret = svc_rdma_send_reply_msg(rdma, sctxt, rctxt, rqstp); + if (ret < 0) +-- +2.30.2 + diff --git a/queue-5.12/um-disable-config_gcov-with-modules.patch b/queue-5.12/um-disable-config_gcov-with-modules.patch new file mode 100644 index 00000000000..ee4291583ba --- /dev/null +++ b/queue-5.12/um-disable-config_gcov-with-modules.patch @@ -0,0 +1,76 @@ +From d8f79612e66cc4d58b556af436d03272c95090e8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Mar 2021 23:47:31 +0100 +Subject: um: Disable CONFIG_GCOV with MODULES + +From: Johannes Berg + +[ Upstream commit ad3d19911632debc886ef4a992d41d6de7927006 ] + +CONFIG_GCOV doesn't work with modules, and for various reasons +it cannot work, see also +https://lore.kernel.org/r/d36ea54d8c0a8dd706826ba844a6f27691f45d55.camel@sipsolutions.net + +Make CONFIG_GCOV depend on !MODULES to avoid anyone +running into issues there. This also means we need +not export the gcov symbols. + +Signed-off-by: Johannes Berg +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/um/Kconfig.debug | 1 + + arch/um/kernel/Makefile | 1 - + arch/um/kernel/gmon_syms.c | 16 ---------------- + 3 files changed, 1 insertion(+), 17 deletions(-) + delete mode 100644 arch/um/kernel/gmon_syms.c + +diff --git a/arch/um/Kconfig.debug b/arch/um/Kconfig.debug +index 315d368e63ad..1dfb2959c73b 100644 +--- a/arch/um/Kconfig.debug ++++ b/arch/um/Kconfig.debug +@@ -17,6 +17,7 @@ config GCOV + bool "Enable gcov support" + depends on DEBUG_INFO + depends on !KCOV ++ depends on !MODULES + help + This option allows developers to retrieve coverage data from a UML + session. +diff --git a/arch/um/kernel/Makefile b/arch/um/kernel/Makefile +index 5aa882011e04..e698e0c7dbdc 100644 +--- a/arch/um/kernel/Makefile ++++ b/arch/um/kernel/Makefile +@@ -21,7 +21,6 @@ obj-y = config.o exec.o exitcode.o irq.o ksyms.o mem.o \ + + obj-$(CONFIG_BLK_DEV_INITRD) += initrd.o + obj-$(CONFIG_GPROF) += gprof_syms.o +-obj-$(CONFIG_GCOV) += gmon_syms.o + obj-$(CONFIG_EARLY_PRINTK) += early_printk.o + obj-$(CONFIG_STACKTRACE) += stacktrace.o + +diff --git a/arch/um/kernel/gmon_syms.c b/arch/um/kernel/gmon_syms.c +deleted file mode 100644 +index 9361a8eb9bf1..000000000000 +--- a/arch/um/kernel/gmon_syms.c ++++ /dev/null +@@ -1,16 +0,0 @@ +-// SPDX-License-Identifier: GPL-2.0 +-/* +- * Copyright (C) 2001 - 2007 Jeff Dike (jdike@{addtoit,linux.intel}.com) +- */ +- +-#include +- +-extern void __bb_init_func(void *) __attribute__((weak)); +-EXPORT_SYMBOL(__bb_init_func); +- +-extern void __gcov_init(void *) __attribute__((weak)); +-EXPORT_SYMBOL(__gcov_init); +-extern void __gcov_merge_add(void *, unsigned int) __attribute__((weak)); +-EXPORT_SYMBOL(__gcov_merge_add); +-extern void __gcov_exit(void) __attribute__((weak)); +-EXPORT_SYMBOL(__gcov_exit); +-- +2.30.2 + diff --git a/queue-5.12/um-mark-all-kernel-symbols-as-local.patch b/queue-5.12/um-mark-all-kernel-symbols-as-local.patch new file mode 100644 index 00000000000..5137cd6a3c1 --- /dev/null +++ b/queue-5.12/um-mark-all-kernel-symbols-as-local.patch @@ -0,0 +1,111 @@ +From 6e85a871b398f832fbbc6107bf0d44656fb6e222 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Mar 2021 21:43:15 +0100 +Subject: um: Mark all kernel symbols as local + +From: Johannes Berg + +[ Upstream commit d5027ca63e0e778b641cf23e3f5c6d6212cf412b ] + +Ritesh reported a bug [1] against UML, noting that it crashed on +startup. The backtrace shows the following (heavily redacted): + +(gdb) bt +... + #26 0x0000000060015b5d in sem_init () at ipc/sem.c:268 + #27 0x00007f89906d92f7 in ?? () from /lib/x86_64-linux-gnu/libcom_err.so.2 + #28 0x00007f8990ab8fb2 in call_init (...) at dl-init.c:72 +... + #40 0x00007f89909bf3a6 in nss_load_library (...) at nsswitch.c:359 +... + #44 0x00007f8990895e35 in _nss_compat_getgrnam_r (...) at nss_compat/compat-grp.c:486 + #45 0x00007f8990968b85 in __getgrnam_r [...] + #46 0x00007f89909d6b77 in grantpt [...] + #47 0x00007f8990a9394e in __GI_openpty [...] + #48 0x00000000604a1f65 in openpty_cb (...) at arch/um/os-Linux/sigio.c:407 + #49 0x00000000604a58d0 in start_idle_thread (...) at arch/um/os-Linux/skas/process.c:598 + #50 0x0000000060004a3d in start_uml () at arch/um/kernel/skas/process.c:45 + #51 0x00000000600047b2 in linux_main (...) at arch/um/kernel/um_arch.c:334 + #52 0x000000006000574f in main (...) at arch/um/os-Linux/main.c:144 + +indicating that the UML function openpty_cb() calls openpty(), +which internally calls __getgrnam_r(), which causes the nsswitch +machinery to get started. + +This loads, through lots of indirection that I snipped, the +libcom_err.so.2 library, which (in an unknown function, "??") +calls sem_init(). + +Now, of course it wants to get libpthread's sem_init(), since +it's linked against libpthread. However, the dynamic linker +looks up that symbol against the binary first, and gets the +kernel's sem_init(). + +Hajime Tazaki noted that "objcopy -L" can localize a symbol, +so the dynamic linker wouldn't do the lookup this way. I tried, +but for some reason that didn't seem to work. + +Doing the same thing in the linker script instead does seem to +work, though I cannot entirely explain - it *also* works if I +just add "VERSION { { global: *; }; }" instead, indicating that +something else is happening that I don't really understand. It +may be that explicitly doing that marks them with some kind of +empty version, and that's different from the default. + +Explicitly marking them with a version breaks kallsyms, so that +doesn't seem to be possible. + +Marking all the symbols as local seems correct, and does seem +to address the issue, so do that. Also do it for static link, +nsswitch libraries could still be loaded there. + +[1] https://bugs.debian.org/983379 + +Reported-by: Ritesh Raj Sarraf +Signed-off-by: Johannes Berg +Acked-By: Anton Ivanov +Tested-By: Ritesh Raj Sarraf +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/um/kernel/dyn.lds.S | 6 ++++++ + arch/um/kernel/uml.lds.S | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S +index dacbfabf66d8..2f2a8ce92f1e 100644 +--- a/arch/um/kernel/dyn.lds.S ++++ b/arch/um/kernel/dyn.lds.S +@@ -6,6 +6,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + PROVIDE (__executable_start = START); +diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S +index 45d957d7004c..7a8e2b123e29 100644 +--- a/arch/um/kernel/uml.lds.S ++++ b/arch/um/kernel/uml.lds.S +@@ -7,6 +7,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + /* This must contain the right address - not quite the default ELF one.*/ +-- +2.30.2 + -- 2.47.3