From 46c236ce5ca3eab5655e626be6d20d99d6c77f47 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 13 Jan 2022 13:59:00 +0100 Subject: [PATCH] 5.15-stable patches added patches: bluetooth-add-quirk-disabling-le-read-transmit-power.patch bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch veth-do-not-record-rx-queue-hint-in-veth_xmit.patch x86-mce-remove-noinstr-annotation-from-mce_setup.patch --- ...irk-disabling-le-read-transmit-power.patch | 57 ++++++++++++ ...tx-power-for-macbook-air-8-1-and-8-2.patch | 41 +++++++++ ...-some-macs-with-the-t2-security-chip.patch | 87 +++++++++++++++++++ ...arly-pm-enablement-in-the-acpi-probe.patch | 61 +++++++++++++ queue-5.15/series | 6 ++ ...ot-record-rx-queue-hint-in-veth_xmit.patch | 68 +++++++++++++++ ...ve-noinstr-annotation-from-mce_setup.patch | 81 +++++++++++++++++ 7 files changed, 401 insertions(+) create mode 100644 queue-5.15/bluetooth-add-quirk-disabling-le-read-transmit-power.patch create mode 100644 queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch create mode 100644 queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch create mode 100644 queue-5.15/mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch create mode 100644 queue-5.15/veth-do-not-record-rx-queue-hint-in-veth_xmit.patch create mode 100644 queue-5.15/x86-mce-remove-noinstr-annotation-from-mce_setup.patch diff --git a/queue-5.15/bluetooth-add-quirk-disabling-le-read-transmit-power.patch b/queue-5.15/bluetooth-add-quirk-disabling-le-read-transmit-power.patch new file mode 100644 index 00000000000..1a26efe6926 --- /dev/null +++ b/queue-5.15/bluetooth-add-quirk-disabling-le-read-transmit-power.patch @@ -0,0 +1,57 @@ +From d2f8114f9574509580a8506d2ef72e7e43d1a5bd Mon Sep 17 00:00:00 2001 +From: Aditya Garg +Date: Thu, 2 Dec 2021 12:41:59 +0000 +Subject: Bluetooth: add quirk disabling LE Read Transmit Power + +From: Aditya Garg + +commit d2f8114f9574509580a8506d2ef72e7e43d1a5bd upstream. + +Some devices have a bug causing them to not work if they query +LE tx power on startup. Thus we add a quirk in order to not query it +and default min/max tx power values to HCI_TX_POWER_INVALID. + +Signed-off-by: Aditya Garg +Reported-by: Orlando Chamberlain +Tested-by: Orlando Chamberlain +Link: +https://lore.kernel.org/r/4970a940-211b-25d6-edab-21a815313954@protonmail.com +Fixes: 7c395ea521e6 ("Bluetooth: Query LE tx power on startup") +Cc: stable@vger.kernel.org +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman +--- + include/net/bluetooth/hci.h | 9 +++++++++ + net/bluetooth/hci_core.c | 3 ++- + 2 files changed, 11 insertions(+), 1 deletion(-) + +--- a/include/net/bluetooth/hci.h ++++ b/include/net/bluetooth/hci.h +@@ -246,6 +246,15 @@ enum { + * HCI after resume. + */ + HCI_QUIRK_NO_SUSPEND_NOTIFIER, ++ ++ /* ++ * When this quirk is set, LE tx power is not queried on startup ++ * and the min/max tx power values default to HCI_TX_POWER_INVALID. ++ * ++ * This quirk can be set before hci_register_dev is called or ++ * during the hdev->setup vendor callback. ++ */ ++ HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, + }; + + /* HCI device flags */ +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -742,7 +742,8 @@ static int hci_init3_req(struct hci_requ + hci_req_add(req, HCI_OP_LE_READ_ADV_TX_POWER, 0, NULL); + } + +- if (hdev->commands[38] & 0x80) { ++ if ((hdev->commands[38] & 0x80) && ++ !test_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks)) { + /* Read LE Min/Max Tx Power*/ + hci_req_add(req, HCI_OP_LE_READ_TRANSMIT_POWER, + 0, NULL); diff --git a/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch b/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch new file mode 100644 index 00000000000..7b828ff5f77 --- /dev/null +++ b/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch @@ -0,0 +1,41 @@ +From 3318ae23bbcb14b7f68e9006756ba6d970955635 Mon Sep 17 00:00:00 2001 +From: Aditya Garg +Date: Mon, 3 Jan 2022 13:28:42 +0000 +Subject: Bluetooth: btbcm: disable read tx power for MacBook Air 8,1 and 8,2 + +From: Aditya Garg + +commit 3318ae23bbcb14b7f68e9006756ba6d970955635 upstream. + +The MacBook Air 8,1 and 8,2 also need querying of LE Tx power +to be disabled for Bluetooth to work. + +Signed-off-by: Aditya Garg +Signed-off-by: Marcel Holtmann +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btbcm.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +--- a/drivers/bluetooth/btbcm.c ++++ b/drivers/bluetooth/btbcm.c +@@ -366,6 +366,18 @@ static const struct dmi_system_id disabl + { + .matches = { + DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,1"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookAir8,2"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), + DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,1"), + }, + }, diff --git a/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch b/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch new file mode 100644 index 00000000000..e14be105b92 --- /dev/null +++ b/queue-5.15/bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch @@ -0,0 +1,87 @@ +From 801b4c027b44a185292007d3cf7513999d644723 Mon Sep 17 00:00:00 2001 +From: Aditya Garg +Date: Thu, 2 Dec 2021 12:42:59 +0000 +Subject: Bluetooth: btbcm: disable read tx power for some Macs with the T2 Security chip + +From: Aditya Garg + +commit 801b4c027b44a185292007d3cf7513999d644723 upstream. + +Some Macs with the T2 security chip had Bluetooth not working. +To fix it we add DMI based quirks to disable querying of LE Tx power. + +Signed-off-by: Aditya Garg +Reported-by: Orlando Chamberlain +Tested-by: Orlando Chamberlain +Link: +https://lore.kernel.org/r/4970a940-211b-25d6-edab-21a815313954@protonmail.com +Fixes: 7c395ea521e6 ("Bluetooth: Query LE tx power on startup") +Cc: stable@vger.kernel.org +Signed-off-by: Marcel Holtmann +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btbcm.c | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +--- a/drivers/bluetooth/btbcm.c ++++ b/drivers/bluetooth/btbcm.c +@@ -8,6 +8,7 @@ + + #include + #include ++#include + #include + + #include +@@ -343,6 +344,40 @@ static struct sk_buff *btbcm_read_usb_pr + return skb; + } + ++static const struct dmi_system_id disable_broken_read_transmit_power[] = { ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,1"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,2"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "MacBookPro16,4"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,1"), ++ }, ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_BOARD_VENDOR, "Apple Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "iMac20,2"), ++ }, ++ }, ++ { } ++}; ++ + static int btbcm_read_info(struct hci_dev *hdev) + { + struct sk_buff *skb; +@@ -363,6 +398,10 @@ static int btbcm_read_info(struct hci_de + bt_dev_info(hdev, "BCM: features 0x%2.2x", skb->data[1]); + kfree_skb(skb); + ++ /* Read DMI and disable broken Read LE Min/Max Tx Power */ ++ if (dmi_first_match(disable_broken_read_transmit_power)) ++ set_bit(HCI_QUIRK_BROKEN_READ_TRANSMIT_POWER, &hdev->quirks); ++ + return 0; + } + diff --git a/queue-5.15/mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch b/queue-5.15/mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch new file mode 100644 index 00000000000..fdfe6542864 --- /dev/null +++ b/queue-5.15/mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch @@ -0,0 +1,61 @@ +From c9e143084d1a602f829115612e1ec79df3727c8b Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 1 Nov 2021 21:00:08 +0200 +Subject: mfd: intel-lpss: Fix too early PM enablement in the ACPI ->probe() + +From: Andy Shevchenko + +commit c9e143084d1a602f829115612e1ec79df3727c8b upstream. + +The runtime PM callback may be called as soon as the runtime PM facility +is enabled and activated. It means that ->suspend() may be called before +we finish probing the device in the ACPI case. Hence, NULL pointer +dereference: + + intel-lpss INT34BA:00: IRQ index 0 not found + BUG: kernel NULL pointer dereference, address: 0000000000000030 + ... + Workqueue: pm pm_runtime_work + RIP: 0010:intel_lpss_suspend+0xb/0x40 [intel_lpss] + +To fix this, first try to register the device and only after that enable +runtime PM facility. + +Fixes: 4b45efe85263 ("mfd: Add support for Intel Sunrisepoint LPSS devices") +Reported-by: Orlando Chamberlain +Reported-by: Aditya Garg +Signed-off-by: Andy Shevchenko +Tested-by: Aditya Garg +Signed-off-by: Lee Jones +Link: https://lore.kernel.org/r/20211101190008.86473-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mfd/intel-lpss-acpi.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +--- a/drivers/mfd/intel-lpss-acpi.c ++++ b/drivers/mfd/intel-lpss-acpi.c +@@ -136,6 +136,7 @@ static int intel_lpss_acpi_probe(struct + { + struct intel_lpss_platform_info *info; + const struct acpi_device_id *id; ++ int ret; + + id = acpi_match_device(intel_lpss_acpi_ids, &pdev->dev); + if (!id) +@@ -149,10 +150,14 @@ static int intel_lpss_acpi_probe(struct + info->mem = platform_get_resource(pdev, IORESOURCE_MEM, 0); + info->irq = platform_get_irq(pdev, 0); + ++ ret = intel_lpss_probe(&pdev->dev, info); ++ if (ret) ++ return ret; ++ + pm_runtime_set_active(&pdev->dev); + pm_runtime_enable(&pdev->dev); + +- return intel_lpss_probe(&pdev->dev, info); ++ return 0; + } + + static int intel_lpss_acpi_remove(struct platform_device *pdev) diff --git a/queue-5.15/series b/queue-5.15/series index 73b6a0e8c98..b13a2e535fa 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -22,3 +22,9 @@ usb-core-fix-bug-in-resuming-hub-s-handling-of-wakeup-requests.patch usb-fix-slab-out-of-bounds-write-bug-in-usb_hcd_poll_rh_status.patch ath11k-fix-buffer-overflow-when-scanning-with-extraie.patch mmc-sdhci-pci-add-pci-id-for-intel-adl.patch +bluetooth-add-quirk-disabling-le-read-transmit-power.patch +bluetooth-btbcm-disable-read-tx-power-for-some-macs-with-the-t2-security-chip.patch +bluetooth-btbcm-disable-read-tx-power-for-macbook-air-8-1-and-8-2.patch +veth-do-not-record-rx-queue-hint-in-veth_xmit.patch +mfd-intel-lpss-fix-too-early-pm-enablement-in-the-acpi-probe.patch +x86-mce-remove-noinstr-annotation-from-mce_setup.patch diff --git a/queue-5.15/veth-do-not-record-rx-queue-hint-in-veth_xmit.patch b/queue-5.15/veth-do-not-record-rx-queue-hint-in-veth_xmit.patch new file mode 100644 index 00000000000..61d25191308 --- /dev/null +++ b/queue-5.15/veth-do-not-record-rx-queue-hint-in-veth_xmit.patch @@ -0,0 +1,68 @@ +From 710ad98c363a66a0cd8526465426c5c5f8377ee0 Mon Sep 17 00:00:00 2001 +From: Daniel Borkmann +Date: Thu, 6 Jan 2022 01:46:06 +0100 +Subject: veth: Do not record rx queue hint in veth_xmit + +From: Daniel Borkmann + +commit 710ad98c363a66a0cd8526465426c5c5f8377ee0 upstream. + +Laurent reported that they have seen a significant amount of TCP retransmissions +at high throughput from applications residing in network namespaces talking to +the outside world via veths. The drops were seen on the qdisc layer (fq_codel, +as per systemd default) of the phys device such as ena or virtio_net due to all +traffic hitting a _single_ TX queue _despite_ multi-queue device. (Note that the +setup was _not_ using XDP on veths as the issue is generic.) + +More specifically, after edbea9220251 ("veth: Store queue_mapping independently +of XDP prog presence") which made it all the way back to v4.19.184+, +skb_record_rx_queue() would set skb->queue_mapping to 1 (given 1 RX and 1 TX +queue by default for veths) instead of leaving at 0. + +This is eventually retained and callbacks like ena_select_queue() will also pick +single queue via netdev_core_pick_tx()'s ndo_select_queue() once all the traffic +is forwarded to that device via upper stack or other means. Similarly, for others +not implementing ndo_select_queue() if XPS is disabled, netdev_pick_tx() might +call into the skb_tx_hash() and check for prior skb_rx_queue_recorded() as well. + +In general, it is a _bad_ idea for virtual devices like veth to mess around with +queue selection [by default]. Given dev->real_num_tx_queues is by default 1, +the skb->queue_mapping was left untouched, and so prior to edbea9220251 the +netdev_core_pick_tx() could do its job upon __dev_queue_xmit() on the phys device. + +Unbreak this and restore prior behavior by removing the skb_record_rx_queue() +from veth_xmit() altogether. + +If the veth peer has an XDP program attached, then it would return the first RX +queue index in xdp_md->rx_queue_index (unless configured in non-default manner). +However, this is still better than breaking the generic case. + +Fixes: edbea9220251 ("veth: Store queue_mapping independently of XDP prog presence") +Fixes: 638264dc9022 ("veth: Support per queue XDP ring") +Reported-by: Laurent Bernaille +Signed-off-by: Daniel Borkmann +Cc: Maciej Fijalkowski +Cc: Toshiaki Makita +Cc: Eric Dumazet +Cc: Paolo Abeni +Cc: John Fastabend +Cc: Willem de Bruijn +Acked-by: John Fastabend +Reviewed-by: Eric Dumazet +Acked-by: Toshiaki Makita +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/veth.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/net/veth.c ++++ b/drivers/net/veth.c +@@ -342,7 +342,6 @@ static netdev_tx_t veth_xmit(struct sk_b + */ + use_napi = rcu_access_pointer(rq->napi) && + veth_skb_is_eligible_for_gro(dev, rcv, skb); +- skb_record_rx_queue(skb, rxq); + } + + skb_tx_timestamp(skb); diff --git a/queue-5.15/x86-mce-remove-noinstr-annotation-from-mce_setup.patch b/queue-5.15/x86-mce-remove-noinstr-annotation-from-mce_setup.patch new file mode 100644 index 00000000000..d9b9fc432cb --- /dev/null +++ b/queue-5.15/x86-mce-remove-noinstr-annotation-from-mce_setup.patch @@ -0,0 +1,81 @@ +From 487d654db3edacc31dee86b10258cc740640fad8 Mon Sep 17 00:00:00 2001 +From: Borislav Petkov +Date: Tue, 5 Oct 2021 19:54:47 +0200 +Subject: x86/mce: Remove noinstr annotation from mce_setup() + +From: Borislav Petkov + +commit 487d654db3edacc31dee86b10258cc740640fad8 upstream. + +Instead, sandwitch around the call which is done in noinstr context and +mark the caller - mce_gather_info() - as noinstr. + +Also, document what the whole instrumentation strategy with #MC is going +to be in the future and where it all is supposed to be going to. + +Signed-off-by: Borislav Petkov +Link: https://lore.kernel.org/r/20211208111343.8130-5-bp@alien8.de +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/cpu/mce/core.c | 26 ++++++++++++++++++++------ + 1 file changed, 20 insertions(+), 6 deletions(-) + +--- a/arch/x86/kernel/cpu/mce/core.c ++++ b/arch/x86/kernel/cpu/mce/core.c +@@ -130,7 +130,7 @@ static void (*quirk_no_way_out)(int bank + BLOCKING_NOTIFIER_HEAD(x86_mce_decoder_chain); + + /* Do initial initialization of a struct mce */ +-noinstr void mce_setup(struct mce *m) ++void mce_setup(struct mce *m) + { + memset(m, 0, sizeof(struct mce)); + m->cpu = m->extcpu = smp_processor_id(); +@@ -479,9 +479,15 @@ static noinstr void mce_wrmsrl(u32 msr, + * check into our "mce" struct so that we can use it later to assess + * the severity of the problem as we read per-bank specific details. + */ +-static inline void mce_gather_info(struct mce *m, struct pt_regs *regs) ++static noinstr void mce_gather_info(struct mce *m, struct pt_regs *regs) + { ++ /* ++ * Enable instrumentation around mce_setup() which calls external ++ * facilities. ++ */ ++ instrumentation_begin(); + mce_setup(m); ++ instrumentation_end(); + + m->mcgstatus = mce_rdmsrl(MSR_IA32_MCG_STATUS); + if (regs) { +@@ -1327,11 +1333,11 @@ static void queue_task_work(struct mce * + } + + /* +- * The actual machine check handler. This only handles real +- * exceptions when something got corrupted coming in through int 18. ++ * The actual machine check handler. This only handles real exceptions when ++ * something got corrupted coming in through int 18. + * +- * This is executed in NMI context not subject to normal locking rules. This +- * implies that most kernel services cannot be safely used. Don't even ++ * This is executed in #MC context not subject to normal locking rules. ++ * This implies that most kernel services cannot be safely used. Don't even + * think about putting a printk in there! + * + * On Intel systems this is entered on all CPUs in parallel through +@@ -1343,6 +1349,14 @@ static void queue_task_work(struct mce * + * issues: if the machine check was due to a failure of the memory + * backing the user stack, tracing that reads the user stack will cause + * potentially infinite recursion. ++ * ++ * Currently, the #MC handler calls out to a number of external facilities ++ * and, therefore, allows instrumentation around them. The optimal thing to ++ * have would be to do the absolutely minimal work required in #MC context ++ * and have instrumentation disabled only around that. Further processing can ++ * then happen in process context where instrumentation is allowed. Achieving ++ * that requires careful auditing and modifications. Until then, the code ++ * allows instrumentation temporarily, where required. * + */ + noinstr void do_machine_check(struct pt_regs *regs) + { -- 2.47.2