From 879c31e0f456823c766b612b08539957f5915b3b Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Wed, 19 May 2021 18:43:10 -0400 Subject: [PATCH] Fixes for 4.19 Signed-off-by: Sasha Levin --- ...-fix-reference-count-leak-in-enable_.patch | 43 +++++ ...-change-the-dac-ctl-name-for-lo-spk-.patch | 64 +++++++ ...-v7-refactor-v7_invalidate_l1-to-avo.patch | 105 +++++++++++ ...e-pause-unpause-function-graph-trace.patch | 87 +++++++++ ...5-1-kernel-fix-interrupted-smc-calls.patch | 87 +++++++++ ...k-reexpand-iov_iter-after-read-write.patch | 171 ++++++++++++++++++ .../ceph-fix-fscache-invalidation.patch | 47 +++++ ...-quirk-to-ignore-ec-wakeups-on-dell-.patch | 57 ++++++ ...-do-not-bind-to-i2c-hid-compatible-a.patch | 132 ++++++++++++++ ...-workaround-for-x86-bios-es-which-br.patch | 128 +++++++++++++ ...urn-depot_lock-spinlock-to-raw_spinl.patch | 80 ++++++++ ...t-enable-rx-fifo-overflow-interrupts.patch | 94 ++++++++++ .../pci-thunder-fix-compile-testing.patch | 101 +++++++++++ ...-improve-unreachable-code-generation.patch | 67 +++++++ ...around-mcount-name-prior-to-clang-13.patch | 123 +++++++++++++ ...mcount.pl-fix-risc-v-regex-for-clang.patch | 43 +++++ ...-return-from-tcmu_handle_completions.patch | 52 ++++++ queue-4.19/series | 19 ++ .../um-mark-all-kernel-symbols-as-local.patch | 111 ++++++++++++ ...fy-detection-of-empty-and-full-rings.patch | 51 ++++++ 20 files changed, 1662 insertions(+) create mode 100644 queue-4.19/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch create mode 100644 queue-4.19/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch create mode 100644 queue-4.19/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch create mode 100644 queue-4.19/arm-9066-1-ftrace-pause-unpause-function-graph-trace.patch create mode 100644 queue-4.19/arm-9075-1-kernel-fix-interrupted-smc-calls.patch create mode 100644 queue-4.19/block-reexpand-iov_iter-after-read-write.patch create mode 100644 queue-4.19/ceph-fix-fscache-invalidation.patch create mode 100644 queue-4.19/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch create mode 100644 queue-4.19/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch create mode 100644 queue-4.19/input-silead-add-workaround-for-x86-bios-es-which-br.patch create mode 100644 queue-4.19/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch create mode 100644 queue-4.19/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch create mode 100644 queue-4.19/pci-thunder-fix-compile-testing.patch create mode 100644 queue-4.19/pinctrl-ingenic-improve-unreachable-code-generation.patch create mode 100644 queue-4.19/riscv-workaround-mcount-name-prior-to-clang-13.patch create mode 100644 queue-4.19/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch create mode 100644 queue-4.19/scsi-target-tcmu-return-from-tcmu_handle_completions.patch create mode 100644 queue-4.19/um-mark-all-kernel-symbols-as-local.patch create mode 100644 queue-4.19/xsk-simplify-detection-of-empty-and-full-rings.patch diff --git a/queue-4.19/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch b/queue-4.19/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch new file mode 100644 index 00000000000..95e05ec17da --- /dev/null +++ b/queue-4.19/acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch @@ -0,0 +1,43 @@ +From 1419a762da27b49965b753b594e6628dbc7d4d54 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:26:00 +0800 +Subject: ACPI / hotplug / PCI: Fix reference count leak in enable_slot() + +From: Feilong Lin + +[ Upstream commit 3bbfd319034ddce59e023837a4aa11439460509b ] + +In enable_slot(), if pci_get_slot() returns NULL, we clear the SLOT_ENABLED +flag. When pci_get_slot() finds a device, it increments the device's +reference count. In this case, we did not call pci_dev_put() to decrement +the reference count, so the memory of the device (struct pci_dev type) will +eventually leak. + +Call pci_dev_put() to decrement its reference count when pci_get_slot() +returns a PCI device. + +Link: https://lore.kernel.org/r/b411af88-5049-a1c6-83ac-d104a1f429be@huawei.com +Signed-off-by: Feilong Lin +Signed-off-by: Zhiqiang Liu +Signed-off-by: Bjorn Helgaas +Reviewed-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/pci/hotplug/acpiphp_glue.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/pci/hotplug/acpiphp_glue.c b/drivers/pci/hotplug/acpiphp_glue.c +index be35bbfa6968..3d8844e7090a 100644 +--- a/drivers/pci/hotplug/acpiphp_glue.c ++++ b/drivers/pci/hotplug/acpiphp_glue.c +@@ -540,6 +540,7 @@ static void enable_slot(struct acpiphp_slot *slot, bool bridge) + slot->flags &= ~SLOT_ENABLED; + continue; + } ++ pci_dev_put(dev); + } + } + +-- +2.30.2 + diff --git a/queue-4.19/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch b/queue-4.19/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch new file mode 100644 index 00000000000..0b9c136c91f --- /dev/null +++ b/queue-4.19/alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch @@ -0,0 +1,64 @@ +From c79e4891446611e8f842355503e13780c4abb6af Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 4 May 2021 15:39:17 +0800 +Subject: ALSA: hda: generic: change the DAC ctl name for LO+SPK or LO+HP + +From: Hui Wang + +[ Upstream commit f48652bbe3ae62ba2835a396b7e01f063e51c4cd ] + +Without this change, the DAC ctl's name could be changed only when +the machine has both Speaker and Headphone, but we met some machines +which only has Lineout and Headhpone, and the Lineout and Headphone +share the Audio Mixer0 and DAC0, the ctl's name is set to "Front". + +On most of machines, the "Front" is used for Speaker only or Lineout +only, but on this machine it is shared by Lineout and Headphone, +This introduces an issue in the pipewire and pulseaudio, suppose users +want the Headphone to be on and the Speaker/Lineout to be off, they +could turn off the "Front", this works on most of the machines, but on +this machine, the "Front" couldn't be turned off otherwise the +headphone will be off too. Here we do some change to let the ctl's +name change to "Headphone+LO" on this machine, and pipewire and +pulseaudio already could handle "Headphone+LO" and "Speaker+LO". +(https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/747) + +BugLink: http://bugs.launchpad.net/bugs/804178 +Signed-off-by: Hui Wang +Link: https://lore.kernel.org/r/20210504073917.22406-1-hui.wang@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Sasha Levin +--- + sound/pci/hda/hda_generic.c | 16 +++++++++++----- + 1 file changed, 11 insertions(+), 5 deletions(-) + +diff --git a/sound/pci/hda/hda_generic.c b/sound/pci/hda/hda_generic.c +index b9f7b23ae378..6099a9f1cb3d 100644 +--- a/sound/pci/hda/hda_generic.c ++++ b/sound/pci/hda/hda_generic.c +@@ -1214,11 +1214,17 @@ static const char *get_line_out_pfx(struct hda_codec *codec, int ch, + *index = ch; + return "Headphone"; + case AUTO_PIN_LINE_OUT: +- /* This deals with the case where we have two DACs and +- * one LO, one HP and one Speaker */ +- if (!ch && cfg->speaker_outs && cfg->hp_outs) { +- bool hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); +- bool spk_lo_shared = !path_has_mixer(codec, spec->speaker_paths[0], ctl_type); ++ /* This deals with the case where one HP or one Speaker or ++ * one HP + one Speaker need to share the DAC with LO ++ */ ++ if (!ch) { ++ bool hp_lo_shared = false, spk_lo_shared = false; ++ ++ if (cfg->speaker_outs) ++ spk_lo_shared = !path_has_mixer(codec, ++ spec->speaker_paths[0], ctl_type); ++ if (cfg->hp_outs) ++ hp_lo_shared = !path_has_mixer(codec, spec->hp_paths[0], ctl_type); + if (hp_lo_shared && spk_lo_shared) + return spec->vmaster_mute.hook ? "PCM" : "Master"; + if (hp_lo_shared) +-- +2.30.2 + diff --git a/queue-4.19/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch b/queue-4.19/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch new file mode 100644 index 00000000000..2b6873e15d3 --- /dev/null +++ b/queue-4.19/arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch @@ -0,0 +1,105 @@ +From b91eb5d486b0b87c1cc1c7c5eddf4011f1981c7c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Feb 2021 09:23:09 +0100 +Subject: ARM: 9058/1: cache-v7: refactor v7_invalidate_l1 to avoid clobbering + r5/r6 + +From: Ard Biesheuvel + +[ Upstream commit f9e7a99fb6b86aa6a00e53b34ee6973840e005aa ] + +The cache invalidation code in v7_invalidate_l1 can be tweaked to +re-read the associativity from CCSIDR, and keep the way identifier +component in a single register that is assigned in the outer loop. This +way, we need 2 registers less. + +Given that the number of sets is typically much larger than the +associativity, rearrange the code so that the outer loop has the fewer +number of iterations, ensuring that the re-read of CCSIDR only occurs a +handful of times in practice. + +Fix the whitespace while at it, and update the comment to indicate that +this code is no longer a clone of anything else. + +Acked-by: Nicolas Pitre +Signed-off-by: Ard Biesheuvel +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/mm/cache-v7.S | 51 +++++++++++++++++++++--------------------- + 1 file changed, 25 insertions(+), 26 deletions(-) + +diff --git a/arch/arm/mm/cache-v7.S b/arch/arm/mm/cache-v7.S +index 2149b47a0c5a..463965dc7922 100644 +--- a/arch/arm/mm/cache-v7.S ++++ b/arch/arm/mm/cache-v7.S +@@ -28,41 +28,40 @@ + * processor. We fix this by performing an invalidate, rather than a + * clean + invalidate, before jumping into the kernel. + * +- * This function is cloned from arch/arm/mach-tegra/headsmp.S, and needs +- * to be called for both secondary cores startup and primary core resume +- * procedures. ++ * This function needs to be called for both secondary cores startup and ++ * primary core resume procedures. + */ + ENTRY(v7_invalidate_l1) + mov r0, #0 + mcr p15, 2, r0, c0, c0, 0 + mrc p15, 1, r0, c0, c0, 0 + +- movw r1, #0x7fff +- and r2, r1, r0, lsr #13 ++ movw r3, #0x3ff ++ and r3, r3, r0, lsr #3 @ 'Associativity' in CCSIDR[12:3] ++ clz r1, r3 @ WayShift ++ mov r2, #1 ++ mov r3, r3, lsl r1 @ NumWays-1 shifted into bits [31:...] ++ movs r1, r2, lsl r1 @ #1 shifted left by same amount ++ moveq r1, #1 @ r1 needs value > 0 even if only 1 way + +- movw r1, #0x3ff ++ and r2, r0, #0x7 ++ add r2, r2, #4 @ SetShift + +- and r3, r1, r0, lsr #3 @ NumWays - 1 +- add r2, r2, #1 @ NumSets ++1: movw r4, #0x7fff ++ and r0, r4, r0, lsr #13 @ 'NumSets' in CCSIDR[27:13] + +- and r0, r0, #0x7 +- add r0, r0, #4 @ SetShift +- +- clz r1, r3 @ WayShift +- add r4, r3, #1 @ NumWays +-1: sub r2, r2, #1 @ NumSets-- +- mov r3, r4 @ Temp = NumWays +-2: subs r3, r3, #1 @ Temp-- +- mov r5, r3, lsl r1 +- mov r6, r2, lsl r0 +- orr r5, r5, r6 @ Reg = (Temp< +Date: Wed, 24 Feb 2021 13:25:53 +0100 +Subject: ARM: 9066/1: ftrace: pause/unpause function graph tracer in + cpu_suspend() + +From: louis.wang + +[ Upstream commit 8252ca87c7a2111502ee13994956f8c309faad7f ] + +Enabling function_graph tracer on ARM causes kernel panic, because the +function graph tracer updates the "return address" of a function in order +to insert a trace callback on function exit, it saves the function's +original return address in a return trace stack, but cpu_suspend() may not +return through the normal return path. + +cpu_suspend() will resume directly via the cpu_resume path, but the return +trace stack has been set-up by the subfunctions of cpu_suspend(), which +makes the "return address" inconsistent with cpu_suspend(). + +This patch refers to Commit de818bd4522c40ea02a81b387d2fa86f989c9623 +("arm64: kernel: pause/unpause function graph tracer in cpu_suspend()"), + +fixes the issue by pausing/resuming the function graph tracer on the thread +executing cpu_suspend(), so that the function graph tracer state is kept +consistent across functions that enter power down states and never return +by effectively disabling graph tracer while they are executing. + +Signed-off-by: louis.wang +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/suspend.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/kernel/suspend.c b/arch/arm/kernel/suspend.c +index d08099269e35..e126386fb78a 100644 +--- a/arch/arm/kernel/suspend.c ++++ b/arch/arm/kernel/suspend.c +@@ -1,4 +1,5 @@ + // SPDX-License-Identifier: GPL-2.0 ++#include + #include + #include + #include +@@ -26,6 +27,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + if (!idmap_pgd) + return -EINVAL; + ++ /* ++ * Function graph tracer state gets incosistent when the kernel ++ * calls functions that never return (aka suspend finishers) hence ++ * disable graph tracing during their execution. ++ */ ++ pause_graph_tracing(); ++ + /* + * Provide a temporary page table with an identity mapping for + * the MMU-enable code, required for resuming. On successful +@@ -33,6 +41,9 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + * back to the correct page tables. + */ + ret = __cpu_suspend(arg, fn, __mpidr); ++ ++ unpause_graph_tracing(); ++ + if (ret == 0) { + cpu_switch_mm(mm->pgd, mm); + local_flush_bp_all(); +@@ -46,7 +57,13 @@ int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + int cpu_suspend(unsigned long arg, int (*fn)(unsigned long)) + { + u32 __mpidr = cpu_logical_map(smp_processor_id()); +- return __cpu_suspend(arg, fn, __mpidr); ++ int ret; ++ ++ pause_graph_tracing(); ++ ret = __cpu_suspend(arg, fn, __mpidr); ++ unpause_graph_tracing(); ++ ++ return ret; + } + #define idmap_pgd NULL + #endif +-- +2.30.2 + diff --git a/queue-4.19/arm-9075-1-kernel-fix-interrupted-smc-calls.patch b/queue-4.19/arm-9075-1-kernel-fix-interrupted-smc-calls.patch new file mode 100644 index 00000000000..f38a4758be1 --- /dev/null +++ b/queue-4.19/arm-9075-1-kernel-fix-interrupted-smc-calls.patch @@ -0,0 +1,87 @@ +From d6e8031d26ef1ee9e921c86758b30e1d085d9259 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 14 Apr 2021 04:41:16 +0100 +Subject: ARM: 9075/1: kernel: Fix interrupted SMC calls + +From: Manivannan Sadhasivam + +[ Upstream commit 57ac51667d8cd62731223d687e5fe7b41c502f89 ] + +On Qualcomm ARM32 platforms, the SMC call can return before it has +completed. If this occurs, the call can be restarted, but it requires +using the returned session ID value from the interrupted SMC call. + +The ARM32 SMCC code already has the provision to add platform specific +quirks for things like this. So let's make use of it and add the +Qualcomm specific quirk (ARM_SMCCC_QUIRK_QCOM_A6) used by the QCOM_SCM +driver. + +This change is similar to the below one added for ARM64 a while ago: +commit 82bcd087029f ("firmware: qcom: scm: Fix interrupted SCM calls") + +Without this change, the Qualcomm ARM32 platforms like SDX55 will return +-EINVAL for SMC calls used for modem firmware loading and validation. + +Signed-off-by: Manivannan Sadhasivam +Reviewed-by: Bjorn Andersson +Signed-off-by: Russell King +Signed-off-by: Sasha Levin +--- + arch/arm/kernel/asm-offsets.c | 3 +++ + arch/arm/kernel/smccc-call.S | 11 ++++++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/kernel/asm-offsets.c b/arch/arm/kernel/asm-offsets.c +index ae85f67a6352..40afe953a0e2 100644 +--- a/arch/arm/kernel/asm-offsets.c ++++ b/arch/arm/kernel/asm-offsets.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include "signal.h" + + /* +@@ -159,6 +160,8 @@ int main(void) + DEFINE(SLEEP_SAVE_SP_PHYS, offsetof(struct sleep_save_sp, save_ptr_stash_phys)); + DEFINE(SLEEP_SAVE_SP_VIRT, offsetof(struct sleep_save_sp, save_ptr_stash)); + #endif ++ DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id)); ++ DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state)); + BLANK(); + DEFINE(DMA_BIDIRECTIONAL, DMA_BIDIRECTIONAL); + DEFINE(DMA_TO_DEVICE, DMA_TO_DEVICE); +diff --git a/arch/arm/kernel/smccc-call.S b/arch/arm/kernel/smccc-call.S +index e5d43066b889..13d307cd364c 100644 +--- a/arch/arm/kernel/smccc-call.S ++++ b/arch/arm/kernel/smccc-call.S +@@ -12,7 +12,9 @@ + * + */ + #include ++#include + ++#include + #include + #include + #include +@@ -36,7 +38,14 @@ UNWIND( .fnstart) + UNWIND( .save {r4-r7}) + ldm r12, {r4-r7} + \instr +- pop {r4-r7} ++ ldr r4, [sp, #36] ++ cmp r4, #0 ++ beq 1f // No quirk structure ++ ldr r5, [r4, #ARM_SMCCC_QUIRK_ID_OFFS] ++ cmp r5, #ARM_SMCCC_QUIRK_QCOM_A6 ++ bne 1f // No quirk present ++ str r6, [r4, #ARM_SMCCC_QUIRK_STATE_OFFS] ++1: pop {r4-r7} + ldr r12, [sp, #(4 * 4)] + stm r12, {r0-r3} + bx lr +-- +2.30.2 + diff --git a/queue-4.19/block-reexpand-iov_iter-after-read-write.patch b/queue-4.19/block-reexpand-iov_iter-after-read-write.patch new file mode 100644 index 00000000000..fa8ddc2a5e4 --- /dev/null +++ b/queue-4.19/block-reexpand-iov_iter-after-read-write.patch @@ -0,0 +1,171 @@ +From 609895e7f6c8f82f2c46f7d5aaeac5155f612ba5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 15:18:07 +0800 +Subject: block: reexpand iov_iter after read/write + +From: yangerkun + +[ Upstream commit cf7b39a0cbf6bf57aa07a008d46cf695add05b4c ] + +We get a bug: + +BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x11c/0x404 +lib/iov_iter.c:1139 +Read of size 8 at addr ffff0000d3fb11f8 by task + +CPU: 0 PID: 12582 Comm: syz-executor.2 Not tainted +5.10.0-00843-g352c8610ccd2 #2 +Hardware name: linux,dummy-virt (DT) +Call trace: + dump_backtrace+0x0/0x2d0 arch/arm64/kernel/stacktrace.c:132 + show_stack+0x28/0x34 arch/arm64/kernel/stacktrace.c:196 + __dump_stack lib/dump_stack.c:77 [inline] + dump_stack+0x110/0x164 lib/dump_stack.c:118 + print_address_description+0x78/0x5c8 mm/kasan/report.c:385 + __kasan_report mm/kasan/report.c:545 [inline] + kasan_report+0x148/0x1e4 mm/kasan/report.c:562 + check_memory_region_inline mm/kasan/generic.c:183 [inline] + __asan_load8+0xb4/0xbc mm/kasan/generic.c:252 + iov_iter_revert+0x11c/0x404 lib/iov_iter.c:1139 + io_read fs/io_uring.c:3421 [inline] + io_issue_sqe+0x2344/0x2d64 fs/io_uring.c:5943 + __io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260 + io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326 + io_submit_sqe fs/io_uring.c:6395 [inline] + io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624 + __do_sys_io_uring_enter fs/io_uring.c:9013 [inline] + __se_sys_io_uring_enter fs/io_uring.c:8960 [inline] + __arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960 + __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] + invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] + el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] + do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227 + el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 + el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 + el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 + +Allocated by task 12570: + stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 + kasan_save_stack mm/kasan/common.c:48 [inline] + kasan_set_track mm/kasan/common.c:56 [inline] + __kasan_kmalloc+0xdc/0x120 mm/kasan/common.c:461 + kasan_kmalloc+0xc/0x14 mm/kasan/common.c:475 + __kmalloc+0x23c/0x334 mm/slub.c:3970 + kmalloc include/linux/slab.h:557 [inline] + __io_alloc_async_data+0x68/0x9c fs/io_uring.c:3210 + io_setup_async_rw fs/io_uring.c:3229 [inline] + io_read fs/io_uring.c:3436 [inline] + io_issue_sqe+0x2954/0x2d64 fs/io_uring.c:5943 + __io_queue_sqe+0x19c/0x520 fs/io_uring.c:6260 + io_queue_sqe+0x2a4/0x590 fs/io_uring.c:6326 + io_submit_sqe fs/io_uring.c:6395 [inline] + io_submit_sqes+0x4c0/0xa04 fs/io_uring.c:6624 + __do_sys_io_uring_enter fs/io_uring.c:9013 [inline] + __se_sys_io_uring_enter fs/io_uring.c:8960 [inline] + __arm64_sys_io_uring_enter+0x190/0x708 fs/io_uring.c:8960 + __invoke_syscall arch/arm64/kernel/syscall.c:36 [inline] + invoke_syscall arch/arm64/kernel/syscall.c:48 [inline] + el0_svc_common arch/arm64/kernel/syscall.c:158 [inline] + do_el0_svc+0x120/0x290 arch/arm64/kernel/syscall.c:227 + el0_svc+0x1c/0x28 arch/arm64/kernel/entry-common.c:367 + el0_sync_handler+0x98/0x170 arch/arm64/kernel/entry-common.c:383 + el0_sync+0x140/0x180 arch/arm64/kernel/entry.S:670 + +Freed by task 12570: + stack_trace_save+0x80/0xb8 kernel/stacktrace.c:121 + kasan_save_stack mm/kasan/common.c:48 [inline] + kasan_set_track+0x38/0x6c mm/kasan/common.c:56 + kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:355 + __kasan_slab_free+0x124/0x150 mm/kasan/common.c:422 + kasan_slab_free+0x10/0x1c mm/kasan/common.c:431 + slab_free_hook mm/slub.c:1544 [inline] + slab_free_freelist_hook mm/slub.c:1577 [inline] + slab_free mm/slub.c:3142 [inline] + kfree+0x104/0x38c mm/slub.c:4124 + io_dismantle_req fs/io_uring.c:1855 [inline] + __io_free_req+0x70/0x254 fs/io_uring.c:1867 + io_put_req_find_next fs/io_uring.c:2173 [inline] + __io_queue_sqe+0x1fc/0x520 fs/io_uring.c:6279 + __io_req_task_submit+0x154/0x21c fs/io_uring.c:2051 + io_req_task_submit+0x2c/0x44 fs/io_uring.c:2063 + task_work_run+0xdc/0x128 kernel/task_work.c:151 + get_signal+0x6f8/0x980 kernel/signal.c:2562 + do_signal+0x108/0x3a4 arch/arm64/kernel/signal.c:658 + do_notify_resume+0xbc/0x25c arch/arm64/kernel/signal.c:722 + work_pending+0xc/0x180 + +blkdev_read_iter can truncate iov_iter's count since the count + pos may +exceed the size of the blkdev. This will confuse io_read that we have +consume the iovec. And once we do the iov_iter_revert in io_read, we +will trigger the slab-out-of-bounds. Fix it by reexpand the count with +size has been truncated. + +blkdev_write_iter can trigger the problem too. + +Signed-off-by: yangerkun +Acked-by: Pavel Begunkov +Link: https://lore.kernel.org/r/20210401071807.3328235-1-yangerkun@huawei.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/block_dev.c | 20 +++++++++++++++++--- + 1 file changed, 17 insertions(+), 3 deletions(-) + +diff --git a/fs/block_dev.c b/fs/block_dev.c +index 9f3faac49025..b34f76af59c4 100644 +--- a/fs/block_dev.c ++++ b/fs/block_dev.c +@@ -1919,6 +1919,7 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) + struct inode *bd_inode = bdev_file_inode(file); + loff_t size = i_size_read(bd_inode); + struct blk_plug plug; ++ size_t shorted = 0; + ssize_t ret; + + if (bdev_read_only(I_BDEV(bd_inode))) +@@ -1933,12 +1934,17 @@ ssize_t blkdev_write_iter(struct kiocb *iocb, struct iov_iter *from) + if ((iocb->ki_flags & (IOCB_NOWAIT | IOCB_DIRECT)) == IOCB_NOWAIT) + return -EOPNOTSUPP; + +- iov_iter_truncate(from, size - iocb->ki_pos); ++ size -= iocb->ki_pos; ++ if (iov_iter_count(from) > size) { ++ shorted = iov_iter_count(from) - size; ++ iov_iter_truncate(from, size); ++ } + + blk_start_plug(&plug); + ret = __generic_file_write_iter(iocb, from); + if (ret > 0) + ret = generic_write_sync(iocb, ret); ++ iov_iter_reexpand(from, iov_iter_count(from) + shorted); + blk_finish_plug(&plug); + return ret; + } +@@ -1950,13 +1956,21 @@ ssize_t blkdev_read_iter(struct kiocb *iocb, struct iov_iter *to) + struct inode *bd_inode = bdev_file_inode(file); + loff_t size = i_size_read(bd_inode); + loff_t pos = iocb->ki_pos; ++ size_t shorted = 0; ++ ssize_t ret; + + if (pos >= size) + return 0; + + size -= pos; +- iov_iter_truncate(to, size); +- return generic_file_read_iter(iocb, to); ++ if (iov_iter_count(to) > size) { ++ shorted = iov_iter_count(to) - size; ++ iov_iter_truncate(to, size); ++ } ++ ++ ret = generic_file_read_iter(iocb, to); ++ iov_iter_reexpand(to, iov_iter_count(to) + shorted); ++ return ret; + } + EXPORT_SYMBOL_GPL(blkdev_read_iter); + +-- +2.30.2 + diff --git a/queue-4.19/ceph-fix-fscache-invalidation.patch b/queue-4.19/ceph-fix-fscache-invalidation.patch new file mode 100644 index 00000000000..4677693e5a8 --- /dev/null +++ b/queue-4.19/ceph-fix-fscache-invalidation.patch @@ -0,0 +1,47 @@ +From 6b9690a13a63e005cf6791757a4655bd749277c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 21 Jan 2021 18:05:37 -0500 +Subject: ceph: fix fscache invalidation + +From: Jeff Layton + +[ Upstream commit 10a7052c7868bc7bc72d947f5aac6f768928db87 ] + +Ensure that we invalidate the fscache whenever we invalidate the +pagecache. + +Signed-off-by: Jeff Layton +Signed-off-by: Ilya Dryomov +Signed-off-by: Sasha Levin +--- + fs/ceph/caps.c | 1 + + fs/ceph/inode.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c +index 6e871a382209..918781c51f0b 100644 +--- a/fs/ceph/caps.c ++++ b/fs/ceph/caps.c +@@ -1779,6 +1779,7 @@ static int try_nonblocking_invalidate(struct inode *inode) + u32 invalidating_gen = ci->i_rdcache_gen; + + spin_unlock(&ci->i_ceph_lock); ++ ceph_fscache_invalidate(inode); + invalidate_mapping_pages(&inode->i_data, 0, -1); + spin_lock(&ci->i_ceph_lock); + +diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c +index 3c24fb77ef32..5f041fede7aa 100644 +--- a/fs/ceph/inode.c ++++ b/fs/ceph/inode.c +@@ -1823,6 +1823,7 @@ static void ceph_invalidate_work(struct work_struct *work) + orig_gen = ci->i_rdcache_gen; + spin_unlock(&ci->i_ceph_lock); + ++ ceph_fscache_invalidate(inode); + if (invalidate_inode_pages2(inode->i_mapping) < 0) { + pr_err("invalidate_pages %p fails\n", inode); + } +-- +2.30.2 + diff --git a/queue-4.19/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch b/queue-4.19/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch new file mode 100644 index 00000000000..a429fd1a197 --- /dev/null +++ b/queue-4.19/gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch @@ -0,0 +1,57 @@ +From 4072c1e5906732c7aca61bf467db1391b1d13f1e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 18:27:40 +0200 +Subject: gpiolib: acpi: Add quirk to ignore EC wakeups on Dell Venue 10 Pro + 5055 + +From: Hans de Goede + +[ Upstream commit da91ece226729c76f60708efc275ebd4716ad089 ] + +Like some other Bay and Cherry Trail SoC based devices the Dell Venue +10 Pro 5055 has an embedded-controller which uses ACPI GPIO events to +report events instead of using the standard ACPI EC interface for this. + +The EC interrupt is only used to report battery-level changes and +it keeps doing this while the system is suspended, causing the system +to not stay suspended. + +Add an ignore-wake quirk for the GPIO pin used by the EC to fix the +spurious wakeups from suspend. + +Signed-off-by: Hans de Goede +Acked-by: Andy Shevchenko +Signed-off-by: Andy Shevchenko +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpiolib-acpi.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/drivers/gpio/gpiolib-acpi.c b/drivers/gpio/gpiolib-acpi.c +index 4ad34c6803ad..b018909a4e46 100644 +--- a/drivers/gpio/gpiolib-acpi.c ++++ b/drivers/gpio/gpiolib-acpi.c +@@ -1355,6 +1355,20 @@ static const struct dmi_system_id gpiolib_acpi_quirks[] = { + .no_edge_events_on_boot = true, + }, + }, ++ { ++ /* ++ * The Dell Venue 10 Pro 5055, with Bay Trail SoC + TI PMIC uses an ++ * external embedded-controller connected via I2C + an ACPI GPIO ++ * event handler on INT33FFC:02 pin 12, causing spurious wakeups. ++ */ ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "Dell Inc."), ++ DMI_MATCH(DMI_PRODUCT_NAME, "Venue 10 Pro 5055"), ++ }, ++ .driver_data = &(struct acpi_gpiolib_dmi_quirk) { ++ .ignore_wake = "INT33FC:02@12", ++ }, ++ }, + { + /* + * HP X2 10 models with Cherry Trail SoC + TI PMIC use an +-- +2.30.2 + diff --git a/queue-4.19/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch b/queue-4.19/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch new file mode 100644 index 00000000000..69c926678dd --- /dev/null +++ b/queue-4.19/input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch @@ -0,0 +1,132 @@ +From 971c0bbadbdb2c30d002f2e1bbc88238753dfc9f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Apr 2021 22:29:07 -0700 +Subject: Input: elants_i2c - do not bind to i2c-hid compatible ACPI + instantiated devices + +From: Hans de Goede + +[ Upstream commit 65299e8bfb24774e6340e93ae49f6626598917c8 ] + +Several users have been reporting that elants_i2c gives several errors +during probe and that their touchscreen does not work on their Lenovo AMD +based laptops with a touchscreen with a ELAN0001 ACPI hardware-id: + +[ 0.550596] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vcc33 not found, using dummy regulator +[ 0.551836] elants_i2c i2c-ELAN0001:00: i2c-ELAN0001:00 supply vccio not found, using dummy regulator +[ 0.560932] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.562427] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.595925] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.597974] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.621893] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (77 77 77 77): -121 +[ 0.622504] elants_i2c i2c-ELAN0001:00: software reset failed: -121 +[ 0.632650] elants_i2c i2c-ELAN0001:00: elants_i2c_send failed (4d 61 69 6e): -121 +[ 0.634256] elants_i2c i2c-ELAN0001:00: boot failed: -121 +[ 0.699212] elants_i2c i2c-ELAN0001:00: invalid 'hello' packet: 00 00 ff ff +[ 1.630506] elants_i2c i2c-ELAN0001:00: Failed to read fw id: -121 +[ 1.645508] elants_i2c i2c-ELAN0001:00: unknown packet 00 00 ff ff + +Despite these errors, the elants_i2c driver stays bound to the device +(it returns 0 from its probe method despite the errors), blocking the +i2c-hid driver from binding. + +Manually unbinding the elants_i2c driver and binding the i2c-hid driver +makes the touchscreen work. + +Check if the ACPI-fwnode for the touchscreen contains one of the i2c-hid +compatiblity-id strings and if it has the I2C-HID spec's DSM to get the +HID descriptor address, If it has both then make elants_i2c not bind, +so that the i2c-hid driver can bind. + +This assumes that non of the (older) elan touchscreens which actually +need the elants_i2c driver falsely advertise an i2c-hid compatiblity-id ++ DSM in their ACPI-fwnodes. If some of them actually do have this +false advertising, then this change may lead to regressions. + +While at it also drop the unnecessary DEVICE_NAME prefixing of the +"I2C check functionality error", dev_err already outputs the driver-name. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207759 +Acked-by: Benjamin Tissoires +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210405202756.16830-1-hdegoede@redhat.com + +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/touchscreen/elants_i2c.c | 44 ++++++++++++++++++++++++-- + 1 file changed, 42 insertions(+), 2 deletions(-) + +diff --git a/drivers/input/touchscreen/elants_i2c.c b/drivers/input/touchscreen/elants_i2c.c +index d21ca39b0fdb..adfae2d88707 100644 +--- a/drivers/input/touchscreen/elants_i2c.c ++++ b/drivers/input/touchscreen/elants_i2c.c +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + #include + + /* Device, Driver information */ +@@ -1131,6 +1132,40 @@ static void elants_i2c_power_off(void *_data) + } + } + ++#ifdef CONFIG_ACPI ++static const struct acpi_device_id i2c_hid_ids[] = { ++ {"ACPI0C50", 0 }, ++ {"PNP0C50", 0 }, ++ { }, ++}; ++ ++static const guid_t i2c_hid_guid = ++ GUID_INIT(0x3CDFF6F7, 0x4267, 0x4555, ++ 0xAD, 0x05, 0xB3, 0x0A, 0x3D, 0x89, 0x38, 0xDE); ++ ++static bool elants_acpi_is_hid_device(struct device *dev) ++{ ++ acpi_handle handle = ACPI_HANDLE(dev); ++ union acpi_object *obj; ++ ++ if (acpi_match_device_ids(ACPI_COMPANION(dev), i2c_hid_ids)) ++ return false; ++ ++ obj = acpi_evaluate_dsm_typed(handle, &i2c_hid_guid, 1, 1, NULL, ACPI_TYPE_INTEGER); ++ if (obj) { ++ ACPI_FREE(obj); ++ return true; ++ } ++ ++ return false; ++} ++#else ++static bool elants_acpi_is_hid_device(struct device *dev) ++{ ++ return false; ++} ++#endif ++ + static int elants_i2c_probe(struct i2c_client *client, + const struct i2c_device_id *id) + { +@@ -1139,9 +1174,14 @@ static int elants_i2c_probe(struct i2c_client *client, + unsigned long irqflags; + int error; + ++ /* Don't bind to i2c-hid compatible devices, these are handled by the i2c-hid drv. */ ++ if (elants_acpi_is_hid_device(&client->dev)) { ++ dev_warn(&client->dev, "This device appears to be an I2C-HID device, not binding\n"); ++ return -ENODEV; ++ } ++ + if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) { +- dev_err(&client->dev, +- "%s: i2c check functionality error\n", DEVICE_NAME); ++ dev_err(&client->dev, "I2C check functionality error\n"); + return -ENXIO; + } + +-- +2.30.2 + diff --git a/queue-4.19/input-silead-add-workaround-for-x86-bios-es-which-br.patch b/queue-4.19/input-silead-add-workaround-for-x86-bios-es-which-br.patch new file mode 100644 index 00000000000..5e26f8a686a --- /dev/null +++ b/queue-4.19/input-silead-add-workaround-for-x86-bios-es-which-br.patch @@ -0,0 +1,128 @@ +From 1f4cafe360514b0d9491ad36ac7d80943393b5eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Apr 2021 22:29:49 -0700 +Subject: Input: silead - add workaround for x86 BIOS-es which bring the chip + up in a stuck state + +From: Hans de Goede + +[ Upstream commit e479187748a8f151a85116a7091c599b121fdea5 ] + +Some buggy BIOS-es bring up the touchscreen-controller in a stuck +state where it blocks the I2C bus. Specifically this happens on +the Jumper EZpad 7 tablet model. + +After much poking at this problem I have found that the following steps +are necessary to unstuck the chip / bus: + +1. Turn off the Silead chip. +2. Try to do an I2C transfer with the chip, this will fail in response to + which the I2C-bus-driver will call: i2c_recover_bus() which will unstuck + the I2C-bus. Note the unstuck-ing of the I2C bus only works if we first + drop the chip of the bus by turning it off. +3. Turn the chip back on. + +On the x86/ACPI systems were this problem is seen, step 1. and 3. require +making ACPI calls and dealing with ACPI Power Resources. This commit adds +a workaround which runtime-suspends the chip to turn it off, leaving it up +to the ACPI subsystem to deal with all the ACPI specific details. + +There is no good way to detect this bug, so the workaround gets activated +by a new "silead,stuck-controller-bug" boolean device-property. Since this +is only used on x86/ACPI, this will be set by model specific device-props +set by drivers/platform/x86/touchscreen_dmi.c. Therefor this new +device-property is not documented in the DT-bindings. + +Dmesg will contain the following messages on systems where the workaround +is activated: + +[ 54.309029] silead_ts i2c-MSSL1680:00: [Firmware Bug]: Stuck I2C bus: please ignore the next 'controller timed out' error +[ 55.373593] i2c_designware 808622C1:04: controller timed out +[ 55.582186] silead_ts i2c-MSSL1680:00: Silead chip ID: 0x80360000 + +Signed-off-by: Hans de Goede +Link: https://lore.kernel.org/r/20210405202745.16777-1-hdegoede@redhat.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/touchscreen/silead.c | 44 +++++++++++++++++++++++++++--- + 1 file changed, 40 insertions(+), 4 deletions(-) + +diff --git a/drivers/input/touchscreen/silead.c b/drivers/input/touchscreen/silead.c +index 06f0eb04a8fd..a787a6aefc69 100644 +--- a/drivers/input/touchscreen/silead.c ++++ b/drivers/input/touchscreen/silead.c +@@ -28,6 +28,7 @@ + #include + #include + #include ++#include + #include + #include + +@@ -343,10 +344,8 @@ static int silead_ts_get_id(struct i2c_client *client) + + error = i2c_smbus_read_i2c_block_data(client, SILEAD_REG_ID, + sizeof(chip_id), (u8 *)&chip_id); +- if (error < 0) { +- dev_err(&client->dev, "Chip ID read error %d\n", error); ++ if (error < 0) + return error; +- } + + data->chip_id = le32_to_cpu(chip_id); + dev_info(&client->dev, "Silead chip ID: 0x%8X", data->chip_id); +@@ -359,12 +358,49 @@ static int silead_ts_setup(struct i2c_client *client) + int error; + u32 status; + ++ /* ++ * Some buggy BIOS-es bring up the chip in a stuck state where it ++ * blocks the I2C bus. The following steps are necessary to ++ * unstuck the chip / bus: ++ * 1. Turn off the Silead chip. ++ * 2. Try to do an I2C transfer with the chip, this will fail in ++ * response to which the I2C-bus-driver will call: ++ * i2c_recover_bus() which will unstuck the I2C-bus. Note the ++ * unstuck-ing of the I2C bus only works if we first drop the ++ * chip off the bus by turning it off. ++ * 3. Turn the chip back on. ++ * ++ * On the x86/ACPI systems were this problem is seen, step 1. and ++ * 3. require making ACPI calls and dealing with ACPI Power ++ * Resources. The workaround below runtime-suspends the chip to ++ * turn it off, leaving it up to the ACPI subsystem to deal with ++ * this. ++ */ ++ ++ if (device_property_read_bool(&client->dev, ++ "silead,stuck-controller-bug")) { ++ pm_runtime_set_active(&client->dev); ++ pm_runtime_enable(&client->dev); ++ pm_runtime_allow(&client->dev); ++ ++ pm_runtime_suspend(&client->dev); ++ ++ dev_warn(&client->dev, FW_BUG "Stuck I2C bus: please ignore the next 'controller timed out' error\n"); ++ silead_ts_get_id(client); ++ ++ /* The forbid will also resume the device */ ++ pm_runtime_forbid(&client->dev); ++ pm_runtime_disable(&client->dev); ++ } ++ + silead_ts_set_power(client, SILEAD_POWER_OFF); + silead_ts_set_power(client, SILEAD_POWER_ON); + + error = silead_ts_get_id(client); +- if (error) ++ if (error) { ++ dev_err(&client->dev, "Chip ID read error %d\n", error); + return error; ++ } + + error = silead_ts_init(client); + if (error) +-- +2.30.2 + diff --git a/queue-4.19/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch b/queue-4.19/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch new file mode 100644 index 00000000000..295f41b3858 --- /dev/null +++ b/queue-4.19/lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch @@ -0,0 +1,80 @@ +From f0e281e004c04b84669a9fe2694065be5b23f87a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 May 2021 18:03:40 -0700 +Subject: lib: stackdepot: turn depot_lock spinlock to raw_spinlock + +From: Zqiang + +[ Upstream commit 78564b9434878d686c5f88c4488b20cccbcc42bc ] + +In RT system, the spin_lock will be replaced by sleepable rt_mutex lock, +in __call_rcu(), disable interrupts before calling +kasan_record_aux_stack(), will trigger this calltrace: + + BUG: sleeping function called from invalid context at kernel/locking/rtmutex.c:951 + in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 19, name: pgdatinit0 + Call Trace: + ___might_sleep.cold+0x1b2/0x1f1 + rt_spin_lock+0x3b/0xb0 + stack_depot_save+0x1b9/0x440 + kasan_save_stack+0x32/0x40 + kasan_record_aux_stack+0xa5/0xb0 + __call_rcu+0x117/0x880 + __exit_signal+0xafb/0x1180 + release_task+0x1d6/0x480 + exit_notify+0x303/0x750 + do_exit+0x678/0xcf0 + kthread+0x364/0x4f0 + ret_from_fork+0x22/0x30 + +Replace spinlock with raw_spinlock. + +Link: https://lkml.kernel.org/r/20210329084009.27013-1-qiang.zhang@windriver.com +Signed-off-by: Zqiang +Reported-by: Andrew Halaney +Cc: Alexander Potapenko +Cc: Gustavo A. R. Silva +Cc: Vijayanand Jitta +Cc: Vinayak Menon +Cc: Yogesh Lal +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + lib/stackdepot.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/stackdepot.c b/lib/stackdepot.c +index 3376a3291186..d0f1b7d0ce2e 100644 +--- a/lib/stackdepot.c ++++ b/lib/stackdepot.c +@@ -78,7 +78,7 @@ static void *stack_slabs[STACK_ALLOC_MAX_SLABS]; + static int depot_index; + static int next_slab_inited; + static size_t depot_offset; +-static DEFINE_SPINLOCK(depot_lock); ++static DEFINE_RAW_SPINLOCK(depot_lock); + + static bool init_stack_slab(void **prealloc) + { +@@ -266,7 +266,7 @@ depot_stack_handle_t depot_save_stack(struct stack_trace *trace, + prealloc = page_address(page); + } + +- spin_lock_irqsave(&depot_lock, flags); ++ raw_spin_lock_irqsave(&depot_lock, flags); + + found = find_stack(*bucket, trace->entries, trace->nr_entries, hash); + if (!found) { +@@ -290,7 +290,7 @@ depot_stack_handle_t depot_save_stack(struct stack_trace *trace, + WARN_ON(!init_stack_slab(&prealloc)); + } + +- spin_unlock_irqrestore(&depot_lock, flags); ++ raw_spin_unlock_irqrestore(&depot_lock, flags); + exit: + if (prealloc) { + /* Nobody used this memory, ok to free it. */ +-- +2.30.2 + diff --git a/queue-4.19/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch b/queue-4.19/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch new file mode 100644 index 00000000000..e231c7ed259 --- /dev/null +++ b/queue-4.19/net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch @@ -0,0 +1,94 @@ +From e431cb8cb5591721c9b1d3e08f516232dd1da24a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 6 May 2021 16:33:12 +0200 +Subject: net: stmmac: Do not enable RX FIFO overflow interrupts + +From: Yannick Vignon + +[ Upstream commit 8a7cb245cf28cb3e541e0d6c8624b95d079e155b ] + +The RX FIFO overflows when the system is not able to process all received +packets and they start accumulating (first in the DMA queue in memory, +then in the FIFO). An interrupt is then raised for each overflowing packet +and handled in stmmac_interrupt(). This is counter-productive, since it +brings the system (or more likely, one CPU core) to its knees to process +the FIFO overflow interrupts. + +stmmac_interrupt() handles overflow interrupts by writing the rx tail ptr +into the corresponding hardware register (according to the MAC spec, this +has the effect of restarting the MAC DMA). However, without freeing any rx +descriptors, the DMA stops right away, and another overflow interrupt is +raised as the FIFO overflows again. Since the DMA is already restarted at +the end of stmmac_rx_refill() after freeing descriptors, disabling FIFO +overflow interrupts and the corresponding handling code has no side effect, +and eliminates the interrupt storm when the RX FIFO overflows. + +Signed-off-by: Yannick Vignon +Link: https://lore.kernel.org/r/20210506143312.20784-1-yannick.vignon@oss.nxp.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 7 +------ + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 14 ++------------ + 2 files changed, 3 insertions(+), 18 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +index 8c3780d1105f..232efe17ac2c 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +@@ -214,7 +214,7 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode, + u32 channel, int fifosz, u8 qmode) + { + unsigned int rqs = fifosz / 256 - 1; +- u32 mtl_rx_op, mtl_rx_int; ++ u32 mtl_rx_op; + + mtl_rx_op = readl(ioaddr + MTL_CHAN_RX_OP_MODE(channel)); + +@@ -285,11 +285,6 @@ static void dwmac4_dma_rx_chan_op_mode(void __iomem *ioaddr, int mode, + } + + writel(mtl_rx_op, ioaddr + MTL_CHAN_RX_OP_MODE(channel)); +- +- /* Enable MTL RX overflow */ +- mtl_rx_int = readl(ioaddr + MTL_CHAN_INT_CTRL(channel)); +- writel(mtl_rx_int | MTL_RX_OVERFLOW_INT_EN, +- ioaddr + MTL_CHAN_INT_CTRL(channel)); + } + + static void dwmac4_dma_tx_chan_op_mode(void __iomem *ioaddr, int mode, +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index a1443d7197e8..af59761ddfa0 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -3706,7 +3706,6 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id) + /* To handle GMAC own interrupts */ + if ((priv->plat->has_gmac) || xmac) { + int status = stmmac_host_irq_status(priv, priv->hw, &priv->xstats); +- int mtl_status; + + if (unlikely(status)) { + /* For LPI we need to save the tx status */ +@@ -3717,17 +3716,8 @@ static irqreturn_t stmmac_interrupt(int irq, void *dev_id) + } + + for (queue = 0; queue < queues_count; queue++) { +- struct stmmac_rx_queue *rx_q = &priv->rx_queue[queue]; +- +- mtl_status = stmmac_host_mtl_irq_status(priv, priv->hw, +- queue); +- if (mtl_status != -EINVAL) +- status |= mtl_status; +- +- if (status & CORE_IRQ_MTL_RX_OVERFLOW) +- stmmac_set_rx_tail_ptr(priv, priv->ioaddr, +- rx_q->rx_tail_addr, +- queue); ++ status = stmmac_host_mtl_irq_status(priv, priv->hw, ++ queue); + } + + /* PCS link status */ +-- +2.30.2 + diff --git a/queue-4.19/pci-thunder-fix-compile-testing.patch b/queue-4.19/pci-thunder-fix-compile-testing.patch new file mode 100644 index 00000000000..ceba30195a8 --- /dev/null +++ b/queue-4.19/pci-thunder-fix-compile-testing.patch @@ -0,0 +1,101 @@ +From bcee98bdcc46b78bd51800b874c87d93420ec42d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 16:24:47 +0100 +Subject: PCI: thunder: Fix compile testing + +From: Arnd Bergmann + +[ Upstream commit 16f7ae5906dfbeff54f74ec75d0563bb3a87ab0b ] + +Compile-testing these drivers is currently broken. Enabling it causes a +couple of build failures though: + + drivers/pci/controller/pci-thunder-ecam.c:119:30: error: shift count >= width of type [-Werror,-Wshift-count-overflow] + drivers/pci/controller/pci-thunder-pem.c:54:2: error: implicit declaration of function 'writeq' [-Werror,-Wimplicit-function-declaration] + drivers/pci/controller/pci-thunder-pem.c:392:8: error: implicit declaration of function 'acpi_get_rc_resources' [-Werror,-Wimplicit-function-declaration] + +Fix them with the obvious one-line changes. + +Link: https://lore.kernel.org/r/20210308152501.2135937-2-arnd@kernel.org +Signed-off-by: Arnd Bergmann +Signed-off-by: Bjorn Helgaas +Reviewed-by: Kuppuswamy Sathyanarayanan +Reviewed-by: Robert Richter +Signed-off-by: Sasha Levin +--- + drivers/pci/controller/pci-thunder-ecam.c | 2 +- + drivers/pci/controller/pci-thunder-pem.c | 13 +++++++------ + drivers/pci/pci.h | 6 ++++++ + 3 files changed, 14 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/controller/pci-thunder-ecam.c b/drivers/pci/controller/pci-thunder-ecam.c +index 32d1d7b81ef4..18715d2ce022 100644 +--- a/drivers/pci/controller/pci-thunder-ecam.c ++++ b/drivers/pci/controller/pci-thunder-ecam.c +@@ -116,7 +116,7 @@ static int thunder_ecam_p2_config_read(struct pci_bus *bus, unsigned int devfn, + * the config space access window. Since we are working with + * the high-order 32 bits, shift everything down by 32 bits. + */ +- node_bits = (cfg->res.start >> 32) & (1 << 12); ++ node_bits = upper_32_bits(cfg->res.start) & (1 << 12); + + v |= node_bits; + set_val(v, where, size, val); +diff --git a/drivers/pci/controller/pci-thunder-pem.c b/drivers/pci/controller/pci-thunder-pem.c +index f127ce8bd4ef..1650ec2c35f9 100644 +--- a/drivers/pci/controller/pci-thunder-pem.c ++++ b/drivers/pci/controller/pci-thunder-pem.c +@@ -11,6 +11,7 @@ + #include + #include + #include ++#include + #include "../pci.h" + + #if defined(CONFIG_PCI_HOST_THUNDER_PEM) || (defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS)) +@@ -314,9 +315,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg, + * structure here for the BAR. + */ + bar4_start = res_pem->start + 0xf00000; +- pem_pci->ea_entry[0] = (u32)bar4_start | 2; +- pem_pci->ea_entry[1] = (u32)(res_pem->end - bar4_start) & ~3u; +- pem_pci->ea_entry[2] = (u32)(bar4_start >> 32); ++ pem_pci->ea_entry[0] = lower_32_bits(bar4_start) | 2; ++ pem_pci->ea_entry[1] = lower_32_bits(res_pem->end - bar4_start) & ~3u; ++ pem_pci->ea_entry[2] = upper_32_bits(bar4_start); + + cfg->priv = pem_pci; + return 0; +@@ -324,9 +325,9 @@ static int thunder_pem_init(struct device *dev, struct pci_config_window *cfg, + + #if defined(CONFIG_ACPI) && defined(CONFIG_PCI_QUIRKS) + +-#define PEM_RES_BASE 0x87e0c0000000UL +-#define PEM_NODE_MASK GENMASK(45, 44) +-#define PEM_INDX_MASK GENMASK(26, 24) ++#define PEM_RES_BASE 0x87e0c0000000ULL ++#define PEM_NODE_MASK GENMASK_ULL(45, 44) ++#define PEM_INDX_MASK GENMASK_ULL(26, 24) + #define PEM_MIN_DOM_IN_NODE 4 + #define PEM_MAX_DOM_IN_NODE 10 + +diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h +index e9ede82ee2c2..39725b71300f 100644 +--- a/drivers/pci/pci.h ++++ b/drivers/pci/pci.h +@@ -473,6 +473,12 @@ static inline int pci_dev_specific_reset(struct pci_dev *dev, int probe) + #if defined(CONFIG_PCI_QUIRKS) && defined(CONFIG_ARM64) + int acpi_get_rc_resources(struct device *dev, const char *hid, u16 segment, + struct resource *res); ++#else ++static inline int acpi_get_rc_resources(struct device *dev, const char *hid, ++ u16 segment, struct resource *res) ++{ ++ return -ENODEV; ++} + #endif + + u32 pci_rebar_get_possible_sizes(struct pci_dev *pdev, int bar); +-- +2.30.2 + diff --git a/queue-4.19/pinctrl-ingenic-improve-unreachable-code-generation.patch b/queue-4.19/pinctrl-ingenic-improve-unreachable-code-generation.patch new file mode 100644 index 00000000000..f6590d83361 --- /dev/null +++ b/queue-4.19/pinctrl-ingenic-improve-unreachable-code-generation.patch @@ -0,0 +1,67 @@ +From 8e84e36af1e2ec967f74863f06dfe3ca82eefbbb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Feb 2020 09:35:09 -0600 +Subject: pinctrl: ingenic: Improve unreachable code generation + +From: Josh Poimboeuf + +[ Upstream commit d6d43a92172085a2681e06a0d06aac53c7bcdd12 ] + +In the second loop of ingenic_pinconf_set(), it annotates the switch +default case as unreachable(). The annotation is technically correct, +because that same case would have resulted in an early function return +in the previous loop. + +However, the compiled code is suboptimal. GCC seems to work extra hard +to ensure that the unreachable code path triggers undefined behavior. +The function would fall through to start executing whatever function +happens to be next in the compilation unit. + +This is problematic because: + + a) it adds unnecessary 'ensure undefined behavior' logic, and + corresponding i-cache footprint; and + + b) it's less robust -- if a bug were to be introduced, falling through + to the next function would be catastrophic. + +Yet another issue is that, while objtool normally understands +unreachable() annotations, there's one special case where it doesn't: +when the annotation occurs immediately after a 'ret' instruction. That +happens to be the case here because unreachable() is immediately before +the return. + +Remove the unreachable() annotation and replace it with a comment. This +simplifies the code generation and changes the unreachable error path to +just silently return instead of corrupting execution. + +This fixes the following objtool warning: + + drivers/pinctrl/pinctrl-ingenic.o: warning: objtool: ingenic_pinconf_set() falls through to next function ingenic_pinconf_group_set() + +Reported-by: Randy Dunlap +Signed-off-by: Josh Poimboeuf +Link: https://lore.kernel.org/r/bc20fdbcb826512cf76b7dfd0972740875931b19.1582212881.git.jpoimboe@redhat.com +Signed-off-by: Linus Walleij +Signed-off-by: Sasha Levin +--- + drivers/pinctrl/pinctrl-ingenic.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/pinctrl/pinctrl-ingenic.c b/drivers/pinctrl/pinctrl-ingenic.c +index a5accffbc8c9..babf6d011264 100644 +--- a/drivers/pinctrl/pinctrl-ingenic.c ++++ b/drivers/pinctrl/pinctrl-ingenic.c +@@ -642,7 +642,8 @@ static int ingenic_pinconf_set(struct pinctrl_dev *pctldev, unsigned int pin, + break; + + default: +- unreachable(); ++ /* unreachable */ ++ break; + } + } + +-- +2.30.2 + diff --git a/queue-4.19/riscv-workaround-mcount-name-prior-to-clang-13.patch b/queue-4.19/riscv-workaround-mcount-name-prior-to-clang-13.patch new file mode 100644 index 00000000000..6f7c2326fd4 --- /dev/null +++ b/queue-4.19/riscv-workaround-mcount-name-prior-to-clang-13.patch @@ -0,0 +1,123 @@ +From abedbc23795ba136aa92418bdb5cd6e4962d3fb8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:38:06 -0700 +Subject: riscv: Workaround mcount name prior to clang-13 + +From: Nathan Chancellor + +[ Upstream commit 7ce04771503074a7de7f539cc43f5e1b385cb99b ] + +Prior to clang 13.0.0, the RISC-V name for the mcount symbol was +"mcount", which differs from the GCC version of "_mcount", which results +in the following errors: + +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_level': +main.c:(.text+0xe): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_start': +main.c:(.text+0x4e): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `__traceiter_initcall_finish': +main.c:(.text+0x92): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `.LBB32_28': +main.c:(.text+0x30c): undefined reference to `mcount' +riscv64-linux-gnu-ld: init/main.o: in function `free_initmem': +main.c:(.text+0x54c): undefined reference to `mcount' + +This has been corrected in https://reviews.llvm.org/D98881 but the +minimum supported clang version is 10.0.1. To avoid build errors and to +gain a working function tracer, adjust the name of the mcount symbol for +older versions of clang in mount.S and recordmcount.pl. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1331 +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/include/asm/ftrace.h | 14 ++++++++++++-- + arch/riscv/kernel/mcount.S | 10 +++++----- + scripts/recordmcount.pl | 2 +- + 3 files changed, 18 insertions(+), 8 deletions(-) + +diff --git a/arch/riscv/include/asm/ftrace.h b/arch/riscv/include/asm/ftrace.h +index 02fbc175142e..693c3839a7df 100644 +--- a/arch/riscv/include/asm/ftrace.h ++++ b/arch/riscv/include/asm/ftrace.h +@@ -10,9 +10,19 @@ + #endif + #define HAVE_FUNCTION_GRAPH_RET_ADDR_PTR + ++/* ++ * Clang prior to 13 had "mcount" instead of "_mcount": ++ * https://reviews.llvm.org/D98881 ++ */ ++#if defined(CONFIG_CC_IS_GCC) || CONFIG_CLANG_VERSION >= 130000 ++#define MCOUNT_NAME _mcount ++#else ++#define MCOUNT_NAME mcount ++#endif ++ + #define ARCH_SUPPORTS_FTRACE_OPS 1 + #ifndef __ASSEMBLY__ +-void _mcount(void); ++void MCOUNT_NAME(void); + static inline unsigned long ftrace_call_adjust(unsigned long addr) + { + return addr; +@@ -33,7 +43,7 @@ struct dyn_arch_ftrace { + * both auipc and jalr at the same time. + */ + +-#define MCOUNT_ADDR ((unsigned long)_mcount) ++#define MCOUNT_ADDR ((unsigned long)MCOUNT_NAME) + #define JALR_SIGN_MASK (0x00000800) + #define JALR_OFFSET_MASK (0x00000fff) + #define AUIPC_OFFSET_MASK (0xfffff000) +diff --git a/arch/riscv/kernel/mcount.S b/arch/riscv/kernel/mcount.S +index 5721624886a1..fabddee90d1b 100644 +--- a/arch/riscv/kernel/mcount.S ++++ b/arch/riscv/kernel/mcount.S +@@ -47,8 +47,8 @@ + + ENTRY(ftrace_stub) + #ifdef CONFIG_DYNAMIC_FTRACE +- .global _mcount +- .set _mcount, ftrace_stub ++ .global MCOUNT_NAME ++ .set MCOUNT_NAME, ftrace_stub + #endif + ret + ENDPROC(ftrace_stub) +@@ -79,7 +79,7 @@ EXPORT_SYMBOL(return_to_handler) + #endif + + #ifndef CONFIG_DYNAMIC_FTRACE +-ENTRY(_mcount) ++ENTRY(MCOUNT_NAME) + la t4, ftrace_stub + #ifdef CONFIG_FUNCTION_GRAPH_TRACER + la t0, ftrace_graph_return +@@ -125,6 +125,6 @@ do_trace: + jalr t5 + RESTORE_ABI_STATE + ret +-ENDPROC(_mcount) ++ENDPROC(MCOUNT_NAME) + #endif +-EXPORT_SYMBOL(_mcount) ++EXPORT_SYMBOL(MCOUNT_NAME) +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl +index bc12e12e4b3a..657e69125a46 100755 +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -395,7 +395,7 @@ if ($arch eq "x86_64") { + $mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$"; + } elsif ($arch eq "riscv") { + $function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:"; +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_?mcount\$"; + $type = ".quad"; + $alignment = 2; + } elsif ($arch eq "nds32") { +-- +2.30.2 + diff --git a/queue-4.19/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch b/queue-4.19/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch new file mode 100644 index 00000000000..18278774077 --- /dev/null +++ b/queue-4.19/scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch @@ -0,0 +1,43 @@ +From 57e50d7b77a403959c3c7ec88b107d3340ad76b7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 15:38:05 -0700 +Subject: scripts/recordmcount.pl: Fix RISC-V regex for clang + +From: Nathan Chancellor + +[ Upstream commit 2f095504f4b9cf75856d6a9cf90299cf75aa46c5 ] + +Clang can generate R_RISCV_CALL_PLT relocations to _mcount: + +$ llvm-objdump -dr build/riscv/init/main.o | rg mcount + 000000000000000e: R_RISCV_CALL_PLT _mcount + 000000000000004e: R_RISCV_CALL_PLT _mcount + +After this, the __start_mcount_loc section is properly generated and +function tracing still works. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1331 +Signed-off-by: Nathan Chancellor +Reviewed-by: Fangrui Song +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + scripts/recordmcount.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/recordmcount.pl b/scripts/recordmcount.pl +index 9a8fe8ea6b03..bc12e12e4b3a 100755 +--- a/scripts/recordmcount.pl ++++ b/scripts/recordmcount.pl +@@ -395,7 +395,7 @@ if ($arch eq "x86_64") { + $mcount_regex = "^\\s*([0-9a-fA-F]+):.*\\s_mcount\$"; + } elsif ($arch eq "riscv") { + $function_regex = "^([0-9a-fA-F]+)\\s+<([^.0-9][0-9a-zA-Z_\\.]+)>:"; +- $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL\\s_mcount\$"; ++ $mcount_regex = "^\\s*([0-9a-fA-F]+):\\sR_RISCV_CALL(_PLT)?\\s_mcount\$"; + $type = ".quad"; + $alignment = 2; + } elsif ($arch eq "nds32") { +-- +2.30.2 + diff --git a/queue-4.19/scsi-target-tcmu-return-from-tcmu_handle_completions.patch b/queue-4.19/scsi-target-tcmu-return-from-tcmu_handle_completions.patch new file mode 100644 index 00000000000..8e04c903e8e --- /dev/null +++ b/queue-4.19/scsi-target-tcmu-return-from-tcmu_handle_completions.patch @@ -0,0 +1,52 @@ +From a08393e9be145c97c4fa4b89fc57219267c8b8d4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 23 Apr 2021 17:01:23 +0200 +Subject: scsi: target: tcmu: Return from tcmu_handle_completions() if cmd_id + not found + +From: Bodo Stroesser + +[ Upstream commit 9814b55cde0588b6d9bc496cee43f87316cbc6f1 ] + +If tcmu_handle_completions() finds an invalid cmd_id while looping over cmd +responses from userspace it sets TCMU_DEV_BIT_BROKEN and breaks the +loop. This means that it does further handling for the tcmu device. + +Skip that handling by replacing 'break' with 'return'. + +Additionally change tcmu_handle_completions() from unsigned int to bool, +since the value used in return already is bool. + +Link: https://lore.kernel.org/r/20210423150123.24468-1-bostroesser@gmail.com +Signed-off-by: Bodo Stroesser +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_user.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/target/target_core_user.c b/drivers/target/target_core_user.c +index 0219b5a865be..dd7307375504 100644 +--- a/drivers/target/target_core_user.c ++++ b/drivers/target/target_core_user.c +@@ -1216,7 +1216,7 @@ static void tcmu_set_next_deadline(struct list_head *queue, + del_timer(timer); + } + +-static unsigned int tcmu_handle_completions(struct tcmu_dev *udev) ++static bool tcmu_handle_completions(struct tcmu_dev *udev) + { + struct tcmu_mailbox *mb; + struct tcmu_cmd *cmd; +@@ -1256,7 +1256,7 @@ static unsigned int tcmu_handle_completions(struct tcmu_dev *udev) + pr_err("cmd_id %u not found, ring is broken\n", + entry->hdr.cmd_id); + set_bit(TCMU_DEV_BIT_BROKEN, &udev->flags); +- break; ++ return false; + } + + tcmu_handle_completion(cmd, entry); +-- +2.30.2 + diff --git a/queue-4.19/series b/queue-4.19/series index bcf8dc1510c..ea3c394a5ae 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -397,3 +397,22 @@ kgdb-fix-gcc-11-warning-on-indentation.patch usb-sl811-hcd-improve-misleading-indentation.patch cxgb4-fix-the-wmisleading-indentation-warning.patch isdn-capi-fix-mismatched-prototypes.patch +pinctrl-ingenic-improve-unreachable-code-generation.patch +xsk-simplify-detection-of-empty-and-full-rings.patch +arm-9058-1-cache-v7-refactor-v7_invalidate_l1-to-avo.patch +pci-thunder-fix-compile-testing.patch +arm-9066-1-ftrace-pause-unpause-function-graph-trace.patch +acpi-hotplug-pci-fix-reference-count-leak-in-enable_.patch +input-elants_i2c-do-not-bind-to-i2c-hid-compatible-a.patch +input-silead-add-workaround-for-x86-bios-es-which-br.patch +um-mark-all-kernel-symbols-as-local.patch +arm-9075-1-kernel-fix-interrupted-smc-calls.patch +scripts-recordmcount.pl-fix-risc-v-regex-for-clang.patch +riscv-workaround-mcount-name-prior-to-clang-13.patch +ceph-fix-fscache-invalidation.patch +scsi-target-tcmu-return-from-tcmu_handle_completions.patch +gpiolib-acpi-add-quirk-to-ignore-ec-wakeups-on-dell-.patch +alsa-hda-generic-change-the-dac-ctl-name-for-lo-spk-.patch +block-reexpand-iov_iter-after-read-write.patch +lib-stackdepot-turn-depot_lock-spinlock-to-raw_spinl.patch +net-stmmac-do-not-enable-rx-fifo-overflow-interrupts.patch diff --git a/queue-4.19/um-mark-all-kernel-symbols-as-local.patch b/queue-4.19/um-mark-all-kernel-symbols-as-local.patch new file mode 100644 index 00000000000..10b5ab4dd57 --- /dev/null +++ b/queue-4.19/um-mark-all-kernel-symbols-as-local.patch @@ -0,0 +1,111 @@ +From fa895805893cde03bf80f622584d7ac3e03f0f37 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 5 Mar 2021 21:43:15 +0100 +Subject: um: Mark all kernel symbols as local + +From: Johannes Berg + +[ Upstream commit d5027ca63e0e778b641cf23e3f5c6d6212cf412b ] + +Ritesh reported a bug [1] against UML, noting that it crashed on +startup. The backtrace shows the following (heavily redacted): + +(gdb) bt +... + #26 0x0000000060015b5d in sem_init () at ipc/sem.c:268 + #27 0x00007f89906d92f7 in ?? () from /lib/x86_64-linux-gnu/libcom_err.so.2 + #28 0x00007f8990ab8fb2 in call_init (...) at dl-init.c:72 +... + #40 0x00007f89909bf3a6 in nss_load_library (...) at nsswitch.c:359 +... + #44 0x00007f8990895e35 in _nss_compat_getgrnam_r (...) at nss_compat/compat-grp.c:486 + #45 0x00007f8990968b85 in __getgrnam_r [...] + #46 0x00007f89909d6b77 in grantpt [...] + #47 0x00007f8990a9394e in __GI_openpty [...] + #48 0x00000000604a1f65 in openpty_cb (...) at arch/um/os-Linux/sigio.c:407 + #49 0x00000000604a58d0 in start_idle_thread (...) at arch/um/os-Linux/skas/process.c:598 + #50 0x0000000060004a3d in start_uml () at arch/um/kernel/skas/process.c:45 + #51 0x00000000600047b2 in linux_main (...) at arch/um/kernel/um_arch.c:334 + #52 0x000000006000574f in main (...) at arch/um/os-Linux/main.c:144 + +indicating that the UML function openpty_cb() calls openpty(), +which internally calls __getgrnam_r(), which causes the nsswitch +machinery to get started. + +This loads, through lots of indirection that I snipped, the +libcom_err.so.2 library, which (in an unknown function, "??") +calls sem_init(). + +Now, of course it wants to get libpthread's sem_init(), since +it's linked against libpthread. However, the dynamic linker +looks up that symbol against the binary first, and gets the +kernel's sem_init(). + +Hajime Tazaki noted that "objcopy -L" can localize a symbol, +so the dynamic linker wouldn't do the lookup this way. I tried, +but for some reason that didn't seem to work. + +Doing the same thing in the linker script instead does seem to +work, though I cannot entirely explain - it *also* works if I +just add "VERSION { { global: *; }; }" instead, indicating that +something else is happening that I don't really understand. It +may be that explicitly doing that marks them with some kind of +empty version, and that's different from the default. + +Explicitly marking them with a version breaks kallsyms, so that +doesn't seem to be possible. + +Marking all the symbols as local seems correct, and does seem +to address the issue, so do that. Also do it for static link, +nsswitch libraries could still be loaded there. + +[1] https://bugs.debian.org/983379 + +Reported-by: Ritesh Raj Sarraf +Signed-off-by: Johannes Berg +Acked-By: Anton Ivanov +Tested-By: Ritesh Raj Sarraf +Signed-off-by: Richard Weinberger +Signed-off-by: Sasha Levin +--- + arch/um/kernel/dyn.lds.S | 6 ++++++ + arch/um/kernel/uml.lds.S | 6 ++++++ + 2 files changed, 12 insertions(+) + +diff --git a/arch/um/kernel/dyn.lds.S b/arch/um/kernel/dyn.lds.S +index 5568cf882371..899233625467 100644 +--- a/arch/um/kernel/dyn.lds.S ++++ b/arch/um/kernel/dyn.lds.S +@@ -6,6 +6,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + PROVIDE (__executable_start = START); +diff --git a/arch/um/kernel/uml.lds.S b/arch/um/kernel/uml.lds.S +index 36b07ec09742..22ff701d9b71 100644 +--- a/arch/um/kernel/uml.lds.S ++++ b/arch/um/kernel/uml.lds.S +@@ -7,6 +7,12 @@ OUTPUT_ARCH(ELF_ARCH) + ENTRY(_start) + jiffies = jiffies_64; + ++VERSION { ++ { ++ local: *; ++ }; ++} ++ + SECTIONS + { + /* This must contain the right address - not quite the default ELF one.*/ +-- +2.30.2 + diff --git a/queue-4.19/xsk-simplify-detection-of-empty-and-full-rings.patch b/queue-4.19/xsk-simplify-detection-of-empty-and-full-rings.patch new file mode 100644 index 00000000000..0283390f7cd --- /dev/null +++ b/queue-4.19/xsk-simplify-detection-of-empty-and-full-rings.patch @@ -0,0 +1,51 @@ +From 655ced085b448560767a74b94c5cc4771ffa2f77 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Dec 2019 13:39:21 +0100 +Subject: xsk: Simplify detection of empty and full rings + +From: Magnus Karlsson + +[ Upstream commit 11cc2d21499cabe7e7964389634ed1de3ee91d33 ] + +In order to set the correct return flags for poll, the xsk code has to +check if the Rx queue is empty and if the Tx queue is full. This code +was unnecessarily large and complex as it used the functions that are +used to update the local state from the global state (xskq_nb_free and +xskq_nb_avail). Since we are not doing this nor updating any data +dependent on this state, we can simplify the functions. Another +benefit from this is that we can also simplify the xskq_nb_free and +xskq_nb_avail functions in a later commit. + +Signed-off-by: Magnus Karlsson +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/1576759171-28550-3-git-send-email-magnus.karlsson@intel.com +Signed-off-by: Sasha Levin +--- + net/xdp/xsk_queue.h | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/net/xdp/xsk_queue.h b/net/xdp/xsk_queue.h +index fe96c0d039f2..cf7cbb5dd918 100644 +--- a/net/xdp/xsk_queue.h ++++ b/net/xdp/xsk_queue.h +@@ -245,12 +245,15 @@ static inline void xskq_produce_flush_desc(struct xsk_queue *q) + + static inline bool xskq_full_desc(struct xsk_queue *q) + { +- return xskq_nb_avail(q, q->nentries) == q->nentries; ++ /* No barriers needed since data is not accessed */ ++ return READ_ONCE(q->ring->producer) - READ_ONCE(q->ring->consumer) == ++ q->nentries; + } + + static inline bool xskq_empty_desc(struct xsk_queue *q) + { +- return xskq_nb_free(q, q->prod_tail, q->nentries) == q->nentries; ++ /* No barriers needed since data is not accessed */ ++ return READ_ONCE(q->ring->consumer) == READ_ONCE(q->ring->producer); + } + + void xskq_set_umem(struct xsk_queue *q, struct xdp_umem_props *umem_props); +-- +2.30.2 + -- 2.47.3