From b8d7f878006e4194a6317c67314e244831f0c29e Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 21 Sep 2020 06:41:15 -0400 Subject: [PATCH] Fixes for 4.4 Signed-off-by: Sasha Levin --- ...-font-detection-test-at-fbcon_resize.patch | 52 +++++++ ...reapply-i2c-bus-settings-after-reset.patch | 131 ++++++++++++++++++ .../mips-sni-fix-mips_l1_cache_shift.patch | 35 +++++ .../mips-sni-fix-spurious-interrupts.patch | 58 ++++++++ ...rr_delay-error-reclaiming-locking-st.patch | 45 ++++++ ...free-formats-for-perf-pmu-parse-test.patch | 94 +++++++++++++ ...ce-select-dmaengines-with-depends-on.patch | 37 +++++ ...ogi-plogi-receive-race-condition-in-.patch | 62 +++++++++ ...memleak-in-pm8001_exec_internal_task.patch | 37 +++++ queue-4.4/series | 10 ++ ...op-printk-reading-past-end-of-string.patch | 39 ++++++ 11 files changed, 600 insertions(+) create mode 100644 queue-4.4/fbcon-fix-user-font-detection-test-at-fbcon_resize.patch create mode 100644 queue-4.4/i2c-algo-pca-reapply-i2c-bus-settings-after-reset.patch create mode 100644 queue-4.4/mips-sni-fix-mips_l1_cache_shift.patch create mode 100644 queue-4.4/mips-sni-fix-spurious-interrupts.patch create mode 100644 queue-4.4/nfsv4.1-handle-err_delay-error-reclaiming-locking-st.patch create mode 100644 queue-4.4/perf-test-free-formats-for-perf-pmu-parse-test.patch create mode 100644 queue-4.4/rapidio-replace-select-dmaengines-with-depends-on.patch create mode 100644 queue-4.4/scsi-lpfc-fix-flogi-plogi-receive-race-condition-in-.patch create mode 100644 queue-4.4/scsi-pm8001-fix-memleak-in-pm8001_exec_internal_task.patch create mode 100644 queue-4.4/sunrpc-stop-printk-reading-past-end-of-string.patch diff --git a/queue-4.4/fbcon-fix-user-font-detection-test-at-fbcon_resize.patch b/queue-4.4/fbcon-fix-user-font-detection-test-at-fbcon_resize.patch new file mode 100644 index 00000000000..404044eecb7 --- /dev/null +++ b/queue-4.4/fbcon-fix-user-font-detection-test-at-fbcon_resize.patch @@ -0,0 +1,52 @@ +From a8c9c5e96cb21ebd1f1bc662904cb024dff5feaa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 11 Sep 2020 07:57:06 +0900 +Subject: fbcon: Fix user font detection test at fbcon_resize(). + +From: Tetsuo Handa + +[ Upstream commit ec0972adecb391a8d8650832263a4790f3bfb4df ] + +syzbot is reporting OOB read at fbcon_resize() [1], for +commit 39b3cffb8cf31117 ("fbcon: prevent user font height or width change + from causing potential out-of-bounds access") is by error using +registered_fb[con2fb_map[vc->vc_num]]->fbcon_par->p->userfont (which was +set to non-zero) instead of fb_display[vc->vc_num].userfont (which remains +zero for that display). + +We could remove tricky userfont flag [2], for we can determine it by +comparing address of the font data and addresses of built-in font data. +But since that commit is failing to fix the original OOB read [3], this +patch keeps the change minimal in case we decide to revert altogether. + +[1] https://syzkaller.appspot.com/bug?id=ebcbbb6576958a496500fee9cf7aa83ea00b5920 +[2] https://syzkaller.appspot.com/text?tag=Patch&x=14030853900000 +[3] https://syzkaller.appspot.com/bug?id=6fba8c186d97cf1011ab17660e633b1cc4e080c9 + +Reported-by: syzbot +Signed-off-by: Tetsuo Handa +Fixes: 39b3cffb8cf31117 ("fbcon: prevent user font height or width change from causing potential out-of-bounds access") +Cc: George Kennedy +Link: https://lore.kernel.org/r/f6e3e611-8704-1263-d163-f52c906a4f06@I-love.SAKURA.ne.jp +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sasha Levin +--- + drivers/video/console/fbcon.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c +index c62db94cf945e..e57fa26bcff19 100644 +--- a/drivers/video/console/fbcon.c ++++ b/drivers/video/console/fbcon.c +@@ -1943,7 +1943,7 @@ static int fbcon_resize(struct vc_data *vc, unsigned int width, + struct fb_var_screeninfo var = info->var; + int x_diff, y_diff, virt_w, virt_h, virt_fw, virt_fh; + +- if (ops->p && ops->p->userfont && FNTSIZE(vc->vc_font.data)) { ++ if (p->userfont && FNTSIZE(vc->vc_font.data)) { + int size; + int pitch = PITCH(vc->vc_font.width); + +-- +2.25.1 + diff --git a/queue-4.4/i2c-algo-pca-reapply-i2c-bus-settings-after-reset.patch b/queue-4.4/i2c-algo-pca-reapply-i2c-bus-settings-after-reset.patch new file mode 100644 index 00000000000..4f487ed103a --- /dev/null +++ b/queue-4.4/i2c-algo-pca-reapply-i2c-bus-settings-after-reset.patch @@ -0,0 +1,131 @@ +From 493e0042d5946100d1308c213846e479ebc6f2a1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Sep 2020 08:32:47 +1200 +Subject: i2c: algo: pca: Reapply i2c bus settings after reset + +From: Evan Nimmo + +[ Upstream commit 0a355aeb24081e4538d4d424cd189f16c0bbd983 ] + +If something goes wrong (such as the SCL being stuck low) then we need +to reset the PCA chip. The issue with this is that on reset we lose all +config settings and the chip ends up in a disabled state which results +in a lock up/high CPU usage. We need to re-apply any configuration that +had previously been set and re-enable the chip. + +Signed-off-by: Evan Nimmo +Reviewed-by: Chris Packham +Reviewed-by: Andy Shevchenko +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/algos/i2c-algo-pca.c | 35 +++++++++++++++++++++----------- + include/linux/i2c-algo-pca.h | 15 ++++++++++++++ + 2 files changed, 38 insertions(+), 12 deletions(-) + +diff --git a/drivers/i2c/algos/i2c-algo-pca.c b/drivers/i2c/algos/i2c-algo-pca.c +index 3a9db4626cb60..1886588b9ea3e 100644 +--- a/drivers/i2c/algos/i2c-algo-pca.c ++++ b/drivers/i2c/algos/i2c-algo-pca.c +@@ -50,8 +50,22 @@ static void pca_reset(struct i2c_algo_pca_data *adap) + pca_outw(adap, I2C_PCA_INDPTR, I2C_PCA_IPRESET); + pca_outw(adap, I2C_PCA_IND, 0xA5); + pca_outw(adap, I2C_PCA_IND, 0x5A); ++ ++ /* ++ * After a reset we need to re-apply any configuration ++ * (calculated in pca_init) to get the bus in a working state. ++ */ ++ pca_outw(adap, I2C_PCA_INDPTR, I2C_PCA_IMODE); ++ pca_outw(adap, I2C_PCA_IND, adap->bus_settings.mode); ++ pca_outw(adap, I2C_PCA_INDPTR, I2C_PCA_ISCLL); ++ pca_outw(adap, I2C_PCA_IND, adap->bus_settings.tlow); ++ pca_outw(adap, I2C_PCA_INDPTR, I2C_PCA_ISCLH); ++ pca_outw(adap, I2C_PCA_IND, adap->bus_settings.thi); ++ ++ pca_set_con(adap, I2C_PCA_CON_ENSIO); + } else { + adap->reset_chip(adap->data); ++ pca_set_con(adap, I2C_PCA_CON_ENSIO | adap->bus_settings.clock_freq); + } + } + +@@ -435,13 +449,14 @@ static int pca_init(struct i2c_adapter *adap) + " Use the nominal frequency.\n", adap->name); + } + +- pca_reset(pca_data); +- + clock = pca_clock(pca_data); + printk(KERN_INFO "%s: Clock frequency is %dkHz\n", + adap->name, freqs[clock]); + +- pca_set_con(pca_data, I2C_PCA_CON_ENSIO | clock); ++ /* Store settings as these will be needed when the PCA chip is reset */ ++ pca_data->bus_settings.clock_freq = clock; ++ ++ pca_reset(pca_data); + } else { + int clock; + int mode; +@@ -508,19 +523,15 @@ static int pca_init(struct i2c_adapter *adap) + thi = tlow * min_thi / min_tlow; + } + ++ /* Store settings as these will be needed when the PCA chip is reset */ ++ pca_data->bus_settings.mode = mode; ++ pca_data->bus_settings.tlow = tlow; ++ pca_data->bus_settings.thi = thi; ++ + pca_reset(pca_data); + + printk(KERN_INFO + "%s: Clock frequency is %dHz\n", adap->name, clock * 100); +- +- pca_outw(pca_data, I2C_PCA_INDPTR, I2C_PCA_IMODE); +- pca_outw(pca_data, I2C_PCA_IND, mode); +- pca_outw(pca_data, I2C_PCA_INDPTR, I2C_PCA_ISCLL); +- pca_outw(pca_data, I2C_PCA_IND, tlow); +- pca_outw(pca_data, I2C_PCA_INDPTR, I2C_PCA_ISCLH); +- pca_outw(pca_data, I2C_PCA_IND, thi); +- +- pca_set_con(pca_data, I2C_PCA_CON_ENSIO); + } + udelay(500); /* 500 us for oscillator to stabilise */ + +diff --git a/include/linux/i2c-algo-pca.h b/include/linux/i2c-algo-pca.h +index a3c3ecd59f08c..7a43afd273655 100644 +--- a/include/linux/i2c-algo-pca.h ++++ b/include/linux/i2c-algo-pca.h +@@ -52,6 +52,20 @@ + #define I2C_PCA_CON_SI 0x08 /* Serial Interrupt */ + #define I2C_PCA_CON_CR 0x07 /* Clock Rate (MASK) */ + ++/** ++ * struct pca_i2c_bus_settings - The configured PCA i2c bus settings ++ * @mode: Configured i2c bus mode ++ * @tlow: Configured SCL LOW period ++ * @thi: Configured SCL HIGH period ++ * @clock_freq: The configured clock frequency ++ */ ++struct pca_i2c_bus_settings { ++ int mode; ++ int tlow; ++ int thi; ++ int clock_freq; ++}; ++ + struct i2c_algo_pca_data { + void *data; /* private low level data */ + void (*write_byte) (void *data, int reg, int val); +@@ -63,6 +77,7 @@ struct i2c_algo_pca_data { + * For PCA9665, use the frequency you want here. */ + unsigned int i2c_clock; + unsigned int chip; ++ struct pca_i2c_bus_settings bus_settings; + }; + + int i2c_pca_add_bus(struct i2c_adapter *); +-- +2.25.1 + diff --git a/queue-4.4/mips-sni-fix-mips_l1_cache_shift.patch b/queue-4.4/mips-sni-fix-mips_l1_cache_shift.patch new file mode 100644 index 00000000000..b95545786e5 --- /dev/null +++ b/queue-4.4/mips-sni-fix-mips_l1_cache_shift.patch @@ -0,0 +1,35 @@ +From 818ff14d656c4a25e812912112ac6d0ca592f3d6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 14 Sep 2020 18:05:00 +0200 +Subject: MIPS: SNI: Fix MIPS_L1_CACHE_SHIFT + +From: Thomas Bogendoerfer + +[ Upstream commit 564c836fd945a94b5dd46597d6b7adb464092650 ] + +Commit 930beb5ac09a ("MIPS: introduce MIPS_L1_CACHE_SHIFT_") forgot +to select the correct MIPS_L1_CACHE_SHIFT for SNI RM. This breaks non +coherent DMA because of a wrong allocation alignment. + +Fixes: 930beb5ac09a ("MIPS: introduce MIPS_L1_CACHE_SHIFT_") +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/mips/Kconfig b/arch/mips/Kconfig +index 596cbda9cb3d3..9d8bc19edc48e 100644 +--- a/arch/mips/Kconfig ++++ b/arch/mips/Kconfig +@@ -817,6 +817,7 @@ config SNI_RM + select I8253 + select I8259 + select ISA ++ select MIPS_L1_CACHE_SHIFT_6 + select SWAP_IO_SPACE if CPU_BIG_ENDIAN + select SYS_HAS_CPU_R4X00 + select SYS_HAS_CPU_R5000 +-- +2.25.1 + diff --git a/queue-4.4/mips-sni-fix-spurious-interrupts.patch b/queue-4.4/mips-sni-fix-spurious-interrupts.patch new file mode 100644 index 00000000000..4540e27698a --- /dev/null +++ b/queue-4.4/mips-sni-fix-spurious-interrupts.patch @@ -0,0 +1,58 @@ +From f4c42b8bfbba8ddca08e98a88d6f701a71625ac6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 16 Sep 2020 15:54:37 +0200 +Subject: MIPS: SNI: Fix spurious interrupts + +From: Thomas Bogendoerfer + +[ Upstream commit b959b97860d0fee8c8f6a3e641d3c2ad76eab6be ] + +On A20R machines the interrupt pending bits in cause register need to be +updated by requesting the chipset to do it. This needs to be done to +find the interrupt cause and after interrupt service. In +commit 0b888c7f3a03 ("MIPS: SNI: Convert to new irq_chip functions") the +function to do after service update got lost, which caused spurious +interrupts. + +Fixes: 0b888c7f3a03 ("MIPS: SNI: Convert to new irq_chip functions") +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/sni/a20r.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/arch/mips/sni/a20r.c b/arch/mips/sni/a20r.c +index f9407e1704762..c6af7047eb0d2 100644 +--- a/arch/mips/sni/a20r.c ++++ b/arch/mips/sni/a20r.c +@@ -143,7 +143,10 @@ static struct platform_device sc26xx_pdev = { + }, + }; + +-static u32 a20r_ack_hwint(void) ++/* ++ * Trigger chipset to update CPU's CAUSE IP field ++ */ ++static u32 a20r_update_cause_ip(void) + { + u32 status = read_c0_status(); + +@@ -205,12 +208,14 @@ static void a20r_hwint(void) + int irq; + + clear_c0_status(IE_IRQ0); +- status = a20r_ack_hwint(); ++ status = a20r_update_cause_ip(); + cause = read_c0_cause(); + + irq = ffs(((cause & status) >> 8) & 0xf8); + if (likely(irq > 0)) + do_IRQ(SNI_A20R_IRQ_BASE + irq - 1); ++ ++ a20r_update_cause_ip(); + set_c0_status(IE_IRQ0); + } + +-- +2.25.1 + diff --git a/queue-4.4/nfsv4.1-handle-err_delay-error-reclaiming-locking-st.patch b/queue-4.4/nfsv4.1-handle-err_delay-error-reclaiming-locking-st.patch new file mode 100644 index 00000000000..ddf2188a19a --- /dev/null +++ b/queue-4.4/nfsv4.1-handle-err_delay-error-reclaiming-locking-st.patch @@ -0,0 +1,45 @@ +From 67029d3a891b4fd7a963e043a2291cfdf05373ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Aug 2020 18:52:43 -0400 +Subject: NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation + recall + +From: Olga Kornievskaia + +[ Upstream commit 3d7a9520f0c3e6a68b6de8c5812fc8b6d7a52626 ] + +A client should be able to handle getting an ERR_DELAY error +while doing a LOCK call to reclaim state due to delegation being +recalled. This is a transient error that can happen due to server +moving its volumes and invalidating its file location cache and +upon reference to it during the LOCK call needing to do an +expensive lookup (leading to an ERR_DELAY error on a PUTFH). + +Signed-off-by: Olga Kornievskaia +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + fs/nfs/nfs4proc.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c +index ca1702cefb852..64d15c2662db6 100644 +--- a/fs/nfs/nfs4proc.c ++++ b/fs/nfs/nfs4proc.c +@@ -6171,7 +6171,12 @@ int nfs4_lock_delegation_recall(struct file_lock *fl, struct nfs4_state *state, + err = nfs4_set_lock_state(state, fl); + if (err != 0) + return err; +- err = _nfs4_do_setlk(state, F_SETLK, fl, NFS_LOCK_NEW); ++ do { ++ err = _nfs4_do_setlk(state, F_SETLK, fl, NFS_LOCK_NEW); ++ if (err != -NFS4ERR_DELAY) ++ break; ++ ssleep(1); ++ } while (err == -NFS4ERR_DELAY); + return nfs4_handle_delegation_recall_error(server, state, stateid, fl, err); + } + +-- +2.25.1 + diff --git a/queue-4.4/perf-test-free-formats-for-perf-pmu-parse-test.patch b/queue-4.4/perf-test-free-formats-for-perf-pmu-parse-test.patch new file mode 100644 index 00000000000..c99cf4b5061 --- /dev/null +++ b/queue-4.4/perf-test-free-formats-for-perf-pmu-parse-test.patch @@ -0,0 +1,94 @@ +From e1c11859731807c57a189ccf83bd50109a4b2d10 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 15 Sep 2020 12:18:19 +0900 +Subject: perf test: Free formats for perf pmu parse test + +From: Namhyung Kim + +[ Upstream commit d26383dcb2b4b8629fde05270b4e3633be9e3d4b ] + +The following leaks were detected by ASAN: + + Indirect leak of 360 byte(s) in 9 object(s) allocated from: + #0 0x7fecc305180e in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10780e) + #1 0x560578f6dce5 in perf_pmu__new_format util/pmu.c:1333 + #2 0x560578f752fc in perf_pmu_parse util/pmu.y:59 + #3 0x560578f6a8b7 in perf_pmu__format_parse util/pmu.c:73 + #4 0x560578e07045 in test__pmu tests/pmu.c:155 + #5 0x560578de109b in run_test tests/builtin-test.c:410 + #6 0x560578de109b in test_and_print tests/builtin-test.c:440 + #7 0x560578de401a in __cmd_test tests/builtin-test.c:661 + #8 0x560578de401a in cmd_test tests/builtin-test.c:807 + #9 0x560578e49354 in run_builtin /home/namhyung/project/linux/tools/perf/perf.c:312 + #10 0x560578ce71a8 in handle_internal_command /home/namhyung/project/linux/tools/perf/perf.c:364 + #11 0x560578ce71a8 in run_argv /home/namhyung/project/linux/tools/perf/perf.c:408 + #12 0x560578ce71a8 in main /home/namhyung/project/linux/tools/perf/perf.c:538 + #13 0x7fecc2b7acc9 in __libc_start_main ../csu/libc-start.c:308 + +Fixes: cff7f956ec4a1 ("perf tests: Move pmu tests into separate object") +Signed-off-by: Namhyung Kim +Acked-by: Jiri Olsa +Cc: Alexander Shishkin +Cc: Andi Kleen +Cc: Ian Rogers +Cc: Mark Rutland +Cc: Peter Zijlstra +Cc: Stephane Eranian +Link: http://lore.kernel.org/lkml/20200915031819.386559-12-namhyung@kernel.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/tests/pmu.c | 1 + + tools/perf/util/pmu.c | 11 +++++++++++ + tools/perf/util/pmu.h | 1 + + 3 files changed, 13 insertions(+) + +diff --git a/tools/perf/tests/pmu.c b/tools/perf/tests/pmu.c +index b776831ceeeac..4ca6d4dc86612 100644 +--- a/tools/perf/tests/pmu.c ++++ b/tools/perf/tests/pmu.c +@@ -169,6 +169,7 @@ int test__pmu(void) + ret = 0; + } while (0); + ++ perf_pmu__del_formats(&formats); + test_format_dir_put(format); + return ret; + } +diff --git a/tools/perf/util/pmu.c b/tools/perf/util/pmu.c +index 5245fbd091067..8d99b6d9c36ae 100644 +--- a/tools/perf/util/pmu.c ++++ b/tools/perf/util/pmu.c +@@ -921,6 +921,17 @@ void perf_pmu__set_format(unsigned long *bits, long from, long to) + set_bit(b, bits); + } + ++void perf_pmu__del_formats(struct list_head *formats) ++{ ++ struct perf_pmu_format *fmt, *tmp; ++ ++ list_for_each_entry_safe(fmt, tmp, formats, list) { ++ list_del(&fmt->list); ++ free(fmt->name); ++ free(fmt); ++ } ++} ++ + static int sub_non_neg(int a, int b) + { + if (b > a) +diff --git a/tools/perf/util/pmu.h b/tools/perf/util/pmu.h +index 5d7e84466bee5..6789b1efc7d6e 100644 +--- a/tools/perf/util/pmu.h ++++ b/tools/perf/util/pmu.h +@@ -66,6 +66,7 @@ int perf_pmu__new_format(struct list_head *list, char *name, + int config, unsigned long *bits); + void perf_pmu__set_format(unsigned long *bits, long from, long to); + int perf_pmu__format_parse(char *dir, struct list_head *head); ++void perf_pmu__del_formats(struct list_head *formats); + + struct perf_pmu *perf_pmu__scan(struct perf_pmu *pmu); + +-- +2.25.1 + diff --git a/queue-4.4/rapidio-replace-select-dmaengines-with-depends-on.patch b/queue-4.4/rapidio-replace-select-dmaengines-with-depends-on.patch new file mode 100644 index 00000000000..4d7c34adc7a --- /dev/null +++ b/queue-4.4/rapidio-replace-select-dmaengines-with-depends-on.patch @@ -0,0 +1,37 @@ +From 2d0bea67bf9708343059d9512a0a537f4cf2365e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 29 Jul 2020 01:19:40 +0300 +Subject: rapidio: Replace 'select' DMAENGINES 'with depends on' + +From: Laurent Pinchart + +[ Upstream commit d2b86100245080cfdf1e95e9e07477474c1be2bd ] + +Enabling a whole subsystem from a single driver 'select' is frowned +upon and won't be accepted in new drivers, that need to use 'depends on' +instead. Existing selection of DMAENGINES will then cause circular +dependencies. Replace them with a dependency. + +Signed-off-by: Laurent Pinchart +Acked-by: Randy Dunlap +Signed-off-by: Sasha Levin +--- + drivers/rapidio/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/rapidio/Kconfig b/drivers/rapidio/Kconfig +index 3e3be57e9a1a1..4d0c1a40a6e65 100644 +--- a/drivers/rapidio/Kconfig ++++ b/drivers/rapidio/Kconfig +@@ -25,7 +25,7 @@ config RAPIDIO_ENABLE_RX_TX_PORTS + config RAPIDIO_DMA_ENGINE + bool "DMA Engine support for RapidIO" + depends on RAPIDIO +- select DMADEVICES ++ depends on DMADEVICES + select DMA_ENGINE + help + Say Y here if you want to use DMA Engine frameork for RapidIO data +-- +2.25.1 + diff --git a/queue-4.4/scsi-lpfc-fix-flogi-plogi-receive-race-condition-in-.patch b/queue-4.4/scsi-lpfc-fix-flogi-plogi-receive-race-condition-in-.patch new file mode 100644 index 00000000000..c9786a2150c --- /dev/null +++ b/queue-4.4/scsi-lpfc-fix-flogi-plogi-receive-race-condition-in-.patch @@ -0,0 +1,62 @@ +From 81e62283e9dec077e3af2fcca96a413fd2922d9f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 28 Aug 2020 10:53:30 -0700 +Subject: scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery + +From: James Smart + +[ Upstream commit 7b08e89f98cee9907895fabb64cf437bc505ce9a ] + +The driver is unable to successfully login with remote device. During pt2pt +login, the driver completes its FLOGI request with the remote device having +WWN precedence. The remote device issues its own (delayed) FLOGI after +accepting the driver's and, upon transmitting the FLOGI, immediately +recognizes it has already processed the driver's FLOGI thus it transitions +to sending a PLOGI before waiting for an ACC to its FLOGI. + +In the driver, the FLOGI is received and an ACC sent, followed by the PLOGI +being received and an ACC sent. The issue is that the PLOGI reception +occurs before the response from the adapter from the FLOGI ACC is +received. Processing of the PLOGI sets state flags to perform the REG_RPI +mailbox command and proceed with the rest of discovery on the port. The +same completion routine used by both FLOGI and PLOGI is generic in +nature. One of the things it does is clear flags, and those flags happen to +drive the rest of discovery. So what happened was the PLOGI processing set +the flags, the FLOGI ACC completion cleared them, thus when the PLOGI ACC +completes it doesn't see the flags and stops. + +Fix by modifying the generic completion routine to not clear the rest of +discovery flag (NLP_ACC_REGLOGIN) unless the completion is also associated +with performing a mailbox command as part of its handling. For things such +as FLOGI ACC, there isn't a subsequent action to perform with the adapter, +thus there is no mailbox cmd ptr. PLOGI ACC though will perform REG_RPI +upon completion, thus there is a mailbox cmd ptr. + +Link: https://lore.kernel.org/r/20200828175332.130300-3-james.smart@broadcom.com +Co-developed-by: Dick Kennedy +Signed-off-by: Dick Kennedy +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/lpfc/lpfc_els.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/scsi/lpfc/lpfc_els.c b/drivers/scsi/lpfc/lpfc_els.c +index 315dd25a0c44e..5be938b47f48b 100644 +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -3841,7 +3841,9 @@ lpfc_cmpl_els_rsp(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocb, + out: + if (ndlp && NLP_CHK_NODE_ACT(ndlp) && shost) { + spin_lock_irq(shost->host_lock); +- ndlp->nlp_flag &= ~(NLP_ACC_REGLOGIN | NLP_RM_DFLT_RPI); ++ if (mbox) ++ ndlp->nlp_flag &= ~NLP_ACC_REGLOGIN; ++ ndlp->nlp_flag &= ~NLP_RM_DFLT_RPI; + spin_unlock_irq(shost->host_lock); + + /* If the node is not being used by another discovery thread, +-- +2.25.1 + diff --git a/queue-4.4/scsi-pm8001-fix-memleak-in-pm8001_exec_internal_task.patch b/queue-4.4/scsi-pm8001-fix-memleak-in-pm8001_exec_internal_task.patch new file mode 100644 index 00000000000..6ce5a679ba7 --- /dev/null +++ b/queue-4.4/scsi-pm8001-fix-memleak-in-pm8001_exec_internal_task.patch @@ -0,0 +1,37 @@ +From b87d870e5eb5ececf1448fdcb9451abc22596e7e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 23 Aug 2020 17:14:53 +0800 +Subject: scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort + +From: Dinghao Liu + +[ Upstream commit ea403fde7552bd61bad6ea45e3feb99db77cb31e ] + +When pm8001_tag_alloc() fails, task should be freed just like it is done in +the subsequent error paths. + +Link: https://lore.kernel.org/r/20200823091453.4782-1-dinghao.liu@zju.edu.cn +Acked-by: Jack Wang +Signed-off-by: Dinghao Liu +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/pm8001/pm8001_sas.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/pm8001/pm8001_sas.c b/drivers/scsi/pm8001/pm8001_sas.c +index 3862d8b1defe3..ee6c941123e10 100644 +--- a/drivers/scsi/pm8001/pm8001_sas.c ++++ b/drivers/scsi/pm8001/pm8001_sas.c +@@ -792,7 +792,7 @@ pm8001_exec_internal_task_abort(struct pm8001_hba_info *pm8001_ha, + + res = pm8001_tag_alloc(pm8001_ha, &ccb_tag); + if (res) +- return res; ++ goto ex_err; + ccb = &pm8001_ha->ccb_info[ccb_tag]; + ccb->device = pm8001_dev; + ccb->ccb_tag = ccb_tag; +-- +2.25.1 + diff --git a/queue-4.4/series b/queue-4.4/series index 5fa68177547..6773cb9840f 100644 --- a/queue-4.4/series +++ b/queue-4.4/series @@ -26,3 +26,13 @@ usb-serial-ftdi_sio-add-ids-for-xsens-mti-usb-converter.patch usb-serial-option-add-support-for-sim7070-sim7080-sim7090-modules.patch usb-fix-out-of-sync-data-toggle-if-a-configured-device-is-reconfigured.patch gcov-add-support-for-gcc-10.1.patch +nfsv4.1-handle-err_delay-error-reclaiming-locking-st.patch +scsi-pm8001-fix-memleak-in-pm8001_exec_internal_task.patch +scsi-lpfc-fix-flogi-plogi-receive-race-condition-in-.patch +sunrpc-stop-printk-reading-past-end-of-string.patch +rapidio-replace-select-dmaengines-with-depends-on.patch +i2c-algo-pca-reapply-i2c-bus-settings-after-reset.patch +mips-sni-fix-mips_l1_cache_shift.patch +perf-test-free-formats-for-perf-pmu-parse-test.patch +fbcon-fix-user-font-detection-test-at-fbcon_resize.patch +mips-sni-fix-spurious-interrupts.patch diff --git a/queue-4.4/sunrpc-stop-printk-reading-past-end-of-string.patch b/queue-4.4/sunrpc-stop-printk-reading-past-end-of-string.patch new file mode 100644 index 00000000000..b185ffa84f5 --- /dev/null +++ b/queue-4.4/sunrpc-stop-printk-reading-past-end-of-string.patch @@ -0,0 +1,39 @@ +From 239a6b22be2ce15514ecccd785f7c0bfc152d752 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 5 Sep 2020 10:03:26 -0400 +Subject: SUNRPC: stop printk reading past end of string + +From: J. Bruce Fields + +[ Upstream commit 8c6b6c793ed32b8f9770ebcdf1ba99af423c303b ] + +Since p points at raw xdr data, there's no guarantee that it's NULL +terminated, so we should give a length. And probably escape any special +characters too. + +Reported-by: Zhi Li +Signed-off-by: J. Bruce Fields +Signed-off-by: Trond Myklebust +Signed-off-by: Sasha Levin +--- + net/sunrpc/rpcb_clnt.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/sunrpc/rpcb_clnt.c b/net/sunrpc/rpcb_clnt.c +index c89626b2afffb..696381a516341 100644 +--- a/net/sunrpc/rpcb_clnt.c ++++ b/net/sunrpc/rpcb_clnt.c +@@ -977,8 +977,8 @@ static int rpcb_dec_getaddr(struct rpc_rqst *req, struct xdr_stream *xdr, + p = xdr_inline_decode(xdr, len); + if (unlikely(p == NULL)) + goto out_fail; +- dprintk("RPC: %5u RPCB_%s reply: %s\n", req->rq_task->tk_pid, +- req->rq_task->tk_msg.rpc_proc->p_name, (char *)p); ++ dprintk("RPC: %5u RPCB_%s reply: %*pE\n", req->rq_task->tk_pid, ++ req->rq_task->tk_msg.rpc_proc->p_name, len, (char *)p); + + if (rpc_uaddr2sockaddr(req->rq_xprt->xprt_net, (char *)p, len, + sap, sizeof(address)) == 0) +-- +2.25.1 + -- 2.47.3