From c54f9e1a8fe161bef165dc9d6c25424b93eccbcd Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 3 Apr 2022 14:44:58 +0200 Subject: [PATCH] 5.10-stable patches added patches: crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch rtc-check-if-__rtc_read_time-was-successful.patch rxrpc-fix-call-timer-start-racing-with-call-destruction.patch --- ...eonbs-cbc-select-generic-cbc-and-aes.patch | 31 +++ ...inlen-is-rounded-up-to-fs-block-size.patch | 42 ++++ ...-fix-wakeup-failure-from-freeze-mode.patch | 70 ++++++ ...of-vlan-0-inconsistent-with-hardware.patch | 38 ++++ ...ck-if-__rtc_read_time-was-successful.patch | 54 +++++ ...r-start-racing-with-call-destruction.patch | 200 ++++++++++++++++++ queue-5.10/series | 6 + 7 files changed, 441 insertions(+) create mode 100644 queue-5.10/crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch create mode 100644 queue-5.10/gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch create mode 100644 queue-5.10/mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch create mode 100644 queue-5.10/net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch create mode 100644 queue-5.10/rtc-check-if-__rtc_read_time-was-successful.patch create mode 100644 queue-5.10/rxrpc-fix-call-timer-start-racing-with-call-destruction.patch diff --git a/queue-5.10/crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch b/queue-5.10/crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch new file mode 100644 index 00000000000..ec7be970a14 --- /dev/null +++ b/queue-5.10/crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch @@ -0,0 +1,31 @@ +From c8bd296cca3434b13b28b074eaeb78a23284de77 Mon Sep 17 00:00:00 2001 +From: Herbert Xu +Date: Thu, 17 Mar 2022 10:55:13 +1200 +Subject: crypto: arm/aes-neonbs-cbc - Select generic cbc and aes + +From: Herbert Xu + +commit c8bd296cca3434b13b28b074eaeb78a23284de77 upstream. + +The algorithm __cbc-aes-neonbs requires a fallback so we need +to select the config options for them or otherwise it will fail +to register on boot-up. + +Fixes: 00b99ad2bac2 ("crypto: arm/aes-neonbs - Use generic cbc...") +Signed-off-by: Herbert Xu +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/crypto/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/arm/crypto/Kconfig ++++ b/arch/arm/crypto/Kconfig +@@ -83,6 +83,8 @@ config CRYPTO_AES_ARM_BS + depends on KERNEL_MODE_NEON + select CRYPTO_SKCIPHER + select CRYPTO_LIB_AES ++ select CRYPTO_AES ++ select CRYPTO_CBC + select CRYPTO_SIMD + help + Use a faster and more secure NEON based implementation of AES in CBC, diff --git a/queue-5.10/gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch b/queue-5.10/gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch new file mode 100644 index 00000000000..47e9b367550 --- /dev/null +++ b/queue-5.10/gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch @@ -0,0 +1,42 @@ +From 27ca8273fda398638ca994a207323a85b6d81190 Mon Sep 17 00:00:00 2001 +From: Andrew Price +Date: Tue, 22 Mar 2022 19:05:51 +0000 +Subject: gfs2: Make sure FITRIM minlen is rounded up to fs block size + +From: Andrew Price + +commit 27ca8273fda398638ca994a207323a85b6d81190 upstream. + +Per fstrim(8) we must round up the minlen argument to the fs block size. +The current calculation doesn't take into account devices that have a +discard granularity and requested minlen less than 1 fs block, so the +value can get shifted away to zero in the translation to fs blocks. + +The zero minlen passed to gfs2_rgrp_send_discards() then allows +sb_issue_discard() to be called with nr_sects == 0 which returns -EINVAL +and results in gfs2_rgrp_send_discards() returning -EIO. + +Make sure minlen is never < 1 fs block by taking the max of the +requested minlen and the fs block size before comparing to the device's +discard granularity and shifting to fs blocks. + +Fixes: 076f0faa764ab ("GFS2: Fix FITRIM argument handling") +Signed-off-by: Andrew Price +Signed-off-by: Andreas Gruenbacher +Signed-off-by: Greg Kroah-Hartman +--- + fs/gfs2/rgrp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/gfs2/rgrp.c ++++ b/fs/gfs2/rgrp.c +@@ -1389,7 +1389,8 @@ int gfs2_fitrim(struct file *filp, void + + start = r.start >> bs_shift; + end = start + (r.len >> bs_shift); +- minlen = max_t(u64, r.minlen, ++ minlen = max_t(u64, r.minlen, sdp->sd_sb.sb_bsize); ++ minlen = max_t(u64, minlen, + q->limits.discard_granularity) >> bs_shift; + + if (end <= start || minlen > sdp->sd_max_rg_data) diff --git a/queue-5.10/mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch b/queue-5.10/mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch new file mode 100644 index 00000000000..7631eafcf30 --- /dev/null +++ b/queue-5.10/mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch @@ -0,0 +1,70 @@ +From 892cb524ae8a27bf5e42f711318371acd9a9f74a Mon Sep 17 00:00:00 2001 +From: Robin Gong +Date: Mon, 7 Feb 2022 09:52:06 +0800 +Subject: mailbox: imx: fix wakeup failure from freeze mode + +From: Robin Gong + +commit 892cb524ae8a27bf5e42f711318371acd9a9f74a upstream. + +Since IRQF_NO_SUSPEND used for imx mailbox driver, that means this irq +can't be used for wakeup source so that can't wakeup from freeze mode. +Add pm_system_wakeup() to wakeup from freeze mode. + +Fixes: b7b2796b9b31e("mailbox: imx: ONLY IPC MU needs IRQF_NO_SUSPEND flag") +Reviewed-by: Jacky Bai +Reviewed-by: Peng Fan +Signed-off-by: Robin Gong +Signed-off-by: Peng Fan +Signed-off-by: Jassi Brar +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mailbox/imx-mailbox.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/mailbox/imx-mailbox.c ++++ b/drivers/mailbox/imx-mailbox.c +@@ -13,6 +13,7 @@ + #include + #include + #include ++#include + #include + + #define IMX_MU_xSR_GIPn(x) BIT(28 + (3 - (x))) +@@ -66,6 +67,7 @@ struct imx_mu_priv { + const struct imx_mu_dcfg *dcfg; + struct clk *clk; + int irq; ++ bool suspend; + + u32 xcr; + +@@ -277,6 +279,9 @@ static irqreturn_t imx_mu_isr(int irq, v + return IRQ_NONE; + } + ++ if (priv->suspend) ++ pm_system_wakeup(); ++ + return IRQ_HANDLED; + } + +@@ -326,6 +331,8 @@ static int imx_mu_startup(struct mbox_ch + break; + } + ++ priv->suspend = true; ++ + return 0; + } + +@@ -543,6 +550,8 @@ static int imx_mu_probe(struct platform_ + + clk_disable_unprepare(priv->clk); + ++ priv->suspend = false; ++ + return 0; + + disable_runtime_pm: diff --git a/queue-5.10/net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch b/queue-5.10/net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch new file mode 100644 index 00000000000..1bb07a733a7 --- /dev/null +++ b/queue-5.10/net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch @@ -0,0 +1,38 @@ +From 7ed258f12ec5ce855f15cdfb5710361dc82fe899 Mon Sep 17 00:00:00 2001 +From: Guangbin Huang +Date: Wed, 30 Mar 2022 21:45:06 +0800 +Subject: net: hns3: fix software vlan talbe of vlan 0 inconsistent with hardware + +From: Guangbin Huang + +commit 7ed258f12ec5ce855f15cdfb5710361dc82fe899 upstream. + +When user delete vlan 0, as driver will not delete vlan 0 for hardware in +function hclge_set_vlan_filter_hw(), so vlan 0 in software vlan talbe should +not be deleted. + +Fixes: fe4144d47eef ("net: hns3: sync VLAN filter entries when kill VLAN ID failed") +Signed-off-by: Guangbin Huang +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c +@@ -9197,11 +9197,11 @@ int hclge_set_vlan_filter(struct hnae3_h + } + + if (!ret) { +- if (is_kill) +- hclge_rm_vport_vlan_table(vport, vlan_id, false); +- else ++ if (!is_kill) + hclge_add_vport_vlan_table(vport, vlan_id, + writen_to_tbl); ++ else if (is_kill && vlan_id != 0) ++ hclge_rm_vport_vlan_table(vport, vlan_id, false); + } else if (is_kill) { + /* when remove hw vlan filter failed, record the vlan id, + * and try to remove it from hw later, to be consistence diff --git a/queue-5.10/rtc-check-if-__rtc_read_time-was-successful.patch b/queue-5.10/rtc-check-if-__rtc_read_time-was-successful.patch new file mode 100644 index 00000000000..ed817c631a3 --- /dev/null +++ b/queue-5.10/rtc-check-if-__rtc_read_time-was-successful.patch @@ -0,0 +1,54 @@ +From 915593a7a663b2ad08b895a5f3ba8b19d89d4ebf Mon Sep 17 00:00:00 2001 +From: Tom Rix +Date: Sat, 26 Mar 2022 12:42:36 -0700 +Subject: rtc: check if __rtc_read_time was successful + +From: Tom Rix + +commit 915593a7a663b2ad08b895a5f3ba8b19d89d4ebf upstream. + +Clang static analysis reports this issue +interface.c:810:8: warning: Passed-by-value struct + argument contains uninitialized data + now = rtc_tm_to_ktime(tm); + ^~~~~~~~~~~~~~~~~~~ + +tm is set by a successful call to __rtc_read_time() +but its return status is not checked. Check if +it was successful before setting the enabled flag. +Move the decl of err to function scope. + +Fixes: 2b2f5ff00f63 ("rtc: interface: ignore expired timers when enqueuing new timers") +Signed-off-by: Tom Rix +Signed-off-by: Alexandre Belloni +Link: https://lore.kernel.org/r/20220326194236.2916310-1-trix@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/rtc/interface.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/drivers/rtc/interface.c ++++ b/drivers/rtc/interface.c +@@ -807,9 +807,13 @@ static int rtc_timer_enqueue(struct rtc_ + struct timerqueue_node *next = timerqueue_getnext(&rtc->timerqueue); + struct rtc_time tm; + ktime_t now; ++ int err; ++ ++ err = __rtc_read_time(rtc, &tm); ++ if (err) ++ return err; + + timer->enabled = 1; +- __rtc_read_time(rtc, &tm); + now = rtc_tm_to_ktime(tm); + + /* Skip over expired timers */ +@@ -823,7 +827,6 @@ static int rtc_timer_enqueue(struct rtc_ + trace_rtc_timer_enqueue(timer); + if (!next || ktime_before(timer->node.expires, next->expires)) { + struct rtc_wkalrm alarm; +- int err; + + alarm.time = rtc_ktime_to_tm(timer->node.expires); + alarm.enabled = 1; diff --git a/queue-5.10/rxrpc-fix-call-timer-start-racing-with-call-destruction.patch b/queue-5.10/rxrpc-fix-call-timer-start-racing-with-call-destruction.patch new file mode 100644 index 00000000000..04d1b7748e0 --- /dev/null +++ b/queue-5.10/rxrpc-fix-call-timer-start-racing-with-call-destruction.patch @@ -0,0 +1,200 @@ +From 4a7f62f91933c8ae5308f9127fd8ea48188b6bc3 Mon Sep 17 00:00:00 2001 +From: David Howells +Date: Wed, 30 Mar 2022 15:39:16 +0100 +Subject: rxrpc: Fix call timer start racing with call destruction + +From: David Howells + +commit 4a7f62f91933c8ae5308f9127fd8ea48188b6bc3 upstream. + +The rxrpc_call struct has a timer used to handle various timed events +relating to a call. This timer can get started from the packet input +routines that are run in softirq mode with just the RCU read lock held. +Unfortunately, because only the RCU read lock is held - and neither ref or +other lock is taken - the call can start getting destroyed at the same time +a packet comes in addressed to that call. This causes the timer - which +was already stopped - to get restarted. Later, the timer dispatch code may +then oops if the timer got deallocated first. + +Fix this by trying to take a ref on the rxrpc_call struct and, if +successful, passing that ref along to the timer. If the timer was already +running, the ref is discarded. + +The timer completion routine can then pass the ref along to the call's work +item when it queues it. If the timer or work item where already +queued/running, the extra ref is discarded. + +Fixes: a158bdd3247b ("rxrpc: Fix call timeouts") +Reported-by: Marc Dionne +Signed-off-by: David Howells +Reviewed-by: Marc Dionne +Tested-by: Marc Dionne +cc: linux-afs@lists.infradead.org +Link: http://lists.infradead.org/pipermail/linux-afs/2022-March/005073.html +Link: https://lore.kernel.org/r/164865115696.2943015.11097991776647323586.stgit@warthog.procyon.org.uk +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + include/trace/events/rxrpc.h | 8 +++++++- + net/rxrpc/ar-internal.h | 15 +++++++-------- + net/rxrpc/call_event.c | 2 +- + net/rxrpc/call_object.c | 40 +++++++++++++++++++++++++++++++++++----- + 4 files changed, 50 insertions(+), 15 deletions(-) + +--- a/include/trace/events/rxrpc.h ++++ b/include/trace/events/rxrpc.h +@@ -83,12 +83,15 @@ enum rxrpc_call_trace { + rxrpc_call_error, + rxrpc_call_got, + rxrpc_call_got_kernel, ++ rxrpc_call_got_timer, + rxrpc_call_got_userid, + rxrpc_call_new_client, + rxrpc_call_new_service, + rxrpc_call_put, + rxrpc_call_put_kernel, + rxrpc_call_put_noqueue, ++ rxrpc_call_put_notimer, ++ rxrpc_call_put_timer, + rxrpc_call_put_userid, + rxrpc_call_queued, + rxrpc_call_queued_ref, +@@ -278,12 +281,15 @@ enum rxrpc_tx_point { + EM(rxrpc_call_error, "*E*") \ + EM(rxrpc_call_got, "GOT") \ + EM(rxrpc_call_got_kernel, "Gke") \ ++ EM(rxrpc_call_got_timer, "GTM") \ + EM(rxrpc_call_got_userid, "Gus") \ + EM(rxrpc_call_new_client, "NWc") \ + EM(rxrpc_call_new_service, "NWs") \ + EM(rxrpc_call_put, "PUT") \ + EM(rxrpc_call_put_kernel, "Pke") \ +- EM(rxrpc_call_put_noqueue, "PNQ") \ ++ EM(rxrpc_call_put_noqueue, "PnQ") \ ++ EM(rxrpc_call_put_notimer, "PnT") \ ++ EM(rxrpc_call_put_timer, "PTM") \ + EM(rxrpc_call_put_userid, "Pus") \ + EM(rxrpc_call_queued, "QUE") \ + EM(rxrpc_call_queued_ref, "QUR") \ +--- a/net/rxrpc/ar-internal.h ++++ b/net/rxrpc/ar-internal.h +@@ -760,14 +760,12 @@ void rxrpc_propose_ACK(struct rxrpc_call + enum rxrpc_propose_ack_trace); + void rxrpc_process_call(struct work_struct *); + +-static inline void rxrpc_reduce_call_timer(struct rxrpc_call *call, +- unsigned long expire_at, +- unsigned long now, +- enum rxrpc_timer_trace why) +-{ +- trace_rxrpc_timer(call, why, now); +- timer_reduce(&call->timer, expire_at); +-} ++void rxrpc_reduce_call_timer(struct rxrpc_call *call, ++ unsigned long expire_at, ++ unsigned long now, ++ enum rxrpc_timer_trace why); ++ ++void rxrpc_delete_call_timer(struct rxrpc_call *call); + + /* + * call_object.c +@@ -791,6 +789,7 @@ void rxrpc_release_calls_on_socket(struc + bool __rxrpc_queue_call(struct rxrpc_call *); + bool rxrpc_queue_call(struct rxrpc_call *); + void rxrpc_see_call(struct rxrpc_call *); ++bool rxrpc_try_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op); + void rxrpc_get_call(struct rxrpc_call *, enum rxrpc_call_trace); + void rxrpc_put_call(struct rxrpc_call *, enum rxrpc_call_trace); + void rxrpc_cleanup_call(struct rxrpc_call *); +--- a/net/rxrpc/call_event.c ++++ b/net/rxrpc/call_event.c +@@ -310,7 +310,7 @@ recheck_state: + } + + if (call->state == RXRPC_CALL_COMPLETE) { +- del_timer_sync(&call->timer); ++ rxrpc_delete_call_timer(call); + goto out_put; + } + +--- a/net/rxrpc/call_object.c ++++ b/net/rxrpc/call_object.c +@@ -53,10 +53,30 @@ static void rxrpc_call_timer_expired(str + + if (call->state < RXRPC_CALL_COMPLETE) { + trace_rxrpc_timer(call, rxrpc_timer_expired, jiffies); +- rxrpc_queue_call(call); ++ __rxrpc_queue_call(call); ++ } else { ++ rxrpc_put_call(call, rxrpc_call_put); ++ } ++} ++ ++void rxrpc_reduce_call_timer(struct rxrpc_call *call, ++ unsigned long expire_at, ++ unsigned long now, ++ enum rxrpc_timer_trace why) ++{ ++ if (rxrpc_try_get_call(call, rxrpc_call_got_timer)) { ++ trace_rxrpc_timer(call, why, now); ++ if (timer_reduce(&call->timer, expire_at)) ++ rxrpc_put_call(call, rxrpc_call_put_notimer); + } + } + ++void rxrpc_delete_call_timer(struct rxrpc_call *call) ++{ ++ if (del_timer_sync(&call->timer)) ++ rxrpc_put_call(call, rxrpc_call_put_timer); ++} ++ + static struct lock_class_key rxrpc_call_user_mutex_lock_class_key; + + /* +@@ -463,6 +483,17 @@ void rxrpc_see_call(struct rxrpc_call *c + } + } + ++bool rxrpc_try_get_call(struct rxrpc_call *call, enum rxrpc_call_trace op) ++{ ++ const void *here = __builtin_return_address(0); ++ int n = atomic_fetch_add_unless(&call->usage, 1, 0); ++ ++ if (n == 0) ++ return false; ++ trace_rxrpc_call(call->debug_id, op, n, here, NULL); ++ return true; ++} ++ + /* + * Note the addition of a ref on a call. + */ +@@ -510,8 +541,7 @@ void rxrpc_release_call(struct rxrpc_soc + spin_unlock_bh(&call->lock); + + rxrpc_put_call_slot(call); +- +- del_timer_sync(&call->timer); ++ rxrpc_delete_call_timer(call); + + /* Make sure we don't get any more notifications */ + write_lock_bh(&rx->recvmsg_lock); +@@ -618,6 +648,8 @@ static void rxrpc_destroy_call(struct wo + struct rxrpc_call *call = container_of(work, struct rxrpc_call, processor); + struct rxrpc_net *rxnet = call->rxnet; + ++ rxrpc_delete_call_timer(call); ++ + rxrpc_put_connection(call->conn); + rxrpc_put_peer(call->peer); + kfree(call->rxtx_buffer); +@@ -652,8 +684,6 @@ void rxrpc_cleanup_call(struct rxrpc_cal + + memset(&call->sock_node, 0xcd, sizeof(call->sock_node)); + +- del_timer_sync(&call->timer); +- + ASSERTCMP(call->state, ==, RXRPC_CALL_COMPLETE); + ASSERT(test_bit(RXRPC_CALL_RELEASED, &call->flags)); + diff --git a/queue-5.10/series b/queue-5.10/series index b06bd1bb554..457a310817f 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -550,3 +550,9 @@ can-mcba_usb-mcba_usb_start_xmit-fix-double-dev_kfree_skb-in-error-path.patch can-mcba_usb-properly-check-endpoint-type.patch can-mcp251xfd-mcp251xfd_register_get_dev_id-fix-return-of-error-value.patch xarray-update-the-lru-list-in-xas_split.patch +rtc-check-if-__rtc_read_time-was-successful.patch +gfs2-make-sure-fitrim-minlen-is-rounded-up-to-fs-block-size.patch +net-hns3-fix-software-vlan-talbe-of-vlan-0-inconsistent-with-hardware.patch +rxrpc-fix-call-timer-start-racing-with-call-destruction.patch +mailbox-imx-fix-wakeup-failure-from-freeze-mode.patch +crypto-arm-aes-neonbs-cbc-select-generic-cbc-and-aes.patch -- 2.47.3