From c9ee28cd99325eed8490b54667b016d3862a420b Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 22 Jan 2024 12:26:39 -0800 Subject: [PATCH] 6.1-stable patches added patches: cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch iio-adc-ad7091r-allow-users-to-configure-device-events.patch iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch --- ...tion-when-nr_targets-interleave_ways.patch | 55 ++++ ...essing-some-confidence-false-touches.patch | 103 +++++++ ...low-users-to-configure-device-events.patch | 286 ++++++++++++++++++ ...ref-if-external-vref-is-not-supplied.patch | 59 ++++ ...d7091r-pass-iio_dev-to-event-handler.patch | 50 +++ ...tential-uaf-in-lpi-translation-cache.patch | 49 +++ ...ending-state-on-host-userspace-write.patch | 69 +++++ ..._ep_raise_msix_irq-alignment-support.patch | 48 +++ ...pt-status-before-dispatching-handler.patch | 58 ++++ ...emove-reference-to-pci_p2pdma_map_sg.patch | 53 ++++ ...enslave-device-before-bringing-it-up.patch | 65 ++++ ...r-unsupported-spi-modes-during-probe.patch | 49 +++ ...set-safe-default-spi-clock-frequency.patch | 44 +++ queue-6.1/series | 18 ++ ...n-precal-loading-from-mtd-for-mt7915.patch | 50 +++ ...-bssid-consistently-when-starting-ap.patch | 90 ++++++ ...ctl-change-to-pcie-cap-rmw-accessors.patch | 78 +++++ ...d-dangerous-aspm-disable-enable-code.patch | 183 +++++++++++ ...sable-kvmclock-if-it-was-not-enabled.patch | 70 +++++ 19 files changed, 1477 insertions(+) create mode 100644 queue-6.1/cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch create mode 100644 queue-6.1/hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch create mode 100644 queue-6.1/iio-adc-ad7091r-allow-users-to-configure-device-events.patch create mode 100644 queue-6.1/iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch create mode 100644 queue-6.1/iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch create mode 100644 queue-6.1/kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch create mode 100644 queue-6.1/kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch create mode 100644 queue-6.1/pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch create mode 100644 queue-6.1/pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch create mode 100644 queue-6.1/pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch create mode 100644 queue-6.1/revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch create mode 100644 queue-6.1/serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch create mode 100644 queue-6.1/serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch create mode 100644 queue-6.1/wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch create mode 100644 queue-6.1/wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch create mode 100644 queue-6.1/wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch create mode 100644 queue-6.1/wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch create mode 100644 queue-6.1/x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch diff --git a/queue-6.1/cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch b/queue-6.1/cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch new file mode 100644 index 00000000000..0e63cba6267 --- /dev/null +++ b/queue-6.1/cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch @@ -0,0 +1,55 @@ +From d6488fee66472b468ed88d265b14aa3f04dc3bdf Mon Sep 17 00:00:00 2001 +From: Huang Ying +Date: Fri, 8 Dec 2023 11:06:36 +0800 +Subject: cxl/port: Fix decoder initialization when nr_targets > interleave_ways + +From: Huang Ying + +commit d6488fee66472b468ed88d265b14aa3f04dc3bdf upstream. + +The decoder_populate_targets() helper walks all of the targets in a port +and makes sure they can be looked up in @target_map. Where @target_map +is a lookup table from target position to target id (corresponding to a +cxl_dport instance). However @target_map is only responsible for +conveying the active dport instances as indicated by interleave_ways. + +When nr_targets > interleave_ways it results in +decoder_populate_targets() walking off the end of the valid entries in +@target_map. Given target_map is initialized to 0 it results in the +dport lookup failing if position 0 is not mapped to a dport with an id +of 0: + + cxl_port port3: Failed to populate active decoder targets + cxl_port port3: Failed to add decoder + cxl_port port3: Failed to add decoder3.0 + cxl_bus_probe: cxl_port port3: probe: -6 + +This bug also highlights that when the decoder's ->targets[] array is +written in cxl_port_setup_targets() it is missing a hold of the +targets_lock to synchronize against sysfs readers of the target list. A +fix for that is saved for a later patch. + +Fixes: a5c258021689 ("cxl/bus: Populate the target list at decoder create") +Cc: +Signed-off-by: Huang, Ying +[djbw: rewrite the changelog, find the Fixes: tag] +Co-developed-by: Dan Williams +Reviewed-by: Alison Schofield +Reviewed-by: Dave Jiang +Signed-off-by: Dan Williams +Signed-off-by: Greg Kroah-Hartman +--- + drivers/cxl/core/port.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/cxl/core/port.c ++++ b/drivers/cxl/core/port.c +@@ -1403,7 +1403,7 @@ static int decoder_populate_targets(stru + return -EINVAL; + + write_seqlock(&cxlsd->target_lock); +- for (i = 0; i < cxlsd->nr_targets; i++) { ++ for (i = 0; i < cxlsd->cxld.interleave_ways; i++) { + struct cxl_dport *dport = find_dport(port, target_map[i]); + + if (!dport) { diff --git a/queue-6.1/hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch b/queue-6.1/hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch new file mode 100644 index 00000000000..bcd3ad837f0 --- /dev/null +++ b/queue-6.1/hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch @@ -0,0 +1,103 @@ +From 502296030ec6b0329e00f9fb15018e170cc63037 Mon Sep 17 00:00:00 2001 +From: Jason Gerecke +Date: Tue, 19 Dec 2023 13:33:43 -0800 +Subject: HID: wacom: Correct behavior when processing some confidence == false touches + +From: Jason Gerecke + +commit 502296030ec6b0329e00f9fb15018e170cc63037 upstream. + +There appear to be a few different ways that Wacom devices can deal with +confidence: + + 1. If the device looses confidence in a touch, it will first clear + the tipswitch flag in one report, and then clear the confidence + flag in a second report. This behavior is used by e.g. DTH-2452. + + 2. If the device looses confidence in a touch, it will clear both + the tipswitch and confidence flags within the same report. This + behavior is used by some AES devices. + + 3. If the device looses confidence in a touch, it will clear *only* + the confidence bit. The tipswitch bit will remain set so long as + the touch is tracked. This behavior may be used in future devices. + +The driver does not currently handle situation 3 properly. Touches that +loose confidence will remain "in prox" and essentially frozen in place +until the tipswitch bit is finally cleared. Not only does this result +in userspace seeing a stuck touch, but it also prevents pen arbitration +from working properly (the pen won't send events until all touches are +up, but we don't currently process events from non-confident touches). + +This commit centralizes the checking of the confidence bit in the +wacom_wac_finger_slot() function and has 'prox' depend on it. In the +case where situation 3 is encountered, the treat the touch as though +it was removed, allowing both userspace and the pen arbitration to +act normally. + +Signed-off-by: Tatsunosuke Tobita +Signed-off-by: Ping Cheng +Signed-off-by: Jason Gerecke +Fixes: 7fb0413baa7f ("HID: wacom: Use "Confidence" flag to prevent reporting invalid contacts") +Cc: stable@vger.kernel.org +Signed-off-by: Jiri Kosina +Signed-off-by: Greg Kroah-Hartman +--- + drivers/hid/wacom_wac.c | 32 ++++---------------------------- + 1 file changed, 4 insertions(+), 28 deletions(-) + +--- a/drivers/hid/wacom_wac.c ++++ b/drivers/hid/wacom_wac.c +@@ -2646,8 +2646,8 @@ static void wacom_wac_finger_slot(struct + { + struct hid_data *hid_data = &wacom_wac->hid_data; + bool mt = wacom_wac->features.touch_max > 1; +- bool prox = hid_data->tipswitch && +- report_touch_events(wacom_wac); ++ bool touch_down = hid_data->tipswitch && hid_data->confidence; ++ bool prox = touch_down && report_touch_events(wacom_wac); + + if (touch_is_muted(wacom_wac)) { + if (!wacom_wac->shared->touch_down) +@@ -2697,24 +2697,6 @@ static void wacom_wac_finger_slot(struct + } + } + +-static bool wacom_wac_slot_is_active(struct input_dev *dev, int key) +-{ +- struct input_mt *mt = dev->mt; +- struct input_mt_slot *s; +- +- if (!mt) +- return false; +- +- for (s = mt->slots; s != mt->slots + mt->num_slots; s++) { +- if (s->key == key && +- input_mt_get_value(s, ABS_MT_TRACKING_ID) >= 0) { +- return true; +- } +- } +- +- return false; +-} +- + static void wacom_wac_finger_event(struct hid_device *hdev, + struct hid_field *field, struct hid_usage *usage, __s32 value) + { +@@ -2765,14 +2747,8 @@ static void wacom_wac_finger_event(struc + } + + if (usage->usage_index + 1 == field->report_count) { +- if (equivalent_usage == wacom_wac->hid_data.last_slot_field) { +- bool touch_removed = wacom_wac_slot_is_active(wacom_wac->touch_input, +- wacom_wac->hid_data.id) && !wacom_wac->hid_data.tipswitch; +- +- if (wacom_wac->hid_data.confidence || touch_removed) { +- wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input); +- } +- } ++ if (equivalent_usage == wacom_wac->hid_data.last_slot_field) ++ wacom_wac_finger_slot(wacom_wac, wacom_wac->touch_input); + } + } + diff --git a/queue-6.1/iio-adc-ad7091r-allow-users-to-configure-device-events.patch b/queue-6.1/iio-adc-ad7091r-allow-users-to-configure-device-events.patch new file mode 100644 index 00000000000..fe0dbe013d4 --- /dev/null +++ b/queue-6.1/iio-adc-ad7091r-allow-users-to-configure-device-events.patch @@ -0,0 +1,286 @@ +From 020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f Mon Sep 17 00:00:00 2001 +From: Marcelo Schmitt +Date: Tue, 19 Dec 2023 17:26:01 -0300 +Subject: iio: adc: ad7091r: Allow users to configure device events + +From: Marcelo Schmitt + +commit 020e71c7ffc25dfe29ed9be6c2d39af7bd7f661f upstream. + +AD7091R-5 devices are supported by the ad7091r-5 driver together with +the ad7091r-base driver. Those drivers declared iio events for notifying +user space when ADC readings fall bellow the thresholds of low limit +registers or above the values set in high limit registers. +However, to configure iio events and their thresholds, a set of callback +functions must be implemented and those were not present until now. +The consequence of trying to configure ad7091r-5 events without the +proper callback functions was a null pointer dereference in the kernel +because the pointers to the callback functions were not set. + +Implement event configuration callbacks allowing users to read/write +event thresholds and enable/disable event generation. + +Since the event spec structs are generic to AD7091R devices, also move +those from the ad7091r-5 driver the base driver so they can be reused +when support for ad7091r-2/-4/-8 be added. + +Fixes: ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC") +Suggested-by: David Lechner +Signed-off-by: Marcelo Schmitt +Link: https://lore.kernel.org/r/59552d3548dabd56adc3107b7b4869afee2b0c3c.1703013352.git.marcelo.schmitt1@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/adc/ad7091r-base.c | 156 +++++++++++++++++++++++++++++++++++++++++ + drivers/iio/adc/ad7091r-base.h | 6 + + drivers/iio/adc/ad7091r5.c | 28 +------ + 3 files changed, 166 insertions(+), 24 deletions(-) + +--- a/drivers/iio/adc/ad7091r-base.c ++++ b/drivers/iio/adc/ad7091r-base.c +@@ -6,6 +6,7 @@ + */ + + #include ++#include + #include + #include + #include +@@ -49,6 +50,27 @@ struct ad7091r_state { + struct mutex lock; /*lock to prevent concurent reads */ + }; + ++const struct iio_event_spec ad7091r_events[] = { ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_RISING, ++ .mask_separate = BIT(IIO_EV_INFO_VALUE) | ++ BIT(IIO_EV_INFO_ENABLE), ++ }, ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_FALLING, ++ .mask_separate = BIT(IIO_EV_INFO_VALUE) | ++ BIT(IIO_EV_INFO_ENABLE), ++ }, ++ { ++ .type = IIO_EV_TYPE_THRESH, ++ .dir = IIO_EV_DIR_EITHER, ++ .mask_separate = BIT(IIO_EV_INFO_HYSTERESIS), ++ }, ++}; ++EXPORT_SYMBOL_NS_GPL(ad7091r_events, IIO_AD7091R); ++ + static int ad7091r_set_mode(struct ad7091r_state *st, enum ad7091r_mode mode) + { + int ret, conf; +@@ -168,8 +190,142 @@ unlock: + return ret; + } + ++static int ad7091r_read_event_config(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ int val, ret; ++ ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ &val); ++ if (ret) ++ return ret; ++ return val != AD7091R_HIGH_LIMIT; ++ case IIO_EV_DIR_FALLING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ &val); ++ if (ret) ++ return ret; ++ return val != AD7091R_LOW_LIMIT; ++ default: ++ return -EINVAL; ++ } ++} ++ ++static int ad7091r_write_event_config(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, int state) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ ++ if (state) { ++ return regmap_set_bits(st->map, AD7091R_REG_CONF, ++ AD7091R_REG_CONF_ALERT_EN); ++ } else { ++ /* ++ * Set thresholds either to 0 or to 2^12 - 1 as appropriate to ++ * prevent alerts and thus disable event generation. ++ */ ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ AD7091R_HIGH_LIMIT); ++ case IIO_EV_DIR_FALLING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ AD7091R_LOW_LIMIT); ++ default: ++ return -EINVAL; ++ } ++ } ++} ++ ++static int ad7091r_read_event_value(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, ++ enum iio_event_info info, int *val, int *val2) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ int ret; ++ ++ switch (info) { ++ case IIO_EV_INFO_VALUE: ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ case IIO_EV_DIR_FALLING: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ default: ++ return -EINVAL; ++ } ++ case IIO_EV_INFO_HYSTERESIS: ++ ret = regmap_read(st->map, ++ AD7091R_REG_CH_HYSTERESIS(chan->channel), ++ val); ++ if (ret) ++ return ret; ++ return IIO_VAL_INT; ++ default: ++ return -EINVAL; ++ } ++} ++ ++static int ad7091r_write_event_value(struct iio_dev *indio_dev, ++ const struct iio_chan_spec *chan, ++ enum iio_event_type type, ++ enum iio_event_direction dir, ++ enum iio_event_info info, int val, int val2) ++{ ++ struct ad7091r_state *st = iio_priv(indio_dev); ++ ++ switch (info) { ++ case IIO_EV_INFO_VALUE: ++ switch (dir) { ++ case IIO_EV_DIR_RISING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HIGH_LIMIT(chan->channel), ++ val); ++ case IIO_EV_DIR_FALLING: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_LOW_LIMIT(chan->channel), ++ val); ++ default: ++ return -EINVAL; ++ } ++ case IIO_EV_INFO_HYSTERESIS: ++ return regmap_write(st->map, ++ AD7091R_REG_CH_HYSTERESIS(chan->channel), ++ val); ++ default: ++ return -EINVAL; ++ } ++} ++ + static const struct iio_info ad7091r_info = { + .read_raw = ad7091r_read_raw, ++ .read_event_config = &ad7091r_read_event_config, ++ .write_event_config = &ad7091r_write_event_config, ++ .read_event_value = &ad7091r_read_event_value, ++ .write_event_value = &ad7091r_write_event_value, + }; + + static irqreturn_t ad7091r_event_handler(int irq, void *private) +--- a/drivers/iio/adc/ad7091r-base.h ++++ b/drivers/iio/adc/ad7091r-base.h +@@ -8,6 +8,10 @@ + #ifndef __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + #define __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + ++/* AD7091R_REG_CH_LIMIT */ ++#define AD7091R_HIGH_LIMIT 0xFFF ++#define AD7091R_LOW_LIMIT 0x0 ++ + struct device; + struct ad7091r_state; + +@@ -17,6 +21,8 @@ struct ad7091r_chip_info { + unsigned int vref_mV; + }; + ++extern const struct iio_event_spec ad7091r_events[3]; ++ + extern const struct regmap_config ad7091r_regmap_config; + + int ad7091r_probe(struct device *dev, const char *name, +--- a/drivers/iio/adc/ad7091r5.c ++++ b/drivers/iio/adc/ad7091r5.c +@@ -12,26 +12,6 @@ + + #include "ad7091r-base.h" + +-static const struct iio_event_spec ad7091r5_events[] = { +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_RISING, +- .mask_separate = BIT(IIO_EV_INFO_VALUE) | +- BIT(IIO_EV_INFO_ENABLE), +- }, +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_FALLING, +- .mask_separate = BIT(IIO_EV_INFO_VALUE) | +- BIT(IIO_EV_INFO_ENABLE), +- }, +- { +- .type = IIO_EV_TYPE_THRESH, +- .dir = IIO_EV_DIR_EITHER, +- .mask_separate = BIT(IIO_EV_INFO_HYSTERESIS), +- }, +-}; +- + #define AD7091R_CHANNEL(idx, bits, ev, num_ev) { \ + .type = IIO_VOLTAGE, \ + .info_mask_separate = BIT(IIO_CHAN_INFO_RAW), \ +@@ -44,10 +24,10 @@ static const struct iio_event_spec ad709 + .scan_type.realbits = bits, \ + } + static const struct iio_chan_spec ad7091r5_channels_irq[] = { +- AD7091R_CHANNEL(0, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(1, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(2, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), +- AD7091R_CHANNEL(3, 12, ad7091r5_events, ARRAY_SIZE(ad7091r5_events)), ++ AD7091R_CHANNEL(0, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(1, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(2, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), ++ AD7091R_CHANNEL(3, 12, ad7091r_events, ARRAY_SIZE(ad7091r_events)), + }; + + static const struct iio_chan_spec ad7091r5_channels_noirq[] = { diff --git a/queue-6.1/iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch b/queue-6.1/iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch new file mode 100644 index 00000000000..4039f56f9aa --- /dev/null +++ b/queue-6.1/iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch @@ -0,0 +1,59 @@ +From e71c5c89bcb165a02df35325aa13d1ee40112401 Mon Sep 17 00:00:00 2001 +From: Marcelo Schmitt +Date: Tue, 19 Dec 2023 17:26:27 -0300 +Subject: iio: adc: ad7091r: Enable internal vref if external vref is not supplied + +From: Marcelo Schmitt + +commit e71c5c89bcb165a02df35325aa13d1ee40112401 upstream. + +The ADC needs a voltage reference to work correctly. +Users can provide an external voltage reference or use the chip internal +reference to operate the ADC. +The availability of an in chip reference for the ADC saves the user from +having to supply an external voltage reference, which makes the external +reference an optional property as described in the device tree +documentation. +Though, to use the internal reference, it must be enabled by writing to +the configuration register. +Enable AD7091R internal voltage reference if no external vref is supplied. + +Fixes: 260442cc5be4 ("iio: adc: ad7091r5: Add scale and external VREF support") +Signed-off-by: Marcelo Schmitt +Link: https://lore.kernel.org/r/b865033fa6a4fc4bf2b4a98ec51a6144e0f64f77.1703013352.git.marcelo.schmitt1@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/adc/ad7091r-base.c | 7 +++++++ + drivers/iio/adc/ad7091r-base.h | 2 ++ + 2 files changed, 9 insertions(+) + +--- a/drivers/iio/adc/ad7091r-base.c ++++ b/drivers/iio/adc/ad7091r-base.c +@@ -399,7 +399,14 @@ int ad7091r_probe(struct device *dev, co + if (IS_ERR(st->vref)) { + if (PTR_ERR(st->vref) == -EPROBE_DEFER) + return -EPROBE_DEFER; ++ + st->vref = NULL; ++ /* Enable internal vref */ ++ ret = regmap_set_bits(st->map, AD7091R_REG_CONF, ++ AD7091R_REG_CONF_INT_VREF); ++ if (ret) ++ return dev_err_probe(st->dev, ret, ++ "Error on enable internal reference\n"); + } else { + ret = regulator_enable(st->vref); + if (ret) +--- a/drivers/iio/adc/ad7091r-base.h ++++ b/drivers/iio/adc/ad7091r-base.h +@@ -8,6 +8,8 @@ + #ifndef __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + #define __DRIVERS_IIO_ADC_AD7091R_BASE_H__ + ++#define AD7091R_REG_CONF_INT_VREF BIT(0) ++ + /* AD7091R_REG_CH_LIMIT */ + #define AD7091R_HIGH_LIMIT 0xFFF + #define AD7091R_LOW_LIMIT 0x0 diff --git a/queue-6.1/iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch b/queue-6.1/iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch new file mode 100644 index 00000000000..00689e10ca2 --- /dev/null +++ b/queue-6.1/iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch @@ -0,0 +1,50 @@ +From a25a7df518fc71b1ba981d691e9322e645d2689c Mon Sep 17 00:00:00 2001 +From: Marcelo Schmitt +Date: Sat, 16 Dec 2023 14:46:11 -0300 +Subject: iio: adc: ad7091r: Pass iio_dev to event handler + +From: Marcelo Schmitt + +commit a25a7df518fc71b1ba981d691e9322e645d2689c upstream. + +Previous version of ad7091r event handler received the ADC state pointer +and retrieved the iio device from driver data field with dev_get_drvdata(). +However, no driver data have ever been set, which led to null pointer +dereference when running the event handler. + +Pass the iio device to the event handler and retrieve the ADC state struct +from it so we avoid the null pointer dereference and save the driver from +filling the driver data field. + +Fixes: ca69300173b6 ("iio: adc: Add support for AD7091R5 ADC") +Signed-off-by: Marcelo Schmitt +Link: https://lore.kernel.org/r/5024b764107463de9578d5b3b0a3d5678e307b1a.1702746240.git.marcelo.schmitt1@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/adc/ad7091r-base.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/iio/adc/ad7091r-base.c ++++ b/drivers/iio/adc/ad7091r-base.c +@@ -174,8 +174,8 @@ static const struct iio_info ad7091r_inf + + static irqreturn_t ad7091r_event_handler(int irq, void *private) + { +- struct ad7091r_state *st = (struct ad7091r_state *) private; +- struct iio_dev *iio_dev = dev_get_drvdata(st->dev); ++ struct iio_dev *iio_dev = private; ++ struct ad7091r_state *st = iio_priv(iio_dev); + unsigned int i, read_val; + int ret; + s64 timestamp = iio_get_time_ns(iio_dev); +@@ -234,7 +234,7 @@ int ad7091r_probe(struct device *dev, co + if (irq) { + ret = devm_request_threaded_irq(dev, irq, NULL, + ad7091r_event_handler, +- IRQF_TRIGGER_FALLING | IRQF_ONESHOT, name, st); ++ IRQF_TRIGGER_FALLING | IRQF_ONESHOT, name, iio_dev); + if (ret) + return ret; + } diff --git a/queue-6.1/kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch b/queue-6.1/kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch new file mode 100644 index 00000000000..8059036d792 --- /dev/null +++ b/queue-6.1/kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch @@ -0,0 +1,49 @@ +From ad362fe07fecf0aba839ff2cc59a3617bd42c33f Mon Sep 17 00:00:00 2001 +From: Oliver Upton +Date: Thu, 4 Jan 2024 18:32:32 +0000 +Subject: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache + +From: Oliver Upton + +commit ad362fe07fecf0aba839ff2cc59a3617bd42c33f upstream. + +There is a potential UAF scenario in the case of an LPI translation +cache hit racing with an operation that invalidates the cache, such +as a DISCARD ITS command. The root of the problem is that +vgic_its_check_cache() does not elevate the refcount on the vgic_irq +before dropping the lock that serializes refcount changes. + +Have vgic_its_check_cache() raise the refcount on the returned vgic_irq +and add the corresponding decrement after queueing the interrupt. + +Cc: stable@vger.kernel.org +Signed-off-by: Oliver Upton +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20240104183233.3560639-1-oliver.upton@linux.dev +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kvm/vgic/vgic-its.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/arch/arm64/kvm/vgic/vgic-its.c ++++ b/arch/arm64/kvm/vgic/vgic-its.c +@@ -584,7 +584,11 @@ static struct vgic_irq *vgic_its_check_c + unsigned long flags; + + raw_spin_lock_irqsave(&dist->lpi_list_lock, flags); ++ + irq = __vgic_its_check_cache(dist, db, devid, eventid); ++ if (irq) ++ vgic_get_irq_kref(irq); ++ + raw_spin_unlock_irqrestore(&dist->lpi_list_lock, flags); + + return irq; +@@ -763,6 +767,7 @@ int vgic_its_inject_cached_translation(s + raw_spin_lock_irqsave(&irq->irq_lock, flags); + irq->pending_latch = true; + vgic_queue_irq_unlock(kvm, irq, flags); ++ vgic_put_irq(kvm, irq); + + return 0; + } diff --git a/queue-6.1/kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch b/queue-6.1/kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch new file mode 100644 index 00000000000..e19b52bc523 --- /dev/null +++ b/queue-6.1/kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch @@ -0,0 +1,69 @@ +From 7b95382f965133ef61ce44aaabc518c16eb46909 Mon Sep 17 00:00:00 2001 +From: Marc Zyngier +Date: Sun, 17 Dec 2023 11:15:09 +0000 +Subject: KVM: arm64: vgic-v4: Restore pending state on host userspace write + +From: Marc Zyngier + +commit 7b95382f965133ef61ce44aaabc518c16eb46909 upstream. + +When the VMM writes to ISPENDR0 to set the state pending state of +an SGI, we fail to convey this to the HW if this SGI is already +backed by a GICv4.1 vSGI. + +This is a bit of a corner case, as this would only occur if the +vgic state is changed on an already running VM, but this can +apparently happen across a guest reset driven by the VMM. + +Fix this by always writing out the pending_latch value to the +HW, and reseting it to false. + +Reported-by: Kunkun Jiang +Signed-off-by: Marc Zyngier +Reviewed-by: Zenghui Yu +Cc: stable@vger.kernel.org # 5.10+ +Link: https://lore.kernel.org/r/7e7f2c0c-448b-10a9-8929-4b8f4f6e2a32@huawei.com +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kvm/vgic/vgic-mmio-v3.c | 27 +++++++++++++++++---------- + 1 file changed, 17 insertions(+), 10 deletions(-) + +--- a/arch/arm64/kvm/vgic/vgic-mmio-v3.c ++++ b/arch/arm64/kvm/vgic/vgic-mmio-v3.c +@@ -365,19 +365,26 @@ static int vgic_v3_uaccess_write_pending + struct vgic_irq *irq = vgic_get_irq(vcpu->kvm, vcpu, intid + i); + + raw_spin_lock_irqsave(&irq->irq_lock, flags); +- if (test_bit(i, &val)) { +- /* +- * pending_latch is set irrespective of irq type +- * (level or edge) to avoid dependency that VM should +- * restore irq config before pending info. +- */ +- irq->pending_latch = true; +- vgic_queue_irq_unlock(vcpu->kvm, irq, flags); +- } else { ++ ++ /* ++ * pending_latch is set irrespective of irq type ++ * (level or edge) to avoid dependency that VM should ++ * restore irq config before pending info. ++ */ ++ irq->pending_latch = test_bit(i, &val); ++ ++ if (irq->hw && vgic_irq_is_sgi(irq->intid)) { ++ irq_set_irqchip_state(irq->host_irq, ++ IRQCHIP_STATE_PENDING, ++ irq->pending_latch); + irq->pending_latch = false; +- raw_spin_unlock_irqrestore(&irq->irq_lock, flags); + } + ++ if (irq->pending_latch) ++ vgic_queue_irq_unlock(vcpu->kvm, irq, flags); ++ else ++ raw_spin_unlock_irqrestore(&irq->irq_lock, flags); ++ + vgic_put_irq(vcpu->kvm, irq); + } + diff --git a/queue-6.1/pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch b/queue-6.1/pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch new file mode 100644 index 00000000000..fe9ea677ede --- /dev/null +++ b/queue-6.1/pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch @@ -0,0 +1,48 @@ +From 2217fffcd63f86776c985d42e76daa43a56abdf1 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Tue, 28 Nov 2023 14:22:30 +0100 +Subject: PCI: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Niklas Cassel + +commit 2217fffcd63f86776c985d42e76daa43a56abdf1 upstream. + +Commit 6f5e193bfb55 ("PCI: dwc: Fix dw_pcie_ep_raise_msix_irq() to get +correct MSI-X table address") modified dw_pcie_ep_raise_msix_irq() to +support iATUs which require a specific alignment. + +However, this support cannot have been properly tested. + +The whole point is for the iATU to map an address that is aligned, +using dw_pcie_ep_map_addr(), and then let the writel() write to +ep->msi_mem + aligned_offset. + +Thus, modify the address that is mapped such that it is aligned. +With this change, dw_pcie_ep_raise_msix_irq() matches the logic in +dw_pcie_ep_raise_msi_irq(). + +Link: https://lore.kernel.org/linux-pci/20231128132231.2221614-1-nks@flawful.org +Fixes: 6f5e193bfb55 ("PCI: dwc: Fix dw_pcie_ep_raise_msix_irq() to get correct MSI-X table address") +Signed-off-by: Niklas Cassel +Signed-off-by: Krzysztof Wilczyński +Reviewed-by: Manivannan Sadhasivam +Cc: stable@vger.kernel.org # 5.7 +Cc: Kishon Vijay Abraham I +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/controller/dwc/pcie-designware-ep.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/pci/controller/dwc/pcie-designware-ep.c ++++ b/drivers/pci/controller/dwc/pcie-designware-ep.c +@@ -600,6 +600,7 @@ int dw_pcie_ep_raise_msix_irq(struct dw_ + } + + aligned_offset = msg_addr & (epc->mem->window.page_size - 1); ++ msg_addr &= ~aligned_offset; + ret = dw_pcie_ep_map_addr(epc, func_no, 0, ep->msi_mem_phys, msg_addr, + epc->mem->window.page_size); + if (ret) diff --git a/queue-6.1/pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch b/queue-6.1/pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch new file mode 100644 index 00000000000..ed42c02de7a --- /dev/null +++ b/queue-6.1/pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch @@ -0,0 +1,58 @@ +From 4e11c29873a8a296a20f99b3e03095e65ebf897d Mon Sep 17 00:00:00 2001 +From: qizhong cheng +Date: Mon, 11 Dec 2023 17:49:23 +0800 +Subject: PCI: mediatek: Clear interrupt status before dispatching handler +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: qizhong cheng + +commit 4e11c29873a8a296a20f99b3e03095e65ebf897d upstream. + +We found a failure when using the iperf tool during WiFi performance +testing, where some MSIs were received while clearing the interrupt +status, and these MSIs cannot be serviced. + +The interrupt status can be cleared even if the MSI status remains pending. +As such, given the edge-triggered interrupt type, its status should be +cleared before being dispatched to the handler of the underling device. + +[kwilczynski: commit log, code comment wording] +Link: https://lore.kernel.org/linux-pci/20231211094923.31967-1-jianjun.wang@mediatek.com +Fixes: 43e6409db64d ("PCI: mediatek: Add MSI support for MT2712 and MT7622") +Signed-off-by: qizhong cheng +Signed-off-by: Jianjun Wang +Signed-off-by: Krzysztof Wilczyński +[bhelgaas: rewrap comment] +Signed-off-by: Bjorn Helgaas +Reviewed-by: AngeloGioacchino Del Regno +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pci/controller/pcie-mediatek.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/pci/controller/pcie-mediatek.c ++++ b/drivers/pci/controller/pcie-mediatek.c +@@ -617,12 +617,18 @@ static void mtk_pcie_intr_handler(struct + if (status & MSI_STATUS){ + unsigned long imsi_status; + ++ /* ++ * The interrupt status can be cleared even if the ++ * MSI status remains pending. As such, given the ++ * edge-triggered interrupt type, its status should ++ * be cleared before being dispatched to the ++ * handler of the underlying device. ++ */ ++ writel(MSI_STATUS, port->base + PCIE_INT_STATUS); + while ((imsi_status = readl(port->base + PCIE_IMSI_STATUS))) { + for_each_set_bit(bit, &imsi_status, MTK_MSI_IRQS_NUM) + generic_handle_domain_irq(port->inner_domain, bit); + } +- /* Clear MSI interrupt status */ +- writel(MSI_STATUS, port->base + PCIE_INT_STATUS); + } + } + diff --git a/queue-6.1/pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch b/queue-6.1/pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch new file mode 100644 index 00000000000..a90db8875e5 --- /dev/null +++ b/queue-6.1/pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch @@ -0,0 +1,53 @@ +From 9a000a72af75886e5de13f4edef7f0d788622e7d Mon Sep 17 00:00:00 2001 +From: Tadeusz Struk +Date: Mon, 13 Nov 2023 19:03:25 +0100 +Subject: PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() + +From: Tadeusz Struk + +commit 9a000a72af75886e5de13f4edef7f0d788622e7d upstream. + +Update Documentation/driver-api/pci/p2pdma.rst doc and remove references to +obsolete p2pdma mapping functions. + +Fixes: 0d06132fc84b ("PCI/P2PDMA: Remove pci_p2pdma_[un]map_sg()") +Link: https://lore.kernel.org/r/20231113180325.444692-1-tstruk@gmail.com +Signed-off-by: Tadeusz Struk +Signed-off-by: Bjorn Helgaas +Reviewed-by: Logan Gunthorpe +Cc: stable@kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + Documentation/driver-api/pci/p2pdma.rst | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/Documentation/driver-api/pci/p2pdma.rst b/Documentation/driver-api/pci/p2pdma.rst +index 44deb52beeb4..d0b241628cf1 100644 +--- a/Documentation/driver-api/pci/p2pdma.rst ++++ b/Documentation/driver-api/pci/p2pdma.rst +@@ -83,19 +83,9 @@ this to include other types of resources like doorbells. + Client Drivers + -------------- + +-A client driver typically only has to conditionally change its DMA map +-routine to use the mapping function :c:func:`pci_p2pdma_map_sg()` instead +-of the usual :c:func:`dma_map_sg()` function. Memory mapped in this +-way does not need to be unmapped. +- +-The client may also, optionally, make use of +-:c:func:`is_pci_p2pdma_page()` to determine when to use the P2P mapping +-functions and when to use the regular mapping functions. In some +-situations, it may be more appropriate to use a flag to indicate a +-given request is P2P memory and map appropriately. It is important to +-ensure that struct pages that back P2P memory stay out of code that +-does not have support for them as other code may treat the pages as +-regular memory which may not be appropriate. ++A client driver only has to use the mapping API :c:func:`dma_map_sg()` ++and :c:func:`dma_unmap_sg()` functions as usual, and the implementation ++will do the right thing for the P2P capable memory. + + + Orchestrator Drivers +-- +2.43.0 + diff --git a/queue-6.1/revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch b/queue-6.1/revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch new file mode 100644 index 00000000000..b20f93214ed --- /dev/null +++ b/queue-6.1/revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch @@ -0,0 +1,65 @@ +From ec4ffd100ffb396eca13ebe7d18938ea80f399c3 Mon Sep 17 00:00:00 2001 +From: Nicolas Dichtel +Date: Mon, 8 Jan 2024 10:41:02 +0100 +Subject: Revert "net: rtnetlink: Enslave device before bringing it up" + +From: Nicolas Dichtel + +commit ec4ffd100ffb396eca13ebe7d18938ea80f399c3 upstream. + +This reverts commit a4abfa627c3865c37e036bccb681619a50d3d93c. + +The patch broke: +> ip link set dummy0 up +> ip link set dummy0 master bond0 down + +This last command is useful to be able to enslave an interface with only +one netlink message. + +After discussion, there is no good reason to support: +> ip link set dummy0 down +> ip link set dummy0 master bond0 up +because the bond interface already set the slave up when it is up. + +Cc: stable@vger.kernel.org +Fixes: a4abfa627c38 ("net: rtnetlink: Enslave device before bringing it up") +Signed-off-by: Nicolas Dichtel +Reviewed-by: Jiri Pirko +Reviewed-by: Hangbin Liu +Link: https://lore.kernel.org/r/20240108094103.2001224-2-nicolas.dichtel@6wind.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/core/rtnetlink.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -2797,13 +2797,6 @@ static int do_setlink(const struct sk_bu + call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); + } + +- if (tb[IFLA_MASTER]) { +- err = do_set_master(dev, nla_get_u32(tb[IFLA_MASTER]), extack); +- if (err) +- goto errout; +- status |= DO_SETLINK_MODIFIED; +- } +- + if (ifm->ifi_flags || ifm->ifi_change) { + err = dev_change_flags(dev, rtnl_dev_combine_flags(dev, ifm), + extack); +@@ -2811,6 +2804,13 @@ static int do_setlink(const struct sk_bu + goto errout; + } + ++ if (tb[IFLA_MASTER]) { ++ err = do_set_master(dev, nla_get_u32(tb[IFLA_MASTER]), extack); ++ if (err) ++ goto errout; ++ status |= DO_SETLINK_MODIFIED; ++ } ++ + if (tb[IFLA_CARRIER]) { + err = dev_change_carrier(dev, nla_get_u8(tb[IFLA_CARRIER])); + if (err) diff --git a/queue-6.1/serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch b/queue-6.1/serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch new file mode 100644 index 00000000000..032a4b380cb --- /dev/null +++ b/queue-6.1/serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch @@ -0,0 +1,49 @@ +From 6d710b769c1f5f0d55c9ad9bb49b7dce009ec103 Mon Sep 17 00:00:00 2001 +From: Hugo Villeneuve +Date: Thu, 21 Dec 2023 18:18:09 -0500 +Subject: serial: sc16is7xx: add check for unsupported SPI modes during probe + +From: Hugo Villeneuve + +commit 6d710b769c1f5f0d55c9ad9bb49b7dce009ec103 upstream. + +The original comment is confusing because it implies that variants other +than the SC16IS762 supports other SPI modes beside SPI_MODE_0. + +Extract from datasheet: + The SC16IS762 differs from the SC16IS752 in that it supports SPI clock + speeds up to 15 Mbit/s instead of the 4 Mbit/s supported by the + SC16IS752... In all other aspects, the SC16IS762 is functionally and + electrically the same as the SC16IS752. + +The same is also true of the SC16IS760 variant versus the SC16IS740 and +SC16IS750 variants. + +For all variants, only SPI mode 0 is supported. + +Change comment and abort probing if the specified SPI mode is not +SPI_MODE_0. + +Fixes: 2c837a8a8f9f ("sc16is7xx: spi interface is added") +Cc: +Signed-off-by: Hugo Villeneuve +Link: https://lore.kernel.org/r/20231221231823.2327894-3-hugo@hugovil.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/sc16is7xx.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/sc16is7xx.c ++++ b/drivers/tty/serial/sc16is7xx.c +@@ -1716,7 +1716,10 @@ static int sc16is7xx_spi_probe(struct sp + + /* Setup SPI bus */ + spi->bits_per_word = 8; +- /* only supports mode 0 on SC16IS762 */ ++ /* For all variants, only mode 0 is supported */ ++ if ((spi->mode & SPI_MODE_X_MASK) != SPI_MODE_0) ++ return dev_err_probe(&spi->dev, -EINVAL, "Unsupported SPI mode\n"); ++ + spi->mode = spi->mode ? : SPI_MODE_0; + spi->max_speed_hz = spi->max_speed_hz ? : 15000000; + ret = spi_setup(spi); diff --git a/queue-6.1/serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch b/queue-6.1/serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch new file mode 100644 index 00000000000..e93d0447a18 --- /dev/null +++ b/queue-6.1/serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch @@ -0,0 +1,44 @@ +From 3ef79cd1412236d884ab0c46b4d1921380807b48 Mon Sep 17 00:00:00 2001 +From: Hugo Villeneuve +Date: Thu, 21 Dec 2023 18:18:10 -0500 +Subject: serial: sc16is7xx: set safe default SPI clock frequency + +From: Hugo Villeneuve + +commit 3ef79cd1412236d884ab0c46b4d1921380807b48 upstream. + +15 MHz is supported only by 76x variants. + +If the SPI clock frequency is not specified, use a safe default clock value +of 4 MHz that is supported by all variants. + +Also use HZ_PER_MHZ macro to improve readability. + +Fixes: 2c837a8a8f9f ("sc16is7xx: spi interface is added") +Cc: +Signed-off-by: Hugo Villeneuve +Link: https://lore.kernel.org/r/20231221231823.2327894-4-hugo@hugovil.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/serial/sc16is7xx.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/tty/serial/sc16is7xx.c ++++ b/drivers/tty/serial/sc16is7xx.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + #include + + #define SC16IS7XX_NAME "sc16is7xx" +@@ -1721,7 +1722,7 @@ static int sc16is7xx_spi_probe(struct sp + return dev_err_probe(&spi->dev, -EINVAL, "Unsupported SPI mode\n"); + + spi->mode = spi->mode ? : SPI_MODE_0; +- spi->max_speed_hz = spi->max_speed_hz ? : 15000000; ++ spi->max_speed_hz = spi->max_speed_hz ? : 4 * HZ_PER_MHZ; + ret = spi_setup(spi); + if (ret) + return ret; diff --git a/queue-6.1/series b/queue-6.1/series index 9cb55a277d4..56d406b4bb3 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -304,3 +304,21 @@ bpf-fix-re-attachment-branch-in-bpf_tracing_prog_attach.patch loongarch-fix-and-simplify-fcsr-initialization-on-execve.patch iommu-arm-smmu-qcom-add-missing-gmu-entry-to-match-table.patch iommu-dma-trace-bounce-buffer-usage-when-mapping-buffers.patch +wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch +wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch +wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch +wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch +revert-net-rtnetlink-enslave-device-before-bringing-it-up.patch +cxl-port-fix-decoder-initialization-when-nr_targets-interleave_ways.patch +pci-p2pdma-remove-reference-to-pci_p2pdma_map_sg.patch +pci-dwc-endpoint-fix-dw_pcie_ep_raise_msix_irq-alignment-support.patch +pci-mediatek-clear-interrupt-status-before-dispatching-handler.patch +x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch +kvm-arm64-vgic-v4-restore-pending-state-on-host-userspace-write.patch +kvm-arm64-vgic-its-avoid-potential-uaf-in-lpi-translation-cache.patch +iio-adc-ad7091r-pass-iio_dev-to-event-handler.patch +iio-adc-ad7091r-allow-users-to-configure-device-events.patch +iio-adc-ad7091r-enable-internal-vref-if-external-vref-is-not-supplied.patch +hid-wacom-correct-behavior-when-processing-some-confidence-false-touches.patch +serial-sc16is7xx-add-check-for-unsupported-spi-modes-during-probe.patch +serial-sc16is7xx-set-safe-default-spi-clock-frequency.patch diff --git a/queue-6.1/wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch b/queue-6.1/wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch new file mode 100644 index 00000000000..aaa00bb89c2 --- /dev/null +++ b/queue-6.1/wifi-mt76-fix-broken-precal-loading-from-mtd-for-mt7915.patch @@ -0,0 +1,50 @@ +From e874a79250b39447765ac13272b67ac36ccf2a75 Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Wed, 18 Oct 2023 15:09:37 +0200 +Subject: wifi: mt76: fix broken precal loading from MTD for mt7915 + +From: Christian Marangi + +commit e874a79250b39447765ac13272b67ac36ccf2a75 upstream. + +Commit 495184ac91bb ("mt76: mt7915: add support for applying +pre-calibration data") was fundamentally broken and never worked. + +The idea (before NVMEM support) was to expand the MTD function and pass +an additional offset. For normal EEPROM load the offset would always be +0. For the purpose of precal loading, an offset was passed that was +internally the size of EEPROM, since precal data is right after the +EEPROM. + +Problem is that the offset value passed is never handled and is actually +overwrite by + + offset = be32_to_cpup(list); + ret = mtd_read(mtd, offset, len, &retlen, eep); + +resulting in the passed offset value always ingnored. (and even passing +garbage data as precal as the start of the EEPROM is getting read) + +Fix this by adding to the current offset value, the offset from DT to +correctly read the piece of data at the requested location. + +Cc: stable@vger.kernel.org +Fixes: 495184ac91bb ("mt76: mt7915: add support for applying pre-calibration data") +Signed-off-by: Christian Marangi +Signed-off-by: Felix Fietkau +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/mediatek/mt76/eeprom.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/wireless/mediatek/mt76/eeprom.c ++++ b/drivers/net/wireless/mediatek/mt76/eeprom.c +@@ -62,7 +62,7 @@ int mt76_get_of_eeprom(struct mt76_dev * + goto out_put_node; + } + +- offset = be32_to_cpup(list); ++ offset += be32_to_cpup(list); + ret = mtd_read(mtd, offset, len, &retlen, eep); + put_mtd_device(mtd); + if (mtd_is_bitflip(ret)) diff --git a/queue-6.1/wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch b/queue-6.1/wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch new file mode 100644 index 00000000000..80f0d93b65f --- /dev/null +++ b/queue-6.1/wifi-mwifiex-configure-bssid-consistently-when-starting-ap.patch @@ -0,0 +1,90 @@ +From f0dd488e11e71ac095df7638d892209c629d9af2 Mon Sep 17 00:00:00 2001 +From: David Lin +Date: Fri, 15 Dec 2023 08:51:18 +0800 +Subject: wifi: mwifiex: configure BSSID consistently when starting AP + +From: David Lin + +commit f0dd488e11e71ac095df7638d892209c629d9af2 upstream. + +AP BSSID configuration is missing at AP start. Without this fix, FW returns +STA interface MAC address after first init. When hostapd restarts, it gets MAC +address from netdev before driver sets STA MAC to netdev again. Now MAC address +between hostapd and net interface are different causes STA cannot connect to +AP. After that MAC address of uap0 mlan0 become the same. And issue disappears +after following hostapd restart (another issue is AP/STA MAC address become the +same). + +This patch fixes the issue cleanly. + +Signed-off-by: David Lin +Fixes: 12190c5d80bd ("mwifiex: add cfg80211 start_ap and stop_ap handlers") +Cc: stable@vger.kernel.org +Reviewed-by: Francesco Dolcini +Tested-by: Rafael Beims # Verdin iMX8MP/SD8997 SD +Acked-by: Brian Norris +Signed-off-by: Kalle Valo +Link: https://msgid.link/20231215005118.17031-1-yu-hao.lin@nxp.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/marvell/mwifiex/cfg80211.c | 2 ++ + drivers/net/wireless/marvell/mwifiex/fw.h | 1 + + drivers/net/wireless/marvell/mwifiex/ioctl.h | 1 + + drivers/net/wireless/marvell/mwifiex/uap_cmd.c | 8 ++++++++ + 4 files changed, 12 insertions(+) + +--- a/drivers/net/wireless/marvell/mwifiex/cfg80211.c ++++ b/drivers/net/wireless/marvell/mwifiex/cfg80211.c +@@ -2046,6 +2046,8 @@ static int mwifiex_cfg80211_start_ap(str + + mwifiex_set_sys_config_invalid_data(bss_cfg); + ++ memcpy(bss_cfg->mac_addr, priv->curr_addr, ETH_ALEN); ++ + if (params->beacon_interval) + bss_cfg->beacon_period = params->beacon_interval; + if (params->dtim_period) +--- a/drivers/net/wireless/marvell/mwifiex/fw.h ++++ b/drivers/net/wireless/marvell/mwifiex/fw.h +@@ -165,6 +165,7 @@ enum MWIFIEX_802_11_PRIVACY_FILTER { + #define TLV_TYPE_STA_MAC_ADDR (PROPRIETARY_TLV_BASE_ID + 32) + #define TLV_TYPE_BSSID (PROPRIETARY_TLV_BASE_ID + 35) + #define TLV_TYPE_CHANNELBANDLIST (PROPRIETARY_TLV_BASE_ID + 42) ++#define TLV_TYPE_UAP_MAC_ADDRESS (PROPRIETARY_TLV_BASE_ID + 43) + #define TLV_TYPE_UAP_BEACON_PERIOD (PROPRIETARY_TLV_BASE_ID + 44) + #define TLV_TYPE_UAP_DTIM_PERIOD (PROPRIETARY_TLV_BASE_ID + 45) + #define TLV_TYPE_UAP_BCAST_SSID (PROPRIETARY_TLV_BASE_ID + 48) +--- a/drivers/net/wireless/marvell/mwifiex/ioctl.h ++++ b/drivers/net/wireless/marvell/mwifiex/ioctl.h +@@ -107,6 +107,7 @@ struct mwifiex_uap_bss_param { + u8 qos_info; + u8 power_constraint; + struct mwifiex_types_wmm_info wmm_info; ++ u8 mac_addr[ETH_ALEN]; + }; + + enum { +--- a/drivers/net/wireless/marvell/mwifiex/uap_cmd.c ++++ b/drivers/net/wireless/marvell/mwifiex/uap_cmd.c +@@ -468,6 +468,7 @@ void mwifiex_config_uap_11d(struct mwifi + static int + mwifiex_uap_bss_param_prepare(u8 *tlv, void *cmd_buf, u16 *param_size) + { ++ struct host_cmd_tlv_mac_addr *mac_tlv; + struct host_cmd_tlv_dtim_period *dtim_period; + struct host_cmd_tlv_beacon_period *beacon_period; + struct host_cmd_tlv_ssid *ssid; +@@ -487,6 +488,13 @@ mwifiex_uap_bss_param_prepare(u8 *tlv, v + int i; + u16 cmd_size = *param_size; + ++ mac_tlv = (struct host_cmd_tlv_mac_addr *)tlv; ++ mac_tlv->header.type = cpu_to_le16(TLV_TYPE_UAP_MAC_ADDRESS); ++ mac_tlv->header.len = cpu_to_le16(ETH_ALEN); ++ memcpy(mac_tlv->mac_addr, bss_cfg->mac_addr, ETH_ALEN); ++ cmd_size += sizeof(struct host_cmd_tlv_mac_addr); ++ tlv += sizeof(struct host_cmd_tlv_mac_addr); ++ + if (bss_cfg->ssid.ssid_len) { + ssid = (struct host_cmd_tlv_ssid *)tlv; + ssid->header.type = cpu_to_le16(TLV_TYPE_UAP_SSID); diff --git a/queue-6.1/wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch b/queue-6.1/wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch new file mode 100644 index 00000000000..b450d6e6088 --- /dev/null +++ b/queue-6.1/wifi-rtlwifi-convert-lnkctl-change-to-pcie-cap-rmw-accessors.patch @@ -0,0 +1,78 @@ +From 5894d0089cbc146063dcc0239a78ede0a8142efb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= +Date: Fri, 24 Nov 2023 10:47:17 +0200 +Subject: wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ilpo Järvinen + +commit 5894d0089cbc146063dcc0239a78ede0a8142efb upstream. + +The rtlwifi driver comes with custom code to write into PCIe Link +Control register. RMW access for the Link Control register requires +locking that is already provided by the standard PCIe capability +accessors. + +Convert the custom RMW code writing into LNKCTL register to standard +RMW capability accessors. The accesses are changed to cover the full +LNKCTL register instead of touching just a single byte of the register. + +Fixes: 0c8173385e54 ("rtl8192ce: Add new driver") +Cc: stable@vger.kernel.org +Signed-off-by: Ilpo Järvinen +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20231124084725.12738-3-ilpo.jarvinen@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/realtek/rtlwifi/pci.c | 21 +++++++++++++++------ + 1 file changed, 15 insertions(+), 6 deletions(-) + +--- a/drivers/net/wireless/realtek/rtlwifi/pci.c ++++ b/drivers/net/wireless/realtek/rtlwifi/pci.c +@@ -164,21 +164,29 @@ static bool _rtl_pci_platform_switch_dev + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); + struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw)); + ++ value &= PCI_EXP_LNKCTL_ASPMC; ++ + if (rtlhal->hw_type != HARDWARE_TYPE_RTL8192SE) +- value |= 0x40; ++ value |= PCI_EXP_LNKCTL_CCC; + +- pci_write_config_byte(rtlpci->pdev, 0x80, value); ++ pcie_capability_clear_and_set_word(rtlpci->pdev, PCI_EXP_LNKCTL, ++ PCI_EXP_LNKCTL_ASPMC | value, ++ value); + + return false; + } + +-/*When we set 0x01 to enable clk request. Set 0x0 to disable clk req.*/ +-static void _rtl_pci_switch_clk_req(struct ieee80211_hw *hw, u8 value) ++/* @value is PCI_EXP_LNKCTL_CLKREQ_EN or 0 to enable/disable clk request. */ ++static void _rtl_pci_switch_clk_req(struct ieee80211_hw *hw, u16 value) + { + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); + struct rtl_hal *rtlhal = rtl_hal(rtl_priv(hw)); + +- pci_write_config_byte(rtlpci->pdev, 0x81, value); ++ value &= PCI_EXP_LNKCTL_CLKREQ_EN; ++ ++ pcie_capability_clear_and_set_word(rtlpci->pdev, PCI_EXP_LNKCTL, ++ PCI_EXP_LNKCTL_CLKREQ_EN, ++ value); + + if (rtlhal->hw_type == HARDWARE_TYPE_RTL8192SE) + udelay(100); +@@ -259,7 +267,8 @@ static void rtl_pci_enable_aspm(struct i + + if (ppsc->reg_rfps_level & RT_RF_OFF_LEVL_CLK_REQ) { + _rtl_pci_switch_clk_req(hw, (ppsc->reg_rfps_level & +- RT_RF_OFF_LEVL_CLK_REQ) ? 1 : 0); ++ RT_RF_OFF_LEVL_CLK_REQ) ? ++ PCI_EXP_LNKCTL_CLKREQ_EN : 0); + RT_SET_PS_LEVEL(ppsc, RT_RF_OFF_LEVL_CLK_REQ); + } + udelay(100); diff --git a/queue-6.1/wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch b/queue-6.1/wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch new file mode 100644 index 00000000000..a15d7f64521 --- /dev/null +++ b/queue-6.1/wifi-rtlwifi-remove-bogus-and-dangerous-aspm-disable-enable-code.patch @@ -0,0 +1,183 @@ +From b3943b3c2971444364e03224cfc828c5789deada Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= +Date: Fri, 24 Nov 2023 10:47:16 +0200 +Subject: wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ilpo Järvinen + +commit b3943b3c2971444364e03224cfc828c5789deada upstream. + +Ever since introduction in the commit 0c8173385e54 ("rtl8192ce: Add new +driver") the rtlwifi code has, according to comments, attempted to +disable/enable ASPM of the upstream bridge by writing into its LNKCTL +register. However, the code has never been correct because it performs +the writes to the device instead of the upstream bridge. + +Worse yet, the offset where the PCIe capabilities reside is derived +from the offset of the upstream bridge. As a result, the write will use +an offset on the device that does not relate to the LNKCTL register +making the ASPM disable/enable code outright dangerous. + +Because of those problems, there is no indication that the driver needs +disable/enable ASPM on the upstream bridge. As the Capabilities offset +is not correctly calculated for the write to target device's LNKCTL +register, the code is not disabling/enabling device's ASPM either. +Therefore, just remove the upstream bridge related ASPM disable/enable +code entirely. + +The upstream bridge related ASPM code was the only user of the struct +mp_adapter members num4bytes, pcibridge_pciehdr_offset, and +pcibridge_linkctrlreg so those are removed as well. + +Note: This change does not remove the code related to changing the +device's ASPM on purpose (which is independent of this flawed code +related to upstream bridge's ASPM). + +Suggested-by: Bjorn Helgaas +Fixes: 0c8173385e54 ("rtl8192ce: Add new driver") +Fixes: 886e14b65a8f ("rtlwifi: Eliminate raw reads and writes from PCIe portion") +Cc: stable@vger.kernel.org +Signed-off-by: Ilpo Järvinen +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20231124084725.12738-2-ilpo.jarvinen@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/wireless/realtek/rtlwifi/pci.c | 58 ----------------------------- + drivers/net/wireless/realtek/rtlwifi/pci.h | 5 -- + 2 files changed, 1 insertion(+), 62 deletions(-) + +--- a/drivers/net/wireless/realtek/rtlwifi/pci.c ++++ b/drivers/net/wireless/realtek/rtlwifi/pci.c +@@ -192,11 +192,8 @@ static void rtl_pci_disable_aspm(struct + struct rtl_ps_ctl *ppsc = rtl_psc(rtl_priv(hw)); + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); + u8 pcibridge_vendor = pcipriv->ndis_adapter.pcibridge_vendor; +- u8 num4bytes = pcipriv->ndis_adapter.num4bytes; + /*Retrieve original configuration settings. */ + u8 linkctrl_reg = pcipriv->ndis_adapter.linkctrl_reg; +- u16 pcibridge_linkctrlreg = pcipriv->ndis_adapter. +- pcibridge_linkctrlreg; + u16 aspmlevel = 0; + u8 tmp_u1b = 0; + +@@ -221,16 +218,8 @@ static void rtl_pci_disable_aspm(struct + /*Set corresponding value. */ + aspmlevel |= BIT(0) | BIT(1); + linkctrl_reg &= ~aspmlevel; +- pcibridge_linkctrlreg &= ~(BIT(0) | BIT(1)); + + _rtl_pci_platform_switch_device_pci_aspm(hw, linkctrl_reg); +- udelay(50); +- +- /*4 Disable Pci Bridge ASPM */ +- pci_write_config_byte(rtlpci->pdev, (num4bytes << 2), +- pcibridge_linkctrlreg); +- +- udelay(50); + } + + /*Enable RTL8192SE ASPM & Enable Pci Bridge ASPM for +@@ -245,9 +234,7 @@ static void rtl_pci_enable_aspm(struct i + struct rtl_ps_ctl *ppsc = rtl_psc(rtl_priv(hw)); + struct rtl_pci *rtlpci = rtl_pcidev(rtl_pcipriv(hw)); + u8 pcibridge_vendor = pcipriv->ndis_adapter.pcibridge_vendor; +- u8 num4bytes = pcipriv->ndis_adapter.num4bytes; + u16 aspmlevel; +- u8 u_pcibridge_aspmsetting; + u8 u_device_aspmsetting; + + if (!ppsc->support_aspm) +@@ -259,25 +246,6 @@ static void rtl_pci_enable_aspm(struct i + return; + } + +- /*4 Enable Pci Bridge ASPM */ +- +- u_pcibridge_aspmsetting = +- pcipriv->ndis_adapter.pcibridge_linkctrlreg | +- rtlpci->const_hostpci_aspm_setting; +- +- if (pcibridge_vendor == PCI_BRIDGE_VENDOR_INTEL) +- u_pcibridge_aspmsetting &= ~BIT(0); +- +- pci_write_config_byte(rtlpci->pdev, (num4bytes << 2), +- u_pcibridge_aspmsetting); +- +- rtl_dbg(rtlpriv, COMP_INIT, DBG_LOUD, +- "PlatformEnableASPM(): Write reg[%x] = %x\n", +- (pcipriv->ndis_adapter.pcibridge_pciehdr_offset + 0x10), +- u_pcibridge_aspmsetting); +- +- udelay(50); +- + /*Get ASPM level (with/without Clock Req) */ + aspmlevel = rtlpci->const_devicepci_aspm_setting; + u_device_aspmsetting = pcipriv->ndis_adapter.linkctrl_reg; +@@ -358,22 +326,6 @@ static bool rtl_pci_check_buddy_priv(str + return tpriv != NULL; + } + +-static void rtl_pci_get_linkcontrol_field(struct ieee80211_hw *hw) +-{ +- struct rtl_pci_priv *pcipriv = rtl_pcipriv(hw); +- struct rtl_pci *rtlpci = rtl_pcidev(pcipriv); +- u8 capabilityoffset = pcipriv->ndis_adapter.pcibridge_pciehdr_offset; +- u8 linkctrl_reg; +- u8 num4bbytes; +- +- num4bbytes = (capabilityoffset + 0x10) / 4; +- +- /*Read Link Control Register */ +- pci_read_config_byte(rtlpci->pdev, (num4bbytes << 2), &linkctrl_reg); +- +- pcipriv->ndis_adapter.pcibridge_linkctrlreg = linkctrl_reg; +-} +- + static void rtl_pci_parse_configuration(struct pci_dev *pdev, + struct ieee80211_hw *hw) + { +@@ -2033,12 +1985,6 @@ static bool _rtl_pci_find_adapter(struct + PCI_SLOT(bridge_pdev->devfn); + pcipriv->ndis_adapter.pcibridge_funcnum = + PCI_FUNC(bridge_pdev->devfn); +- pcipriv->ndis_adapter.pcibridge_pciehdr_offset = +- pci_pcie_cap(bridge_pdev); +- pcipriv->ndis_adapter.num4bytes = +- (pcipriv->ndis_adapter.pcibridge_pciehdr_offset + 0x10) / 4; +- +- rtl_pci_get_linkcontrol_field(hw); + + if (pcipriv->ndis_adapter.pcibridge_vendor == + PCI_BRIDGE_VENDOR_AMD) { +@@ -2055,13 +2001,11 @@ static bool _rtl_pci_find_adapter(struct + pdev->vendor, pcipriv->ndis_adapter.linkctrl_reg); + + rtl_dbg(rtlpriv, COMP_INIT, DBG_DMESG, +- "pci_bridge busnumber:devnumber:funcnumber:vendor:pcie_cap:link_ctl_reg:amd %d:%d:%d:%x:%x:%x:%x\n", ++ "pci_bridge busnumber:devnumber:funcnumber:vendor:amd %d:%d:%d:%x:%x\n", + pcipriv->ndis_adapter.pcibridge_busnum, + pcipriv->ndis_adapter.pcibridge_devnum, + pcipriv->ndis_adapter.pcibridge_funcnum, + pcibridge_vendors[pcipriv->ndis_adapter.pcibridge_vendor], +- pcipriv->ndis_adapter.pcibridge_pciehdr_offset, +- pcipriv->ndis_adapter.pcibridge_linkctrlreg, + pcipriv->ndis_adapter.amd_l1_patch); + + rtl_pci_parse_configuration(pdev, hw); +--- a/drivers/net/wireless/realtek/rtlwifi/pci.h ++++ b/drivers/net/wireless/realtek/rtlwifi/pci.h +@@ -236,11 +236,6 @@ struct mp_adapter { + u16 pcibridge_vendorid; + u16 pcibridge_deviceid; + +- u8 num4bytes; +- +- u8 pcibridge_pciehdr_offset; +- u8 pcibridge_linkctrlreg; +- + bool amd_l1_patch; + }; + diff --git a/queue-6.1/x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch b/queue-6.1/x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch new file mode 100644 index 00000000000..002a10250a8 --- /dev/null +++ b/queue-6.1/x86-kvm-do-not-try-to-disable-kvmclock-if-it-was-not-enabled.patch @@ -0,0 +1,70 @@ +From 1c6d984f523f67ecfad1083bb04c55d91977bb15 Mon Sep 17 00:00:00 2001 +From: "Kirill A. Shutemov" +Date: Tue, 5 Dec 2023 03:45:01 +0300 +Subject: x86/kvm: Do not try to disable kvmclock if it was not enabled + +From: Kirill A. Shutemov + +commit 1c6d984f523f67ecfad1083bb04c55d91977bb15 upstream. + +kvm_guest_cpu_offline() tries to disable kvmclock regardless if it is +present in the VM. It leads to write to a MSR that doesn't exist on some +configurations, namely in TDX guest: + + unchecked MSR access error: WRMSR to 0x12 (tried to write 0x0000000000000000) + at rIP: 0xffffffff8110687c (kvmclock_disable+0x1c/0x30) + +kvmclock enabling is gated by CLOCKSOURCE and CLOCKSOURCE2 KVM paravirt +features. + +Do not disable kvmclock if it was not enabled. + +Signed-off-by: Kirill A. Shutemov +Fixes: c02027b5742b ("x86/kvm: Disable kvmclock on all CPUs on shutdown") +Reviewed-by: Sean Christopherson +Reviewed-by: Vitaly Kuznetsov +Cc: Paolo Bonzini +Cc: Wanpeng Li +Cc: stable@vger.kernel.org +Message-Id: <20231205004510.27164-6-kirill.shutemov@linux.intel.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/kernel/kvmclock.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/arch/x86/kernel/kvmclock.c ++++ b/arch/x86/kernel/kvmclock.c +@@ -24,8 +24,8 @@ + + static int kvmclock __initdata = 1; + static int kvmclock_vsyscall __initdata = 1; +-static int msr_kvm_system_time __ro_after_init = MSR_KVM_SYSTEM_TIME; +-static int msr_kvm_wall_clock __ro_after_init = MSR_KVM_WALL_CLOCK; ++static int msr_kvm_system_time __ro_after_init; ++static int msr_kvm_wall_clock __ro_after_init; + static u64 kvm_sched_clock_offset __ro_after_init; + + static int __init parse_no_kvmclock(char *arg) +@@ -195,7 +195,8 @@ static void kvm_setup_secondary_clock(vo + + void kvmclock_disable(void) + { +- native_write_msr(msr_kvm_system_time, 0, 0); ++ if (msr_kvm_system_time) ++ native_write_msr(msr_kvm_system_time, 0, 0); + } + + static void __init kvmclock_init_mem(void) +@@ -294,7 +295,10 @@ void __init kvmclock_init(void) + if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE2)) { + msr_kvm_system_time = MSR_KVM_SYSTEM_TIME_NEW; + msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK_NEW; +- } else if (!kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE)) { ++ } else if (kvm_para_has_feature(KVM_FEATURE_CLOCKSOURCE)) { ++ msr_kvm_system_time = MSR_KVM_SYSTEM_TIME; ++ msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK; ++ } else { + return; + } + -- 2.47.3