From f2f779c43f30ef48633229fc9d48241bd190f52e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 21 Feb 2022 08:18:48 +0100 Subject: [PATCH] 5.16-stable patches added patches: asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch ice-enable-parsing-ipsec-spi-headers-for-rss.patch lockdep-correct-lock_classes-index-mapping.patch scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch tests-fix-idmapped-mount_setattr-test.patch --- ...-size-when-parsing-compressed-buffer.patch | 42 +++++++ ...-of-sighand-siglock-critical-section.patch | 112 ++++++++++++++++++ ...-error-handling-path-in-pt_core_init.patch | 77 ++++++++++++ ...-fix-support-for-dsl-and-cm-variants.patch | 36 ++++++ ...don-t-delete-an-unregistered-adapter.patch | 40 +++++++ ...ice-tree-node-before-i2c_add_adapter.patch | 71 +++++++++++ ...le-parsing-ipsec-spi-headers-for-rss.patch | 48 ++++++++ ...p-correct-lock_classes-index-mapping.patch | 70 +++++++++++ ...sp-and-qedi_process_cmd_cleanup_resp.patch | 67 +++++++++++ queue-5.16/series | 10 ++ ...ests-fix-idmapped-mount_setattr-test.patch | 45 +++++++ 11 files changed, 618 insertions(+) create mode 100644 queue-5.16/asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch create mode 100644 queue-5.16/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch create mode 100644 queue-5.16/dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch create mode 100644 queue-5.16/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch create mode 100644 queue-5.16/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch create mode 100644 queue-5.16/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch create mode 100644 queue-5.16/ice-enable-parsing-ipsec-spi-headers-for-rss.patch create mode 100644 queue-5.16/lockdep-correct-lock_classes-index-mapping.patch create mode 100644 queue-5.16/scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch create mode 100644 queue-5.16/tests-fix-idmapped-mount_setattr-test.patch diff --git a/queue-5.16/asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch b/queue-5.16/asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch new file mode 100644 index 00000000000..7f27f0d21ee --- /dev/null +++ b/queue-5.16/asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch @@ -0,0 +1,42 @@ +From a887f9c7a4d37a8e874ba8415a42a92a1b5139fc Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Thu, 10 Feb 2022 17:20:51 +0000 +Subject: ASoC: wm_adsp: Correct control read size when parsing compressed buffer + +From: Charles Keepax + +commit a887f9c7a4d37a8e874ba8415a42a92a1b5139fc upstream. + +When parsing the compressed stream the whole buffer descriptor is +now read in a single cs_dsp_coeff_read_ctrl; on older firmwares +this descriptor is just 4 bytes but on more modern firmwares it is +24 bytes. The current code reads the full 24 bytes regardless, this +was working but reading junk for the last 20 bytes. However commit +f444da38ac92 ("firmware: cs_dsp: Add offset to cs_dsp read/write") +added a size check into cs_dsp_coeff_read_ctrl, causing the older +firmwares to now return an error. + +Update the code to only read the amount of data appropriate for +the firmware loaded. + +Fixes: 04ae08596737 ("ASoC: wm_adsp: Switch to using wm_coeff_read_ctrl for compressed buffers") +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220210172053.22782-1-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/wm_adsp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/soc/codecs/wm_adsp.c ++++ b/sound/soc/codecs/wm_adsp.c +@@ -1448,7 +1448,8 @@ static int wm_adsp_buffer_parse_coeff(st + int ret, i; + + for (i = 0; i < 5; ++i) { +- ret = cs_dsp_coeff_read_ctrl(cs_ctl, &coeff_v1, sizeof(coeff_v1)); ++ ret = cs_dsp_coeff_read_ctrl(cs_ctl, &coeff_v1, ++ min(cs_ctl->len, sizeof(coeff_v1))); + if (ret < 0) + return ret; + diff --git a/queue-5.16/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch b/queue-5.16/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch new file mode 100644 index 00000000000..95f46e4da60 --- /dev/null +++ b/queue-5.16/copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch @@ -0,0 +1,112 @@ +From ddc204b517e60ae64db34f9832dc41dafa77c751 Mon Sep 17 00:00:00 2001 +From: Waiman Long +Date: Tue, 8 Feb 2022 11:39:12 -0500 +Subject: copy_process(): Move fd_install() out of sighand->siglock critical section + +From: Waiman Long + +commit ddc204b517e60ae64db34f9832dc41dafa77c751 upstream. + +I was made aware of the following lockdep splat: + +[ 2516.308763] ===================================================== +[ 2516.309085] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected +[ 2516.309433] 5.14.0-51.el9.aarch64+debug #1 Not tainted +[ 2516.309703] ----------------------------------------------------- +[ 2516.310149] stress-ng/153663 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: +[ 2516.310512] ffff0000e422b198 (&newf->file_lock){+.+.}-{2:2}, at: fd_install+0x368/0x4f0 +[ 2516.310944] + and this task is already holding: +[ 2516.311248] ffff0000c08140d8 (&sighand->siglock){-.-.}-{2:2}, at: copy_process+0x1e2c/0x3e80 +[ 2516.311804] which would create a new lock dependency: +[ 2516.312066] (&sighand->siglock){-.-.}-{2:2} -> (&newf->file_lock){+.+.}-{2:2} +[ 2516.312446] + but this new dependency connects a HARDIRQ-irq-safe lock: +[ 2516.312983] (&sighand->siglock){-.-.}-{2:2} + : +[ 2516.330700] Possible interrupt unsafe locking scenario: + +[ 2516.331075] CPU0 CPU1 +[ 2516.331328] ---- ---- +[ 2516.331580] lock(&newf->file_lock); +[ 2516.331790] local_irq_disable(); +[ 2516.332231] lock(&sighand->siglock); +[ 2516.332579] lock(&newf->file_lock); +[ 2516.332922] +[ 2516.333069] lock(&sighand->siglock); +[ 2516.333291] + *** DEADLOCK *** +[ 2516.389845] + stack backtrace: +[ 2516.390101] CPU: 3 PID: 153663 Comm: stress-ng Kdump: loaded Not tainted 5.14.0-51.el9.aarch64+debug #1 +[ 2516.390756] Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 +[ 2516.391155] Call trace: +[ 2516.391302] dump_backtrace+0x0/0x3e0 +[ 2516.391518] show_stack+0x24/0x30 +[ 2516.391717] dump_stack_lvl+0x9c/0xd8 +[ 2516.391938] dump_stack+0x1c/0x38 +[ 2516.392247] print_bad_irq_dependency+0x620/0x710 +[ 2516.392525] check_irq_usage+0x4fc/0x86c +[ 2516.392756] check_prev_add+0x180/0x1d90 +[ 2516.392988] validate_chain+0x8e0/0xee0 +[ 2516.393215] __lock_acquire+0x97c/0x1e40 +[ 2516.393449] lock_acquire.part.0+0x240/0x570 +[ 2516.393814] lock_acquire+0x90/0xb4 +[ 2516.394021] _raw_spin_lock+0xe8/0x154 +[ 2516.394244] fd_install+0x368/0x4f0 +[ 2516.394451] copy_process+0x1f5c/0x3e80 +[ 2516.394678] kernel_clone+0x134/0x660 +[ 2516.394895] __do_sys_clone3+0x130/0x1f4 +[ 2516.395128] __arm64_sys_clone3+0x5c/0x7c +[ 2516.395478] invoke_syscall.constprop.0+0x78/0x1f0 +[ 2516.395762] el0_svc_common.constprop.0+0x22c/0x2c4 +[ 2516.396050] do_el0_svc+0xb0/0x10c +[ 2516.396252] el0_svc+0x24/0x34 +[ 2516.396436] el0t_64_sync_handler+0xa4/0x12c +[ 2516.396688] el0t_64_sync+0x198/0x19c +[ 2517.491197] NET: Registered PF_ATMPVC protocol family +[ 2517.491524] NET: Registered PF_ATMSVC protocol family +[ 2591.991877] sched: RT throttling activated + +One way to solve this problem is to move the fd_install() call out of +the sighand->siglock critical section. + +Before commit 6fd2fe494b17 ("copy_process(): don't use ksys_close() +on cleanups"), the pidfd installation was done without holding both +the task_list lock and the sighand->siglock. Obviously, holding these +two locks are not really needed to protect the fd_install() call. +So move the fd_install() call down to after the releases of both locks. + +Link: https://lore.kernel.org/r/20220208163912.1084752-1-longman@redhat.com +Fixes: 6fd2fe494b17 ("copy_process(): don't use ksys_close() on cleanups") +Reviewed-by: "Eric W. Biederman" +Signed-off-by: Waiman Long +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + kernel/fork.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -2350,10 +2350,6 @@ static __latent_entropy struct task_stru + goto bad_fork_cancel_cgroup; + } + +- /* past the last point of failure */ +- if (pidfile) +- fd_install(pidfd, pidfile); +- + init_task_pid_links(p); + if (likely(p->pid)) { + ptrace_init_task(p, (clone_flags & CLONE_PTRACE) || trace); +@@ -2402,6 +2398,9 @@ static __latent_entropy struct task_stru + syscall_tracepoint_update(p); + write_unlock_irq(&tasklist_lock); + ++ if (pidfile) ++ fd_install(pidfd, pidfile); ++ + proc_fork_connector(p); + sched_post_fork(p, args); + cgroup_post_fork(p, args); diff --git a/queue-5.16/dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch b/queue-5.16/dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch new file mode 100644 index 00000000000..205027e043a --- /dev/null +++ b/queue-5.16/dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch @@ -0,0 +1,77 @@ +From 3c62fd3406e0b2277c76a6984d3979c7f3f1d129 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 5 Feb 2022 07:58:44 +0100 +Subject: dmaengine: ptdma: Fix the error handling path in pt_core_init() + +From: Christophe JAILLET + +commit 3c62fd3406e0b2277c76a6984d3979c7f3f1d129 upstream. + +In order to free resources correctly in the error handling path of +pt_core_init(), 2 goto's have to be switched. Otherwise, some resources +will leak and we will try to release things that have not been allocated +yet. + +Also move a dev_err() to a place where it is more meaningful. + +Fixes: fa5d823b16a9 ("dmaengine: ptdma: Initial driver for the AMD PTDMA") +Signed-off-by: Christophe JAILLET +Acked-by: Sanjay R Mehta +Reviewed-by: Dan Carpenter +Link: https://lore.kernel.org/r/41a963a35173f89c874f5c44df5530dc09fea8da.1644044244.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/dma/ptdma/ptdma-dev.c | 17 +++++++++-------- + 1 file changed, 9 insertions(+), 8 deletions(-) + +--- a/drivers/dma/ptdma/ptdma-dev.c ++++ b/drivers/dma/ptdma/ptdma-dev.c +@@ -207,7 +207,7 @@ int pt_core_init(struct pt_device *pt) + if (!cmd_q->qbase) { + dev_err(dev, "unable to allocate command queue\n"); + ret = -ENOMEM; +- goto e_dma_alloc; ++ goto e_destroy_pool; + } + + cmd_q->qidx = 0; +@@ -229,8 +229,10 @@ int pt_core_init(struct pt_device *pt) + + /* Request an irq */ + ret = request_irq(pt->pt_irq, pt_core_irq_handler, 0, dev_name(pt->dev), pt); +- if (ret) +- goto e_pool; ++ if (ret) { ++ dev_err(dev, "unable to allocate an IRQ\n"); ++ goto e_free_dma; ++ } + + /* Update the device registers with queue information. */ + cmd_q->qcontrol &= ~CMD_Q_SIZE; +@@ -250,21 +252,20 @@ int pt_core_init(struct pt_device *pt) + /* Register the DMA engine support */ + ret = pt_dmaengine_register(pt); + if (ret) +- goto e_dmaengine; ++ goto e_free_irq; + + /* Set up debugfs entries */ + ptdma_debugfs_setup(pt); + + return 0; + +-e_dmaengine: ++e_free_irq: + free_irq(pt->pt_irq, pt); + +-e_dma_alloc: ++e_free_dma: + dma_free_coherent(dev, cmd_q->qsize, cmd_q->qbase, cmd_q->qbase_dma); + +-e_pool: +- dev_err(dev, "unable to allocate an IRQ\n"); ++e_destroy_pool: + dma_pool_destroy(pt->cmd_q.dma_pool); + + return ret; diff --git a/queue-5.16/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch b/queue-5.16/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch new file mode 100644 index 00000000000..9a55a786581 --- /dev/null +++ b/queue-5.16/i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch @@ -0,0 +1,36 @@ +From 834cea3a252ed4847db076a769ad9efe06afe2d5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= +Date: Tue, 15 Feb 2022 08:27:35 +0100 +Subject: i2c: brcmstb: fix support for DSL and CM variants +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Rafał Miłecki + +commit 834cea3a252ed4847db076a769ad9efe06afe2d5 upstream. + +DSL and CM (Cable Modem) support 8 B max transfer size and have a custom +DT binding for that reason. This driver was checking for a wrong +"compatible" however which resulted in an incorrect setup. + +Fixes: e2e5a2c61837 ("i2c: brcmstb: Adding support for CM and DSL SoCs") +Signed-off-by: Rafał Miłecki +Acked-by: Florian Fainelli +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-brcmstb.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-brcmstb.c ++++ b/drivers/i2c/busses/i2c-brcmstb.c +@@ -673,7 +673,7 @@ static int brcmstb_i2c_probe(struct plat + + /* set the data in/out register size for compatible SoCs */ + if (of_device_is_compatible(dev->device->of_node, +- "brcmstb,brcmper-i2c")) ++ "brcm,brcmper-i2c")) + dev->data_regsz = sizeof(u8); + else + dev->data_regsz = sizeof(u32); diff --git a/queue-5.16/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch b/queue-5.16/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch new file mode 100644 index 00000000000..24c8abcafa2 --- /dev/null +++ b/queue-5.16/i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch @@ -0,0 +1,40 @@ +From a0d48505a1d68e27220369e2dd1e3573a2f362d2 Mon Sep 17 00:00:00 2001 +From: Vladimir Zapolskiy +Date: Thu, 3 Feb 2022 18:47:00 +0200 +Subject: i2c: qcom-cci: don't delete an unregistered adapter + +From: Vladimir Zapolskiy + +commit a0d48505a1d68e27220369e2dd1e3573a2f362d2 upstream. + +If i2c_add_adapter() fails to add an I2C adapter found on QCOM CCI +controller, on error path i2c_del_adapter() is still called. + +Fortunately there is a sanity check in the I2C core, so the only +visible implication is a printed debug level message: + + i2c-core: attempting to delete unregistered adapter [Qualcomm-CCI] + +Nevertheless it would be reasonable to correct the probe error path. + +Fixes: e517526195de ("i2c: Add Qualcomm CCI I2C driver") +Signed-off-by: Vladimir Zapolskiy +Reviewed-by: Robert Foss +Reviewed-by: Bjorn Andersson +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-qcom-cci.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/i2c/busses/i2c-qcom-cci.c ++++ b/drivers/i2c/busses/i2c-qcom-cci.c +@@ -655,7 +655,7 @@ static int cci_probe(struct platform_dev + return 0; + + error_i2c: +- for (; i >= 0; i--) { ++ for (--i ; i >= 0; i--) { + if (cci->master[i].cci) + i2c_del_adapter(&cci->master[i].adap); + } diff --git a/queue-5.16/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch b/queue-5.16/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch new file mode 100644 index 00000000000..d064b7e7335 --- /dev/null +++ b/queue-5.16/i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch @@ -0,0 +1,71 @@ +From 02a4a69667a2ad32f3b52ca906f19628fbdd8a01 Mon Sep 17 00:00:00 2001 +From: Vladimir Zapolskiy +Date: Thu, 3 Feb 2022 18:47:03 +0200 +Subject: i2c: qcom-cci: don't put a device tree node before i2c_add_adapter() + +From: Vladimir Zapolskiy + +commit 02a4a69667a2ad32f3b52ca906f19628fbdd8a01 upstream. + +There is a minor chance for a race, if a pointer to an i2c-bus subnode +is stored and then reused after releasing its reference, and it would +be sufficient to get one more reference under a loop over children +subnodes. + +Fixes: e517526195de ("i2c: Add Qualcomm CCI I2C driver") +Signed-off-by: Vladimir Zapolskiy +Reviewed-by: Robert Foss +Reviewed-by: Bjorn Andersson +Signed-off-by: Wolfram Sang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/i2c/busses/i2c-qcom-cci.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/i2c/busses/i2c-qcom-cci.c ++++ b/drivers/i2c/busses/i2c-qcom-cci.c +@@ -558,7 +558,7 @@ static int cci_probe(struct platform_dev + cci->master[idx].adap.quirks = &cci->data->quirks; + cci->master[idx].adap.algo = &cci_algo; + cci->master[idx].adap.dev.parent = dev; +- cci->master[idx].adap.dev.of_node = child; ++ cci->master[idx].adap.dev.of_node = of_node_get(child); + cci->master[idx].master = idx; + cci->master[idx].cci = cci; + +@@ -643,8 +643,10 @@ static int cci_probe(struct platform_dev + continue; + + ret = i2c_add_adapter(&cci->master[i].adap); +- if (ret < 0) ++ if (ret < 0) { ++ of_node_put(cci->master[i].adap.dev.of_node); + goto error_i2c; ++ } + } + + pm_runtime_set_autosuspend_delay(dev, MSEC_PER_SEC); +@@ -656,8 +658,10 @@ static int cci_probe(struct platform_dev + + error_i2c: + for (--i ; i >= 0; i--) { +- if (cci->master[i].cci) ++ if (cci->master[i].cci) { + i2c_del_adapter(&cci->master[i].adap); ++ of_node_put(cci->master[i].adap.dev.of_node); ++ } + } + error: + disable_irq(cci->irq); +@@ -673,8 +677,10 @@ static int cci_remove(struct platform_de + int i; + + for (i = 0; i < cci->data->num_masters; i++) { +- if (cci->master[i].cci) ++ if (cci->master[i].cci) { + i2c_del_adapter(&cci->master[i].adap); ++ of_node_put(cci->master[i].adap.dev.of_node); ++ } + cci_halt(cci, i); + } + diff --git a/queue-5.16/ice-enable-parsing-ipsec-spi-headers-for-rss.patch b/queue-5.16/ice-enable-parsing-ipsec-spi-headers-for-rss.patch new file mode 100644 index 00000000000..774ee76ad56 --- /dev/null +++ b/queue-5.16/ice-enable-parsing-ipsec-spi-headers-for-rss.patch @@ -0,0 +1,48 @@ +From 86006f996346e8a5a1ea80637ec949ceeea4ecbc Mon Sep 17 00:00:00 2001 +From: Jesse Brandeburg +Date: Fri, 11 Feb 2022 09:14:18 -0800 +Subject: ice: enable parsing IPSEC SPI headers for RSS + +From: Jesse Brandeburg + +commit 86006f996346e8a5a1ea80637ec949ceeea4ecbc upstream. + +The COMMS package can enable the hardware parser to recognize IPSEC +frames with ESP header and SPI identifier. If this package is available +and configured for loading in /lib/firmware, then the driver will +succeed in enabling this protocol type for RSS. + +This in turn allows the hardware to hash over the SPI and use it to pick +a consistent receive queue for the same secure flow. Without this all +traffic is steered to the same queue for multiple traffic threads from +the same IP address. For that reason this is marked as a fix, as the +driver supports the model, but it wasn't enabled. + +If the package is not available, adding this type will fail, but the +failure is ignored on purpose as it has no negative affect. + +Fixes: c90ed40cefe1 ("ice: Enable writing hardware filtering tables") +Signed-off-by: Jesse Brandeburg +Tested-by: Gurucharan G (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/ice/ice_lib.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/net/ethernet/intel/ice/ice_lib.c ++++ b/drivers/net/ethernet/intel/ice/ice_lib.c +@@ -1641,6 +1641,12 @@ static void ice_vsi_set_rss_flow_fld(str + if (status) + dev_dbg(dev, "ice_add_rss_cfg failed for sctp6 flow, vsi = %d, error = %s\n", + vsi_num, ice_stat_str(status)); ++ ++ status = ice_add_rss_cfg(hw, vsi_handle, ICE_FLOW_HASH_ESP_SPI, ++ ICE_FLOW_SEG_HDR_ESP); ++ if (status) ++ dev_dbg(dev, "ice_add_rss_cfg failed for esp/spi flow, vsi = %d, error = %d\n", ++ vsi_num, status); + } + + /** diff --git a/queue-5.16/lockdep-correct-lock_classes-index-mapping.patch b/queue-5.16/lockdep-correct-lock_classes-index-mapping.patch new file mode 100644 index 00000000000..0a85f902324 --- /dev/null +++ b/queue-5.16/lockdep-correct-lock_classes-index-mapping.patch @@ -0,0 +1,70 @@ +From 28df029d53a2fd80c1b8674d47895648ad26dcfb Mon Sep 17 00:00:00 2001 +From: Cheng Jui Wang +Date: Thu, 10 Feb 2022 18:50:11 +0800 +Subject: lockdep: Correct lock_classes index mapping + +From: Cheng Jui Wang + +commit 28df029d53a2fd80c1b8674d47895648ad26dcfb upstream. + +A kernel exception was hit when trying to dump /proc/lockdep_chains after +lockdep report "BUG: MAX_LOCKDEP_CHAIN_HLOCKS too low!": + +Unable to handle kernel paging request at virtual address 00054005450e05c3 +... +00054005450e05c3] address between user and kernel address ranges +... +pc : [0xffffffece769b3a8] string+0x50/0x10c +lr : [0xffffffece769ac88] vsnprintf+0x468/0x69c +... + Call trace: + string+0x50/0x10c + vsnprintf+0x468/0x69c + seq_printf+0x8c/0xd8 + print_name+0x64/0xf4 + lc_show+0xb8/0x128 + seq_read_iter+0x3cc/0x5fc + proc_reg_read_iter+0xdc/0x1d4 + +The cause of the problem is the function lock_chain_get_class() will +shift lock_classes index by 1, but the index don't need to be shifted +anymore since commit 01bb6f0af992 ("locking/lockdep: Change the range +of class_idx in held_lock struct") already change the index to start +from 0. + +The lock_classes[-1] located at chain_hlocks array. When printing +lock_classes[-1] after the chain_hlocks entries are modified, the +exception happened. + +The output of lockdep_chains are incorrect due to this problem too. + +Fixes: f611e8cf98ec ("lockdep: Take read/write status in consideration when generate chainkey") +Signed-off-by: Cheng Jui Wang +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Boqun Feng +Link: https://lore.kernel.org/r/20220210105011.21712-1-cheng-jui.wang@mediatek.com +Signed-off-by: Greg Kroah-Hartman +--- + kernel/locking/lockdep.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -3462,7 +3462,7 @@ struct lock_class *lock_chain_get_class( + u16 chain_hlock = chain_hlocks[chain->base + i]; + unsigned int class_idx = chain_hlock_class_idx(chain_hlock); + +- return lock_classes + class_idx - 1; ++ return lock_classes + class_idx; + } + + /* +@@ -3530,7 +3530,7 @@ static void print_chain_keys_chain(struc + hlock_id = chain_hlocks[chain->base + i]; + chain_key = print_chain_key_iteration(hlock_id, chain_key); + +- print_lock_name(lock_classes + chain_hlock_class_idx(hlock_id) - 1); ++ print_lock_name(lock_classes + chain_hlock_class_idx(hlock_id)); + printk("\n"); + } + } diff --git a/queue-5.16/scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch b/queue-5.16/scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch new file mode 100644 index 00000000000..583e9692ccd --- /dev/null +++ b/queue-5.16/scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch @@ -0,0 +1,67 @@ +From f10f582d28220f50099d3f561116256267821429 Mon Sep 17 00:00:00 2001 +From: Mike Christie +Date: Tue, 8 Feb 2022 12:54:48 -0600 +Subject: scsi: qedi: Fix ABBA deadlock in qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() + +From: Mike Christie + +commit f10f582d28220f50099d3f561116256267821429 upstream. + +This fixes a deadlock added with commit b40f3894e39e ("scsi: qedi: Complete +TMF works before disconnect") + +Bug description from Jia-Ju Bai: + +qedi_process_tmf_resp() + spin_lock(&session->back_lock); --> Line 201 (Lock A) + spin_lock(&qedi_conn->tmf_work_lock); --> Line 230 (Lock B) + +qedi_process_cmd_cleanup_resp() + spin_lock_bh(&qedi_conn->tmf_work_lock); --> Line 752 (Lock B) + spin_lock_bh(&conn->session->back_lock); --> Line 784 (Lock A) + +When qedi_process_tmf_resp() and qedi_process_cmd_cleanup_resp() are +concurrently executed, the deadlock can occur. + +This patch fixes the deadlock by not holding the tmf_work_lock in +qedi_process_cmd_cleanup_resp while holding the back_lock. The +tmf_work_lock is only needed while we remove the tmf_work from the +work_list. + +Link: https://lore.kernel.org/r/20220208185448.6206-1-michael.christie@oracle.com +Fixes: b40f3894e39e ("scsi: qedi: Complete TMF works before disconnect") +Cc: Manish Rangankar +Cc: Nilesh Javali +Reported-by: TOTE Robot +Reported-by: Jia-Ju Bai +Signed-off-by: Mike Christie +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/qedi/qedi_fw.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/drivers/scsi/qedi/qedi_fw.c ++++ b/drivers/scsi/qedi/qedi_fw.c +@@ -771,11 +771,10 @@ static void qedi_process_cmd_cleanup_res + qedi_cmd->list_tmf_work = NULL; + } + } ++ spin_unlock_bh(&qedi_conn->tmf_work_lock); + +- if (!found) { +- spin_unlock_bh(&qedi_conn->tmf_work_lock); ++ if (!found) + goto check_cleanup_reqs; +- } + + QEDI_INFO(&qedi->dbg_ctx, QEDI_LOG_SCSI_TM, + "TMF work, cqe->tid=0x%x, tmf flags=0x%x, cid=0x%x\n", +@@ -806,7 +805,6 @@ static void qedi_process_cmd_cleanup_res + qedi_cmd->state = CLEANUP_RECV; + unlock: + spin_unlock_bh(&conn->session->back_lock); +- spin_unlock_bh(&qedi_conn->tmf_work_lock); + wake_up_interruptible(&qedi_conn->wait_queue); + return; + diff --git a/queue-5.16/series b/queue-5.16/series index 263b41f0730..7bd1e6035d3 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -179,6 +179,16 @@ net-sched-limit-tc_act_repeat-loops.patch dmaengine-sh-rcar-dmac-check-for-error-num-after-setting-mask.patch dmaengine-stm32-dmamux-fix-pm-disable-depth-imbalance-in-stm32_dmamux_probe.patch dmaengine-sh-rcar-dmac-check-for-error-num-after-dma_set_max_seg_size.patch +tests-fix-idmapped-mount_setattr-test.patch +i2c-qcom-cci-don-t-delete-an-unregistered-adapter.patch +i2c-qcom-cci-don-t-put-a-device-tree-node-before-i2c_add_adapter.patch +dmaengine-ptdma-fix-the-error-handling-path-in-pt_core_init.patch +copy_process-move-fd_install-out-of-sighand-siglock-critical-section.patch +scsi-qedi-fix-abba-deadlock-in-qedi_process_tmf_resp-and-qedi_process_cmd_cleanup_resp.patch +asoc-wm_adsp-correct-control-read-size-when-parsing-compressed-buffer.patch +ice-enable-parsing-ipsec-spi-headers-for-rss.patch +i2c-brcmstb-fix-support-for-dsl-and-cm-variants.patch +lockdep-correct-lock_classes-index-mapping.patch hid-elo-fix-memory-leak-in-elo_probe.patch mtd-rawnand-ingenic-fix-missing-put_device-in-ingeni.patch drivers-hv-vmbus-fix-memory-leak-in-vmbus_add_channe.patch diff --git a/queue-5.16/tests-fix-idmapped-mount_setattr-test.patch b/queue-5.16/tests-fix-idmapped-mount_setattr-test.patch new file mode 100644 index 00000000000..019b8ad3c03 --- /dev/null +++ b/queue-5.16/tests-fix-idmapped-mount_setattr-test.patch @@ -0,0 +1,45 @@ +From d1c56bfdaca465bd1d0e913053a9c5cafe8b6a6c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 3 Feb 2022 14:14:05 +0100 +Subject: tests: fix idmapped mount_setattr test + +From: Christian Brauner + +commit d1c56bfdaca465bd1d0e913053a9c5cafe8b6a6c upstream. + +The test treated zero as a successful run when it really should treat +non-zero as a successful run. A mount's idmapping can't change once it +has been attached to the filesystem. + +Link: https://lore.kernel.org/r/20220203131411.3093040-2-brauner@kernel.org +Fixes: 01eadc8dd96d ("tests: add mount_setattr() selftests") +Cc: Seth Forshee +Cc: Christoph Hellwig +Cc: linux-fsdevel@vger.kernel.org +Reviewed-by: Christoph Hellwig +Signed-off-by: Christian Brauner +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/mount_setattr/mount_setattr_test.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/tools/testing/selftests/mount_setattr/mount_setattr_test.c ++++ b/tools/testing/selftests/mount_setattr/mount_setattr_test.c +@@ -1236,7 +1236,7 @@ static int get_userns_fd(unsigned long n + } + + /** +- * Validate that an attached mount in our mount namespace can be idmapped. ++ * Validate that an attached mount in our mount namespace cannot be idmapped. + * (The kernel enforces that the mount's mount namespace and the caller's mount + * namespace match.) + */ +@@ -1259,7 +1259,7 @@ TEST_F(mount_setattr_idmapped, attached_ + + attr.userns_fd = get_userns_fd(0, 10000, 10000); + ASSERT_GE(attr.userns_fd, 0); +- ASSERT_EQ(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); ++ ASSERT_NE(sys_mount_setattr(open_tree_fd, "", AT_EMPTY_PATH, &attr, sizeof(attr)), 0); + ASSERT_EQ(close(attr.userns_fd), 0); + ASSERT_EQ(close(open_tree_fd), 0); + } -- 2.47.3