From: Sasha Levin Date: Sun, 3 Dec 2023 20:07:06 +0000 (-0500) Subject: Fixes for 4.19 X-Git-Tag: v4.14.332~23^2~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31fbdc8c203ffbfa0e7f89b20bb819cedae93d30;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 4.19 Signed-off-by: Sasha Levin --- diff --git a/queue-4.19/arm64-kconfig-add-a-choice-for-endianness.patch b/queue-4.19/arm64-kconfig-add-a-choice-for-endianness.patch new file mode 100644 index 00000000000..0be639ce499 --- /dev/null +++ b/queue-4.19/arm64-kconfig-add-a-choice-for-endianness.patch @@ -0,0 +1,63 @@ +From 6764e1ab6471b7fd6714fccc60c36c5fcdea206c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 13 Nov 2019 10:26:52 +0100 +Subject: arm64: Kconfig: add a choice for endianness + +From: Anders Roxell + +[ Upstream commit d8e85e144bbe12e8d82c6b05d690a34da62cc991 ] + +When building allmodconfig KCONFIG_ALLCONFIG=$(pwd)/arch/arm64/configs/defconfig +CONFIG_CPU_BIG_ENDIAN gets enabled. Which tends not to be what most +people want. Another concern that has come up is that ACPI isn't built +for an allmodconfig kernel today since that also depends on !CPU_BIG_ENDIAN. + +Rework so that we introduce a 'choice' and default the choice to +CPU_LITTLE_ENDIAN. That means that when we build an allmodconfig kernel +it will default to CPU_LITTLE_ENDIAN that most people tends to want. + +Reviewed-by: John Garry +Acked-by: Will Deacon +Signed-off-by: Anders Roxell +Signed-off-by: Catalin Marinas +Stable-dep-of: 146a15b87335 ("arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer") +Signed-off-by: Sasha Levin +--- + arch/arm64/Kconfig | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index e16f0d45b47ac..04ff19aa948a1 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -748,10 +748,26 @@ config ARM64_PA_BITS + default 48 if ARM64_PA_BITS_48 + default 52 if ARM64_PA_BITS_52 + ++choice ++ prompt "Endianness" ++ default CPU_LITTLE_ENDIAN ++ help ++ Select the endianness of data accesses performed by the CPU. Userspace ++ applications will need to be compiled and linked for the endianness ++ that is selected here. ++ + config CPU_BIG_ENDIAN + bool "Build big-endian kernel" + help +- Say Y if you plan on running a kernel in big-endian mode. ++ Say Y if you plan on running a kernel with a big-endian userspace. ++ ++config CPU_LITTLE_ENDIAN ++ bool "Build little-endian kernel" ++ help ++ Say Y if you plan on running a kernel with a little-endian userspace. ++ This is usually the case for distributions targeting arm64. ++ ++endchoice + + config SCHED_MC + bool "Multi-core scheduler support" +-- +2.42.0 + diff --git a/queue-4.19/arm64-make-cpu_big_endian-depend-on-ld.bfd-or-ld.lld.patch b/queue-4.19/arm64-make-cpu_big_endian-depend-on-ld.bfd-or-ld.lld.patch new file mode 100644 index 00000000000..9c4e01d6eda --- /dev/null +++ b/queue-4.19/arm64-make-cpu_big_endian-depend-on-ld.bfd-or-ld.lld.patch @@ -0,0 +1,59 @@ +From 354a6aad1bac79aafc40ddfabe5f0cdb119b00dc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Feb 2021 17:57:20 -0700 +Subject: arm64: Make CPU_BIG_ENDIAN depend on ld.bfd or ld.lld 13.0.0+ + +From: Nathan Chancellor + +[ Upstream commit e9c6deee00e9197e75cd6aa0d265d3d45bd7cc28 ] + +Similar to commit 28187dc8ebd9 ("ARM: 9025/1: Kconfig: CPU_BIG_ENDIAN +depends on !LD_IS_LLD"), ld.lld prior to 13.0.0 does not properly +support aarch64 big endian, leading to the following build error when +CONFIG_CPU_BIG_ENDIAN is selected: + +ld.lld: error: unknown emulation: aarch64linuxb + +This has been resolved in LLVM 13. To avoid errors like this, only allow +CONFIG_CPU_BIG_ENDIAN to be selected if using ld.bfd or ld.lld 13.0.0 +and newer. + +While we are here, the indentation of this symbol used spaces since its +introduction in commit a872013d6d03 ("arm64: kconfig: allow +CPU_BIG_ENDIAN to be selected"). Change it to tabs to be consistent with +kernel coding style. + +Link: https://github.com/ClangBuiltLinux/linux/issues/380 +Link: https://github.com/ClangBuiltLinux/linux/issues/1288 +Link: https://github.com/llvm/llvm-project/commit/7605a9a009b5fa3bdac07e3131c8d82f6d08feb7 +Link: https://github.com/llvm/llvm-project/commit/eea34aae2e74e9b6fbdd5b95f479bc7f397bf387 +Reported-by: Arnd Bergmann +Signed-off-by: Nathan Chancellor +Reviewed-by: Nick Desaulniers +Link: https://lore.kernel.org/r/20210209005719.803608-1-nathan@kernel.org +Signed-off-by: Will Deacon +Stable-dep-of: 146a15b87335 ("arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer") +Signed-off-by: Sasha Levin +--- + arch/arm64/Kconfig | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 04ff19aa948a1..92646f12a66d2 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -757,8 +757,9 @@ choice + that is selected here. + + config CPU_BIG_ENDIAN +- bool "Build big-endian kernel" +- help ++ bool "Build big-endian kernel" ++ depends on !LD_IS_LLD || LLD_VERSION >= 130000 ++ help + Say Y if you plan on running a kernel with a big-endian userspace. + + config CPU_LITTLE_ENDIAN +-- +2.42.0 + diff --git a/queue-4.19/arm64-restrict-cpu_big_endian-to-gnu-as-or-llvm-ias-.patch b/queue-4.19/arm64-restrict-cpu_big_endian-to-gnu-as-or-llvm-ias-.patch new file mode 100644 index 00000000000..a45b2b8c3f8 --- /dev/null +++ b/queue-4.19/arm64-restrict-cpu_big_endian-to-gnu-as-or-llvm-ias-.patch @@ -0,0 +1,94 @@ +From 4c762ee5a651ad98e47860959d05a8cb18248bdf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 25 Oct 2023 10:21:28 -0700 +Subject: arm64: Restrict CPU_BIG_ENDIAN to GNU as or LLVM IAS 15.x or newer + +From: Nathan Chancellor + +[ Upstream commit 146a15b873353f8ac28dc281c139ff611a3c4848 ] + +Prior to LLVM 15.0.0, LLVM's integrated assembler would incorrectly +byte-swap NOP when compiling for big-endian, and the resulting series of +bytes happened to match the encoding of FNMADD S21, S30, S0, S0. + +This went unnoticed until commit: + + 34f66c4c4d5518c1 ("arm64: Use a positive cpucap for FP/SIMD") + +Prior to that commit, the kernel would always enable the use of FPSIMD +early in boot when __cpu_setup() initialized CPACR_EL1, and so usage of +FNMADD within the kernel was not detected, but could result in the +corruption of user or kernel FPSIMD state. + +After that commit, the instructions happen to trap during boot prior to +FPSIMD being detected and enabled, e.g. + +| Unhandled 64-bit el1h sync exception on CPU0, ESR 0x000000001fe00000 -- ASIMD +| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 +| Hardware name: linux,dummy-virt (DT) +| pstate: 400000c9 (nZcv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) +| pc : __pi_strcmp+0x1c/0x150 +| lr : populate_properties+0xe4/0x254 +| sp : ffffd014173d3ad0 +| x29: ffffd014173d3af0 x28: fffffbfffddffcb8 x27: 0000000000000000 +| x26: 0000000000000058 x25: fffffbfffddfe054 x24: 0000000000000008 +| x23: fffffbfffddfe000 x22: fffffbfffddfe000 x21: fffffbfffddfe044 +| x20: ffffd014173d3b70 x19: 0000000000000001 x18: 0000000000000005 +| x17: 0000000000000010 x16: 0000000000000000 x15: 00000000413e7000 +| x14: 0000000000000000 x13: 0000000000001bcc x12: 0000000000000000 +| x11: 00000000d00dfeed x10: ffffd414193f2cd0 x9 : 0000000000000000 +| x8 : 0101010101010101 x7 : ffffffffffffffc0 x6 : 0000000000000000 +| x5 : 0000000000000000 x4 : 0101010101010101 x3 : 000000000000002a +| x2 : 0000000000000001 x1 : ffffd014171f2988 x0 : fffffbfffddffcb8 +| Kernel panic - not syncing: Unhandled exception +| CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.0-rc3-00013-g34f66c4c4d55 #1 +| Hardware name: linux,dummy-virt (DT) +| Call trace: +| dump_backtrace+0xec/0x108 +| show_stack+0x18/0x2c +| dump_stack_lvl+0x50/0x68 +| dump_stack+0x18/0x24 +| panic+0x13c/0x340 +| el1t_64_irq_handler+0x0/0x1c +| el1_abort+0x0/0x5c +| el1h_64_sync+0x64/0x68 +| __pi_strcmp+0x1c/0x150 +| unflatten_dt_nodes+0x1e8/0x2d8 +| __unflatten_device_tree+0x5c/0x15c +| unflatten_device_tree+0x38/0x50 +| setup_arch+0x164/0x1e0 +| start_kernel+0x64/0x38c +| __primary_switched+0xbc/0xc4 + +Restrict CONFIG_CPU_BIG_ENDIAN to a known good assembler, which is +either GNU as or LLVM's IAS 15.0.0 and newer, which contains the linked +commit. + +Closes: https://github.com/ClangBuiltLinux/linux/issues/1948 +Link: https://github.com/llvm/llvm-project/commit/1379b150991f70a5782e9a143c2ba5308da1161c +Signed-off-by: Nathan Chancellor +Cc: stable@vger.kernel.org +Acked-by: Mark Rutland +Link: https://lore.kernel.org/r/20231025-disable-arm64-be-ias-b4-llvm-15-v1-1-b25263ed8b23@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index 92646f12a66d2..ff8e0db1693e9 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -759,6 +759,8 @@ choice + config CPU_BIG_ENDIAN + bool "Build big-endian kernel" + depends on !LD_IS_LLD || LLD_VERSION >= 130000 ++ # https://github.com/llvm/llvm-project/commit/1379b150991f70a5782e9a143c2ba5308da1161c ++ depends on AS_IS_GNU || AS_VERSION >= 150000 + help + Say Y if you plan on running a kernel with a big-endian userspace. + +-- +2.42.0 + diff --git a/queue-4.19/cpufreq-imx6q-don-t-disable-792-mhz-opp-unnecessaril.patch b/queue-4.19/cpufreq-imx6q-don-t-disable-792-mhz-opp-unnecessaril.patch new file mode 100644 index 00000000000..640467d42e0 --- /dev/null +++ b/queue-4.19/cpufreq-imx6q-don-t-disable-792-mhz-opp-unnecessaril.patch @@ -0,0 +1,49 @@ +From c70addde7e833810346c4564480e65c111f8a851 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 22 Nov 2023 14:41:13 +0100 +Subject: cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily + +From: Christoph Niedermaier + +[ Upstream commit 2e4e0984c7d696cc74cf2fd7e7f62997f0e9ebe6 ] + +For a 900MHz i.MX6ULL CPU the 792MHz OPP is disabled. There is no +convincing reason to disable this OPP. If a CPU can run at 900MHz, +it should also be able to cope with 792MHz. Looking at the voltage +level of 792MHz in [1] (page 24, table 10. "Operating Ranges") the +current defined OPP is above the minimum. So the voltage level +shouldn't be a problem. However in [2] (page 24, table 10. +"Operating Ranges"), it is not mentioned that 792MHz OPP isn't +allowed. Change it to only disable 792MHz OPP for i.MX6ULL types +below 792 MHz. + +[1] https://www.nxp.com/docs/en/data-sheet/IMX6ULLIEC.pdf +[2] https://www.nxp.com/docs/en/data-sheet/IMX6ULLCEC.pdf + +Fixes: 0aa9abd4c212 ("cpufreq: imx6q: check speed grades for i.MX6ULL") +Signed-off-by: Christoph Niedermaier +Reviewed-by: Marek Vasut +Reviewed-by: Fabio Estevam +[ Viresh: Edited subject ] +Signed-off-by: Viresh Kumar +Signed-off-by: Sasha Levin +--- + drivers/cpufreq/imx6q-cpufreq.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/cpufreq/imx6q-cpufreq.c b/drivers/cpufreq/imx6q-cpufreq.c +index 1a4ea82e4c172..b3a392b4c9282 100644 +--- a/drivers/cpufreq/imx6q-cpufreq.c ++++ b/drivers/cpufreq/imx6q-cpufreq.c +@@ -349,7 +349,7 @@ static int imx6ul_opp_check_speed_grading(struct device *dev) + imx6x_disable_freq_in_opp(dev, 696000000); + + if (of_machine_is_compatible("fsl,imx6ull")) { +- if (val != OCOTP_CFG3_6ULL_SPEED_792MHZ) ++ if (val < OCOTP_CFG3_6ULL_SPEED_792MHZ) + imx6x_disable_freq_in_opp(dev, 792000000); + + if (val != OCOTP_CFG3_6ULL_SPEED_900MHZ) +-- +2.42.0 + diff --git a/queue-4.19/cpufreq-imx6q-don-t-warn-for-disabling-a-non-existin.patch b/queue-4.19/cpufreq-imx6q-don-t-warn-for-disabling-a-non-existin.patch new file mode 100644 index 00000000000..17ea6824915 --- /dev/null +++ b/queue-4.19/cpufreq-imx6q-don-t-warn-for-disabling-a-non-existin.patch @@ -0,0 +1,93 @@ +From 376c42aefa34f4ae22cbd4b060250ec91c5e6de3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 12 May 2023 17:07:11 +0200 +Subject: cpufreq: imx6q: don't warn for disabling a non-existing frequency + +From: Christoph Niedermaier + +[ Upstream commit 11a3b0ac33d95aa84be426e801f800997262a225 ] + +It is confusing if a warning is given for disabling a non-existent +frequency of the operating performance points (OPP). In this case +the function dev_pm_opp_disable() returns -ENODEV. Check the return +value and avoid the output of a warning in this case. Avoid code +duplication by using a separate function. + +Signed-off-by: Christoph Niedermaier +[ Viresh : Updated commit subject ] +Signed-off-by: Viresh Kumar +Stable-dep-of: 2e4e0984c7d6 ("cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily") +Signed-off-by: Sasha Levin +--- + drivers/cpufreq/imx6q-cpufreq.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +diff --git a/drivers/cpufreq/imx6q-cpufreq.c b/drivers/cpufreq/imx6q-cpufreq.c +index a0cbbdfc77359..1a4ea82e4c172 100644 +--- a/drivers/cpufreq/imx6q-cpufreq.c ++++ b/drivers/cpufreq/imx6q-cpufreq.c +@@ -240,6 +240,14 @@ static struct cpufreq_driver imx6q_cpufreq_driver = { + .suspend = cpufreq_generic_suspend, + }; + ++static void imx6x_disable_freq_in_opp(struct device *dev, unsigned long freq) ++{ ++ int ret = dev_pm_opp_disable(dev, freq); ++ ++ if (ret < 0 && ret != -ENODEV) ++ dev_warn(dev, "failed to disable %ldMHz OPP\n", freq / 1000000); ++} ++ + #define OCOTP_CFG3 0x440 + #define OCOTP_CFG3_SPEED_SHIFT 16 + #define OCOTP_CFG3_SPEED_1P2GHZ 0x3 +@@ -275,17 +283,15 @@ static void imx6q_opp_check_speed_grading(struct device *dev) + val &= 0x3; + + if (val < OCOTP_CFG3_SPEED_996MHZ) +- if (dev_pm_opp_disable(dev, 996000000)) +- dev_warn(dev, "failed to disable 996MHz OPP\n"); ++ imx6x_disable_freq_in_opp(dev, 996000000); + + if (of_machine_is_compatible("fsl,imx6q") || + of_machine_is_compatible("fsl,imx6qp")) { + if (val != OCOTP_CFG3_SPEED_852MHZ) +- if (dev_pm_opp_disable(dev, 852000000)) +- dev_warn(dev, "failed to disable 852MHz OPP\n"); ++ imx6x_disable_freq_in_opp(dev, 852000000); ++ + if (val != OCOTP_CFG3_SPEED_1P2GHZ) +- if (dev_pm_opp_disable(dev, 1200000000)) +- dev_warn(dev, "failed to disable 1.2GHz OPP\n"); ++ imx6x_disable_freq_in_opp(dev, 1200000000); + } + iounmap(base); + put_node: +@@ -338,20 +344,16 @@ static int imx6ul_opp_check_speed_grading(struct device *dev) + val >>= OCOTP_CFG3_SPEED_SHIFT; + val &= 0x3; + +- if (of_machine_is_compatible("fsl,imx6ul")) { ++ if (of_machine_is_compatible("fsl,imx6ul")) + if (val != OCOTP_CFG3_6UL_SPEED_696MHZ) +- if (dev_pm_opp_disable(dev, 696000000)) +- dev_warn(dev, "failed to disable 696MHz OPP\n"); +- } ++ imx6x_disable_freq_in_opp(dev, 696000000); + + if (of_machine_is_compatible("fsl,imx6ull")) { + if (val != OCOTP_CFG3_6ULL_SPEED_792MHZ) +- if (dev_pm_opp_disable(dev, 792000000)) +- dev_warn(dev, "failed to disable 792MHz OPP\n"); ++ imx6x_disable_freq_in_opp(dev, 792000000); + + if (val != OCOTP_CFG3_6ULL_SPEED_900MHZ) +- if (dev_pm_opp_disable(dev, 900000000)) +- dev_warn(dev, "failed to disable 900MHz OPP\n"); ++ imx6x_disable_freq_in_opp(dev, 900000000); + } + + return ret; +-- +2.42.0 + diff --git a/queue-4.19/ext4-improve-write-performance-with-disabled-delallo.patch b/queue-4.19/ext4-improve-write-performance-with-disabled-delallo.patch new file mode 100644 index 00000000000..046912d8032 --- /dev/null +++ b/queue-4.19/ext4-improve-write-performance-with-disabled-delallo.patch @@ -0,0 +1,47 @@ +From b3e650cf14902f40db91bbe526e2bb107cb65f04 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 May 2022 13:14:02 +0200 +Subject: ext4: improve write performance with disabled delalloc + +From: Jan Kara + +[ Upstream commit 8d5459c11f548131ce48b2fbf45cccc5c382558f ] + +When delayed allocation is disabled (either through mount option or +because we are running low on free space), ext4_write_begin() allocates +blocks with EXT4_GET_BLOCKS_IO_CREATE_EXT flag. With this flag extent +merging is disabled and since ext4_write_begin() is called for each page +separately, we end up with a *lot* of 1 block extents in the extent tree +and following writeback is writing 1 block at a time which results in +very poor write throughput (4 MB/s instead of 200 MB/s). These days when +ext4_get_block_unwritten() is used only by ext4_write_begin(), +ext4_page_mkwrite() and inline data conversion, we can safely allow +extent merging to happen from these paths since following writeback will +happen on different boundaries anyway. So use +EXT4_GET_BLOCKS_CREATE_UNRIT_EXT instead which restores the performance. + +Signed-off-by: Jan Kara +Link: https://lore.kernel.org/r/20220520111402.4252-1-jack@suse.cz +Signed-off-by: Theodore Ts'o +Stable-dep-of: 2cd8bdb5efc1 ("ext4: mark buffer new if it is unwritten to avoid stale data exposure") +Signed-off-by: Sasha Levin +--- + fs/ext4/inode.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 646285fbc9fc0..949c5189c9be8 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -831,7 +831,7 @@ int ext4_get_block_unwritten(struct inode *inode, sector_t iblock, + ext4_debug("ext4_get_block_unwritten: inode %lu, create flag %d\n", + inode->i_ino, create); + return _ext4_get_block(inode, iblock, bh_result, +- EXT4_GET_BLOCKS_IO_CREATE_EXT); ++ EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT); + } + + /* Maximum number of blocks we map for direct IO at once. */ +-- +2.42.0 + diff --git a/queue-4.19/ext4-mark-buffer-new-if-it-is-unwritten-to-avoid-sta.patch b/queue-4.19/ext4-mark-buffer-new-if-it-is-unwritten-to-avoid-sta.patch new file mode 100644 index 00000000000..46c449575ef --- /dev/null +++ b/queue-4.19/ext4-mark-buffer-new-if-it-is-unwritten-to-avoid-sta.patch @@ -0,0 +1,145 @@ +From a69ad8b1ba62474d3923aeef9405f8109784a2a4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Sep 2023 16:15:50 +0530 +Subject: ext4: mark buffer new if it is unwritten to avoid stale data exposure + +From: Ojaswin Mujoo + +[ Upstream commit 2cd8bdb5efc1e0d5b11a4b7ba6b922fd2736a87f ] + +** Short Version ** + +In ext4 with dioread_nolock, we could have a scenario where the bh returned by +get_blocks (ext4_get_block_unwritten()) in __block_write_begin_int() has +UNWRITTEN and MAPPED flag set. Since such a bh does not have NEW flag set we +never zero out the range of bh that is not under write, causing whatever stale +data is present in the folio at that time to be written out to disk. To fix this +mark the buffer as new, in case it is unwritten, in ext4_get_block_unwritten(). + +** Long Version ** + +The issue mentioned above was resulting in two different bugs: + +1. On block size < page size case in ext4, generic/269 was reliably +failing with dioread_nolock. The state of the write was as follows: + + * The write was extending i_size. + * The last block of the file was fallocated and had an unwritten extent + * We were near ENOSPC and hence we were switching to non-delayed alloc + allocation. + +In this case, the back trace that triggers the bug is as follows: + + ext4_da_write_begin() + /* switch to nodelalloc due to low space */ + ext4_write_begin() + ext4_should_dioread_nolock() // true since mount flags still have delalloc + __block_write_begin(..., ext4_get_block_unwritten) + __block_write_begin_int() + for(each buffer head in page) { + /* first iteration, this is bh1 which contains i_size */ + if (!buffer_mapped) + get_block() /* returns bh with only UNWRITTEN and MAPPED */ + /* second iteration, bh2 */ + if (!buffer_mapped) + get_block() /* we fail here, could be ENOSPC */ + } + if (err) + /* + * this would zero out all new buffers and mark them uptodate. + * Since bh1 was never marked new, we skip it here which causes + * the bug later. + */ + folio_zero_new_buffers(); + /* ext4_wrte_begin() error handling */ + ext4_truncate_failed_write() + ext4_truncate() + ext4_block_truncate_page() + __ext4_block_zero_page_range() + if(!buffer_uptodate()) + ext4_read_bh_lock() + ext4_read_bh() -> ... ext4_submit_bh_wbc() + BUG_ON(buffer_unwritten(bh)); /* !!! */ + +2. The second issue is stale data exposure with page size >= blocksize +with dioread_nolock. The conditions needed for it to happen are same as +the previous issue ie dioread_nolock around ENOSPC condition. The issue +is also similar where in __block_write_begin_int() when we call +ext4_get_block_unwritten() on the buffer_head and the underlying extent +is unwritten, we get an unwritten and mapped buffer head. Since it is +not new, we never zero out the partial range which is not under write, +thus writing stale data to disk. This can be easily observed with the +following reproducer: + + fallocate -l 4k testfile + xfs_io -c "pwrite 2k 2k" testfile + # hexdump output will have stale data in from byte 0 to 2k in testfile + hexdump -C testfile + +NOTE: To trigger this, we need dioread_nolock enabled and write happening via +ext4_write_begin(), which is usually used when we have -o nodealloc. Since +dioread_nolock is disabled with nodelalloc, the only alternate way to call +ext4_write_begin() is to ensure that delayed alloc switches to nodelalloc ie +ext4_da_write_begin() calls ext4_write_begin(). This will usually happen when +ext4 is almost full like the way generic/269 was triggering it in Issue 1 above. +This might make the issue harder to hit. Hence, for reliable replication, I used +the below patch to temporarily allow dioread_nolock with nodelalloc and then +mount the disk with -o nodealloc,dioread_nolock. With this you can hit the stale +data issue 100% of times: + +@@ -508,8 +508,8 @@ static inline int ext4_should_dioread_nolock(struct inode *inode) + if (ext4_should_journal_data(inode)) + return 0; + /* temporary fix to prevent generic/422 test failures */ +- if (!test_opt(inode->i_sb, DELALLOC)) +- return 0; ++ // if (!test_opt(inode->i_sb, DELALLOC)) ++ // return 0; + return 1; + } + +After applying this patch to mark buffer as NEW, both the above issues are +fixed. + +Signed-off-by: Ojaswin Mujoo +Cc: stable@kernel.org +Reviewed-by: Jan Kara +Reviewed-by: "Ritesh Harjani (IBM)" +Link: https://lore.kernel.org/r/d0ed09d70a9733fbb5349c5c7b125caac186ecdf.1695033645.git.ojaswin@linux.ibm.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Sasha Levin +--- + fs/ext4/inode.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 949c5189c9be8..d0df0cd3fecff 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -828,10 +828,22 @@ int ext4_get_block(struct inode *inode, sector_t iblock, + int ext4_get_block_unwritten(struct inode *inode, sector_t iblock, + struct buffer_head *bh_result, int create) + { ++ int ret = 0; ++ + ext4_debug("ext4_get_block_unwritten: inode %lu, create flag %d\n", + inode->i_ino, create); +- return _ext4_get_block(inode, iblock, bh_result, ++ ret = _ext4_get_block(inode, iblock, bh_result, + EXT4_GET_BLOCKS_CREATE_UNWRIT_EXT); ++ ++ /* ++ * If the buffer is marked unwritten, mark it as new to make sure it is ++ * zeroed out correctly in case of partial writes. Otherwise, there is ++ * a chance of stale data getting exposed. ++ */ ++ if (ret == 0 && buffer_unwritten(bh_result)) ++ set_buffer_new(bh_result); ++ ++ return ret; + } + + /* Maximum number of blocks we map for direct IO at once. */ +-- +2.42.0 + diff --git a/queue-4.19/fbdev-stifb-make-the-sti-next-font-pointer-a-32-bit-.patch b/queue-4.19/fbdev-stifb-make-the-sti-next-font-pointer-a-32-bit-.patch new file mode 100644 index 00000000000..bbca21e4e19 --- /dev/null +++ b/queue-4.19/fbdev-stifb-make-the-sti-next-font-pointer-a-32-bit-.patch @@ -0,0 +1,39 @@ +From 723b3f62fedf68cd864360af0600897fe11cbded Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 27 Oct 2023 13:36:48 +0200 +Subject: fbdev: stifb: Make the STI next font pointer a 32-bit signed offset + +From: Helge Deller + +[ Upstream commit 8a32aa17c1cd48df1ddaa78e45abcb8c7a2220d6 ] + +The pointer to the next STI font is actually a signed 32-bit +offset. With this change the 64-bit kernel will correctly subract +the (signed 32-bit) offset instead of adding a (unsigned 32-bit) +offset. It has no effect on 32-bit kernels. + +This fixes the stifb driver with a 64-bit kernel on qemu. + +Signed-off-by: Helge Deller +Cc: stable@vger.kernel.org +Signed-off-by: Sasha Levin +--- + drivers/video/fbdev/sticore.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/sticore.h b/drivers/video/fbdev/sticore.h +index fb8f58f9867a7..0416e2bc27d85 100644 +--- a/drivers/video/fbdev/sticore.h ++++ b/drivers/video/fbdev/sticore.h +@@ -237,7 +237,7 @@ struct sti_rom_font { + u8 height; + u8 font_type; /* language type */ + u8 bytes_per_char; +- u32 next_font; ++ s32 next_font; /* note: signed int */ + u8 underline_height; + u8 underline_pos; + u8 res008[2]; +-- +2.42.0 + diff --git a/queue-4.19/ima-annotate-iint-mutex-to-avoid-lockdep-false-posit.patch b/queue-4.19/ima-annotate-iint-mutex-to-avoid-lockdep-false-posit.patch new file mode 100644 index 00000000000..3cf88da9f19 --- /dev/null +++ b/queue-4.19/ima-annotate-iint-mutex-to-avoid-lockdep-false-posit.patch @@ -0,0 +1,117 @@ +From 4abc4f6160ad799975fa64b14e1cb78e25e375fd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Oct 2023 14:15:58 +0300 +Subject: ima: annotate iint mutex to avoid lockdep false positive warnings + +From: Amir Goldstein + +[ Upstream commit e044374a8a0a99e46f4e6d6751d3042b6d9cc12e ] + +It is not clear that IMA should be nested at all, but as long is it +measures files both on overlayfs and on underlying fs, we need to +annotate the iint mutex to avoid lockdep false positives related to +IMA + overlayfs, same as overlayfs annotates the inode mutex. + +Reported-and-tested-by: syzbot+b42fe626038981fb7bfa@syzkaller.appspotmail.com +Signed-off-by: Amir Goldstein +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Sasha Levin +--- + security/integrity/iint.c | 48 ++++++++++++++++++++++++++++++--------- + 1 file changed, 37 insertions(+), 11 deletions(-) + +diff --git a/security/integrity/iint.c b/security/integrity/iint.c +index d5b9253ebd12b..7c751c23e7e63 100644 +--- a/security/integrity/iint.c ++++ b/security/integrity/iint.c +@@ -69,9 +69,32 @@ struct integrity_iint_cache *integrity_iint_find(struct inode *inode) + return iint; + } + +-static void iint_free(struct integrity_iint_cache *iint) ++#define IMA_MAX_NESTING (FILESYSTEM_MAX_STACK_DEPTH+1) ++ ++/* ++ * It is not clear that IMA should be nested at all, but as long is it measures ++ * files both on overlayfs and on underlying fs, we need to annotate the iint ++ * mutex to avoid lockdep false positives related to IMA + overlayfs. ++ * See ovl_lockdep_annotate_inode_mutex_key() for more details. ++ */ ++static inline void iint_lockdep_annotate(struct integrity_iint_cache *iint, ++ struct inode *inode) ++{ ++#ifdef CONFIG_LOCKDEP ++ static struct lock_class_key iint_mutex_key[IMA_MAX_NESTING]; ++ ++ int depth = inode->i_sb->s_stack_depth; ++ ++ if (WARN_ON_ONCE(depth < 0 || depth >= IMA_MAX_NESTING)) ++ depth = 0; ++ ++ lockdep_set_class(&iint->mutex, &iint_mutex_key[depth]); ++#endif ++} ++ ++static void iint_init_always(struct integrity_iint_cache *iint, ++ struct inode *inode) + { +- kfree(iint->ima_hash); + iint->ima_hash = NULL; + iint->version = 0; + iint->flags = 0UL; +@@ -83,6 +106,14 @@ static void iint_free(struct integrity_iint_cache *iint) + iint->ima_creds_status = INTEGRITY_UNKNOWN; + iint->evm_status = INTEGRITY_UNKNOWN; + iint->measured_pcrs = 0; ++ mutex_init(&iint->mutex); ++ iint_lockdep_annotate(iint, inode); ++} ++ ++static void iint_free(struct integrity_iint_cache *iint) ++{ ++ kfree(iint->ima_hash); ++ mutex_destroy(&iint->mutex); + kmem_cache_free(iint_cache, iint); + } + +@@ -107,6 +138,8 @@ struct integrity_iint_cache *integrity_inode_get(struct inode *inode) + if (!iint) + return NULL; + ++ iint_init_always(iint, inode); ++ + write_lock(&integrity_iint_lock); + + p = &integrity_iint_tree.rb_node; +@@ -156,25 +189,18 @@ void integrity_inode_free(struct inode *inode) + iint_free(iint); + } + +-static void init_once(void *foo) ++static void iint_init_once(void *foo) + { + struct integrity_iint_cache *iint = foo; + + memset(iint, 0, sizeof(*iint)); +- iint->ima_file_status = INTEGRITY_UNKNOWN; +- iint->ima_mmap_status = INTEGRITY_UNKNOWN; +- iint->ima_bprm_status = INTEGRITY_UNKNOWN; +- iint->ima_read_status = INTEGRITY_UNKNOWN; +- iint->ima_creds_status = INTEGRITY_UNKNOWN; +- iint->evm_status = INTEGRITY_UNKNOWN; +- mutex_init(&iint->mutex); + } + + static int __init integrity_iintcache_init(void) + { + iint_cache = + kmem_cache_create("iint_cache", sizeof(struct integrity_iint_cache), +- 0, SLAB_PANIC, init_once); ++ 0, SLAB_PANIC, iint_init_once); + return 0; + } + security_initcall(integrity_iintcache_init); +-- +2.42.0 + diff --git a/queue-4.19/ima-detect-changes-to-the-backing-overlay-file.patch b/queue-4.19/ima-detect-changes-to-the-backing-overlay-file.patch new file mode 100644 index 00000000000..921f67686d1 --- /dev/null +++ b/queue-4.19/ima-detect-changes-to-the-backing-overlay-file.patch @@ -0,0 +1,110 @@ +From 5e7f43bc3e5fe45a14cc65bb7571350d1bccf563 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 18 Oct 2023 14:47:02 -0400 +Subject: ima: detect changes to the backing overlay file + +From: Mimi Zohar + +[ Upstream commit b836c4d29f2744200b2af41e14bf50758dddc818 ] + +Commit 18b44bc5a672 ("ovl: Always reevaluate the file signature for +IMA") forced signature re-evaulation on every file access. + +Instead of always re-evaluating the file's integrity, detect a change +to the backing file, by comparing the cached file metadata with the +backing file's metadata. Verifying just the i_version has not changed +is insufficient. In addition save and compare the i_ino and s_dev +as well. + +Reviewed-by: Amir Goldstein +Tested-by: Eric Snowberg +Tested-by: Raul E Rangel +Cc: stable@vger.kernel.org +Signed-off-by: Mimi Zohar +Signed-off-by: Sasha Levin +--- + security/integrity/ima/ima_api.c | 5 +++++ + security/integrity/ima/ima_main.c | 16 +++++++++++++++- + security/integrity/integrity.h | 2 ++ + 3 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c +index a02c5acfd403b..377a6f7cd3c76 100644 +--- a/security/integrity/ima/ima_api.c ++++ b/security/integrity/ima/ima_api.c +@@ -201,6 +201,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, + { + const char *audit_cause = "failed"; + struct inode *inode = file_inode(file); ++ struct inode *real_inode = d_real_inode(file_dentry(file)); + const char *filename = file->f_path.dentry->d_name.name; + int result = 0; + int length; +@@ -243,6 +244,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, + iint->ima_hash = tmpbuf; + memcpy(iint->ima_hash, &hash, length); + iint->version = i_version; ++ if (real_inode != inode) { ++ iint->real_ino = real_inode->i_ino; ++ iint->real_dev = real_inode->i_sb->s_dev; ++ } + + /* Possibly temporary failure due to type of read (eg. O_DIRECT) */ + if (!result) +diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c +index c85aab3bd398b..d9a33d433b9fa 100644 +--- a/security/integrity/ima/ima_main.c ++++ b/security/integrity/ima/ima_main.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + + #include "ima.h" + +@@ -170,7 +171,7 @@ static int process_measurement(struct file *file, const struct cred *cred, + u32 secid, char *buf, loff_t size, int mask, + enum ima_hooks func) + { +- struct inode *inode = file_inode(file); ++ struct inode *backing_inode, *inode = file_inode(file); + struct integrity_iint_cache *iint = NULL; + struct ima_template_desc *template_desc; + char *pathbuf = NULL; +@@ -242,6 +243,19 @@ static int process_measurement(struct file *file, const struct cred *cred, + iint->measured_pcrs = 0; + } + ++ /* Detect and re-evaluate changes made to the backing file. */ ++ backing_inode = d_real_inode(file_dentry(file)); ++ if (backing_inode != inode && ++ (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { ++ if (!IS_I_VERSION(backing_inode) || ++ backing_inode->i_sb->s_dev != iint->real_dev || ++ backing_inode->i_ino != iint->real_ino || ++ !inode_eq_iversion(backing_inode, iint->version)) { ++ iint->flags &= ~IMA_DONE_MASK; ++ iint->measured_pcrs = 0; ++ } ++ } ++ + /* Determine if already appraised/measured based on bitmask + * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED, + * IMA_AUDIT, IMA_AUDITED) +diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h +index e60473b13a8d2..b0264ba45ddd1 100644 +--- a/security/integrity/integrity.h ++++ b/security/integrity/integrity.h +@@ -122,6 +122,8 @@ struct integrity_iint_cache { + unsigned long flags; + unsigned long measured_pcrs; + unsigned long atomic_flags; ++ unsigned long real_ino; ++ dev_t real_dev; + enum integrity_status ima_file_status:4; + enum integrity_status ima_mmap_status:4; + enum integrity_status ima_bprm_status:4; +-- +2.42.0 + diff --git a/queue-4.19/ipv4-igmp-fix-refcnt-uaf-issue-when-receiving-igmp-q.patch b/queue-4.19/ipv4-igmp-fix-refcnt-uaf-issue-when-receiving-igmp-q.patch new file mode 100644 index 00000000000..18c5be82cf5 --- /dev/null +++ b/queue-4.19/ipv4-igmp-fix-refcnt-uaf-issue-when-receiving-igmp-q.patch @@ -0,0 +1,114 @@ +From a97a849aeb9e971e60818c1bca76a42892b8f043 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 23 Nov 2023 15:13:14 +0800 +Subject: ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet + +From: Zhengchao Shao + +[ Upstream commit e2b706c691905fe78468c361aaabc719d0a496f1 ] + +When I perform the following test operations: +1.ip link add br0 type bridge +2.brctl addif br0 eth0 +3.ip addr add 239.0.0.1/32 dev eth0 +4.ip addr add 239.0.0.1/32 dev br0 +5.ip addr add 224.0.0.1/32 dev br0 +6.while ((1)) + do + ifconfig br0 up + ifconfig br0 down + done +7.send IGMPv2 query packets to port eth0 continuously. For example, +./mausezahn ethX -c 0 "01 00 5e 00 00 01 00 72 19 88 aa 02 08 00 45 00 00 +1c 00 01 00 00 01 02 0e 7f c0 a8 0a b7 e0 00 00 01 11 64 ee 9b 00 00 00 00" + +The preceding tests may trigger the refcnt uaf issue of the mc list. The +stack is as follows: + refcount_t: addition on 0; use-after-free. + WARNING: CPU: 21 PID: 144 at lib/refcount.c:25 refcount_warn_saturate (lib/refcount.c:25) + CPU: 21 PID: 144 Comm: ksoftirqd/21 Kdump: loaded Not tainted 6.7.0-rc1-next-20231117-dirty #80 + Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 + RIP: 0010:refcount_warn_saturate (lib/refcount.c:25) + RSP: 0018:ffffb68f00657910 EFLAGS: 00010286 + RAX: 0000000000000000 RBX: ffff8a00c3bf96c0 RCX: ffff8a07b6160908 + RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff8a07b6160900 + RBP: ffff8a00cba36862 R08: 0000000000000000 R09: 00000000ffff7fff + R10: ffffb68f006577c0 R11: ffffffffb0fdcdc8 R12: ffff8a00c3bf9680 + R13: ffff8a00c3bf96f0 R14: 0000000000000000 R15: ffff8a00d8766e00 + FS: 0000000000000000(0000) GS:ffff8a07b6140000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 000055f10b520b28 CR3: 000000039741a000 CR4: 00000000000006f0 + Call Trace: + + igmp_heard_query (net/ipv4/igmp.c:1068) + igmp_rcv (net/ipv4/igmp.c:1132) + ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205) + ip_local_deliver_finish (net/ipv4/ip_input.c:234) + __netif_receive_skb_one_core (net/core/dev.c:5529) + netif_receive_skb_internal (net/core/dev.c:5729) + netif_receive_skb (net/core/dev.c:5788) + br_handle_frame_finish (net/bridge/br_input.c:216) + nf_hook_bridge_pre (net/bridge/br_input.c:294) + __netif_receive_skb_core (net/core/dev.c:5423) + __netif_receive_skb_list_core (net/core/dev.c:5606) + __netif_receive_skb_list (net/core/dev.c:5674) + netif_receive_skb_list_internal (net/core/dev.c:5764) + napi_gro_receive (net/core/gro.c:609) + e1000_clean_rx_irq (drivers/net/ethernet/intel/e1000/e1000_main.c:4467) + e1000_clean (drivers/net/ethernet/intel/e1000/e1000_main.c:3805) + __napi_poll (net/core/dev.c:6533) + net_rx_action (net/core/dev.c:6735) + __do_softirq (kernel/softirq.c:554) + run_ksoftirqd (kernel/softirq.c:913) + smpboot_thread_fn (kernel/smpboot.c:164) + kthread (kernel/kthread.c:388) + ret_from_fork (arch/x86/kernel/process.c:153) + ret_from_fork_asm (arch/x86/entry/entry_64.S:250) + + +The root causes are as follows: +Thread A Thread B +... netif_receive_skb +br_dev_stop ... + br_multicast_leave_snoopers ... + __ip_mc_dec_group ... + __igmp_group_dropped igmp_rcv + igmp_stop_timer igmp_heard_query //ref = 1 + ip_ma_put igmp_mod_timer + refcount_dec_and_test igmp_start_timer //ref = 0 + ... refcount_inc //ref increases from 0 +When the device receives an IGMPv2 Query message, it starts the timer +immediately, regardless of whether the device is running. If the device is +down and has left the multicast group, it will cause the mc list refcount +uaf issue. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Zhengchao Shao +Reviewed-by: Eric Dumazet +Reviewed-by: Hangbin Liu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/ipv4/igmp.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c +index 7d82818b711ea..5edf426fa4143 100644 +--- a/net/ipv4/igmp.c ++++ b/net/ipv4/igmp.c +@@ -221,8 +221,10 @@ static void igmp_start_timer(struct ip_mc_list *im, int max_delay) + int tv = prandom_u32() % max_delay; + + im->tm_running = 1; +- if (!mod_timer(&im->timer, jiffies+tv+2)) +- refcount_inc(&im->refcnt); ++ if (refcount_inc_not_zero(&im->refcnt)) { ++ if (mod_timer(&im->timer, jiffies + tv + 2)) ++ ip_ma_put(im); ++ } + } + + static void igmp_gq_start_timer(struct in_device *in_dev) +-- +2.42.0 + diff --git a/queue-4.19/mtd-cfi_cmdset_0001-byte-swap-otp-info.patch b/queue-4.19/mtd-cfi_cmdset_0001-byte-swap-otp-info.patch new file mode 100644 index 00000000000..631a2def0f1 --- /dev/null +++ b/queue-4.19/mtd-cfi_cmdset_0001-byte-swap-otp-info.patch @@ -0,0 +1,80 @@ +From 680fbd38de7d070e57067f270cf47f810334008e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 20 Oct 2023 22:30:29 +0200 +Subject: mtd: cfi_cmdset_0001: Byte swap OTP info + +From: Linus Walleij + +[ Upstream commit 565fe150624ee77dc63a735cc1b3bff5101f38a3 ] + +Currently the offset into the device when looking for OTP +bits can go outside of the address of the MTD NOR devices, +and if that memory isn't readable, bad things happen +on the IXP4xx (added prints that illustrate the problem before +the crash): + +cfi_intelext_otp_walk walk OTP on chip 0 start at reg_prot_offset 0x00000100 +ixp4xx_copy_from copy from 0x00000100 to 0xc880dd78 +cfi_intelext_otp_walk walk OTP on chip 0 start at reg_prot_offset 0x12000000 +ixp4xx_copy_from copy from 0x12000000 to 0xc880dd78 +8<--- cut here --- +Unable to handle kernel paging request at virtual address db000000 +[db000000] *pgd=00000000 +(...) + +This happens in this case because the IXP4xx is big endian and +the 32- and 16-bit fields in the struct cfi_intelext_otpinfo are not +properly byteswapped. Compare to how the code in read_pri_intelext() +byteswaps the fields in struct cfi_pri_intelext. + +Adding a small byte swapping loop for the OTP in read_pri_intelext() +and the crash goes away. + +The problem went unnoticed for many years until I enabled +CONFIG_MTD_OTP on the IXP4xx as well, triggering the bug. + +Cc: stable@vger.kernel.org +Reviewed-by: Nicolas Pitre +Signed-off-by: Linus Walleij +Signed-off-by: Miquel Raynal +Link: https://lore.kernel.org/linux-mtd/20231020-mtd-otp-byteswap-v4-1-0d132c06aa9d@linaro.org +Signed-off-by: Sasha Levin +--- + drivers/mtd/chips/cfi_cmdset_0001.c | 20 ++++++++++++++++++-- + 1 file changed, 18 insertions(+), 2 deletions(-) + +diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c +index e5cf4911a714a..3bd812435f1b9 100644 +--- a/drivers/mtd/chips/cfi_cmdset_0001.c ++++ b/drivers/mtd/chips/cfi_cmdset_0001.c +@@ -420,9 +420,25 @@ read_pri_intelext(struct map_info *map, __u16 adr) + extra_size = 0; + + /* Protection Register info */ +- if (extp->NumProtectionFields) ++ if (extp->NumProtectionFields) { ++ struct cfi_intelext_otpinfo *otp = ++ (struct cfi_intelext_otpinfo *)&extp->extra[0]; ++ + extra_size += (extp->NumProtectionFields - 1) * +- sizeof(struct cfi_intelext_otpinfo); ++ sizeof(struct cfi_intelext_otpinfo); ++ ++ if (extp_size >= sizeof(*extp) + extra_size) { ++ int i; ++ ++ /* Do some byteswapping if necessary */ ++ for (i = 0; i < extp->NumProtectionFields - 1; i++) { ++ otp->ProtRegAddr = le32_to_cpu(otp->ProtRegAddr); ++ otp->FactGroups = le16_to_cpu(otp->FactGroups); ++ otp->UserGroups = le16_to_cpu(otp->UserGroups); ++ otp++; ++ } ++ } ++ } + } + + if (extp->MinorVersion >= '1') { +-- +2.42.0 + diff --git a/queue-4.19/mtd-cfi_cmdset_0001-support-the-absence-of-protectio.patch b/queue-4.19/mtd-cfi_cmdset_0001-support-the-absence-of-protectio.patch new file mode 100644 index 00000000000..f222f9969b9 --- /dev/null +++ b/queue-4.19/mtd-cfi_cmdset_0001-support-the-absence-of-protectio.patch @@ -0,0 +1,80 @@ +From c79afde28327ed794191942f9407e078fba167d1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 17 Apr 2020 16:23:26 +0200 +Subject: mtd: cfi_cmdset_0001: Support the absence of protection registers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jean-Philippe Brucker + +[ Upstream commit b359ed5184aebf9d987e54abc5dae7ac03ed29ae ] + +The flash controller implemented by the Arm Base platform behaves like +the Intel StrataFlash J3 device, but omits several features. In +particular it doesn't implement a protection register, so "Number of +Protection register fields" in the Primary Vendor-Specific Extended +Query, is 0. + +The Intel StrataFlash J3 datasheet only lists 1 as a valid value for +NumProtectionFields. It describes the field as: + + "Number of Protection register fields in JEDEC ID space. + “00h,” indicates that 256 protection bytes are available" + +While a value of 0 may arguably not be architecturally valid, the +driver's current behavior is certainly wrong: if NumProtectionFields is +0, read_pri_intelext() adds a negative value to the unsigned extra_size, +and ends up in an infinite loop. + +Fix it by ignoring a NumProtectionFields of 0. + +Signed-off-by: Jean-Philippe Brucker +Tested-by: Sudeep Holla +Tested-by: Catalin Marinas +Signed-off-by: Vignesh Raghavendra +Stable-dep-of: 565fe150624e ("mtd: cfi_cmdset_0001: Byte swap OTP info") +Signed-off-by: Sasha Levin +--- + drivers/mtd/chips/cfi_cmdset_0001.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/drivers/mtd/chips/cfi_cmdset_0001.c b/drivers/mtd/chips/cfi_cmdset_0001.c +index 6e8e7b1bb34b6..e5cf4911a714a 100644 +--- a/drivers/mtd/chips/cfi_cmdset_0001.c ++++ b/drivers/mtd/chips/cfi_cmdset_0001.c +@@ -420,8 +420,9 @@ read_pri_intelext(struct map_info *map, __u16 adr) + extra_size = 0; + + /* Protection Register info */ +- extra_size += (extp->NumProtectionFields - 1) * +- sizeof(struct cfi_intelext_otpinfo); ++ if (extp->NumProtectionFields) ++ extra_size += (extp->NumProtectionFields - 1) * ++ sizeof(struct cfi_intelext_otpinfo); + } + + if (extp->MinorVersion >= '1') { +@@ -695,14 +696,16 @@ static int cfi_intelext_partition_fixup(struct mtd_info *mtd, + */ + if (extp && extp->MajorVersion == '1' && extp->MinorVersion >= '3' + && extp->FeatureSupport & (1 << 9)) { ++ int offs = 0; + struct cfi_private *newcfi; + struct flchip *chip; + struct flchip_shared *shared; +- int offs, numregions, numparts, partshift, numvirtchips, i, j; ++ int numregions, numparts, partshift, numvirtchips, i, j; + + /* Protection Register info */ +- offs = (extp->NumProtectionFields - 1) * +- sizeof(struct cfi_intelext_otpinfo); ++ if (extp->NumProtectionFields) ++ offs = (extp->NumProtectionFields - 1) * ++ sizeof(struct cfi_intelext_otpinfo); + + /* Burst Read info */ + offs += extp->extra[offs+1]+2; +-- +2.42.0 + diff --git a/queue-4.19/net-ravb-start-tx-queues-after-hw-initialization-suc.patch b/queue-4.19/net-ravb-start-tx-queues-after-hw-initialization-suc.patch new file mode 100644 index 00000000000..d3810414a86 --- /dev/null +++ b/queue-4.19/net-ravb-start-tx-queues-after-hw-initialization-suc.patch @@ -0,0 +1,46 @@ +From e786852497904c9392a31e6da1ade71b45c3808e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 28 Nov 2023 10:04:37 +0200 +Subject: net: ravb: Start TX queues after HW initialization succeeded + +From: Claudiu Beznea + +[ Upstream commit 6f32c086602050fc11157adeafaa1c1eb393f0af ] + +ravb_phy_start() may fail. If that happens, the TX queues will remain +started. Thus, move the netif_tx_start_all_queues() after PHY is +successfully initialized. + +Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper") +Reviewed-by: Sergey Shtylyov +Signed-off-by: Claudiu Beznea +Reviewed-by: Kalesh AP +Signed-off-by: Paolo Abeni +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/renesas/ravb_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c +index e3eedb3e72156..d70c82c926ea1 100644 +--- a/drivers/net/ethernet/renesas/ravb_main.c ++++ b/drivers/net/ethernet/renesas/ravb_main.c +@@ -1392,13 +1392,13 @@ static int ravb_open(struct net_device *ndev) + if (priv->chip_id == RCAR_GEN2) + ravb_ptp_init(ndev, priv->pdev); + +- netif_tx_start_all_queues(ndev); +- + /* PHY control start */ + error = ravb_phy_start(ndev); + if (error) + goto out_ptp_stop; + ++ netif_tx_start_all_queues(ndev); ++ + return 0; + + out_ptp_stop: +-- +2.42.0 + diff --git a/queue-4.19/ovl-skip-overlayfs-superblocks-at-global-sync.patch b/queue-4.19/ovl-skip-overlayfs-superblocks-at-global-sync.patch new file mode 100644 index 00000000000..0482d60d5bd --- /dev/null +++ b/queue-4.19/ovl-skip-overlayfs-superblocks-at-global-sync.patch @@ -0,0 +1,84 @@ +From 2292fe0b4e6e95d1a7b2db2d0e442fcca2e7cda0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Apr 2020 11:29:47 +0300 +Subject: ovl: skip overlayfs superblocks at global sync + +From: Konstantin Khlebnikov + +[ Upstream commit 32b1924b210a70dcacdf65abd687c5ef86a67541 ] + +Stacked filesystems like overlayfs has no own writeback, but they have to +forward syncfs() requests to backend for keeping data integrity. + +During global sync() each overlayfs instance calls method ->sync_fs() for +backend although it itself is in global list of superblocks too. As a +result one syscall sync() could write one superblock several times and send +multiple disk barriers. + +This patch adds flag SB_I_SKIP_SYNC into sb->sb_iflags to avoid that. + +Reported-by: Dmitry Monakhov +Signed-off-by: Konstantin Khlebnikov +Reviewed-by: Amir Goldstein +Signed-off-by: Miklos Szeredi +Stable-dep-of: b836c4d29f27 ("ima: detect changes to the backing overlay file") +Signed-off-by: Sasha Levin +--- + fs/overlayfs/super.c | 5 +++-- + fs/sync.c | 3 ++- + include/linux/fs.h | 2 ++ + 3 files changed, 7 insertions(+), 3 deletions(-) + +diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c +index 1a7a1e2988855..1c1eb873e6ecc 100644 +--- a/fs/overlayfs/super.c ++++ b/fs/overlayfs/super.c +@@ -268,8 +268,8 @@ static int ovl_sync_fs(struct super_block *sb, int wait) + return 0; + + /* +- * If this is a sync(2) call or an emergency sync, all the super blocks +- * will be iterated, including upper_sb, so no need to do anything. ++ * Not called for sync(2) call or an emergency sync (SB_I_SKIP_SYNC). ++ * All the super blocks will be iterated, including upper_sb. + * + * If this is a syncfs(2) call, then we do need to call + * sync_filesystem() on upper_sb, but enough if we do it when being +@@ -1664,6 +1664,7 @@ static int ovl_fill_super(struct super_block *sb, void *data, int silent) + sb->s_xattr = ovl_xattr_handlers; + sb->s_fs_info = ofs; + sb->s_flags |= SB_POSIXACL; ++ sb->s_iflags |= SB_I_SKIP_SYNC; + + err = -ENOMEM; + root_dentry = d_make_root(ovl_new_inode(sb, S_IFDIR, 0)); +diff --git a/fs/sync.c b/fs/sync.c +index b54e0541ad899..917ebd12c2515 100644 +--- a/fs/sync.c ++++ b/fs/sync.c +@@ -76,7 +76,8 @@ static void sync_inodes_one_sb(struct super_block *sb, void *arg) + + static void sync_fs_one_sb(struct super_block *sb, void *arg) + { +- if (!sb_rdonly(sb) && sb->s_op->sync_fs) ++ if (!sb_rdonly(sb) && !(sb->s_iflags & SB_I_SKIP_SYNC) && ++ sb->s_op->sync_fs) + sb->s_op->sync_fs(sb, *(int *)arg); + } + +diff --git a/include/linux/fs.h b/include/linux/fs.h +index 95b8ef09b76cf..f89748aac8c32 100644 +--- a/include/linux/fs.h ++++ b/include/linux/fs.h +@@ -1351,6 +1351,8 @@ extern int send_sigurg(struct fown_struct *fown); + #define SB_I_IMA_UNVERIFIABLE_SIGNATURE 0x00000020 + #define SB_I_UNTRUSTED_MOUNTER 0x00000040 + ++#define SB_I_SKIP_SYNC 0x00000100 /* Skip superblock at global sync */ ++ + /* Possible states of 'frozen' field */ + enum { + SB_UNFROZEN = 0, /* FS is unfrozen */ +-- +2.42.0 + diff --git a/queue-4.19/pci-aspm-add-l1-pm-substate-support-to-pci_disable_l.patch b/queue-4.19/pci-aspm-add-l1-pm-substate-support-to-pci_disable_l.patch new file mode 100644 index 00000000000..1d90240757a --- /dev/null +++ b/queue-4.19/pci-aspm-add-l1-pm-substate-support-to-pci_disable_l.patch @@ -0,0 +1,68 @@ +From e5711ab0ab6a25b276dc09f14da5331a48bf45be Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 5 Oct 2019 14:04:36 +0200 +Subject: PCI/ASPM: Add L1 PM substate support to pci_disable_link_state() + +From: Heiner Kallweit + +[ Upstream commit aff5d0552da4055da3faa27ee4252e48bb1f5821 ] + +Add support for disabling states L1.1 and L1.2 to pci_disable_link_state(). +Allow separate control of ASPM and PCI PM L1 substates. + +Link: https://lore.kernel.org/r/d81f8036-c236-6463-48e7-ebcdcda85bba@gmail.com +Signed-off-by: Heiner Kallweit +Signed-off-by: Bjorn Helgaas +Stable-dep-of: 3cb4f534bac0 ("Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables L1"") +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 11 ++++++++++- + include/linux/pci.h | 10 +++++++--- + 2 files changed, 17 insertions(+), 4 deletions(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 1f9e89c2c10d3..8f934c88dcd76 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -1110,7 +1110,16 @@ static int __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + if (state & PCIE_LINK_STATE_L0S) + link->aspm_disable |= ASPM_STATE_L0S; + if (state & PCIE_LINK_STATE_L1) +- link->aspm_disable |= ASPM_STATE_L1; ++ /* L1 PM substates require L1 */ ++ link->aspm_disable |= ASPM_STATE_L1 | ASPM_STATE_L1SS; ++ if (state & PCIE_LINK_STATE_L1_1) ++ link->aspm_disable |= ASPM_STATE_L1_1; ++ if (state & PCIE_LINK_STATE_L1_2) ++ link->aspm_disable |= ASPM_STATE_L1_2; ++ if (state & PCIE_LINK_STATE_L1_1_PCIPM) ++ link->aspm_disable |= ASPM_STATE_L1_1_PCIPM; ++ if (state & PCIE_LINK_STATE_L1_2_PCIPM) ++ link->aspm_disable |= ASPM_STATE_L1_2_PCIPM; + pcie_config_aspm_link(link, policy_to_aspm_state(link)); + + if (state & PCIE_LINK_STATE_CLKPM) +diff --git a/include/linux/pci.h b/include/linux/pci.h +index f8036acf2c12b..5e21876341c62 100644 +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -1496,9 +1496,13 @@ extern bool pcie_ports_native; + #define pcie_ports_native false + #endif + +-#define PCIE_LINK_STATE_L0S 1 +-#define PCIE_LINK_STATE_L1 2 +-#define PCIE_LINK_STATE_CLKPM 4 ++#define PCIE_LINK_STATE_L0S BIT(0) ++#define PCIE_LINK_STATE_L1 BIT(1) ++#define PCIE_LINK_STATE_CLKPM BIT(2) ++#define PCIE_LINK_STATE_L1_1 BIT(3) ++#define PCIE_LINK_STATE_L1_2 BIT(4) ++#define PCIE_LINK_STATE_L1_1_PCIPM BIT(5) ++#define PCIE_LINK_STATE_L1_2_PCIPM BIT(6) + + #ifdef CONFIG_PCIEASPM + int pci_disable_link_state(struct pci_dev *pdev, int state); +-- +2.42.0 + diff --git a/queue-4.19/pci-aspm-disable-only-aspm_state_l1-when-driver-disa.patch b/queue-4.19/pci-aspm-disable-only-aspm_state_l1-when-driver-disa.patch new file mode 100644 index 00000000000..8b9b35dbaed --- /dev/null +++ b/queue-4.19/pci-aspm-disable-only-aspm_state_l1-when-driver-disa.patch @@ -0,0 +1,47 @@ +From c3e6db03cceefe02c5be01bc581b545d5d5d0121 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 May 2023 16:42:57 +0530 +Subject: PCI/ASPM: Disable only ASPM_STATE_L1 when driver disables L1 + +From: Ajay Agarwal + +[ Upstream commit fb097dcd5a28c0a2325632405c76a66777a6bed9 ] + +Previously pci_disable_link_state(PCIE_LINK_STATE_L1) disabled L1SS as well +as L1. This is unnecessary since pcie_config_aspm_link() takes care that +L1SS is not enabled if L1 is disabled. + +Disable only ASPM_STATE_L1 when the caller disables L1. No functional +changes intended. + +This is consistent with aspm_attr_store_common(), which disables only L1, +not L1SS, when L1 is disabled via the sysfs "l1_aspm" file. + +[bhelgaas: commit log] +Link: https://lore.kernel.org/r/20230504111301.229358-2-ajayagarwal@google.com +Signed-off-by: Ajay Agarwal +Signed-off-by: Bjorn Helgaas +Reviewed-by: Kuppuswamy Sathyanarayanan +Stable-dep-of: 3cb4f534bac0 ("Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables L1"") +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 8f934c88dcd76..8db6a9084a12a 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -1110,8 +1110,7 @@ static int __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + if (state & PCIE_LINK_STATE_L0S) + link->aspm_disable |= ASPM_STATE_L0S; + if (state & PCIE_LINK_STATE_L1) +- /* L1 PM substates require L1 */ +- link->aspm_disable |= ASPM_STATE_L1 | ASPM_STATE_L1SS; ++ link->aspm_disable |= ASPM_STATE_L1; + if (state & PCIE_LINK_STATE_L1_1) + link->aspm_disable |= ASPM_STATE_L1_1; + if (state & PCIE_LINK_STATE_L1_2) +-- +2.42.0 + diff --git a/queue-4.19/pci-let-pci_disable_link_state-propagate-errors.patch b/queue-4.19/pci-let-pci_disable_link_state-propagate-errors.patch new file mode 100644 index 00000000000..2259964f118 --- /dev/null +++ b/queue-4.19/pci-let-pci_disable_link_state-propagate-errors.patch @@ -0,0 +1,118 @@ +From 568b1487084809a7257e371ca4ede0b79eb55794 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 18 Jun 2019 23:13:48 +0200 +Subject: PCI: let pci_disable_link_state propagate errors + +From: Heiner Kallweit + +[ Upstream commit 4cfd218855923a07dc02a5bec3d3bb37a118ebc2 ] + +Drivers may rely on pci_disable_link_state() having disabled certain +ASPM link states. If OS can't control ASPM then pci_disable_link_state() +turns into a no-op w/o informing the caller. The driver therefore may +falsely assume the respective ASPM link states are disabled. +Let pci_disable_link_state() propagate errors to the caller, enabling +the caller to react accordingly. + +Signed-off-by: Heiner Kallweit +Acked-by: Bjorn Helgaas +Signed-off-by: David S. Miller +Stable-dep-of: 3cb4f534bac0 ("Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables L1"") +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 20 +++++++++++--------- + include/linux/pci-aspm.h | 7 ++++--- + 2 files changed, 15 insertions(+), 12 deletions(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 118c91586798d..f2b5f3a8535e5 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -1078,18 +1078,18 @@ void pcie_aspm_powersave_config_link(struct pci_dev *pdev) + up_read(&pci_bus_sem); + } + +-static void __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) ++static int __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + { + struct pci_dev *parent = pdev->bus->self; + struct pcie_link_state *link; + + if (!pci_is_pcie(pdev)) +- return; ++ return 0; + + if (pdev->has_secondary_link) + parent = pdev; + if (!parent || !parent->link_state) +- return; ++ return -EINVAL; + + /* + * A driver requested that ASPM be disabled on this device, but +@@ -1101,7 +1101,7 @@ static void __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + */ + if (aspm_disabled) { + pci_warn(pdev, "can't disable ASPM; OS doesn't have ASPM control\n"); +- return; ++ return -EPERM; + } + + if (sem) +@@ -1120,11 +1120,13 @@ static void __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + mutex_unlock(&aspm_lock); + if (sem) + up_read(&pci_bus_sem); ++ ++ return 0; + } + +-void pci_disable_link_state_locked(struct pci_dev *pdev, int state) ++int pci_disable_link_state_locked(struct pci_dev *pdev, int state) + { +- __pci_disable_link_state(pdev, state, false); ++ return __pci_disable_link_state(pdev, state, false); + } + EXPORT_SYMBOL(pci_disable_link_state_locked); + +@@ -1132,14 +1134,14 @@ EXPORT_SYMBOL(pci_disable_link_state_locked); + * pci_disable_link_state - Disable device's link state, so the link will + * never enter specific states. Note that if the BIOS didn't grant ASPM + * control to the OS, this does nothing because we can't touch the LNKCTL +- * register. ++ * register. Returns 0 or a negative errno. + * + * @pdev: PCI device + * @state: ASPM link state to disable + */ +-void pci_disable_link_state(struct pci_dev *pdev, int state) ++int pci_disable_link_state(struct pci_dev *pdev, int state) + { +- __pci_disable_link_state(pdev, state, true); ++ return __pci_disable_link_state(pdev, state, true); + } + EXPORT_SYMBOL(pci_disable_link_state); + +diff --git a/include/linux/pci-aspm.h b/include/linux/pci-aspm.h +index df28af5cef210..67064145d76e0 100644 +--- a/include/linux/pci-aspm.h ++++ b/include/linux/pci-aspm.h +@@ -24,11 +24,12 @@ + #define PCIE_LINK_STATE_CLKPM 4 + + #ifdef CONFIG_PCIEASPM +-void pci_disable_link_state(struct pci_dev *pdev, int state); +-void pci_disable_link_state_locked(struct pci_dev *pdev, int state); ++int pci_disable_link_state(struct pci_dev *pdev, int state); ++int pci_disable_link_state_locked(struct pci_dev *pdev, int state); + void pcie_no_aspm(void); + #else +-static inline void pci_disable_link_state(struct pci_dev *pdev, int state) { } ++static inline int pci_disable_link_state(struct pci_dev *pdev, int state) ++{ return 0; } + static inline void pcie_no_aspm(void) { } + #endif + +-- +2.42.0 + diff --git a/queue-4.19/pci-move-aspm-declarations-to-linux-pci.h.patch b/queue-4.19/pci-move-aspm-declarations-to-linux-pci.h.patch new file mode 100644 index 00000000000..4e64bc5ef78 --- /dev/null +++ b/queue-4.19/pci-move-aspm-declarations-to-linux-pci.h.patch @@ -0,0 +1,317 @@ +From 1402588c96fb7545d783048ade10b2d1dccedfd8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 27 Aug 2019 11:56:20 +0200 +Subject: PCI: Move ASPM declarations to linux/pci.h + +From: Krzysztof Wilczynski + +[ Upstream commit 7ce2e76a0420801fb4b53b9e6850940e6b326433 ] + +Move ASPM definitions and function prototypes from include/linux/pci-aspm.h +to include/linux/pci.h so users only need to include : + + PCIE_LINK_STATE_L0S + PCIE_LINK_STATE_L1 + PCIE_LINK_STATE_CLKPM + pci_disable_link_state() + pci_disable_link_state_locked() + pcie_no_aspm() + +No functional changes intended. + +Link: https://lore.kernel.org/r/20190827095620.11213-1-kw@linux.com +Signed-off-by: Krzysztof Wilczynski +Signed-off-by: Bjorn Helgaas +Stable-dep-of: 3cb4f534bac0 ("Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables L1"") +Signed-off-by: Sasha Levin +--- + drivers/acpi/pci_root.c | 1 - + drivers/char/xillybus/xillybus_pcie.c | 1 - + drivers/net/ethernet/intel/e1000e/e1000.h | 1 - + drivers/net/ethernet/jme.c | 1 - + drivers/net/ethernet/realtek/r8169_main.c | 1 - + drivers/net/wireless/ath/ath5k/pci.c | 1 - + .../net/wireless/intel/iwlegacy/3945-mac.c | 1 - + .../net/wireless/intel/iwlegacy/4965-mac.c | 1 - + .../net/wireless/intel/iwlwifi/pcie/trans.c | 1 - + drivers/pci/pci-acpi.c | 1 - + drivers/pci/pcie/aspm.c | 1 - + drivers/pci/quirks.c | 1 - + drivers/scsi/aacraid/linit.c | 1 - + drivers/scsi/hpsa.c | 1 - + drivers/scsi/mpt3sas/mpt3sas_scsih.c | 1 - + include/linux/pci-aspm.h | 36 ------------------- + include/linux/pci.h | 18 ++++++++++ + 17 files changed, 18 insertions(+), 51 deletions(-) + delete mode 100644 include/linux/pci-aspm.h + +diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c +index e465e720eab20..6c23a6f520bad 100644 +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -28,7 +28,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/char/xillybus/xillybus_pcie.c b/drivers/char/xillybus/xillybus_pcie.c +index 05e5324f60bd9..03dda2141ff42 100644 +--- a/drivers/char/xillybus/xillybus_pcie.c ++++ b/drivers/char/xillybus/xillybus_pcie.c +@@ -12,7 +12,6 @@ + + #include + #include +-#include + #include + #include "xillybus.h" + +diff --git a/drivers/net/ethernet/intel/e1000e/e1000.h b/drivers/net/ethernet/intel/e1000e/e1000.h +index c5a119daa7f3c..585da186e21f8 100644 +--- a/drivers/net/ethernet/intel/e1000e/e1000.h ++++ b/drivers/net/ethernet/intel/e1000e/e1000.h +@@ -13,7 +13,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/net/ethernet/jme.c b/drivers/net/ethernet/jme.c +index a5ab6f3403ae0..0935cf16de6eb 100644 +--- a/drivers/net/ethernet/jme.c ++++ b/drivers/net/ethernet/jme.c +@@ -27,7 +27,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c +index ecdf628e3bb89..d05bf6446a008 100644 +--- a/drivers/net/ethernet/realtek/r8169_main.c ++++ b/drivers/net/ethernet/realtek/r8169_main.c +@@ -28,7 +28,6 @@ + #include + #include + #include +-#include + #include + #include + +diff --git a/drivers/net/wireless/ath/ath5k/pci.c b/drivers/net/wireless/ath/ath5k/pci.c +index c6156cc38940a..d5ee32ce9eb3d 100644 +--- a/drivers/net/wireless/ath/ath5k/pci.c ++++ b/drivers/net/wireless/ath/ath5k/pci.c +@@ -18,7 +18,6 @@ + + #include + #include +-#include + #include + #include + #include "../ath.h" +diff --git a/drivers/net/wireless/intel/iwlegacy/3945-mac.c b/drivers/net/wireless/intel/iwlegacy/3945-mac.c +index d51a23815e186..20227f87025d1 100644 +--- a/drivers/net/wireless/intel/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/intel/iwlegacy/3945-mac.c +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/net/wireless/intel/iwlegacy/4965-mac.c b/drivers/net/wireless/intel/iwlegacy/4965-mac.c +index 2b60473e7bf9c..bc5c2f4f9c51b 100644 +--- a/drivers/net/wireless/intel/iwlegacy/4965-mac.c ++++ b/drivers/net/wireless/intel/iwlegacy/4965-mac.c +@@ -33,7 +33,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c +index c69c13e762bbe..87235082acda7 100644 +--- a/drivers/net/wireless/intel/iwlwifi/pcie/trans.c ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/trans.c +@@ -67,7 +67,6 @@ + * + *****************************************************************************/ + #include +-#include + #include + #include + #include +diff --git a/drivers/pci/pci-acpi.c b/drivers/pci/pci-acpi.c +index 2777c459706a9..216a8f109be42 100644 +--- a/drivers/pci/pci-acpi.c ++++ b/drivers/pci/pci-acpi.c +@@ -14,7 +14,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index f2b5f3a8535e5..1f9e89c2c10d3 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -18,7 +18,6 @@ + #include + #include + #include +-#include + #include "../pci.h" + + #ifdef MODULE_PARAM_PREFIX +diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c +index 3a165710fbb86..db8d9cbc86bf6 100644 +--- a/drivers/pci/quirks.c ++++ b/drivers/pci/quirks.c +@@ -20,7 +20,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c +index eecffc03084c0..c2748c07f9507 100644 +--- a/drivers/scsi/aacraid/linit.c ++++ b/drivers/scsi/aacraid/linit.c +@@ -40,7 +40,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c +index 25d9bdd4bc698..77ed4324741fc 100644 +--- a/drivers/scsi/hpsa.c ++++ b/drivers/scsi/hpsa.c +@@ -21,7 +21,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +index bf659bc466dcc..78cf157fe2c19 100644 +--- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c ++++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c +@@ -51,7 +51,6 @@ + #include + #include + #include +-#include + #include + #include + #include +diff --git a/include/linux/pci-aspm.h b/include/linux/pci-aspm.h +deleted file mode 100644 +index 67064145d76e0..0000000000000 +--- a/include/linux/pci-aspm.h ++++ /dev/null +@@ -1,36 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-/* +- * aspm.h +- * +- * PCI Express ASPM defines and function prototypes +- * +- * Copyright (C) 2007 Intel Corp. +- * Zhang Yanmin (yanmin.zhang@intel.com) +- * Shaohua Li (shaohua.li@intel.com) +- * +- * For more information, please consult the following manuals (look at +- * http://www.pcisig.com/ for how to get them): +- * +- * PCI Express Specification +- */ +- +-#ifndef LINUX_ASPM_H +-#define LINUX_ASPM_H +- +-#include +- +-#define PCIE_LINK_STATE_L0S 1 +-#define PCIE_LINK_STATE_L1 2 +-#define PCIE_LINK_STATE_CLKPM 4 +- +-#ifdef CONFIG_PCIEASPM +-int pci_disable_link_state(struct pci_dev *pdev, int state); +-int pci_disable_link_state_locked(struct pci_dev *pdev, int state); +-void pcie_no_aspm(void); +-#else +-static inline int pci_disable_link_state(struct pci_dev *pdev, int state) +-{ return 0; } +-static inline void pcie_no_aspm(void) { } +-#endif +- +-#endif /* LINUX_ASPM_H */ +diff --git a/include/linux/pci.h b/include/linux/pci.h +index 2636990e0cccf..f8036acf2c12b 100644 +--- a/include/linux/pci.h ++++ b/include/linux/pci.h +@@ -6,12 +6,18 @@ + * Copyright 1994, Drew Eckhardt + * Copyright 1997--1999 Martin Mares + * ++ * PCI Express ASPM defines and function prototypes ++ * Copyright (c) 2007 Intel Corp. ++ * Zhang Yanmin (yanmin.zhang@intel.com) ++ * Shaohua Li (shaohua.li@intel.com) ++ * + * For more information, please consult the following manuals (look at + * http://www.pcisig.com/ for how to get them): + * + * PCI BIOS Specification + * PCI Local Bus Specification + * PCI to PCI Bridge Specification ++ * PCI Express Specification + * PCI System Design Guide + */ + #ifndef LINUX_PCI_H +@@ -1490,9 +1496,21 @@ extern bool pcie_ports_native; + #define pcie_ports_native false + #endif + ++#define PCIE_LINK_STATE_L0S 1 ++#define PCIE_LINK_STATE_L1 2 ++#define PCIE_LINK_STATE_CLKPM 4 ++ + #ifdef CONFIG_PCIEASPM ++int pci_disable_link_state(struct pci_dev *pdev, int state); ++int pci_disable_link_state_locked(struct pci_dev *pdev, int state); ++void pcie_no_aspm(void); + bool pcie_aspm_support_enabled(void); + #else ++static inline int pci_disable_link_state(struct pci_dev *pdev, int state) ++{ return 0; } ++static inline int pci_disable_link_state_locked(struct pci_dev *pdev, int state) ++{ return 0; } ++static inline void pcie_no_aspm(void) { } + static inline bool pcie_aspm_support_enabled(void) { return false; } + #endif + +-- +2.42.0 + diff --git a/queue-4.19/perf-intel-pt-adjust-sample-flags-for-vm-exit.patch b/queue-4.19/perf-intel-pt-adjust-sample-flags-for-vm-exit.patch new file mode 100644 index 00000000000..1d45a21055d --- /dev/null +++ b/queue-4.19/perf-intel-pt-adjust-sample-flags-for-vm-exit.patch @@ -0,0 +1,54 @@ +From 95275d823f85ce83f8ccc47ccc04777c33cac628 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 11:57:59 +0200 +Subject: perf intel-pt: Adjust sample flags for VM-Exit + +From: Adrian Hunter + +[ Upstream commit 695fc4510615f8db40ebaf7a2c011f0a594b5f77 ] + +Use the change of NR to detect whether an asynchronous branch is a VM-Exit. + +Note VM-Entry is determined from the vmlaunch or vmresume instruction, +in which case, sample flags will show "VMentry" even if the VM-Entry fails. + +Signed-off-by: Adrian Hunter +Acked-by: Andi Kleen +Cc: Alexander Shishkin +Cc: Jiri Olsa +Link: https://lore.kernel.org/r/20210218095801.19576-10-adrian.hunter@intel.com +Signed-off-by: Arnaldo Carvalho de Melo +Stable-dep-of: f2d87895cbc4 ("perf intel-pt: Fix async branch flags") +Signed-off-by: Sasha Levin +--- + tools/perf/util/intel-pt.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c +index e90f1044a8397..e073c7108c6c9 100644 +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -899,13 +899,16 @@ static void intel_pt_sample_flags(struct intel_pt_queue *ptq) + if (ptq->state->flags & INTEL_PT_ABORT_TX) { + ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_TX_ABORT; + } else if (ptq->state->flags & INTEL_PT_ASYNC) { +- if (ptq->state->to_ip) ++ if (!ptq->state->to_ip) ++ ptq->flags = PERF_IP_FLAG_BRANCH | ++ PERF_IP_FLAG_TRACE_END; ++ else if (ptq->state->from_nr && !ptq->state->to_nr) ++ ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_CALL | ++ PERF_IP_FLAG_VMEXIT; ++ else + ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_CALL | + PERF_IP_FLAG_ASYNC | + PERF_IP_FLAG_INTERRUPT; +- else +- ptq->flags = PERF_IP_FLAG_BRANCH | +- PERF_IP_FLAG_TRACE_END; + ptq->insn_len = 0; + } else { + if (ptq->state->from_ip) +-- +2.42.0 + diff --git a/queue-4.19/perf-intel-pt-fix-async-branch-flags.patch b/queue-4.19/perf-intel-pt-fix-async-branch-flags.patch new file mode 100644 index 00000000000..052f140ffc9 --- /dev/null +++ b/queue-4.19/perf-intel-pt-fix-async-branch-flags.patch @@ -0,0 +1,42 @@ +From b379d6abd4b2d4c2bafd5bad39fcc6bc4580500f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Sep 2023 10:29:53 +0300 +Subject: perf intel-pt: Fix async branch flags + +From: Adrian Hunter + +[ Upstream commit f2d87895cbc4af80649850dcf5da36de6b2ed3dd ] + +Ensure PERF_IP_FLAG_ASYNC is set always for asynchronous branches (i.e. +interrupts etc). + +Fixes: 90e457f7be08 ("perf tools: Add Intel PT support") +Cc: stable@vger.kernel.org +Signed-off-by: Adrian Hunter +Acked-by: Namhyung Kim +Link: https://lore.kernel.org/r/20230928072953.19369-1-adrian.hunter@intel.com +Signed-off-by: Namhyung Kim +Signed-off-by: Sasha Levin +--- + tools/perf/util/intel-pt.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/perf/util/intel-pt.c b/tools/perf/util/intel-pt.c +index e073c7108c6c9..92b9921568f5d 100644 +--- a/tools/perf/util/intel-pt.c ++++ b/tools/perf/util/intel-pt.c +@@ -901,9 +901,11 @@ static void intel_pt_sample_flags(struct intel_pt_queue *ptq) + } else if (ptq->state->flags & INTEL_PT_ASYNC) { + if (!ptq->state->to_ip) + ptq->flags = PERF_IP_FLAG_BRANCH | ++ PERF_IP_FLAG_ASYNC | + PERF_IP_FLAG_TRACE_END; + else if (ptq->state->from_nr && !ptq->state->to_nr) + ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_CALL | ++ PERF_IP_FLAG_ASYNC | + PERF_IP_FLAG_VMEXIT; + else + ptq->flags = PERF_IP_FLAG_BRANCH | PERF_IP_FLAG_CALL | +-- +2.42.0 + diff --git a/queue-4.19/ravb-fix-races-between-ravb_tx_timeout_work-and-net-.patch b/queue-4.19/ravb-fix-races-between-ravb_tx_timeout_work-and-net-.patch new file mode 100644 index 00000000000..88dcf49bb98 --- /dev/null +++ b/queue-4.19/ravb-fix-races-between-ravb_tx_timeout_work-and-net-.patch @@ -0,0 +1,79 @@ +From 67d4342ab746e79101c87ab077def3c96ab3100b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 27 Nov 2023 21:24:20 +0900 +Subject: ravb: Fix races between ravb_tx_timeout_work() and net related ops + +From: Yoshihiro Shimoda + +[ Upstream commit 9870257a0a338cd8d6c1cddab74e703f490f6779 ] + +Fix races between ravb_tx_timeout_work() and functions of net_device_ops +and ethtool_ops by using rtnl_trylock() and rtnl_unlock(). Note that +since ravb_close() is under the rtnl lock and calls cancel_work_sync(), +ravb_tx_timeout_work() should calls rtnl_trylock(). Otherwise, a deadlock +may happen in ravb_tx_timeout_work() like below: + +CPU0 CPU1 + ravb_tx_timeout() + schedule_work() +... +__dev_close_many() +// Under rtnl lock +ravb_close() +cancel_work_sync() +// Waiting + ravb_tx_timeout_work() + rtnl_lock() + // This is possible to cause a deadlock + +If rtnl_trylock() fails, rescheduling the work with sleep for 1 msec. + +Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper") +Signed-off-by: Yoshihiro Shimoda +Reviewed-by: Sergey Shtylyov +Link: https://lore.kernel.org/r/20231127122420.3706751-1-yoshihiro.shimoda.uh@renesas.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/renesas/ravb_main.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/renesas/ravb_main.c b/drivers/net/ethernet/renesas/ravb_main.c +index a1906804c139e..e3eedb3e72156 100644 +--- a/drivers/net/ethernet/renesas/ravb_main.c ++++ b/drivers/net/ethernet/renesas/ravb_main.c +@@ -1447,6 +1447,12 @@ static void ravb_tx_timeout_work(struct work_struct *work) + struct net_device *ndev = priv->ndev; + int error; + ++ if (!rtnl_trylock()) { ++ usleep_range(1000, 2000); ++ schedule_work(&priv->work); ++ return; ++ } ++ + netif_tx_stop_all_queues(ndev); + + /* Stop PTP Clock driver */ +@@ -1479,7 +1485,7 @@ static void ravb_tx_timeout_work(struct work_struct *work) + */ + netdev_err(ndev, "%s: ravb_dmac_init() failed, error %d\n", + __func__, error); +- return; ++ goto out_unlock; + } + ravb_emac_init(ndev); + +@@ -1489,6 +1495,9 @@ static void ravb_tx_timeout_work(struct work_struct *work) + ravb_ptp_init(ndev, priv->pdev); + + netif_tx_start_all_queues(ndev); ++ ++out_unlock: ++ rtnl_unlock(); + } + + /* Packet transmit function for Ethernet AVB */ +-- +2.42.0 + diff --git a/queue-4.19/revert-pci-aspm-disable-only-aspm_state_l1-when-driv.patch b/queue-4.19/revert-pci-aspm-disable-only-aspm_state_l1-when-driv.patch new file mode 100644 index 00000000000..ab70e890cf2 --- /dev/null +++ b/queue-4.19/revert-pci-aspm-disable-only-aspm_state_l1-when-driv.patch @@ -0,0 +1,80 @@ +From 8b08bc1854f27aad6e9a7e1cadcaf24e39ec15c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 11 Oct 2023 09:36:40 +0200 +Subject: Revert "PCI/ASPM: Disable only ASPM_STATE_L1 when driver, disables + L1" + +From: Heiner Kallweit + +[ Upstream commit 3cb4f534bac010258b2688395c2f13459a932be9 ] + +This reverts commit fb097dcd5a28c0a2325632405c76a66777a6bed9. + +After fb097dcd5a28 ("PCI/ASPM: Disable only ASPM_STATE_L1 when driver +disables L1"), disabling L1 via pci_disable_link_state(PCIE_LINK_STATE_L1), +then enabling one substate, e.g., L1.1, via sysfs actually enables *all* +the substates. + +For example, r8169 disables L1 because of hardware issues on a number of +systems, which implicitly disables the L1.1 and L1.2 substates. + +On some systems, L1 and L1.1 work fine, but L1.2 causes missed rx packets. +Enabling L1.1 via the sysfs "aspm_l1_1" attribute unexpectedly enables L1.2 +as well as L1.1. + +After fb097dcd5a28, pci_disable_link_state(PCIE_LINK_STATE_L1) adds only +ASPM_L1 (but not any of the L1.x substates) to the "aspm_disable" mask: + + --- Before fb097dcd5a28 + +++ After fb097dcd5a28 + + # r8169 disables L1: + pci_disable_link_state(PCIE_LINK_STATE_L1) + - disable |= ASPM_L1 | ASPM_L1_1 | ASPM_L1_2 | ... # disable L1, L1.x + + disable |= ASPM_L1 # disable L1 only + + # write "1" to sysfs "aspm_l1_1" attribute: + l1_1_aspm + aspm_attr_store_common(state = ASPM_L1_1) + disable &= ~ASPM_L1_1 # enable L1.1 + if (state & (ASPM_L1_1 | ...)) # if enabling any substate + disable &= ~ASPM_L1 # enable L1 + + # final state: + - disable = ASPM_L1_2 | ... # L1, L1.1 enabled; L1.2 disabled + + disable = 0 # L1, L1.1, L1.2 all enabled + +Enabling an L1.x substate removes the substate and L1 from the +"aspm_disable" mask. After fb097dcd5a28, the substates were not added to +the mask when disabling L1, so enabling one substate implicitly enables all +of them. + +Revert fb097dcd5a28 so enabling one substate doesn't enable the others. + +Link: https://lore.kernel.org/r/c75931ac-7208-4200-9ca1-821629cf5e28@gmail.com +Signed-off-by: Heiner Kallweit +[bhelgaas: work through example in commit log] +Signed-off-by: Bjorn Helgaas +Cc: stable@vger.kernel.org +Signed-off-by: Sasha Levin +--- + drivers/pci/pcie/aspm.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c +index 8db6a9084a12a..8f934c88dcd76 100644 +--- a/drivers/pci/pcie/aspm.c ++++ b/drivers/pci/pcie/aspm.c +@@ -1110,7 +1110,8 @@ static int __pci_disable_link_state(struct pci_dev *pdev, int state, bool sem) + if (state & PCIE_LINK_STATE_L0S) + link->aspm_disable |= ASPM_STATE_L0S; + if (state & PCIE_LINK_STATE_L1) +- link->aspm_disable |= ASPM_STATE_L1; ++ /* L1 PM substates require L1 */ ++ link->aspm_disable |= ASPM_STATE_L1 | ASPM_STATE_L1SS; + if (state & PCIE_LINK_STATE_L1_1) + link->aspm_disable |= ASPM_STATE_L1_1; + if (state & PCIE_LINK_STATE_L1_2) +-- +2.42.0 + diff --git a/queue-4.19/s390-cmma-fix-detection-of-dat-pages.patch b/queue-4.19/s390-cmma-fix-detection-of-dat-pages.patch new file mode 100644 index 00000000000..ab0eca95e23 --- /dev/null +++ b/queue-4.19/s390-cmma-fix-detection-of-dat-pages.patch @@ -0,0 +1,67 @@ +From 184321b6220f28c99a9be086a01cce54e248a277 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 24 Oct 2023 10:15:19 +0200 +Subject: s390/cmma: fix detection of DAT pages + +From: Heiko Carstens + +[ Upstream commit 44d93045247661acbd50b1629e62f415f2747577 ] + +If the cmma no-dat feature is available the kernel page tables are walked +to identify and mark all pages which are used for address translation (all +region, segment, and page tables). In a subsequent loop all other pages are +marked as "no-dat" pages with the ESSA instruction. + +This information is visible to the hypervisor, so that the hypervisor can +optimize purging of guest TLB entries. The initial loop however is +incorrect: only the first three of the four pages which belong to segment +and region tables will be marked as being used for DAT. The last page is +incorrectly marked as no-dat. + +This can result in incorrect guest TLB flushes. + +Fix this by simply marking all four pages. + +Cc: +Reviewed-by: Claudio Imbrenda +Signed-off-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Sasha Levin +--- + arch/s390/mm/page-states.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/s390/mm/page-states.c b/arch/s390/mm/page-states.c +index 5a0460b0fd6ae..182240411211c 100644 +--- a/arch/s390/mm/page-states.c ++++ b/arch/s390/mm/page-states.c +@@ -137,7 +137,7 @@ static void mark_kernel_pud(p4d_t *p4d, unsigned long addr, unsigned long end) + continue; + if (!pud_folded(*pud)) { + page = phys_to_page(pud_val(*pud)); +- for (i = 0; i < 3; i++) ++ for (i = 0; i < 4; i++) + set_bit(PG_arch_1, &page[i].flags); + } + mark_kernel_pmd(pud, addr, next); +@@ -158,7 +158,7 @@ static void mark_kernel_p4d(pgd_t *pgd, unsigned long addr, unsigned long end) + continue; + if (!p4d_folded(*p4d)) { + page = phys_to_page(p4d_val(*p4d)); +- for (i = 0; i < 3; i++) ++ for (i = 0; i < 4; i++) + set_bit(PG_arch_1, &page[i].flags); + } + mark_kernel_pud(p4d, addr, next); +@@ -180,7 +180,7 @@ static void mark_kernel_pgd(void) + continue; + if (!pgd_folded(*pgd)) { + page = phys_to_page(pgd_val(*pgd)); +- for (i = 0; i < 3; i++) ++ for (i = 0; i < 4; i++) + set_bit(PG_arch_1, &page[i].flags); + } + mark_kernel_p4d(pgd, addr, next); +-- +2.42.0 + diff --git a/queue-4.19/s390-mm-fix-phys-vs-virt-confusion-in-mark_kernel_px.patch b/queue-4.19/s390-mm-fix-phys-vs-virt-confusion-in-mark_kernel_px.patch new file mode 100644 index 00000000000..9bcc8853657 --- /dev/null +++ b/queue-4.19/s390-mm-fix-phys-vs-virt-confusion-in-mark_kernel_px.patch @@ -0,0 +1,65 @@ +From db11e6773507f6edbd530a7cc3246cfd97a81cd8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Mar 2021 18:32:55 +0200 +Subject: s390/mm: fix phys vs virt confusion in mark_kernel_pXd() functions + family + +From: Alexander Gordeev + +[ Upstream commit 3784231b1e091857bd129fd9658a8b3cedbdcd58 ] + +Due to historical reasons mark_kernel_pXd() functions +misuse the notion of physical vs virtual addresses +difference. + +Signed-off-by: Alexander Gordeev +Signed-off-by: Heiko Carstens +Stable-dep-of: 44d930452476 ("s390/cmma: fix detection of DAT pages") +Signed-off-by: Sasha Levin +--- + arch/s390/mm/page-states.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/s390/mm/page-states.c b/arch/s390/mm/page-states.c +index dc3cede7f2ec9..5a0460b0fd6ae 100644 +--- a/arch/s390/mm/page-states.c ++++ b/arch/s390/mm/page-states.c +@@ -118,7 +118,7 @@ static void mark_kernel_pmd(pud_t *pud, unsigned long addr, unsigned long end) + next = pmd_addr_end(addr, end); + if (pmd_none(*pmd) || pmd_large(*pmd)) + continue; +- page = virt_to_page(pmd_val(*pmd)); ++ page = phys_to_page(pmd_val(*pmd)); + set_bit(PG_arch_1, &page->flags); + } while (pmd++, addr = next, addr != end); + } +@@ -136,7 +136,7 @@ static void mark_kernel_pud(p4d_t *p4d, unsigned long addr, unsigned long end) + if (pud_none(*pud) || pud_large(*pud)) + continue; + if (!pud_folded(*pud)) { +- page = virt_to_page(pud_val(*pud)); ++ page = phys_to_page(pud_val(*pud)); + for (i = 0; i < 3; i++) + set_bit(PG_arch_1, &page[i].flags); + } +@@ -157,7 +157,7 @@ static void mark_kernel_p4d(pgd_t *pgd, unsigned long addr, unsigned long end) + if (p4d_none(*p4d)) + continue; + if (!p4d_folded(*p4d)) { +- page = virt_to_page(p4d_val(*p4d)); ++ page = phys_to_page(p4d_val(*p4d)); + for (i = 0; i < 3; i++) + set_bit(PG_arch_1, &page[i].flags); + } +@@ -179,7 +179,7 @@ static void mark_kernel_pgd(void) + if (pgd_none(*pgd)) + continue; + if (!pgd_folded(*pgd)) { +- page = virt_to_page(pgd_val(*pgd)); ++ page = phys_to_page(pgd_val(*pgd)); + for (i = 0; i < 3; i++) + set_bit(PG_arch_1, &page[i].flags); + } +-- +2.42.0 + diff --git a/queue-4.19/series b/queue-4.19/series index 9e03b58332e..e47f8799e66 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -42,3 +42,29 @@ powerpc-don-t-clobber-f0-vs0-during-fp-altivec-register-save.patch btrfs-fix-off-by-one-when-checking-chunk-map-includes-logical-address.patch btrfs-send-ensure-send_fd-is-writable.patch input-xpad-add-hyperx-clutch-gladiate-support.patch +ipv4-igmp-fix-refcnt-uaf-issue-when-receiving-igmp-q.patch +ravb-fix-races-between-ravb_tx_timeout_work-and-net-.patch +net-ravb-start-tx-queues-after-hw-initialization-suc.patch +perf-intel-pt-adjust-sample-flags-for-vm-exit.patch +perf-intel-pt-fix-async-branch-flags.patch +ext4-improve-write-performance-with-disabled-delallo.patch +ext4-mark-buffer-new-if-it-is-unwritten-to-avoid-sta.patch +smb3-fix-touch-h-of-symlink.patch +pci-let-pci_disable_link_state-propagate-errors.patch +pci-move-aspm-declarations-to-linux-pci.h.patch +pci-aspm-add-l1-pm-substate-support-to-pci_disable_l.patch +pci-aspm-disable-only-aspm_state_l1-when-driver-disa.patch +revert-pci-aspm-disable-only-aspm_state_l1-when-driv.patch +s390-mm-fix-phys-vs-virt-confusion-in-mark_kernel_px.patch +s390-cmma-fix-detection-of-dat-pages.patch +arm64-kconfig-add-a-choice-for-endianness.patch +arm64-make-cpu_big_endian-depend-on-ld.bfd-or-ld.lld.patch +arm64-restrict-cpu_big_endian-to-gnu-as-or-llvm-ias-.patch +mtd-cfi_cmdset_0001-support-the-absence-of-protectio.patch +mtd-cfi_cmdset_0001-byte-swap-otp-info.patch +fbdev-stifb-make-the-sti-next-font-pointer-a-32-bit-.patch +ima-annotate-iint-mutex-to-avoid-lockdep-false-posit.patch +ovl-skip-overlayfs-superblocks-at-global-sync.patch +ima-detect-changes-to-the-backing-overlay-file.patch +cpufreq-imx6q-don-t-warn-for-disabling-a-non-existin.patch +cpufreq-imx6q-don-t-disable-792-mhz-opp-unnecessaril.patch diff --git a/queue-4.19/smb3-fix-touch-h-of-symlink.patch b/queue-4.19/smb3-fix-touch-h-of-symlink.patch new file mode 100644 index 00000000000..52b7e13a34c --- /dev/null +++ b/queue-4.19/smb3-fix-touch-h-of-symlink.patch @@ -0,0 +1,40 @@ +From f44d64820f67f18f781ecf801b7c46020bd7bc79 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 16 Oct 2023 12:18:23 -0500 +Subject: smb3: fix touch -h of symlink + +From: Steve French + +[ Upstream commit 475efd9808a3094944a56240b2711349e433fb66 ] + +For example: + touch -h -t 02011200 testfile +where testfile is a symlink would not change the timestamp, but + touch -t 02011200 testfile +does work to change the timestamp of the target + +Suggested-by: David Howells +Reported-by: Micah Veilleux +Closes: https://bugzilla.samba.org/show_bug.cgi?id=14476 +Cc: stable@vger.kernel.org +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/cifsfs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c +index ef1a43f4bd663..7c9e5ed1644b0 100644 +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -970,6 +970,7 @@ const struct inode_operations cifs_file_inode_ops = { + + const struct inode_operations cifs_symlink_inode_ops = { + .get_link = cifs_get_link, ++ .setattr = cifs_setattr, + .permission = cifs_permission, + .listxattr = cifs_listxattr, + }; +-- +2.42.0 +