From: Greg Kroah-Hartman Date: Mon, 19 Feb 2024 16:28:24 +0000 (+0100) Subject: 6.6-stable patches X-Git-Tag: v4.19.307~119 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7667ee8d593febea056b1fc0d75f24351ba472de;p=thirdparty%2Fkernel%2Fstable-queue.git 6.6-stable patches added patches: alsa-hda-cs8409-suppress-vmaster-control-for-dolphin-models.patch alsa-hda-realtek-add-speaker-pin-verbtable-for-dell-dual-speaker-platform.patch alsa-hda-realtek-apply-headset-jack-quirk-for-non-bass-alc287-thinkpads.patch alsa-hda-realtek-enable-headset-mic-on-vaio-vjfe-adl.patch alsa-hda-realtek-fix-mute-micmute-leds-for-hp-zbook-power.patch asoc-codecs-wcd938x-handle-deferred-probe.patch binder-signal-epoll-threads-of-self-work.patch connector-cn_proc-revert-connector-fix-proc_event_num_listeners-count-not-cleared.patch drm-amd-don-t-init-mec2-firmware-when-it-fails-to-load.patch drm-amdgpu-reset-ih-overflow_clear-bit.patch drm-virtio-set-segment-size-for-virtio_gpu-device.patch ext4-avoid-bb_free-and-bb_fragments-inconsistency-in-mb_free_blocks.patch ext4-fix-double-free-of-blocks-due-to-wrong-extents-moved_len.patch firewire-core-correct-documentation-of-fw_csr_string-kernel-api.patch iio-accel-bma400-fix-a-compilation-problem.patch iio-adc-ad_sigma_delta-ensure-proper-dma-alignment.patch iio-commom-st_sensors-ensure-proper-dma-alignment.patch iio-core-fix-memleak-in-iio_device_register_sysfs.patch iio-imu-adis-ensure-proper-dma-alignment.patch iio-imu-bno055-serdev-requires-regmap.patch iio-magnetometer-rm3100-add-boundary-check-for-the-value-read-from-rm3100_reg_tmrc.patch iio-pressure-bmp280-add-missing-bmp085-to-spi-id-table.patch kbuild-fix-changing-elf-file-type-for-output-of-gen_btf-for-big-endian.patch lsm-fix-default-return-value-of-the-socket_getpeersec_-hooks.patch lsm-fix-the-logic-in-security_inode_getsecctx.patch media-rc-bpf-attach-detach-requires-write-permission.patch media-revert-media-rkisp1-drop-irqf_shared.patch misc-fastrpc-mark-all-sessions-as-invalid-in-cb_remove.patch modpost-add-.ltext-and-.ltext.-to-text_sections.patch mptcp-check-addrs-list-in-userspace_pm_get_local_id.patch mptcp-drop-the-push_pending-field.patch mptcp-fix-data-re-injection-from-stale-subflow.patch mptcp-fix-rcv-space-initialization.patch mptcp-really-cope-with-fastopen-race.patch net-hsr-remove-warn_once-in-send_hsr_supervision_frame.patch net-stmmac-do-not-clear-tbs-enable-bit-on-link-up-down.patch nfc-nci-free-rx_data_reassembly-skb-on-nci-device-cleanup.patch parisc-btlb-fix-crash-when-setting-up-btlb-at-cpu-bringup.patch pmdomain-mediatek-fix-race-conditions-with-genpd.patch revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-entry.patch revert-drm-msm-gpu-push-gpu-lock-down-past-runpm.patch revert-powerpc-pseries-iommu-fix-iommu-initialisation-during-dlpar-add.patch revert-workqueue-override-implicit-ordered-attribute-in-workqueue_apply_unbound_cpumask.patch scsi-revert-scsi-fcoe-fix-potential-deadlock-on-fip-ctlr_lock.patch selftests-mptcp-add-missing-kconfig-for-nf-filter-in-v6.patch selftests-mptcp-add-missing-kconfig-for-nf-filter.patch selftests-mptcp-add-missing-kconfig-for-nf-mangle.patch selftests-mptcp-add-mptcp_lib_kill_wait.patch selftests-mptcp-allow-changing-subtests-prefix.patch selftests-mptcp-increase-timeout-to-30-min.patch staging-iio-ad5933-fix-type-mismatch-regression.patch tracing-fix-wasted-memory-in-saved_cmdlines-logic.patch tracing-probes-fix-to-search-structure-fields-correctly.patch tracing-probes-fix-to-set-arg-size-and-fmt-after-setting-type-from-btf.patch tracing-probes-fix-to-show-a-parse-error-for-bad-type-for-comm.patch tracing-synthetic-fix-trace_string-return-value.patch tracing-timerlat-move-hrtimer_init-to-timerlat_fd-open.patch um-fix-adding-no-pie-for-clang.patch xen-netback-properly-sync-tx-responses.patch --- diff --git a/queue-6.6/alsa-hda-cs8409-suppress-vmaster-control-for-dolphin-models.patch b/queue-6.6/alsa-hda-cs8409-suppress-vmaster-control-for-dolphin-models.patch new file mode 100644 index 00000000000..2e708a76fb1 --- /dev/null +++ b/queue-6.6/alsa-hda-cs8409-suppress-vmaster-control-for-dolphin-models.patch @@ -0,0 +1,35 @@ +From a2ed0a44d637ef9deca595054c206da7d6cbdcbc Mon Sep 17 00:00:00 2001 +From: Vitaly Rodionov +Date: Mon, 22 Jan 2024 18:47:10 +0000 +Subject: ALSA: hda/cs8409: Suppress vmaster control for Dolphin models + +From: Vitaly Rodionov + +commit a2ed0a44d637ef9deca595054c206da7d6cbdcbc upstream. + +Customer has reported an issue with specific desktop platform +where two CS42L42 codecs are connected to CS8409 HDA bridge. +If "Master Volume Control" is created then on Ubuntu OS UCM +left/right balance slider in UI audio settings has no effect. +This patch will fix this issue for a target paltform. + +Fixes: 20e507724113 ("ALSA: hda/cs8409: Add support for dolphin") +Signed-off-by: Vitaly Rodionov +Cc: +Link: https://lore.kernel.org/r/20240122184710.5802-1-vitalyr@opensource.cirrus.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_cs8409.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_cs8409.c ++++ b/sound/pci/hda/patch_cs8409.c +@@ -1371,6 +1371,7 @@ void dolphin_fixups(struct hda_codec *co + spec->scodecs[CS8409_CODEC1] = &dolphin_cs42l42_1; + spec->scodecs[CS8409_CODEC1]->codec = codec; + spec->num_scodecs = 2; ++ spec->gen.suppress_vmaster = 1; + + codec->patch_ops = cs8409_dolphin_patch_ops; + diff --git a/queue-6.6/alsa-hda-realtek-add-speaker-pin-verbtable-for-dell-dual-speaker-platform.patch b/queue-6.6/alsa-hda-realtek-add-speaker-pin-verbtable-for-dell-dual-speaker-platform.patch new file mode 100644 index 00000000000..95541698409 --- /dev/null +++ b/queue-6.6/alsa-hda-realtek-add-speaker-pin-verbtable-for-dell-dual-speaker-platform.patch @@ -0,0 +1,53 @@ +From fcfc9f711d1e2fc7876ac12b1b16c509404b9625 Mon Sep 17 00:00:00 2001 +From: Kailang Yang +Date: Wed, 24 Jan 2024 14:21:47 +0800 +Subject: ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform + +From: Kailang Yang + +commit fcfc9f711d1e2fc7876ac12b1b16c509404b9625 upstream. + +SSID 0x0c0d platform. It can't mute speaker when HP plugged. +This patch add quirk to fill speaker pin verbtable. +And disable speaker passthrough. + +Signed-off-by: Kailang Yang +Cc: +Link: https://lore.kernel.org/r/38b82976a875451d833d514cee34ff6a@realtek.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -438,6 +438,10 @@ static void alc_fill_eapd_coef(struct hd + alc_update_coef_idx(codec, 0x67, 0xf000, 0x3000); + fallthrough; + case 0x10ec0215: ++ case 0x10ec0285: ++ case 0x10ec0289: ++ alc_update_coef_idx(codec, 0x36, 1<<13, 0); ++ fallthrough; + case 0x10ec0230: + case 0x10ec0233: + case 0x10ec0235: +@@ -451,9 +455,7 @@ static void alc_fill_eapd_coef(struct hd + case 0x10ec0283: + case 0x10ec0286: + case 0x10ec0288: +- case 0x10ec0285: + case 0x10ec0298: +- case 0x10ec0289: + case 0x10ec0300: + alc_update_coef_idx(codec, 0x10, 1<<9, 0); + break; +@@ -9629,6 +9631,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1028, 0x0b71, "Dell Inspiron 16 Plus 7620", ALC295_FIXUP_DELL_INSPIRON_TOP_SPEAKERS), + SND_PCI_QUIRK(0x1028, 0x0beb, "Dell XPS 15 9530 (2023)", ALC289_FIXUP_DELL_CS35L41_SPI_2), + SND_PCI_QUIRK(0x1028, 0x0c03, "Dell Precision 5340", ALC269_FIXUP_DELL4_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x1028, 0x0c0d, "Dell Oasis", ALC289_FIXUP_RTK_AMP_DUAL_SPK), + SND_PCI_QUIRK(0x1028, 0x0c19, "Dell Precision 3340", ALC236_FIXUP_DELL_DUAL_CODECS), + SND_PCI_QUIRK(0x1028, 0x0c1a, "Dell Precision 3340", ALC236_FIXUP_DELL_DUAL_CODECS), + SND_PCI_QUIRK(0x1028, 0x0c1b, "Dell Precision 3440", ALC236_FIXUP_DELL_DUAL_CODECS), diff --git a/queue-6.6/alsa-hda-realtek-apply-headset-jack-quirk-for-non-bass-alc287-thinkpads.patch b/queue-6.6/alsa-hda-realtek-apply-headset-jack-quirk-for-non-bass-alc287-thinkpads.patch new file mode 100644 index 00000000000..37f3c7e44ff --- /dev/null +++ b/queue-6.6/alsa-hda-realtek-apply-headset-jack-quirk-for-non-bass-alc287-thinkpads.patch @@ -0,0 +1,52 @@ +From 2468e8922d2f6da81a6192b73023eff67e3fefdd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jos=C3=A9=20Relvas?= +Date: Wed, 31 Jan 2024 11:34:09 +0000 +Subject: ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: José Relvas + +commit 2468e8922d2f6da81a6192b73023eff67e3fefdd upstream. + +There currently exists two thinkpad headset jack fixups: +ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK +ALC285_FIXUP_THINKPAD_HEADSET_JACK + +The latter is applied to alc285 and alc287 thinkpads which contain +bass speakers. +However, the former was only being applied to alc285 thinkpads, +leaving non-bass alc287 thinkpads with no headset button controls. +This patch fixes that by adding ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK +to the alc287 chains, allowing the detection of headset buttons. + +Signed-off-by: José Relvas +Cc: +Link: https://lore.kernel.org/r/20240131113407.34698-3-josemonsantorelvas@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9479,7 +9479,7 @@ static const struct hda_fixup alc269_fix + .type = HDA_FIXUP_FUNC, + .v.func = cs35l41_fixup_i2c_two, + .chained = true, +- .chain_id = ALC269_FIXUP_THINKPAD_ACPI, ++ .chain_id = ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK, + }, + [ALC287_FIXUP_TAS2781_I2C] = { + .type = HDA_FIXUP_FUNC, +@@ -9500,6 +9500,8 @@ static const struct hda_fixup alc269_fix + [ALC287_FIXUP_THINKPAD_I2S_SPK] = { + .type = HDA_FIXUP_FUNC, + .v.func = alc287_fixup_bind_dacs, ++ .chained = true, ++ .chain_id = ALC285_FIXUP_THINKPAD_NO_BASS_SPK_HEADSET_JACK, + }, + [ALC287_FIXUP_MG_RTKC_CSAMP_CS35L41_I2C_THINKPAD] = { + .type = HDA_FIXUP_FUNC, diff --git a/queue-6.6/alsa-hda-realtek-enable-headset-mic-on-vaio-vjfe-adl.patch b/queue-6.6/alsa-hda-realtek-enable-headset-mic-on-vaio-vjfe-adl.patch new file mode 100644 index 00000000000..f9dc8cc6371 --- /dev/null +++ b/queue-6.6/alsa-hda-realtek-enable-headset-mic-on-vaio-vjfe-adl.patch @@ -0,0 +1,31 @@ +From c7de2d9bb68a5fc71c25ff96705a80a76c8436eb Mon Sep 17 00:00:00 2001 +From: Edson Juliano Drosdeck +Date: Thu, 1 Feb 2024 09:21:14 -0300 +Subject: ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL + +From: Edson Juliano Drosdeck + +commit c7de2d9bb68a5fc71c25ff96705a80a76c8436eb upstream. + +Vaio VJFE-ADL is equipped with ALC269VC, and it needs +ALC298_FIXUP_SPK_VOLUME quirk to make its headset mic work. + +Signed-off-by: Edson Juliano Drosdeck +Cc: +Link: https://lore.kernel.org/r/20240201122114.30080-1-edson.drosdeck@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -10204,6 +10204,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1d72, 0x1945, "Redmi G", ALC256_FIXUP_ASUS_HEADSET_MIC), + SND_PCI_QUIRK(0x1d72, 0x1947, "RedmiBook Air", ALC255_FIXUP_XIAOMI_HEADSET_MIC), + SND_PCI_QUIRK(0x2782, 0x0232, "CHUWI CoreBook XPro", ALC269VB_FIXUP_CHUWI_COREBOOK_XPRO), ++ SND_PCI_QUIRK(0x2782, 0x1707, "Vaio VJFE-ADL", ALC298_FIXUP_SPK_VOLUME), + SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC), + SND_PCI_QUIRK(0x8086, 0x2080, "Intel NUC 8 Rugged", ALC256_FIXUP_INTEL_NUC8_RUGGED), + SND_PCI_QUIRK(0x8086, 0x2081, "Intel NUC 10", ALC256_FIXUP_INTEL_NUC10), diff --git a/queue-6.6/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-zbook-power.patch b/queue-6.6/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-zbook-power.patch new file mode 100644 index 00000000000..6c13f8d882d --- /dev/null +++ b/queue-6.6/alsa-hda-realtek-fix-mute-micmute-leds-for-hp-zbook-power.patch @@ -0,0 +1,33 @@ +From 1513664f340289cf10402753110f3cff12a738aa Mon Sep 17 00:00:00 2001 +From: Andy Chi +Date: Mon, 22 Jan 2024 15:48:24 +0800 +Subject: ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power + +From: Andy Chi + +commit 1513664f340289cf10402753110f3cff12a738aa upstream. + +The HP ZBook Power using ALC236 codec which using 0x02 to +control mute LED and 0x01 to control micmute LED. +Therefore, add a quirk to make it works. + +Signed-off-by: Andy Chi +Cc: +Link: https://lore.kernel.org/r/20240122074826.1020964-1-andy.chi@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9857,6 +9857,8 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8c72, "HP EliteBook 865 G11", ALC287_FIXUP_CS35L41_I2C_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8c96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), + SND_PCI_QUIRK(0x103c, 0x8c97, "HP ZBook", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), ++ SND_PCI_QUIRK(0x103c, 0x8ca1, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x8ca2, "HP ZBook Power", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8ca4, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8ca7, "HP ZBook Fury", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8cf5, "HP ZBook Studio 16", ALC245_FIXUP_CS35L41_SPI_4_HP_GPIO_LED), diff --git a/queue-6.6/asoc-codecs-wcd938x-handle-deferred-probe.patch b/queue-6.6/asoc-codecs-wcd938x-handle-deferred-probe.patch new file mode 100644 index 00000000000..82df9896c56 --- /dev/null +++ b/queue-6.6/asoc-codecs-wcd938x-handle-deferred-probe.patch @@ -0,0 +1,37 @@ +From 086df711d9b886194481b4fbe525eb43e9ae7403 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Wed, 17 Jan 2024 16:12:06 +0100 +Subject: ASoC: codecs: wcd938x: handle deferred probe + +From: Krzysztof Kozlowski + +commit 086df711d9b886194481b4fbe525eb43e9ae7403 upstream. + +WCD938x sound codec driver ignores return status of getting regulators +and returns EINVAL instead of EPROBE_DEFER. If regulator provider +probes after the codec, system is left without probed audio: + + wcd938x_codec audio-codec: wcd938x_probe: Fail to obtain platform data + wcd938x_codec: probe of audio-codec failed with error -22 + +Fixes: 16572522aece ("ASoC: codecs: wcd938x-sdw: add SoundWire driver") +Cc: +Signed-off-by: Krzysztof Kozlowski +Link: https://msgid.link/r/20240117151208.1219755-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/wcd938x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/sound/soc/codecs/wcd938x.c ++++ b/sound/soc/codecs/wcd938x.c +@@ -3589,7 +3589,7 @@ static int wcd938x_probe(struct platform + ret = wcd938x_populate_dt_data(wcd938x, dev); + if (ret) { + dev_err(dev, "%s: Fail to obtain platform data\n", __func__); +- return -EINVAL; ++ return ret; + } + + ret = wcd938x_add_slave_components(wcd938x, dev, &match); diff --git a/queue-6.6/binder-signal-epoll-threads-of-self-work.patch b/queue-6.6/binder-signal-epoll-threads-of-self-work.patch new file mode 100644 index 00000000000..b37a1a91a06 --- /dev/null +++ b/queue-6.6/binder-signal-epoll-threads-of-self-work.patch @@ -0,0 +1,55 @@ +From 97830f3c3088638ff90b20dfba2eb4d487bf14d7 Mon Sep 17 00:00:00 2001 +From: Carlos Llamas +Date: Wed, 31 Jan 2024 21:53:46 +0000 +Subject: binder: signal epoll threads of self-work +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Carlos Llamas + +commit 97830f3c3088638ff90b20dfba2eb4d487bf14d7 upstream. + +In (e)poll mode, threads often depend on I/O events to determine when +data is ready for consumption. Within binder, a thread may initiate a +command via BINDER_WRITE_READ without a read buffer and then make use +of epoll_wait() or similar to consume any responses afterwards. + +It is then crucial that epoll threads are signaled via wakeup when they +queue their own work. Otherwise, they risk waiting indefinitely for an +event leaving their work unhandled. What is worse, subsequent commands +won't trigger a wakeup either as the thread has pending work. + +Fixes: 457b9a6f09f0 ("Staging: android: add binder driver") +Cc: Arve Hjønnevåg +Cc: Martijn Coenen +Cc: Alice Ryhl +Cc: Steven Moreland +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Carlos Llamas +Link: https://lore.kernel.org/r/20240131215347.1808751-1-cmllamas@google.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Greg Kroah-Hartman +--- + drivers/android/binder.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/drivers/android/binder.c ++++ b/drivers/android/binder.c +@@ -478,6 +478,16 @@ binder_enqueue_thread_work_ilocked(struc + { + WARN_ON(!list_empty(&thread->waiting_thread_node)); + binder_enqueue_work_ilocked(work, &thread->todo); ++ ++ /* (e)poll-based threads require an explicit wakeup signal when ++ * queuing their own work; they rely on these events to consume ++ * messages without I/O block. Without it, threads risk waiting ++ * indefinitely without handling the work. ++ */ ++ if (thread->looper & BINDER_LOOPER_STATE_POLL && ++ thread->pid == current->pid && !thread->process_todo) ++ wake_up_interruptible_sync(&thread->wait); ++ + thread->process_todo = true; + } + diff --git a/queue-6.6/connector-cn_proc-revert-connector-fix-proc_event_num_listeners-count-not-cleared.patch b/queue-6.6/connector-cn_proc-revert-connector-fix-proc_event_num_listeners-count-not-cleared.patch new file mode 100644 index 00000000000..ad1ed026113 --- /dev/null +++ b/queue-6.6/connector-cn_proc-revert-connector-fix-proc_event_num_listeners-count-not-cleared.patch @@ -0,0 +1,44 @@ +From 8929f95b2b587791a7dcd04cc91520194a76d3a6 Mon Sep 17 00:00:00 2001 +From: Keqi Wang +Date: Fri, 9 Feb 2024 17:16:59 +0800 +Subject: connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" + +From: Keqi Wang + +commit 8929f95b2b587791a7dcd04cc91520194a76d3a6 upstream. + +This reverts commit c46bfba1337d ("connector: Fix proc_event_num_listeners +count not cleared"). + +It is not accurate to reset proc_event_num_listeners according to +cn_netlink_send_mult() return value -ESRCH. + +In the case of stress-ng netlink-proc, -ESRCH will always be returned, +because netlink_broadcast_filtered will return -ESRCH, +which may cause stress-ng netlink-proc performance degradation. + +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-lkp/202401112259.b23a1567-oliver.sang@intel.com +Fixes: c46bfba1337d ("connector: Fix proc_event_num_listeners count not cleared") +Signed-off-by: Keqi Wang +Link: https://lore.kernel.org/r/20240209091659.68723-1-wangkeqi_chris@163.com +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + drivers/connector/cn_proc.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/drivers/connector/cn_proc.c ++++ b/drivers/connector/cn_proc.c +@@ -108,9 +108,8 @@ static inline void send_msg(struct cn_ms + filter_data[1] = 0; + } + +- if (cn_netlink_send_mult(msg, msg->len, 0, CN_IDX_PROC, GFP_NOWAIT, +- cn_filter, (void *)filter_data) == -ESRCH) +- atomic_set(&proc_event_num_listeners, 0); ++ cn_netlink_send_mult(msg, msg->len, 0, CN_IDX_PROC, GFP_NOWAIT, ++ cn_filter, (void *)filter_data); + + local_unlock(&local_event.lock); + } diff --git a/queue-6.6/drm-amd-don-t-init-mec2-firmware-when-it-fails-to-load.patch b/queue-6.6/drm-amd-don-t-init-mec2-firmware-when-it-fails-to-load.patch new file mode 100644 index 00000000000..fa38cf3a8e9 --- /dev/null +++ b/queue-6.6/drm-amd-don-t-init-mec2-firmware-when-it-fails-to-load.patch @@ -0,0 +1,33 @@ +From 8ef85a0ce24a6d9322dfa2a67477e473c3619b4f Mon Sep 17 00:00:00 2001 +From: David McFarland +Date: Mon, 29 Jan 2024 18:18:22 -0400 +Subject: drm/amd: Don't init MEC2 firmware when it fails to load + +From: David McFarland + +commit 8ef85a0ce24a6d9322dfa2a67477e473c3619b4f upstream. + +The same calls are made directly above, but conditional on the firmware +loading and validating successfully. + +Cc: stable@vger.kernel.org +Fixes: 9931b67690cf ("drm/amd: Load GFX10 microcode during early_init") +Signed-off-by: David McFarland +Reviewed-by: Mario Limonciello +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c ++++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c +@@ -4020,8 +4020,6 @@ static int gfx_v10_0_init_microcode(stru + err = 0; + adev->gfx.mec2_fw = NULL; + } +- amdgpu_gfx_cp_init_microcode(adev, AMDGPU_UCODE_ID_CP_MEC2); +- amdgpu_gfx_cp_init_microcode(adev, AMDGPU_UCODE_ID_CP_MEC2_JT); + + gfx_v10_0_check_fw_write_wait(adev); + out: diff --git a/queue-6.6/drm-amdgpu-reset-ih-overflow_clear-bit.patch b/queue-6.6/drm-amdgpu-reset-ih-overflow_clear-bit.patch new file mode 100644 index 00000000000..dc0f0b23f2c --- /dev/null +++ b/queue-6.6/drm-amdgpu-reset-ih-overflow_clear-bit.patch @@ -0,0 +1,184 @@ +From 7330256268664ea0a7dd5b07a3fed363093477dd Mon Sep 17 00:00:00 2001 +From: Friedrich Vock +Date: Tue, 23 Jan 2024 12:52:03 +0100 +Subject: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Friedrich Vock + +commit 7330256268664ea0a7dd5b07a3fed363093477dd upstream. + +Allows us to detect subsequent IH ring buffer overflows as well. + +Cc: Joshua Ashton +Cc: Alex Deucher +Cc: Christian König +Cc: stable@vger.kernel.org +Signed-off-by: Friedrich Vock +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/cik_ih.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/cz_ih.c | 5 +++++ + drivers/gpu/drm/amd/amdgpu/iceland_ih.c | 5 +++++ + drivers/gpu/drm/amd/amdgpu/ih_v6_0.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/ih_v6_1.c | 7 +++++++ + drivers/gpu/drm/amd/amdgpu/navi10_ih.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/si_ih.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/tonga_ih.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/vega10_ih.c | 6 ++++++ + drivers/gpu/drm/amd/amdgpu/vega20_ih.c | 6 ++++++ + 10 files changed, 59 insertions(+) + +--- a/drivers/gpu/drm/amd/amdgpu/cik_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/cik_ih.c +@@ -204,6 +204,12 @@ static u32 cik_ih_get_wptr(struct amdgpu + tmp = RREG32(mmIH_RB_CNTL); + tmp |= IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; + WREG32(mmIH_RB_CNTL, tmp); ++ ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp &= ~IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; ++ WREG32(mmIH_RB_CNTL, tmp); + } + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/cz_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/cz_ih.c +@@ -216,6 +216,11 @@ static u32 cz_ih_get_wptr(struct amdgpu_ + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32(mmIH_RB_CNTL, tmp); + ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32(mmIH_RB_CNTL, tmp); + + out: + return (wptr & ih->ptr_mask); +--- a/drivers/gpu/drm/amd/amdgpu/iceland_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/iceland_ih.c +@@ -215,6 +215,11 @@ static u32 iceland_ih_get_wptr(struct am + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32(mmIH_RB_CNTL, tmp); + ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32(mmIH_RB_CNTL, tmp); + + out: + return (wptr & ih->ptr_mask); +--- a/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c ++++ b/drivers/gpu/drm/amd/amdgpu/ih_v6_0.c +@@ -418,6 +418,12 @@ static u32 ih_v6_0_get_wptr(struct amdgp + tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + out: + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c ++++ b/drivers/gpu/drm/amd/amdgpu/ih_v6_1.c +@@ -418,6 +418,13 @@ static u32 ih_v6_1_get_wptr(struct amdgp + tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ + out: + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/navi10_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/navi10_ih.c +@@ -442,6 +442,12 @@ static u32 navi10_ih_get_wptr(struct amd + tmp = RREG32_NO_KIQ(ih_regs->ih_rb_cntl); + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + out: + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/si_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/si_ih.c +@@ -119,6 +119,12 @@ static u32 si_ih_get_wptr(struct amdgpu_ + tmp = RREG32(IH_RB_CNTL); + tmp |= IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; + WREG32(IH_RB_CNTL, tmp); ++ ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp &= ~IH_RB_CNTL__WPTR_OVERFLOW_CLEAR_MASK; ++ WREG32(IH_RB_CNTL, tmp); + } + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/tonga_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/tonga_ih.c +@@ -219,6 +219,12 @@ static u32 tonga_ih_get_wptr(struct amdg + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32(mmIH_RB_CNTL, tmp); + ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32(mmIH_RB_CNTL, tmp); ++ + out: + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/vega10_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/vega10_ih.c +@@ -373,6 +373,12 @@ static u32 vega10_ih_get_wptr(struct amd + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ + out: + return (wptr & ih->ptr_mask); + } +--- a/drivers/gpu/drm/amd/amdgpu/vega20_ih.c ++++ b/drivers/gpu/drm/amd/amdgpu/vega20_ih.c +@@ -421,6 +421,12 @@ static u32 vega20_ih_get_wptr(struct amd + tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 1); + WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); + ++ /* Unset the CLEAR_OVERFLOW bit immediately so new overflows ++ * can be detected. ++ */ ++ tmp = REG_SET_FIELD(tmp, IH_RB_CNTL, WPTR_OVERFLOW_CLEAR, 0); ++ WREG32_NO_KIQ(ih_regs->ih_rb_cntl, tmp); ++ + out: + return (wptr & ih->ptr_mask); + } diff --git a/queue-6.6/drm-virtio-set-segment-size-for-virtio_gpu-device.patch b/queue-6.6/drm-virtio-set-segment-size-for-virtio_gpu-device.patch new file mode 100644 index 00000000000..a148de6ba88 --- /dev/null +++ b/queue-6.6/drm-virtio-set-segment-size-for-virtio_gpu-device.patch @@ -0,0 +1,37 @@ +From 9c64e749cebd9c2d3d55261530a98bcccb83b950 Mon Sep 17 00:00:00 2001 +From: Sebastian Ott +Date: Tue, 23 Jan 2024 19:14:14 +0100 +Subject: drm/virtio: Set segment size for virtio_gpu device + +From: Sebastian Ott + +commit 9c64e749cebd9c2d3d55261530a98bcccb83b950 upstream. + +Set the segment size of the virtio_gpu device to the value +used by the drm helpers when allocating sg lists to fix the +following complaint from DMA_API debug code: + +DMA-API: virtio-pci 0000:07:00.0: mapping sg segment longer than +device claims to support [len=262144] [max=65536] + +Cc: stable@vger.kernel.org +Tested-by: Zhenyu Zhang +Acked-by: Vivek Kasireddy +Signed-off-by: Sebastian Ott +Signed-off-by: Dmitry Osipenko +Link: https://patchwork.freedesktop.org/patch/msgid/7258a4cc-da16-5c34-a042-2a23ee396d56@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/virtio/virtgpu_drv.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/virtio/virtgpu_drv.c ++++ b/drivers/gpu/drm/virtio/virtgpu_drv.c +@@ -94,6 +94,7 @@ static int virtio_gpu_probe(struct virti + goto err_free; + } + ++ dma_set_max_seg_size(dev->dev, dma_max_mapping_size(dev->dev) ?: UINT_MAX); + ret = virtio_gpu_init(vdev, dev); + if (ret) + goto err_free; diff --git a/queue-6.6/ext4-avoid-bb_free-and-bb_fragments-inconsistency-in-mb_free_blocks.patch b/queue-6.6/ext4-avoid-bb_free-and-bb_fragments-inconsistency-in-mb_free_blocks.patch new file mode 100644 index 00000000000..962f6bc73fd --- /dev/null +++ b/queue-6.6/ext4-avoid-bb_free-and-bb_fragments-inconsistency-in-mb_free_blocks.patch @@ -0,0 +1,101 @@ +From 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 Mon Sep 17 00:00:00 2001 +From: Baokun Li +Date: Thu, 4 Jan 2024 22:20:36 +0800 +Subject: ext4: avoid bb_free and bb_fragments inconsistency in mb_free_blocks() + +From: Baokun Li + +commit 2331fd4a49864e1571b4f50aa3aa1536ed6220d0 upstream. + +After updating bb_free in mb_free_blocks, it is possible to return without +updating bb_fragments because the block being freed is found to have +already been freed, which leads to inconsistency between bb_free and +bb_fragments. + +Since the group may be unlocked in ext4_grp_locked_error(), this can lead +to problems such as dividing by zero when calculating the average fragment +length. Hence move the update of bb_free to after the block double-free +check guarantees that the corresponding statistics are updated only after +the core block bitmap is modified. + +Fixes: eabe0444df90 ("ext4: speed-up releasing blocks on commit") +CC: # 3.10 +Suggested-by: Jan Kara +Signed-off-by: Baokun Li +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20240104142040.2835097-5-libaokun1@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/mballoc.c | 39 +++++++++++++++++++++------------------ + 1 file changed, 21 insertions(+), 18 deletions(-) + +--- a/fs/ext4/mballoc.c ++++ b/fs/ext4/mballoc.c +@@ -1909,11 +1909,6 @@ static void mb_free_blocks(struct inode + mb_check_buddy(e4b); + mb_free_blocks_double(inode, e4b, first, count); + +- this_cpu_inc(discard_pa_seq); +- e4b->bd_info->bb_free += count; +- if (first < e4b->bd_info->bb_first_free) +- e4b->bd_info->bb_first_free = first; +- + /* access memory sequentially: check left neighbour, + * clear range and then check right neighbour + */ +@@ -1927,23 +1922,31 @@ static void mb_free_blocks(struct inode + struct ext4_sb_info *sbi = EXT4_SB(sb); + ext4_fsblk_t blocknr; + ++ /* ++ * Fastcommit replay can free already freed blocks which ++ * corrupts allocation info. Regenerate it. ++ */ ++ if (sbi->s_mount_state & EXT4_FC_REPLAY) { ++ mb_regenerate_buddy(e4b); ++ goto check; ++ } ++ + blocknr = ext4_group_first_block_no(sb, e4b->bd_group); + blocknr += EXT4_C2B(sbi, block); +- if (!(sbi->s_mount_state & EXT4_FC_REPLAY)) { +- ext4_grp_locked_error(sb, e4b->bd_group, +- inode ? inode->i_ino : 0, +- blocknr, +- "freeing already freed block (bit %u); block bitmap corrupt.", +- block); +- ext4_mark_group_bitmap_corrupted( +- sb, e4b->bd_group, ++ ext4_grp_locked_error(sb, e4b->bd_group, ++ inode ? inode->i_ino : 0, blocknr, ++ "freeing already freed block (bit %u); block bitmap corrupt.", ++ block); ++ ext4_mark_group_bitmap_corrupted(sb, e4b->bd_group, + EXT4_GROUP_INFO_BBITMAP_CORRUPT); +- } else { +- mb_regenerate_buddy(e4b); +- } +- goto done; ++ return; + } + ++ this_cpu_inc(discard_pa_seq); ++ e4b->bd_info->bb_free += count; ++ if (first < e4b->bd_info->bb_first_free) ++ e4b->bd_info->bb_first_free = first; ++ + /* let's maintain fragments counter */ + if (left_is_free && right_is_free) + e4b->bd_info->bb_fragments--; +@@ -1968,9 +1971,9 @@ static void mb_free_blocks(struct inode + if (first <= last) + mb_buddy_mark_free(e4b, first >> 1, last >> 1); + +-done: + mb_set_largest_free_order(sb, e4b->bd_info); + mb_update_avg_fragment_size(sb, e4b->bd_info); ++check: + mb_check_buddy(e4b); + } + diff --git a/queue-6.6/ext4-fix-double-free-of-blocks-due-to-wrong-extents-moved_len.patch b/queue-6.6/ext4-fix-double-free-of-blocks-due-to-wrong-extents-moved_len.patch new file mode 100644 index 00000000000..76a2fb661a3 --- /dev/null +++ b/queue-6.6/ext4-fix-double-free-of-blocks-due-to-wrong-extents-moved_len.patch @@ -0,0 +1,68 @@ +From 55583e899a5357308274601364741a83e78d6ac4 Mon Sep 17 00:00:00 2001 +From: Baokun Li +Date: Thu, 4 Jan 2024 22:20:33 +0800 +Subject: ext4: fix double-free of blocks due to wrong extents moved_len + +From: Baokun Li + +commit 55583e899a5357308274601364741a83e78d6ac4 upstream. + +In ext4_move_extents(), moved_len is only updated when all moves are +successfully executed, and only discards orig_inode and donor_inode +preallocations when moved_len is not zero. When the loop fails to exit +after successfully moving some extents, moved_len is not updated and +remains at 0, so it does not discard the preallocations. + +If the moved extents overlap with the preallocated extents, the +overlapped extents are freed twice in ext4_mb_release_inode_pa() and +ext4_process_freed_data() (as described in commit 94d7c16cbbbd ("ext4: +Fix double-free of blocks with EXT4_IOC_MOVE_EXT")), and bb_free is +incremented twice. Hence when trim is executed, a zero-division bug is +triggered in mb_update_avg_fragment_size() because bb_free is not zero +and bb_fragments is zero. + +Therefore, update move_len after each extent move to avoid the issue. + +Reported-by: Wei Chen +Reported-by: xingwei lee +Closes: https://lore.kernel.org/r/CAO4mrferzqBUnCag8R3m2zf897ts9UEuhjFQGPtODT92rYyR2Q@mail.gmail.com +Fixes: fcf6b1b729bc ("ext4: refactor ext4_move_extents code base") +CC: # 3.18 +Signed-off-by: Baokun Li +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20240104142040.2835097-2-libaokun1@huawei.com +Signed-off-by: Theodore Ts'o +Signed-off-by: Greg Kroah-Hartman +--- + fs/ext4/move_extent.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +--- a/fs/ext4/move_extent.c ++++ b/fs/ext4/move_extent.c +@@ -619,6 +619,7 @@ ext4_move_extents(struct file *o_filp, s + goto out; + o_end = o_start + len; + ++ *moved_len = 0; + while (o_start < o_end) { + struct ext4_extent *ex; + ext4_lblk_t cur_blk, next_blk; +@@ -673,7 +674,7 @@ ext4_move_extents(struct file *o_filp, s + */ + ext4_double_up_write_data_sem(orig_inode, donor_inode); + /* Swap original branches with new branches */ +- move_extent_per_page(o_filp, donor_inode, ++ *moved_len += move_extent_per_page(o_filp, donor_inode, + orig_page_index, donor_page_index, + offset_in_page, cur_len, + unwritten, &ret); +@@ -683,9 +684,6 @@ ext4_move_extents(struct file *o_filp, s + o_start += cur_len; + d_start += cur_len; + } +- *moved_len = o_start - orig_blk; +- if (*moved_len > len) +- *moved_len = len; + + out: + if (*moved_len) { diff --git a/queue-6.6/firewire-core-correct-documentation-of-fw_csr_string-kernel-api.patch b/queue-6.6/firewire-core-correct-documentation-of-fw_csr_string-kernel-api.patch new file mode 100644 index 00000000000..f08adea7f09 --- /dev/null +++ b/queue-6.6/firewire-core-correct-documentation-of-fw_csr_string-kernel-api.patch @@ -0,0 +1,39 @@ +From 5f9ab17394f831cb7986ec50900fa37507a127f1 Mon Sep 17 00:00:00 2001 +From: Takashi Sakamoto +Date: Thu, 1 Feb 2024 20:53:18 +0900 +Subject: firewire: core: correct documentation of fw_csr_string() kernel API + +From: Takashi Sakamoto + +commit 5f9ab17394f831cb7986ec50900fa37507a127f1 upstream. + +Against its current description, the kernel API can accepts all types of +directory entries. + +This commit corrects the documentation. + +Cc: stable@vger.kernel.org +Fixes: 3c2c58cb33b3 ("firewire: core: fw_csr_string addendum") +Link: https://lore.kernel.org/r/20240130100409.30128-2-o-takashi@sakamocchi.jp +Signed-off-by: Takashi Sakamoto +Signed-off-by: Greg Kroah-Hartman +--- + drivers/firewire/core-device.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +--- a/drivers/firewire/core-device.c ++++ b/drivers/firewire/core-device.c +@@ -100,10 +100,9 @@ static int textual_leaf_to_string(const + * @buf: where to put the string + * @size: size of @buf, in bytes + * +- * The string is taken from a minimal ASCII text descriptor leaf after +- * the immediate entry with @key. The string is zero-terminated. +- * An overlong string is silently truncated such that it and the +- * zero byte fit into @size. ++ * The string is taken from a minimal ASCII text descriptor leaf just after the entry with the ++ * @key. The string is zero-terminated. An overlong string is silently truncated such that it ++ * and the zero byte fit into @size. + * + * Returns strlen(buf) or a negative error code. + */ diff --git a/queue-6.6/iio-accel-bma400-fix-a-compilation-problem.patch b/queue-6.6/iio-accel-bma400-fix-a-compilation-problem.patch new file mode 100644 index 00000000000..41c0e8d73ac --- /dev/null +++ b/queue-6.6/iio-accel-bma400-fix-a-compilation-problem.patch @@ -0,0 +1,43 @@ +From 4cb81840d8f29b66d9d05c6d7f360c9560f7e2f4 Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Wed, 31 Jan 2024 16:52:46 -0600 +Subject: iio: accel: bma400: Fix a compilation problem + +From: Mario Limonciello + +commit 4cb81840d8f29b66d9d05c6d7f360c9560f7e2f4 upstream. + +The kernel fails when compiling without `CONFIG_REGMAP_I2C` but with +`CONFIG_BMA400`. +``` +ld: drivers/iio/accel/bma400_i2c.o: in function `bma400_i2c_probe': +bma400_i2c.c:(.text+0x23): undefined reference to `__devm_regmap_init_i2c' +``` + +Link: https://download.01.org/0day-ci/archive/20240131/202401311634.FE5CBVwe-lkp@intel.com/config +Fixes: 465c811f1f20 ("iio: accel: Add driver for the BMA400") +Fixes: 9bea10642396 ("iio: accel: bma400: add support for bma400 spi") +Signed-off-by: Mario Limonciello +Link: https://lore.kernel.org/r/20240131225246.14169-1-mario.limonciello@amd.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/accel/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/iio/accel/Kconfig ++++ b/drivers/iio/accel/Kconfig +@@ -219,10 +219,12 @@ config BMA400 + + config BMA400_I2C + tristate ++ select REGMAP_I2C + depends on BMA400 + + config BMA400_SPI + tristate ++ select REGMAP_SPI + depends on BMA400 + + config BMC150_ACCEL diff --git a/queue-6.6/iio-adc-ad_sigma_delta-ensure-proper-dma-alignment.patch b/queue-6.6/iio-adc-ad_sigma_delta-ensure-proper-dma-alignment.patch new file mode 100644 index 00000000000..00ee4b9ff65 --- /dev/null +++ b/queue-6.6/iio-adc-ad_sigma_delta-ensure-proper-dma-alignment.patch @@ -0,0 +1,48 @@ +From 59598510be1d49e1cff7fd7593293bb8e1b2398b Mon Sep 17 00:00:00 2001 +From: Nuno Sa +Date: Wed, 17 Jan 2024 13:41:03 +0100 +Subject: iio: adc: ad_sigma_delta: ensure proper DMA alignment + +From: Nuno Sa + +commit 59598510be1d49e1cff7fd7593293bb8e1b2398b upstream. + +Aligning the buffer to the L1 cache is not sufficient in some platforms +as they might have larger cacheline sizes for caches after L1 and thus, +we can't guarantee DMA safety. + +That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same +for the sigma_delta ADCs. + +[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ + +Fixes: 0fb6ee8d0b5e ("iio: ad_sigma_delta: Don't put SPI transfer buffer on the stack") +Signed-off-by: Nuno Sa +Link: https://lore.kernel.org/r/20240117-dev_sigma_delta_no_irq_flags-v1-1-db39261592cf@analog.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/iio/adc/ad_sigma_delta.h | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/include/linux/iio/adc/ad_sigma_delta.h ++++ b/include/linux/iio/adc/ad_sigma_delta.h +@@ -8,6 +8,8 @@ + #ifndef __AD_SIGMA_DELTA_H__ + #define __AD_SIGMA_DELTA_H__ + ++#include ++ + enum ad_sigma_delta_mode { + AD_SD_MODE_CONTINUOUS = 0, + AD_SD_MODE_SINGLE = 1, +@@ -99,7 +101,7 @@ struct ad_sigma_delta { + * 'rx_buf' is up to 32 bits per sample + 64 bit timestamp, + * rounded to 16 bytes to take into account padding. + */ +- uint8_t tx_buf[4] ____cacheline_aligned; ++ uint8_t tx_buf[4] __aligned(IIO_DMA_MINALIGN); + uint8_t rx_buf[16] __aligned(8); + }; + diff --git a/queue-6.6/iio-commom-st_sensors-ensure-proper-dma-alignment.patch b/queue-6.6/iio-commom-st_sensors-ensure-proper-dma-alignment.patch new file mode 100644 index 00000000000..c59ba82618f --- /dev/null +++ b/queue-6.6/iio-commom-st_sensors-ensure-proper-dma-alignment.patch @@ -0,0 +1,45 @@ +From 862cf85fef85becc55a173387527adb4f076fab0 Mon Sep 17 00:00:00 2001 +From: Nuno Sa +Date: Wed, 31 Jan 2024 10:16:47 +0100 +Subject: iio: commom: st_sensors: ensure proper DMA alignment + +From: Nuno Sa + +commit 862cf85fef85becc55a173387527adb4f076fab0 upstream. + +Aligning the buffer to the L1 cache is not sufficient in some platforms +as they might have larger cacheline sizes for caches after L1 and thus, +we can't guarantee DMA safety. + +That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same +for st_sensors common buffer. + +While at it, moved the odr_lock before buffer_data as we definitely +don't want any other data to share a cacheline with the buffer. + +[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ + +Fixes: e031d5f558f1 ("iio:st_sensors: remove buffer allocation at each buffer enable") +Signed-off-by: Nuno Sa +Cc: +Link: https://lore.kernel.org/r/20240131-dev_dma_safety_stm-v2-1-580c07fae51b@analog.com +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/iio/common/st_sensors.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/include/linux/iio/common/st_sensors.h ++++ b/include/linux/iio/common/st_sensors.h +@@ -258,9 +258,9 @@ struct st_sensor_data { + bool hw_irq_trigger; + s64 hw_timestamp; + +- char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] ____cacheline_aligned; +- + struct mutex odr_lock; ++ ++ char buffer_data[ST_SENSORS_MAX_BUFFER_SIZE] __aligned(IIO_DMA_MINALIGN); + }; + + #ifdef CONFIG_IIO_BUFFER diff --git a/queue-6.6/iio-core-fix-memleak-in-iio_device_register_sysfs.patch b/queue-6.6/iio-core-fix-memleak-in-iio_device_register_sysfs.patch new file mode 100644 index 00000000000..d1bb05c3cf5 --- /dev/null +++ b/queue-6.6/iio-core-fix-memleak-in-iio_device_register_sysfs.patch @@ -0,0 +1,40 @@ +From 95a0d596bbd0552a78e13ced43f2be1038883c81 Mon Sep 17 00:00:00 2001 +From: Dinghao Liu +Date: Fri, 8 Dec 2023 15:31:19 +0800 +Subject: iio: core: fix memleak in iio_device_register_sysfs + +From: Dinghao Liu + +commit 95a0d596bbd0552a78e13ced43f2be1038883c81 upstream. + +When iio_device_register_sysfs_group() fails, we should +free iio_dev_opaque->chan_attr_group.attrs to prevent +potential memleak. + +Fixes: 32f171724e5c ("iio: core: rework iio device group creation") +Signed-off-by: Dinghao Liu +Link: https://lore.kernel.org/r/20231208073119.29283-1-dinghao.liu@zju.edu.cn +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/industrialio-core.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/iio/industrialio-core.c ++++ b/drivers/iio/industrialio-core.c +@@ -1577,10 +1577,13 @@ static int iio_device_register_sysfs(str + ret = iio_device_register_sysfs_group(indio_dev, + &iio_dev_opaque->chan_attr_group); + if (ret) +- goto error_clear_attrs; ++ goto error_free_chan_attrs; + + return 0; + ++error_free_chan_attrs: ++ kfree(iio_dev_opaque->chan_attr_group.attrs); ++ iio_dev_opaque->chan_attr_group.attrs = NULL; + error_clear_attrs: + iio_free_chan_devattr_list(&iio_dev_opaque->channel_attr_list); + diff --git a/queue-6.6/iio-imu-adis-ensure-proper-dma-alignment.patch b/queue-6.6/iio-imu-adis-ensure-proper-dma-alignment.patch new file mode 100644 index 00000000000..392965259f2 --- /dev/null +++ b/queue-6.6/iio-imu-adis-ensure-proper-dma-alignment.patch @@ -0,0 +1,47 @@ +From 8e98b87f515d8c4bae521048a037b2cc431c3fd5 Mon Sep 17 00:00:00 2001 +From: Nuno Sa +Date: Wed, 17 Jan 2024 14:10:49 +0100 +Subject: iio: imu: adis: ensure proper DMA alignment + +From: Nuno Sa + +commit 8e98b87f515d8c4bae521048a037b2cc431c3fd5 upstream. + +Aligning the buffer to the L1 cache is not sufficient in some platforms +as they might have larger cacheline sizes for caches after L1 and thus, +we can't guarantee DMA safety. + +That was the whole reason to introduce IIO_DMA_MINALIGN in [1]. Do the same +for the sigma_delta ADCs. + +[1]: https://lore.kernel.org/linux-iio/20220508175712.647246-2-jic23@kernel.org/ + +Fixes: ccd2b52f4ac6 ("staging:iio: Add common ADIS library") +Signed-off-by: Nuno Sa +Link: https://lore.kernel.org/r/20240117-adis-improv-v1-1-7f90e9fad200@analog.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/iio/imu/adis.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/include/linux/iio/imu/adis.h ++++ b/include/linux/iio/imu/adis.h +@@ -11,6 +11,7 @@ + + #include + #include ++#include + #include + + #define ADIS_WRITE_REG(reg) ((0x80 | (reg))) +@@ -131,7 +132,7 @@ struct adis { + unsigned long irq_flag; + void *buffer; + +- u8 tx[10] ____cacheline_aligned; ++ u8 tx[10] __aligned(IIO_DMA_MINALIGN); + u8 rx[4]; + }; + diff --git a/queue-6.6/iio-imu-bno055-serdev-requires-regmap.patch b/queue-6.6/iio-imu-bno055-serdev-requires-regmap.patch new file mode 100644 index 00000000000..016cdb208f5 --- /dev/null +++ b/queue-6.6/iio-imu-bno055-serdev-requires-regmap.patch @@ -0,0 +1,53 @@ +From 35ec2d03b282a939949090bd8c39eb37a5856721 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Wed, 10 Jan 2024 10:56:11 -0800 +Subject: iio: imu: bno055: serdev requires REGMAP + +From: Randy Dunlap + +commit 35ec2d03b282a939949090bd8c39eb37a5856721 upstream. + +There are a ton of build errors when REGMAP is not set, so select +REGMAP to fix all of them. + +Examples (not all of them): + +../drivers/iio/imu/bno055/bno055_ser_core.c:495:15: error: variable 'bno055_ser_regmap_bus' has initializer but incomplete type + 495 | static struct regmap_bus bno055_ser_regmap_bus = { +../drivers/iio/imu/bno055/bno055_ser_core.c:496:10: error: 'struct regmap_bus' has no member named 'write' + 496 | .write = bno055_ser_write_reg, +../drivers/iio/imu/bno055/bno055_ser_core.c:497:10: error: 'struct regmap_bus' has no member named 'read' + 497 | .read = bno055_ser_read_reg, +../drivers/iio/imu/bno055/bno055_ser_core.c: In function 'bno055_ser_probe': +../drivers/iio/imu/bno055/bno055_ser_core.c:532:18: error: implicit declaration of function 'devm_regmap_init'; did you mean 'vmem_map_init'? [-Werror=implicit-function-declaration] + 532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus, +../drivers/iio/imu/bno055/bno055_ser_core.c:532:16: warning: assignment to 'struct regmap *' from 'int' makes pointer from integer without a cast [-Wint-conversion] + 532 | regmap = devm_regmap_init(&serdev->dev, &bno055_ser_regmap_bus, +../drivers/iio/imu/bno055/bno055_ser_core.c: At top level: +../drivers/iio/imu/bno055/bno055_ser_core.c:495:26: error: storage size of 'bno055_ser_regmap_bus' isn't known + 495 | static struct regmap_bus bno055_ser_regmap_bus = { + +Fixes: 2eef5a9cc643 ("iio: imu: add BNO055 serdev driver") +Signed-off-by: Randy Dunlap +Cc: Andrea Merello +Cc: Jonathan Cameron +Cc: Lars-Peter Clausen +Cc: linux-iio@vger.kernel.org +Cc: +Link: https://lore.kernel.org/r/20240110185611.19723-1-rdunlap@infradead.org +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/imu/bno055/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iio/imu/bno055/Kconfig ++++ b/drivers/iio/imu/bno055/Kconfig +@@ -8,6 +8,7 @@ config BOSCH_BNO055 + config BOSCH_BNO055_SERIAL + tristate "Bosch BNO055 attached via UART" + depends on SERIAL_DEV_BUS ++ select REGMAP + select BOSCH_BNO055 + help + Enable this to support Bosch BNO055 IMUs attached via UART. diff --git a/queue-6.6/iio-magnetometer-rm3100-add-boundary-check-for-the-value-read-from-rm3100_reg_tmrc.patch b/queue-6.6/iio-magnetometer-rm3100-add-boundary-check-for-the-value-read-from-rm3100_reg_tmrc.patch new file mode 100644 index 00000000000..932590f6048 --- /dev/null +++ b/queue-6.6/iio-magnetometer-rm3100-add-boundary-check-for-the-value-read-from-rm3100_reg_tmrc.patch @@ -0,0 +1,52 @@ +From 792595bab4925aa06532a14dd256db523eb4fa5e Mon Sep 17 00:00:00 2001 +From: "zhili.liu" +Date: Tue, 2 Jan 2024 09:07:11 +0800 +Subject: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC + +From: zhili.liu + +commit 792595bab4925aa06532a14dd256db523eb4fa5e upstream. + +Recently, we encounter kernel crash in function rm3100_common_probe +caused by out of bound access of array rm3100_samp_rates (because of +underlying hardware failures). Add boundary check to prevent out of +bound access. + +Fixes: 121354b2eceb ("iio: magnetometer: Add driver support for PNI RM3100") +Suggested-by: Zhouyi Zhou +Signed-off-by: zhili.liu +Link: https://lore.kernel.org/r/1704157631-3814-1-git-send-email-zhouzhouyi@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/magnetometer/rm3100-core.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/iio/magnetometer/rm3100-core.c ++++ b/drivers/iio/magnetometer/rm3100-core.c +@@ -530,6 +530,7 @@ int rm3100_common_probe(struct device *d + struct rm3100_data *data; + unsigned int tmp; + int ret; ++ int samp_rate_index; + + indio_dev = devm_iio_device_alloc(dev, sizeof(*data)); + if (!indio_dev) +@@ -586,9 +587,14 @@ int rm3100_common_probe(struct device *d + ret = regmap_read(regmap, RM3100_REG_TMRC, &tmp); + if (ret < 0) + return ret; ++ ++ samp_rate_index = tmp - RM3100_TMRC_OFFSET; ++ if (samp_rate_index < 0 || samp_rate_index >= RM3100_SAMP_NUM) { ++ dev_err(dev, "The value read from RM3100_REG_TMRC is invalid!\n"); ++ return -EINVAL; ++ } + /* Initializing max wait time, which is double conversion time. */ +- data->conversion_time = rm3100_samp_rates[tmp - RM3100_TMRC_OFFSET][2] +- * 2; ++ data->conversion_time = rm3100_samp_rates[samp_rate_index][2] * 2; + + /* Cycle count values may not be what we want. */ + if ((tmp - RM3100_TMRC_OFFSET) == 0) diff --git a/queue-6.6/iio-pressure-bmp280-add-missing-bmp085-to-spi-id-table.patch b/queue-6.6/iio-pressure-bmp280-add-missing-bmp085-to-spi-id-table.patch new file mode 100644 index 00000000000..93af65e0130 --- /dev/null +++ b/queue-6.6/iio-pressure-bmp280-add-missing-bmp085-to-spi-id-table.patch @@ -0,0 +1,38 @@ +From b67f3e653e305abf1471934d7b9fdb9ad2df3eef Mon Sep 17 00:00:00 2001 +From: Sam Protsenko +Date: Wed, 20 Dec 2023 12:47:53 -0600 +Subject: iio: pressure: bmp280: Add missing bmp085 to SPI id table + +From: Sam Protsenko + +commit b67f3e653e305abf1471934d7b9fdb9ad2df3eef upstream. + +"bmp085" is missing in bmp280_spi_id[] table, which leads to the next +warning in dmesg: + + SPI driver bmp280 has no spi_device_id for bosch,bmp085 + +Add "bmp085" to bmp280_spi_id[] by mimicking its existing description in +bmp280_of_spi_match[] table to fix the above warning. + +Signed-off-by: Sam Protsenko +Fixes: b26b4e91700f ("iio: pressure: bmp280: add SPI interface driver") +Reviewed-by: Andy Shevchenko +Reviewed-by: Linus Walleij +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/pressure/bmp280-spi.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/iio/pressure/bmp280-spi.c ++++ b/drivers/iio/pressure/bmp280-spi.c +@@ -91,6 +91,7 @@ static const struct of_device_id bmp280_ + MODULE_DEVICE_TABLE(of, bmp280_of_spi_match); + + static const struct spi_device_id bmp280_spi_id[] = { ++ { "bmp085", (kernel_ulong_t)&bmp180_chip_info }, + { "bmp180", (kernel_ulong_t)&bmp180_chip_info }, + { "bmp181", (kernel_ulong_t)&bmp180_chip_info }, + { "bmp280", (kernel_ulong_t)&bmp280_chip_info }, diff --git a/queue-6.6/kbuild-fix-changing-elf-file-type-for-output-of-gen_btf-for-big-endian.patch b/queue-6.6/kbuild-fix-changing-elf-file-type-for-output-of-gen_btf-for-big-endian.patch new file mode 100644 index 00000000000..0e5e6cfcde3 --- /dev/null +++ b/queue-6.6/kbuild-fix-changing-elf-file-type-for-output-of-gen_btf-for-big-endian.patch @@ -0,0 +1,75 @@ +From e3a9ee963ad8ba677ca925149812c5932b49af69 Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Mon, 12 Feb 2024 19:05:10 -0700 +Subject: kbuild: Fix changing ELF file type for output of gen_btf for big endian + +From: Nathan Chancellor + +commit e3a9ee963ad8ba677ca925149812c5932b49af69 upstream. + +Commit 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF") +changed the ELF type of .btf.vmlinux.bin.o to ET_REL via dd, which works +fine for little endian platforms: + + 00000000 7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 |.ELF............| + -00000010 03 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................| + +00000010 01 00 b7 00 01 00 00 00 00 00 00 80 00 80 ff ff |................| + +However, for big endian platforms, it changes the wrong byte, resulting +in an invalid ELF file type, which ld.lld rejects: + + 00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............| + -00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| + +00000010 01 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| + + Type: : 103 + + ld.lld: error: .btf.vmlinux.bin.o: unknown file type + +Fix this by updating the entire 16-bit e_type field rather than just a +single byte, so that everything works correctly for all platforms and +linkers. + + 00000000 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00 |.ELF............| + -00000010 00 03 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| + +00000010 00 01 00 16 00 00 00 01 00 00 00 00 00 10 00 00 |................| + + Type: REL (Relocatable file) + +While in the area, update the comment to mention that binutils 2.35+ +matches LLD's behavior of rejecting an ET_EXEC input, which occurred +after the comment was added. + +Cc: stable@vger.kernel.org +Fixes: 90ceddcb4950 ("bpf: Support llvm-objcopy for vmlinux BTF") +Link: https://github.com/llvm/llvm-project/pull/75643 +Suggested-by: Masahiro Yamada +Signed-off-by: Nathan Chancellor +Reviewed-by: Fangrui Song +Reviewed-by: Nicolas Schier +Reviewed-by: Kees Cook +Reviewed-by: Justin Stitt +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman +--- + scripts/link-vmlinux.sh | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/scripts/link-vmlinux.sh ++++ b/scripts/link-vmlinux.sh +@@ -135,8 +135,13 @@ gen_btf() + ${OBJCOPY} --only-section=.BTF --set-section-flags .BTF=alloc,readonly \ + --strip-all ${1} ${2} 2>/dev/null + # Change e_type to ET_REL so that it can be used to link final vmlinux. +- # Unlike GNU ld, lld does not allow an ET_EXEC input. +- printf '\1' | dd of=${2} conv=notrunc bs=1 seek=16 status=none ++ # GNU ld 2.35+ and lld do not allow an ET_EXEC input. ++ if is_enabled CONFIG_CPU_BIG_ENDIAN; then ++ et_rel='\0\1' ++ else ++ et_rel='\1\0' ++ fi ++ printf "${et_rel}" | dd of=${2} conv=notrunc bs=1 seek=16 status=none + } + + # Create ${2} .S file with all symbols from the ${1} object file diff --git a/queue-6.6/lsm-fix-default-return-value-of-the-socket_getpeersec_-hooks.patch b/queue-6.6/lsm-fix-default-return-value-of-the-socket_getpeersec_-hooks.patch new file mode 100644 index 00000000000..11f7d3044a3 --- /dev/null +++ b/queue-6.6/lsm-fix-default-return-value-of-the-socket_getpeersec_-hooks.patch @@ -0,0 +1,87 @@ +From 5a287d3d2b9de2b3e747132c615599907ba5c3c1 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Fri, 26 Jan 2024 19:45:31 +0100 +Subject: lsm: fix default return value of the socket_getpeersec_*() hooks + +From: Ondrej Mosnacek + +commit 5a287d3d2b9de2b3e747132c615599907ba5c3c1 upstream. + +For these hooks the true "neutral" value is -EOPNOTSUPP, which is +currently what is returned when no LSM provides this hook and what LSMs +return when there is no security context set on the socket. Correct the +value in and adjust the dispatch functions in +security/security.c to avoid issues when the BPF LSM is enabled. + +Cc: stable@vger.kernel.org +Fixes: 98e828a0650f ("security: Refactor declaration of LSM hooks") +Signed-off-by: Ondrej Mosnacek +[PM: subject line tweak] +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/lsm_hook_defs.h | 4 ++-- + security/security.c | 31 +++++++++++++++++++++++++++---- + 2 files changed, 29 insertions(+), 6 deletions(-) + +--- a/include/linux/lsm_hook_defs.h ++++ b/include/linux/lsm_hook_defs.h +@@ -311,9 +311,9 @@ LSM_HOOK(int, 0, socket_getsockopt, stru + LSM_HOOK(int, 0, socket_setsockopt, struct socket *sock, int level, int optname) + LSM_HOOK(int, 0, socket_shutdown, struct socket *sock, int how) + LSM_HOOK(int, 0, socket_sock_rcv_skb, struct sock *sk, struct sk_buff *skb) +-LSM_HOOK(int, 0, socket_getpeersec_stream, struct socket *sock, ++LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_stream, struct socket *sock, + sockptr_t optval, sockptr_t optlen, unsigned int len) +-LSM_HOOK(int, 0, socket_getpeersec_dgram, struct socket *sock, ++LSM_HOOK(int, -ENOPROTOOPT, socket_getpeersec_dgram, struct socket *sock, + struct sk_buff *skb, u32 *secid) + LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority) + LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) +--- a/security/security.c ++++ b/security/security.c +@@ -4387,8 +4387,20 @@ EXPORT_SYMBOL(security_sock_rcv_skb); + int security_socket_getpeersec_stream(struct socket *sock, sockptr_t optval, + sockptr_t optlen, unsigned int len) + { +- return call_int_hook(socket_getpeersec_stream, -ENOPROTOOPT, sock, +- optval, optlen, len); ++ struct security_hook_list *hp; ++ int rc; ++ ++ /* ++ * Only one module will provide a security context. ++ */ ++ hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_stream, ++ list) { ++ rc = hp->hook.socket_getpeersec_stream(sock, optval, optlen, ++ len); ++ if (rc != LSM_RET_DEFAULT(socket_getpeersec_stream)) ++ return rc; ++ } ++ return LSM_RET_DEFAULT(socket_getpeersec_stream); + } + + /** +@@ -4408,8 +4420,19 @@ int security_socket_getpeersec_stream(st + int security_socket_getpeersec_dgram(struct socket *sock, + struct sk_buff *skb, u32 *secid) + { +- return call_int_hook(socket_getpeersec_dgram, -ENOPROTOOPT, sock, +- skb, secid); ++ struct security_hook_list *hp; ++ int rc; ++ ++ /* ++ * Only one module will provide a security context. ++ */ ++ hlist_for_each_entry(hp, &security_hook_heads.socket_getpeersec_dgram, ++ list) { ++ rc = hp->hook.socket_getpeersec_dgram(sock, skb, secid); ++ if (rc != LSM_RET_DEFAULT(socket_getpeersec_dgram)) ++ return rc; ++ } ++ return LSM_RET_DEFAULT(socket_getpeersec_dgram); + } + EXPORT_SYMBOL(security_socket_getpeersec_dgram); + diff --git a/queue-6.6/lsm-fix-the-logic-in-security_inode_getsecctx.patch b/queue-6.6/lsm-fix-the-logic-in-security_inode_getsecctx.patch new file mode 100644 index 00000000000..e62bc5b044d --- /dev/null +++ b/queue-6.6/lsm-fix-the-logic-in-security_inode_getsecctx.patch @@ -0,0 +1,60 @@ +From 99b817c173cd213671daecd25ca27f56b0c7c4ec Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Fri, 26 Jan 2024 11:44:03 +0100 +Subject: lsm: fix the logic in security_inode_getsecctx() + +From: Ondrej Mosnacek + +commit 99b817c173cd213671daecd25ca27f56b0c7c4ec upstream. + +The inode_getsecctx LSM hook has previously been corrected to have +-EOPNOTSUPP instead of 0 as the default return value to fix BPF LSM +behavior. However, the call_int_hook()-generated loop in +security_inode_getsecctx() was left treating 0 as the neutral value, so +after an LSM returns 0, the loop continues to try other LSMs, and if one +of them returns a non-zero value, the function immediately returns with +said value. So in a situation where SELinux and the BPF LSMs registered +this hook, -EOPNOTSUPP would be incorrectly returned whenever SELinux +returned 0. + +Fix this by open-coding the call_int_hook() loop and making it use the +correct LSM_RET_DEFAULT() value as the neutral one, similar to what +other hooks do. + +Cc: stable@vger.kernel.org +Reported-by: Stephen Smalley +Link: https://lore.kernel.org/selinux/CAEjxPJ4ev-pasUwGx48fDhnmjBnq_Wh90jYPwRQRAqXxmOKD4Q@mail.gmail.com/ +Link: https://bugzilla.redhat.com/show_bug.cgi?id=2257983 +Fixes: b36995b8609a ("lsm: fix default return value for inode_getsecctx") +Signed-off-by: Ondrej Mosnacek +Reviewed-by: Casey Schaufler +[PM: subject line tweak] +Signed-off-by: Paul Moore +Signed-off-by: Greg Kroah-Hartman +--- + security/security.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +--- a/security/security.c ++++ b/security/security.c +@@ -4030,7 +4030,19 @@ EXPORT_SYMBOL(security_inode_setsecctx); + */ + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) + { +- return call_int_hook(inode_getsecctx, -EOPNOTSUPP, inode, ctx, ctxlen); ++ struct security_hook_list *hp; ++ int rc; ++ ++ /* ++ * Only one module will provide a security context. ++ */ ++ hlist_for_each_entry(hp, &security_hook_heads.inode_getsecctx, list) { ++ rc = hp->hook.inode_getsecctx(inode, ctx, ctxlen); ++ if (rc != LSM_RET_DEFAULT(inode_getsecctx)) ++ return rc; ++ } ++ ++ return LSM_RET_DEFAULT(inode_getsecctx); + } + EXPORT_SYMBOL(security_inode_getsecctx); + diff --git a/queue-6.6/media-rc-bpf-attach-detach-requires-write-permission.patch b/queue-6.6/media-rc-bpf-attach-detach-requires-write-permission.patch new file mode 100644 index 00000000000..9bb928d7bde --- /dev/null +++ b/queue-6.6/media-rc-bpf-attach-detach-requires-write-permission.patch @@ -0,0 +1,82 @@ +From 6a9d552483d50953320b9d3b57abdee8d436f23f Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Thu, 13 Apr 2023 10:50:32 +0200 +Subject: media: rc: bpf attach/detach requires write permission + +From: Sean Young + +commit 6a9d552483d50953320b9d3b57abdee8d436f23f upstream. + +Note that bpf attach/detach also requires CAP_NET_ADMIN. + +Cc: stable@vger.kernel.org +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/rc/bpf-lirc.c | 6 +++--- + drivers/media/rc/lirc_dev.c | 5 ++++- + drivers/media/rc/rc-core-priv.h | 2 +- + 3 files changed, 8 insertions(+), 5 deletions(-) + +--- a/drivers/media/rc/bpf-lirc.c ++++ b/drivers/media/rc/bpf-lirc.c +@@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_att + if (attr->attach_flags) + return -EINVAL; + +- rcdev = rc_dev_get_from_fd(attr->target_fd); ++ rcdev = rc_dev_get_from_fd(attr->target_fd, true); + if (IS_ERR(rcdev)) + return PTR_ERR(rcdev); + +@@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_att + if (IS_ERR(prog)) + return PTR_ERR(prog); + +- rcdev = rc_dev_get_from_fd(attr->target_fd); ++ rcdev = rc_dev_get_from_fd(attr->target_fd, true); + if (IS_ERR(rcdev)) { + bpf_prog_put(prog); + return PTR_ERR(rcdev); +@@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr + if (attr->query.query_flags) + return -EINVAL; + +- rcdev = rc_dev_get_from_fd(attr->query.target_fd); ++ rcdev = rc_dev_get_from_fd(attr->query.target_fd, false); + if (IS_ERR(rcdev)) + return PTR_ERR(rcdev); + +--- a/drivers/media/rc/lirc_dev.c ++++ b/drivers/media/rc/lirc_dev.c +@@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void) + unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX); + } + +-struct rc_dev *rc_dev_get_from_fd(int fd) ++struct rc_dev *rc_dev_get_from_fd(int fd, bool write) + { + struct fd f = fdget(fd); + struct lirc_fh *fh; +@@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd + return ERR_PTR(-EINVAL); + } + ++ if (write && !(f.file->f_mode & FMODE_WRITE)) ++ return ERR_PTR(-EPERM); ++ + fh = f.file->private_data; + dev = fh->rc; + +--- a/drivers/media/rc/rc-core-priv.h ++++ b/drivers/media/rc/rc-core-priv.h +@@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, + void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc); + int lirc_register(struct rc_dev *dev); + void lirc_unregister(struct rc_dev *dev); +-struct rc_dev *rc_dev_get_from_fd(int fd); ++struct rc_dev *rc_dev_get_from_fd(int fd, bool write); + #else + static inline int lirc_dev_init(void) { return 0; } + static inline void lirc_dev_exit(void) {} diff --git a/queue-6.6/media-revert-media-rkisp1-drop-irqf_shared.patch b/queue-6.6/media-revert-media-rkisp1-drop-irqf_shared.patch new file mode 100644 index 00000000000..868e8cfdef0 --- /dev/null +++ b/queue-6.6/media-revert-media-rkisp1-drop-irqf_shared.patch @@ -0,0 +1,38 @@ +From a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d Mon Sep 17 00:00:00 2001 +From: Tomi Valkeinen +Date: Mon, 18 Dec 2023 08:54:00 +0100 +Subject: media: Revert "media: rkisp1: Drop IRQF_SHARED" + +From: Tomi Valkeinen + +commit a107d643b2a3382e0a2d2c4ef08bf8c6bff4561d upstream. + +This reverts commit 85d2a31fe4d9be1555f621ead7a520d8791e0f74. + +The rkisp1 does share interrupt lines on some platforms, after all. Thus +we need to revert this, and implement a fix for the rkisp1 shared irq +handling in a follow-up patch. + +Closes: https://lore.kernel.org/all/87o7eo8vym.fsf@gmail.com/ +Link: https://lore.kernel.org/r/20231218-rkisp-shirq-fix-v1-1-173007628248@ideasonboard.com + +Reported-by: Mikhail Rudenko +Signed-off-by: Tomi Valkeinen +Signed-off-by: Laurent Pinchart +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c ++++ b/drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c +@@ -559,7 +559,7 @@ static int rkisp1_probe(struct platform_ + rkisp1->irqs[il] = irq; + } + +- ret = devm_request_irq(dev, irq, info->isrs[i].isr, 0, ++ ret = devm_request_irq(dev, irq, info->isrs[i].isr, IRQF_SHARED, + dev_driver_string(dev), dev); + if (ret) { + dev_err(dev, "request irq failed: %d\n", ret); diff --git a/queue-6.6/misc-fastrpc-mark-all-sessions-as-invalid-in-cb_remove.patch b/queue-6.6/misc-fastrpc-mark-all-sessions-as-invalid-in-cb_remove.patch new file mode 100644 index 00000000000..14b943dc89f --- /dev/null +++ b/queue-6.6/misc-fastrpc-mark-all-sessions-as-invalid-in-cb_remove.patch @@ -0,0 +1,36 @@ +From a4e61de63e34860c36a71d1a364edba16fb6203b Mon Sep 17 00:00:00 2001 +From: Ekansh Gupta +Date: Mon, 8 Jan 2024 17:18:33 +0530 +Subject: misc: fastrpc: Mark all sessions as invalid in cb_remove + +From: Ekansh Gupta + +commit a4e61de63e34860c36a71d1a364edba16fb6203b upstream. + +In remoteproc shutdown sequence, rpmsg_remove will get called which +would depopulate all the child nodes that have been created during +rpmsg_probe. This would result in cb_remove call for all the context +banks for the remoteproc. In cb_remove function, session 0 is +getting skipped which is not correct as session 0 will never become +available again. Add changes to mark session 0 also as invalid. + +Fixes: f6f9279f2bf0 ("misc: fastrpc: Add Qualcomm fastrpc basic driver model") +Cc: stable +Signed-off-by: Ekansh Gupta +Link: https://lore.kernel.org/r/20240108114833.20480-1-quic_ekangupt@quicinc.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/misc/fastrpc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/misc/fastrpc.c ++++ b/drivers/misc/fastrpc.c +@@ -2191,7 +2191,7 @@ static int fastrpc_cb_remove(struct plat + int i; + + spin_lock_irqsave(&cctx->lock, flags); +- for (i = 1; i < FASTRPC_MAX_SESSIONS; i++) { ++ for (i = 0; i < FASTRPC_MAX_SESSIONS; i++) { + if (cctx->session[i].sid == sess->sid) { + cctx->session[i].valid = false; + cctx->sesscount--; diff --git a/queue-6.6/modpost-add-.ltext-and-.ltext.-to-text_sections.patch b/queue-6.6/modpost-add-.ltext-and-.ltext.-to-text_sections.patch new file mode 100644 index 00000000000..263dbf8cd2b --- /dev/null +++ b/queue-6.6/modpost-add-.ltext-and-.ltext.-to-text_sections.patch @@ -0,0 +1,50 @@ +From 397586506c3da005b9333ce5947ad01e8018a3be Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Tue, 23 Jan 2024 15:59:55 -0700 +Subject: modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS + +From: Nathan Chancellor + +commit 397586506c3da005b9333ce5947ad01e8018a3be upstream. + +After the linked LLVM change, building ARCH=um defconfig results in a +segmentation fault in modpost. Prior to commit a23e7584ecf3 ("modpost: +unify 'sym' and 'to' in default_mismatch_handler()"), there was a +warning: + + WARNING: modpost: vmlinux.o(__ex_table+0x88): Section mismatch in reference to the .ltext:(unknown) + WARNING: modpost: The relocation at __ex_table+0x88 references + section ".ltext" which is not in the list of + authorized sections. If you're adding a new section + and/or if this reference is valid, add ".ltext" to the + list of authorized sections to jump to on fault. + This can be achieved by adding ".ltext" to + OTHER_TEXT_SECTIONS in scripts/mod/modpost.c. + +The linked LLVM change moves global objects to the '.ltext' (and +'.ltext.*' with '-ffunction-sections') sections with '-mcmodel=large', +which ARCH=um uses. These sections should be handled just as '.text' +and '.text.*' are, so add them to TEXT_SECTIONS. + +Cc: stable@vger.kernel.org +Closes: https://github.com/ClangBuiltLinux/linux/issues/1981 +Link: https://github.com/llvm/llvm-project/commit/4bf8a688956a759b7b6b8d94f42d25c13c7af130 +Signed-off-by: Nathan Chancellor +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman +--- + scripts/mod/modpost.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/scripts/mod/modpost.c ++++ b/scripts/mod/modpost.c +@@ -813,7 +813,8 @@ static void check_section(const char *mo + + #define DATA_SECTIONS ".data", ".data.rel" + #define TEXT_SECTIONS ".text", ".text.*", ".sched.text", \ +- ".kprobes.text", ".cpuidle.text", ".noinstr.text" ++ ".kprobes.text", ".cpuidle.text", ".noinstr.text", \ ++ ".ltext", ".ltext.*" + #define OTHER_TEXT_SECTIONS ".ref.text", ".head.text", ".spinlock.text", \ + ".fixup", ".entry.text", ".exception.text", \ + ".coldtext", ".softirqentry.text" diff --git a/queue-6.6/mptcp-check-addrs-list-in-userspace_pm_get_local_id.patch b/queue-6.6/mptcp-check-addrs-list-in-userspace_pm_get_local_id.patch new file mode 100644 index 00000000000..1d7585a3e95 --- /dev/null +++ b/queue-6.6/mptcp-check-addrs-list-in-userspace_pm_get_local_id.patch @@ -0,0 +1,50 @@ +From f012d796a6de662692159c539689e47e662853a8 Mon Sep 17 00:00:00 2001 +From: Geliang Tang +Date: Thu, 8 Feb 2024 19:03:53 +0100 +Subject: mptcp: check addrs list in userspace_pm_get_local_id + +From: Geliang Tang + +commit f012d796a6de662692159c539689e47e662853a8 upstream. + +Before adding a new entry in mptcp_userspace_pm_get_local_id(), it's +better to check whether this address is already in userspace pm local +address list. If it's in the list, no need to add a new entry, just +return it's address ID and use this address. + +Fixes: 8b20137012d9 ("mptcp: read attributes of addr entries managed by userspace PMs") +Cc: stable@vger.kernel.org +Signed-off-by: Geliang Tang +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/pm_userspace.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +--- a/net/mptcp/pm_userspace.c ++++ b/net/mptcp/pm_userspace.c +@@ -130,10 +130,21 @@ int mptcp_userspace_pm_get_flags_and_ifi + int mptcp_userspace_pm_get_local_id(struct mptcp_sock *msk, + struct mptcp_addr_info *skc) + { +- struct mptcp_pm_addr_entry new_entry; ++ struct mptcp_pm_addr_entry *entry = NULL, *e, new_entry; + __be16 msk_sport = ((struct inet_sock *) + inet_sk((struct sock *)msk))->inet_sport; + ++ spin_lock_bh(&msk->pm.lock); ++ list_for_each_entry(e, &msk->pm.userspace_pm_local_addr_list, list) { ++ if (mptcp_addresses_equal(&e->addr, skc, false)) { ++ entry = e; ++ break; ++ } ++ } ++ spin_unlock_bh(&msk->pm.lock); ++ if (entry) ++ return entry->addr.id; ++ + memset(&new_entry, 0, sizeof(struct mptcp_pm_addr_entry)); + new_entry.addr = *skc; + new_entry.addr.id = 0; diff --git a/queue-6.6/mptcp-drop-the-push_pending-field.patch b/queue-6.6/mptcp-drop-the-push_pending-field.patch new file mode 100644 index 00000000000..cb5fb66a34e --- /dev/null +++ b/queue-6.6/mptcp-drop-the-push_pending-field.patch @@ -0,0 +1,84 @@ +From bdd70eb68913c960acb895b00a8c62eb64715b1f Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 8 Feb 2024 19:03:49 +0100 +Subject: mptcp: drop the push_pending field + +From: Paolo Abeni + +commit bdd70eb68913c960acb895b00a8c62eb64715b1f upstream. + +Such field is there to avoid acquiring the data lock in a few spots, +but it adds complexity to the already non trivial locking schema. + +All the relevant call sites (mptcp-level re-injection, set socket +options), are slow-path, drop such field in favor of 'cb_flags', adding +the relevant locking. + +This patch could be seen as an improvement, instead of a fix. But it +simplifies the next patch. The 'Fixes' tag has been added to help having +this series backported to stable. + +Fixes: e9d09baca676 ("mptcp: avoid atomic bit manipulation when possible") +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.c | 12 ++++++------ + net/mptcp/protocol.h | 1 - + 2 files changed, 6 insertions(+), 7 deletions(-) + +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -1522,8 +1522,11 @@ static void mptcp_update_post_push(struc + + void mptcp_check_and_set_pending(struct sock *sk) + { +- if (mptcp_send_head(sk)) +- mptcp_sk(sk)->push_pending |= BIT(MPTCP_PUSH_PENDING); ++ if (mptcp_send_head(sk)) { ++ mptcp_data_lock(sk); ++ mptcp_sk(sk)->cb_flags |= BIT(MPTCP_PUSH_PENDING); ++ mptcp_data_unlock(sk); ++ } + } + + static int __subflow_push_pending(struct sock *sk, struct sock *ssk, +@@ -3134,7 +3137,6 @@ static int mptcp_disconnect(struct sock + mptcp_destroy_common(msk, MPTCP_CF_FASTCLOSE); + WRITE_ONCE(msk->flags, 0); + msk->cb_flags = 0; +- msk->push_pending = 0; + msk->recovery = false; + msk->can_ack = false; + msk->fully_established = false; +@@ -3359,8 +3361,7 @@ static void mptcp_release_cb(struct sock + struct mptcp_sock *msk = mptcp_sk(sk); + + for (;;) { +- unsigned long flags = (msk->cb_flags & MPTCP_FLAGS_PROCESS_CTX_NEED) | +- msk->push_pending; ++ unsigned long flags = (msk->cb_flags & MPTCP_FLAGS_PROCESS_CTX_NEED); + struct list_head join_list; + + if (!flags) +@@ -3376,7 +3377,6 @@ static void mptcp_release_cb(struct sock + * datapath acquires the msk socket spinlock while helding + * the subflow socket lock + */ +- msk->push_pending = 0; + msk->cb_flags &= ~flags; + spin_unlock_bh(&sk->sk_lock.slock); + +--- a/net/mptcp/protocol.h ++++ b/net/mptcp/protocol.h +@@ -283,7 +283,6 @@ struct mptcp_sock { + int rmem_released; + unsigned long flags; + unsigned long cb_flags; +- unsigned long push_pending; + bool recovery; /* closing subflow write queue reinjected */ + bool can_ack; + bool fully_established; diff --git a/queue-6.6/mptcp-fix-data-re-injection-from-stale-subflow.patch b/queue-6.6/mptcp-fix-data-re-injection-from-stale-subflow.patch new file mode 100644 index 00000000000..57446b24b4d --- /dev/null +++ b/queue-6.6/mptcp-fix-data-re-injection-from-stale-subflow.patch @@ -0,0 +1,52 @@ +From b6c620dc43ccb4e802894e54b651cf81495e9598 Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Wed, 31 Jan 2024 22:49:46 +0100 +Subject: mptcp: fix data re-injection from stale subflow + +From: Paolo Abeni + +commit b6c620dc43ccb4e802894e54b651cf81495e9598 upstream. + +When the MPTCP PM detects that a subflow is stale, all the packet +scheduler must re-inject all the mptcp-level unacked data. To avoid +acquiring unneeded locks, it first try to check if any unacked data +is present at all in the RTX queue, but such check is currently +broken, as it uses TCP-specific helper on an MPTCP socket. + +Funnily enough fuzzers and static checkers are happy, as the accessed +memory still belongs to the mptcp_sock struct, and even from a +functional perspective the recovery completed successfully, as +the short-cut test always failed. + +A recent unrelated TCP change - commit d5fed5addb2b ("tcp: reorganize +tcp_sock fast path variables") - exposed the issue, as the tcp field +reorganization makes the mptcp code always skip the re-inection. + +Fix the issue dropping the bogus call: we are on a slow path, the early +optimization proved once again to be evil. + +Fixes: 1e1d9d6f119c ("mptcp: handle pending data on closed subflow") +Cc: stable@vger.kernel.org +Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/468 +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-1-4c1c11e571ff@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.c | 3 --- + 1 file changed, 3 deletions(-) + +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -2318,9 +2318,6 @@ bool __mptcp_retransmit_pending_data(str + if (__mptcp_check_fallback(msk)) + return false; + +- if (tcp_rtx_and_write_queues_empty(sk)) +- return false; +- + /* the closing socket has some data untransmitted and/or unacked: + * some data in the mptcp rtx queue has not really xmitted yet. + * keep it simple and re-inject the whole mptcp level rtx queue diff --git a/queue-6.6/mptcp-fix-rcv-space-initialization.patch b/queue-6.6/mptcp-fix-rcv-space-initialization.patch new file mode 100644 index 00000000000..c9b70b201fa --- /dev/null +++ b/queue-6.6/mptcp-fix-rcv-space-initialization.patch @@ -0,0 +1,124 @@ +From 013e3179dbd2bc756ce1dd90354abac62f65b739 Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 8 Feb 2024 19:03:50 +0100 +Subject: mptcp: fix rcv space initialization + +From: Paolo Abeni + +commit 013e3179dbd2bc756ce1dd90354abac62f65b739 upstream. + +mptcp_rcv_space_init() is supposed to happen under the msk socket +lock, but active msk socket does that without such protection. + +Leverage the existing mptcp_propagate_state() helper to that extent. +We need to ensure mptcp_rcv_space_init will happen before +mptcp_rcv_space_adjust(), and the release_cb does not assure that: +explicitly check for such condition. + +While at it, move the wnd_end initialization out of mptcp_rcv_space_init(), +it never belonged there. + +Note that the race does not produce ill effect in practice, but +change allows cleaning-up and defying better the locking model. + +Fixes: a6b118febbab ("mptcp: add receive buffer auto-tuning") +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.c | 10 ++++++---- + net/mptcp/protocol.h | 3 ++- + net/mptcp/subflow.c | 4 ++-- + 3 files changed, 10 insertions(+), 7 deletions(-) + +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -1967,6 +1967,9 @@ static void mptcp_rcv_space_adjust(struc + if (copied <= 0) + return; + ++ if (!msk->rcvspace_init) ++ mptcp_rcv_space_init(msk, msk->first); ++ + msk->rcvq_space.copied += copied; + + mstamp = div_u64(tcp_clock_ns(), NSEC_PER_USEC); +@@ -3151,6 +3154,7 @@ static int mptcp_disconnect(struct sock + msk->bytes_received = 0; + msk->bytes_sent = 0; + msk->bytes_retrans = 0; ++ msk->rcvspace_init = 0; + + WRITE_ONCE(sk->sk_shutdown, 0); + sk_error_report(sk); +@@ -3238,6 +3242,7 @@ void mptcp_rcv_space_init(struct mptcp_s + { + const struct tcp_sock *tp = tcp_sk(ssk); + ++ msk->rcvspace_init = 1; + msk->rcvq_space.copied = 0; + msk->rcvq_space.rtt_us = 0; + +@@ -3248,8 +3253,6 @@ void mptcp_rcv_space_init(struct mptcp_s + TCP_INIT_CWND * tp->advmss); + if (msk->rcvq_space.space == 0) + msk->rcvq_space.space = TCP_INIT_CWND * TCP_MSS_DEFAULT; +- +- WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + } + + static struct sock *mptcp_accept(struct sock *ssk, int flags, int *err, +@@ -3507,10 +3510,9 @@ void mptcp_finish_connect(struct sock *s + WRITE_ONCE(msk->write_seq, subflow->idsn + 1); + WRITE_ONCE(msk->snd_nxt, msk->write_seq); + WRITE_ONCE(msk->snd_una, msk->write_seq); ++ WRITE_ONCE(msk->wnd_end, msk->snd_nxt + tcp_sk(ssk)->snd_wnd); + + mptcp_pm_new_connection(msk, ssk, 0); +- +- mptcp_rcv_space_init(msk, ssk); + } + + void mptcp_sock_graft(struct sock *sk, struct socket *parent) +--- a/net/mptcp/protocol.h ++++ b/net/mptcp/protocol.h +@@ -301,7 +301,8 @@ struct mptcp_sock { + nodelay:1, + fastopening:1, + in_accept_queue:1, +- free_first:1; ++ free_first:1, ++ rcvspace_init:1; + struct work_struct work; + struct sk_buff *ooo_last_skb; + struct rb_root out_of_order_queue; +--- a/net/mptcp/subflow.c ++++ b/net/mptcp/subflow.c +@@ -424,6 +424,8 @@ void __mptcp_sync_state(struct sock *sk, + struct mptcp_sock *msk = mptcp_sk(sk); + + __mptcp_propagate_sndbuf(sk, msk->first); ++ if (!msk->rcvspace_init) ++ mptcp_rcv_space_init(msk, msk->first); + if (sk->sk_state == TCP_SYN_SENT) { + inet_sk_state_store(sk, state); + sk->sk_state_change(sk); +@@ -545,7 +547,6 @@ static void subflow_finish_connect(struc + } + } else if (mptcp_check_fallback(sk)) { + fallback: +- mptcp_rcv_space_init(msk, sk); + mptcp_propagate_state(parent, sk); + } + return; +@@ -1736,7 +1737,6 @@ static void subflow_state_change(struct + msk = mptcp_sk(parent); + if (subflow_simultaneous_connect(sk)) { + mptcp_do_fallback(sk); +- mptcp_rcv_space_init(msk, sk); + pr_fallback(msk); + subflow->conn_finished = 1; + mptcp_propagate_state(parent, sk); diff --git a/queue-6.6/mptcp-really-cope-with-fastopen-race.patch b/queue-6.6/mptcp-really-cope-with-fastopen-race.patch new file mode 100644 index 00000000000..b115af7be1f --- /dev/null +++ b/queue-6.6/mptcp-really-cope-with-fastopen-race.patch @@ -0,0 +1,45 @@ +From 337cebbd850f94147cee05252778f8f78b8c337f Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Thu, 8 Feb 2024 19:03:54 +0100 +Subject: mptcp: really cope with fastopen race + +From: Paolo Abeni + +commit 337cebbd850f94147cee05252778f8f78b8c337f upstream. + +Fastopen and PM-trigger subflow shutdown can race, as reported by +syzkaller. + +In my first attempt to close such race, I missed the fact that +the subflow status can change again before the subflow_state_change +callback is invoked. + +Address the issue additionally copying with all the states directly +reachable from TCP_FIN_WAIT1. + +Fixes: 1e777f39b4d7 ("mptcp: add MSG_FASTOPEN sendmsg flag support") +Fixes: 4fd19a307016 ("mptcp: fix inconsistent state on fastopen race") +Cc: stable@vger.kernel.org +Reported-by: syzbot+c53d4d3ddb327e80bc51@syzkaller.appspotmail.com +Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/458 +Signed-off-by: Paolo Abeni +Reviewed-by: Mat Martineau +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/net/mptcp/protocol.h ++++ b/net/mptcp/protocol.h +@@ -1104,7 +1104,8 @@ static inline bool subflow_simultaneous_ + { + struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk); + +- return (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_FIN_WAIT1) && ++ return (1 << sk->sk_state) & ++ (TCPF_ESTABLISHED | TCPF_FIN_WAIT1 | TCPF_FIN_WAIT2 | TCPF_CLOSING) && + is_active_ssk(subflow) && + !subflow->conn_finished; + } diff --git a/queue-6.6/net-hsr-remove-warn_once-in-send_hsr_supervision_frame.patch b/queue-6.6/net-hsr-remove-warn_once-in-send_hsr_supervision_frame.patch new file mode 100644 index 00000000000..6b996d80b18 --- /dev/null +++ b/queue-6.6/net-hsr-remove-warn_once-in-send_hsr_supervision_frame.patch @@ -0,0 +1,72 @@ +From 37e8c97e539015637cb920d3e6f1e404f707a06e Mon Sep 17 00:00:00 2001 +From: Nikita Zhandarovich +Date: Wed, 24 Jan 2024 02:21:47 -0800 +Subject: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() + +From: Nikita Zhandarovich + +commit 37e8c97e539015637cb920d3e6f1e404f707a06e upstream. + +Syzkaller reported [1] hitting a warning after failing to allocate +resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will +not help much in this case, it might be prudent to switch to +netdev_warn_once(). At the very least it will suppress syzkaller +reports such as [1]. + +Just in case, use netdev_warn_once() in send_prp_supervision_frame() +for similar reasons. + +[1] +HSR: Could not send supervision frame +WARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 +RIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294 +... +Call Trace: + + hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382 + call_timer_fn+0x193/0x590 kernel/time/timer.c:1700 + expire_timers kernel/time/timer.c:1751 [inline] + __run_timers+0x764/0xb20 kernel/time/timer.c:2022 + run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035 + __do_softirq+0x21a/0x8de kernel/softirq.c:553 + invoke_softirq kernel/softirq.c:427 [inline] + __irq_exit_rcu kernel/softirq.c:632 [inline] + irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644 + sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076 + + + asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649 +... + +This issue is also found in older kernels (at least up to 5.10). + +Cc: stable@vger.kernel.org +Reported-by: syzbot+3ae0a3f42c84074b7c8e@syzkaller.appspotmail.com +Fixes: 121c33b07b31 ("net: hsr: introduce common code for skb initialization") +Signed-off-by: Nikita Zhandarovich +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/hsr/hsr_device.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/hsr/hsr_device.c ++++ b/net/hsr/hsr_device.c +@@ -291,7 +291,7 @@ static void send_hsr_supervision_frame(s + + skb = hsr_init_skb(master); + if (!skb) { +- WARN_ONCE(1, "HSR: Could not send supervision frame\n"); ++ netdev_warn_once(master->dev, "HSR: Could not send supervision frame\n"); + return; + } + +@@ -338,7 +338,7 @@ static void send_prp_supervision_frame(s + + skb = hsr_init_skb(master); + if (!skb) { +- WARN_ONCE(1, "PRP: Could not send supervision frame\n"); ++ netdev_warn_once(master->dev, "PRP: Could not send supervision frame\n"); + return; + } + diff --git a/queue-6.6/net-stmmac-do-not-clear-tbs-enable-bit-on-link-up-down.patch b/queue-6.6/net-stmmac-do-not-clear-tbs-enable-bit-on-link-up-down.patch new file mode 100644 index 00000000000..89bf62c0eb0 --- /dev/null +++ b/queue-6.6/net-stmmac-do-not-clear-tbs-enable-bit-on-link-up-down.patch @@ -0,0 +1,36 @@ +From 4896bb7c0b31a0a3379b290ea7729900c59e0c69 Mon Sep 17 00:00:00 2001 +From: Esben Haabendal +Date: Fri, 26 Jan 2024 10:10:41 +0100 +Subject: net: stmmac: do not clear TBS enable bit on link up/down + +From: Esben Haabendal + +commit 4896bb7c0b31a0a3379b290ea7729900c59e0c69 upstream. + +With the dma conf being reallocated on each call to stmmac_open(), any +information in there is lost, unless we specifically handle it. + +The STMMAC_TBS_EN bit is set when adding an etf qdisc, and the etf qdisc +therefore would stop working when link was set down and then back up. + +Fixes: ba39b344e924 ("net: ethernet: stmicro: stmmac: generate stmmac dma conf before open") +Cc: stable@vger.kernel.org +Signed-off-by: Esben Haabendal +Signed-off-by: Paolo Abeni +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -3853,6 +3853,9 @@ static int __stmmac_open(struct net_devi + priv->rx_copybreak = STMMAC_RX_COPYBREAK; + + buf_sz = dma_conf->dma_buf_sz; ++ for (int i = 0; i < MTL_MAX_TX_QUEUES; i++) ++ if (priv->dma_conf.tx_queue[i].tbs & STMMAC_TBS_EN) ++ dma_conf->tx_queue[i].tbs = priv->dma_conf.tx_queue[i].tbs; + memcpy(&priv->dma_conf, dma_conf, sizeof(*dma_conf)); + + stmmac_reset_queues_param(priv); diff --git a/queue-6.6/nfc-nci-free-rx_data_reassembly-skb-on-nci-device-cleanup.patch b/queue-6.6/nfc-nci-free-rx_data_reassembly-skb-on-nci-device-cleanup.patch new file mode 100644 index 00000000000..c4587b8bb3c --- /dev/null +++ b/queue-6.6/nfc-nci-free-rx_data_reassembly-skb-on-nci-device-cleanup.patch @@ -0,0 +1,45 @@ +From bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c Mon Sep 17 00:00:00 2001 +From: Fedor Pchelkin +Date: Thu, 25 Jan 2024 12:53:09 +0300 +Subject: nfc: nci: free rx_data_reassembly skb on NCI device cleanup + +From: Fedor Pchelkin + +commit bfb007aebe6bff451f7f3a4be19f4f286d0d5d9c upstream. + +rx_data_reassembly skb is stored during NCI data exchange for processing +fragmented packets. It is dropped only when the last fragment is processed +or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. +However, the NCI device may be deallocated before that which leads to skb +leak. + +As by design the rx_data_reassembly skb is bound to the NCI device and +nothing prevents the device to be freed before the skb is processed in +some way and cleaned, free it on the NCI device cleanup. + +Found by Linux Verification Center (linuxtesting.org) with Syzkaller. + +Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation") +Cc: stable@vger.kernel.org +Reported-by: syzbot+6b7c68d9c21e4ee4251b@syzkaller.appspotmail.com +Closes: https://lore.kernel.org/lkml/000000000000f43987060043da7b@google.com/ +Signed-off-by: Fedor Pchelkin +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/nfc/nci/core.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/net/nfc/nci/core.c ++++ b/net/nfc/nci/core.c +@@ -1208,6 +1208,10 @@ void nci_free_device(struct nci_dev *nde + { + nfc_free_device(ndev->nfc_dev); + nci_hci_deallocate(ndev); ++ ++ /* drop partial rx data packet if present */ ++ if (ndev->rx_data_reassembly) ++ kfree_skb(ndev->rx_data_reassembly); + kfree(ndev); + } + EXPORT_SYMBOL(nci_free_device); diff --git a/queue-6.6/parisc-btlb-fix-crash-when-setting-up-btlb-at-cpu-bringup.patch b/queue-6.6/parisc-btlb-fix-crash-when-setting-up-btlb-at-cpu-bringup.patch new file mode 100644 index 00000000000..211a0823a4c --- /dev/null +++ b/queue-6.6/parisc-btlb-fix-crash-when-setting-up-btlb-at-cpu-bringup.patch @@ -0,0 +1,42 @@ +From 913b9d443a0180cf0de3548f1ab3149378998486 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Wed, 31 Jan 2024 13:37:25 +0100 +Subject: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup + +From: Helge Deller + +commit 913b9d443a0180cf0de3548f1ab3149378998486 upstream. + +When using hotplug and bringing up a 32-bit CPU, ask the firmware about the +BTLB information to set up the static (block) TLB entries. + +For that write access to the static btlb_info struct is needed, but +since it is marked __ro_after_init the kernel segfaults with missing +write permissions. + +Fix the crash by dropping the __ro_after_init annotation. + +Fixes: e5ef93d02d6c ("parisc: BTLB: Initialize BTLB tables at CPU startup") +Signed-off-by: Helge Deller +Cc: # v6.6+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/cache.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c +index 5552602fcaef..422f3e1e6d9c 100644 +--- a/arch/parisc/kernel/cache.c ++++ b/arch/parisc/kernel/cache.c +@@ -58,7 +58,7 @@ int pa_serialize_tlb_flushes __ro_after_init; + + struct pdc_cache_info cache_info __ro_after_init; + #ifndef CONFIG_PA20 +-struct pdc_btlb_info btlb_info __ro_after_init; ++struct pdc_btlb_info btlb_info; + #endif + + DEFINE_STATIC_KEY_TRUE(parisc_has_cache); +-- +2.43.2 + diff --git a/queue-6.6/pmdomain-mediatek-fix-race-conditions-with-genpd.patch b/queue-6.6/pmdomain-mediatek-fix-race-conditions-with-genpd.patch new file mode 100644 index 00000000000..298a0caf245 --- /dev/null +++ b/queue-6.6/pmdomain-mediatek-fix-race-conditions-with-genpd.patch @@ -0,0 +1,75 @@ +From c41336f4d69057cbf88fed47951379b384540df5 Mon Sep 17 00:00:00 2001 +From: Eugen Hristev +Date: Mon, 25 Dec 2023 15:36:15 +0200 +Subject: pmdomain: mediatek: fix race conditions with genpd + +From: Eugen Hristev + +commit c41336f4d69057cbf88fed47951379b384540df5 upstream. + +If the power domains are registered first with genpd and *after that* +the driver attempts to power them on in the probe sequence, then it is +possible that a race condition occurs if genpd tries to power them on +in the same time. +The same is valid for powering them off before unregistering them +from genpd. +Attempt to fix race conditions by first removing the domains from genpd +and *after that* powering down domains. +Also first power up the domains and *after that* register them +to genpd. + +Fixes: 59b644b01cf4 ("soc: mediatek: Add MediaTek SCPSYS power domains") +Signed-off-by: Eugen Hristev +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20231225133615.78993-1-eugen.hristev@collabora.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/pmdomain/mediatek/mtk-pm-domains.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/drivers/pmdomain/mediatek/mtk-pm-domains.c ++++ b/drivers/pmdomain/mediatek/mtk-pm-domains.c +@@ -508,6 +508,11 @@ static int scpsys_add_subdomain(struct s + goto err_put_node; + } + ++ /* recursive call to add all subdomains */ ++ ret = scpsys_add_subdomain(scpsys, child); ++ if (ret) ++ goto err_put_node; ++ + ret = pm_genpd_add_subdomain(parent_pd, child_pd); + if (ret) { + dev_err(scpsys->dev, "failed to add %s subdomain to parent %s\n", +@@ -517,11 +522,6 @@ static int scpsys_add_subdomain(struct s + dev_dbg(scpsys->dev, "%s add subdomain: %s\n", parent_pd->name, + child_pd->name); + } +- +- /* recursive call to add all subdomains */ +- ret = scpsys_add_subdomain(scpsys, child); +- if (ret) +- goto err_put_node; + } + + return 0; +@@ -535,9 +535,6 @@ static void scpsys_remove_one_domain(str + { + int ret; + +- if (scpsys_domain_is_on(pd)) +- scpsys_power_off(&pd->genpd); +- + /* + * We're in the error cleanup already, so we only complain, + * but won't emit another error on top of the original one. +@@ -547,6 +544,8 @@ static void scpsys_remove_one_domain(str + dev_err(pd->scpsys->dev, + "failed to remove domain '%s' : %d - state may be inconsistent\n", + pd->genpd.name, ret); ++ if (scpsys_domain_is_on(pd)) ++ scpsys_power_off(&pd->genpd); + + clk_bulk_put(pd->num_clks, pd->clks); + clk_bulk_put(pd->num_subsys_clks, pd->subsys_clks); diff --git a/queue-6.6/revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-entry.patch b/queue-6.6/revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-entry.patch new file mode 100644 index 00000000000..c24e5199b09 --- /dev/null +++ b/queue-6.6/revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-entry.patch @@ -0,0 +1,58 @@ +From 916361685319098f696b798ef1560f69ed96e934 Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Wed, 7 Feb 2024 23:52:54 -0600 +Subject: Revert "drm/amd: flush any delayed gfxoff on suspend entry" + +From: Mario Limonciello + +commit 916361685319098f696b798ef1560f69ed96e934 upstream. + +commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring +callbacks") caused GFXOFF control to be used more heavily and the +codepath that was removed from commit 0dee72639533 ("drm/amd: flush any +delayed gfxoff on suspend entry") now can be exercised at suspend again. + +Users report that by using GNOME to suspend the lockscreen trigger will +cause SDMA traffic and the system can deadlock. + +This reverts commit 0dee726395333fea833eaaf838bc80962df886c8. + +Acked-by: Alex Deucher +Fixes: ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") +Signed-off-by: Mario Limonciello +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 1 - + drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c | 9 ++++++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_device.c +@@ -4133,7 +4133,6 @@ int amdgpu_device_suspend(struct drm_dev + drm_fb_helper_set_suspend_unlocked(adev_to_drm(adev)->fb_helper, true); + + cancel_delayed_work_sync(&adev->delayed_init_work); +- flush_delayed_work(&adev->gfx.gfx_off_delay_work); + + amdgpu_ras_suspend(adev); + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_gfx.c +@@ -702,8 +702,15 @@ void amdgpu_gfx_off_ctrl(struct amdgpu_d + + if (adev->gfx.gfx_off_req_count == 0 && + !adev->gfx.gfx_off_state) { +- schedule_delayed_work(&adev->gfx.gfx_off_delay_work, ++ /* If going to s2idle, no need to wait */ ++ if (adev->in_s0ix) { ++ if (!amdgpu_dpm_set_powergating_by_smu(adev, ++ AMD_IP_BLOCK_TYPE_GFX, true)) ++ adev->gfx.gfx_off_state = true; ++ } else { ++ schedule_delayed_work(&adev->gfx.gfx_off_delay_work, + delay); ++ } + } + } else { + if (adev->gfx.gfx_off_req_count == 0) { diff --git a/queue-6.6/revert-drm-msm-gpu-push-gpu-lock-down-past-runpm.patch b/queue-6.6/revert-drm-msm-gpu-push-gpu-lock-down-past-runpm.patch new file mode 100644 index 00000000000..60556f9b856 --- /dev/null +++ b/queue-6.6/revert-drm-msm-gpu-push-gpu-lock-down-past-runpm.patch @@ -0,0 +1,83 @@ +From 917e9b7c2350e3e53162fcf5035e5f2d68e2cbed Mon Sep 17 00:00:00 2001 +From: Rob Clark +Date: Tue, 9 Jan 2024 10:22:17 -0800 +Subject: Revert "drm/msm/gpu: Push gpu lock down past runpm" + +From: Rob Clark + +commit 917e9b7c2350e3e53162fcf5035e5f2d68e2cbed upstream. + +This reverts commit abe2023b4cea192ab266b351fd38dc9dbd846df0. + +Changing the locking order means that scheduler/msm_job_run() can race +with the recovery kthread worker, with the result that the GPU gets an +extra runpm get when we are trying to power it off. Leaving the GPU in +an unrecovered state. + +I'll need to come up with a different scheme for appeasing lockdep. + +Signed-off-by: Rob Clark +Patchwork: https://patchwork.freedesktop.org/patch/573835/ +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/msm/msm_gpu.c | 11 +++++------ + drivers/gpu/drm/msm/msm_ringbuffer.c | 7 +++++-- + 2 files changed, 10 insertions(+), 8 deletions(-) + +--- a/drivers/gpu/drm/msm/msm_gpu.c ++++ b/drivers/gpu/drm/msm/msm_gpu.c +@@ -749,12 +749,14 @@ void msm_gpu_submit(struct msm_gpu *gpu, + struct msm_ringbuffer *ring = submit->ring; + unsigned long flags; + +- pm_runtime_get_sync(&gpu->pdev->dev); ++ WARN_ON(!mutex_is_locked(&gpu->lock)); + +- mutex_lock(&gpu->lock); ++ pm_runtime_get_sync(&gpu->pdev->dev); + + msm_gpu_hw_init(gpu); + ++ submit->seqno = submit->hw_fence->seqno; ++ + update_sw_cntrs(gpu); + + /* +@@ -779,11 +781,8 @@ void msm_gpu_submit(struct msm_gpu *gpu, + gpu->funcs->submit(gpu, submit); + gpu->cur_ctx_seqno = submit->queue->ctx->seqno; + +- hangcheck_timer_reset(gpu); +- +- mutex_unlock(&gpu->lock); +- + pm_runtime_put(&gpu->pdev->dev); ++ hangcheck_timer_reset(gpu); + } + + /* +--- a/drivers/gpu/drm/msm/msm_ringbuffer.c ++++ b/drivers/gpu/drm/msm/msm_ringbuffer.c +@@ -21,8 +21,6 @@ static struct dma_fence *msm_job_run(str + + msm_fence_init(submit->hw_fence, fctx); + +- submit->seqno = submit->hw_fence->seqno; +- + mutex_lock(&priv->lru.lock); + + for (i = 0; i < submit->nr_bos; i++) { +@@ -34,8 +32,13 @@ static struct dma_fence *msm_job_run(str + + mutex_unlock(&priv->lru.lock); + ++ /* TODO move submit path over to using a per-ring lock.. */ ++ mutex_lock(&gpu->lock); ++ + msm_gpu_submit(gpu, submit); + ++ mutex_unlock(&gpu->lock); ++ + return dma_fence_get(submit->hw_fence); + } + diff --git a/queue-6.6/revert-powerpc-pseries-iommu-fix-iommu-initialisation-during-dlpar-add.patch b/queue-6.6/revert-powerpc-pseries-iommu-fix-iommu-initialisation-during-dlpar-add.patch new file mode 100644 index 00000000000..60ebef220c7 --- /dev/null +++ b/queue-6.6/revert-powerpc-pseries-iommu-fix-iommu-initialisation-during-dlpar-add.patch @@ -0,0 +1,92 @@ +From 1fba2bf8e9d5a27b7394856181b6200de7260b79 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Wed, 14 Feb 2024 11:00:41 +1100 +Subject: Revert "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add" + +From: Michael Ellerman + +commit 1fba2bf8e9d5a27b7394856181b6200de7260b79 upstream. + +This reverts commit ed8b94f6e0acd652ce69bd69d678a0c769172df8. + +Gaurav reported that there are still problems with the patch and it +should be reverted pending a fuller fix. + +Link: https://lore.kernel.org/all/4f6fc1ac-7a76-4447-9d0e-f55c0be373f8@linux.ibm.com/ +Signed-off-by: Michael Ellerman +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/include/asm/ppc-pci.h | 3 --- + arch/powerpc/kernel/iommu.c | 21 +++++---------------- + arch/powerpc/platforms/pseries/pci_dlpar.c | 4 ---- + 3 files changed, 5 insertions(+), 23 deletions(-) + +--- a/arch/powerpc/include/asm/ppc-pci.h ++++ b/arch/powerpc/include/asm/ppc-pci.h +@@ -29,9 +29,6 @@ void *pci_traverse_device_nodes(struct d + void *(*fn)(struct device_node *, void *), + void *data); + extern void pci_devs_phb_init_dynamic(struct pci_controller *phb); +-extern void ppc_iommu_register_device(struct pci_controller *phb); +-extern void ppc_iommu_unregister_device(struct pci_controller *phb); +- + + /* From rtas_pci.h */ + extern void init_pci_config_tokens (void); +--- a/arch/powerpc/kernel/iommu.c ++++ b/arch/powerpc/kernel/iommu.c +@@ -1393,21 +1393,6 @@ static const struct attribute_group *spa + NULL, + }; + +-void ppc_iommu_register_device(struct pci_controller *phb) +-{ +- iommu_device_sysfs_add(&phb->iommu, phb->parent, +- spapr_tce_iommu_groups, "iommu-phb%04x", +- phb->global_number); +- iommu_device_register(&phb->iommu, &spapr_tce_iommu_ops, +- phb->parent); +-} +- +-void ppc_iommu_unregister_device(struct pci_controller *phb) +-{ +- iommu_device_unregister(&phb->iommu); +- iommu_device_sysfs_remove(&phb->iommu); +-} +- + /* + * This registers IOMMU devices of PHBs. This needs to happen + * after core_initcall(iommu_init) + postcore_initcall(pci_driver_init) and +@@ -1418,7 +1403,11 @@ static int __init spapr_tce_setup_phb_io + struct pci_controller *hose; + + list_for_each_entry(hose, &hose_list, list_node) { +- ppc_iommu_register_device(hose); ++ iommu_device_sysfs_add(&hose->iommu, hose->parent, ++ spapr_tce_iommu_groups, "iommu-phb%04x", ++ hose->global_number); ++ iommu_device_register(&hose->iommu, &spapr_tce_iommu_ops, ++ hose->parent); + } + return 0; + } +--- a/arch/powerpc/platforms/pseries/pci_dlpar.c ++++ b/arch/powerpc/platforms/pseries/pci_dlpar.c +@@ -35,8 +35,6 @@ struct pci_controller *init_phb_dynamic( + + pseries_msi_allocate_domains(phb); + +- ppc_iommu_register_device(phb); +- + /* Create EEH devices for the PHB */ + eeh_phb_pe_create(phb); + +@@ -78,8 +76,6 @@ int remove_phb_dynamic(struct pci_contro + } + } + +- ppc_iommu_unregister_device(phb); +- + pseries_msi_free_domains(phb); + + /* Keep a reference so phb isn't freed yet */ diff --git a/queue-6.6/revert-workqueue-override-implicit-ordered-attribute-in-workqueue_apply_unbound_cpumask.patch b/queue-6.6/revert-workqueue-override-implicit-ordered-attribute-in-workqueue_apply_unbound_cpumask.patch new file mode 100644 index 00000000000..ebdd05dbbe8 --- /dev/null +++ b/queue-6.6/revert-workqueue-override-implicit-ordered-attribute-in-workqueue_apply_unbound_cpumask.patch @@ -0,0 +1,54 @@ +From aac8a59537dfc704ff344f1aacfd143c089ee20f Mon Sep 17 00:00:00 2001 +From: Tejun Heo +Date: Mon, 5 Feb 2024 15:43:41 -1000 +Subject: Revert "workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()" + +From: Tejun Heo + +commit aac8a59537dfc704ff344f1aacfd143c089ee20f upstream. + +This reverts commit ca10d851b9ad0338c19e8e3089e24d565ebfffd7. + +The commit allowed workqueue_apply_unbound_cpumask() to clear __WQ_ORDERED +on now removed implicitly ordered workqueues. This was incorrect in that +system-wide config change shouldn't break ordering properties of all +workqueues. The reason why apply_workqueue_attrs() path was allowed to do so +was because it was targeting the specific workqueue - either the workqueue +had WQ_SYSFS set or the workqueue user specifically tried to change +max_active, both of which indicate that the workqueue doesn't need to be +ordered. + +The implicitly ordered workqueue promotion was removed by the previous +commit 3bc1e711c26b ("workqueue: Don't implicitly make UNBOUND workqueues w/ +@max_active==1 ordered"). However, it didn't update this path and broke +build. Let's revert the commit which was incorrect in the first place which +also fixes build. + +Signed-off-by: Tejun Heo +Fixes: 3bc1e711c26b ("workqueue: Don't implicitly make UNBOUND workqueues w/ @max_active==1 ordered") +Fixes: ca10d851b9ad ("workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask()") +Cc: stable@vger.kernel.org # v6.6+ +Signed-off-by: Tejun Heo +Signed-off-by: Greg Kroah-Hartman +--- + kernel/workqueue.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +--- a/kernel/workqueue.c ++++ b/kernel/workqueue.c +@@ -5793,13 +5793,9 @@ static int workqueue_apply_unbound_cpuma + list_for_each_entry(wq, &workqueues, list) { + if (!(wq->flags & WQ_UNBOUND)) + continue; +- + /* creating multiple pwqs breaks ordering guarantee */ +- if (!list_empty(&wq->pwqs)) { +- if (wq->flags & __WQ_ORDERED_EXPLICIT) +- continue; +- wq->flags &= ~__WQ_ORDERED; +- } ++ if (wq->flags & __WQ_ORDERED) ++ continue; + + ctx = apply_wqattrs_prepare(wq, wq->unbound_attrs, unbound_cpumask); + if (IS_ERR(ctx)) { diff --git a/queue-6.6/scsi-revert-scsi-fcoe-fix-potential-deadlock-on-fip-ctlr_lock.patch b/queue-6.6/scsi-revert-scsi-fcoe-fix-potential-deadlock-on-fip-ctlr_lock.patch new file mode 100644 index 00000000000..b64e89393de --- /dev/null +++ b/queue-6.6/scsi-revert-scsi-fcoe-fix-potential-deadlock-on-fip-ctlr_lock.patch @@ -0,0 +1,113 @@ +From 977fe773dcc7098d8eaf4ee6382cb51e13e784cb Mon Sep 17 00:00:00 2001 +From: Lee Duncan +Date: Fri, 9 Feb 2024 10:07:34 -0800 +Subject: scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" + +From: Lee Duncan + +commit 977fe773dcc7098d8eaf4ee6382cb51e13e784cb upstream. + +This reverts commit 1a1975551943f681772720f639ff42fbaa746212. + +This commit causes interrupts to be lost for FCoE devices, since it changed +sping locks from "bh" to "irqsave". + +Instead, a work queue should be used, and will be addressed in a separate +commit. + +Fixes: 1a1975551943 ("scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock") +Signed-off-by: Lee Duncan +Link: https://lore.kernel.org/r/c578cdcd46b60470535c4c4a953e6a1feca0dffd.1707500786.git.lduncan@suse.com +Reviewed-by: Hannes Reinecke +Signed-off-by: Martin K. Petersen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/scsi/fcoe/fcoe_ctlr.c | 20 ++++++++------------ + 1 file changed, 8 insertions(+), 12 deletions(-) + +--- a/drivers/scsi/fcoe/fcoe_ctlr.c ++++ b/drivers/scsi/fcoe/fcoe_ctlr.c +@@ -319,17 +319,16 @@ static void fcoe_ctlr_announce(struct fc + { + struct fcoe_fcf *sel; + struct fcoe_fcf *fcf; +- unsigned long flags; + + mutex_lock(&fip->ctlr_mutex); +- spin_lock_irqsave(&fip->ctlr_lock, flags); ++ spin_lock_bh(&fip->ctlr_lock); + + kfree_skb(fip->flogi_req); + fip->flogi_req = NULL; + list_for_each_entry(fcf, &fip->fcfs, list) + fcf->flogi_sent = 0; + +- spin_unlock_irqrestore(&fip->ctlr_lock, flags); ++ spin_unlock_bh(&fip->ctlr_lock); + sel = fip->sel_fcf; + + if (sel && ether_addr_equal(sel->fcf_mac, fip->dest_addr)) +@@ -700,7 +699,6 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr + { + struct fc_frame *fp; + struct fc_frame_header *fh; +- unsigned long flags; + u16 old_xid; + u8 op; + u8 mac[ETH_ALEN]; +@@ -734,11 +732,11 @@ int fcoe_ctlr_els_send(struct fcoe_ctlr + op = FIP_DT_FLOGI; + if (fip->mode == FIP_MODE_VN2VN) + break; +- spin_lock_irqsave(&fip->ctlr_lock, flags); ++ spin_lock_bh(&fip->ctlr_lock); + kfree_skb(fip->flogi_req); + fip->flogi_req = skb; + fip->flogi_req_send = 1; +- spin_unlock_irqrestore(&fip->ctlr_lock, flags); ++ spin_unlock_bh(&fip->ctlr_lock); + schedule_work(&fip->timer_work); + return -EINPROGRESS; + case ELS_FDISC: +@@ -1707,11 +1705,10 @@ static int fcoe_ctlr_flogi_send_locked(s + static int fcoe_ctlr_flogi_retry(struct fcoe_ctlr *fip) + { + struct fcoe_fcf *fcf; +- unsigned long flags; + int error; + + mutex_lock(&fip->ctlr_mutex); +- spin_lock_irqsave(&fip->ctlr_lock, flags); ++ spin_lock_bh(&fip->ctlr_lock); + LIBFCOE_FIP_DBG(fip, "re-sending FLOGI - reselect\n"); + fcf = fcoe_ctlr_select(fip); + if (!fcf || fcf->flogi_sent) { +@@ -1722,7 +1719,7 @@ static int fcoe_ctlr_flogi_retry(struct + fcoe_ctlr_solicit(fip, NULL); + error = fcoe_ctlr_flogi_send_locked(fip); + } +- spin_unlock_irqrestore(&fip->ctlr_lock, flags); ++ spin_unlock_bh(&fip->ctlr_lock); + mutex_unlock(&fip->ctlr_mutex); + return error; + } +@@ -1739,9 +1736,8 @@ static int fcoe_ctlr_flogi_retry(struct + static void fcoe_ctlr_flogi_send(struct fcoe_ctlr *fip) + { + struct fcoe_fcf *fcf; +- unsigned long flags; + +- spin_lock_irqsave(&fip->ctlr_lock, flags); ++ spin_lock_bh(&fip->ctlr_lock); + fcf = fip->sel_fcf; + if (!fcf || !fip->flogi_req_send) + goto unlock; +@@ -1768,7 +1764,7 @@ static void fcoe_ctlr_flogi_send(struct + } else /* XXX */ + LIBFCOE_FIP_DBG(fip, "No FCF selected - defer send\n"); + unlock: +- spin_unlock_irqrestore(&fip->ctlr_lock, flags); ++ spin_unlock_bh(&fip->ctlr_lock); + } + + /** diff --git a/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter-in-v6.patch b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter-in-v6.patch new file mode 100644 index 00000000000..94a84b3e530 --- /dev/null +++ b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter-in-v6.patch @@ -0,0 +1,39 @@ +From 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Wed, 31 Jan 2024 22:49:48 +0100 +Subject: selftests: mptcp: add missing kconfig for NF Filter in v6 + +From: Matthieu Baerts (NGI0) + +commit 8c86fad2cecdc6bf7283ecd298b4d0555bd8b8aa upstream. + +Since the commit mentioned below, 'mptcp_join' selftests is using +IPTables to add rules to the Filter table for IPv6. + +It is then required to have IP6_NF_FILTER KConfig. + +This KConfig is usually enabled by default in many defconfig, but we +recently noticed that some CI were running our selftests without them +enabled. + +Fixes: 523514ed0a99 ("selftests: mptcp: add ADD_ADDR IPv6 test cases") +Cc: stable@vger.kernel.org +Reviewed-by: Geliang Tang +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-3-4c1c11e571ff@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/config | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/net/mptcp/config ++++ b/tools/testing/selftests/net/mptcp/config +@@ -25,6 +25,7 @@ CONFIG_IP_MULTIPLE_TABLES=y + CONFIG_IP_NF_FILTER=m + CONFIG_IP_NF_TARGET_REJECT=m + CONFIG_IPV6_MULTIPLE_TABLES=y ++CONFIG_IP6_NF_FILTER=m + CONFIG_NET_ACT_CSUM=m + CONFIG_NET_ACT_PEDIT=m + CONFIG_NET_CLS_ACT=y diff --git a/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter.patch b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter.patch new file mode 100644 index 00000000000..c84995d2d74 --- /dev/null +++ b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-filter.patch @@ -0,0 +1,38 @@ +From 3645c844902bd4e173d6704fc2a37e8746904d67 Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Wed, 31 Jan 2024 22:49:47 +0100 +Subject: selftests: mptcp: add missing kconfig for NF Filter + +From: Matthieu Baerts (NGI0) + +commit 3645c844902bd4e173d6704fc2a37e8746904d67 upstream. + +Since the commit mentioned below, 'mptcp_join' selftests is using +IPTables to add rules to the Filter table. + +It is then required to have IP_NF_FILTER KConfig. + +This KConfig is usually enabled by default in many defconfig, but we +recently noticed that some CI were running our selftests without them +enabled. + +Fixes: 8d014eaa9254 ("selftests: mptcp: add ADD_ADDR timeout test case") +Cc: stable@vger.kernel.org +Reviewed-by: Geliang Tang +Signed-off-by: Matthieu Baerts (NGI0) +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/config | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/net/mptcp/config ++++ b/tools/testing/selftests/net/mptcp/config +@@ -22,6 +22,7 @@ CONFIG_NFT_TPROXY=m + CONFIG_NFT_SOCKET=m + CONFIG_IP_ADVANCED_ROUTER=y + CONFIG_IP_MULTIPLE_TABLES=y ++CONFIG_IP_NF_FILTER=m + CONFIG_IP_NF_TARGET_REJECT=m + CONFIG_IPV6_MULTIPLE_TABLES=y + CONFIG_NET_ACT_CSUM=m diff --git a/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-mangle.patch b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-mangle.patch new file mode 100644 index 00000000000..4c1b36617f9 --- /dev/null +++ b/queue-6.6/selftests-mptcp-add-missing-kconfig-for-nf-mangle.patch @@ -0,0 +1,37 @@ +From 2d41f10fa497182df9012d3e95d9cea24eb42e61 Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Wed, 31 Jan 2024 22:49:49 +0100 +Subject: selftests: mptcp: add missing kconfig for NF Mangle + +From: Matthieu Baerts (NGI0) + +commit 2d41f10fa497182df9012d3e95d9cea24eb42e61 upstream. + +Since the commit mentioned below, 'mptcp_join' selftests is using +IPTables to add rules to the Mangle table, only in IPv4. + +This KConfig is usually enabled by default in many defconfig, but we +recently noticed that some CI were running our selftests without them +enabled. + +Fixes: b6e074e171bc ("selftests: mptcp: add infinite map testcase") +Cc: stable@vger.kernel.org +Reviewed-by: Geliang Tang +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-4-4c1c11e571ff@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/config | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/net/mptcp/config ++++ b/tools/testing/selftests/net/mptcp/config +@@ -23,6 +23,7 @@ CONFIG_NFT_SOCKET=m + CONFIG_IP_ADVANCED_ROUTER=y + CONFIG_IP_MULTIPLE_TABLES=y + CONFIG_IP_NF_FILTER=m ++CONFIG_IP_NF_MANGLE=m + CONFIG_IP_NF_TARGET_REJECT=m + CONFIG_IPV6_MULTIPLE_TABLES=y + CONFIG_IP6_NF_FILTER=m diff --git a/queue-6.6/selftests-mptcp-add-mptcp_lib_kill_wait.patch b/queue-6.6/selftests-mptcp-add-mptcp_lib_kill_wait.patch new file mode 100644 index 00000000000..8c6ef849075 --- /dev/null +++ b/queue-6.6/selftests-mptcp-add-mptcp_lib_kill_wait.patch @@ -0,0 +1,181 @@ +From bdbef0a6ff10603895b0ba39f56bf874cb2b551a Mon Sep 17 00:00:00 2001 +From: Geliang Tang +Date: Tue, 28 Nov 2023 15:18:53 -0800 +Subject: selftests: mptcp: add mptcp_lib_kill_wait + +From: Geliang Tang + +commit bdbef0a6ff10603895b0ba39f56bf874cb2b551a upstream. + +To avoid duplicated code in different MPTCP selftests, we can add +and use helpers defined in mptcp_lib.sh. + +Export kill_wait() helper in userspace_pm.sh into mptcp_lib.sh and +rename it as mptcp_lib_kill_wait(). It can be used to instead of +kill_wait() in mptcp_join.sh. Use the new helper in both scripts. + +Reviewed-by: Matthieu Baerts +Signed-off-by: Geliang Tang +Signed-off-by: Mat Martineau +Link: https://lore.kernel.org/r/20231128-send-net-next-2023107-v4-9-8d6b94150f6b@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_join.sh | 10 +------ + tools/testing/selftests/net/mptcp/mptcp_lib.sh | 9 ++++++ + tools/testing/selftests/net/mptcp/userspace_pm.sh | 31 +++++++--------------- + 3 files changed, 22 insertions(+), 28 deletions(-) + +--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh +@@ -682,16 +682,10 @@ wait_mpj() + done + } + +-kill_wait() +-{ +- kill $1 > /dev/null 2>&1 +- wait $1 2>/dev/null +-} +- + kill_events_pids() + { +- kill_wait $evts_ns1_pid +- kill_wait $evts_ns2_pid ++ mptcp_lib_kill_wait $evts_ns1_pid ++ mptcp_lib_kill_wait $evts_ns2_pid + } + + kill_tests_wait() +--- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh +@@ -207,3 +207,12 @@ mptcp_lib_result_print_all_tap() { + printf "%s\n" "${subtest}" + done + } ++ ++# $1: PID ++mptcp_lib_kill_wait() { ++ [ "${1}" -eq 0 ] && return 0 ++ ++ kill -SIGUSR1 "${1}" > /dev/null 2>&1 ++ kill "${1}" > /dev/null 2>&1 ++ wait "${1}" 2>/dev/null ++} +--- a/tools/testing/selftests/net/mptcp/userspace_pm.sh ++++ b/tools/testing/selftests/net/mptcp/userspace_pm.sh +@@ -108,15 +108,6 @@ test_fail() + mptcp_lib_result_fail "${test_name}" + } + +-kill_wait() +-{ +- [ $1 -eq 0 ] && return 0 +- +- kill -SIGUSR1 $1 > /dev/null 2>&1 +- kill $1 > /dev/null 2>&1 +- wait $1 2>/dev/null +-} +- + # This function is used in the cleanup trap + #shellcheck disable=SC2317 + cleanup() +@@ -128,7 +119,7 @@ cleanup() + for pid in $client4_pid $server4_pid $client6_pid $server6_pid\ + $server_evts_pid $client_evts_pid + do +- kill_wait $pid ++ mptcp_lib_kill_wait $pid + done + + local netns +@@ -210,7 +201,7 @@ make_connection() + fi + :>"$client_evts" + if [ $client_evts_pid -ne 0 ]; then +- kill_wait $client_evts_pid ++ mptcp_lib_kill_wait $client_evts_pid + fi + ip netns exec "$ns2" ./pm_nl_ctl events >> "$client_evts" 2>&1 & + client_evts_pid=$! +@@ -219,7 +210,7 @@ make_connection() + fi + :>"$server_evts" + if [ $server_evts_pid -ne 0 ]; then +- kill_wait $server_evts_pid ++ mptcp_lib_kill_wait $server_evts_pid + fi + ip netns exec "$ns1" ./pm_nl_ctl events >> "$server_evts" 2>&1 & + server_evts_pid=$! +@@ -627,7 +618,7 @@ test_subflows() + "10.0.2.2" "$client4_port" "23" "$client_addr_id" "ns1" "ns2" + + # Delete the listener from the client ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + local sport + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$server_evts") +@@ -666,7 +657,7 @@ test_subflows() + "$client_addr_id" "ns1" "ns2" + + # Delete the listener from the client ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$server_evts") + +@@ -705,7 +696,7 @@ test_subflows() + "$client_addr_id" "ns1" "ns2" + + # Delete the listener from the client ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$server_evts") + +@@ -743,7 +734,7 @@ test_subflows() + "10.0.2.1" "$app4_port" "23" "$server_addr_id" "ns2" "ns1" + + # Delete the listener from the server ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$client_evts") + +@@ -782,7 +773,7 @@ test_subflows() + "$server_addr_id" "ns2" "ns1" + + # Delete the listener from the server ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$client_evts") + +@@ -819,7 +810,7 @@ test_subflows() + "10.0.2.2" "10.0.2.1" "$new4_port" "23" "$server_addr_id" "ns2" "ns1" + + # Delete the listener from the server ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$client_evts") + +@@ -865,7 +856,7 @@ test_subflows_v4_v6_mix() + "$server_addr_id" "ns2" "ns1" + + # Delete the listener from the server ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sport=$(sed --unbuffered -n 's/.*\(sport:\)\([[:digit:]]*\).*$/\2/p;q' "$client_evts") + +@@ -982,7 +973,7 @@ test_listener() + sleep 0.5 + + # Delete the listener from the client ns, if one was created +- kill_wait $listener_pid ++ mptcp_lib_kill_wait $listener_pid + + sleep 0.5 + verify_listener_events $client_evts $LISTENER_CLOSED $AF_INET 10.0.2.2 $client4_port diff --git a/queue-6.6/selftests-mptcp-allow-changing-subtests-prefix.patch b/queue-6.6/selftests-mptcp-allow-changing-subtests-prefix.patch new file mode 100644 index 00000000000..fd3032af971 --- /dev/null +++ b/queue-6.6/selftests-mptcp-allow-changing-subtests-prefix.patch @@ -0,0 +1,46 @@ +From de46d138e7735eded9756906747fd3a8c3a42225 Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Wed, 31 Jan 2024 22:49:52 +0100 +Subject: selftests: mptcp: allow changing subtests prefix + +From: Matthieu Baerts (NGI0) + +commit de46d138e7735eded9756906747fd3a8c3a42225 upstream. + +If a CI executes the same selftest multiple times with different +options, all results from the same subtests will have the same title, +which confuse the CI. With the same title printed in TAP, the tests are +considered as the same ones. + +Now, it is possible to override this prefix by using MPTCP_LIB_KSFT_TEST +env var, and have a different title. + +While at it, use 'basename' to remove the suffix as well instead of +using an extra 'sed'. + +Fixes: c4192967e62f ("selftests: mptcp: lib: format subtests results in TAP") +Cc: stable@vger.kernel.org +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-7-4c1c11e571ff@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_lib.sh | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/selftests/net/mptcp/mptcp_lib.sh b/tools/testing/selftests/net/mptcp/mptcp_lib.sh +index 022262a2cfe0..3a2abae5993e 100644 +--- a/tools/testing/selftests/net/mptcp/mptcp_lib.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_lib.sh +@@ -6,7 +6,7 @@ readonly KSFT_FAIL=1 + readonly KSFT_SKIP=4 + + # shellcheck disable=SC2155 # declare and assign separately +-readonly KSFT_TEST=$(basename "${0}" | sed 's/\.sh$//g') ++readonly KSFT_TEST="${MPTCP_LIB_KSFT_TEST:-$(basename "${0}" .sh)}" + + MPTCP_LIB_SUBTESTS=() + +-- +2.43.2 + diff --git a/queue-6.6/selftests-mptcp-increase-timeout-to-30-min.patch b/queue-6.6/selftests-mptcp-increase-timeout-to-30-min.patch new file mode 100644 index 00000000000..011031da6d9 --- /dev/null +++ b/queue-6.6/selftests-mptcp-increase-timeout-to-30-min.patch @@ -0,0 +1,38 @@ +From 4d4dfb2019d7010efb65926d9d1c1793f9a367c6 Mon Sep 17 00:00:00 2001 +From: "Matthieu Baerts (NGI0)" +Date: Wed, 31 Jan 2024 22:49:50 +0100 +Subject: selftests: mptcp: increase timeout to 30 min + +From: Matthieu Baerts (NGI0) + +commit 4d4dfb2019d7010efb65926d9d1c1793f9a367c6 upstream. + +On very slow environments -- e.g. when QEmu is used without KVM --, +mptcp_join.sh selftest can take a bit more than 20 minutes. Bump the +default timeout by 50% as it seems normal to take that long on some +environments. + +When a debug kernel config is used, this selftest will take even longer, +but that's certainly not a common test env to consider for the timeout. + +The Fixes tag that has been picked here is there simply to help having +this patch backported to older stable versions. It is difficult to point +to the exact commit that made some env reaching the timeout from time to +time. + +Fixes: d17b968b9876 ("selftests: mptcp: increase timeout to 20 minutes") +Cc: stable@vger.kernel.org +Acked-by: Paolo Abeni +Signed-off-by: Matthieu Baerts (NGI0) +Link: https://lore.kernel.org/r/20240131-upstream-net-20240131-mptcp-ci-issues-v1-5-4c1c11e571ff@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/settings | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/tools/testing/selftests/net/mptcp/settings ++++ b/tools/testing/selftests/net/mptcp/settings +@@ -1 +1 @@ +-timeout=1200 ++timeout=1800 diff --git a/queue-6.6/series b/queue-6.6/series index a923d3c99cf..b53ff6135b0 100644 --- a/queue-6.6/series +++ b/queue-6.6/series @@ -102,3 +102,62 @@ i2c-pasemi-split-driver-into-two-separate-modules.patch i2c-i801-fix-block-process-call-transactions.patch modpost-trim-leading-spaces-when-processing-source-f.patch kallsyms-ignore-armv4-thunks-along-with-others.patch +mptcp-fix-data-re-injection-from-stale-subflow.patch +selftests-mptcp-add-missing-kconfig-for-nf-filter.patch +selftests-mptcp-add-missing-kconfig-for-nf-filter-in-v6.patch +selftests-mptcp-add-missing-kconfig-for-nf-mangle.patch +selftests-mptcp-increase-timeout-to-30-min.patch +selftests-mptcp-allow-changing-subtests-prefix.patch +selftests-mptcp-add-mptcp_lib_kill_wait.patch +mptcp-drop-the-push_pending-field.patch +mptcp-fix-rcv-space-initialization.patch +mptcp-check-addrs-list-in-userspace_pm_get_local_id.patch +mptcp-really-cope-with-fastopen-race.patch +revert-powerpc-pseries-iommu-fix-iommu-initialisation-during-dlpar-add.patch +media-revert-media-rkisp1-drop-irqf_shared.patch +scsi-revert-scsi-fcoe-fix-potential-deadlock-on-fip-ctlr_lock.patch +revert-drm-amd-flush-any-delayed-gfxoff-on-suspend-entry.patch +revert-drm-msm-gpu-push-gpu-lock-down-past-runpm.patch +connector-cn_proc-revert-connector-fix-proc_event_num_listeners-count-not-cleared.patch +drm-virtio-set-segment-size-for-virtio_gpu-device.patch +drm-amdgpu-reset-ih-overflow_clear-bit.patch +drm-amd-don-t-init-mec2-firmware-when-it-fails-to-load.patch +lsm-fix-default-return-value-of-the-socket_getpeersec_-hooks.patch +lsm-fix-the-logic-in-security_inode_getsecctx.patch +firewire-core-correct-documentation-of-fw_csr_string-kernel-api.patch +alsa-hda-realtek-apply-headset-jack-quirk-for-non-bass-alc287-thinkpads.patch +kbuild-fix-changing-elf-file-type-for-output-of-gen_btf-for-big-endian.patch +nfc-nci-free-rx_data_reassembly-skb-on-nci-device-cleanup.patch +net-hsr-remove-warn_once-in-send_hsr_supervision_frame.patch +net-stmmac-do-not-clear-tbs-enable-bit-on-link-up-down.patch +parisc-btlb-fix-crash-when-setting-up-btlb-at-cpu-bringup.patch +xen-netback-properly-sync-tx-responses.patch +um-fix-adding-no-pie-for-clang.patch +modpost-add-.ltext-and-.ltext.-to-text_sections.patch +alsa-hda-realtek-enable-headset-mic-on-vaio-vjfe-adl.patch +alsa-hda-realtek-add-speaker-pin-verbtable-for-dell-dual-speaker-platform.patch +asoc-codecs-wcd938x-handle-deferred-probe.patch +alsa-hda-cs8409-suppress-vmaster-control-for-dolphin-models.patch +alsa-hda-realtek-fix-mute-micmute-leds-for-hp-zbook-power.patch +binder-signal-epoll-threads-of-self-work.patch +misc-fastrpc-mark-all-sessions-as-invalid-in-cb_remove.patch +ext4-fix-double-free-of-blocks-due-to-wrong-extents-moved_len.patch +ext4-avoid-bb_free-and-bb_fragments-inconsistency-in-mb_free_blocks.patch +tracing-timerlat-move-hrtimer_init-to-timerlat_fd-open.patch +tracing-fix-wasted-memory-in-saved_cmdlines-logic.patch +tracing-synthetic-fix-trace_string-return-value.patch +tracing-probes-fix-to-show-a-parse-error-for-bad-type-for-comm.patch +tracing-probes-fix-to-set-arg-size-and-fmt-after-setting-type-from-btf.patch +tracing-probes-fix-to-search-structure-fields-correctly.patch +revert-workqueue-override-implicit-ordered-attribute-in-workqueue_apply_unbound_cpumask.patch +staging-iio-ad5933-fix-type-mismatch-regression.patch +iio-magnetometer-rm3100-add-boundary-check-for-the-value-read-from-rm3100_reg_tmrc.patch +iio-core-fix-memleak-in-iio_device_register_sysfs.patch +iio-commom-st_sensors-ensure-proper-dma-alignment.patch +iio-accel-bma400-fix-a-compilation-problem.patch +iio-adc-ad_sigma_delta-ensure-proper-dma-alignment.patch +iio-imu-adis-ensure-proper-dma-alignment.patch +iio-imu-bno055-serdev-requires-regmap.patch +iio-pressure-bmp280-add-missing-bmp085-to-spi-id-table.patch +pmdomain-mediatek-fix-race-conditions-with-genpd.patch +media-rc-bpf-attach-detach-requires-write-permission.patch diff --git a/queue-6.6/staging-iio-ad5933-fix-type-mismatch-regression.patch b/queue-6.6/staging-iio-ad5933-fix-type-mismatch-regression.patch new file mode 100644 index 00000000000..f678db9bd94 --- /dev/null +++ b/queue-6.6/staging-iio-ad5933-fix-type-mismatch-regression.patch @@ -0,0 +1,42 @@ +From 6db053cd949fcd6254cea9f2cd5d39f7bd64379c Mon Sep 17 00:00:00 2001 +From: David Schiller +Date: Mon, 22 Jan 2024 14:49:17 +0100 +Subject: staging: iio: ad5933: fix type mismatch regression + +From: David Schiller + +commit 6db053cd949fcd6254cea9f2cd5d39f7bd64379c upstream. + +Commit 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse +warning") fixed a compiler warning, but introduced a bug that resulted +in one of the two 16 bit IIO channels always being zero (when both are +enabled). + +This is because int is 32 bits wide on most architectures and in the +case of a little-endian machine the two most significant bytes would +occupy the buffer for the second channel as 'val' is being passed as a +void pointer to 'iio_push_to_buffers()'. + +Fix by defining 'val' as u16. Tested working on ARM64. + +Fixes: 4c3577db3e4f ("Staging: iio: impedance-analyzer: Fix sparse warning") +Signed-off-by: David Schiller +Link: https://lore.kernel.org/r/20240122134916.2137957-1-david.schiller@jku.at +Cc: +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/staging/iio/impedance-analyzer/ad5933.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/staging/iio/impedance-analyzer/ad5933.c ++++ b/drivers/staging/iio/impedance-analyzer/ad5933.c +@@ -608,7 +608,7 @@ static void ad5933_work(struct work_stru + struct ad5933_state, work.work); + struct iio_dev *indio_dev = i2c_get_clientdata(st->client); + __be16 buf[2]; +- int val[2]; ++ u16 val[2]; + unsigned char status; + int ret; + diff --git a/queue-6.6/tracing-fix-wasted-memory-in-saved_cmdlines-logic.patch b/queue-6.6/tracing-fix-wasted-memory-in-saved_cmdlines-logic.patch new file mode 100644 index 00000000000..20f4838a1a6 --- /dev/null +++ b/queue-6.6/tracing-fix-wasted-memory-in-saved_cmdlines-logic.patch @@ -0,0 +1,181 @@ +From 44dc5c41b5b1267d4dd037d26afc0c4d3a568acb Mon Sep 17 00:00:00 2001 +From: "Steven Rostedt (Google)" +Date: Fri, 9 Feb 2024 06:36:22 -0500 +Subject: tracing: Fix wasted memory in saved_cmdlines logic + +From: Steven Rostedt (Google) + +commit 44dc5c41b5b1267d4dd037d26afc0c4d3a568acb upstream. + +While looking at improving the saved_cmdlines cache I found a huge amount +of wasted memory that should be used for the cmdlines. + +The tracing data saves pids during the trace. At sched switch, if a trace +occurred, it will save the comm of the task that did the trace. This is +saved in a "cache" that maps pids to comms and exposed to user space via +the /sys/kernel/tracing/saved_cmdlines file. Currently it only caches by +default 128 comms. + +The structure that uses this creates an array to store the pids using +PID_MAX_DEFAULT (which is usually set to 32768). This causes the structure +to be of the size of 131104 bytes on 64 bit machines. + +In hex: 131104 = 0x20020, and since the kernel allocates generic memory in +powers of two, the kernel would allocate 0x40000 or 262144 bytes to store +this structure. That leaves 131040 bytes of wasted space. + +Worse, the structure points to an allocated array to store the comm names, +which is 16 bytes times the amount of names to save (currently 128), which +is 2048 bytes. Instead of allocating a separate array, make the structure +end with a variable length string and use the extra space for that. + +This is similar to a recommendation that Linus had made about eventfs_inode names: + + https://lore.kernel.org/all/20240130190355.11486-5-torvalds@linux-foundation.org/ + +Instead of allocating a separate string array to hold the saved comms, +have the structure end with: char saved_cmdlines[]; and round up to the +next power of two over sizeof(struct saved_cmdline_buffers) + num_cmdlines * TASK_COMM_LEN +It will use this extra space for the saved_cmdline portion. + +Now, instead of saving only 128 comms by default, by using this wasted +space at the end of the structure it can save over 8000 comms and even +saves space by removing the need for allocating the other array. + +Link: https://lore.kernel.org/linux-trace-kernel/20240209063622.1f7b6d5f@rorschach.local.home + +Cc: stable@vger.kernel.org +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Cc: Vincent Donnefort +Cc: Sven Schnelle +Cc: Mete Durlu +Fixes: 939c7a4f04fcd ("tracing: Introduce saved_cmdlines_size file") +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace.c | 75 +++++++++++++++++++++++++-------------------------- + 1 file changed, 37 insertions(+), 38 deletions(-) + +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -2311,7 +2311,7 @@ struct saved_cmdlines_buffer { + unsigned *map_cmdline_to_pid; + unsigned cmdline_num; + int cmdline_idx; +- char *saved_cmdlines; ++ char saved_cmdlines[]; + }; + static struct saved_cmdlines_buffer *savedcmd; + +@@ -2325,47 +2325,58 @@ static inline void set_cmdline(int idx, + strncpy(get_saved_cmdlines(idx), cmdline, TASK_COMM_LEN); + } + +-static int allocate_cmdlines_buffer(unsigned int val, +- struct saved_cmdlines_buffer *s) ++static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) + { ++ int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN); ++ ++ kfree(s->map_cmdline_to_pid); ++ free_pages((unsigned long)s, order); ++} ++ ++static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val) ++{ ++ struct saved_cmdlines_buffer *s; ++ struct page *page; ++ int orig_size, size; ++ int order; ++ ++ /* Figure out how much is needed to hold the given number of cmdlines */ ++ orig_size = sizeof(*s) + val * TASK_COMM_LEN; ++ order = get_order(orig_size); ++ size = 1 << (order + PAGE_SHIFT); ++ page = alloc_pages(GFP_KERNEL, order); ++ if (!page) ++ return NULL; ++ ++ s = page_address(page); ++ memset(s, 0, sizeof(*s)); ++ ++ /* Round up to actual allocation */ ++ val = (size - sizeof(*s)) / TASK_COMM_LEN; ++ s->cmdline_num = val; ++ + s->map_cmdline_to_pid = kmalloc_array(val, + sizeof(*s->map_cmdline_to_pid), + GFP_KERNEL); +- if (!s->map_cmdline_to_pid) +- return -ENOMEM; +- +- s->saved_cmdlines = kmalloc_array(TASK_COMM_LEN, val, GFP_KERNEL); +- if (!s->saved_cmdlines) { +- kfree(s->map_cmdline_to_pid); +- return -ENOMEM; ++ if (!s->map_cmdline_to_pid) { ++ free_saved_cmdlines_buffer(s); ++ return NULL; + } + + s->cmdline_idx = 0; +- s->cmdline_num = val; + memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP, + sizeof(s->map_pid_to_cmdline)); + memset(s->map_cmdline_to_pid, NO_CMDLINE_MAP, + val * sizeof(*s->map_cmdline_to_pid)); + +- return 0; ++ return s; + } + + static int trace_create_savedcmd(void) + { +- int ret; +- +- savedcmd = kmalloc(sizeof(*savedcmd), GFP_KERNEL); +- if (!savedcmd) +- return -ENOMEM; ++ savedcmd = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT); + +- ret = allocate_cmdlines_buffer(SAVED_CMDLINES_DEFAULT, savedcmd); +- if (ret < 0) { +- kfree(savedcmd); +- savedcmd = NULL; +- return -ENOMEM; +- } +- +- return 0; ++ return savedcmd ? 0 : -ENOMEM; + } + + int is_tracing_stopped(void) +@@ -6056,26 +6067,14 @@ tracing_saved_cmdlines_size_read(struct + return simple_read_from_buffer(ubuf, cnt, ppos, buf, r); + } + +-static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s) +-{ +- kfree(s->saved_cmdlines); +- kfree(s->map_cmdline_to_pid); +- kfree(s); +-} +- + static int tracing_resize_saved_cmdlines(unsigned int val) + { + struct saved_cmdlines_buffer *s, *savedcmd_temp; + +- s = kmalloc(sizeof(*s), GFP_KERNEL); ++ s = allocate_cmdlines_buffer(val); + if (!s) + return -ENOMEM; + +- if (allocate_cmdlines_buffer(val, s) < 0) { +- kfree(s); +- return -ENOMEM; +- } +- + preempt_disable(); + arch_spin_lock(&trace_cmdline_lock); + savedcmd_temp = savedcmd; diff --git a/queue-6.6/tracing-probes-fix-to-search-structure-fields-correctly.patch b/queue-6.6/tracing-probes-fix-to-search-structure-fields-correctly.patch new file mode 100644 index 00000000000..b84f961d244 --- /dev/null +++ b/queue-6.6/tracing-probes-fix-to-search-structure-fields-correctly.patch @@ -0,0 +1,44 @@ +From 9704669c386f9bbfef2e002e7e690c56b7dcf5de Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Sat, 17 Feb 2024 21:25:42 +0900 +Subject: tracing/probes: Fix to search structure fields correctly + +From: Masami Hiramatsu (Google) + +commit 9704669c386f9bbfef2e002e7e690c56b7dcf5de upstream. + +Fix to search a field from the structure which has anonymous union +correctly. +Since the reference `type` pointer was updated in the loop, the search +loop suddenly aborted where it hits an anonymous union. Thus it can not +find the field after the anonymous union. This avoids updating the +cursor `type` pointer in the loop. + +Link: https://lore.kernel.org/all/170791694361.389532.10047514554799419688.stgit@devnote2/ + +Fixes: 302db0f5b3d8 ("tracing/probes: Add a function to search a member of a struct/union") +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_btf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/trace/trace_btf.c b/kernel/trace/trace_btf.c +index ca224d53bfdc..5bbdbcbbde3c 100644 +--- a/kernel/trace/trace_btf.c ++++ b/kernel/trace/trace_btf.c +@@ -91,8 +91,8 @@ const struct btf_member *btf_find_struct_member(struct btf *btf, + for_each_member(i, type, member) { + if (!member->name_off) { + /* Anonymous union/struct: push it for later use */ +- type = btf_type_skip_modifiers(btf, member->type, &tid); +- if (type && top < BTF_ANON_STACK_MAX) { ++ if (btf_type_skip_modifiers(btf, member->type, &tid) && ++ top < BTF_ANON_STACK_MAX) { + anon_stack[top].tid = tid; + anon_stack[top++].offset = + cur_offset + member->offset; +-- +2.43.2 + diff --git a/queue-6.6/tracing-probes-fix-to-set-arg-size-and-fmt-after-setting-type-from-btf.patch b/queue-6.6/tracing-probes-fix-to-set-arg-size-and-fmt-after-setting-type-from-btf.patch new file mode 100644 index 00000000000..fcb12490dce --- /dev/null +++ b/queue-6.6/tracing-probes-fix-to-set-arg-size-and-fmt-after-setting-type-from-btf.patch @@ -0,0 +1,69 @@ +From 9a571c1e275cedacd48c66a6bddd0c23f1dffdbf Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Wed, 24 Jan 2024 00:03:02 +0900 +Subject: tracing/probes: Fix to set arg size and fmt after setting type from BTF + +From: Masami Hiramatsu (Google) + +commit 9a571c1e275cedacd48c66a6bddd0c23f1dffdbf upstream. + +Since the BTF type setting updates probe_arg::type, the type size +calculation and setting print-fmt should be done after that. +Without this fix, the argument size and print-fmt can be wrong. + +Link: https://lore.kernel.org/all/170602218196.215583.6417859469540955777.stgit@devnote2/ + +Fixes: b576e09701c7 ("tracing/probes: Support function parameters if BTF is available") +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_probe.c | 25 +++++++++++++------------ + 1 file changed, 13 insertions(+), 12 deletions(-) + +diff --git a/kernel/trace/trace_probe.c b/kernel/trace/trace_probe.c +index c6da5923e5b9..34289f9c6707 100644 +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -1172,18 +1172,6 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, + trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), BAD_TYPE); + goto out; + } +- parg->offset = *size; +- *size += parg->type->size * (parg->count ?: 1); +- +- ret = -ENOMEM; +- if (parg->count) { +- len = strlen(parg->type->fmttype) + 6; +- parg->fmt = kmalloc(len, GFP_KERNEL); +- if (!parg->fmt) +- goto out; +- snprintf(parg->fmt, len, "%s[%d]", parg->type->fmttype, +- parg->count); +- } + + code = tmp = kcalloc(FETCH_INSN_MAX, sizeof(*code), GFP_KERNEL); + if (!code) +@@ -1207,6 +1195,19 @@ static int traceprobe_parse_probe_arg_body(const char *argv, ssize_t *size, + goto fail; + } + } ++ parg->offset = *size; ++ *size += parg->type->size * (parg->count ?: 1); ++ ++ if (parg->count) { ++ len = strlen(parg->type->fmttype) + 6; ++ parg->fmt = kmalloc(len, GFP_KERNEL); ++ if (!parg->fmt) { ++ ret = -ENOMEM; ++ goto out; ++ } ++ snprintf(parg->fmt, len, "%s[%d]", parg->type->fmttype, ++ parg->count); ++ } + + ret = -EINVAL; + /* Store operation */ +-- +2.43.2 + diff --git a/queue-6.6/tracing-probes-fix-to-show-a-parse-error-for-bad-type-for-comm.patch b/queue-6.6/tracing-probes-fix-to-show-a-parse-error-for-bad-type-for-comm.patch new file mode 100644 index 00000000000..a07ae02cea8 --- /dev/null +++ b/queue-6.6/tracing-probes-fix-to-show-a-parse-error-for-bad-type-for-comm.patch @@ -0,0 +1,65 @@ +From 8c427cc2fa73684ea140999e121b7b6c1c717632 Mon Sep 17 00:00:00 2001 +From: "Masami Hiramatsu (Google)" +Date: Wed, 24 Jan 2024 00:02:34 +0900 +Subject: tracing/probes: Fix to show a parse error for bad type for $comm + +From: Masami Hiramatsu (Google) + +commit 8c427cc2fa73684ea140999e121b7b6c1c717632 upstream. + +Fix to show a parse error for bad type (non-string) for $comm/$COMM and +immediate-string. With this fix, error_log file shows appropriate error +message as below. + + /sys/kernel/tracing # echo 'p vfs_read $comm:u32' >> kprobe_events +sh: write error: Invalid argument + /sys/kernel/tracing # echo 'p vfs_read \"hoge":u32' >> kprobe_events +sh: write error: Invalid argument + /sys/kernel/tracing # cat error_log + +[ 30.144183] trace_kprobe: error: $comm and immediate-string only accepts string type + Command: p vfs_read $comm:u32 + ^ +[ 62.618500] trace_kprobe: error: $comm and immediate-string only accepts string type + Command: p vfs_read \"hoge":u32 + ^ +Link: https://lore.kernel.org/all/170602215411.215583.2238016352271091852.stgit@devnote2/ + +Fixes: 3dd1f7f24f8c ("tracing: probeevent: Fix to make the type of $comm string") +Cc: stable@vger.kernel.org +Signed-off-by: Masami Hiramatsu (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_probe.c | 7 +++++-- + kernel/trace/trace_probe.h | 3 ++- + 2 files changed, 7 insertions(+), 3 deletions(-) + +--- a/kernel/trace/trace_probe.c ++++ b/kernel/trace/trace_probe.c +@@ -1159,9 +1159,12 @@ static int traceprobe_parse_probe_arg_bo + if (!(ctx->flags & TPARG_FL_TEVENT) && + (strcmp(arg, "$comm") == 0 || strcmp(arg, "$COMM") == 0 || + strncmp(arg, "\\\"", 2) == 0)) { +- /* The type of $comm must be "string", and not an array. */ +- if (parg->count || (t && strcmp(t, "string"))) ++ /* The type of $comm must be "string", and not an array type. */ ++ if (parg->count || (t && strcmp(t, "string"))) { ++ trace_probe_log_err(ctx->offset + (t ? (t - arg) : 0), ++ NEED_STRING_TYPE); + goto out; ++ } + parg->type = find_fetch_type("string", ctx->flags); + } else + parg->type = find_fetch_type(t, ctx->flags); +--- a/kernel/trace/trace_probe.h ++++ b/kernel/trace/trace_probe.h +@@ -515,7 +515,8 @@ extern int traceprobe_define_arg_fields( + C(BAD_HYPHEN, "Failed to parse single hyphen. Forgot '>'?"), \ + C(NO_BTF_FIELD, "This field is not found."), \ + C(BAD_BTF_TID, "Failed to get BTF type info."),\ +- C(BAD_TYPE4STR, "This type does not fit for string."), ++ C(BAD_TYPE4STR, "This type does not fit for string."),\ ++ C(NEED_STRING_TYPE, "$comm and immediate-string only accepts string type"), + + #undef C + #define C(a, b) TP_ERR_##a diff --git a/queue-6.6/tracing-synthetic-fix-trace_string-return-value.patch b/queue-6.6/tracing-synthetic-fix-trace_string-return-value.patch new file mode 100644 index 00000000000..113eeea2811 --- /dev/null +++ b/queue-6.6/tracing-synthetic-fix-trace_string-return-value.patch @@ -0,0 +1,44 @@ +From 9b6326354cf9a41521b79287da3bfab022ae0b6d Mon Sep 17 00:00:00 2001 +From: Thorsten Blum +Date: Wed, 14 Feb 2024 23:05:56 +0100 +Subject: tracing/synthetic: Fix trace_string() return value + +From: Thorsten Blum + +commit 9b6326354cf9a41521b79287da3bfab022ae0b6d upstream. + +Fix trace_string() by assigning the string length to the return variable +which got lost in commit ddeea494a16f ("tracing/synthetic: Use union +instead of casts") and caused trace_string() to always return 0. + +Link: https://lore.kernel.org/linux-trace-kernel/20240214220555.711598-1-thorsten.blum@toblux.com + +Cc: stable@vger.kernel.org +Cc: Mathieu Desnoyers +Fixes: ddeea494a16f ("tracing/synthetic: Use union instead of casts") +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Thorsten Blum +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_events_synth.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/kernel/trace/trace_events_synth.c b/kernel/trace/trace_events_synth.c +index e7af286af4f1..c82b401a294d 100644 +--- a/kernel/trace/trace_events_synth.c ++++ b/kernel/trace/trace_events_synth.c +@@ -441,8 +441,9 @@ static unsigned int trace_string(struct synth_trace_event *entry, + if (is_dynamic) { + union trace_synth_field *data = &entry->fields[*n_u64]; + ++ len = fetch_store_strlen((unsigned long)str_val); + data->as_dynamic.offset = struct_size(entry, fields, event->n_u64) + data_size; +- data->as_dynamic.len = fetch_store_strlen((unsigned long)str_val); ++ data->as_dynamic.len = len; + + ret = fetch_store_string((unsigned long)str_val, &entry->fields[*n_u64], entry); + +-- +2.43.2 + diff --git a/queue-6.6/tracing-timerlat-move-hrtimer_init-to-timerlat_fd-open.patch b/queue-6.6/tracing-timerlat-move-hrtimer_init-to-timerlat_fd-open.patch new file mode 100644 index 00000000000..d5a363214db --- /dev/null +++ b/queue-6.6/tracing-timerlat-move-hrtimer_init-to-timerlat_fd-open.patch @@ -0,0 +1,128 @@ +From 1389358bb008e7625942846e9f03554319b7fecc Mon Sep 17 00:00:00 2001 +From: Daniel Bristot de Oliveira +Date: Thu, 1 Feb 2024 16:13:39 +0100 +Subject: tracing/timerlat: Move hrtimer_init to timerlat_fd open() + +From: Daniel Bristot de Oliveira + +commit 1389358bb008e7625942846e9f03554319b7fecc upstream. + +Currently, the timerlat's hrtimer is initialized at the first read of +timerlat_fd, and destroyed at close(). It works, but it causes an error +if the user program open() and close() the file without reading. + +Here's an example: + + # echo NO_OSNOISE_WORKLOAD > /sys/kernel/debug/tracing/osnoise/options + # echo timerlat > /sys/kernel/debug/tracing/current_tracer + + # cat < ./timerlat_load.py + # !/usr/bin/env python3 + + timerlat_fd = open("/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd", 'r') + timerlat_fd.close(); + EOF + + # ./taskset -c 0 ./timerlat_load.py + + + BUG: kernel NULL pointer dereference, address: 0000000000000010 + #PF: supervisor read access in kernel mode + #PF: error_code(0x0000) - not-present page + PGD 0 P4D 0 + Oops: 0000 [#1] PREEMPT SMP NOPTI + CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1 + Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 + RIP: 0010:hrtimer_active+0xd/0x50 + Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 <8b> 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d + RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286 + RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000 + RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08 + RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70 + R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08 + R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000 + FS: 00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0 + PKRU: 55555554 + Call Trace: + + ? __die+0x23/0x70 + ? page_fault_oops+0x171/0x4e0 + ? srso_alias_return_thunk+0x5/0x7f + ? avc_has_extended_perms+0x237/0x520 + ? exc_page_fault+0x7f/0x180 + ? asm_exc_page_fault+0x26/0x30 + ? hrtimer_active+0xd/0x50 + hrtimer_cancel+0x15/0x40 + timerlat_fd_release+0x48/0xe0 + __fput+0xf5/0x290 + __x64_sys_close+0x3d/0x80 + do_syscall_64+0x60/0x90 + ? srso_alias_return_thunk+0x5/0x7f + ? __x64_sys_ioctl+0x72/0xd0 + ? srso_alias_return_thunk+0x5/0x7f + ? syscall_exit_to_user_mode+0x2b/0x40 + ? srso_alias_return_thunk+0x5/0x7f + ? do_syscall_64+0x6c/0x90 + ? srso_alias_return_thunk+0x5/0x7f + ? exit_to_user_mode_prepare+0x142/0x1f0 + ? srso_alias_return_thunk+0x5/0x7f + ? syscall_exit_to_user_mode+0x2b/0x40 + ? srso_alias_return_thunk+0x5/0x7f + ? do_syscall_64+0x6c/0x90 + entry_SYSCALL_64_after_hwframe+0x6e/0xd8 + RIP: 0033:0x7f2ffb321594 + Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d + RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003 + RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594 + RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 + RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000 + R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003 + R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668 + + CR2: 0000000000000010 + ---[ end trace 0000000000000000 ]--- + +Move hrtimer_init to timerlat_fd open() to avoid this problem. + +Link: https://lore.kernel.org/linux-trace-kernel/7324dd3fc0035658c99b825204a66049389c56e3.1706798888.git.bristot@kernel.org + +Cc: Masami Hiramatsu +Cc: Mathieu Desnoyers +Cc: stable@vger.kernel.org +Fixes: e88ed227f639 ("tracing/timerlat: Add user-space interface") +Signed-off-by: Daniel Bristot de Oliveira +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Greg Kroah-Hartman +--- + kernel/trace/trace_osnoise.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/trace_osnoise.c b/kernel/trace/trace_osnoise.c +index bd0d01d00fb9..a8e28f9b9271 100644 +--- a/kernel/trace/trace_osnoise.c ++++ b/kernel/trace/trace_osnoise.c +@@ -2444,6 +2444,9 @@ static int timerlat_fd_open(struct inode *inode, struct file *file) + tlat = this_cpu_tmr_var(); + tlat->count = 0; + ++ hrtimer_init(&tlat->timer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS_PINNED_HARD); ++ tlat->timer.function = timerlat_irq; ++ + migrate_enable(); + return 0; + }; +@@ -2526,9 +2529,6 @@ timerlat_fd_read(struct file *file, char __user *ubuf, size_t count, + tlat->tracing_thread = false; + tlat->kthread = current; + +- hrtimer_init(&tlat->timer, CLOCK_MONOTONIC, HRTIMER_MODE_ABS_PINNED_HARD); +- tlat->timer.function = timerlat_irq; +- + /* Annotate now to drift new period */ + tlat->abs_period = hrtimer_cb_get_time(&tlat->timer); + +-- +2.43.2 + diff --git a/queue-6.6/um-fix-adding-no-pie-for-clang.patch b/queue-6.6/um-fix-adding-no-pie-for-clang.patch new file mode 100644 index 00000000000..cef71092c0d --- /dev/null +++ b/queue-6.6/um-fix-adding-no-pie-for-clang.patch @@ -0,0 +1,63 @@ +From 846cfbeed09b45d985079a9173cf390cc053715b Mon Sep 17 00:00:00 2001 +From: Nathan Chancellor +Date: Tue, 23 Jan 2024 15:59:54 -0700 +Subject: um: Fix adding '-no-pie' for clang + +From: Nathan Chancellor + +commit 846cfbeed09b45d985079a9173cf390cc053715b upstream. + +The kernel builds with -fno-PIE, so commit 883354afbc10 ("um: link +vmlinux with -no-pie") added the compiler linker flag '-no-pie' via +cc-option because '-no-pie' was only supported in GCC 6.1.0 and newer. + +While this works for GCC, this does not work for clang because cc-option +uses '-c', which stops the pipeline right before linking, so '-no-pie' +is unconsumed and clang warns, causing cc-option to fail just as it +would if the option was entirely unsupported: + + $ clang -Werror -no-pie -c -o /dev/null -x c /dev/null + clang-16: error: argument unused during compilation: '-no-pie' [-Werror,-Wunused-command-line-argument] + +A recent version of clang exposes this because it generates a relocation +under '-mcmodel=large' that is not supported in PIE mode: + + /usr/sbin/ld: init/main.o: relocation R_X86_64_32 against symbol `saved_command_line' can not be used when making a PIE object; recompile with -fPIE + /usr/sbin/ld: failed to set dynamic section sizes: bad value + clang: error: linker command failed with exit code 1 (use -v to see invocation) + +Remove the cc-option check altogether. It is wasteful to invoke the +compiler to check for '-no-pie' because only one supported compiler +version does not support it, GCC 5.x (as it is supported with the +minimum version of clang and GCC 6.1.0+). Use a combination of the +gcc-min-version macro and CONFIG_CC_IS_CLANG to unconditionally add +'-no-pie' with CONFIG_LD_SCRIPT_DYN=y, so that it is enabled with all +compilers that support this. Furthermore, using gcc-min-version can help +turn this back into + + LINK-$(CONFIG_LD_SCRIPT_DYN) += -no-pie + +when the minimum version of GCC is bumped past 6.1.0. + +Cc: stable@vger.kernel.org +Closes: https://github.com/ClangBuiltLinux/linux/issues/1982 +Signed-off-by: Nathan Chancellor +Signed-off-by: Masahiro Yamada +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/Makefile | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/arch/um/Makefile ++++ b/arch/um/Makefile +@@ -115,7 +115,9 @@ archprepare: + $(Q)$(MAKE) $(build)=$(HOST_DIR)/um include/generated/user_constants.h + + LINK-$(CONFIG_LD_SCRIPT_STATIC) += -static +-LINK-$(CONFIG_LD_SCRIPT_DYN) += $(call cc-option, -no-pie) ++ifdef CONFIG_LD_SCRIPT_DYN ++LINK-$(call gcc-min-version, 60100)$(CONFIG_CC_IS_CLANG) += -no-pie ++endif + LINK-$(CONFIG_LD_SCRIPT_DYN_RPATH) += -Wl,-rpath,/lib + + CFLAGS_NO_HARDENING := $(call cc-option, -fno-PIC,) $(call cc-option, -fno-pic,) \ diff --git a/queue-6.6/xen-netback-properly-sync-tx-responses.patch b/queue-6.6/xen-netback-properly-sync-tx-responses.patch new file mode 100644 index 00000000000..ad884688316 --- /dev/null +++ b/queue-6.6/xen-netback-properly-sync-tx-responses.patch @@ -0,0 +1,205 @@ +From 7b55984c96ffe9e236eb9c82a2196e0b1f84990d Mon Sep 17 00:00:00 2001 +From: Jan Beulich +Date: Mon, 29 Jan 2024 14:03:08 +0100 +Subject: xen-netback: properly sync TX responses + +From: Jan Beulich + +commit 7b55984c96ffe9e236eb9c82a2196e0b1f84990d upstream. + +Invoking the make_tx_response() / push_tx_responses() pair with no lock +held would be acceptable only if all such invocations happened from the +same context (NAPI instance or dealloc thread). Since this isn't the +case, and since the interface "spec" also doesn't demand that multicast +operations may only be performed with no in-flight transmits, +MCAST_{ADD,DEL} processing also needs to acquire the response lock +around the invocations. + +To prevent similar mistakes going forward, "downgrade" the present +functions to private helpers of just the two remaining ones using them +directly, with no forward declarations anymore. This involves renaming +what so far was make_tx_response(), for the new function of that name +to serve the new (wrapper) purpose. + +While there, +- constify the txp parameters, +- correct xenvif_idx_release()'s status parameter's type, +- rename {,_}make_tx_response()'s status parameters for consistency with + xenvif_idx_release()'s. + +Fixes: 210c34dcd8d9 ("xen-netback: add support for multicast control") +Cc: stable@vger.kernel.org +Signed-off-by: Jan Beulich +Reviewed-by: Paul Durrant +Link: https://lore.kernel.org/r/980c6c3d-e10e-4459-8565-e8fbde122f00@suse.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/xen-netback/netback.c | 84 ++++++++++++++++++-------------------- + 1 file changed, 40 insertions(+), 44 deletions(-) + +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -104,13 +104,12 @@ bool provides_xdp_headroom = true; + module_param(provides_xdp_headroom, bool, 0644); + + static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, +- u8 status); ++ s8 status); + + static void make_tx_response(struct xenvif_queue *queue, +- struct xen_netif_tx_request *txp, ++ const struct xen_netif_tx_request *txp, + unsigned int extra_count, +- s8 st); +-static void push_tx_responses(struct xenvif_queue *queue); ++ s8 status); + + static void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx); + +@@ -208,13 +207,9 @@ static void xenvif_tx_err(struct xenvif_ + unsigned int extra_count, RING_IDX end) + { + RING_IDX cons = queue->tx.req_cons; +- unsigned long flags; + + do { +- spin_lock_irqsave(&queue->response_lock, flags); + make_tx_response(queue, txp, extra_count, XEN_NETIF_RSP_ERROR); +- push_tx_responses(queue); +- spin_unlock_irqrestore(&queue->response_lock, flags); + if (cons == end) + break; + RING_COPY_REQUEST(&queue->tx, cons++, txp); +@@ -465,12 +460,7 @@ static void xenvif_get_requests(struct x + for (shinfo->nr_frags = 0; nr_slots > 0 && shinfo->nr_frags < MAX_SKB_FRAGS; + nr_slots--) { + if (unlikely(!txp->size)) { +- unsigned long flags; +- +- spin_lock_irqsave(&queue->response_lock, flags); + make_tx_response(queue, txp, 0, XEN_NETIF_RSP_OKAY); +- push_tx_responses(queue); +- spin_unlock_irqrestore(&queue->response_lock, flags); + ++txp; + continue; + } +@@ -496,14 +486,8 @@ static void xenvif_get_requests(struct x + + for (shinfo->nr_frags = 0; shinfo->nr_frags < nr_slots; ++txp) { + if (unlikely(!txp->size)) { +- unsigned long flags; +- +- spin_lock_irqsave(&queue->response_lock, flags); + make_tx_response(queue, txp, 0, + XEN_NETIF_RSP_OKAY); +- push_tx_responses(queue); +- spin_unlock_irqrestore(&queue->response_lock, +- flags); + continue; + } + +@@ -995,7 +979,6 @@ static void xenvif_tx_build_gops(struct + (ret == 0) ? + XEN_NETIF_RSP_OKAY : + XEN_NETIF_RSP_ERROR); +- push_tx_responses(queue); + continue; + } + +@@ -1007,7 +990,6 @@ static void xenvif_tx_build_gops(struct + + make_tx_response(queue, &txreq, extra_count, + XEN_NETIF_RSP_OKAY); +- push_tx_responses(queue); + continue; + } + +@@ -1433,8 +1415,35 @@ int xenvif_tx_action(struct xenvif_queue + return work_done; + } + ++static void _make_tx_response(struct xenvif_queue *queue, ++ const struct xen_netif_tx_request *txp, ++ unsigned int extra_count, ++ s8 status) ++{ ++ RING_IDX i = queue->tx.rsp_prod_pvt; ++ struct xen_netif_tx_response *resp; ++ ++ resp = RING_GET_RESPONSE(&queue->tx, i); ++ resp->id = txp->id; ++ resp->status = status; ++ ++ while (extra_count-- != 0) ++ RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; ++ ++ queue->tx.rsp_prod_pvt = ++i; ++} ++ ++static void push_tx_responses(struct xenvif_queue *queue) ++{ ++ int notify; ++ ++ RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); ++ if (notify) ++ notify_remote_via_irq(queue->tx_irq); ++} ++ + static void xenvif_idx_release(struct xenvif_queue *queue, u16 pending_idx, +- u8 status) ++ s8 status) + { + struct pending_tx_info *pending_tx_info; + pending_ring_idx_t index; +@@ -1444,8 +1453,8 @@ static void xenvif_idx_release(struct xe + + spin_lock_irqsave(&queue->response_lock, flags); + +- make_tx_response(queue, &pending_tx_info->req, +- pending_tx_info->extra_count, status); ++ _make_tx_response(queue, &pending_tx_info->req, ++ pending_tx_info->extra_count, status); + + /* Release the pending index before pusing the Tx response so + * its available before a new Tx request is pushed by the +@@ -1459,32 +1468,19 @@ static void xenvif_idx_release(struct xe + spin_unlock_irqrestore(&queue->response_lock, flags); + } + +- + static void make_tx_response(struct xenvif_queue *queue, +- struct xen_netif_tx_request *txp, ++ const struct xen_netif_tx_request *txp, + unsigned int extra_count, +- s8 st) ++ s8 status) + { +- RING_IDX i = queue->tx.rsp_prod_pvt; +- struct xen_netif_tx_response *resp; +- +- resp = RING_GET_RESPONSE(&queue->tx, i); +- resp->id = txp->id; +- resp->status = st; +- +- while (extra_count-- != 0) +- RING_GET_RESPONSE(&queue->tx, ++i)->status = XEN_NETIF_RSP_NULL; ++ unsigned long flags; + +- queue->tx.rsp_prod_pvt = ++i; +-} ++ spin_lock_irqsave(&queue->response_lock, flags); + +-static void push_tx_responses(struct xenvif_queue *queue) +-{ +- int notify; ++ _make_tx_response(queue, txp, extra_count, status); ++ push_tx_responses(queue); + +- RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&queue->tx, notify); +- if (notify) +- notify_remote_via_irq(queue->tx_irq); ++ spin_unlock_irqrestore(&queue->response_lock, flags); + } + + static void xenvif_idx_unmap(struct xenvif_queue *queue, u16 pending_idx)