--- /dev/null
+From 1bbb2809040a1f9c7c53c9f06c21aa83275ed27b Mon Sep 17 00:00:00 2001
+From: Eddie James <eajames@linux.ibm.com>
+Date: Tue, 28 Jun 2022 15:30:29 -0500
+Subject: hwmon: (occ) Prevent power cap command overwriting poll response
+
+From: Eddie James <eajames@linux.ibm.com>
+
+commit 1bbb2809040a1f9c7c53c9f06c21aa83275ed27b upstream.
+
+Currently, the response to the power cap command overwrites the
+first eight bytes of the poll response, since the commands use
+the same buffer. This means that user's get the wrong data between
+the time of sending the power cap and the next poll response update.
+Fix this by specifying a different buffer for the power cap command
+response.
+
+Fixes: 5b5513b88002 ("hwmon: Add On-Chip Controller (OCC) hwmon driver")
+Signed-off-by: Eddie James <eajames@linux.ibm.com>
+Link: https://lore.kernel.org/r/20220628203029.51747-1-eajames@linux.ibm.com
+Signed-off-by: Guenter Roeck <linux@roeck-us.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/hwmon/occ/common.c | 5 +++--
+ drivers/hwmon/occ/common.h | 3 ++-
+ drivers/hwmon/occ/p8_i2c.c | 13 +++++++------
+ drivers/hwmon/occ/p9_sbe.c | 7 +++----
+ 4 files changed, 15 insertions(+), 13 deletions(-)
+
+--- a/drivers/hwmon/occ/common.c
++++ b/drivers/hwmon/occ/common.c
+@@ -145,7 +145,7 @@ static int occ_poll(struct occ *occ)
+ cmd[6] = 0; /* checksum lsb */
+
+ /* mutex should already be locked if necessary */
+- rc = occ->send_cmd(occ, cmd, sizeof(cmd));
++ rc = occ->send_cmd(occ, cmd, sizeof(cmd), &occ->resp, sizeof(occ->resp));
+ if (rc) {
+ occ->last_error = rc;
+ if (occ->error_count++ > OCC_ERROR_COUNT_THRESHOLD)
+@@ -182,6 +182,7 @@ static int occ_set_user_power_cap(struct
+ {
+ int rc;
+ u8 cmd[8];
++ u8 resp[8];
+ __be16 user_power_cap_be = cpu_to_be16(user_power_cap);
+
+ cmd[0] = 0; /* sequence number */
+@@ -198,7 +199,7 @@ static int occ_set_user_power_cap(struct
+ if (rc)
+ return rc;
+
+- rc = occ->send_cmd(occ, cmd, sizeof(cmd));
++ rc = occ->send_cmd(occ, cmd, sizeof(cmd), resp, sizeof(resp));
+
+ mutex_unlock(&occ->lock);
+
+--- a/drivers/hwmon/occ/common.h
++++ b/drivers/hwmon/occ/common.h
+@@ -96,7 +96,8 @@ struct occ {
+
+ int powr_sample_time_us; /* average power sample time */
+ u8 poll_cmd_data; /* to perform OCC poll command */
+- int (*send_cmd)(struct occ *occ, u8 *cmd, size_t len);
++ int (*send_cmd)(struct occ *occ, u8 *cmd, size_t len, void *resp,
++ size_t resp_len);
+
+ unsigned long next_update;
+ struct mutex lock; /* lock OCC access */
+--- a/drivers/hwmon/occ/p8_i2c.c
++++ b/drivers/hwmon/occ/p8_i2c.c
+@@ -111,7 +111,8 @@ static int p8_i2c_occ_putscom_be(struct
+ be32_to_cpu(data1));
+ }
+
+-static int p8_i2c_occ_send_cmd(struct occ *occ, u8 *cmd, size_t len)
++static int p8_i2c_occ_send_cmd(struct occ *occ, u8 *cmd, size_t len,
++ void *resp, size_t resp_len)
+ {
+ int i, rc;
+ unsigned long start;
+@@ -120,7 +121,7 @@ static int p8_i2c_occ_send_cmd(struct oc
+ const long wait_time = msecs_to_jiffies(OCC_CMD_IN_PRG_WAIT_MS);
+ struct p8_i2c_occ *ctx = to_p8_i2c_occ(occ);
+ struct i2c_client *client = ctx->client;
+- struct occ_response *resp = &occ->resp;
++ struct occ_response *or = (struct occ_response *)resp;
+
+ start = jiffies;
+
+@@ -151,7 +152,7 @@ static int p8_i2c_occ_send_cmd(struct oc
+ return rc;
+
+ /* wait for OCC */
+- if (resp->return_status == OCC_RESP_CMD_IN_PRG) {
++ if (or->return_status == OCC_RESP_CMD_IN_PRG) {
+ rc = -EALREADY;
+
+ if (time_after(jiffies, start + timeout))
+@@ -163,7 +164,7 @@ static int p8_i2c_occ_send_cmd(struct oc
+ } while (rc);
+
+ /* check the OCC response */
+- switch (resp->return_status) {
++ switch (or->return_status) {
+ case OCC_RESP_CMD_IN_PRG:
+ rc = -ETIMEDOUT;
+ break;
+@@ -192,8 +193,8 @@ static int p8_i2c_occ_send_cmd(struct oc
+ if (rc < 0)
+ return rc;
+
+- data_length = get_unaligned_be16(&resp->data_length);
+- if (data_length > OCC_RESP_DATA_BYTES)
++ data_length = get_unaligned_be16(&or->data_length);
++ if ((data_length + 7) > resp_len)
+ return -EMSGSIZE;
+
+ /* fetch the rest of the response data */
+--- a/drivers/hwmon/occ/p9_sbe.c
++++ b/drivers/hwmon/occ/p9_sbe.c
+@@ -78,11 +78,10 @@ done:
+ return notify;
+ }
+
+-static int p9_sbe_occ_send_cmd(struct occ *occ, u8 *cmd, size_t len)
++static int p9_sbe_occ_send_cmd(struct occ *occ, u8 *cmd, size_t len,
++ void *resp, size_t resp_len)
+ {
+- struct occ_response *resp = &occ->resp;
+ struct p9_sbe_occ *ctx = to_p9_sbe_occ(occ);
+- size_t resp_len = sizeof(*resp);
+ int rc;
+
+ rc = fsi_occ_submit(ctx->sbe, cmd, len, resp, &resp_len);
+@@ -96,7 +95,7 @@ static int p9_sbe_occ_send_cmd(struct oc
+ return rc;
+ }
+
+- switch (resp->return_status) {
++ switch (((struct occ_response *)resp)->return_status) {
+ case OCC_RESP_CMD_IN_PRG:
+ rc = -ETIMEDOUT;
+ break;
--- /dev/null
+From 53ad46169fe2996fe1b623ba6c9c4fa33847876f Mon Sep 17 00:00:00 2001
+From: YueHaibing <yuehaibing@huawei.com>
+Date: Tue, 28 Jun 2022 11:31:34 +0800
+Subject: net: ipv6: unexport __init-annotated seg6_hmac_net_init()
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+commit 53ad46169fe2996fe1b623ba6c9c4fa33847876f upstream.
+
+As of commit 5801f064e351 ("net: ipv6: unexport __init-annotated seg6_hmac_init()"),
+EXPORT_SYMBOL and __init is a bad combination because the .init.text
+section is freed up after the initialization. Hence, modules cannot
+use symbols annotated __init. The access to a freed symbol may end up
+with kernel panic.
+
+This remove the EXPORT_SYMBOL to fix modpost warning:
+
+WARNING: modpost: vmlinux.o(___ksymtab+seg6_hmac_net_init+0x0): Section mismatch in reference from the variable __ksymtab_seg6_hmac_net_init to the function .init.text:seg6_hmac_net_init()
+The symbol seg6_hmac_net_init is exported and annotated __init
+Fix this by removing the __init annotation of seg6_hmac_net_init or drop the export.
+
+Fixes: bf355b8d2c30 ("ipv6: sr: add core files for SR HMAC support")
+Reported-by: Hulk Robot <hulkci@huawei.com>
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Link: https://lore.kernel.org/r/20220628033134.21088-1-yuehaibing@huawei.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/ipv6/seg6_hmac.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/net/ipv6/seg6_hmac.c
++++ b/net/ipv6/seg6_hmac.c
+@@ -406,7 +406,6 @@ int __net_init seg6_hmac_net_init(struct
+
+ return rhashtable_init(&sdata->hmac_infos, &rht_params);
+ }
+-EXPORT_SYMBOL(seg6_hmac_net_init);
+
+ void seg6_hmac_exit(void)
+ {
--- /dev/null
+From 080abad71e99d2becf38c978572982130b927a28 Mon Sep 17 00:00:00 2001
+From: NeilBrown <neilb@suse.de>
+Date: Thu, 23 Jun 2022 14:47:34 +1000
+Subject: NFS: restore module put when manager exits.
+
+From: NeilBrown <neilb@suse.de>
+
+commit 080abad71e99d2becf38c978572982130b927a28 upstream.
+
+Commit f49169c97fce ("NFSD: Remove svc_serv_ops::svo_module") removed
+calls to module_put_and_kthread_exit() from threads that acted as SUNRPC
+servers and had a related svc_serv_ops structure. This was correct.
+
+It ALSO removed the module_put_and_kthread_exit() call from
+nfs4_run_state_manager() which is NOT a SUNRPC service.
+
+Consequently every time the NFSv4 state manager runs the module count
+increments and won't be decremented. So the nfsv4 module cannot be
+unloaded.
+
+So restore the module_put_and_kthread_exit() call.
+
+Fixes: f49169c97fce ("NFSD: Remove svc_serv_ops::svo_module")
+Signed-off-by: NeilBrown <neilb@suse.de>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/nfs4state.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -2743,5 +2743,6 @@ again:
+ goto again;
+
+ nfs_put_client(clp);
++ module_put_and_kthread_exit(0);
+ return 0;
+ }
--- /dev/null
+From 8a9ffb8c857c2c99403bd6483a5a005fed5c0773 Mon Sep 17 00:00:00 2001
+From: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Date: Sat, 25 Jun 2022 23:52:43 +0300
+Subject: NFSD: restore EINVAL error translation in nfsd_commit()
+
+From: Alexey Khoroshilov <khoroshilov@ispras.ru>
+
+commit 8a9ffb8c857c2c99403bd6483a5a005fed5c0773 upstream.
+
+commit 555dbf1a9aac ("nfsd: Replace use of rwsem with errseq_t")
+incidentally broke translation of -EINVAL to nfserr_notsupp.
+The patch restores that.
+
+Found by Linux Verification Center (linuxtesting.org) with SVACE.
+
+Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Fixes: 555dbf1a9aac ("nfsd: Replace use of rwsem with errseq_t")
+Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfsd/vfs.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/fs/nfsd/vfs.c
++++ b/fs/nfsd/vfs.c
+@@ -1170,6 +1170,7 @@ nfsd_commit(struct svc_rqst *rqstp, stru
+ nfsd_copy_write_verifier(verf, nn);
+ err2 = filemap_check_wb_err(nf->nf_file->f_mapping,
+ since);
++ err = nfserrno(err2);
+ break;
+ case -EINVAL:
+ err = nfserr_notsupp;
+@@ -1177,8 +1178,8 @@ nfsd_commit(struct svc_rqst *rqstp, stru
+ default:
+ nfsd_reset_write_verifier(nn);
+ trace_nfsd_writeverf_reset(nn, rqstp, err2);
++ err = nfserrno(err2);
+ }
+- err = nfserrno(err2);
+ } else
+ nfsd_copy_write_verifier(verf, nn);
+
--- /dev/null
+From 4f40a5b5544618b096d1611a18219dd91fd57f80 Mon Sep 17 00:00:00 2001
+From: Scott Mayhew <smayhew@redhat.com>
+Date: Mon, 27 Jun 2022 17:31:29 -0400
+Subject: NFSv4: Add an fattr allocation to _nfs4_discover_trunking()
+
+From: Scott Mayhew <smayhew@redhat.com>
+
+commit 4f40a5b5544618b096d1611a18219dd91fd57f80 upstream.
+
+This was missed in c3ed222745d9 ("NFSv4: Fix free of uninitialized
+nfs4_label on referral lookup.") and causes a panic when mounting
+with '-o trunkdiscovery':
+
+PID: 1604 TASK: ffff93dac3520000 CPU: 3 COMMAND: "mount.nfs"
+ #0 [ffffb79140f738f8] machine_kexec at ffffffffaec64bee
+ #1 [ffffb79140f73950] __crash_kexec at ffffffffaeda67fd
+ #2 [ffffb79140f73a18] crash_kexec at ffffffffaeda76ed
+ #3 [ffffb79140f73a30] oops_end at ffffffffaec2658d
+ #4 [ffffb79140f73a50] general_protection at ffffffffaf60111e
+ [exception RIP: nfs_fattr_init+0x5]
+ RIP: ffffffffc0c18265 RSP: ffffb79140f73b08 RFLAGS: 00010246
+ RAX: 0000000000000000 RBX: ffff93dac304a800 RCX: 0000000000000000
+ RDX: ffffb79140f73bb0 RSI: ffff93dadc8cbb40 RDI: d03ee11cfaf6bd50
+ RBP: ffffb79140f73be8 R8: ffffffffc0691560 R9: 0000000000000006
+ R10: ffff93db3ffd3df8 R11: 0000000000000000 R12: ffff93dac4040000
+ R13: ffff93dac2848e00 R14: ffffb79140f73b60 R15: ffffb79140f73b30
+ ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018
+ #5 [ffffb79140f73b08] _nfs41_proc_get_locations at ffffffffc0c73d53 [nfsv4]
+ #6 [ffffb79140f73bf0] nfs4_proc_get_locations at ffffffffc0c83e90 [nfsv4]
+ #7 [ffffb79140f73c60] nfs4_discover_trunking at ffffffffc0c83fb7 [nfsv4]
+ #8 [ffffb79140f73cd8] nfs_probe_fsinfo at ffffffffc0c0f95f [nfs]
+ #9 [ffffb79140f73da0] nfs_probe_server at ffffffffc0c1026a [nfs]
+ RIP: 00007f6254fce26e RSP: 00007ffc69496ac8 RFLAGS: 00000246
+ RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6254fce26e
+ RDX: 00005600220a82a0 RSI: 00005600220a64d0 RDI: 00005600220a6520
+ RBP: 00007ffc69496c50 R8: 00005600220a8710 R9: 003035322e323231
+ R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc69496c50
+ R13: 00005600220a8440 R14: 0000000000000010 R15: 0000560020650ef9
+ ORIG_RAX: 00000000000000a5 CS: 0033 SS: 002b
+
+Fixes: c3ed222745d9 ("NFSv4: Fix free of uninitialized nfs4_label on referral lookup.")
+Signed-off-by: Scott Mayhew <smayhew@redhat.com>
+Signed-off-by: Anna Schumaker <Anna.Schumaker@Netapp.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nfs/nfs4proc.c | 19 +++++++++++++------
+ 1 file changed, 13 insertions(+), 6 deletions(-)
+
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index c0fdcf8c0032..bb0e84a46d61 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -4012,22 +4012,29 @@ static int _nfs4_discover_trunking(struct nfs_server *server,
+ }
+
+ page = alloc_page(GFP_KERNEL);
++ if (!page)
++ return -ENOMEM;
+ locations = kmalloc(sizeof(struct nfs4_fs_locations), GFP_KERNEL);
+- if (page == NULL || locations == NULL)
+- goto out;
++ if (!locations)
++ goto out_free;
++ locations->fattr = nfs_alloc_fattr();
++ if (!locations->fattr)
++ goto out_free_2;
+
+ status = nfs4_proc_get_locations(server, fhandle, locations, page,
+ cred);
+ if (status)
+- goto out;
++ goto out_free_3;
+
+ for (i = 0; i < locations->nlocations; i++)
+ test_fs_location_for_trunking(&locations->locations[i], clp,
+ server);
+-out:
+- if (page)
+- __free_page(page);
++out_free_3:
++ kfree(locations->fattr);
++out_free_2:
+ kfree(locations);
++out_free:
++ __free_page(page);
+ return status;
+ }
+
+--
+2.37.0
+
selftests-mptcp-more-stable-diag-tests.patch
mptcp-fix-conflict-with-netinet-in.h.patch
selftests-mptcp-initialize-variables-to-quiet-gcc-12-warnings.patch
+hwmon-occ-prevent-power-cap-command-overwriting-poll-response.patch
+net-ipv6-unexport-__init-annotated-seg6_hmac_net_init.patch
+nfs-restore-module-put-when-manager-exits.patch
+nfsd-restore-einval-error-translation-in-nfsd_commit.patch
+nfsv4-add-an-fattr-allocation-to-_nfs4_discover_trunking.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
