--- /dev/null
+From 0fbcb5251fc81b58969b272c4fb7374a7b922e3e Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 6 Nov 2022 14:48:35 -0800
+Subject: ext4: disable fast-commit of encrypted dir operations
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 0fbcb5251fc81b58969b272c4fb7374a7b922e3e upstream.
+
+fast-commit of create, link, and unlink operations in encrypted
+directories is completely broken because the unencrypted filenames are
+being written to the fast-commit journal instead of the encrypted
+filenames. These operations can't be replayed, as encryption keys
+aren't present at journal replay time. It is also an information leak.
+
+Until if/when we can get this working properly, make encrypted directory
+operations ineligible for fast-commit.
+
+Note that fast-commit operations on encrypted regular files continue to
+be allowed, as they seem to work.
+
+Fixes: aa75f4d3daae ("ext4: main fast-commit commit path")
+Cc: <stable@vger.kernel.org> # v5.10+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20221106224841.279231-2-ebiggers@kernel.org
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/fast_commit.c | 40 ++++++++++++++++++++++++----------------
+ fs/ext4/fast_commit.h | 1 +
+ include/trace/events/ext4.h | 7 +++++--
+ 3 files changed, 30 insertions(+), 18 deletions(-)
+
+--- a/fs/ext4/fast_commit.c
++++ b/fs/ext4/fast_commit.c
+@@ -371,25 +371,33 @@ static int __track_dentry_update(struct
+ struct __track_dentry_update_args *dentry_update =
+ (struct __track_dentry_update_args *)arg;
+ struct dentry *dentry = dentry_update->dentry;
+- struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
++ struct inode *dir = dentry->d_parent->d_inode;
++ struct super_block *sb = inode->i_sb;
++ struct ext4_sb_info *sbi = EXT4_SB(sb);
+
+ mutex_unlock(&ei->i_fc_lock);
++
++ if (IS_ENCRYPTED(dir)) {
++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_ENCRYPTED_FILENAME);
++ mutex_lock(&ei->i_fc_lock);
++ return -EOPNOTSUPP;
++ }
++
+ node = kmem_cache_alloc(ext4_fc_dentry_cachep, GFP_NOFS);
+ if (!node) {
+- ext4_fc_mark_ineligible(inode->i_sb, EXT4_FC_REASON_NOMEM);
++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM);
+ mutex_lock(&ei->i_fc_lock);
+ return -ENOMEM;
+ }
+
+ node->fcd_op = dentry_update->op;
+- node->fcd_parent = dentry->d_parent->d_inode->i_ino;
++ node->fcd_parent = dir->i_ino;
+ node->fcd_ino = inode->i_ino;
+ if (dentry->d_name.len > DNAME_INLINE_LEN) {
+ node->fcd_name.name = kmalloc(dentry->d_name.len, GFP_NOFS);
+ if (!node->fcd_name.name) {
+ kmem_cache_free(ext4_fc_dentry_cachep, node);
+- ext4_fc_mark_ineligible(inode->i_sb,
+- EXT4_FC_REASON_NOMEM);
++ ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_NOMEM);
+ mutex_lock(&ei->i_fc_lock);
+ return -ENOMEM;
+ }
+@@ -2142,17 +2150,17 @@ void ext4_fc_init(struct super_block *sb
+ journal->j_fc_cleanup_callback = ext4_fc_cleanup;
+ }
+
+-static const char *fc_ineligible_reasons[] = {
+- "Extended attributes changed",
+- "Cross rename",
+- "Journal flag changed",
+- "Insufficient memory",
+- "Swap boot",
+- "Resize",
+- "Dir renamed",
+- "Falloc range op",
+- "Data journalling",
+- "FC Commit Failed"
++static const char * const fc_ineligible_reasons[] = {
++ [EXT4_FC_REASON_XATTR] = "Extended attributes changed",
++ [EXT4_FC_REASON_CROSS_RENAME] = "Cross rename",
++ [EXT4_FC_REASON_JOURNAL_FLAG_CHANGE] = "Journal flag changed",
++ [EXT4_FC_REASON_NOMEM] = "Insufficient memory",
++ [EXT4_FC_REASON_SWAP_BOOT] = "Swap boot",
++ [EXT4_FC_REASON_RESIZE] = "Resize",
++ [EXT4_FC_REASON_RENAME_DIR] = "Dir renamed",
++ [EXT4_FC_REASON_FALLOC_RANGE] = "Falloc range op",
++ [EXT4_FC_REASON_INODE_JOURNAL_DATA] = "Data journalling",
++ [EXT4_FC_REASON_ENCRYPTED_FILENAME] = "Encrypted filename",
+ };
+
+ int ext4_fc_info_show(struct seq_file *seq, void *v)
+--- a/fs/ext4/fast_commit.h
++++ b/fs/ext4/fast_commit.h
+@@ -104,6 +104,7 @@ enum {
+ EXT4_FC_REASON_FALLOC_RANGE,
+ EXT4_FC_REASON_INODE_JOURNAL_DATA,
+ EXT4_FC_COMMIT_FAILED,
++ EXT4_FC_REASON_ENCRYPTED_FILENAME,
+ EXT4_FC_REASON_MAX
+ };
+
+--- a/include/trace/events/ext4.h
++++ b/include/trace/events/ext4.h
+@@ -104,6 +104,7 @@ TRACE_DEFINE_ENUM(EXT4_FC_REASON_RESIZE)
+ TRACE_DEFINE_ENUM(EXT4_FC_REASON_RENAME_DIR);
+ TRACE_DEFINE_ENUM(EXT4_FC_REASON_FALLOC_RANGE);
+ TRACE_DEFINE_ENUM(EXT4_FC_REASON_INODE_JOURNAL_DATA);
++TRACE_DEFINE_ENUM(EXT4_FC_REASON_ENCRYPTED_FILENAME);
+ TRACE_DEFINE_ENUM(EXT4_FC_REASON_MAX);
+
+ #define show_fc_reason(reason) \
+@@ -116,7 +117,8 @@ TRACE_DEFINE_ENUM(EXT4_FC_REASON_MAX);
+ { EXT4_FC_REASON_RESIZE, "RESIZE"}, \
+ { EXT4_FC_REASON_RENAME_DIR, "RENAME_DIR"}, \
+ { EXT4_FC_REASON_FALLOC_RANGE, "FALLOC_RANGE"}, \
+- { EXT4_FC_REASON_INODE_JOURNAL_DATA, "INODE_JOURNAL_DATA"})
++ { EXT4_FC_REASON_INODE_JOURNAL_DATA, "INODE_JOURNAL_DATA"}, \
++ { EXT4_FC_REASON_ENCRYPTED_FILENAME, "ENCRYPTED_FILENAME"})
+
+ TRACE_EVENT(ext4_other_inode_update_time,
+ TP_PROTO(struct inode *inode, ino_t orig_ino),
+@@ -2940,7 +2942,7 @@ TRACE_EVENT(ext4_fc_stats,
+ ),
+
+ TP_printk("dev %d,%d fc ineligible reasons:\n"
+- "%s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u "
++ "%s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u, %s:%u"
+ "num_commits:%lu, ineligible: %lu, numblks: %lu",
+ MAJOR(__entry->dev), MINOR(__entry->dev),
+ FC_REASON_NAME_STAT(EXT4_FC_REASON_XATTR),
+@@ -2952,6 +2954,7 @@ TRACE_EVENT(ext4_fc_stats,
+ FC_REASON_NAME_STAT(EXT4_FC_REASON_RENAME_DIR),
+ FC_REASON_NAME_STAT(EXT4_FC_REASON_FALLOC_RANGE),
+ FC_REASON_NAME_STAT(EXT4_FC_REASON_INODE_JOURNAL_DATA),
++ FC_REASON_NAME_STAT(EXT4_FC_REASON_ENCRYPTED_FILENAME),
+ __entry->fc_commits, __entry->fc_ineligible_commits,
+ __entry->fc_numblks)
+ );
--- /dev/null
+From 4c0d5778385cb3618ff26a561ce41de2b7d9de70 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Sun, 6 Nov 2022 14:48:36 -0800
+Subject: ext4: don't set up encryption key during jbd2 transaction
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 4c0d5778385cb3618ff26a561ce41de2b7d9de70 upstream.
+
+Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature")
+extended the scope of the transaction in ext4_unlink() too far, making
+it include the call to ext4_find_entry(). However, ext4_find_entry()
+can deadlock when called from within a transaction because it may need
+to set up the directory's encryption key.
+
+Fix this by restoring the transaction to its original scope.
+
+Reported-by: syzbot+1a748d0007eeac3ab079@syzkaller.appspotmail.com
+Fixes: a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature")
+Cc: <stable@vger.kernel.org> # v5.10+
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Link: https://lore.kernel.org/r/20221106224841.279231-3-ebiggers@kernel.org
+Signed-off-by: Theodore Ts'o <tytso@mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/ext4/ext4.h | 4 ++--
+ fs/ext4/fast_commit.c | 2 +-
+ fs/ext4/namei.c | 44 ++++++++++++++++++++++++--------------------
+ 3 files changed, 27 insertions(+), 23 deletions(-)
+
+--- a/fs/ext4/ext4.h
++++ b/fs/ext4/ext4.h
+@@ -3486,8 +3486,8 @@ extern int ext4_handle_dirty_dirblock(ha
+ extern int ext4_ci_compare(const struct inode *parent,
+ const struct qstr *fname,
+ const struct qstr *entry, bool quick);
+-extern int __ext4_unlink(handle_t *handle, struct inode *dir, const struct qstr *d_name,
+- struct inode *inode);
++extern int __ext4_unlink(struct inode *dir, const struct qstr *d_name,
++ struct inode *inode, struct dentry *dentry);
+ extern int __ext4_link(struct inode *dir, struct inode *inode,
+ struct dentry *dentry);
+
+--- a/fs/ext4/fast_commit.c
++++ b/fs/ext4/fast_commit.c
+@@ -1300,7 +1300,7 @@ static int ext4_fc_replay_unlink(struct
+ return 0;
+ }
+
+- ret = __ext4_unlink(NULL, old_parent, &entry, inode);
++ ret = __ext4_unlink(old_parent, &entry, inode, NULL);
+ /* -ENOENT ok coz it might not exist anymore. */
+ if (ret == -ENOENT)
+ ret = 0;
+--- a/fs/ext4/namei.c
++++ b/fs/ext4/namei.c
+@@ -3244,14 +3244,20 @@ end_rmdir:
+ return retval;
+ }
+
+-int __ext4_unlink(handle_t *handle, struct inode *dir, const struct qstr *d_name,
+- struct inode *inode)
++int __ext4_unlink(struct inode *dir, const struct qstr *d_name,
++ struct inode *inode,
++ struct dentry *dentry /* NULL during fast_commit recovery */)
+ {
+ int retval = -ENOENT;
+ struct buffer_head *bh;
+ struct ext4_dir_entry_2 *de;
++ handle_t *handle;
+ int skip_remove_dentry = 0;
+
++ /*
++ * Keep this outside the transaction; it may have to set up the
++ * directory's encryption key, which isn't GFP_NOFS-safe.
++ */
+ bh = ext4_find_entry(dir, d_name, &de, NULL);
+ if (IS_ERR(bh))
+ return PTR_ERR(bh);
+@@ -3268,7 +3274,14 @@ int __ext4_unlink(handle_t *handle, stru
+ if (EXT4_SB(inode->i_sb)->s_mount_state & EXT4_FC_REPLAY)
+ skip_remove_dentry = 1;
+ else
+- goto out;
++ goto out_bh;
++ }
++
++ handle = ext4_journal_start(dir, EXT4_HT_DIR,
++ EXT4_DATA_TRANS_BLOCKS(dir->i_sb));
++ if (IS_ERR(handle)) {
++ retval = PTR_ERR(handle);
++ goto out_bh;
+ }
+
+ if (IS_DIRSYNC(dir))
+@@ -3277,12 +3290,12 @@ int __ext4_unlink(handle_t *handle, stru
+ if (!skip_remove_dentry) {
+ retval = ext4_delete_entry(handle, dir, de, bh);
+ if (retval)
+- goto out;
++ goto out_handle;
+ dir->i_ctime = dir->i_mtime = current_time(dir);
+ ext4_update_dx_flag(dir);
+ retval = ext4_mark_inode_dirty(handle, dir);
+ if (retval)
+- goto out;
++ goto out_handle;
+ } else {
+ retval = 0;
+ }
+@@ -3295,15 +3308,17 @@ int __ext4_unlink(handle_t *handle, stru
+ ext4_orphan_add(handle, inode);
+ inode->i_ctime = current_time(inode);
+ retval = ext4_mark_inode_dirty(handle, inode);
+-
+-out:
++ if (dentry && !retval)
++ ext4_fc_track_unlink(handle, dentry);
++out_handle:
++ ext4_journal_stop(handle);
++out_bh:
+ brelse(bh);
+ return retval;
+ }
+
+ static int ext4_unlink(struct inode *dir, struct dentry *dentry)
+ {
+- handle_t *handle;
+ int retval;
+
+ if (unlikely(ext4_forced_shutdown(EXT4_SB(dir->i_sb))))
+@@ -3321,16 +3336,7 @@ static int ext4_unlink(struct inode *dir
+ if (retval)
+ goto out_trace;
+
+- handle = ext4_journal_start(dir, EXT4_HT_DIR,
+- EXT4_DATA_TRANS_BLOCKS(dir->i_sb));
+- if (IS_ERR(handle)) {
+- retval = PTR_ERR(handle);
+- goto out_trace;
+- }
+-
+- retval = __ext4_unlink(handle, dir, &dentry->d_name, d_inode(dentry));
+- if (!retval)
+- ext4_fc_track_unlink(handle, dentry);
++ retval = __ext4_unlink(dir, &dentry->d_name, d_inode(dentry), dentry);
+ #ifdef CONFIG_UNICODE
+ /* VFS negative dentries are incompatible with Encoding and
+ * Case-insensitiveness. Eventually we'll want avoid
+@@ -3341,8 +3347,6 @@ static int ext4_unlink(struct inode *dir
+ if (IS_CASEFOLDED(dir))
+ d_invalidate(dentry);
+ #endif
+- if (handle)
+- ext4_journal_stop(handle);
+
+ out_trace:
+ trace_ext4_unlink_exit(dentry, retval);
--- /dev/null
+From 401fb66a355eb0f22096cf26864324f8e63c7d78 Mon Sep 17 00:00:00 2001
+From: Indan Zupancic <Indan.Zupancic@mep-info.com>
+Date: Thu, 5 May 2022 13:47:50 +0200
+Subject: fsl_lpuart: Don't enable interrupts too early
+
+From: Indan Zupancic <Indan.Zupancic@mep-info.com>
+
+commit 401fb66a355eb0f22096cf26864324f8e63c7d78 upstream.
+
+If an irq is pending when devm_request_irq() is called, the irq
+handler will cause a NULL pointer access because initialisation
+is not done yet.
+
+Fixes: 9d7ee0e28da59 ("tty: serial: lpuart: avoid report NULL interrupt")
+Cc: stable <stable@vger.kernel.org>
+Signed-off-by: Indan Zupancic <Indan.Zupancic@mep-info.com>
+Link: https://lore.kernel.org/r/20220505114750.45423-1-Indan.Zupancic@mep-info.com
+[5.10 did not have lpuart_global_reset or anything after
+uart_add_one_port(), so add the remove call in cleanup manually]
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/fsl_lpuart.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+--- a/drivers/tty/serial/fsl_lpuart.c
++++ b/drivers/tty/serial/fsl_lpuart.c
+@@ -2586,6 +2586,7 @@ static int lpuart_probe(struct platform_
+ struct device_node *np = pdev->dev.of_node;
+ struct lpuart_port *sport;
+ struct resource *res;
++ irq_handler_t handler;
+ int ret;
+
+ sport = devm_kzalloc(&pdev->dev, sizeof(*sport), GFP_KERNEL);
+@@ -2658,17 +2659,12 @@ static int lpuart_probe(struct platform_
+
+ if (lpuart_is_32(sport)) {
+ lpuart_reg.cons = LPUART32_CONSOLE;
+- ret = devm_request_irq(&pdev->dev, sport->port.irq, lpuart32_int, 0,
+- DRIVER_NAME, sport);
++ handler = lpuart32_int;
+ } else {
+ lpuart_reg.cons = LPUART_CONSOLE;
+- ret = devm_request_irq(&pdev->dev, sport->port.irq, lpuart_int, 0,
+- DRIVER_NAME, sport);
++ handler = lpuart_int;
+ }
+
+- if (ret)
+- goto failed_irq_request;
+-
+ ret = uart_get_rs485_mode(&sport->port);
+ if (ret)
+ goto failed_get_rs485;
+@@ -2684,11 +2680,17 @@ static int lpuart_probe(struct platform_
+ if (ret)
+ goto failed_attach_port;
+
++ ret = devm_request_irq(&pdev->dev, sport->port.irq, handler, 0,
++ DRIVER_NAME, sport);
++ if (ret)
++ goto failed_irq_request;
++
+ return 0;
+
++failed_irq_request:
++ uart_remove_one_port(&lpuart_reg, &sport->port);
+ failed_get_rs485:
+ failed_attach_port:
+-failed_irq_request:
+ lpuart_disable_clks(sport);
+ return ret;
+ }
--- /dev/null
+From stable-owner@vger.kernel.org Sat Jan 7 02:46:49 2023
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Date: Fri, 6 Jan 2023 17:46:30 -0800
+Subject: mptcp: dedicated request sock for subflow in v6
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Matthieu Baerts <matthieu.baerts@tessares.net>, pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau <mathew.j.martineau@linux.intel.com>, Jakub Kicinski <kuba@kernel.org>
+Message-ID: <20230107014631.449550-4-mathew.j.martineau@linux.intel.com>
+
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit 34b21d1ddc8ace77a8fa35c1b1e06377209e0dae upstream.
+
+tcp_request_sock_ops structure is specific to IPv4. It should then not
+be used with MPTCP subflows on top of IPv6.
+
+For example, it contains the 'family' field, initialised to AF_INET.
+This 'family' field is used by TCP FastOpen code to generate the cookie
+but also by TCP Metrics, SELinux and SYN Cookies. Using the wrong family
+will not lead to crashes but displaying/using/checking wrong things.
+
+Note that 'send_reset' callback from request_sock_ops structure is used
+in some error paths. It is then also important to use the correct one
+for IPv4 or IPv6.
+
+The slab name can also be different in IPv4 and IPv6, it will be used
+when printing some log messages. The slab pointer will anyway be the
+same because the object size is the same for both v4 and v6. A
+BUILD_BUG_ON() has also been added to make sure this size is the same.
+
+Fixes: cec37a6e41aa ("mptcp: Handle MP_CAPABLE options for outgoing connections")
+Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Cc: stable@vger.kernel.org # 5.10
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c | 34 ++++++++++++++++++++++++++--------
+ 1 file changed, 26 insertions(+), 8 deletions(-)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -359,7 +359,7 @@ do_reset:
+ mptcp_subflow_reset(sk);
+ }
+
+-static struct request_sock_ops mptcp_subflow_request_sock_ops __ro_after_init;
++static struct request_sock_ops mptcp_subflow_v4_request_sock_ops __ro_after_init;
+ static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init;
+
+ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb)
+@@ -372,7 +372,7 @@ static int subflow_v4_conn_request(struc
+ if (skb_rtable(skb)->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST))
+ goto drop;
+
+- return tcp_conn_request(&mptcp_subflow_request_sock_ops,
++ return tcp_conn_request(&mptcp_subflow_v4_request_sock_ops,
+ &subflow_request_sock_ipv4_ops,
+ sk, skb);
+ drop:
+@@ -381,6 +381,7 @@ drop:
+ }
+
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
++static struct request_sock_ops mptcp_subflow_v6_request_sock_ops __ro_after_init;
+ static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init;
+ static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init;
+ static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init;
+@@ -402,7 +403,7 @@ static int subflow_v6_conn_request(struc
+ return 0;
+ }
+
+- return tcp_conn_request(&mptcp_subflow_request_sock_ops,
++ return tcp_conn_request(&mptcp_subflow_v6_request_sock_ops,
+ &subflow_request_sock_ipv6_ops, sk, skb);
+
+ drop:
+@@ -415,7 +416,12 @@ struct request_sock *mptcp_subflow_reqsk
+ struct sock *sk_listener,
+ bool attach_listener)
+ {
+- ops = &mptcp_subflow_request_sock_ops;
++ if (ops->family == AF_INET)
++ ops = &mptcp_subflow_v4_request_sock_ops;
++#if IS_ENABLED(CONFIG_MPTCP_IPV6)
++ else if (ops->family == AF_INET6)
++ ops = &mptcp_subflow_v6_request_sock_ops;
++#endif
+
+ return inet_reqsk_alloc(ops, sk_listener, attach_listener);
+ }
+@@ -1386,7 +1392,6 @@ static struct tcp_ulp_ops subflow_ulp_op
+ static int subflow_ops_init(struct request_sock_ops *subflow_ops)
+ {
+ subflow_ops->obj_size = sizeof(struct mptcp_subflow_request_sock);
+- subflow_ops->slab_name = "request_sock_subflow";
+
+ subflow_ops->slab = kmem_cache_create(subflow_ops->slab_name,
+ subflow_ops->obj_size, 0,
+@@ -1403,9 +1408,10 @@ static int subflow_ops_init(struct reque
+
+ void __init mptcp_subflow_init(void)
+ {
+- mptcp_subflow_request_sock_ops = tcp_request_sock_ops;
+- if (subflow_ops_init(&mptcp_subflow_request_sock_ops) != 0)
+- panic("MPTCP: failed to init subflow request sock ops\n");
++ mptcp_subflow_v4_request_sock_ops = tcp_request_sock_ops;
++ mptcp_subflow_v4_request_sock_ops.slab_name = "request_sock_subflow_v4";
++ if (subflow_ops_init(&mptcp_subflow_v4_request_sock_ops) != 0)
++ panic("MPTCP: failed to init subflow v4 request sock ops\n");
+
+ subflow_request_sock_ipv4_ops = tcp_request_sock_ipv4_ops;
+ subflow_request_sock_ipv4_ops.init_req = subflow_v4_init_req;
+@@ -1416,6 +1422,18 @@ void __init mptcp_subflow_init(void)
+ subflow_specific.sk_rx_dst_set = subflow_finish_connect;
+
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
++ /* In struct mptcp_subflow_request_sock, we assume the TCP request sock
++ * structures for v4 and v6 have the same size. It should not changed in
++ * the future but better to make sure to be warned if it is no longer
++ * the case.
++ */
++ BUILD_BUG_ON(sizeof(struct tcp_request_sock) != sizeof(struct tcp6_request_sock));
++
++ mptcp_subflow_v6_request_sock_ops = tcp6_request_sock_ops;
++ mptcp_subflow_v6_request_sock_ops.slab_name = "request_sock_subflow_v6";
++ if (subflow_ops_init(&mptcp_subflow_v6_request_sock_ops) != 0)
++ panic("MPTCP: failed to init subflow v6 request sock ops\n");
++
+ subflow_request_sock_ipv6_ops = tcp_request_sock_ipv6_ops;
+ subflow_request_sock_ipv6_ops.init_req = subflow_v6_init_req;
+
--- /dev/null
+From stable-owner@vger.kernel.org Sat Jan 7 02:46:46 2023
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Date: Fri, 6 Jan 2023 17:46:28 -0800
+Subject: mptcp: mark ops structures as ro_after_init
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Florian Westphal <fw@strlen.de>, matthieu.baerts@tessares.net, pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau <mathew.j.martineau@linux.intel.com>, Jakub Kicinski <kuba@kernel.org>
+Message-ID: <20230107014631.449550-2-mathew.j.martineau@linux.intel.com>
+
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+
+From: Florian Westphal <fw@strlen.de>
+
+commit 51fa7f8ebf0e25c7a9039fa3988a623d5f3855aa upstream.
+
+These structures are initialised from the init hooks, so we can't make
+them 'const'. But no writes occur afterwards, so we can use ro_after_init.
+
+Also, remove bogus EXPORT_SYMBOL, the only access comes from ip
+stack, not from kernel modules.
+
+Cc: stable@vger.kernel.org # 5.10
+Signed-off-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -360,8 +360,7 @@ do_reset:
+ }
+
+ struct request_sock_ops mptcp_subflow_request_sock_ops;
+-EXPORT_SYMBOL_GPL(mptcp_subflow_request_sock_ops);
+-static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops;
++static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init;
+
+ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb)
+ {
+@@ -382,9 +381,9 @@ drop:
+ }
+
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
+-static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops;
+-static struct inet_connection_sock_af_ops subflow_v6_specific;
+-static struct inet_connection_sock_af_ops subflow_v6m_specific;
++static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init;
++static struct inet_connection_sock_af_ops subflow_v6_specific __ro_after_init;
++static struct inet_connection_sock_af_ops subflow_v6m_specific __ro_after_init;
+
+ static int subflow_v6_conn_request(struct sock *sk, struct sk_buff *skb)
+ {
+@@ -636,7 +635,7 @@ dispose_child:
+ return child;
+ }
+
+-static struct inet_connection_sock_af_ops subflow_specific;
++static struct inet_connection_sock_af_ops subflow_specific __ro_after_init;
+
+ enum mapping_status {
+ MAPPING_OK,
+@@ -1017,7 +1016,7 @@ static void subflow_write_space(struct s
+ }
+ }
+
+-static struct inet_connection_sock_af_ops *
++static const struct inet_connection_sock_af_ops *
+ subflow_default_af_ops(struct sock *sk)
+ {
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
+@@ -1032,7 +1031,7 @@ void mptcpv6_handle_mapped(struct sock *
+ {
+ struct mptcp_subflow_context *subflow = mptcp_subflow_ctx(sk);
+ struct inet_connection_sock *icsk = inet_csk(sk);
+- struct inet_connection_sock_af_ops *target;
++ const struct inet_connection_sock_af_ops *target;
+
+ target = mapped ? &subflow_v6m_specific : subflow_default_af_ops(sk);
+
--- /dev/null
+From stable-owner@vger.kernel.org Sat Jan 7 02:46:48 2023
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Date: Fri, 6 Jan 2023 17:46:29 -0800
+Subject: mptcp: remove MPTCP 'ifdef' in TCP SYN cookies
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Matthieu Baerts <matthieu.baerts@tessares.net>, pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau <mathew.j.martineau@linux.intel.com>, Jakub Kicinski <kuba@kernel.org>
+Message-ID: <20230107014631.449550-3-mathew.j.martineau@linux.intel.com>
+
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit 3fff88186f047627bb128d65155f42517f8e448f upstream.
+
+To ease the maintenance, it is often recommended to avoid having #ifdef
+preprocessor conditions.
+
+Here the section related to CONFIG_MPTCP was quite short but the next
+commit needs to add more code around. It is then cleaner to move
+specific MPTCP code to functions located in net/mptcp directory.
+
+Now that mptcp_subflow_request_sock_ops structure can be static, it can
+also be marked as "read only after init".
+
+Suggested-by: Paolo Abeni <pabeni@redhat.com>
+Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Cc: stable@vger.kernel.org # 5.10
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/mptcp.h | 12 ++++++++++--
+ net/ipv4/syncookies.c | 7 +++----
+ net/mptcp/subflow.c | 12 +++++++++++-
+ 3 files changed, 24 insertions(+), 7 deletions(-)
+
+--- a/include/net/mptcp.h
++++ b/include/net/mptcp.h
+@@ -58,8 +58,6 @@ struct mptcp_out_options {
+ };
+
+ #ifdef CONFIG_MPTCP
+-extern struct request_sock_ops mptcp_subflow_request_sock_ops;
+-
+ void mptcp_init(void);
+
+ static inline bool sk_is_mptcp(const struct sock *sk)
+@@ -133,6 +131,9 @@ void mptcp_seq_show(struct seq_file *seq
+ int mptcp_subflow_init_cookie_req(struct request_sock *req,
+ const struct sock *sk_listener,
+ struct sk_buff *skb);
++struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops,
++ struct sock *sk_listener,
++ bool attach_listener);
+ #else
+
+ static inline void mptcp_init(void)
+@@ -208,6 +209,13 @@ static inline int mptcp_subflow_init_coo
+ {
+ return 0; /* TCP fallback */
+ }
++
++static inline struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops,
++ struct sock *sk_listener,
++ bool attach_listener)
++{
++ return NULL;
++}
+ #endif /* CONFIG_MPTCP */
+
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
+--- a/net/ipv4/syncookies.c
++++ b/net/ipv4/syncookies.c
+@@ -290,12 +290,11 @@ struct request_sock *cookie_tcp_reqsk_al
+ struct tcp_request_sock *treq;
+ struct request_sock *req;
+
+-#ifdef CONFIG_MPTCP
+ if (sk_is_mptcp(sk))
+- ops = &mptcp_subflow_request_sock_ops;
+-#endif
++ req = mptcp_subflow_reqsk_alloc(ops, sk, false);
++ else
++ req = inet_reqsk_alloc(ops, sk, false);
+
+- req = inet_reqsk_alloc(ops, sk, false);
+ if (!req)
+ return NULL;
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -359,7 +359,7 @@ do_reset:
+ mptcp_subflow_reset(sk);
+ }
+
+-struct request_sock_ops mptcp_subflow_request_sock_ops;
++static struct request_sock_ops mptcp_subflow_request_sock_ops __ro_after_init;
+ static struct tcp_request_sock_ops subflow_request_sock_ipv4_ops __ro_after_init;
+
+ static int subflow_v4_conn_request(struct sock *sk, struct sk_buff *skb)
+@@ -411,6 +411,16 @@ drop:
+ }
+ #endif
+
++struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops,
++ struct sock *sk_listener,
++ bool attach_listener)
++{
++ ops = &mptcp_subflow_request_sock_ops;
++
++ return inet_reqsk_alloc(ops, sk_listener, attach_listener);
++}
++EXPORT_SYMBOL(mptcp_subflow_reqsk_alloc);
++
+ /* validate hmac received in third ACK */
+ static bool subflow_hmac_valid(const struct request_sock *req,
+ const struct mptcp_options_received *mp_opt)
--- /dev/null
+From stable-owner@vger.kernel.org Sat Jan 7 02:46:50 2023
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Date: Fri, 6 Jan 2023 17:46:31 -0800
+Subject: mptcp: use proper req destructor for IPv6
+To: stable@vger.kernel.org, gregkh@linuxfoundation.org
+Cc: Matthieu Baerts <matthieu.baerts@tessares.net>, pabeni@redhat.com, mptcp@lists.linux.dev, Mat Martineau <mathew.j.martineau@linux.intel.com>, Jakub Kicinski <kuba@kernel.org>
+Message-ID: <20230107014631.449550-5-mathew.j.martineau@linux.intel.com>
+
+From: Mat Martineau <mathew.j.martineau@linux.intel.com>
+
+From: Matthieu Baerts <matthieu.baerts@tessares.net>
+
+commit d3295fee3c756ece33ac0d935e172e68c0a4161b upstream.
+
+Before, only the destructor from TCP request sock in IPv4 was called
+even if the subflow was IPv6.
+
+It is important to use the right destructor to avoid memory leaks with
+some advanced IPv6 features, e.g. when the request socks contain
+specific IPv6 options.
+
+Fixes: 79c0949e9a09 ("mptcp: Add key generation and token tree")
+Reviewed-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Cc: stable@vger.kernel.org # 5.10
+Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
+Signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/mptcp/subflow.c | 19 ++++++++++++++++---
+ 1 file changed, 16 insertions(+), 3 deletions(-)
+
+--- a/net/mptcp/subflow.c
++++ b/net/mptcp/subflow.c
+@@ -40,7 +40,6 @@ static void subflow_req_destructor(struc
+ sock_put((struct sock *)subflow_req->msk);
+
+ mptcp_token_destroy_request(req);
+- tcp_request_sock_ops.destructor(req);
+ }
+
+ static void subflow_generate_hmac(u64 key1, u64 key2, u32 nonce1, u32 nonce2,
+@@ -380,6 +379,12 @@ drop:
+ return 0;
+ }
+
++static void subflow_v4_req_destructor(struct request_sock *req)
++{
++ subflow_req_destructor(req);
++ tcp_request_sock_ops.destructor(req);
++}
++
+ #if IS_ENABLED(CONFIG_MPTCP_IPV6)
+ static struct request_sock_ops mptcp_subflow_v6_request_sock_ops __ro_after_init;
+ static struct tcp_request_sock_ops subflow_request_sock_ipv6_ops __ro_after_init;
+@@ -410,6 +415,12 @@ drop:
+ tcp_listendrop(sk);
+ return 0; /* don't send reset */
+ }
++
++static void subflow_v6_req_destructor(struct request_sock *req)
++{
++ subflow_req_destructor(req);
++ tcp6_request_sock_ops.destructor(req);
++}
+ #endif
+
+ struct request_sock *mptcp_subflow_reqsk_alloc(const struct request_sock_ops *ops,
+@@ -1401,8 +1412,6 @@ static int subflow_ops_init(struct reque
+ if (!subflow_ops->slab)
+ return -ENOMEM;
+
+- subflow_ops->destructor = subflow_req_destructor;
+-
+ return 0;
+ }
+
+@@ -1410,6 +1419,8 @@ void __init mptcp_subflow_init(void)
+ {
+ mptcp_subflow_v4_request_sock_ops = tcp_request_sock_ops;
+ mptcp_subflow_v4_request_sock_ops.slab_name = "request_sock_subflow_v4";
++ mptcp_subflow_v4_request_sock_ops.destructor = subflow_v4_req_destructor;
++
+ if (subflow_ops_init(&mptcp_subflow_v4_request_sock_ops) != 0)
+ panic("MPTCP: failed to init subflow v4 request sock ops\n");
+
+@@ -1431,6 +1442,8 @@ void __init mptcp_subflow_init(void)
+
+ mptcp_subflow_v6_request_sock_ops = tcp6_request_sock_ops;
+ mptcp_subflow_v6_request_sock_ops.slab_name = "request_sock_subflow_v6";
++ mptcp_subflow_v6_request_sock_ops.destructor = subflow_v6_req_destructor;
++
+ if (subflow_ops_init(&mptcp_subflow_v6_request_sock_ops) != 0)
+ panic("MPTCP: failed to init subflow v6 request sock ops\n");
+
--- /dev/null
+From dominique.martinet@atmark-techno.com Thu Jan 12 13:46:08 2023
+From: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Date: Fri, 23 Dec 2022 13:23:54 +0900
+Subject: serial: fixup backport of "serial: Deassert Transmit Enable on probe in driver-specific way"
+To: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>, "Jiri Slaby" <jirislaby@kernel.org>, "Ilpo Järvinen" <ilpo.jarvinen@linux.intel.com>, "Lukas Wunner" <lukas@wunner.de>, "Rasmus Villemoes" <linux@rasmusvillemoes.dk>
+Cc: Daisuke Mizobuchi <mizo@atmark-techno.com>, stable@vger.kernel.org, linux-serial@vger.kernel.org, Dominique Martinet <dominique.martinet@atmark-techno.com>
+Message-ID: <20221223042354.4080724-2-dominique.martinet@atmark-techno.com>
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+When 7c7f9bc986e6 ("serial: Deassert Transmit Enable on probe in
+driver-specific way") got backported to 5.10.y, there known as
+26a2b9c468de, some hunks were accidentally left out.
+
+In serial_core.c, it is possible that the omission in
+uart_suspend_port() is harmless, but the backport did have the
+corresponding hunk in uart_resume_port(), it runs counter to the
+original commit's intention of
+
+ Skip any invocation of ->set_mctrl() if RS485 is enabled.
+
+and it's certainly better to be aligned with upstream.
+
+Link: https://lkml.kernel.org/r/20221222114414.1886632-1-linux@rasmusvillemoes.dk
+Fixes: 26a2b9c468de ("serial: Deassert Transmit Enable on probe in driver-specific way")
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+[the fsl_lpuart part of the 5.15 patch is not required on 5.10,
+because the code before 26a2b9c468de was incorrectly not calling
+uart_remove_one_port on failed_get_rs485]
+Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/tty/serial/serial_core.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/tty/serial/serial_core.c
++++ b/drivers/tty/serial/serial_core.c
+@@ -2254,7 +2254,8 @@ int uart_suspend_port(struct uart_driver
+
+ spin_lock_irq(&uport->lock);
+ ops->stop_tx(uport);
+- ops->set_mctrl(uport, 0);
++ if (!(uport->rs485.flags & SER_RS485_ENABLED))
++ ops->set_mctrl(uport, 0);
+ ops->stop_rx(uport);
+ spin_unlock_irq(&uport->lock);
+
efi-random-combine-bootloader-provided-rng-seed-with-rng-protocol-output.patch
io_uring-fix-unsigned-res-comparison-with-zero-in-io_fixup_rw_res.patch
parisc-align-parisc-madv_xxx-constants-with-all-other-architectures.patch
+ext4-disable-fast-commit-of-encrypted-dir-operations.patch
+ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch
+fsl_lpuart-don-t-enable-interrupts-too-early.patch
+serial-fixup-backport-of-serial-deassert-transmit-enable-on-probe-in-driver-specific-way.patch
+mptcp-mark-ops-structures-as-ro_after_init.patch
+mptcp-remove-mptcp-ifdef-in-tcp-syn-cookies.patch
+mptcp-dedicated-request-sock-for-subflow-in-v6.patch
+mptcp-use-proper-req-destructor-for-ipv6.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
