From: Sasha Levin Date: Fri, 25 Nov 2022 18:03:04 +0000 (-0500) Subject: Fixes for 5.4 X-Git-Tag: v5.15.80~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2611ffc4edb61c4891de27b6190e1e343af28901;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/arm64-syscall-include-asm-ptrace.h-in-syscall_wrappe.patch b/queue-5.4/arm64-syscall-include-asm-ptrace.h-in-syscall_wrappe.patch new file mode 100644 index 00000000000..010f80b8c07 --- /dev/null +++ b/queue-5.4/arm64-syscall-include-asm-ptrace.h-in-syscall_wrappe.patch @@ -0,0 +1,51 @@ +From c84b489217a242588034c961a164fa02f34f4057 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 31 Oct 2022 14:57:28 -0700 +Subject: arm64/syscall: Include asm/ptrace.h in syscall_wrapper header. + +From: Kuniyuki Iwashima + +[ Upstream commit acfc35cfcee5df419391671ef1a631f43feee4e3 ] + +Add the same change for ARM64 as done in the commit 9440c4294160 +("x86/syscall: Include asm/ptrace.h in syscall_wrapper header") to +make sure all syscalls see 'struct pt_regs' definition and resulted +BTF for '__arm64_sys_*(struct pt_regs *regs)' functions point to +actual struct. + +Without this patch, the BPF verifier refuses to load a tracing prog +which accesses pt_regs. + + bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = -1 EACCES + +With this patch, we can see the correct error, which saves us time +in debugging the prog. + + bpf(BPF_PROG_LOAD, {prog_type=0x1a, ...}, 128) = 4 + bpf(BPF_RAW_TRACEPOINT_OPEN, {raw_tracepoint={name=NULL, prog_fd=4}}, 128) = -1 ENOTSUPP + +Signed-off-by: Kuniyuki Iwashima +Acked-by: Andrii Nakryiko +Link: https://lore.kernel.org/r/20221031215728.50389-1-kuniyu@amazon.com +Signed-off-by: Catalin Marinas +Signed-off-by: Sasha Levin +--- + arch/arm64/include/asm/syscall_wrapper.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/include/asm/syscall_wrapper.h b/arch/arm64/include/asm/syscall_wrapper.h +index 06d880b3526c..43a20888bf19 100644 +--- a/arch/arm64/include/asm/syscall_wrapper.h ++++ b/arch/arm64/include/asm/syscall_wrapper.h +@@ -8,7 +8,7 @@ + #ifndef __ASM_SYSCALL_WRAPPER_H + #define __ASM_SYSCALL_WRAPPER_H + +-struct pt_regs; ++#include + + #define SC_ARM64_REGS_TO_ARGS(x, ...) \ + __MAP(x,__SC_ARGS \ +-- +2.35.1 + diff --git a/queue-5.4/audit-fix-undefined-behavior-in-bit-shift-for-audit_.patch b/queue-5.4/audit-fix-undefined-behavior-in-bit-shift-for-audit_.patch new file mode 100644 index 00000000000..6bd95b6d878 --- /dev/null +++ b/queue-5.4/audit-fix-undefined-behavior-in-bit-shift-for-audit_.patch @@ -0,0 +1,52 @@ +From 25fe2cc68c8dc1cf81a88c64f54d392fabf89761 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 31 Oct 2022 10:10:21 +0800 +Subject: audit: fix undefined behavior in bit shift for AUDIT_BIT + +From: Gaosheng Cui + +[ Upstream commit 986d93f55bdeab1cac858d1e47b41fac10b2d7f6 ] + +Shifting signed 32-bit value by 31 bits is undefined, so changing +significant bit to unsigned. The UBSAN warning calltrace like below: + +UBSAN: shift-out-of-bounds in kernel/auditfilter.c:179:23 +left shift of 1 by 31 places cannot be represented in type 'int' +Call Trace: + + dump_stack_lvl+0x7d/0xa5 + dump_stack+0x15/0x1b + ubsan_epilogue+0xe/0x4e + __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c + audit_register_class+0x9d/0x137 + audit_classes_init+0x4d/0xb8 + do_one_initcall+0x76/0x430 + kernel_init_freeable+0x3b3/0x422 + kernel_init+0x24/0x1e0 + ret_from_fork+0x1f/0x30 + + +Signed-off-by: Gaosheng Cui +[PM: remove bad 'Fixes' tag as issue predates git, added in v2.6.6-rc1] +Signed-off-by: Paul Moore +Signed-off-by: Sasha Levin +--- + include/uapi/linux/audit.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/uapi/linux/audit.h b/include/uapi/linux/audit.h +index c89c6495983d..a79f8c285a10 100644 +--- a/include/uapi/linux/audit.h ++++ b/include/uapi/linux/audit.h +@@ -179,7 +179,7 @@ + #define AUDIT_MAX_KEY_LEN 256 + #define AUDIT_BITMASK_SIZE 64 + #define AUDIT_WORD(nr) ((__u32)((nr)/32)) +-#define AUDIT_BIT(nr) (1 << ((nr) - AUDIT_WORD(nr)*32)) ++#define AUDIT_BIT(nr) (1U << ((nr) - AUDIT_WORD(nr)*32)) + + #define AUDIT_SYSCALL_CLASSES 16 + #define AUDIT_CLASS_DIR_WRITE 0 +-- +2.35.1 + diff --git a/queue-5.4/block-bfq-fix-null-pointer-dereference-in-bfq_bio_bf.patch b/queue-5.4/block-bfq-fix-null-pointer-dereference-in-bfq_bio_bf.patch new file mode 100644 index 00000000000..21807b61337 --- /dev/null +++ b/queue-5.4/block-bfq-fix-null-pointer-dereference-in-bfq_bio_bf.patch @@ -0,0 +1,151 @@ +From c587f35adfcd820c23390fecf5f183aa65da3aeb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Nov 2022 18:34:34 +0800 +Subject: block, bfq: fix null pointer dereference in bfq_bio_bfqg() + +From: Yu Kuai + +[ Upstream commit f02be9002c480cd3ec0fcf184ad27cf531bd6ece ] + +Out test found a following problem in kernel 5.10, and the same problem +should exist in mainline: + +BUG: kernel NULL pointer dereference, address: 0000000000000094 +PGD 0 P4D 0 +Oops: 0000 [#1] SMP +CPU: 7 PID: 155 Comm: kworker/7:1 Not tainted 5.10.0-01932-g19e0ace2ca1d-dirty 4 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-b4 +Workqueue: kthrotld blk_throtl_dispatch_work_fn +RIP: 0010:bfq_bio_bfqg+0x52/0xc0 +Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b +RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002 +RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000 +RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18 +RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10 +R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000 +R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000 +FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + bfq_bic_update_cgroup+0x3c/0x350 + ? ioc_create_icq+0x42/0x270 + bfq_init_rq+0xfd/0x1060 + bfq_insert_requests+0x20f/0x1cc0 + ? ioc_create_icq+0x122/0x270 + blk_mq_sched_insert_requests+0x86/0x1d0 + blk_mq_flush_plug_list+0x193/0x2a0 + blk_flush_plug_list+0x127/0x170 + blk_finish_plug+0x31/0x50 + blk_throtl_dispatch_work_fn+0x151/0x190 + process_one_work+0x27c/0x5f0 + worker_thread+0x28b/0x6b0 + ? rescuer_thread+0x590/0x590 + kthread+0x153/0x1b0 + ? kthread_flush_work+0x170/0x170 + ret_from_fork+0x1f/0x30 +Modules linked in: +CR2: 0000000000000094 +---[ end trace e2e59ac014314547 ]--- +RIP: 0010:bfq_bio_bfqg+0x52/0xc0 +Code: 94 00 00 00 00 75 2e 48 8b 40 30 48 83 05 35 06 c8 0b 01 48 85 c0 74 3d 4b +RSP: 0018:ffffc90001a1fba0 EFLAGS: 00010002 +RAX: ffff888100d60400 RBX: ffff8881132e7000 RCX: 0000000000000000 +RDX: 0000000000000017 RSI: ffff888103580a18 RDI: ffff888103580a18 +RBP: ffff8881132e7000 R08: 0000000000000000 R09: ffffc90001a1fe10 +R10: 0000000000000a20 R11: 0000000000034320 R12: 0000000000000000 +R13: ffff888103580a18 R14: ffff888114447000 R15: 0000000000000000 +FS: 0000000000000000(0000) GS:ffff88881fdc0000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 0000000000000094 CR3: 0000000100cdb000 CR4: 00000000000006e0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + +Root cause is quite complex: + +1) use bfq elevator for the test device. +2) create a cgroup CG +3) config blk throtl in CG + + blkg_conf_prep + blkg_create + +4) create a thread T1 and issue async io in CG: + + bio_init + bio_associate_blkg + ... + submit_bio + submit_bio_noacct + blk_throtl_bio -> io is throttled + // io submit is done + +5) switch elevator: + + bfq_exit_queue + blkcg_deactivate_policy + list_for_each_entry(blkg, &q->blkg_list, q_node) + blkg->pd[] = NULL + // bfq policy is removed + +5) thread t1 exist, then remove the cgroup CG: + + blkcg_unpin_online + blkcg_destroy_blkgs + blkg_destroy + list_del_init(&blkg->q_node) + // blkg is removed from queue list + +6) switch elevator back to bfq + + bfq_init_queue + bfq_create_group_hierarchy + blkcg_activate_policy + list_for_each_entry_reverse(blkg, &q->blkg_list) + // blkg is removed from list, hence bfq policy is still NULL + +7) throttled io is dispatched to bfq: + + bfq_insert_requests + bfq_init_rq + bfq_bic_update_cgroup + bfq_bio_bfqg + bfqg = blkg_to_bfqg(blkg) + // bfqg is NULL because bfq policy is NULL + +The problem is only possible in bfq because only bfq can be deactivated and +activated while queue is online, while others can only be deactivated while +the device is removed. + +Fix the problem in bfq by checking if blkg is online before calling +blkg_to_bfqg(). + +Signed-off-by: Yu Kuai +Reviewed-by: Jan Kara +Link: https://lore.kernel.org/r/20221108103434.2853269-1-yukuai1@huaweicloud.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + block/bfq-cgroup.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/block/bfq-cgroup.c b/block/bfq-cgroup.c +index 09d721b1f6ac..59fd1b10b5f3 100644 +--- a/block/bfq-cgroup.c ++++ b/block/bfq-cgroup.c +@@ -594,6 +594,10 @@ struct bfq_group *bfq_bio_bfqg(struct bfq_data *bfqd, struct bio *bio) + struct bfq_group *bfqg; + + while (blkg) { ++ if (!blkg->online) { ++ blkg = blkg->parent; ++ continue; ++ } + bfqg = blkg_to_bfqg(blkg); + if (bfqg->online) { + bio_associate_blkg_from_css(bio, &blkg->blkcg->css); +-- +2.35.1 + diff --git a/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-acer-swit.patch b/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-acer-swit.patch new file mode 100644 index 00000000000..74afe3d9c87 --- /dev/null +++ b/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-acer-swit.patch @@ -0,0 +1,43 @@ +From 778b0ae30109bc14846ff48901a67327fe830a28 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 6 Nov 2022 22:50:52 +0100 +Subject: drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 + (SW5-017) + +From: Hans de Goede + +[ Upstream commit 653f2d94fcda200b02bd79cea2e0307b26c1b747 ] + +Like the Acer Switch One 10 S1003, for which there already is a quirk, +the Acer Switch V 10 (SW5-017) has a 800x1280 portrait screen mounted +in the tablet part of a landscape oriented 2-in-1. Add a quirk for this. + +Cc: Rudolf Polzer +Signed-off-by: Hans de Goede +Acked-by: Simon Ser +Link: https://patchwork.freedesktop.org/patch/msgid/20221106215052.66995-1-hdegoede@redhat.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/drm_panel_orientation_quirks.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c +index 083273736c83..ca0fefeaab20 100644 +--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c ++++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c +@@ -128,6 +128,12 @@ static const struct dmi_system_id orientation_data[] = { + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "One S1003"), + }, + .driver_data = (void *)&lcd800x1280_rightside_up, ++ }, { /* Acer Switch V 10 (SW5-017) */ ++ .matches = { ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Acer"), ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "SW5-017"), ++ }, ++ .driver_data = (void *)&lcd800x1280_rightside_up, + }, { /* Anbernic Win600 */ + .matches = { + DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Anbernic"), +-- +2.35.1 + diff --git a/queue-5.4/mips-pic32-treat-port-as-signed-integer.patch b/queue-5.4/mips-pic32-treat-port-as-signed-integer.patch new file mode 100644 index 00000000000..dd796543be4 --- /dev/null +++ b/queue-5.4/mips-pic32-treat-port-as-signed-integer.patch @@ -0,0 +1,105 @@ +From 936b6eb1b10530e31fe0638ed3df05bebb935120 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 28 Oct 2022 15:23:44 +0200 +Subject: MIPS: pic32: treat port as signed integer + +From: Jason A. Donenfeld + +[ Upstream commit 648060902aa302331b5d6e4f26d8ee0761d239ab ] + +get_port_from_cmdline() returns an int, yet is assigned to a char, which +is wrong in its own right, but also, with char becoming unsigned, this +poses problems, because -1 is used as an error value. Further +complicating things, fw_init_early_console() is only ever called with a +-1 argument. Fix this up by removing the unused argument from +fw_init_early_console() and treating port as a proper signed integer. + +Cc: Thomas Bogendoerfer +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Thomas Bogendoerfer +Signed-off-by: Sasha Levin +--- + arch/mips/include/asm/fw/fw.h | 2 +- + arch/mips/pic32/pic32mzda/early_console.c | 13 ++++++------- + arch/mips/pic32/pic32mzda/init.c | 2 +- + 3 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/arch/mips/include/asm/fw/fw.h b/arch/mips/include/asm/fw/fw.h +index d0ef8b4892bb..d0494ce4b337 100644 +--- a/arch/mips/include/asm/fw/fw.h ++++ b/arch/mips/include/asm/fw/fw.h +@@ -26,6 +26,6 @@ extern char *fw_getcmdline(void); + extern void fw_meminit(void); + extern char *fw_getenv(char *name); + extern unsigned long fw_getenvl(char *name); +-extern void fw_init_early_console(char port); ++extern void fw_init_early_console(void); + + #endif /* __ASM_FW_H_ */ +diff --git a/arch/mips/pic32/pic32mzda/early_console.c b/arch/mips/pic32/pic32mzda/early_console.c +index 8c236738b5ee..5d48408f84b1 100644 +--- a/arch/mips/pic32/pic32mzda/early_console.c ++++ b/arch/mips/pic32/pic32mzda/early_console.c +@@ -27,7 +27,7 @@ + #define U_BRG(x) (UART_BASE(x) + 0x40) + + static void __iomem *uart_base; +-static char console_port = -1; ++static int console_port = -1; + + static int __init configure_uart_pins(int port) + { +@@ -47,7 +47,7 @@ static int __init configure_uart_pins(int port) + return 0; + } + +-static void __init configure_uart(char port, int baud) ++static void __init configure_uart(int port, int baud) + { + u32 pbclk; + +@@ -60,7 +60,7 @@ static void __init configure_uart(char port, int baud) + uart_base + PIC32_SET(U_STA(port))); + } + +-static void __init setup_early_console(char port, int baud) ++static void __init setup_early_console(int port, int baud) + { + if (configure_uart_pins(port)) + return; +@@ -130,16 +130,15 @@ static int __init get_baud_from_cmdline(char *arch_cmdline) + return baud; + } + +-void __init fw_init_early_console(char port) ++void __init fw_init_early_console(void) + { + char *arch_cmdline = pic32_getcmdline(); +- int baud = -1; ++ int baud, port; + + uart_base = ioremap_nocache(PIC32_BASE_UART, 0xc00); + + baud = get_baud_from_cmdline(arch_cmdline); +- if (port == -1) +- port = get_port_from_cmdline(arch_cmdline); ++ port = get_port_from_cmdline(arch_cmdline); + + if (port == -1) + port = EARLY_CONSOLE_PORT; +diff --git a/arch/mips/pic32/pic32mzda/init.c b/arch/mips/pic32/pic32mzda/init.c +index f232c77ff526..488c0bee7ebf 100644 +--- a/arch/mips/pic32/pic32mzda/init.c ++++ b/arch/mips/pic32/pic32mzda/init.c +@@ -60,7 +60,7 @@ void __init plat_mem_setup(void) + strlcpy(arcs_cmdline, boot_command_line, COMMAND_LINE_SIZE); + + #ifdef CONFIG_EARLY_PRINTK +- fw_init_early_console(-1); ++ fw_init_early_console(); + #endif + pic32_config_init(); + } +-- +2.35.1 + diff --git a/queue-5.4/risc-v-vdso-do-not-add-missing-symbols-to-version-se.patch b/queue-5.4/risc-v-vdso-do-not-add-missing-symbols-to-version-se.patch new file mode 100644 index 00000000000..85cfbb16e57 --- /dev/null +++ b/queue-5.4/risc-v-vdso-do-not-add-missing-symbols-to-version-se.patch @@ -0,0 +1,69 @@ +From 292d604b800f8a39f59f44fa6ab0d9b8d78f9d2c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Nov 2022 10:13:23 -0700 +Subject: RISC-V: vdso: Do not add missing symbols to version section in linker + script + +From: Nathan Chancellor + +[ Upstream commit fcae44fd36d052e956e69a64642fc03820968d78 ] + +Recently, ld.lld moved from '--undefined-version' to +'--no-undefined-version' as the default, which breaks the compat vDSO +build: + + ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_gettimeofday' failed: symbol not defined + ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_gettime' failed: symbol not defined + ld.lld: error: version script assignment of 'LINUX_4.15' to symbol '__vdso_clock_getres' failed: symbol not defined + +These symbols are not present in the compat vDSO or the regular vDSO for +32-bit but they are unconditionally included in the version section of +the linker script, which is prohibited with '--no-undefined-version'. + +Fix this issue by only including the symbols that are actually exported +in the version section of the linker script. + +Link: https://github.com/ClangBuiltLinux/linux/issues/1756 +Signed-off-by: Nathan Chancellor +Tested-by: Conor Dooley +Link: https://lore.kernel.org/r/20221108171324.3377226-1-nathan@kernel.org/ +Signed-off-by: Palmer Dabbelt +Signed-off-by: Sasha Levin +--- + arch/riscv/kernel/vdso/Makefile | 3 +++ + arch/riscv/kernel/vdso/vdso.lds.S | 2 ++ + 2 files changed, 5 insertions(+) + +diff --git a/arch/riscv/kernel/vdso/Makefile b/arch/riscv/kernel/vdso/Makefile +index a4ee3a0e7d20..c533ac869aa2 100644 +--- a/arch/riscv/kernel/vdso/Makefile ++++ b/arch/riscv/kernel/vdso/Makefile +@@ -20,6 +20,9 @@ obj-vdso := $(addprefix $(obj)/, $(obj-vdso)) + + obj-y += vdso.o vdso-syms.o + CPPFLAGS_vdso.lds += -P -C -U$(ARCH) ++ifneq ($(filter vgettimeofday, $(vdso-syms)),) ++CPPFLAGS_vdso.lds += -DHAS_VGETTIMEOFDAY ++endif + + # Disable gcov profiling for VDSO code + GCOV_PROFILE := n +diff --git a/arch/riscv/kernel/vdso/vdso.lds.S b/arch/riscv/kernel/vdso/vdso.lds.S +index f66a091cb890..4c45adf23259 100644 +--- a/arch/riscv/kernel/vdso/vdso.lds.S ++++ b/arch/riscv/kernel/vdso/vdso.lds.S +@@ -62,9 +62,11 @@ VERSION + LINUX_4.15 { + global: + __vdso_rt_sigreturn; ++#ifdef HAS_VGETTIMEOFDAY + __vdso_gettimeofday; + __vdso_clock_gettime; + __vdso_clock_getres; ++#endif + __vdso_getcpu; + __vdso_flush_icache; + local: *; +-- +2.35.1 + diff --git a/queue-5.4/series b/queue-5.4/series index e69de29bb2d..10b37b4d681 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -0,0 +1,10 @@ +wifi-mac80211-fix-memory-free-error-when-registering.patch +wifi-mac80211_hwsim-fix-debugfs-attribute-ps-with-rc.patch +audit-fix-undefined-behavior-in-bit-shift-for-audit_.patch +wifi-mac80211-fix-ack-frame-idr-leak-when-mesh-has-n.patch +spi-stm32-fix-stm32_spi_prepare_mbr-that-halves-spi-.patch +drm-panel-orientation-quirks-add-quirk-for-acer-swit.patch +block-bfq-fix-null-pointer-dereference-in-bfq_bio_bf.patch +arm64-syscall-include-asm-ptrace.h-in-syscall_wrappe.patch +risc-v-vdso-do-not-add-missing-symbols-to-version-se.patch +mips-pic32-treat-port-as-signed-integer.patch diff --git a/queue-5.4/spi-stm32-fix-stm32_spi_prepare_mbr-that-halves-spi-.patch b/queue-5.4/spi-stm32-fix-stm32_spi_prepare_mbr-that-halves-spi-.patch new file mode 100644 index 00000000000..32368f42979 --- /dev/null +++ b/queue-5.4/spi-stm32-fix-stm32_spi_prepare_mbr-that-halves-spi-.patch @@ -0,0 +1,51 @@ +From 20d68e814f0a9bec9cd553b1afceee0d38e6f859 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 3 Nov 2022 09:00:42 +0100 +Subject: spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every + run + +From: Sean Nyekjaer + +[ Upstream commit 62aa1a344b0904549f6de7af958e8a1136fd5228 ] + +When this driver is used with a driver that uses preallocated spi_transfer +structs. The speed_hz is halved by every run. This results in: + +spi_stm32 44004000.spi: SPI transfer setup failed +ads7846 spi0.0: SPI transfer failed: -22 + +Example when running with DIV_ROUND_UP(): +- First run; speed_hz = 1000000, spi->clk_rate 125000000 + div 125 -> mbrdiv = 7, cur_speed = 976562 +- Second run; speed_hz = 976562 + div 128,00007 (roundup to 129) -> mbrdiv = 8, cur_speed = 488281 +- Third run; speed_hz = 488281 + div 256,000131072067109 (roundup to 257) and then -EINVAL is returned. + +Use DIV_ROUND_CLOSEST to allow to round down and allow us to keep the +set speed. + +Signed-off-by: Sean Nyekjaer +Link: https://lore.kernel.org/r/20221103080043.3033414-1-sean@geanix.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/spi/spi-stm32.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/spi/spi-stm32.c b/drivers/spi/spi-stm32.c +index a1961a973839..e843e9453c71 100644 +--- a/drivers/spi/spi-stm32.c ++++ b/drivers/spi/spi-stm32.c +@@ -444,7 +444,7 @@ static int stm32_spi_prepare_mbr(struct stm32_spi *spi, u32 speed_hz, + u32 div, mbrdiv; + + /* Ensure spi->clk_rate is even */ +- div = DIV_ROUND_UP(spi->clk_rate & ~0x1, speed_hz); ++ div = DIV_ROUND_CLOSEST(spi->clk_rate & ~0x1, speed_hz); + + /* + * SPI framework set xfer->speed_hz to master->max_speed_hz if +-- +2.35.1 + diff --git a/queue-5.4/wifi-mac80211-fix-ack-frame-idr-leak-when-mesh-has-n.patch b/queue-5.4/wifi-mac80211-fix-ack-frame-idr-leak-when-mesh-has-n.patch new file mode 100644 index 00000000000..f88e313fd69 --- /dev/null +++ b/queue-5.4/wifi-mac80211-fix-ack-frame-idr-leak-when-mesh-has-n.patch @@ -0,0 +1,42 @@ +From 22d7dd8a005908464731401bfa46a2fcaf7f34c2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 27 Oct 2022 16:01:33 +0200 +Subject: wifi: mac80211: Fix ack frame idr leak when mesh has no route + +From: Nicolas Cavallari + +[ Upstream commit 39e7b5de9853bd92ddbfa4b14165babacd7da0ba ] + +When trying to transmit an data frame with tx_status to a destination +that have no route in the mesh, then it is dropped without recrediting +the ack_status_frames idr. + +Once it is exhausted, wpa_supplicant starts failing to do SAE with +NL80211_CMD_FRAME and logs "nl80211: Frame command failed". + +Use ieee80211_free_txskb() instead of kfree_skb() to fix it. + +Signed-off-by: Nicolas Cavallari +Link: https://lore.kernel.org/r/20221027140133.1504-1-nicolas.cavallari@green-communications.fr +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/mesh_pathtbl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c +index d7ae7415d54d..80a83d0d9550 100644 +--- a/net/mac80211/mesh_pathtbl.c ++++ b/net/mac80211/mesh_pathtbl.c +@@ -720,7 +720,7 @@ int mesh_path_send_to_gates(struct mesh_path *mpath) + void mesh_path_discard_frame(struct ieee80211_sub_if_data *sdata, + struct sk_buff *skb) + { +- kfree_skb(skb); ++ ieee80211_free_txskb(&sdata->local->hw, skb); + sdata->u.mesh.mshstats.dropped_frames_no_route++; + } + +-- +2.35.1 + diff --git a/queue-5.4/wifi-mac80211-fix-memory-free-error-when-registering.patch b/queue-5.4/wifi-mac80211-fix-memory-free-error-when-registering.patch new file mode 100644 index 00000000000..4c5ca236df6 --- /dev/null +++ b/queue-5.4/wifi-mac80211-fix-memory-free-error-when-registering.patch @@ -0,0 +1,53 @@ +From 27ae354c489ec4ae4f79765c2aa81300bc9aed02 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 15 Oct 2022 17:38:31 +0800 +Subject: wifi: mac80211: fix memory free error when registering wiphy fail + +From: taozhang + +[ Upstream commit 50b2e8711462409cd368c41067405aa446dfa2af ] + +ieee80211_register_hw free the allocated cipher suites when +registering wiphy fail, and ieee80211_free_hw will re-free it. + +set wiphy_ciphers_allocated to false after freeing allocated +cipher suites. + +Signed-off-by: taozhang +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/main.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index f215218a88c9..fa2ac02063cf 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -1315,8 +1315,10 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) + ieee80211_led_exit(local); + destroy_workqueue(local->workqueue); + fail_workqueue: +- if (local->wiphy_ciphers_allocated) ++ if (local->wiphy_ciphers_allocated) { + kfree(local->hw.wiphy->cipher_suites); ++ local->wiphy_ciphers_allocated = false; ++ } + kfree(local->int_scan_req); + return result; + } +@@ -1386,8 +1388,10 @@ void ieee80211_free_hw(struct ieee80211_hw *hw) + mutex_destroy(&local->iflist_mtx); + mutex_destroy(&local->mtx); + +- if (local->wiphy_ciphers_allocated) ++ if (local->wiphy_ciphers_allocated) { + kfree(local->hw.wiphy->cipher_suites); ++ local->wiphy_ciphers_allocated = false; ++ } + + idr_for_each(&local->ack_status_frames, + ieee80211_free_ack_frame, NULL); +-- +2.35.1 + diff --git a/queue-5.4/wifi-mac80211_hwsim-fix-debugfs-attribute-ps-with-rc.patch b/queue-5.4/wifi-mac80211_hwsim-fix-debugfs-attribute-ps-with-rc.patch new file mode 100644 index 00000000000..b0ca6e19866 --- /dev/null +++ b/queue-5.4/wifi-mac80211_hwsim-fix-debugfs-attribute-ps-with-rc.patch @@ -0,0 +1,57 @@ +From 3680ea324b9e9b5bc98d57b4399a1fbb750f298f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 Oct 2022 16:54:39 +0200 +Subject: wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support + +From: Jonas Jelonek + +[ Upstream commit 69188df5f6e4cecc6b76b958979ba363cd5240e8 ] + +Fixes a warning that occurs when rc table support is enabled +(IEEE80211_HW_SUPPORTS_RC_TABLE) in mac80211_hwsim and the PS mode +is changed via the exported debugfs attribute. + +When the PS mode is changed, a packet is broadcasted via +hwsim_send_nullfunc by creating and transmitting a plain skb with only +header initialized. The ieee80211 rate array in the control buffer is +zero-initialized. When ratetbl support is enabled, ieee80211_get_tx_rates +is called for the skb with sta parameter set to NULL and thus no +ratetbl can be used. The final rate array then looks like +[-1,0; 0,0; 0,0; 0,0] which causes the warning in ieee80211_get_tx_rate. + +The issue is fixed by setting the count of the first rate with idx '0' +to 1 and hence ieee80211_get_tx_rates won't overwrite it with idx '-1'. + +Signed-off-by: Jonas Jelonek +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/mac80211_hwsim.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c +index 3a3a5a570694..f80b1d57d6c3 100644 +--- a/drivers/net/wireless/mac80211_hwsim.c ++++ b/drivers/net/wireless/mac80211_hwsim.c +@@ -663,6 +663,7 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac, + struct hwsim_vif_priv *vp = (void *)vif->drv_priv; + struct sk_buff *skb; + struct ieee80211_hdr *hdr; ++ struct ieee80211_tx_info *cb; + + if (!vp->assoc) + return; +@@ -684,6 +685,10 @@ static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac, + memcpy(hdr->addr2, mac, ETH_ALEN); + memcpy(hdr->addr3, vp->bssid, ETH_ALEN); + ++ cb = IEEE80211_SKB_CB(skb); ++ cb->control.rates[0].count = 1; ++ cb->control.rates[1].idx = -1; ++ + rcu_read_lock(); + mac80211_hwsim_tx_frame(data->hw, skb, + rcu_dereference(vif->chanctx_conf)->def.chan); +-- +2.35.1 +