From: Sasha Levin Date: Wed, 7 Apr 2021 23:53:06 +0000 (-0400) Subject: Fixes for 5.10 X-Git-Tag: v4.4.266~28 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2914aad9bcd2a13e145e72983bbdc835437f9468;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.10 Signed-off-by: Sasha Levin --- diff --git a/queue-5.10/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch b/queue-5.10/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch new file mode 100644 index 00000000000..59d3189e5b6 --- /dev/null +++ b/queue-5.10/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch @@ -0,0 +1,41 @@ +From 08d5c981228e6096ddd39504c2211f252462b4c1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 15:56:44 +0000 +Subject: ARM: dts: am33xx: add aliases for mmc interfaces + +From: Mans Rullgard + +[ Upstream commit 9bbce32a20d6a72c767a7f85fd6127babd1410ac ] + +Without DT aliases, the numbering of mmc interfaces is unpredictable. +Adding them makes it possible to refer to devices consistently. The +popular suggestion to use UUIDs obviously doesn't work with a blank +device fresh from the factory. + +See commit fa2d0aa96941 ("mmc: core: Allow setting slot index via +device tree alias") for more discussion. + +Signed-off-by: Mans Rullgard +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/am33xx.dtsi | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/arm/boot/dts/am33xx.dtsi b/arch/arm/boot/dts/am33xx.dtsi +index 4c2298024137..f09a61cac2dc 100644 +--- a/arch/arm/boot/dts/am33xx.dtsi ++++ b/arch/arm/boot/dts/am33xx.dtsi +@@ -40,6 +40,9 @@ aliases { + ethernet1 = &cpsw_emac1; + spi0 = &spi0; + spi1 = &spi1; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; + }; + + cpus { +-- +2.30.2 + diff --git a/queue-5.10/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch b/queue-5.10/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch new file mode 100644 index 00000000000..9656ec07e72 --- /dev/null +++ b/queue-5.10/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch @@ -0,0 +1,53 @@ +From 77008337f705ec8d1102305192b7b18ecf0b360f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 16:52:19 +0800 +Subject: block: clear GD_NEED_PART_SCAN later in bdev_disk_changed + +From: Chris Chiu + +[ Upstream commit 5116784039f0421e9a619023cfba3e302c3d9adc ] + +The GD_NEED_PART_SCAN is set by bdev_check_media_change to initiate +a partition scan while removing a block device. It should be cleared +after blk_drop_paritions because blk_drop_paritions could return +-EBUSY and then the consequence __blkdev_get has no chance to do +delete_partition if GD_NEED_PART_SCAN already cleared. + +It causes some problems on some card readers. Ex. Realtek card +reader 0bda:0328 and 0bda:0158. The device node of the partition +will not disappear after the memory card removed. Thus the user +applications can not update the device mapping correctly. + +BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1920874 +Signed-off-by: Chris Chiu +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20210323085219.24428-1-chris.chiu@canonical.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/block_dev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/block_dev.c b/fs/block_dev.c +index fe201b757baa..6516051807b8 100644 +--- a/fs/block_dev.c ++++ b/fs/block_dev.c +@@ -1404,13 +1404,13 @@ int bdev_disk_changed(struct block_device *bdev, bool invalidate) + + lockdep_assert_held(&bdev->bd_mutex); + +- clear_bit(GD_NEED_PART_SCAN, &bdev->bd_disk->state); +- + rescan: + ret = blk_drop_partitions(bdev); + if (ret) + return ret; + ++ clear_bit(GD_NEED_PART_SCAN, &disk->state); ++ + /* + * Historically we only set the capacity to zero for devices that + * support partitions (independ of actually having partitions created). +-- +2.30.2 + diff --git a/queue-5.10/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch b/queue-5.10/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch new file mode 100644 index 00000000000..bbcb22d8f4f --- /dev/null +++ b/queue-5.10/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch @@ -0,0 +1,95 @@ +From 56830dac7c62200fc650cb00c7074a496405e405 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 17:56:47 -0800 +Subject: bpf, x86: Use kvmalloc_array instead kmalloc_array in bpf_jit_comp + +From: Yonghong Song + +[ Upstream commit de920fc64cbaa031f947e9be964bda05fd090380 ] + +x86 bpf_jit_comp.c used kmalloc_array to store jited addresses +for each bpf insn. With a large bpf program, we have see the +following allocation failures in our production server: + + page allocation failure: order:5, mode:0x40cc0(GFP_KERNEL|__GFP_COMP), + nodemask=(null),cpuset=/,mems_allowed=0" + Call Trace: + dump_stack+0x50/0x70 + warn_alloc.cold.120+0x72/0xd2 + ? __alloc_pages_direct_compact+0x157/0x160 + __alloc_pages_slowpath+0xcdb/0xd00 + ? get_page_from_freelist+0xe44/0x1600 + ? vunmap_page_range+0x1ba/0x340 + __alloc_pages_nodemask+0x2c9/0x320 + kmalloc_order+0x18/0x80 + kmalloc_order_trace+0x1d/0xa0 + bpf_int_jit_compile+0x1e2/0x484 + ? kmalloc_order_trace+0x1d/0xa0 + bpf_prog_select_runtime+0xc3/0x150 + bpf_prog_load+0x480/0x720 + ? __mod_memcg_lruvec_state+0x21/0x100 + __do_sys_bpf+0xc31/0x2040 + ? close_pdeo+0x86/0xe0 + do_syscall_64+0x42/0x110 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f2f300f7fa9 + Code: Bad RIP value. + +Dumped assembly: + + ffffffff810b6d70 : + ; { + ffffffff810b6d70: e8 eb a5 b4 00 callq 0xffffffff81c01360 <__fentry__> + ffffffff810b6d75: 41 57 pushq %r15 + ... + ffffffff810b6f39: e9 72 fe ff ff jmp 0xffffffff810b6db0 + ; addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + ffffffff810b6f3e: 8b 45 0c movl 12(%rbp), %eax + ; return __kmalloc(bytes, flags); + ffffffff810b6f41: be c0 0c 00 00 movl $3264, %esi + ; addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + ffffffff810b6f46: 8d 78 01 leal 1(%rax), %edi + ; if (unlikely(check_mul_overflow(n, size, &bytes))) + ffffffff810b6f49: 48 c1 e7 02 shlq $2, %rdi + ; return __kmalloc(bytes, flags); + ffffffff810b6f4d: e8 8e 0c 1d 00 callq 0xffffffff81287be0 <__kmalloc> + ; if (!addrs) { + ffffffff810b6f52: 48 85 c0 testq %rax, %rax + +Change kmalloc_array() to kvmalloc_array() to avoid potential +allocation error for big bpf programs. + +Signed-off-by: Yonghong Song +Signed-off-by: Alexei Starovoitov +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20210309015647.3657852-1-yhs@fb.com +Signed-off-by: Sasha Levin +--- + arch/x86/net/bpf_jit_comp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c +index 023ac12f54a2..4cf3612ccd37 100644 +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -2038,7 +2038,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) + extra_pass = true; + goto skip_init_addrs; + } +- addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); ++ addrs = kvmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + if (!addrs) { + prog = orig_prog; + goto out_addrs; +@@ -2128,7 +2128,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) + if (image) + bpf_prog_fill_jited_linfo(prog, addrs + 1); + out_addrs: +- kfree(addrs); ++ kvfree(addrs); + kfree(jit_data); + prog->aux->jit_data = NULL; + } +-- +2.30.2 + diff --git a/queue-5.10/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch b/queue-5.10/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch new file mode 100644 index 00000000000..dcfd3fbeaa1 --- /dev/null +++ b/queue-5.10/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch @@ -0,0 +1,47 @@ +From 43e1176e0a5c0c0490f653aa3d156c46d3fd3124 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 13:06:57 +0200 +Subject: bus: ti-sysc: Fix warning on unbind if reset is not deasserted + +From: Tony Lindgren + +[ Upstream commit a7b5d7c4969aba8d1f04c29048906abaa71fb6a9 ] + +We currently get thefollowing on driver unbind if a reset is configured +and asserted: + +WARNING: CPU: 0 PID: 993 at drivers/reset/core.c:432 reset_control_assert +... +(reset_control_assert) from [] (sysc_remove+0x190/0x1e4) +(sysc_remove) from [] (platform_remove+0x24/0x3c) +(platform_remove) from [] (__device_release_driver+0x154/0x214) +(__device_release_driver) from [] (device_driver_detach+0x3c/0x8c) +(device_driver_detach) from [] (unbind_store+0x60/0xd4) +(unbind_store) from [] (kernfs_fop_write_iter+0x10c/0x1cc) + +Let's fix it by checking the reset status. + +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + drivers/bus/ti-sysc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c +index 45f5530666d3..16e389dce111 100644 +--- a/drivers/bus/ti-sysc.c ++++ b/drivers/bus/ti-sysc.c +@@ -3044,7 +3044,9 @@ static int sysc_remove(struct platform_device *pdev) + + pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); +- reset_control_assert(ddata->rsts); ++ ++ if (!reset_control_status(ddata->rsts)) ++ reset_control_assert(ddata->rsts); + + unprepare: + sysc_unprepare(ddata); +-- +2.30.2 + diff --git a/queue-5.10/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch b/queue-5.10/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch new file mode 100644 index 00000000000..40b40c37d07 --- /dev/null +++ b/queue-5.10/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch @@ -0,0 +1,42 @@ +From 79ae1ff7f1959c1c97105c981014a12223f95c3c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 16:26:35 +1000 +Subject: cifs: revalidate mapping when we open files for SMB1 POSIX + +From: Ronnie Sahlberg + +[ Upstream commit cee8f4f6fcabfdf229542926128e9874d19016d5 ] + +RHBZ: 1933527 + +Under SMB1 + POSIX, if an inode is reused on a server after we have read and +cached a part of a file, when we then open the new file with the +re-cycled inode there is a chance that we may serve the old data out of cache +to the application. +This only happens for SMB1 (deprecated) and when posix are used. +The simplest solution to avoid this race is to force a revalidate +on smb1-posix open. + +Signed-off-by: Ronnie Sahlberg +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index be46fab4c96d..da057570bb93 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -164,6 +164,7 @@ int cifs_posix_open(char *full_path, struct inode **pinode, + goto posix_open_ret; + } + } else { ++ cifs_revalidate_mapping(*pinode); + cifs_fattr_to_inode(*pinode, &fattr); + } + +-- +2.30.2 + diff --git a/queue-5.10/cifs-silently-ignore-unknown-oplock-break-handle.patch b/queue-5.10/cifs-silently-ignore-unknown-oplock-break-handle.patch new file mode 100644 index 00000000000..cd6bb797873 --- /dev/null +++ b/queue-5.10/cifs-silently-ignore-unknown-oplock-break-handle.patch @@ -0,0 +1,53 @@ +From cb3bbc8771778fcc9cb35f96d040f31641a4b15e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 14:57:11 +0100 +Subject: cifs: Silently ignore unknown oplock break handle + +From: Vincent Whitchurch + +[ Upstream commit 219481a8f90ec3a5eed9638fb35609e4b1aeece7 ] + +Make SMB2 not print out an error when an oplock break is received for an +unknown handle, similar to SMB1. The debug message which is printed for +these unknown handles may also be misleading, so fix that too. + +The SMB2 lease break path is not affected by this patch. + +Without this, a program which writes to a file from one thread, and +opens, reads, and writes the same file from another thread triggers the +below errors several times a minute when run against a Samba server +configured with "smb2 leases = no". + + CIFS: VFS: \\192.168.0.1 No task to wake, unknown frame received! NumMids 2 + 00000000: 424d53fe 00000040 00000000 00000012 .SMB@........... + 00000010: 00000001 00000000 ffffffff ffffffff ................ + 00000020: 00000000 00000000 00000000 00000000 ................ + 00000030: 00000000 00000000 00000000 00000000 ................ + +Signed-off-by: Vincent Whitchurch +Reviewed-by: Tom Talpey +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/smb2misc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c +index db22d686c61f..be3df90bb2bc 100644 +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -745,8 +745,8 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server) + } + } + spin_unlock(&cifs_tcp_ses_lock); +- cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); +- return false; ++ cifs_dbg(FYI, "No file id matched, oplock break ignored\n"); ++ return true; + } + + void +-- +2.30.2 + diff --git a/queue-5.10/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch b/queue-5.10/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch new file mode 100644 index 00000000000..52f0a6111f9 --- /dev/null +++ b/queue-5.10/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch @@ -0,0 +1,37 @@ +From 8bfcb7c2f68c6e89ca7cedde17be14a0c5950bd8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Feb 2021 13:36:51 +0100 +Subject: drm/msm/adreno: a5xx_power: Don't apply A540 lm_setup to other GPUs + +From: Konrad Dybcio + +[ Upstream commit 4a9d36b0610aa7034340e976652e5b43320dd7c5 ] + +While passing the A530-specific lm_setup func to A530 and A540 +to !A530 was fine back when only these two were supported, it +certainly is not a good idea to send A540 specifics to smaller +GPUs like A508 and friends. + +Signed-off-by: Konrad Dybcio +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/adreno/a5xx_power.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a5xx_power.c b/drivers/gpu/drm/msm/adreno/a5xx_power.c +index f176a6f3eff6..e58670a61df4 100644 +--- a/drivers/gpu/drm/msm/adreno/a5xx_power.c ++++ b/drivers/gpu/drm/msm/adreno/a5xx_power.c +@@ -304,7 +304,7 @@ int a5xx_power_init(struct msm_gpu *gpu) + /* Set up the limits management */ + if (adreno_is_a530(adreno_gpu)) + a530_lm_setup(gpu); +- else ++ else if (adreno_is_a540(adreno_gpu)) + a540_lm_setup(gpu); + + /* Set up SP/TP power collpase */ +-- +2.30.2 + diff --git a/queue-5.10/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch b/queue-5.10/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch new file mode 100644 index 00000000000..dcdce7b79ea --- /dev/null +++ b/queue-5.10/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch @@ -0,0 +1,74 @@ +From 756c2df2f931f936b5a26f66589444494ccc2012 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 02:17:12 -0700 +Subject: drm/msm/disp/dpu1: icc path needs to be set before dpu runtime resume + +From: Kalyan Thota + +[ Upstream commit 627dc55c273dab308303a5217bd3e767d7083ddb ] + +DPU runtime resume will request for a min vote on the AXI bus as +it is a necessary step before turning ON the AXI clock. + +The change does below +1) Move the icc path set before requesting runtime get_sync. +2) remove the dependency of hw catalog for min ib vote +as it is initialized at a later point. + +Signed-off-by: Kalyan Thota +Tested-by: Matthias Kaehlcke +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c +index d93c44f6996d..e69ea810e18d 100644 +--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c ++++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c +@@ -43,6 +43,8 @@ + #define DPU_DEBUGFS_DIR "msm_dpu" + #define DPU_DEBUGFS_HWMASKNAME "hw_log_mask" + ++#define MIN_IB_BW 400000000ULL /* Min ib vote 400MB */ ++ + static int dpu_kms_hw_init(struct msm_kms *kms); + static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms); + +@@ -929,6 +931,9 @@ static int dpu_kms_hw_init(struct msm_kms *kms) + DPU_DEBUG("REG_DMA is not defined"); + } + ++ if (of_device_is_compatible(dev->dev->of_node, "qcom,sc7180-mdss")) ++ dpu_kms_parse_data_bus_icc_path(dpu_kms); ++ + pm_runtime_get_sync(&dpu_kms->pdev->dev); + + dpu_kms->core_rev = readl_relaxed(dpu_kms->mmio + 0x0); +@@ -1030,9 +1035,6 @@ static int dpu_kms_hw_init(struct msm_kms *kms) + + dpu_vbif_init_memtypes(dpu_kms); + +- if (of_device_is_compatible(dev->dev->of_node, "qcom,sc7180-mdss")) +- dpu_kms_parse_data_bus_icc_path(dpu_kms); +- + pm_runtime_put_sync(&dpu_kms->pdev->dev); + + return 0; +@@ -1189,10 +1191,10 @@ static int __maybe_unused dpu_runtime_resume(struct device *dev) + + ddev = dpu_kms->dev; + ++ WARN_ON(!(dpu_kms->num_paths)); + /* Min vote of BW is required before turning on AXI clk */ + for (i = 0; i < dpu_kms->num_paths; i++) +- icc_set_bw(dpu_kms->path[i], 0, +- dpu_kms->catalog->perf.min_dram_ib); ++ icc_set_bw(dpu_kms->path[i], 0, Bps_to_icc(MIN_IB_BW)); + + rc = msm_dss_enable_clk(mp->clk_config, mp->num_clk, true); + if (rc) { +-- +2.30.2 + diff --git a/queue-5.10/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch b/queue-5.10/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch new file mode 100644 index 00000000000..2197809d5e9 --- /dev/null +++ b/queue-5.10/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch @@ -0,0 +1,40 @@ +From b390456234d2fbdf2a9013bb63c4c0a8c6184246 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Feb 2021 02:05:28 +0300 +Subject: drm/msm/dsi_pll_7nm: Fix variable usage for pll_lockdet_rate + +From: Dmitry Baryshkov + +[ Upstream commit 9daaf31307856defb1070685418ce5a484ecda3a ] + +The PLL_LOCKDET_RATE_1 was being programmed with a hardcoded value +directly, but the same value was also being specified in the +dsi_pll_regs struct pll_lockdet_rate variable: let's use it! + +Based on 362cadf34b9f ("drm/msm/dsi_pll_10nm: Fix variable usage for +pll_lockdet_rate") + +Signed-off-by: Dmitry Baryshkov +Reviewed-by: Abhinav Kumar +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c +index c1f6708367ae..c1c41846b6b2 100644 +--- a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c ++++ b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c +@@ -325,7 +325,7 @@ static void dsi_pll_commit(struct dsi_pll_7nm *pll) + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_LOW_1, reg->frac_div_start_low); + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_MID_1, reg->frac_div_start_mid); + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_HIGH_1, reg->frac_div_start_high); +- pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCKDET_RATE_1, 0x40); ++ pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCKDET_RATE_1, reg->pll_lockdet_rate); + pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCK_DELAY, 0x06); + pll_write(base + REG_DSI_7nm_PHY_PLL_CMODE_1, 0x10); /* TODO: 0x00 for CPHY */ + pll_write(base + REG_DSI_7nm_PHY_PLL_CLOCK_INVERTERS, reg->pll_clock_inverters); +-- +2.30.2 + diff --git a/queue-5.10/drm-msm-ratelimit-invalid-fence-message.patch b/queue-5.10/drm-msm-ratelimit-invalid-fence-message.patch new file mode 100644 index 00000000000..5fccba40210 --- /dev/null +++ b/queue-5.10/drm-msm-ratelimit-invalid-fence-message.patch @@ -0,0 +1,37 @@ +From a638d5de1097a4544906f747adf12aa4674ee52a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Mar 2021 09:40:38 -0700 +Subject: drm/msm: Ratelimit invalid-fence message + +From: Rob Clark + +[ Upstream commit 7ad48d27a2846bfda29214fb454d001c3e02b9e7 ] + +We have seen a couple cases where low memory situations cause something +bad to happen, followed by a flood of these messages obscuring the root +cause. Lets ratelimit the dmesg spam so that next time it happens we +don't lose the kernel traces leading up to this. + +Signed-off-by: Rob Clark +Reviewed-by: Douglas Anderson +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/msm_fence.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/msm_fence.c b/drivers/gpu/drm/msm/msm_fence.c +index ad2703698b05..cd59a5918038 100644 +--- a/drivers/gpu/drm/msm/msm_fence.c ++++ b/drivers/gpu/drm/msm/msm_fence.c +@@ -45,7 +45,7 @@ int msm_wait_fence(struct msm_fence_context *fctx, uint32_t fence, + int ret; + + if (fence > fctx->last_fence) { +- DRM_ERROR("%s: waiting on invalid fence: %u (of %u)\n", ++ DRM_ERROR_RATELIMITED("%s: waiting on invalid fence: %u (of %u)\n", + fctx->name, fence, fctx->last_fence); + return -EINVAL; + } +-- +2.30.2 + diff --git a/queue-5.10/ia64-fix-format-strings-for-err_inject.patch b/queue-5.10/ia64-fix-format-strings-for-err_inject.patch new file mode 100644 index 00000000000..964c42bcd55 --- /dev/null +++ b/queue-5.10/ia64-fix-format-strings-for-err_inject.patch @@ -0,0 +1,110 @@ +From cd27e13e128ed30ddc78fe0adf7f6a6aeb5735f9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:41 -0700 +Subject: ia64: fix format strings for err_inject + +From: Sergei Trofimovich + +[ Upstream commit 95d44a470a6814207d52dd6312203b0f4ef12710 ] + +Fix warning with %lx / u64 mismatch: + + arch/ia64/kernel/err_inject.c: In function 'show_resources': + arch/ia64/kernel/err_inject.c:62:22: warning: + format '%lx' expects argument of type 'long unsigned int', + but argument 3 has type 'u64' {aka 'long long unsigned int'} + 62 | return sprintf(buf, "%lx", name[cpu]); \ + | ^~~~~~~ + +Link: https://lkml.kernel.org/r/20210313104312.1548232-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/err_inject.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index 8b5b8e6bc9d9..dd5bfed52031 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -59,7 +59,7 @@ show_##name(struct device *dev, struct device_attribute *attr, \ + char *buf) \ + { \ + u32 cpu=dev->id; \ +- return sprintf(buf, "%lx\n", name[cpu]); \ ++ return sprintf(buf, "%llx\n", name[cpu]); \ + } + + #define store(name) \ +@@ -86,9 +86,9 @@ store_call_start(struct device *dev, struct device_attribute *attr, + + #ifdef ERR_INJ_DEBUG + printk(KERN_DEBUG "pal_mc_err_inject for cpu%d:\n", cpu); +- printk(KERN_DEBUG "err_type_info=%lx,\n", err_type_info[cpu]); +- printk(KERN_DEBUG "err_struct_info=%lx,\n", err_struct_info[cpu]); +- printk(KERN_DEBUG "err_data_buffer=%lx, %lx, %lx.\n", ++ printk(KERN_DEBUG "err_type_info=%llx,\n", err_type_info[cpu]); ++ printk(KERN_DEBUG "err_struct_info=%llx,\n", err_struct_info[cpu]); ++ printk(KERN_DEBUG "err_data_buffer=%llx, %llx, %llx.\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3); +@@ -117,8 +117,8 @@ store_call_start(struct device *dev, struct device_attribute *attr, + + #ifdef ERR_INJ_DEBUG + printk(KERN_DEBUG "Returns: status=%d,\n", (int)status[cpu]); +- printk(KERN_DEBUG "capabilities=%lx,\n", capabilities[cpu]); +- printk(KERN_DEBUG "resources=%lx\n", resources[cpu]); ++ printk(KERN_DEBUG "capabilities=%llx,\n", capabilities[cpu]); ++ printk(KERN_DEBUG "resources=%llx\n", resources[cpu]); + #endif + return size; + } +@@ -131,7 +131,7 @@ show_virtual_to_phys(struct device *dev, struct device_attribute *attr, + char *buf) + { + unsigned int cpu=dev->id; +- return sprintf(buf, "%lx\n", phys_addr[cpu]); ++ return sprintf(buf, "%llx\n", phys_addr[cpu]); + } + + static ssize_t +@@ -145,7 +145,7 @@ store_virtual_to_phys(struct device *dev, struct device_attribute *attr, + ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL); + if (ret<=0) { + #ifdef ERR_INJ_DEBUG +- printk("Virtual address %lx is not existing.\n",virt_addr); ++ printk("Virtual address %llx is not existing.\n", virt_addr); + #endif + return -EINVAL; + } +@@ -163,7 +163,7 @@ show_err_data_buffer(struct device *dev, + { + unsigned int cpu=dev->id; + +- return sprintf(buf, "%lx, %lx, %lx\n", ++ return sprintf(buf, "%llx, %llx, %llx\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3); +@@ -178,13 +178,13 @@ store_err_data_buffer(struct device *dev, + int ret; + + #ifdef ERR_INJ_DEBUG +- printk("write err_data_buffer=[%lx,%lx,%lx] on cpu%d\n", ++ printk("write err_data_buffer=[%llx,%llx,%llx] on cpu%d\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3, + cpu); + #endif +- ret=sscanf(buf, "%lx, %lx, %lx", ++ ret = sscanf(buf, "%llx, %llx, %llx", + &err_data_buffer[cpu].data1, + &err_data_buffer[cpu].data2, + &err_data_buffer[cpu].data3); +-- +2.30.2 + diff --git a/queue-5.10/ia64-mca-allocate-early-mca-with-gfp_atomic.patch b/queue-5.10/ia64-mca-allocate-early-mca-with-gfp_atomic.patch new file mode 100644 index 00000000000..b3cb17f9ca7 --- /dev/null +++ b/queue-5.10/ia64-mca-allocate-early-mca-with-gfp_atomic.patch @@ -0,0 +1,61 @@ +From efcad6e483e27c41e7bbe595feac7d69363f63eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:38 -0700 +Subject: ia64: mca: allocate early mca with GFP_ATOMIC + +From: Sergei Trofimovich + +[ Upstream commit f2a419cf495f95cac49ea289318b833477e1a0e2 ] + +The sleep warning happens at early boot right at secondary CPU +activation bootup: + + smp: Bringing up secondary CPUs ... + BUG: sleeping function called from invalid context at mm/page_alloc.c:4942 + in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 + CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.12.0-rc2-00007-g79e228d0b611-dirty #99 + .. + Call Trace: + show_stack+0x90/0xc0 + dump_stack+0x150/0x1c0 + ___might_sleep+0x1c0/0x2a0 + __might_sleep+0xa0/0x160 + __alloc_pages_nodemask+0x1a0/0x600 + alloc_page_interleave+0x30/0x1c0 + alloc_pages_current+0x2c0/0x340 + __get_free_pages+0x30/0xa0 + ia64_mca_cpu_init+0x2d0/0x3a0 + cpu_init+0x8b0/0x1440 + start_secondary+0x60/0x700 + start_ap+0x750/0x780 + Fixed BSP b0 value from CPU 1 + +As I understand interrupts are not enabled yet and system has a lot of +memory. There is little chance to sleep and switch to GFP_ATOMIC should +be a no-op. + +Link: https://lkml.kernel.org/r/20210315085045.204414-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/mca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 2703f7795672..bd0a51dc345a 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1822,7 +1822,7 @@ ia64_mca_cpu_init(void *cpu_data) + data = mca_bootmem(); + first_time = 0; + } else +- data = (void *)__get_free_pages(GFP_KERNEL, ++ data = (void *)__get_free_pages(GFP_ATOMIC, + get_order(sz)); + if (!data) + panic("Could not allocate MCA memory for cpu %d\n", +-- +2.30.2 + diff --git a/queue-5.10/io_uring-fix-timeout-cancel-return-code.patch b/queue-5.10/io_uring-fix-timeout-cancel-return-code.patch new file mode 100644 index 00000000000..ff4765af1bc --- /dev/null +++ b/queue-5.10/io_uring-fix-timeout-cancel-return-code.patch @@ -0,0 +1,63 @@ +From f611e07e137073775b90112bdaff60d94966004b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 18:32:42 +0000 +Subject: io_uring: fix timeout cancel return code + +From: Pavel Begunkov + +[ Upstream commit 1ee4160c73b2102a52bc97a4128a89c34821414f ] + +When we cancel a timeout we should emit a sensible return code, like +-ECANCELED but not 0, otherwise it may trick users. + +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/7b0ad1065e3bd1994722702bd0ba9e7bc9b0683b.1616696997.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/io_uring.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index 4ccf99cb8cdc..0de27e75460d 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -1489,7 +1489,7 @@ static void io_queue_async_work(struct io_kiocb *req) + io_queue_linked_timeout(link); + } + +-static void io_kill_timeout(struct io_kiocb *req) ++static void io_kill_timeout(struct io_kiocb *req, int status) + { + struct io_timeout_data *io = req->async_data; + int ret; +@@ -1499,7 +1499,7 @@ static void io_kill_timeout(struct io_kiocb *req) + atomic_set(&req->ctx->cq_timeouts, + atomic_read(&req->ctx->cq_timeouts) + 1); + list_del_init(&req->timeout.list); +- io_cqring_fill_event(req, 0); ++ io_cqring_fill_event(req, status); + io_put_req_deferred(req, 1); + } + } +@@ -1516,7 +1516,7 @@ static bool io_kill_timeouts(struct io_ring_ctx *ctx, struct task_struct *tsk, + spin_lock_irq(&ctx->completion_lock); + list_for_each_entry_safe(req, tmp, &ctx->timeout_list, timeout.list) { + if (io_match_task(req, tsk, files)) { +- io_kill_timeout(req); ++ io_kill_timeout(req, -ECANCELED); + canceled++; + } + } +@@ -1568,7 +1568,7 @@ static void io_flush_timeouts(struct io_ring_ctx *ctx) + break; + + list_del_init(&req->timeout.list); +- io_kill_timeout(req); ++ io_kill_timeout(req, 0); + } while (!list_empty(&ctx->timeout_list)); + + ctx->cq_last_tm_flush = seq; +-- +2.30.2 + diff --git a/queue-5.10/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch b/queue-5.10/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch new file mode 100644 index 00000000000..c986110919c --- /dev/null +++ b/queue-5.10/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch @@ -0,0 +1,98 @@ +From 281911083997a077e0b3dbf2906eeef644f02a95 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 12:01:28 +0000 +Subject: kselftest/arm64: sve: Do not use non-canonical FFR register value + +From: Andre Przywara + +[ Upstream commit 7011d72588d16a9e5f5d85acbc8b10019809599c ] + +The "First Fault Register" (FFR) is an SVE register that mimics a +predicate register, but clears bits when a load or store fails to handle +an element of a vector. The supposed usage scenario is to initialise +this register (using SETFFR), then *read* it later on to learn about +elements that failed to load or store. Explicit writes to this register +using the WRFFR instruction are only supposed to *restore* values +previously read from the register (for context-switching only). +As the manual describes, this register holds only certain values, it: +"... contains a monotonic predicate value, in which starting from bit 0 +there are zero or more 1 bits, followed only by 0 bits in any remaining +bit positions." +Any other value is UNPREDICTABLE and is not supposed to be "restored" +into the register. + +The SVE test currently tries to write a signature pattern into the +register, which is *not* a canonical FFR value. Apparently the existing +setups treat UNPREDICTABLE as "read-as-written", but a new +implementation actually only stores canonical values. As a consequence, +the sve-test fails immediately when comparing the FFR value: +----------- + # ./sve-test +Vector length: 128 bits +PID: 207 +Mismatch: PID=207, iteration=0, reg=48 + Expected [cf00] + Got [0f00] +Aborted +----------- + +Fix this by only populating the FFR with proper canonical values. +Effectively the requirement described above limits us to 17 unique +values over 16 bits worth of FFR, so we condense our signature down to 4 +bits (2 bits from the PID, 2 bits from the generation) and generate the +canonical pattern from it. Any bits describing elements above the +minimum 128 bit are set to 0. + +This aligns the FFR usage to the architecture and fixes the test on +microarchitectures implementing FFR in a more restricted way. + +Signed-off-by: Andre Przywara +Reviwed-by: Mark Brown +Link: https://lore.kernel.org/r/20210319120128.29452-1-andre.przywara@arm.com +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/arm64/fp/sve-test.S | 22 ++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S +index f95074c9b48b..07f14e279a90 100644 +--- a/tools/testing/selftests/arm64/fp/sve-test.S ++++ b/tools/testing/selftests/arm64/fp/sve-test.S +@@ -284,16 +284,28 @@ endfunction + // Set up test pattern in the FFR + // x0: pid + // x2: generation ++// ++// We need to generate a canonical FFR value, which consists of a number of ++// low "1" bits, followed by a number of zeros. This gives us 17 unique values ++// per 16 bits of FFR, so we create a 4 bit signature out of the PID and ++// generation, and use that as the initial number of ones in the pattern. ++// We fill the upper lanes of FFR with zeros. + // Beware: corrupts P0. + function setup_ffr + mov x4, x30 + +- bl pattern ++ and w0, w0, #0x3 ++ bfi w0, w2, #2, #2 ++ mov w1, #1 ++ lsl w1, w1, w0 ++ sub w1, w1, #1 ++ + ldr x0, =ffrref +- ldr x1, =scratch +- rdvl x2, #1 +- lsr x2, x2, #3 +- bl memcpy ++ strh w1, [x0], 2 ++ rdvl x1, #1 ++ lsr x1, x1, #3 ++ sub x1, x1, #2 ++ bl memclr + + mov x0, #0 + ldr x1, =ffrref +-- +2.30.2 + diff --git a/queue-5.10/kunit-tool-fix-a-python-tuple-typing-error.patch b/queue-5.10/kunit-tool-fix-a-python-tuple-typing-error.patch new file mode 100644 index 00000000000..f754a916af8 --- /dev/null +++ b/queue-5.10/kunit-tool-fix-a-python-tuple-typing-error.patch @@ -0,0 +1,40 @@ +From ca65146c6bc45621fb4c7fc404de98110587fbd4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Feb 2021 21:49:30 -0800 +Subject: kunit: tool: Fix a python tuple typing error + +From: David Gow + +[ Upstream commit 7421b1a4d10c633ca5f14c8236d3e2c1de07e52b ] + +The first argument to namedtuple() should match the name of the type, +which wasn't the case for KconfigEntryBase. + +Fixing this is enough to make mypy show no python typing errors again. + +Fixes 97752c39bd ("kunit: kunit_tool: Allow .kunitconfig to disable config items") +Signed-off-by: David Gow +Reviewed-by: Daniel Latypov +Acked-by: Brendan Higgins +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/testing/kunit/kunit_config.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py +index 02ffc3a3e5dc..b30e9d6db6b4 100644 +--- a/tools/testing/kunit/kunit_config.py ++++ b/tools/testing/kunit/kunit_config.py +@@ -12,7 +12,7 @@ import re + CONFIG_IS_NOT_SET_PATTERN = r'^# CONFIG_(\w+) is not set$' + CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+|".*")$' + +-KconfigEntryBase = collections.namedtuple('KconfigEntry', ['name', 'value']) ++KconfigEntryBase = collections.namedtuple('KconfigEntryBase', ['name', 'value']) + + class KconfigEntry(KconfigEntryBase): + +-- +2.30.2 + diff --git a/queue-5.10/mac80211-check-crypto_aead_encrypt-for-errors.patch b/queue-5.10/mac80211-check-crypto_aead_encrypt-for-errors.patch new file mode 100644 index 00000000000..adac095ac1d --- /dev/null +++ b/queue-5.10/mac80211-check-crypto_aead_encrypt-for-errors.patch @@ -0,0 +1,76 @@ +From e27e44f2031bf38a404378cb92b97806d65477bb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Mar 2021 12:41:36 -0800 +Subject: mac80211: Check crypto_aead_encrypt for errors + +From: Daniel Phan + +[ Upstream commit 58d25626f6f0ea5bcec3c13387b9f835d188723d ] + +crypto_aead_encrypt returns <0 on error, so if these calls are not checked, +execution may continue with failed encrypts. It also seems that these two +crypto_aead_encrypt calls are the only instances in the codebase that are +not checked for errors. + +Signed-off-by: Daniel Phan +Link: https://lore.kernel.org/r/20210309204137.823268-1-daniel.phan36@gmail.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/aead_api.c | 5 +++-- + net/mac80211/aes_gmac.c | 5 +++-- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/net/mac80211/aead_api.c b/net/mac80211/aead_api.c +index d7b3d905d535..b00d6f5b33f4 100644 +--- a/net/mac80211/aead_api.c ++++ b/net/mac80211/aead_api.c +@@ -23,6 +23,7 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, + struct aead_request *aead_req; + int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm); + u8 *__aad; ++ int ret; + + aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC); + if (!aead_req) +@@ -40,10 +41,10 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, + aead_request_set_crypt(aead_req, sg, sg, data_len, b_0); + aead_request_set_ad(aead_req, sg[0].length); + +- crypto_aead_encrypt(aead_req); ++ ret = crypto_aead_encrypt(aead_req); + kfree_sensitive(aead_req); + +- return 0; ++ return ret; + } + + int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, +diff --git a/net/mac80211/aes_gmac.c b/net/mac80211/aes_gmac.c +index 6f3b3a0cc10a..512cab073f2e 100644 +--- a/net/mac80211/aes_gmac.c ++++ b/net/mac80211/aes_gmac.c +@@ -22,6 +22,7 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, + struct aead_request *aead_req; + int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm); + const __le16 *fc; ++ int ret; + + if (data_len < GMAC_MIC_LEN) + return -EINVAL; +@@ -59,10 +60,10 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, + aead_request_set_crypt(aead_req, sg, sg, 0, iv); + aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len); + +- crypto_aead_encrypt(aead_req); ++ ret = crypto_aead_encrypt(aead_req); + kfree_sensitive(aead_req); + +- return 0; ++ return ret; + } + + struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[], +-- +2.30.2 + diff --git a/queue-5.10/mac80211-choose-first-enabled-channel-for-monitor.patch b/queue-5.10/mac80211-choose-first-enabled-channel-for-monitor.patch new file mode 100644 index 00000000000..350658e2f60 --- /dev/null +++ b/queue-5.10/mac80211-choose-first-enabled-channel-for-monitor.patch @@ -0,0 +1,53 @@ +From 5ef072789cfbb3f03c4a5ebada899da2921aba0a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Mar 2021 10:59:07 +0530 +Subject: mac80211: choose first enabled channel for monitor + +From: Karthikeyan Kathirvel + +[ Upstream commit 041c881a0ba8a75f71118bd9766b78f04beed469 ] + +Even if the first channel from sband channel list is invalid +or disabled mac80211 ends up choosing it as the default channel +for monitor interfaces, making them not usable. + +Fix this by assigning the first available valid or enabled +channel instead. + +Signed-off-by: Karthikeyan Kathirvel +Link: https://lore.kernel.org/r/1615440547-7661-1-git-send-email-kathirve@codeaurora.org +[reword commit message, comment, code cleanups] +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/main.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index 523380aed92e..19c093bb3876 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -982,8 +982,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) + continue; + + if (!dflt_chandef.chan) { ++ /* ++ * Assign the first enabled channel to dflt_chandef ++ * from the list of channels ++ */ ++ for (i = 0; i < sband->n_channels; i++) ++ if (!(sband->channels[i].flags & ++ IEEE80211_CHAN_DISABLED)) ++ break; ++ /* if none found then use the first anyway */ ++ if (i == sband->n_channels) ++ i = 0; + cfg80211_chandef_create(&dflt_chandef, +- &sband->channels[0], ++ &sband->channels[i], + NL80211_CHAN_NO_HT); + /* init channel we're on */ + if (!local->use_chanctx && !local->_oper_chandef.chan) { +-- +2.30.2 + diff --git a/queue-5.10/math-export-mul_u64_u64_div_u64.patch b/queue-5.10/math-export-mul_u64_u64_div_u64.patch new file mode 100644 index 00000000000..f137ae83d59 --- /dev/null +++ b/queue-5.10/math-export-mul_u64_u64_div_u64.patch @@ -0,0 +1,29 @@ +From 21e5a4e448e207840425fbae67363b93ce72d8e2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 16:42:54 -0700 +Subject: math: Export mul_u64_u64_div_u64 + +From: David S. Miller + +[ Upstream commit bf45947864764548697e7515fe693e10f173f312 ] + +Fixes: f51d7bf1dbe5 ("ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation") +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + lib/math/div64.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/math/div64.c b/lib/math/div64.c +index 3952a07130d8..edd1090c9edb 100644 +--- a/lib/math/div64.c ++++ b/lib/math/div64.c +@@ -230,4 +230,5 @@ u64 mul_u64_u64_div_u64(u64 a, u64 b, u64 c) + + return res + div64_u64(a * b, c); + } ++EXPORT_SYMBOL(mul_u64_u64_div_u64); + #endif +-- +2.30.2 + diff --git a/queue-5.10/misdn-fix-crash-in-fritzpci.patch b/queue-5.10/misdn-fix-crash-in-fritzpci.patch new file mode 100644 index 00000000000..44803c580c2 --- /dev/null +++ b/queue-5.10/misdn-fix-crash-in-fritzpci.patch @@ -0,0 +1,86 @@ +From 9f68918c8dc567fea77530184f8f581f230fca18 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 23:27:35 -0500 +Subject: mISDN: fix crash in fritzpci + +From: Tong Zhang + +[ Upstream commit a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 ] + +setup_fritz() in avmfritz.c might fail with -EIO and in this case the +isac.type and isac.write_reg is not initialized and remains 0(NULL). +A subsequent call to isac_release() will dereference isac->write_reg and +crash. + +[ 1.737444] BUG: kernel NULL pointer dereference, address: 0000000000000000 +[ 1.737809] #PF: supervisor instruction fetch in kernel mode +[ 1.738106] #PF: error_code(0x0010) - not-present page +[ 1.738378] PGD 0 P4D 0 +[ 1.738515] Oops: 0010 [#1] SMP NOPTI +[ 1.738711] CPU: 0 PID: 180 Comm: systemd-udevd Not tainted 5.12.0-rc2+ #78 +[ 1.739077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-p +rebuilt.qemu.org 04/01/2014 +[ 1.739664] RIP: 0010:0x0 +[ 1.739807] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. +[ 1.740200] RSP: 0018:ffffc9000027ba10 EFLAGS: 00010202 +[ 1.740478] RAX: 0000000000000000 RBX: ffff888102f41840 RCX: 0000000000000027 +[ 1.740853] RDX: 00000000000000ff RSI: 0000000000000020 RDI: ffff888102f41800 +[ 1.741226] RBP: ffffc9000027ba20 R08: ffff88817bc18440 R09: ffffc9000027b808 +[ 1.741600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888102f41840 +[ 1.741976] R13: 00000000fffffffb R14: ffff888102f41800 R15: ffff8881008b0000 +[ 1.742351] FS: 00007fda3a38a8c0(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +[ 1.742774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.743076] CR2: ffffffffffffffd6 CR3: 00000001021ec000 CR4: 00000000000006f0 +[ 1.743452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1.743828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1.744206] Call Trace: +[ 1.744339] isac_release+0xcc/0xe0 [mISDNipac] +[ 1.744582] fritzpci_probe.cold+0x282/0x739 [avmfritz] +[ 1.744861] local_pci_probe+0x48/0x80 +[ 1.745063] pci_device_probe+0x10f/0x1c0 +[ 1.745278] really_probe+0xfb/0x420 +[ 1.745471] driver_probe_device+0xe9/0x160 +[ 1.745693] device_driver_attach+0x5d/0x70 +[ 1.745917] __driver_attach+0x8f/0x150 +[ 1.746123] ? device_driver_attach+0x70/0x70 +[ 1.746354] bus_for_each_dev+0x7e/0xc0 +[ 1.746560] driver_attach+0x1e/0x20 +[ 1.746751] bus_add_driver+0x152/0x1f0 +[ 1.746957] driver_register+0x74/0xd0 +[ 1.747157] ? 0xffffffffc00d8000 +[ 1.747334] __pci_register_driver+0x54/0x60 +[ 1.747562] AVM_init+0x36/0x1000 [avmfritz] +[ 1.747791] do_one_initcall+0x48/0x1d0 +[ 1.747997] ? __cond_resched+0x19/0x30 +[ 1.748206] ? kmem_cache_alloc_trace+0x390/0x440 +[ 1.748458] ? do_init_module+0x28/0x250 +[ 1.748669] do_init_module+0x62/0x250 +[ 1.748870] load_module+0x23ee/0x26a0 +[ 1.749073] __do_sys_finit_module+0xc2/0x120 +[ 1.749307] ? __do_sys_finit_module+0xc2/0x120 +[ 1.749549] __x64_sys_finit_module+0x1a/0x20 +[ 1.749782] do_syscall_64+0x38/0x90 + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c +index ec475087fbf9..39f841b42488 100644 +--- a/drivers/isdn/hardware/mISDN/mISDNipac.c ++++ b/drivers/isdn/hardware/mISDN/mISDNipac.c +@@ -694,7 +694,7 @@ isac_release(struct isac_hw *isac) + { + if (isac->type & IPAC_TYPE_ISACX) + WriteISAC(isac, ISACX_MASK, 0xff); +- else ++ else if (isac->type != 0) + WriteISAC(isac, ISAC_MASK, 0xff); + if (isac->dch.timer.function != NULL) { + del_timer(&isac->dch.timer); +-- +2.30.2 + diff --git a/queue-5.10/net-ipa-fix-init-header-command-validation.patch b/queue-5.10/net-ipa-fix-init-header-command-validation.patch new file mode 100644 index 00000000000..6816ab48cbf --- /dev/null +++ b/queue-5.10/net-ipa-fix-init-header-command-validation.patch @@ -0,0 +1,119 @@ +From 997856003f06e69c180f16633d843be9b974717f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 20 Mar 2021 09:17:28 -0500 +Subject: net: ipa: fix init header command validation + +From: Alex Elder + +[ Upstream commit b4afd4b90a7cfe54c7cd9db49e3c36d552325eac ] + +We use ipa_cmd_header_valid() to ensure certain values we will +program into hardware are within range, well in advance of when we +actually program them. This way we avoid having to check for errors +when we actually program the hardware. + +Unfortunately the dev_err() call for a bad offset value does not +supply the arguments to match the format specifiers properly. +Fix this. + +There was also supposed to be a check to ensure the size to be +programmed fits in the field that holds it. Add this missing check. + +Rearrange the way we ensure the header table fits in overall IPA +memory range. + +Finally, update ipa_cmd_table_valid() so the format of messages +printed for errors matches what's done in ipa_cmd_header_valid(). + +Signed-off-by: Alex Elder +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ipa/ipa_cmd.c | 50 ++++++++++++++++++++++++++------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/drivers/net/ipa/ipa_cmd.c b/drivers/net/ipa/ipa_cmd.c +index 46d8b7336d8f..a47378b7d9b2 100644 +--- a/drivers/net/ipa/ipa_cmd.c ++++ b/drivers/net/ipa/ipa_cmd.c +@@ -175,21 +175,23 @@ bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, + : field_max(IP_FLTRT_FLAGS_NHASH_ADDR_FMASK); + if (mem->offset > offset_max || + ipa->mem_offset > offset_max - mem->offset) { +- dev_err(dev, "IPv%c %s%s table region offset too large " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipv6 ? '6' : '4', hashed ? "hashed " : "", +- route ? "route" : "filter", +- ipa->mem_offset, mem->offset, offset_max); ++ dev_err(dev, "IPv%c %s%s table region offset too large\n", ++ ipv6 ? '6' : '4', hashed ? "hashed " : "", ++ route ? "route" : "filter"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ ipa->mem_offset, mem->offset, offset_max); ++ + return false; + } + + if (mem->offset > ipa->mem_size || + mem->size > ipa->mem_size - mem->offset) { +- dev_err(dev, "IPv%c %s%s table region out of range " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipv6 ? '6' : '4', hashed ? "hashed " : "", +- route ? "route" : "filter", +- mem->offset, mem->size, ipa->mem_size); ++ dev_err(dev, "IPv%c %s%s table region out of range\n", ++ ipv6 ? '6' : '4', hashed ? "hashed " : "", ++ route ? "route" : "filter"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ mem->offset, mem->size, ipa->mem_size); ++ + return false; + } + +@@ -205,22 +207,36 @@ static bool ipa_cmd_header_valid(struct ipa *ipa) + u32 size_max; + u32 size; + ++ /* In ipa_cmd_hdr_init_local_add() we record the offset and size ++ * of the header table memory area. Make sure the offset and size ++ * fit in the fields that need to hold them, and that the entire ++ * range is within the overall IPA memory range. ++ */ + offset_max = field_max(HDR_INIT_LOCAL_FLAGS_HDR_ADDR_FMASK); + if (mem->offset > offset_max || + ipa->mem_offset > offset_max - mem->offset) { +- dev_err(dev, "header table region offset too large " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipa->mem_offset + mem->offset, offset_max); ++ dev_err(dev, "header table region offset too large\n"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ ipa->mem_offset, mem->offset, offset_max); ++ + return false; + } + + size_max = field_max(HDR_INIT_LOCAL_FLAGS_TABLE_SIZE_FMASK); + size = ipa->mem[IPA_MEM_MODEM_HEADER].size; + size += ipa->mem[IPA_MEM_AP_HEADER].size; +- if (mem->offset > ipa->mem_size || size > ipa->mem_size - mem->offset) { +- dev_err(dev, "header table region out of range " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- mem->offset, size, ipa->mem_size); ++ ++ if (size > size_max) { ++ dev_err(dev, "header table region size too large\n"); ++ dev_err(dev, " (0x%04x > 0x%08x)\n", size, size_max); ++ ++ return false; ++ } ++ if (size > ipa->mem_size || mem->offset > ipa->mem_size - size) { ++ dev_err(dev, "header table region out of range\n"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ mem->offset, size, ipa->mem_size); ++ + return false; + } + +-- +2.30.2 + diff --git a/queue-5.10/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch b/queue-5.10/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch new file mode 100644 index 00000000000..ca7107d3fa6 --- /dev/null +++ b/queue-5.10/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch @@ -0,0 +1,40 @@ +From 59fda8a440b070f63ee5f12c66ef1e734908edfd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Jan 2021 13:29:14 +0200 +Subject: net/mlx5e: Enforce minimum value check for ICOSQ size + +From: Tariq Toukan + +[ Upstream commit 5115daa675ccf70497fe56e8916cf738d8212c10 ] + +The ICOSQ size should not go below MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE. +Enforce this where it's missing. + +Signed-off-by: Tariq Toukan +Reviewed-by: Maxim Mikityanskiy +Reviewed-by: Saeed Mahameed +Signed-off-by: Saeed Mahameed +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +index e2006c6053c9..9a12df43becc 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +@@ -2326,8 +2326,9 @@ static u8 mlx5e_build_icosq_log_wq_sz(struct mlx5e_params *params, + { + switch (params->rq_wq_type) { + case MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ: +- return order_base_2(MLX5E_UMR_WQEBBS) + +- mlx5e_get_rq_log_wq_sz(rqp->rqc); ++ return max_t(u8, MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE, ++ order_base_2(MLX5E_UMR_WQEBBS) + ++ mlx5e_get_rq_log_wq_sz(rqp->rqc)); + default: /* MLX5_WQ_TYPE_CYCLIC */ + return MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE; + } +-- +2.30.2 + diff --git a/queue-5.10/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch b/queue-5.10/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch new file mode 100644 index 00000000000..1719594ccc8 --- /dev/null +++ b/queue-5.10/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch @@ -0,0 +1,42 @@ +From 3b7987ec9ce3043d55592453b6d5a64142653ef8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 11:10:46 +0300 +Subject: net: pxa168_eth: Fix a potential data race in pxa168_eth_remove + +From: Pavel Andrianov + +[ Upstream commit 0571a753cb07982cc82f4a5115e0b321da89e1f3 ] + +pxa168_eth_remove() firstly calls unregister_netdev(), +then cancels a timeout work. unregister_netdev() shuts down a device +interface and removes it from the kernel tables. If the timeout occurs +in parallel, the timeout work (pxa168_eth_tx_timeout_task) performs stop +and open of the device. It may lead to an inconsistent state and memory +leaks. + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Pavel Andrianov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/marvell/pxa168_eth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/pxa168_eth.c b/drivers/net/ethernet/marvell/pxa168_eth.c +index d1e4d42e497d..3712e1786091 100644 +--- a/drivers/net/ethernet/marvell/pxa168_eth.c ++++ b/drivers/net/ethernet/marvell/pxa168_eth.c +@@ -1544,8 +1544,8 @@ static int pxa168_eth_remove(struct platform_device *pdev) + clk_disable_unprepare(pep->clk); + mdiobus_unregister(pep->smi_bus); + mdiobus_free(pep->smi_bus); +- unregister_netdev(dev); + cancel_work_sync(&pep->tx_timeout_task); ++ unregister_netdev(dev); + free_netdev(dev); + return 0; + } +-- +2.30.2 + diff --git a/queue-5.10/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch b/queue-5.10/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch new file mode 100644 index 00000000000..0df055fb152 --- /dev/null +++ b/queue-5.10/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch @@ -0,0 +1,36 @@ +From 647065d4d6e4366f74e7554bd00367a7bc7a31c4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Mar 2021 04:10:50 -0500 +Subject: netfilter: conntrack: Fix gre tunneling over ipv6 + +From: Ludovic Senecaux + +[ Upstream commit 8b2030b4305951f44afef80225f1475618e25a73 ] + +This fix permits gre connections to be tracked within ip6tables rules + +Signed-off-by: Ludovic Senecaux +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nf_conntrack_proto_gre.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c +index 5b05487a60d2..db11e403d818 100644 +--- a/net/netfilter/nf_conntrack_proto_gre.c ++++ b/net/netfilter/nf_conntrack_proto_gre.c +@@ -218,9 +218,6 @@ int nf_conntrack_gre_packet(struct nf_conn *ct, + enum ip_conntrack_info ctinfo, + const struct nf_hook_state *state) + { +- if (state->pf != NFPROTO_IPV4) +- return -NF_ACCEPT; +- + if (!nf_ct_is_confirmed(ct)) { + unsigned int *timeouts = nf_ct_timeout_lookup(ct); + +-- +2.30.2 + diff --git a/queue-5.10/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch b/queue-5.10/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch new file mode 100644 index 00000000000..92bf31db469 --- /dev/null +++ b/queue-5.10/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch @@ -0,0 +1,36 @@ +From 86599967d855b0c2e4e09b60ca46c196650ce52a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Mar 2021 21:19:57 +0100 +Subject: netfilter: nftables: skip hook overlap logic if flowtable is stale + +From: Pablo Neira Ayuso + +[ Upstream commit 86fe2c19eec4728fd9a42ba18f3b47f0d5f9fd7c ] + +If the flowtable has been previously removed in this batch, skip the +hook overlap checks. This fixes spurious EEXIST errors when removing and +adding the flowtable in the same batch. + +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nf_tables_api.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 978a968d7aed..2e76935db2c8 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -6573,6 +6573,9 @@ static int nft_register_flowtable_net_hooks(struct net *net, + + list_for_each_entry(hook, hook_list, list) { + list_for_each_entry(ft, &table->flowtables, list) { ++ if (!nft_is_active_next(net, ft)) ++ continue; ++ + list_for_each_entry(hook2, &ft->hook_list, list) { + if (hook->ops.dev == hook2->ops.dev && + hook->ops.pf == hook2->ops.pf) { +-- +2.30.2 + diff --git a/queue-5.10/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch b/queue-5.10/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch new file mode 100644 index 00000000000..87a47b21096 --- /dev/null +++ b/queue-5.10/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch @@ -0,0 +1,44 @@ +From 3d6f1624120e9aa44dee6860dbb12ee6cb33c79f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Feb 2021 15:15:59 +0100 +Subject: platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 + +From: Alban Bedel + +[ Upstream commit 56678a5f44ef5f0ad9a67194bbee2280c6286534 ] + +Like a few other system the Lenovo ThinkPad X1 Tablet Gen 2 miss the +HEBC method, which prevent the power button from working. Add a quirk +to enable the button array on this system family and fix the power +button. + +Signed-off-by: Alban Bedel +Tested-by: Alexander Kobel +Link: https://lore.kernel.org/r/20210222141559.3775-1-albeu@free.fr +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel-hid.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c +index 86261970bd8f..8a0cd5bf0065 100644 +--- a/drivers/platform/x86/intel-hid.c ++++ b/drivers/platform/x86/intel-hid.c +@@ -86,6 +86,13 @@ static const struct dmi_system_id button_array_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "HP Spectre x2 Detachable"), + }, + }, ++ { ++ .ident = "Lenovo ThinkPad X1 Tablet Gen 2", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_FAMILY, "ThinkPad X1 Tablet Gen 2"), ++ }, ++ }, + { } + }; + +-- +2.30.2 + diff --git a/queue-5.10/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch b/queue-5.10/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch new file mode 100644 index 00000000000..e7f76b174e0 --- /dev/null +++ b/queue-5.10/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch @@ -0,0 +1,112 @@ +From 887da9851beecd76d1ba3fd34fe0b1631c563f8d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 13:18:44 -0700 +Subject: platform/x86: intel_pmc_core: Ignore GBE LTR on Tiger Lake platforms + +From: David E. Box + +[ Upstream commit d1635448f1105e549b4041aab930dbc6945fc635 ] + +Due to a HW limitation, the Latency Tolerance Reporting (LTR) value +programmed in the Tiger Lake GBE controller is not large enough to allow +the platform to enter Package C10, which in turn prevents the platform from +achieving its low power target during suspend-to-idle. Ignore the GBE LTR +value on Tiger Lake. LTR ignore functionality is currently performed solely +by a debugfs write call. Split out the LTR code into its own function that +can be called by both the debugfs writer and by this work around. + +Signed-off-by: David E. Box +Reviewed-by: Sasha Neftin +Cc: intel-wired-lan@lists.osuosl.org +Reviewed-by: Rajneesh Bhardwaj +Link: https://lore.kernel.org/r/20210319201844.3305399-2-david.e.box@linux.intel.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel_pmc_core.c | 50 +++++++++++++++++++-------- + 1 file changed, 35 insertions(+), 15 deletions(-) + +diff --git a/drivers/platform/x86/intel_pmc_core.c b/drivers/platform/x86/intel_pmc_core.c +index 3e5fe66333f1..e06b36e87a33 100644 +--- a/drivers/platform/x86/intel_pmc_core.c ++++ b/drivers/platform/x86/intel_pmc_core.c +@@ -863,34 +863,45 @@ static int pmc_core_pll_show(struct seq_file *s, void *unused) + } + DEFINE_SHOW_ATTRIBUTE(pmc_core_pll); + +-static ssize_t pmc_core_ltr_ignore_write(struct file *file, +- const char __user *userbuf, +- size_t count, loff_t *ppos) ++static int pmc_core_send_ltr_ignore(u32 value) + { + struct pmc_dev *pmcdev = &pmc; + const struct pmc_reg_map *map = pmcdev->map; +- u32 val, buf_size, fd; +- int err; +- +- buf_size = count < 64 ? count : 64; +- +- err = kstrtou32_from_user(userbuf, buf_size, 10, &val); +- if (err) +- return err; ++ u32 reg; ++ int err = 0; + + mutex_lock(&pmcdev->lock); + +- if (val > map->ltr_ignore_max) { ++ if (value > map->ltr_ignore_max) { + err = -EINVAL; + goto out_unlock; + } + +- fd = pmc_core_reg_read(pmcdev, map->ltr_ignore_offset); +- fd |= (1U << val); +- pmc_core_reg_write(pmcdev, map->ltr_ignore_offset, fd); ++ reg = pmc_core_reg_read(pmcdev, map->ltr_ignore_offset); ++ reg |= BIT(value); ++ pmc_core_reg_write(pmcdev, map->ltr_ignore_offset, reg); + + out_unlock: + mutex_unlock(&pmcdev->lock); ++ ++ return err; ++} ++ ++static ssize_t pmc_core_ltr_ignore_write(struct file *file, ++ const char __user *userbuf, ++ size_t count, loff_t *ppos) ++{ ++ u32 buf_size, value; ++ int err; ++ ++ buf_size = min_t(u32, count, 64); ++ ++ err = kstrtou32_from_user(userbuf, buf_size, 10, &value); ++ if (err) ++ return err; ++ ++ err = pmc_core_send_ltr_ignore(value); ++ + return err == 0 ? count : err; + } + +@@ -1244,6 +1255,15 @@ static int pmc_core_probe(struct platform_device *pdev) + pmcdev->pmc_xram_read_bit = pmc_core_check_read_lock_bit(); + dmi_check_system(pmc_core_dmi_table); + ++ /* ++ * On TGL, due to a hardware limitation, the GBE LTR blocks PC10 when ++ * a cable is attached. Tell the PMC to ignore it. ++ */ ++ if (pmcdev->map == &tgl_reg_map) { ++ dev_dbg(&pdev->dev, "ignoring GBE LTR\n"); ++ pmc_core_send_ltr_ignore(3); ++ } ++ + pmc_core_dbgfs_register(pmcdev); + + device_initialized = true; +-- +2.30.2 + diff --git a/queue-5.10/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch b/queue-5.10/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch new file mode 100644 index 00000000000..4e70133a22b --- /dev/null +++ b/queue-5.10/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch @@ -0,0 +1,72 @@ +From 4cc1c6d70ba8a9c724227e9f1f12ae959300d75f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Mar 2021 20:58:24 +0100 +Subject: platform/x86: thinkpad_acpi: Allow the FnLock LED to change state + +From: Esteve Varela Colominas + +[ Upstream commit 3d677f12ea3a2097a16ded570623567403dea959 ] + +On many recent ThinkPad laptops, there's a new LED next to the ESC key, +that indicates the FnLock status. +When the Fn+ESC combo is pressed, FnLock is toggled, which causes the +Media Key functionality to change, making it so that the media keys +either perform their media key function, or function as an F-key by +default. The Fn key can be used the access the alternate function at any +time. + +With the current linux kernel, the LED doens't change state if you press +the Fn+ESC key combo. However, the media key functionality *does* +change. This is annoying, since the LED will stay on if it was on during +bootup, and it makes it hard to keep track what the current state of the +FnLock is. + +This patch calls an ACPI function, that gets the current media key +state, when the Fn+ESC key combo is pressed. Through testing it was +discovered that this function causes the LED to update correctly to +reflect the current state when this function is called. + +The relevant ACPI calls are the following: +\_SB_.PCI0.LPC0.EC0_.HKEY.GMKS: Get media key state, returns 0x603 if the FnLock mode is enabled, and 0x602 if it's disabled. +\_SB_.PCI0.LPC0.EC0_.HKEY.SMKS: Set media key state, sending a 1 will enable FnLock mode, and a 0 will disable it. + +Relevant discussion: +https://bugzilla.kernel.org/show_bug.cgi?id=207841 +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1881015 + +Signed-off-by: Esteve Varela Colominas +Link: https://lore.kernel.org/r/20210315195823.23212-1-esteve.varela@gmail.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/thinkpad_acpi.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index 69402758b99c..3b0acaeb20cf 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -4079,13 +4079,19 @@ static bool hotkey_notify_6xxx(const u32 hkey, + + case TP_HKEY_EV_KEY_NUMLOCK: + case TP_HKEY_EV_KEY_FN: +- case TP_HKEY_EV_KEY_FN_ESC: + /* key press events, we just ignore them as long as the EC + * is still reporting them in the normal keyboard stream */ + *send_acpi_ev = false; + *ignore_acpi_ev = true; + return true; + ++ case TP_HKEY_EV_KEY_FN_ESC: ++ /* Get the media key status to foce the status LED to update */ ++ acpi_evalf(hkey_handle, NULL, "GMKS", "v"); ++ *send_acpi_ev = false; ++ *ignore_acpi_ev = true; ++ return true; ++ + case TP_HKEY_EV_TABLET_CHANGED: + tpacpi_input_send_tabletsw(); + hotkey_tablet_mode_notify_change(); +-- +2.30.2 + diff --git a/queue-5.10/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch b/queue-5.10/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch new file mode 100644 index 00000000000..b290a7360f9 --- /dev/null +++ b/queue-5.10/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch @@ -0,0 +1,54 @@ +From 3d577212f65b5b354f372b3298ff59010d916bf3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 16:02:29 +0800 +Subject: ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation + +From: Yangbo Lu + +[ Upstream commit f51d7bf1dbe5522c51c93fe8faa5f4abbdf339cd ] + +Current calculation for diff of TMR_ADD register value may have +64-bit overflow in this code line, when long type scaled_ppm is +large. + +adj *= scaled_ppm; + +This patch is to resolve it by using mul_u64_u64_div_u64(). + +Signed-off-by: Yangbo Lu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/ptp/ptp_qoriq.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/drivers/ptp/ptp_qoriq.c b/drivers/ptp/ptp_qoriq.c +index beb5f74944cd..08f4cf0ad9e3 100644 +--- a/drivers/ptp/ptp_qoriq.c ++++ b/drivers/ptp/ptp_qoriq.c +@@ -189,15 +189,16 @@ int ptp_qoriq_adjfine(struct ptp_clock_info *ptp, long scaled_ppm) + tmr_add = ptp_qoriq->tmr_add; + adj = tmr_add; + +- /* calculate diff as adj*(scaled_ppm/65536)/1000000 +- * and round() to the nearest integer ++ /* ++ * Calculate diff and round() to the nearest integer ++ * ++ * diff = adj * (ppb / 1000000000) ++ * = adj * scaled_ppm / 65536000000 + */ +- adj *= scaled_ppm; +- diff = div_u64(adj, 8000000); +- diff = (diff >> 13) + ((diff >> 12) & 1); ++ diff = mul_u64_u64_div_u64(adj, scaled_ppm, 32768000000); ++ diff = DIV64_U64_ROUND_UP(diff, 2); + + tmr_add = neg_adj ? tmr_add - diff : tmr_add + diff; +- + ptp_qoriq->write(®s->ctrl_regs->tmr_add, tmr_add); + + return 0; +-- +2.30.2 + diff --git a/queue-5.10/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch b/queue-5.10/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch new file mode 100644 index 00000000000..48d81cf8e01 --- /dev/null +++ b/queue-5.10/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch @@ -0,0 +1,44 @@ +From 5443166d55682c5adc6642a8a2d81d9837f91683 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 22:24:31 +0100 +Subject: scsi: target: pscsi: Clean up after failure in pscsi_map_sg() + +From: Martin Wilck + +[ Upstream commit 36fa766faa0c822c860e636fe82b1affcd022974 ] + +If pscsi_map_sg() fails, make sure to drop references to already allocated +bios. + +Link: https://lore.kernel.org/r/20210323212431.15306-2-mwilck@suse.com +Reviewed-by: Christoph Hellwig +Reviewed-by: Lee Duncan +Signed-off-by: Martin Wilck +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_pscsi.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c +index 4e37fa9b409d..723a51a3f431 100644 +--- a/drivers/target/target_core_pscsi.c ++++ b/drivers/target/target_core_pscsi.c +@@ -939,6 +939,14 @@ pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, + + return 0; + fail: ++ if (bio) ++ bio_put(bio); ++ while (req->bio) { ++ bio = req->bio; ++ req->bio = bio->bi_next; ++ bio_put(bio); ++ } ++ req->biotail = NULL; + return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; + } + +-- +2.30.2 + diff --git a/queue-5.10/selftests-vm-fix-out-of-tree-build.patch b/queue-5.10/selftests-vm-fix-out-of-tree-build.patch new file mode 100644 index 00000000000..ece74533a77 --- /dev/null +++ b/queue-5.10/selftests-vm-fix-out-of-tree-build.patch @@ -0,0 +1,49 @@ +From 21647cd7974a3eab268d4c4f94b230cd75ed00a6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:26 -0700 +Subject: selftests/vm: fix out-of-tree build + +From: Rong Chen + +[ Upstream commit 19ec368cbc7ee1915e78c120b7a49c7f14734192 ] + +When building out-of-tree, attempting to make target from $(OUTPUT) directory: + + make[1]: *** No rule to make target '$(OUTPUT)/protection_keys.c', needed by '$(OUTPUT)/protection_keys_32'. + +Link: https://lkml.kernel.org/r/20210315094700.522753-1-rong.a.chen@intel.com +Signed-off-by: Rong Chen +Reported-by: kernel test robot +Cc: Shuah Khan +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/vm/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile +index e63f31632708..2cf32e6b376e 100644 +--- a/tools/testing/selftests/vm/Makefile ++++ b/tools/testing/selftests/vm/Makefile +@@ -99,7 +99,7 @@ endef + ifeq ($(CAN_BUILD_I386),1) + $(BINARIES_32): CFLAGS += -m32 + $(BINARIES_32): LDLIBS += -lrt -ldl -lm +-$(BINARIES_32): %_32: %.c ++$(BINARIES_32): $(OUTPUT)/%_32: %.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ + $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-32,$(t)))) + endif +@@ -107,7 +107,7 @@ endif + ifeq ($(CAN_BUILD_X86_64),1) + $(BINARIES_64): CFLAGS += -m64 + $(BINARIES_64): LDLIBS += -lrt -ldl +-$(BINARIES_64): %_64: %.c ++$(BINARIES_64): $(OUTPUT)/%_64: %.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ + $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-64,$(t)))) + endif +-- +2.30.2 + diff --git a/queue-5.10/series b/queue-5.10/series new file mode 100644 index 00000000000..719f3ef37cc --- /dev/null +++ b/queue-5.10/series @@ -0,0 +1,31 @@ +arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch +bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch +platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch +bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch +net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch +net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch +kunit-tool-fix-a-python-tuple-typing-error.patch +misdn-fix-crash-in-fritzpci.patch +mac80211-check-crypto_aead_encrypt-for-errors.patch +mac80211-choose-first-enabled-channel-for-monitor.patch +drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch +drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch +drm-msm-ratelimit-invalid-fence-message.patch +netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch +netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch +net-ipa-fix-init-header-command-validation.patch +platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch +kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch +drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch +x86-build-turn-off-fcf-protection-for-realmode-targe.patch +block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch +platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch +ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch +scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch +selftests-vm-fix-out-of-tree-build.patch +ia64-mca-allocate-early-mca-with-gfp_atomic.patch +ia64-fix-format-strings-for-err_inject.patch +cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch +cifs-silently-ignore-unknown-oplock-break-handle.patch +io_uring-fix-timeout-cancel-return-code.patch +math-export-mul_u64_u64_div_u64.patch diff --git a/queue-5.10/x86-build-turn-off-fcf-protection-for-realmode-targe.patch b/queue-5.10/x86-build-turn-off-fcf-protection-for-realmode-targe.patch new file mode 100644 index 00000000000..39a8b3b92f6 --- /dev/null +++ b/queue-5.10/x86-build-turn-off-fcf-protection-for-realmode-targe.patch @@ -0,0 +1,43 @@ +From 58530088f094119387f717632210b472cfcd38b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 13:48:36 +0100 +Subject: x86/build: Turn off -fcf-protection for realmode targets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Arnd Bergmann + +[ Upstream commit 9fcb51c14da2953de585c5c6e50697b8a6e91a7b ] + +The new Ubuntu GCC packages turn on -fcf-protection globally, +which causes a build failure in the x86 realmode code: + + cc1: error: ‘-fcf-protection’ is not compatible with this target + +Turn it off explicitly on compilers that understand this option. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/20210323124846.1584944-1-arnd@kernel.org +Signed-off-by: Sasha Levin +--- + arch/x86/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index 0a6d497221e4..9c86f2dc16b1 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -34,7 +34,7 @@ M16_CFLAGS := $(call cc-option, -m16, $(CODE16GCC_CFLAGS)) + REALMODE_CFLAGS := $(M16_CFLAGS) -g -Os -DDISABLE_BRANCH_PROFILING \ + -Wall -Wstrict-prototypes -march=i386 -mregparm=3 \ + -fno-strict-aliasing -fomit-frame-pointer -fno-pic \ +- -mno-mmx -mno-sse ++ -mno-mmx -mno-sse $(call cc-option,-fcf-protection=none) + + REALMODE_CFLAGS += -ffreestanding + REALMODE_CFLAGS += -fno-stack-protector +-- +2.30.2 +