From: Greg Kroah-Hartman Date: Sun, 8 Sep 2024 11:27:03 +0000 (+0200) Subject: 6.10-stable patches X-Git-Tag: v4.19.322~110 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=58d0d9eedad69797995e04aec101f0e9dae4dfc9;p=thirdparty%2Fkernel%2Fstable-queue.git 6.10-stable patches added patches: nvme-pci-add-sleep-quirk-for-samsung-990-evo.patch revert-bluetooth-mgmt-smp-fix-address-type-when-using-smp-over-bredr-le.patch rust-macros-provide-correct-provenance-when-constructing-this_module.patch --- diff --git a/queue-6.10/nvme-pci-add-sleep-quirk-for-samsung-990-evo.patch b/queue-6.10/nvme-pci-add-sleep-quirk-for-samsung-990-evo.patch new file mode 100644 index 00000000000..7e8851be85a --- /dev/null +++ b/queue-6.10/nvme-pci-add-sleep-quirk-for-samsung-990-evo.patch @@ -0,0 +1,44 @@ +From 61aa894e7a2fda4ee026523b01d07e83ce2abb72 Mon Sep 17 00:00:00 2001 +From: Georg Gottleuber +Date: Tue, 27 Aug 2024 12:41:33 +0200 +Subject: nvme-pci: Add sleep quirk for Samsung 990 Evo + +From: Georg Gottleuber + +commit 61aa894e7a2fda4ee026523b01d07e83ce2abb72 upstream. + +On some TUXEDO platforms, a Samsung 990 Evo NVMe leads to a high +power consumption in s2idle sleep (2-3 watts). + +This patch applies 'Force No Simple Suspend' quirk to achieve a +sleep with a lower power consumption, typically around 0.5 watts. + +Signed-off-by: Georg Gottleuber +Signed-off-by: Werner Sembach +Cc: +Signed-off-by: Keith Busch +Signed-off-by: Greg Kroah-Hartman +--- + drivers/nvme/host/pci.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +--- a/drivers/nvme/host/pci.c ++++ b/drivers/nvme/host/pci.c +@@ -2931,6 +2931,17 @@ static unsigned long check_vendor_combin + dmi_match(DMI_BOARD_NAME, "NS5x_7xPU") || + dmi_match(DMI_BOARD_NAME, "PH4PRX1_PH6PRX1")) + return NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND; ++ } else if (pdev->vendor == 0x144d && pdev->device == 0xa80d) { ++ /* ++ * Exclude Samsung 990 Evo from NVME_QUIRK_SIMPLE_SUSPEND ++ * because of high power consumption (> 2 Watt) in s2idle ++ * sleep. Only some boards with Intel CPU are affected. ++ */ ++ if (dmi_match(DMI_BOARD_NAME, "GMxPXxx") || ++ dmi_match(DMI_BOARD_NAME, "PH4PG31") || ++ dmi_match(DMI_BOARD_NAME, "PH4PRX1_PH6PRX1") || ++ dmi_match(DMI_BOARD_NAME, "PH6PG01_PH6PG71")) ++ return NVME_QUIRK_FORCE_NO_SIMPLE_SUSPEND; + } + + /* diff --git a/queue-6.10/revert-bluetooth-mgmt-smp-fix-address-type-when-using-smp-over-bredr-le.patch b/queue-6.10/revert-bluetooth-mgmt-smp-fix-address-type-when-using-smp-over-bredr-le.patch new file mode 100644 index 00000000000..ae91542c973 --- /dev/null +++ b/queue-6.10/revert-bluetooth-mgmt-smp-fix-address-type-when-using-smp-over-bredr-le.patch @@ -0,0 +1,218 @@ +From 532f8bcd1c2c4e8112f62e1922fd1703bc0ffce0 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Tue, 27 Aug 2024 14:37:22 -0400 +Subject: Revert "Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE" + +From: Luiz Augusto von Dentz + +commit 532f8bcd1c2c4e8112f62e1922fd1703bc0ffce0 upstream. + +This reverts commit 59b047bc98084f8af2c41483e4d68a5adf2fa7f7 which +breaks compatibility with commands like: + +bluetoothd[46328]: @ MGMT Command: Load.. (0x0013) plen 74 {0x0001} [hci0] + Keys: 2 + BR/EDR Address: C0:DC:DA:A5:E5:47 (Samsung Electronics Co.,Ltd) + Key type: Authenticated key from P-256 (0x03) + Central: 0x00 + Encryption size: 16 + Diversifier[2]: 0000 + Randomizer[8]: 0000000000000000 + Key[16]: 6ed96089bd9765be2f2c971b0b95f624 + LE Address: D7:2A:DE:1E:73:A2 (Static) + Key type: Unauthenticated key from P-256 (0x02) + Central: 0x00 + Encryption size: 16 + Diversifier[2]: 0000 + Randomizer[8]: 0000000000000000 + Key[16]: 87dd2546ededda380ffcdc0a8faa4597 +@ MGMT Event: Command Status (0x0002) plen 3 {0x0001} [hci0] + Load Long Term Keys (0x0013) + Status: Invalid Parameters (0x0d) + +Cc: stable@vger.kernel.org +Link: https://github.com/bluez/bluez/issues/875 +Fixes: 59b047bc9808 ("Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE") +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Greg Kroah-Hartman +--- + include/net/bluetooth/hci_core.h | 5 ----- + net/bluetooth/mgmt.c | 25 +++++++------------------ + net/bluetooth/smp.c | 7 ------- + 3 files changed, 7 insertions(+), 30 deletions(-) + +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -186,7 +186,6 @@ struct blocked_key { + struct smp_csrk { + bdaddr_t bdaddr; + u8 bdaddr_type; +- u8 link_type; + u8 type; + u8 val[16]; + }; +@@ -196,7 +195,6 @@ struct smp_ltk { + struct rcu_head rcu; + bdaddr_t bdaddr; + u8 bdaddr_type; +- u8 link_type; + u8 authenticated; + u8 type; + u8 enc_size; +@@ -211,7 +209,6 @@ struct smp_irk { + bdaddr_t rpa; + bdaddr_t bdaddr; + u8 addr_type; +- u8 link_type; + u8 val[16]; + }; + +@@ -219,8 +216,6 @@ struct link_key { + struct list_head list; + struct rcu_head rcu; + bdaddr_t bdaddr; +- u8 bdaddr_type; +- u8 link_type; + u8 type; + u8 val[HCI_LINK_KEY_SIZE]; + u8 pin_len; +--- a/net/bluetooth/mgmt.c ++++ b/net/bluetooth/mgmt.c +@@ -2834,8 +2834,7 @@ static int load_link_keys(struct sock *s + for (i = 0; i < key_count; i++) { + struct mgmt_link_key_info *key = &cp->keys[i]; + +- /* Considering SMP over BREDR/LE, there is no need to check addr_type */ +- if (key->type > 0x08) ++ if (key->addr.type != BDADDR_BREDR || key->type > 0x08) + return mgmt_cmd_status(sk, hdev->id, + MGMT_OP_LOAD_LINK_KEYS, + MGMT_STATUS_INVALID_PARAMS); +@@ -7073,7 +7072,6 @@ static int load_irks(struct sock *sk, st + + for (i = 0; i < irk_count; i++) { + struct mgmt_irk_info *irk = &cp->irks[i]; +- u8 addr_type = le_addr_type(irk->addr.type); + + if (hci_is_blocked_key(hdev, + HCI_BLOCKED_KEY_TYPE_IRK, +@@ -7083,12 +7081,8 @@ static int load_irks(struct sock *sk, st + continue; + } + +- /* When using SMP over BR/EDR, the addr type should be set to BREDR */ +- if (irk->addr.type == BDADDR_BREDR) +- addr_type = BDADDR_BREDR; +- + hci_add_irk(hdev, &irk->addr.bdaddr, +- addr_type, irk->val, ++ le_addr_type(irk->addr.type), irk->val, + BDADDR_ANY); + } + +@@ -7169,7 +7163,6 @@ static int load_long_term_keys(struct so + for (i = 0; i < key_count; i++) { + struct mgmt_ltk_info *key = &cp->keys[i]; + u8 type, authenticated; +- u8 addr_type = le_addr_type(key->addr.type); + + if (hci_is_blocked_key(hdev, + HCI_BLOCKED_KEY_TYPE_LTK, +@@ -7204,12 +7197,8 @@ static int load_long_term_keys(struct so + continue; + } + +- /* When using SMP over BR/EDR, the addr type should be set to BREDR */ +- if (key->addr.type == BDADDR_BREDR) +- addr_type = BDADDR_BREDR; +- + hci_add_ltk(hdev, &key->addr.bdaddr, +- addr_type, type, authenticated, ++ le_addr_type(key->addr.type), type, authenticated, + key->val, key->enc_size, key->ediv, key->rand); + } + +@@ -9457,7 +9446,7 @@ void mgmt_new_link_key(struct hci_dev *h + + ev.store_hint = persistent; + bacpy(&ev.key.addr.bdaddr, &key->bdaddr); +- ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type); ++ ev.key.addr.type = BDADDR_BREDR; + ev.key.type = key->type; + memcpy(ev.key.val, key->val, HCI_LINK_KEY_SIZE); + ev.key.pin_len = key->pin_len; +@@ -9508,7 +9497,7 @@ void mgmt_new_ltk(struct hci_dev *hdev, + ev.store_hint = persistent; + + bacpy(&ev.key.addr.bdaddr, &key->bdaddr); +- ev.key.addr.type = link_to_bdaddr(key->link_type, key->bdaddr_type); ++ ev.key.addr.type = link_to_bdaddr(LE_LINK, key->bdaddr_type); + ev.key.type = mgmt_ltk_type(key); + ev.key.enc_size = key->enc_size; + ev.key.ediv = key->ediv; +@@ -9537,7 +9526,7 @@ void mgmt_new_irk(struct hci_dev *hdev, + + bacpy(&ev.rpa, &irk->rpa); + bacpy(&ev.irk.addr.bdaddr, &irk->bdaddr); +- ev.irk.addr.type = link_to_bdaddr(irk->link_type, irk->addr_type); ++ ev.irk.addr.type = link_to_bdaddr(LE_LINK, irk->addr_type); + memcpy(ev.irk.val, irk->val, sizeof(irk->val)); + + mgmt_event(MGMT_EV_NEW_IRK, hdev, &ev, sizeof(ev), NULL); +@@ -9566,7 +9555,7 @@ void mgmt_new_csrk(struct hci_dev *hdev, + ev.store_hint = persistent; + + bacpy(&ev.key.addr.bdaddr, &csrk->bdaddr); +- ev.key.addr.type = link_to_bdaddr(csrk->link_type, csrk->bdaddr_type); ++ ev.key.addr.type = link_to_bdaddr(LE_LINK, csrk->bdaddr_type); + ev.key.type = csrk->type; + memcpy(ev.key.val, csrk->val, sizeof(csrk->val)); + +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -1060,7 +1060,6 @@ static void smp_notify_keys(struct l2cap + } + + if (smp->remote_irk) { +- smp->remote_irk->link_type = hcon->type; + mgmt_new_irk(hdev, smp->remote_irk, persistent); + + /* Now that user space can be considered to know the +@@ -1080,28 +1079,24 @@ static void smp_notify_keys(struct l2cap + } + + if (smp->csrk) { +- smp->csrk->link_type = hcon->type; + smp->csrk->bdaddr_type = hcon->dst_type; + bacpy(&smp->csrk->bdaddr, &hcon->dst); + mgmt_new_csrk(hdev, smp->csrk, persistent); + } + + if (smp->responder_csrk) { +- smp->responder_csrk->link_type = hcon->type; + smp->responder_csrk->bdaddr_type = hcon->dst_type; + bacpy(&smp->responder_csrk->bdaddr, &hcon->dst); + mgmt_new_csrk(hdev, smp->responder_csrk, persistent); + } + + if (smp->ltk) { +- smp->ltk->link_type = hcon->type; + smp->ltk->bdaddr_type = hcon->dst_type; + bacpy(&smp->ltk->bdaddr, &hcon->dst); + mgmt_new_ltk(hdev, smp->ltk, persistent); + } + + if (smp->responder_ltk) { +- smp->responder_ltk->link_type = hcon->type; + smp->responder_ltk->bdaddr_type = hcon->dst_type; + bacpy(&smp->responder_ltk->bdaddr, &hcon->dst); + mgmt_new_ltk(hdev, smp->responder_ltk, persistent); +@@ -1121,8 +1116,6 @@ static void smp_notify_keys(struct l2cap + key = hci_add_link_key(hdev, smp->conn->hcon, &hcon->dst, + smp->link_key, type, 0, &persistent); + if (key) { +- key->link_type = hcon->type; +- key->bdaddr_type = hcon->dst_type; + mgmt_new_link_key(hdev, key, persistent); + + /* Don't keep debug keys around if the relevant diff --git a/queue-6.10/rust-macros-provide-correct-provenance-when-constructing-this_module.patch b/queue-6.10/rust-macros-provide-correct-provenance-when-constructing-this_module.patch new file mode 100644 index 00000000000..bbac8507e20 --- /dev/null +++ b/queue-6.10/rust-macros-provide-correct-provenance-when-constructing-this_module.patch @@ -0,0 +1,57 @@ +From a5a3c952e82c1ada12bf8c55b73af26f1a454bd2 Mon Sep 17 00:00:00 2001 +From: Boqun Feng +Date: Wed, 28 Aug 2024 11:01:29 -0700 +Subject: rust: macros: provide correct provenance when constructing THIS_MODULE + +From: Boqun Feng + +commit a5a3c952e82c1ada12bf8c55b73af26f1a454bd2 upstream. + +Currently while defining `THIS_MODULE` symbol in `module!()`, the +pointer used to construct `ThisModule` is derived from an immutable +reference of `__this_module`, which means the pointer doesn't have +the provenance for writing, and that means any write to that pointer +is UB regardless of data races or not. However, the usage of +`THIS_MODULE` includes passing this pointer to functions that may write +to it (probably in unsafe code), and this will create soundness issues. + +One way to fix this is using `addr_of_mut!()` but that requires the +unstable feature "const_mut_refs". So instead of `addr_of_mut()!`, +an extern static `Opaque` is used here: since `Opaque` is transparent +to `T`, an extern static `Opaque` will just wrap the C symbol (defined +in a C compile unit) in an `Opaque`, which provides a pointer with +writable provenance via `Opaque::get()`. This fix the potential UBs +because of pointer provenance unmatched. + +Reported-by: Alice Ryhl +Signed-off-by: Boqun Feng +Reviewed-by: Alice Ryhl +Reviewed-by: Trevor Gross +Reviewed-by: Benno Lossin +Reviewed-by: Gary Guo +Closes: https://rust-for-linux.zulipchat.com/#narrow/stream/x/topic/x/near/465412664 +Fixes: 1fbde52bde73 ("rust: add `macros` crate") +Cc: stable@vger.kernel.org # 6.6.x: be2ca1e03965: ("rust: types: Make Opaque::get const") +Link: https://lore.kernel.org/r/20240828180129.4046355-1-boqun.feng@gmail.com +[ Fixed two typos, reworded title. - Miguel ] +Signed-off-by: Miguel Ojeda +Signed-off-by: Greg Kroah-Hartman +--- + rust/macros/module.rs | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/rust/macros/module.rs ++++ b/rust/macros/module.rs +@@ -203,7 +203,11 @@ pub(crate) fn module(ts: TokenStream) -> + // freed until the module is unloaded. + #[cfg(MODULE)] + static THIS_MODULE: kernel::ThisModule = unsafe {{ +- kernel::ThisModule::from_ptr(&kernel::bindings::__this_module as *const _ as *mut _) ++ extern \"C\" {{ ++ static __this_module: kernel::types::Opaque; ++ }} ++ ++ kernel::ThisModule::from_ptr(__this_module.get()) + }}; + #[cfg(not(MODULE))] + static THIS_MODULE: kernel::ThisModule = unsafe {{ diff --git a/queue-6.10/series b/queue-6.10/series index 2735de4be81..c38bda9c997 100644 --- a/queue-6.10/series +++ b/queue-6.10/series @@ -25,3 +25,6 @@ irqchip-sifive-plic-probe-plic-driver-early-for-allwinner-d1-platform.patch x86-kaslr-expose-and-use-the-end-of-the-physical-memory-address-space.patch rtmutex-drop-rt_mutex-wait_lock-before-scheduling.patch irqchip-riscv-aplic-fix-an-is_err-vs-null-bug-in-probe.patch +nvme-pci-add-sleep-quirk-for-samsung-990-evo.patch +rust-macros-provide-correct-provenance-when-constructing-this_module.patch +revert-bluetooth-mgmt-smp-fix-address-type-when-using-smp-over-bredr-le.patch