From: Greg Kroah-Hartman Date: Sun, 7 May 2023 08:52:36 +0000 (+0200) Subject: 6.2-stable patches X-Git-Tag: v5.15.111~85 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6b53e34bf345a4df094907991a3a789c0599746b;p=thirdparty%2Fkernel%2Fstable-queue.git 6.2-stable patches added patches: alsa-hda-realtek-add-quirk-for-asus-um3402yar-using-cs35l41.patch alsa-hda-realtek-add-quirk-for-thinkpad-p1-gen-6.patch alsa-hda-realtek-fix-mute-and-micmute-leds-for-an-hp-laptop.patch alsa-hda-realtek-support-hp-pavilion-aero-13-be0xxx-mute-led.patch alsa-usb-audio-add-quirk-for-pioneer-ddj-800.patch drbd-correctly-submit-flush-bio-on-barrier.patch mm-do-not-reclaim-private-data-from-pinned-page.patch nilfs2-do-not-write-dirty-data-after-degenerating-to-read-only.patch nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch parisc-ensure-page-alignment-in-flush-functions.patch parisc-fix-argument-pointer-in-real64_call_asm.patch --- diff --git a/queue-6.2/alsa-hda-realtek-add-quirk-for-asus-um3402yar-using-cs35l41.patch b/queue-6.2/alsa-hda-realtek-add-quirk-for-asus-um3402yar-using-cs35l41.patch new file mode 100644 index 00000000000..2de0716db1b --- /dev/null +++ b/queue-6.2/alsa-hda-realtek-add-quirk-for-asus-um3402yar-using-cs35l41.patch @@ -0,0 +1,31 @@ +From 7e2d06628aab6324e1ac885910a52f4c038d4043 Mon Sep 17 00:00:00 2001 +From: Mark Asselstine +Date: Mon, 1 May 2023 19:13:46 -0400 +Subject: ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 + +From: Mark Asselstine + +commit 7e2d06628aab6324e1ac885910a52f4c038d4043 upstream. + +This Asus Zenbook laptop uses Realtek HDA codec combined with +2xCS35L41 Amplifiers using I2C with External Boost. + +Signed-off-by: Mark Asselstine +Cc: +Link: https://lore.kernel.org/r/20230501231346.54979-1-asselsm@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9500,6 +9500,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x1043, 0x1427, "Asus Zenbook UX31E", ALC269VB_FIXUP_ASUS_ZENBOOK), + SND_PCI_QUIRK(0x1043, 0x1517, "Asus Zenbook UX31A", ALC269VB_FIXUP_ASUS_ZENBOOK_UX31A), + SND_PCI_QUIRK(0x1043, 0x1662, "ASUS GV301QH", ALC294_FIXUP_ASUS_DUAL_SPK), ++ SND_PCI_QUIRK(0x1043, 0x1683, "ASUS UM3402YAR", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x1043, 0x16b2, "ASUS GU603", ALC289_FIXUP_ASUS_GA401), + SND_PCI_QUIRK(0x1043, 0x16e3, "ASUS UX50", ALC269_FIXUP_STEREO_DMIC), + SND_PCI_QUIRK(0x1043, 0x1740, "ASUS UX430UA", ALC295_FIXUP_ASUS_DACS), diff --git a/queue-6.2/alsa-hda-realtek-add-quirk-for-thinkpad-p1-gen-6.patch b/queue-6.2/alsa-hda-realtek-add-quirk-for-thinkpad-p1-gen-6.patch new file mode 100644 index 00000000000..a05667a4be4 --- /dev/null +++ b/queue-6.2/alsa-hda-realtek-add-quirk-for-thinkpad-p1-gen-6.patch @@ -0,0 +1,32 @@ +From 067eb084592819ad59d07afcb5de3e61cee2757c Mon Sep 17 00:00:00 2001 +From: Vitaly Rodionov +Date: Thu, 27 Apr 2023 12:04:52 +0100 +Subject: ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 + +From: Vitaly Rodionov + +commit 067eb084592819ad59d07afcb5de3e61cee2757c upstream. + +Lenovo ThinkPad P1 Gen 6 laptop has 2 CS35L41 amplifies +on I2C bus connected to Realtek codec. + +Signed-off-by: Vitaly Rodionov +Cc: +Link: https://lore.kernel.org/r/20230427110452.13787-1-vitalyr@opensource.cirrus.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9689,6 +9689,8 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x17aa, 0x22f1, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x17aa, 0x22f2, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x17aa, 0x22f3, "Thinkpad", ALC287_FIXUP_CS35L41_I2C_2), ++ SND_PCI_QUIRK(0x17aa, 0x2316, "Thinkpad P1 Gen 6", ALC287_FIXUP_CS35L41_I2C_2), ++ SND_PCI_QUIRK(0x17aa, 0x2317, "Thinkpad P1 Gen 6", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x17aa, 0x2318, "Thinkpad Z13 Gen2", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x17aa, 0x2319, "Thinkpad Z16 Gen2", ALC287_FIXUP_CS35L41_I2C_2), + SND_PCI_QUIRK(0x17aa, 0x231a, "Thinkpad Z16 Gen2", ALC287_FIXUP_CS35L41_I2C_2), diff --git a/queue-6.2/alsa-hda-realtek-fix-mute-and-micmute-leds-for-an-hp-laptop.patch b/queue-6.2/alsa-hda-realtek-fix-mute-and-micmute-leds-for-an-hp-laptop.patch new file mode 100644 index 00000000000..af47e819602 --- /dev/null +++ b/queue-6.2/alsa-hda-realtek-fix-mute-and-micmute-leds-for-an-hp-laptop.patch @@ -0,0 +1,31 @@ +From 56fc217f0db4fc78e02a1b8450df06389474a5e5 Mon Sep 17 00:00:00 2001 +From: Kai-Heng Feng +Date: Fri, 5 May 2023 14:59:23 +0200 +Subject: ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop + +From: Kai-Heng Feng + +commit 56fc217f0db4fc78e02a1b8450df06389474a5e5 upstream. + +There's another laptop that needs the fixup to enable mute and micmute +LEDs. So do it accordingly. + +Signed-off-by: Kai-Heng Feng +Cc: +Link: https://lore.kernel.org/r/20230505125925.543601-1-kai.heng.feng@canonical.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9479,6 +9479,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8b8d, "HP", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8b8f, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8b92, "HP", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), ++ SND_PCI_QUIRK(0x103c, 0x8b96, "HP", ALC236_FIXUP_HP_MUTE_LED_MICMUTE_VREF), + SND_PCI_QUIRK(0x103c, 0x8bf0, "HP", ALC236_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x1043, 0x103e, "ASUS X540SA", ALC256_FIXUP_ASUS_MIC), + SND_PCI_QUIRK(0x1043, 0x103f, "ASUS TX300", ALC282_FIXUP_ASUS_TX300), diff --git a/queue-6.2/alsa-hda-realtek-support-hp-pavilion-aero-13-be0xxx-mute-led.patch b/queue-6.2/alsa-hda-realtek-support-hp-pavilion-aero-13-be0xxx-mute-led.patch new file mode 100644 index 00000000000..f5aefd6033a --- /dev/null +++ b/queue-6.2/alsa-hda-realtek-support-hp-pavilion-aero-13-be0xxx-mute-led.patch @@ -0,0 +1,38 @@ +From e7477cb97607b373d175a759c8c0270a640ab3f2 Mon Sep 17 00:00:00 2001 +From: Caleb Harper +Date: Wed, 3 May 2023 12:50:26 -0500 +Subject: ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED + +From: Caleb Harper + +commit e7477cb97607b373d175a759c8c0270a640ab3f2 upstream. + +This patch adds support for the mute LED on the HP Pavilion Aero Laptop +13-be0xxx. The current behavior is that the LED does not turn on at any +time and does not indicate to the user whether the sound is muted. + +The solution is to add a PCI quirk to properly recognize and support the +LED on this device. + +This change has been tested on the device in question using modified +versions of kernels 6.0.7-6.2.12 on Arch Linux. + +Signed-off-by: Caleb Harper +Cc: +Link: https://lore.kernel.org/r/20230503175026.6796-1-calebharp2005@gmail.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9428,6 +9428,7 @@ static const struct snd_pci_quirk alc269 + SND_PCI_QUIRK(0x103c, 0x8898, "HP EliteBook 845 G8 Notebook PC", ALC285_FIXUP_HP_LIMIT_INT_MIC_BOOST), + SND_PCI_QUIRK(0x103c, 0x88d0, "HP Pavilion 15-eh1xxx (mainboard 88D0)", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8902, "HP OMEN 16", ALC285_FIXUP_HP_MUTE_LED), ++ SND_PCI_QUIRK(0x103c, 0x8919, "HP Pavilion Aero Laptop 13-be0xxx", ALC287_FIXUP_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x896d, "HP ZBook Firefly 16 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x896e, "HP EliteBook x360 830 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), + SND_PCI_QUIRK(0x103c, 0x8971, "HP EliteBook 830 G9", ALC245_FIXUP_CS35L41_SPI_2_HP_GPIO_LED), diff --git a/queue-6.2/alsa-usb-audio-add-quirk-for-pioneer-ddj-800.patch b/queue-6.2/alsa-usb-audio-add-quirk-for-pioneer-ddj-800.patch new file mode 100644 index 00000000000..29120d3556a --- /dev/null +++ b/queue-6.2/alsa-usb-audio-add-quirk-for-pioneer-ddj-800.patch @@ -0,0 +1,92 @@ +From 7501f472977df233d039d86c6981e0641708e1ca Mon Sep 17 00:00:00 2001 +From: Geraldo Nascimento +Date: Wed, 3 May 2023 18:02:06 -0300 +Subject: ALSA: usb-audio: Add quirk for Pioneer DDJ-800 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Geraldo Nascimento + +commit 7501f472977df233d039d86c6981e0641708e1ca upstream. + +One more Pioneer quirk, this time for DDJ-800, which is quite similar like +other DJ DDJ models but with slightly different EPs or channels. + +Signed-off-by: Geraldo Nascimento +Tested-by: Grégory Desor +Cc: +Link: https://lore.kernel.org/r/ZFLLzgEcsSF5aIHG@geday +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/quirks-table.h | 58 +++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 58 insertions(+) + +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -3884,6 +3884,64 @@ YAMAHA_DEVICE(0x7010, "UB99"), + } + }, + ++{ ++ /* ++ * PIONEER DJ DDJ-800 ++ * PCM is 6 channels out, 6 channels in @ 44.1 fixed ++ * The Feedback for the output is the input ++ */ ++ USB_DEVICE_VENDOR_SPEC(0x2b73, 0x0029), ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { ++ .ifnum = QUIRK_ANY_INTERFACE, ++ .type = QUIRK_COMPOSITE, ++ .data = (const struct snd_usb_audio_quirk[]) { ++ { ++ .ifnum = 0, ++ .type = QUIRK_AUDIO_FIXED_ENDPOINT, ++ .data = &(const struct audioformat) { ++ .formats = SNDRV_PCM_FMTBIT_S24_3LE, ++ .channels = 6, ++ .iface = 0, ++ .altsetting = 1, ++ .altset_idx = 1, ++ .endpoint = 0x01, ++ .ep_attr = USB_ENDPOINT_XFER_ISOC| ++ USB_ENDPOINT_SYNC_ASYNC, ++ .rates = SNDRV_PCM_RATE_44100, ++ .rate_min = 44100, ++ .rate_max = 44100, ++ .nr_rates = 1, ++ .rate_table = (unsigned int[]) { 44100 } ++ } ++ }, ++ { ++ .ifnum = 0, ++ .type = QUIRK_AUDIO_FIXED_ENDPOINT, ++ .data = &(const struct audioformat) { ++ .formats = SNDRV_PCM_FMTBIT_S24_3LE, ++ .channels = 6, ++ .iface = 0, ++ .altsetting = 1, ++ .altset_idx = 1, ++ .endpoint = 0x82, ++ .ep_idx = 1, ++ .ep_attr = USB_ENDPOINT_XFER_ISOC| ++ USB_ENDPOINT_SYNC_ASYNC| ++ USB_ENDPOINT_USAGE_IMPLICIT_FB, ++ .rates = SNDRV_PCM_RATE_44100, ++ .rate_min = 44100, ++ .rate_max = 44100, ++ .nr_rates = 1, ++ .rate_table = (unsigned int[]) { 44100 } ++ } ++ }, ++ { ++ .ifnum = -1 ++ } ++ } ++ } ++}, ++ + /* + * MacroSilicon MS2100/MS2106 based AV capture cards + * diff --git a/queue-6.2/drbd-correctly-submit-flush-bio-on-barrier.patch b/queue-6.2/drbd-correctly-submit-flush-bio-on-barrier.patch new file mode 100644 index 00000000000..26cd40bdb0a --- /dev/null +++ b/queue-6.2/drbd-correctly-submit-flush-bio-on-barrier.patch @@ -0,0 +1,49 @@ +From 3899d94e3831ee07ea6821c032dc297aec80586a Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Christoph=20B=C3=B6hmwalder?= + +Date: Wed, 3 May 2023 14:19:37 +0200 +Subject: drbd: correctly submit flush bio on barrier +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christoph Böhmwalder + +commit 3899d94e3831ee07ea6821c032dc297aec80586a upstream. + +When we receive a flush command (or "barrier" in DRBD), we currently use +a REQ_OP_FLUSH with the REQ_PREFLUSH flag set. + +The correct way to submit a flush bio is by using a REQ_OP_WRITE without +any data, and set the REQ_PREFLUSH flag. + +Since commit b4a6bb3a67aa ("block: add a sanity check for non-write +flush/fua bios"), this triggers a warning in the block layer, but this +has been broken for quite some time before that. + +So use the correct set of flags to actually make the flush happen. + +Cc: Christoph Hellwig +Cc: stable@vger.kernel.org +Fixes: f9ff0da56437 ("drbd: allow parallel flushes for multi-volume resources") +Reported-by: Thomas Voegtle +Signed-off-by: Christoph Böhmwalder +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20230503121937.17232-1-christoph.boehmwalder@linbit.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/block/drbd/drbd_receiver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/block/drbd/drbd_receiver.c ++++ b/drivers/block/drbd/drbd_receiver.c +@@ -1283,7 +1283,7 @@ static void one_flush_endio(struct bio * + static void submit_one_flush(struct drbd_device *device, struct issue_flush_context *ctx) + { + struct bio *bio = bio_alloc(device->ldev->backing_bdev, 0, +- REQ_OP_FLUSH | REQ_PREFLUSH, GFP_NOIO); ++ REQ_OP_WRITE | REQ_PREFLUSH, GFP_NOIO); + struct one_flush_context *octx = kmalloc(sizeof(*octx), GFP_NOIO); + + if (!octx) { diff --git a/queue-6.2/mm-do-not-reclaim-private-data-from-pinned-page.patch b/queue-6.2/mm-do-not-reclaim-private-data-from-pinned-page.patch new file mode 100644 index 00000000000..09afd547e00 --- /dev/null +++ b/queue-6.2/mm-do-not-reclaim-private-data-from-pinned-page.patch @@ -0,0 +1,50 @@ +From d824ec2a154677f63c56cc71ffe4578274f6e32e Mon Sep 17 00:00:00 2001 +From: Jan Kara +Date: Fri, 28 Apr 2023 14:41:40 +0200 +Subject: mm: do not reclaim private data from pinned page + +From: Jan Kara + +commit d824ec2a154677f63c56cc71ffe4578274f6e32e upstream. + +If the page is pinned, there's no point in trying to reclaim it. +Furthermore if the page is from the page cache we don't want to reclaim +fs-private data from the page because the pinning process may be writing +to the page at any time and reclaiming fs private info on a dirty page can +upset the filesystem (see link below). + +Link: https://lore.kernel.org/linux-mm/20180103100430.GE4911@quack2.suse.cz +Link: https://lkml.kernel.org/r/20230428124140.30166-1-jack@suse.cz +Signed-off-by: Jan Kara +Reviewed-by: Matthew Wilcox (Oracle) +Reviewed-by: Lorenzo Stoakes +Reviewed-by: Christoph Hellwig +Reviewed-by: John Hubbard +Acked-by: David Hildenbrand +Acked-by: Peter Xu +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/vmscan.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/mm/vmscan.c ++++ b/mm/vmscan.c +@@ -1905,6 +1905,16 @@ retry: + } + } + ++ /* ++ * Folio is unmapped now so it cannot be newly pinned anymore. ++ * No point in trying to reclaim folio if it is pinned. ++ * Furthermore we don't want to reclaim underlying fs metadata ++ * if the folio is pinned and thus potentially modified by the ++ * pinning process as that may upset the filesystem. ++ */ ++ if (folio_maybe_dma_pinned(folio)) ++ goto activate_locked; ++ + mapping = folio_mapping(folio); + if (folio_test_dirty(folio)) { + /* diff --git a/queue-6.2/nilfs2-do-not-write-dirty-data-after-degenerating-to-read-only.patch b/queue-6.2/nilfs2-do-not-write-dirty-data-after-degenerating-to-read-only.patch new file mode 100644 index 00000000000..01a743ff2db --- /dev/null +++ b/queue-6.2/nilfs2-do-not-write-dirty-data-after-degenerating-to-read-only.patch @@ -0,0 +1,61 @@ +From 28a65b49eb53e172d23567005465019658bfdb4d Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Thu, 27 Apr 2023 10:15:26 +0900 +Subject: nilfs2: do not write dirty data after degenerating to read-only + +From: Ryusuke Konishi + +commit 28a65b49eb53e172d23567005465019658bfdb4d upstream. + +According to syzbot's report, mark_buffer_dirty() called from +nilfs_segctor_do_construct() outputs a warning with some patterns after +nilfs2 detects metadata corruption and degrades to read-only mode. + +After such read-only degeneration, page cache data may be cleared through +nilfs_clear_dirty_page() which may also clear the uptodate flag for their +buffer heads. However, even after the degeneration, log writes are still +performed by unmount processing etc., which causes mark_buffer_dirty() to +be called for buffer heads without the "uptodate" flag and causes the +warning. + +Since any writes should not be done to a read-only file system in the +first place, this fixes the warning in mark_buffer_dirty() by letting +nilfs_segctor_do_construct() abort early if in read-only mode. + +This also changes the retry check of nilfs_segctor_write_out() to avoid +unnecessary log write retries if it detects -EROFS that +nilfs_segctor_do_construct() returned. + +Link: https://lkml.kernel.org/r/20230427011526.13457-1-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Tested-by: Ryusuke Konishi +Reported-by: syzbot+2af3bc9585be7f23f290@syzkaller.appspotmail.com + Link: https://syzkaller.appspot.com/bug?extid=2af3bc9585be7f23f290 +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/segment.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/fs/nilfs2/segment.c ++++ b/fs/nilfs2/segment.c +@@ -2039,6 +2039,9 @@ static int nilfs_segctor_do_construct(st + struct the_nilfs *nilfs = sci->sc_super->s_fs_info; + int err; + ++ if (sb_rdonly(sci->sc_super)) ++ return -EROFS; ++ + nilfs_sc_cstage_set(sci, NILFS_ST_INIT); + sci->sc_cno = nilfs->ns_cno; + +@@ -2722,7 +2725,7 @@ static void nilfs_segctor_write_out(stru + + flush_work(&sci->sc_iput_work); + +- } while (ret && retrycount-- > 0); ++ } while (ret && ret != -EROFS && retrycount-- > 0); + } + + /** diff --git a/queue-6.2/nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch b/queue-6.2/nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch new file mode 100644 index 00000000000..48efad238d7 --- /dev/null +++ b/queue-6.2/nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch @@ -0,0 +1,71 @@ +From a6a491c048882e7e424d407d32cba0b52d9ef2bf Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Mon, 1 May 2023 04:30:46 +0900 +Subject: nilfs2: fix infinite loop in nilfs_mdt_get_block() + +From: Ryusuke Konishi + +commit a6a491c048882e7e424d407d32cba0b52d9ef2bf upstream. + +If the disk image that nilfs2 mounts is corrupted and a virtual block +address obtained by block lookup for a metadata file is invalid, +nilfs_bmap_lookup_at_level() may return the same internal return code as +-ENOENT, meaning the block does not exist in the metadata file. + +This duplication of return codes confuses nilfs_mdt_get_block(), causing +it to read and create a metadata block indefinitely. + +In particular, if this happens to the inode metadata file, ifile, +semaphore i_rwsem can be left held, causing task hangs in lock_mount. + +Fix this issue by making nilfs_bmap_lookup_at_level() treat virtual block +address translation failures with -ENOENT as metadata corruption instead +of returning the error code. + +Link: https://lkml.kernel.org/r/20230430193046.6769-1-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Tested-by: Ryusuke Konishi +Reported-by: syzbot+221d75710bde87fa0e97@syzkaller.appspotmail.com + Link: https://syzkaller.appspot.com/bug?extid=221d75710bde87fa0e97 +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/bmap.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +--- a/fs/nilfs2/bmap.c ++++ b/fs/nilfs2/bmap.c +@@ -67,20 +67,28 @@ int nilfs_bmap_lookup_at_level(struct ni + + down_read(&bmap->b_sem); + ret = bmap->b_ops->bop_lookup(bmap, key, level, ptrp); +- if (ret < 0) { +- ret = nilfs_bmap_convert_error(bmap, __func__, ret); ++ if (ret < 0) + goto out; +- } ++ + if (NILFS_BMAP_USE_VBN(bmap)) { + ret = nilfs_dat_translate(nilfs_bmap_get_dat(bmap), *ptrp, + &blocknr); + if (!ret) + *ptrp = blocknr; ++ else if (ret == -ENOENT) { ++ /* ++ * If there was no valid entry in DAT for the block ++ * address obtained by b_ops->bop_lookup, then pass ++ * internal code -EINVAL to nilfs_bmap_convert_error ++ * to treat it as metadata corruption. ++ */ ++ ret = -EINVAL; ++ } + } + + out: + up_read(&bmap->b_sem); +- return ret; ++ return nilfs_bmap_convert_error(bmap, __func__, ret); + } + + int nilfs_bmap_lookup_contig(struct nilfs_bmap *bmap, __u64 key, __u64 *ptrp, diff --git a/queue-6.2/parisc-ensure-page-alignment-in-flush-functions.patch b/queue-6.2/parisc-ensure-page-alignment-in-flush-functions.patch new file mode 100644 index 00000000000..2c7b1883da2 --- /dev/null +++ b/queue-6.2/parisc-ensure-page-alignment-in-flush-functions.patch @@ -0,0 +1,43 @@ +From d755bd2caeb47fd806e12399fe8b56798fa5d2cc Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Wed, 15 Mar 2023 19:25:15 +0100 +Subject: parisc: Ensure page alignment in flush functions + +From: Helge Deller + +commit d755bd2caeb47fd806e12399fe8b56798fa5d2cc upstream. + +Matthew Wilcox noticed, that if ARCH_HAS_FLUSH_ON_KUNMAP is defined +(which is the case for PA-RISC), __kunmap_local() calls +kunmap_flush_on_unmap(), which may call the parisc flush functions with +a non-page-aligned address and thus the page might not be fully flushed. + +This patch ensures that flush_kernel_dcache_page_asm() and +flush_kernel_dcache_page_asm() will always operate on page-aligned +addresses. + +Signed-off-by: Helge Deller +Cc: # v6.0+ +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/pacache.S | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/arch/parisc/kernel/pacache.S ++++ b/arch/parisc/kernel/pacache.S +@@ -889,6 +889,7 @@ ENDPROC_CFI(flush_icache_page_asm) + ENTRY_CFI(flush_kernel_dcache_page_asm) + 88: ldil L%dcache_stride, %r1 + ldw R%dcache_stride(%r1), %r23 ++ depi_safe 0, 31,PAGE_SHIFT, %r26 /* Clear any offset bits */ + + #ifdef CONFIG_64BIT + depdi,z 1, 63-PAGE_SHIFT,1, %r25 +@@ -925,6 +926,7 @@ ENDPROC_CFI(flush_kernel_dcache_page_asm + ENTRY_CFI(purge_kernel_dcache_page_asm) + 88: ldil L%dcache_stride, %r1 + ldw R%dcache_stride(%r1), %r23 ++ depi_safe 0, 31,PAGE_SHIFT, %r26 /* Clear any offset bits */ + + #ifdef CONFIG_64BIT + depdi,z 1, 63-PAGE_SHIFT,1, %r25 diff --git a/queue-6.2/parisc-fix-argument-pointer-in-real64_call_asm.patch b/queue-6.2/parisc-fix-argument-pointer-in-real64_call_asm.patch new file mode 100644 index 00000000000..4212e91806f --- /dev/null +++ b/queue-6.2/parisc-fix-argument-pointer-in-real64_call_asm.patch @@ -0,0 +1,48 @@ +From 6e3220ba3323a2c24be834aebf5d6e9f89d0993f Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Wed, 3 May 2023 16:39:56 +0200 +Subject: parisc: Fix argument pointer in real64_call_asm() + +From: Helge Deller + +commit 6e3220ba3323a2c24be834aebf5d6e9f89d0993f upstream. + +Fix the argument pointer (ap) to point to real-mode memory +instead of virtual memory. + +It's interesting that this issue hasn't shown up earlier, as this could +have happened with any 64-bit PDC ROM code. + +I just noticed it because I suddenly faced a HPMC while trying to execute +the 64-bit STI ROM code of an Visualize-FXe graphics card for the STI +text console. + +Signed-off-by: Helge Deller +Cc: +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/real2.S | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +--- a/arch/parisc/kernel/real2.S ++++ b/arch/parisc/kernel/real2.S +@@ -235,9 +235,6 @@ ENTRY_CFI(real64_call_asm) + /* save fn */ + copy %arg2, %r31 + +- /* set up the new ap */ +- ldo 64(%arg1), %r29 +- + /* load up the arg registers from the saved arg area */ + /* 32-bit calling convention passes first 4 args in registers */ + ldd 0*REG_SZ(%arg1), %arg0 /* note overwriting arg0 */ +@@ -249,7 +246,9 @@ ENTRY_CFI(real64_call_asm) + ldd 7*REG_SZ(%arg1), %r19 + ldd 1*REG_SZ(%arg1), %arg1 /* do this one last! */ + ++ /* set up real-mode stack and real-mode ap */ + tophys_r1 %sp ++ ldo -16(%sp), %r29 /* Reference param save area */ + + b,l rfi_virt2real,%r2 + nop diff --git a/queue-6.2/series b/queue-6.2/series index 5c420b3a91f..7a562eefce0 100644 --- a/queue-6.2/series +++ b/queue-6.2/series @@ -618,3 +618,14 @@ pm-hibernate-do-not-get-block-device-exclusively-in-.patch afs-fix-updating-of-i_size-with-dv-jump-from-server.patch afs-fix-getattr-to-report-server-i_size-on-dirs-not-.patch afs-avoid-endless-loop-if-file-is-larger-than-expect.patch +parisc-fix-argument-pointer-in-real64_call_asm.patch +parisc-ensure-page-alignment-in-flush-functions.patch +alsa-usb-audio-add-quirk-for-pioneer-ddj-800.patch +alsa-hda-realtek-add-quirk-for-thinkpad-p1-gen-6.patch +alsa-hda-realtek-add-quirk-for-asus-um3402yar-using-cs35l41.patch +alsa-hda-realtek-support-hp-pavilion-aero-13-be0xxx-mute-led.patch +alsa-hda-realtek-fix-mute-and-micmute-leds-for-an-hp-laptop.patch +nilfs2-do-not-write-dirty-data-after-degenerating-to-read-only.patch +nilfs2-fix-infinite-loop-in-nilfs_mdt_get_block.patch +mm-do-not-reclaim-private-data-from-pinned-page.patch +drbd-correctly-submit-flush-bio-on-barrier.patch