From: Sasha Levin Date: Sat, 21 Oct 2023 00:51:11 +0000 (-0400) Subject: Fixes for 5.4 X-Git-Tag: v4.14.328~70 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70ed7cbc359bb7fc47bfddf36d4cf4ebb3e3a238;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.4 Signed-off-by: Sasha Levin --- diff --git a/queue-5.4/acpi-drop-acpi_dev_irqresource_disabled.patch b/queue-5.4/acpi-drop-acpi_dev_irqresource_disabled.patch new file mode 100644 index 00000000000..ce310ec6d6e --- /dev/null +++ b/queue-5.4/acpi-drop-acpi_dev_irqresource_disabled.patch @@ -0,0 +1,89 @@ +From c5329c58d23cb15468a4621ef4a0e21f480a48f3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Dec 2020 18:36:55 +0800 +Subject: ACPI: Drop acpi_dev_irqresource_disabled() + +From: John Garry + +[ Upstream commit 1c3f69b4543af0aad514c127298e5ea40392575d ] + +The functionality of acpi_dev_irqresource_disabled() is same as in common +irqresource_disabled(), so drop acpi_dev_irqresource_disabled() in favour +of that function. + +Signed-off-by: John Garry +Signed-off-by: Marc Zyngier +Acked-by: Rafael J. Wysocki +Link: https://lore.kernel.org/r/1606905417-183214-4-git-send-email-john.garry@huawei.com +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 17 +++++------------ + 1 file changed, 5 insertions(+), 12 deletions(-) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 48ca9a844f06b..0ce3656e4633b 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -380,13 +380,6 @@ unsigned int acpi_dev_get_irq_type(int triggering, int polarity) + } + EXPORT_SYMBOL_GPL(acpi_dev_get_irq_type); + +-static void acpi_dev_irqresource_disabled(struct resource *res, u32 gsi) +-{ +- res->start = gsi; +- res->end = gsi; +- res->flags = IORESOURCE_IRQ | IORESOURCE_DISABLED | IORESOURCE_UNSET; +-} +- + static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, + u8 triggering, u8 polarity, u8 shareable, + bool legacy) +@@ -394,7 +387,7 @@ static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, + int irq, p, t; + + if (!valid_IRQ(gsi)) { +- acpi_dev_irqresource_disabled(res, gsi); ++ irqresource_disabled(res, gsi); + return; + } + +@@ -426,7 +419,7 @@ static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, + res->start = irq; + res->end = irq; + } else { +- acpi_dev_irqresource_disabled(res, gsi); ++ irqresource_disabled(res, gsi); + } + } + +@@ -463,7 +456,7 @@ bool acpi_dev_resource_interrupt(struct acpi_resource *ares, int index, + */ + irq = &ares->data.irq; + if (index >= irq->interrupt_count) { +- acpi_dev_irqresource_disabled(res, 0); ++ irqresource_disabled(res, 0); + return false; + } + acpi_dev_get_irqresource(res, irq->interrupts[index], +@@ -473,7 +466,7 @@ bool acpi_dev_resource_interrupt(struct acpi_resource *ares, int index, + case ACPI_RESOURCE_TYPE_EXTENDED_IRQ: + ext_irq = &ares->data.extended_irq; + if (index >= ext_irq->interrupt_count) { +- acpi_dev_irqresource_disabled(res, 0); ++ irqresource_disabled(res, 0); + return false; + } + if (is_gsi(ext_irq)) +@@ -481,7 +474,7 @@ bool acpi_dev_resource_interrupt(struct acpi_resource *ares, int index, + ext_irq->triggering, ext_irq->polarity, + ext_irq->shareable, false); + else +- acpi_dev_irqresource_disabled(res, 0); ++ irqresource_disabled(res, 0); + break; + default: + res->flags = 0; +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-add-asus-expertbook-b2502-to-asus-quir.patch b/queue-5.4/acpi-resource-add-asus-expertbook-b2502-to-asus-quir.patch new file mode 100644 index 00000000000..9cf535b24a5 --- /dev/null +++ b/queue-5.4/acpi-resource-add-asus-expertbook-b2502-to-asus-quir.patch @@ -0,0 +1,47 @@ +From f8d5725af614a68cd4a1731dcd5090c21dd22b07 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 15 Dec 2022 10:44:43 +0100 +Subject: ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks + +From: Hans de Goede + +[ Upstream commit 7203481fd12b1257938519efb2460ea02b9236ee ] + +The Asus ExpertBook B2502 has the same keyboard issue as Asus Vivobook +K3402ZA/K3502ZA. The kernel overrides IRQ 1 to Edge_High when it +should be Active_Low. + +This patch adds the ExpertBook B2502 model to the existing +quirk list of Asus laptops with this issue. + +Fixes: b5f9223a105d ("ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA") +Link: https://bugzilla.redhat.com/show_bug.cgi?id=2142574 +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index a34d625f6b875..b68cac8157109 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -421,6 +421,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "S5602ZA"), + }, + }, ++ { ++ .ident = "Asus ExpertBook B2502", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "B2502CBA"), ++ }, ++ }, + { } + }; + +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-add-asus-model-s5402za-to-quirks.patch b/queue-5.4/acpi-resource-add-asus-model-s5402za-to-quirks.patch new file mode 100644 index 00000000000..799e66d6d80 --- /dev/null +++ b/queue-5.4/acpi-resource-add-asus-model-s5402za-to-quirks.patch @@ -0,0 +1,46 @@ +From d03515c21df33b8ec2305be3c01f684ac5128a53 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Sep 2022 10:24:22 -0700 +Subject: ACPI: resource: Add ASUS model S5402ZA to quirks + +From: Kellen Renshaw + +[ Upstream commit 6e5cbe7c4b41824e500acbb42411da692d1435f1 ] + +The Asus Vivobook S5402ZA has the same keyboard issue as Asus Vivobook +K3402ZA/K3502ZA. The kernel overrides IRQ 1 to Edge_High when it +should be Active_Low. + +This patch adds the S5402ZA model to the quirk list. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216158 +Tested-by: Kellen Renshaw +Signed-off-by: Kellen Renshaw +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 27b364e23c60b..61a7f9a05f645 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -407,6 +407,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "K3502ZA"), + }, + }, ++ { ++ .ident = "Asus Vivobook S5402ZA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "S5402ZA"), ++ }, ++ }, + { } + }; + +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch new file mode 100644 index 00000000000..f69aedf8598 --- /dev/null +++ b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch @@ -0,0 +1,46 @@ +From a3eb4e8db34d504b9363f31c511b820c23c6930c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 30 Dec 2022 00:58:39 -0500 +Subject: ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA + +From: Tamim Khan + +[ Upstream commit 77c7248882385397cd7dffe9e1437f59f32ce2de ] + +Like the Asus Expertbook B2502CBA and various Asus Vivobook laptops, +the Asus Expertbook B2402CBA has an ACPI DSDT table that describes IRQ 1 +as ActiveLow while the kernel overrides it to Edge_High. This prevents the +keyboard from working. To fix this issue, add this laptop to the +skip_override_table so that the kernel does not override IRQ 1. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216864 +Tested-by: zelenat +Signed-off-by: Tamim Khan +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index b68cac8157109..2375a16126077 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -421,6 +421,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "S5602ZA"), + }, + }, ++ { ++ .ident = "Asus ExpertBook B2402CBA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "B2402CBA"), ++ }, ++ }, + { + .ident = "Asus ExpertBook B2502", + .matches = { +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-27870 b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-27870 new file mode 100644 index 00000000000..e489e02932a --- /dev/null +++ b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-27870 @@ -0,0 +1,46 @@ +From 2d48aaf8ee555bc591f5c85904adecbeab1d6396 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Sep 2023 12:08:27 +0200 +Subject: ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA + +From: Hans de Goede + +[ Upstream commit c1ed72171ed580fbf159e703b77685aa4b0d0df5 ] + +Like various other ASUS ExpertBook-s, the ASUS ExpertBook B1402CBA +has an ACPI DSDT table that describes IRQ 1 as ActiveLow while +the kernel overrides it to EdgeHigh. + +This prevents the keyboard from working. To fix this issue, add this laptop +to the skip_override_table so that the kernel does not override IRQ 1. + +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217901 +Cc: stable@vger.kernel.org +Signed-off-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index cbd9cb82dd928..95d19740c207f 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -421,6 +421,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "S5602ZA"), + }, + }, ++ { ++ .ident = "Asus ExpertBook B1402CBA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "B1402CBA"), ++ }, ++ }, + { + .ident = "Asus ExpertBook B1502CBA", + .matches = { +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-28910 b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-28910 new file mode 100644 index 00000000000..3464522500a --- /dev/null +++ b/queue-5.4/acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-28910 @@ -0,0 +1,52 @@ +From 32ded0d0e021748a1814bc721b7ab80719d1557d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 11 Apr 2023 20:31:44 +0200 +Subject: ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA + +From: Paul Menzel + +[ Upstream commit 05cda427126f30ce3fc8ffd82fd6f5196398d502 ] + +Like the ASUS ExpertBook B2502CBA and various ASUS Vivobook laptops, the +ASUS ExpertBook B1502CBA has an ACPI DSDT table that describes IRQ 1 as +ActiveLow while the kernel overrides it to Edge_High. + + $ sudo dmesg | grep DMI + DMI: ASUSTeK COMPUTER INC. ASUS EXPERTBOOK B1502CBA_B1502CBA/B1502CBA, BIOS B1502CBA.300 01/18/2023 + $ grep -A 40 PS2K dsdt.dsl | grep IRQ -A 1 + IRQ (Level, ActiveLow, Exclusive, ) + {1} + +This prevents the keyboard from working. To fix this issue, add this laptop +to the skip_override_table so that the kernel does not override IRQ 1. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=217323 +Signed-off-by: Paul Menzel +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 2375a16126077..cbd9cb82dd928 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -421,6 +421,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "S5602ZA"), + }, + }, ++ { ++ .ident = "Asus ExpertBook B1502CBA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "B1502CBA"), ++ }, ++ }, + { + .ident = "Asus ExpertBook B2402CBA", + .matches = { +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-k34.patch b/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-k34.patch new file mode 100644 index 00000000000..411b323475c --- /dev/null +++ b/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-k34.patch @@ -0,0 +1,68 @@ +From adce0c030704a0cdefda80ea05caaa87e799df61 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Aug 2022 23:04:19 -0400 +Subject: ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA + +From: Tamim Khan + +[ Upstream commit e12dee3736731e24b1e7367f87d66ac0fcd73ce7 ] + +In the ACPI DSDT table for Asus VivoBook K3402ZA/K3502ZA +IRQ 1 is described as ActiveLow; however, the kernel overrides +it to Edge_High. This prevents the internal keyboard from working +on these laptops. In order to fix this add these laptops to the +skip_override_table so that the kernel does not override IRQ 1 to +Edge_High. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216158 +Reviewed-by: Hui Wang +Tested-by: Tamim Khan +Tested-by: Sunand +Signed-off-by: Tamim Khan +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 6489dd3ff0741..27b364e23c60b 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -392,6 +392,24 @@ static const struct dmi_system_id medion_laptop[] = { + { } + }; + ++static const struct dmi_system_id asus_laptop[] = { ++ { ++ .ident = "Asus Vivobook K3402ZA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "K3402ZA"), ++ }, ++ }, ++ { ++ .ident = "Asus Vivobook K3502ZA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "K3502ZA"), ++ }, ++ }, ++ { } ++}; ++ + struct irq_override_cmp { + const struct dmi_system_id *system; + unsigned char irq; +@@ -402,6 +420,7 @@ struct irq_override_cmp { + + static const struct irq_override_cmp skip_override_table[] = { + { medion_laptop, 1, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_LOW, 0 }, ++ { asus_laptop, 1, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_LOW, 0 }, + }; + + static bool acpi_dev_irq_override(u32 gsi, u8 triggering, u8 polarity, +-- +2.40.1 + diff --git a/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-s56.patch b/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-s56.patch new file mode 100644 index 00000000000..8891c20bf98 --- /dev/null +++ b/queue-5.4/acpi-resource-skip-irq-override-on-asus-vivobook-s56.patch @@ -0,0 +1,46 @@ +From a1d212629b1935bd7fe884a3755acfda7265cdfc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 Oct 2022 01:19:31 -0400 +Subject: ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA + +From: Tamim Khan + +[ Upstream commit b5f9223a105d9b56954ad1ca3eace4eaf26c99ed ] + +Like the Asus Vivobook K3402ZA/K3502ZA/S5402ZA Asus Vivobook S5602ZA +has an ACPI DSDT table the describes IRQ 1 as ActiveLow while the kernel +overrides it to Edge_High. This prevents the keyboard on this laptop +from working. To fix this add this laptop to the skip_override_table so +that the kernel does not override IRQ 1. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=216579 +Tested-by: Dzmitry +Signed-off-by: Tamim Khan +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 61a7f9a05f645..a34d625f6b875 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -414,6 +414,13 @@ static const struct dmi_system_id asus_laptop[] = { + DMI_MATCH(DMI_BOARD_NAME, "S5402ZA"), + }, + }, ++ { ++ .ident = "Asus Vivobook S5602ZA", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK COMPUTER INC."), ++ DMI_MATCH(DMI_BOARD_NAME, "S5602ZA"), ++ }, ++ }, + { } + }; + +-- +2.40.1 + diff --git a/queue-5.4/acpi-resources-add-dmi-based-legacy-irq-override-qui.patch b/queue-5.4/acpi-resources-add-dmi-based-legacy-irq-override-qui.patch new file mode 100644 index 00000000000..37f25539ef1 --- /dev/null +++ b/queue-5.4/acpi-resources-add-dmi-based-legacy-irq-override-qui.patch @@ -0,0 +1,113 @@ +From d36436ff38c5f8a277682b3005329e6da4797fd5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 15 Sep 2021 21:09:05 +0800 +Subject: ACPI: resources: Add DMI-based legacy IRQ override quirk + +From: Hui Wang + +[ Upstream commit 892a012699fc0b91a2ed6309078936191447f480 ] + +After the commit 0ec4e55e9f57 ("ACPI: resources: Add checks for ACPI +IRQ override") is reverted, the keyboard on Medion laptops can't +work again. + +To fix the keyboard issue, add a DMI-based override check that will +not affect other machines along the lines of prt_quirks[] in +drivers/acpi/pci_irq.c. + +If similar issues are seen on other platforms, the quirk table could +be expanded in the future. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=213031 +BugLink: http://bugs.launchpad.net/bugs/1909814 +Suggested-by: Rafael J. Wysocki +Reported-by: Manuel Krause +Tested-by: Manuel Krause +Signed-off-by: Hui Wang +[ rjw: Subject and changelog edits ] +Signed-off-by: Rafael J. Wysocki +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + drivers/acpi/resource.c | 49 +++++++++++++++++++++++++++++++++++++++-- + 1 file changed, 47 insertions(+), 2 deletions(-) + +diff --git a/drivers/acpi/resource.c b/drivers/acpi/resource.c +index 0ce3656e4633b..6489dd3ff0741 100644 +--- a/drivers/acpi/resource.c ++++ b/drivers/acpi/resource.c +@@ -16,6 +16,7 @@ + #include + #include + #include ++#include + + #ifdef CONFIG_X86 + #define valid_IRQ(i) (((i) != 0) && ((i) != 2)) +@@ -380,9 +381,51 @@ unsigned int acpi_dev_get_irq_type(int triggering, int polarity) + } + EXPORT_SYMBOL_GPL(acpi_dev_get_irq_type); + ++static const struct dmi_system_id medion_laptop[] = { ++ { ++ .ident = "MEDION P15651", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "MEDION"), ++ DMI_MATCH(DMI_BOARD_NAME, "M15T"), ++ }, ++ }, ++ { } ++}; ++ ++struct irq_override_cmp { ++ const struct dmi_system_id *system; ++ unsigned char irq; ++ unsigned char triggering; ++ unsigned char polarity; ++ unsigned char shareable; ++}; ++ ++static const struct irq_override_cmp skip_override_table[] = { ++ { medion_laptop, 1, ACPI_LEVEL_SENSITIVE, ACPI_ACTIVE_LOW, 0 }, ++}; ++ ++static bool acpi_dev_irq_override(u32 gsi, u8 triggering, u8 polarity, ++ u8 shareable) ++{ ++ int i; ++ ++ for (i = 0; i < ARRAY_SIZE(skip_override_table); i++) { ++ const struct irq_override_cmp *entry = &skip_override_table[i]; ++ ++ if (dmi_check_system(entry->system) && ++ entry->irq == gsi && ++ entry->triggering == triggering && ++ entry->polarity == polarity && ++ entry->shareable == shareable) ++ return false; ++ } ++ ++ return true; ++} ++ + static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, + u8 triggering, u8 polarity, u8 shareable, +- bool legacy) ++ bool check_override) + { + int irq, p, t; + +@@ -401,7 +444,9 @@ static void acpi_dev_get_irqresource(struct resource *res, u32 gsi, + * using extended IRQ descriptors we take the IRQ configuration + * from _CRS directly. + */ +- if (legacy && !acpi_get_override_irq(gsi, &t, &p)) { ++ if (check_override && ++ acpi_dev_irq_override(gsi, triggering, polarity, shareable) && ++ !acpi_get_override_irq(gsi, &t, &p)) { + u8 trig = t ? ACPI_LEVEL_SENSITIVE : ACPI_EDGE_SENSITIVE; + u8 pol = p ? ACPI_ACTIVE_LOW : ACPI_ACTIVE_HIGH; + +-- +2.40.1 + diff --git a/queue-5.4/arm-dts-ti-omap-fix-noisy-serial-with-overrun-thrott.patch b/queue-5.4/arm-dts-ti-omap-fix-noisy-serial-with-overrun-thrott.patch new file mode 100644 index 00000000000..8b8a2921bea --- /dev/null +++ b/queue-5.4/arm-dts-ti-omap-fix-noisy-serial-with-overrun-thrott.patch @@ -0,0 +1,44 @@ +From aa2d56b225d9326e2e5dbbc91edcee387a5afc06 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Sep 2023 07:07:38 +0300 +Subject: ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for + mapphone + +From: Tony Lindgren + +[ Upstream commit 5ad37b5e30433afa7a5513e3eb61f69fa0976785 ] + +On mapphone devices we may get lots of noise on the micro-USB port in debug +uart mode until the phy-cpcap-usb driver probes. Let's limit the noise by +using overrun-throttle-ms. + +Note that there is also a related separate issue where the charger cable +connected may cause random sysrq requests until phy-cpcap-usb probes that +still remains. + +Cc: Ivaylo Dimitrov +Cc: Carl Philipp Klemm +Cc: Merlijn Wajer +Cc: Pavel Machek +Reviewed-by: Sebastian Reichel +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/omap4-droid4-xt894.dts | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm/boot/dts/omap4-droid4-xt894.dts b/arch/arm/boot/dts/omap4-droid4-xt894.dts +index f5dbc241aaf78..73425f692774c 100644 +--- a/arch/arm/boot/dts/omap4-droid4-xt894.dts ++++ b/arch/arm/boot/dts/omap4-droid4-xt894.dts +@@ -678,6 +678,7 @@ &uart1 { + &uart3 { + interrupts-extended = <&wakeupgen GIC_SPI 74 IRQ_TYPE_LEVEL_HIGH + &omap4_pmx_core 0x17c>; ++ overrun-throttle-ms = <500>; + }; + + &uart4 { +-- +2.40.1 + diff --git a/queue-5.4/ata-libata-eh-fix-compilation-warning-in-ata_eh_link.patch b/queue-5.4/ata-libata-eh-fix-compilation-warning-in-ata_eh_link.patch new file mode 100644 index 00000000000..32826a4ec5d --- /dev/null +++ b/queue-5.4/ata-libata-eh-fix-compilation-warning-in-ata_eh_link.patch @@ -0,0 +1,55 @@ +From a3b782e3d49a265457dc4f2a6bf0893cface51d7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Sep 2023 09:08:40 +0900 +Subject: ata: libata-eh: Fix compilation warning in ata_eh_link_report() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Damien Le Moal + +[ Upstream commit 49728bdc702391902a473b9393f1620eea32acb0 ] + +The 6 bytes length of the tries_buf string in ata_eh_link_report() is +too short and results in a gcc compilation warning with W-!: + +drivers/ata/libata-eh.c: In function ‘ata_eh_link_report’: +drivers/ata/libata-eh.c:2371:59: warning: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size 4 [-Wformat-truncation=] + 2371 | snprintf(tries_buf, sizeof(tries_buf), " t%d", + | ^~ +drivers/ata/libata-eh.c:2371:56: note: directive argument in the range [-2147483648, 4] + 2371 | snprintf(tries_buf, sizeof(tries_buf), " t%d", + | ^~~~~~ +drivers/ata/libata-eh.c:2371:17: note: ‘snprintf’ output between 4 and 14 bytes into a destination of size 6 + 2371 | snprintf(tries_buf, sizeof(tries_buf), " t%d", + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 2372 | ap->eh_tries); + | ~~~~~~~~~~~~~ + +Avoid this warning by increasing the string size to 16B. + +Signed-off-by: Damien Le Moal +Reviewed-by: Hannes Reinecke +Tested-by: Geert Uytterhoeven +Reviewed-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/ata/libata-eh.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c +index 54b6ec44d3be4..fa3f08ca5f6ce 100644 +--- a/drivers/ata/libata-eh.c ++++ b/drivers/ata/libata-eh.c +@@ -2422,7 +2422,7 @@ static void ata_eh_link_report(struct ata_link *link) + struct ata_eh_context *ehc = &link->eh_context; + struct ata_queued_cmd *qc; + const char *frozen, *desc; +- char tries_buf[6] = ""; ++ char tries_buf[16] = ""; + int tag, nr_failed = 0; + + if (ehc->i.flags & ATA_EHI_QUIET) +-- +2.40.1 + diff --git a/queue-5.4/bluetooth-avoid-redundant-authentication.patch b/queue-5.4/bluetooth-avoid-redundant-authentication.patch new file mode 100644 index 00000000000..e7571580ae6 --- /dev/null +++ b/queue-5.4/bluetooth-avoid-redundant-authentication.patch @@ -0,0 +1,106 @@ +From 5b8fa212bc8176ea14395c0cb28c90ea6e9e4f17 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 7 Sep 2023 04:39:34 +0000 +Subject: Bluetooth: Avoid redundant authentication + +From: Ying Hsu + +[ Upstream commit 1d8e801422d66e4b8c7b187c52196bef94eed887 ] + +While executing the Android 13 CTS Verifier Secure Server test on a +ChromeOS device, it was observed that the Bluetooth host initiates +authentication for an RFCOMM connection after SSP completes. +When this happens, some Intel Bluetooth controllers, like AC9560, would +disconnect with "Connection Rejected due to Security Reasons (0x0e)". + +Historically, BlueZ did not mandate this authentication while an +authenticated combination key was already in use for the connection. +This behavior was changed since commit 7b5a9241b780 +("Bluetooth: Introduce requirements for security level 4"). +So, this patch addresses the aforementioned disconnection issue by +restoring the previous behavior. + +Signed-off-by: Ying Hsu +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_conn.c | 63 ++++++++++++++++++++++------------------ + 1 file changed, 35 insertions(+), 28 deletions(-) + +diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c +index 9ffc18c883e24..afdc0afa8ee7d 100644 +--- a/net/bluetooth/hci_conn.c ++++ b/net/bluetooth/hci_conn.c +@@ -1391,34 +1391,41 @@ int hci_conn_security(struct hci_conn *conn, __u8 sec_level, __u8 auth_type, + if (!test_bit(HCI_CONN_AUTH, &conn->flags)) + goto auth; + +- /* An authenticated FIPS approved combination key has sufficient +- * security for security level 4. */ +- if (conn->key_type == HCI_LK_AUTH_COMBINATION_P256 && +- sec_level == BT_SECURITY_FIPS) +- goto encrypt; +- +- /* An authenticated combination key has sufficient security for +- security level 3. */ +- if ((conn->key_type == HCI_LK_AUTH_COMBINATION_P192 || +- conn->key_type == HCI_LK_AUTH_COMBINATION_P256) && +- sec_level == BT_SECURITY_HIGH) +- goto encrypt; +- +- /* An unauthenticated combination key has sufficient security for +- security level 1 and 2. */ +- if ((conn->key_type == HCI_LK_UNAUTH_COMBINATION_P192 || +- conn->key_type == HCI_LK_UNAUTH_COMBINATION_P256) && +- (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW)) +- goto encrypt; +- +- /* A combination key has always sufficient security for the security +- levels 1 or 2. High security level requires the combination key +- is generated using maximum PIN code length (16). +- For pre 2.1 units. */ +- if (conn->key_type == HCI_LK_COMBINATION && +- (sec_level == BT_SECURITY_MEDIUM || sec_level == BT_SECURITY_LOW || +- conn->pin_length == 16)) +- goto encrypt; ++ switch (conn->key_type) { ++ case HCI_LK_AUTH_COMBINATION_P256: ++ /* An authenticated FIPS approved combination key has ++ * sufficient security for security level 4 or lower. ++ */ ++ if (sec_level <= BT_SECURITY_FIPS) ++ goto encrypt; ++ break; ++ case HCI_LK_AUTH_COMBINATION_P192: ++ /* An authenticated combination key has sufficient security for ++ * security level 3 or lower. ++ */ ++ if (sec_level <= BT_SECURITY_HIGH) ++ goto encrypt; ++ break; ++ case HCI_LK_UNAUTH_COMBINATION_P192: ++ case HCI_LK_UNAUTH_COMBINATION_P256: ++ /* An unauthenticated combination key has sufficient security ++ * for security level 2 or lower. ++ */ ++ if (sec_level <= BT_SECURITY_MEDIUM) ++ goto encrypt; ++ break; ++ case HCI_LK_COMBINATION: ++ /* A combination key has always sufficient security for the ++ * security levels 2 or lower. High security level requires the ++ * combination key is generated using maximum PIN code length ++ * (16). For pre 2.1 units. ++ */ ++ if (sec_level <= BT_SECURITY_MEDIUM || conn->pin_length == 16) ++ goto encrypt; ++ break; ++ default: ++ break; ++ } + + auth: + if (test_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags)) +-- +2.40.1 + diff --git a/queue-5.4/bluetooth-hci_core-fix-build-warnings.patch b/queue-5.4/bluetooth-hci_core-fix-build-warnings.patch new file mode 100644 index 00000000000..a3e5156eb14 --- /dev/null +++ b/queue-5.4/bluetooth-hci_core-fix-build-warnings.patch @@ -0,0 +1,78 @@ +From fe2d75e259bd5b11f4670279bde3e3f4ab457af9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Sep 2023 14:42:27 -0700 +Subject: Bluetooth: hci_core: Fix build warnings +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Luiz Augusto von Dentz + +[ Upstream commit dcda165706b9fbfd685898d46a6749d7d397e0c0 ] + +This fixes the following warnings: + +net/bluetooth/hci_core.c: In function ‘hci_register_dev’: +net/bluetooth/hci_core.c:2620:54: warning: ‘%d’ directive output may +be truncated writing between 1 and 10 bytes into a region of size 5 +[-Wformat-truncation=] + 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id); + | ^~ +net/bluetooth/hci_core.c:2620:50: note: directive argument in the range +[0, 2147483647] + 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id); + | ^~~~~~~ +net/bluetooth/hci_core.c:2620:9: note: ‘snprintf’ output between 5 and +14 bytes into a destination of size 8 + 2620 | snprintf(hdev->name, sizeof(hdev->name), "hci%d", id); + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Sasha Levin +--- + include/net/bluetooth/hci_core.h | 2 +- + net/bluetooth/hci_core.c | 8 +++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h +index ecad25900ad78..b54f17677ac0c 100644 +--- a/include/net/bluetooth/hci_core.h ++++ b/include/net/bluetooth/hci_core.h +@@ -219,7 +219,7 @@ struct hci_dev { + struct list_head list; + struct mutex lock; + +- char name[8]; ++ const char *name; + unsigned long flags; + __u16 id; + __u8 bus; +diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c +index 21469934fc3c0..54c55c30db17b 100644 +--- a/net/bluetooth/hci_core.c ++++ b/net/bluetooth/hci_core.c +@@ -3317,7 +3317,11 @@ int hci_register_dev(struct hci_dev *hdev) + if (id < 0) + return id; + +- snprintf(hdev->name, sizeof(hdev->name), "hci%d", id); ++ error = dev_set_name(&hdev->dev, "hci%u", id); ++ if (error) ++ return error; ++ ++ hdev->name = dev_name(&hdev->dev); + hdev->id = id; + + BT_DBG("%p name %s bus %d", hdev, hdev->name, hdev->bus); +@@ -3339,8 +3343,6 @@ int hci_register_dev(struct hci_dev *hdev) + if (!IS_ERR_OR_NULL(bt_debugfs)) + hdev->debugfs = debugfs_create_dir(hdev->name, bt_debugfs); + +- dev_set_name(&hdev->dev, "%s", hdev->name); +- + error = device_add(&hdev->dev); + if (error < 0) + goto err_wqueue; +-- +2.40.1 + diff --git a/queue-5.4/bluetooth-hci_event-fix-using-memcmp-when-comparing-.patch b/queue-5.4/bluetooth-hci_event-fix-using-memcmp-when-comparing-.patch new file mode 100644 index 00000000000..0c3a220cbc9 --- /dev/null +++ b/queue-5.4/bluetooth-hci_event-fix-using-memcmp-when-comparing-.patch @@ -0,0 +1,74 @@ +From 25dd7a7ff6f5d73f23cf5383713b4173ada706cd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 5 Oct 2023 13:59:59 -0700 +Subject: Bluetooth: hci_event: Fix using memcmp when comparing keys + +From: Luiz Augusto von Dentz + +[ Upstream commit b541260615f601ae1b5d6d0cc54e790de706303b ] + +memcmp is not consider safe to use with cryptographic secrets: + + 'Do not use memcmp() to compare security critical data, such as + cryptographic secrets, because the required CPU time depends on the + number of equal bytes.' + +While usage of memcmp for ZERO_KEY may not be considered a security +critical data, it can lead to more usage of memcmp with pairing keys +which could introduce more security problems. + +Fixes: 455c2ff0a558 ("Bluetooth: Fix BR/EDR out-of-band pairing with only initiator data") +Fixes: 33155c4aae52 ("Bluetooth: hci_event: Ignore NULL link key") +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Sasha Levin +--- + net/bluetooth/hci_event.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index 0fe01b543b185..f182a7d3e44cf 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -25,6 +25,8 @@ + /* Bluetooth HCI event handling. */ + + #include ++#include ++#include + + #include + #include +@@ -3946,7 +3948,7 @@ static void hci_link_key_notify_evt(struct hci_dev *hdev, struct sk_buff *skb) + goto unlock; + + /* Ignore NULL link key against CVE-2020-26555 */ +- if (!memcmp(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) { ++ if (!crypto_memneq(ev->link_key, ZERO_KEY, HCI_LINK_KEY_SIZE)) { + bt_dev_dbg(hdev, "Ignore NULL link key (ZERO KEY) for %pMR", + &ev->bdaddr); + hci_disconnect(conn, HCI_ERROR_AUTH_FAILURE); +@@ -4445,8 +4447,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) + * available, then do not declare that OOB data is + * present. + */ +- if (!memcmp(data->rand256, ZERO_KEY, 16) || +- !memcmp(data->hash256, ZERO_KEY, 16)) ++ if (!crypto_memneq(data->rand256, ZERO_KEY, 16) || ++ !crypto_memneq(data->hash256, ZERO_KEY, 16)) + return 0x00; + + return 0x02; +@@ -4456,8 +4458,8 @@ static u8 bredr_oob_data_present(struct hci_conn *conn) + * not supported by the hardware, then check that if + * P-192 data values are present. + */ +- if (!memcmp(data->rand192, ZERO_KEY, 16) || +- !memcmp(data->hash192, ZERO_KEY, 16)) ++ if (!crypto_memneq(data->rand192, ZERO_KEY, 16) || ++ !crypto_memneq(data->hash192, ZERO_KEY, 16)) + return 0x00; + + return 0x01; +-- +2.40.1 + diff --git a/queue-5.4/btrfs-fix-some-wmaybe-uninitialized-warnings-in-ioct.patch b/queue-5.4/btrfs-fix-some-wmaybe-uninitialized-warnings-in-ioct.patch new file mode 100644 index 00000000000..043cfa7de57 --- /dev/null +++ b/queue-5.4/btrfs-fix-some-wmaybe-uninitialized-warnings-in-ioct.patch @@ -0,0 +1,106 @@ +From 4b16877e221cc4c3f1dc55966ad9aab2e0e670f8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Sep 2023 15:47:27 -0400 +Subject: btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Josef Bacik + +[ Upstream commit 9147b9ded499d9853bdf0e9804b7eaa99c4429ed ] + +Jens reported the following warnings from -Wmaybe-uninitialized recent +Linus' branch. + + In file included from ./include/asm-generic/rwonce.h:26, + from ./arch/arm64/include/asm/rwonce.h:71, + from ./include/linux/compiler.h:246, + from ./include/linux/export.h:5, + from ./include/linux/linkage.h:7, + from ./include/linux/kernel.h:17, + from fs/btrfs/ioctl.c:6: + In function ‘instrument_copy_from_user_before’, + inlined from ‘_copy_from_user’ at ./include/linux/uaccess.h:148:3, + inlined from ‘copy_from_user’ at ./include/linux/uaccess.h:183:7, + inlined from ‘btrfs_ioctl_space_info’ at fs/btrfs/ioctl.c:2999:6, + inlined from ‘btrfs_ioctl’ at fs/btrfs/ioctl.c:4616:10: + ./include/linux/kasan-checks.h:38:27: warning: ‘space_args’ may be used + uninitialized [-Wmaybe-uninitialized] + 38 | #define kasan_check_write __kasan_check_write + ./include/linux/instrumented.h:129:9: note: in expansion of macro + ‘kasan_check_write’ + 129 | kasan_check_write(to, n); + | ^~~~~~~~~~~~~~~~~ + ./include/linux/kasan-checks.h: In function ‘btrfs_ioctl’: + ./include/linux/kasan-checks.h:20:6: note: by argument 1 of type ‘const + volatile void *’ to ‘__kasan_check_write’ declared here + 20 | bool __kasan_check_write(const volatile void *p, unsigned int + size); + | ^~~~~~~~~~~~~~~~~~~ + fs/btrfs/ioctl.c:2981:39: note: ‘space_args’ declared here + 2981 | struct btrfs_ioctl_space_args space_args; + | ^~~~~~~~~~ + In function ‘instrument_copy_from_user_before’, + inlined from ‘_copy_from_user’ at ./include/linux/uaccess.h:148:3, + inlined from ‘copy_from_user’ at ./include/linux/uaccess.h:183:7, + inlined from ‘_btrfs_ioctl_send’ at fs/btrfs/ioctl.c:4343:9, + inlined from ‘btrfs_ioctl’ at fs/btrfs/ioctl.c:4658:10: + ./include/linux/kasan-checks.h:38:27: warning: ‘args32’ may be used + uninitialized [-Wmaybe-uninitialized] + 38 | #define kasan_check_write __kasan_check_write + ./include/linux/instrumented.h:129:9: note: in expansion of macro + ‘kasan_check_write’ + 129 | kasan_check_write(to, n); + | ^~~~~~~~~~~~~~~~~ + ./include/linux/kasan-checks.h: In function ‘btrfs_ioctl’: + ./include/linux/kasan-checks.h:20:6: note: by argument 1 of type ‘const + volatile void *’ to ‘__kasan_check_write’ declared here + 20 | bool __kasan_check_write(const volatile void *p, unsigned int + size); + | ^~~~~~~~~~~~~~~~~~~ + fs/btrfs/ioctl.c:4341:49: note: ‘args32’ declared here + 4341 | struct btrfs_ioctl_send_args_32 args32; + | ^~~~~~ + +This was due to his config options and having KASAN turned on, +which adds some extra checks around copy_from_user(), which then +triggered the -Wmaybe-uninitialized checker for these cases. + +Fix the warnings by initializing the different structs we're copying +into. + +Reported-by: Jens Axboe +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/ioctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c +index 1197dfdfebbf6..775245b148bb3 100644 +--- a/fs/btrfs/ioctl.c ++++ b/fs/btrfs/ioctl.c +@@ -4143,7 +4143,7 @@ static void get_block_group_info(struct list_head *groups_list, + static long btrfs_ioctl_space_info(struct btrfs_fs_info *fs_info, + void __user *arg) + { +- struct btrfs_ioctl_space_args space_args; ++ struct btrfs_ioctl_space_args space_args = { 0 }; + struct btrfs_ioctl_space_info space; + struct btrfs_ioctl_space_info *dest; + struct btrfs_ioctl_space_info *dest_orig; +@@ -5515,7 +5515,7 @@ static int _btrfs_ioctl_send(struct file *file, void __user *argp, bool compat) + + if (compat) { + #if defined(CONFIG_64BIT) && defined(CONFIG_COMPAT) +- struct btrfs_ioctl_send_args_32 args32; ++ struct btrfs_ioctl_send_args_32 args32 = { 0 }; + + ret = copy_from_user(&args32, argp, sizeof(args32)); + if (ret) +-- +2.40.1 + diff --git a/queue-5.4/btrfs-initialize-start_slot-in-btrfs_log_prealloc_ex.patch b/queue-5.4/btrfs-initialize-start_slot-in-btrfs_log_prealloc_ex.patch new file mode 100644 index 00000000000..615dcaba271 --- /dev/null +++ b/queue-5.4/btrfs-initialize-start_slot-in-btrfs_log_prealloc_ex.patch @@ -0,0 +1,57 @@ +From 36424ad6f74cc330ae8c12d1afded8b2f8186139 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 5 Sep 2023 12:15:24 -0400 +Subject: btrfs: initialize start_slot in btrfs_log_prealloc_extents +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Josef Bacik + +[ Upstream commit b4c639f699349880b7918b861e1bd360442ec450 ] + +Jens reported a compiler warning when using +CONFIG_CC_OPTIMIZE_FOR_SIZE=y that looks like this + + fs/btrfs/tree-log.c: In function ‘btrfs_log_prealloc_extents’: + fs/btrfs/tree-log.c:4828:23: warning: ‘start_slot’ may be used + uninitialized [-Wmaybe-uninitialized] + 4828 | ret = copy_items(trans, inode, dst_path, path, + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + 4829 | start_slot, ins_nr, 1, 0); + | ~~~~~~~~~~~~~~~~~~~~~~~~~ + fs/btrfs/tree-log.c:4725:13: note: ‘start_slot’ was declared here + 4725 | int start_slot; + | ^~~~~~~~~~ + +The compiler is incorrect, as we only use this code when ins_len > 0, +and when ins_len > 0 we have start_slot properly initialized. However +we generally find the -Wmaybe-uninitialized warnings valuable, so +initialize start_slot to get rid of the warning. + +Reported-by: Jens Axboe +Tested-by: Jens Axboe +Signed-off-by: Josef Bacik +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/tree-log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c +index 926b1d34e55cc..f75333d7b78a5 100644 +--- a/fs/btrfs/tree-log.c ++++ b/fs/btrfs/tree-log.c +@@ -4283,7 +4283,7 @@ static int btrfs_log_prealloc_extents(struct btrfs_trans_handle *trans, + struct extent_buffer *leaf; + int slot; + int ins_nr = 0; +- int start_slot; ++ int start_slot = 0; + int ret; + + if (!(inode->flags & BTRFS_INODE_PREALLOC)) +-- +2.40.1 + diff --git a/queue-5.4/btrfs-return-euclean-for-delayed-tree-ref-with-a-ref.patch b/queue-5.4/btrfs-return-euclean-for-delayed-tree-ref-with-a-ref.patch new file mode 100644 index 00000000000..69dfb6eede0 --- /dev/null +++ b/queue-5.4/btrfs-return-euclean-for-delayed-tree-ref-with-a-ref.patch @@ -0,0 +1,51 @@ +From b598ac0cf3f46c5710f9924c097d8980c1d032c1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 8 Sep 2023 18:20:23 +0100 +Subject: btrfs: return -EUCLEAN for delayed tree ref with a ref count not + equals to 1 + +From: Filipe Manana + +[ Upstream commit 1bf76df3fee56d6637718e267f7c34ed70d0c7dc ] + +When running a delayed tree reference, if we find a ref count different +from 1, we return -EIO. This isn't an IO error, as it indicates either a +bug in the delayed refs code or a memory corruption, so change the error +code from -EIO to -EUCLEAN. Also tag the branch as 'unlikely' as this is +not expected to ever happen, and change the error message to print the +tree block's bytenr without the parenthesis (and there was a missing space +between the 'block' word and the opening parenthesis), for consistency as +that's the style we used everywhere else. + +Reviewed-by: Josef Bacik +Signed-off-by: Filipe Manana +Reviewed-by: David Sterba +Signed-off-by: David Sterba +Signed-off-by: Sasha Levin +--- + fs/btrfs/extent-tree.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c +index a9191a0d2f4c9..f47316edcf423 100644 +--- a/fs/btrfs/extent-tree.c ++++ b/fs/btrfs/extent-tree.c +@@ -1681,12 +1681,12 @@ static int run_delayed_tree_ref(struct btrfs_trans_handle *trans, + parent = ref->parent; + ref_root = ref->root; + +- if (node->ref_mod != 1) { ++ if (unlikely(node->ref_mod != 1)) { + btrfs_err(trans->fs_info, +- "btree block(%llu) has %d references rather than 1: action %d ref_root %llu parent %llu", ++ "btree block %llu has %d references rather than 1: action %d ref_root %llu parent %llu", + node->bytenr, node->ref_mod, node->action, ref_root, + parent); +- return -EIO; ++ return -EUCLEAN; + } + if (node->action == BTRFS_ADD_DELAYED_REF && insert_reserved) { + BUG_ON(!extent_op || !extent_op->update_flags); +-- +2.40.1 + diff --git a/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-one-mix-2.patch b/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-one-mix-2.patch new file mode 100644 index 00000000000..5649294d5c6 --- /dev/null +++ b/queue-5.4/drm-panel-orientation-quirks-add-quirk-for-one-mix-2.patch @@ -0,0 +1,59 @@ +From f093c6b3ad60f6bc704afd6c8739f8681678ed99 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 1 Oct 2023 13:47:10 +0200 +Subject: drm: panel-orientation-quirks: Add quirk for One Mix 2S + +From: Kai Uwe Broulik + +[ Upstream commit cbb7eb2dbd9472816e42a1b0fdb51af49abbf812 ] + +The One Mix 2S is a mini laptop with a 1200x1920 portrait screen +mounted in a landscape oriented clamshell case. Because of the too +generic DMI strings this entry is also doing bios-date matching. + +Signed-off-by: Kai Uwe Broulik +Reviewed-by: Hans de Goede +Signed-off-by: Liviu Dudau +Link: https://patchwork.freedesktop.org/patch/msgid/20231001114710.336172-1-foss-linux@broulik.de +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/drm_panel_orientation_quirks.c | 16 ++++++++++++++++ + 1 file changed, 16 insertions(+) + +diff --git a/drivers/gpu/drm/drm_panel_orientation_quirks.c b/drivers/gpu/drm/drm_panel_orientation_quirks.c +index 6106fa7c43028..43de9dfcba19a 100644 +--- a/drivers/gpu/drm/drm_panel_orientation_quirks.c ++++ b/drivers/gpu/drm/drm_panel_orientation_quirks.c +@@ -44,6 +44,14 @@ static const struct drm_dmi_panel_orientation_data gpd_micropc = { + .orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP, + }; + ++static const struct drm_dmi_panel_orientation_data gpd_onemix2s = { ++ .width = 1200, ++ .height = 1920, ++ .bios_dates = (const char * const []){ "05/21/2018", "10/26/2018", ++ "03/04/2019", NULL }, ++ .orientation = DRM_MODE_PANEL_ORIENTATION_RIGHT_UP, ++}; ++ + static const struct drm_dmi_panel_orientation_data gpd_pocket = { + .width = 1200, + .height = 1920, +@@ -329,6 +337,14 @@ static const struct dmi_system_id orientation_data[] = { + DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "LTH17"), + }, + .driver_data = (void *)&lcd800x1280_rightside_up, ++ }, { /* One Mix 2S (generic strings, also match on bios date) */ ++ .matches = { ++ DMI_EXACT_MATCH(DMI_SYS_VENDOR, "Default string"), ++ DMI_EXACT_MATCH(DMI_PRODUCT_NAME, "Default string"), ++ DMI_EXACT_MATCH(DMI_BOARD_VENDOR, "Default string"), ++ DMI_EXACT_MATCH(DMI_BOARD_NAME, "Default string"), ++ }, ++ .driver_data = (void *)&gpd_onemix2s, + }, + {} + }; +-- +2.40.1 + diff --git a/queue-5.4/gpio-timberdale-fix-potential-deadlock-on-tgpio-lock.patch b/queue-5.4/gpio-timberdale-fix-potential-deadlock-on-tgpio-lock.patch new file mode 100644 index 00000000000..5c0c5955764 --- /dev/null +++ b/queue-5.4/gpio-timberdale-fix-potential-deadlock-on-tgpio-lock.patch @@ -0,0 +1,64 @@ +From 39f6dfad57334bd021dae72a58300259b999fe70 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 26 Sep 2023 10:29:14 +0000 +Subject: gpio: timberdale: Fix potential deadlock on &tgpio->lock + +From: Chengfeng Ye + +[ Upstream commit 9e8bc2dda5a7a8e2babc9975f4b11c9a6196e490 ] + +As timbgpio_irq_enable()/timbgpio_irq_disable() callback could be +executed under irq context, it could introduce double locks on +&tgpio->lock if it preempts other execution units requiring +the same locks. + +timbgpio_gpio_set() +--> timbgpio_update_bit() +--> spin_lock(&tgpio->lock) + + --> timbgpio_irq_disable() + --> spin_lock_irqsave(&tgpio->lock) + +This flaw was found by an experimental static analysis tool I am +developing for irq-related deadlock. + +To prevent the potential deadlock, the patch uses spin_lock_irqsave() +on &tgpio->lock inside timbgpio_gpio_set() to prevent the possible +deadlock scenario. + +Signed-off-by: Chengfeng Ye +Reviewed-by: Andy Shevchenko +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpio-timberdale.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpio/gpio-timberdale.c b/drivers/gpio/gpio-timberdale.c +index de14949a3fe5a..92c1f2baa4bff 100644 +--- a/drivers/gpio/gpio-timberdale.c ++++ b/drivers/gpio/gpio-timberdale.c +@@ -43,9 +43,10 @@ static int timbgpio_update_bit(struct gpio_chip *gpio, unsigned index, + unsigned offset, bool enabled) + { + struct timbgpio *tgpio = gpiochip_get_data(gpio); ++ unsigned long flags; + u32 reg; + +- spin_lock(&tgpio->lock); ++ spin_lock_irqsave(&tgpio->lock, flags); + reg = ioread32(tgpio->membase + offset); + + if (enabled) +@@ -54,7 +55,7 @@ static int timbgpio_update_bit(struct gpio_chip *gpio, unsigned index, + reg &= ~(1 << index); + + iowrite32(reg, tgpio->membase + offset); +- spin_unlock(&tgpio->lock); ++ spin_unlock_irqrestore(&tgpio->lock, flags); + + return 0; + } +-- +2.40.1 + diff --git a/queue-5.4/hid-holtek-fix-slab-out-of-bounds-write-in-holtek_kb.patch b/queue-5.4/hid-holtek-fix-slab-out-of-bounds-write-in-holtek_kb.patch new file mode 100644 index 00000000000..61afd3fc40b --- /dev/null +++ b/queue-5.4/hid-holtek-fix-slab-out-of-bounds-write-in-holtek_kb.patch @@ -0,0 +1,40 @@ +From 325e1cdbac5d81f2cbdc78efa7dd8823c4ac644c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 18 Sep 2023 10:40:59 +0800 +Subject: HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event + +From: Ma Ke + +[ Upstream commit ffe3b7837a2bb421df84d0177481db9f52c93a71 ] + +There is a slab-out-of-bounds Write bug in hid-holtek-kbd driver. +The problem is the driver assumes the device must have an input +but some malicious devices violate this assumption. + +Fix this by checking hid_device's input is non-empty before its usage. + +Signed-off-by: Ma Ke +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-holtek-kbd.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/hid/hid-holtek-kbd.c b/drivers/hid/hid-holtek-kbd.c +index 403506b9697e7..b346d68a06f5a 100644 +--- a/drivers/hid/hid-holtek-kbd.c ++++ b/drivers/hid/hid-holtek-kbd.c +@@ -130,6 +130,10 @@ static int holtek_kbd_input_event(struct input_dev *dev, unsigned int type, + return -ENODEV; + + boot_hid = usb_get_intfdata(boot_interface); ++ if (list_empty(&boot_hid->inputs)) { ++ hid_err(hid, "no inputs found\n"); ++ return -ENODEV; ++ } + boot_hid_input = list_first_entry(&boot_hid->inputs, + struct hid_input, list); + +-- +2.40.1 + diff --git a/queue-5.4/hid-multitouch-add-required-quirk-for-synaptics-0xcd.patch b/queue-5.4/hid-multitouch-add-required-quirk-for-synaptics-0xcd.patch new file mode 100644 index 00000000000..4fa72498ca5 --- /dev/null +++ b/queue-5.4/hid-multitouch-add-required-quirk-for-synaptics-0xcd.patch @@ -0,0 +1,39 @@ +From bf165662e1c2989628ddda89af2dd4089f7f2f40 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 17 Sep 2023 16:18:43 +0000 +Subject: HID: multitouch: Add required quirk for Synaptics 0xcd7e device + +From: Rahul Rameshbabu + +[ Upstream commit 1437e4547edf41689d7135faaca4222ef0081bc1 ] + +Register the Synaptics device as a special multitouch device with certain +quirks that may improve usability of the touchpad device. + +Reported-by: Rain +Closes: https://lore.kernel.org/linux-input/2bbb8e1d-1793-4df1-810f-cb0137341ff4@app.fastmail.com/ +Signed-off-by: Rahul Rameshbabu +Signed-off-by: Jiri Kosina +Signed-off-by: Sasha Levin +--- + drivers/hid/hid-multitouch.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c +index 0893b31e6f102..590b25460456b 100644 +--- a/drivers/hid/hid-multitouch.c ++++ b/drivers/hid/hid-multitouch.c +@@ -2081,6 +2081,10 @@ static const struct hid_device_id mt_devices[] = { + USB_DEVICE_ID_MTP_STM)}, + + /* Synaptics devices */ ++ { .driver_data = MT_CLS_WIN_8_FORCE_MULTI_INPUT, ++ HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8, ++ USB_VENDOR_ID_SYNAPTICS, 0xcd7e) }, ++ + { .driver_data = MT_CLS_WIN_8_FORCE_MULTI_INPUT, + HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8, + USB_VENDOR_ID_SYNAPTICS, 0xce08) }, +-- +2.40.1 + diff --git a/queue-5.4/i2c-mux-avoid-potential-false-error-message-in-i2c_m.patch b/queue-5.4/i2c-mux-avoid-potential-false-error-message-in-i2c_m.patch new file mode 100644 index 00000000000..caf0ae83ac4 --- /dev/null +++ b/queue-5.4/i2c-mux-avoid-potential-false-error-message-in-i2c_m.patch @@ -0,0 +1,37 @@ +From 4f8c8c7a813e0a2c977064b9aa1b4d94333b27e1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 23 Sep 2023 23:54:06 +0200 +Subject: i2c: mux: Avoid potential false error message in i2c_mux_add_adapter + +From: Heiner Kallweit + +[ Upstream commit b13e59e74ff71a1004e0508107e91e9a84fd7388 ] + +I2C_CLASS_DEPRECATED is a flag and not an actual class. +There's nothing speaking against both, parent and child, having +I2C_CLASS_DEPRECATED set. Therefore exclude it from the check. + +Signed-off-by: Heiner Kallweit +Acked-by: Peter Rosin +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/i2c-mux.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c +index 774507b54b57b..c90cec8d9656d 100644 +--- a/drivers/i2c/i2c-mux.c ++++ b/drivers/i2c/i2c-mux.c +@@ -340,7 +340,7 @@ int i2c_mux_add_adapter(struct i2c_mux_core *muxc, + priv->adap.lock_ops = &i2c_parent_lock_ops; + + /* Sanity check on class */ +- if (i2c_mux_parent_classes(parent) & class) ++ if (i2c_mux_parent_classes(parent) & class & ~I2C_CLASS_DEPRECATED) + dev_err(&parent->dev, + "Segment %d behind mux can't share classes with ancestors\n", + chan_id); +-- +2.40.1 + diff --git a/queue-5.4/overlayfs-set-ctime-when-setting-mtime-and-atime.patch b/queue-5.4/overlayfs-set-ctime-when-setting-mtime-and-atime.patch new file mode 100644 index 00000000000..403ddcd055f --- /dev/null +++ b/queue-5.4/overlayfs-set-ctime-when-setting-mtime-and-atime.patch @@ -0,0 +1,47 @@ +From d84da84ff4b0a514b56857ecc07aaec8ea2ff30d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 13 Sep 2023 09:33:12 -0400 +Subject: overlayfs: set ctime when setting mtime and atime + +From: Jeff Layton + +[ Upstream commit 03dbab3bba5f009d053635c729d1244f2c8bad38 ] + +Nathan reported that he was seeing the new warning in +setattr_copy_mgtime pop when starting podman containers. Overlayfs is +trying to set the atime and mtime via notify_change without also +setting the ctime. + +POSIX states that when the atime and mtime are updated via utimes() that +we must also update the ctime to the current time. The situation with +overlayfs copy-up is analogies, so add ATTR_CTIME to the bitmask. +notify_change will fill in the value. + +Reported-by: Nathan Chancellor +Signed-off-by: Jeff Layton +Tested-by: Nathan Chancellor +Acked-by: Christian Brauner +Acked-by: Amir Goldstein +Message-Id: <20230913-ctime-v1-1-c6bc509cbc27@kernel.org> +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + fs/overlayfs/copy_up.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c +index 1bfd1660a66c0..9e5223108362d 100644 +--- a/fs/overlayfs/copy_up.c ++++ b/fs/overlayfs/copy_up.c +@@ -192,7 +192,7 @@ static int ovl_set_timestamps(struct dentry *upperdentry, struct kstat *stat) + { + struct iattr attr = { + .ia_valid = +- ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET, ++ ATTR_ATIME | ATTR_MTIME | ATTR_ATIME_SET | ATTR_MTIME_SET | ATTR_CTIME, + .ia_atime = stat->atime, + .ia_mtime = stat->mtime, + }; +-- +2.40.1 + diff --git a/queue-5.4/regulator-core-revert-fix-kobject-release-warning-an.patch b/queue-5.4/regulator-core-revert-fix-kobject-release-warning-an.patch new file mode 100644 index 00000000000..d8998c5d90e --- /dev/null +++ b/queue-5.4/regulator-core-revert-fix-kobject-release-warning-an.patch @@ -0,0 +1,50 @@ +From 032cd143c32df10d694d53879b044bdd2950807f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Sep 2023 00:50:27 +0200 +Subject: regulator/core: Revert "fix kobject release warning and memory leak + in regulator_register()" +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Michał Mirosław + +[ Upstream commit 6e800968f6a715c0661716d2ec5e1f56ed9f9c08 ] + +This reverts commit 5f4b204b6b8153923d5be8002c5f7082985d153f. + +Since rdev->dev now has a release() callback, the proper way of freeing +the initialized device can be restored. + +Signed-off-by: Michał Mirosław +Link: https://lore.kernel.org/r/d7f469f3f7b1f0e1d52f9a7ede3f3c5703382090.1695077303.git.mirq-linux@rere.qmqm.pl +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + drivers/regulator/core.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/drivers/regulator/core.c b/drivers/regulator/core.c +index fe4b666edd037..87d0cd6f49ca9 100644 +--- a/drivers/regulator/core.c ++++ b/drivers/regulator/core.c +@@ -5351,15 +5351,11 @@ regulator_register(const struct regulator_desc *regulator_desc, + mutex_lock(®ulator_list_mutex); + regulator_ena_gpio_free(rdev); + mutex_unlock(®ulator_list_mutex); +- put_device(&rdev->dev); +- rdev = NULL; + clean: + if (dangling_of_gpiod) + gpiod_put(config->ena_gpiod); +- if (rdev && rdev->dev.of_node) +- of_node_put(rdev->dev.of_node); +- kfree(rdev); + kfree(config); ++ put_device(&rdev->dev); + rinse: + if (dangling_cfg_gpiod) + gpiod_put(cfg->ena_gpiod); +-- +2.40.1 + diff --git a/queue-5.4/resource-add-irqresource_disabled.patch b/queue-5.4/resource-add-irqresource_disabled.patch new file mode 100644 index 00000000000..f53810378a7 --- /dev/null +++ b/queue-5.4/resource-add-irqresource_disabled.patch @@ -0,0 +1,44 @@ +From d45ff9815c50d3f507dfd3ebf3846bda5a2bd6b2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 2 Dec 2020 18:36:54 +0800 +Subject: resource: Add irqresource_disabled() + +From: John Garry + +[ Upstream commit 9806731db684a475ade1e95d166089b9edbd9da3 ] + +Add a common function to set the fields for a irq resource to disabled, +which mimics what is done in acpi_dev_irqresource_disabled(), with a view +to replace that function. + +Signed-off-by: John Garry +Signed-off-by: Marc Zyngier +Reviewed-by: Rafael J. Wysocki +Link: https://lore.kernel.org/r/1606905417-183214-3-git-send-email-john.garry@huawei.com +Stable-dep-of: c1ed72171ed5 ("ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA") +Signed-off-by: Sasha Levin +--- + include/linux/ioport.h | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/include/linux/ioport.h b/include/linux/ioport.h +index fdc201d614607..d94db8d6df52a 100644 +--- a/include/linux/ioport.h ++++ b/include/linux/ioport.h +@@ -300,6 +300,13 @@ struct resource *devm_request_free_mem_region(struct device *dev, + struct resource *request_free_mem_region(struct resource *base, + unsigned long size, const char *name); + ++static inline void irqresource_disabled(struct resource *res, u32 irq) ++{ ++ res->start = irq; ++ res->end = irq; ++ res->flags = IORESOURCE_IRQ | IORESOURCE_DISABLED | IORESOURCE_UNSET; ++} ++ + #ifdef CONFIG_IO_STRICT_DEVMEM + void revoke_devmem(struct resource *res); + #else +-- +2.40.1 + diff --git a/queue-5.4/series b/queue-5.4/series index 51f0aa0bb1c..d99badf8632 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -71,3 +71,32 @@ net-sched-sch_hfsc-upgrade-rt-to-sc-when-it-becomes-a-inner-curve.patch neighbor-tracing-move-pin6-inside-config_ipv6-y-section.patch netfilter-nft_set_rbtree-.deactivate-fails-if-element-has-expired.patch net-pktgen-fix-interface-flags-printing.patch +resource-add-irqresource_disabled.patch +acpi-drop-acpi_dev_irqresource_disabled.patch +acpi-resources-add-dmi-based-legacy-irq-override-qui.patch +acpi-resource-skip-irq-override-on-asus-vivobook-k34.patch +acpi-resource-add-asus-model-s5402za-to-quirks.patch +acpi-resource-skip-irq-override-on-asus-vivobook-s56.patch +acpi-resource-add-asus-expertbook-b2502-to-asus-quir.patch +acpi-resource-skip-irq-override-on-asus-expertbook-b.patch +acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-28910 +acpi-resource-skip-irq-override-on-asus-expertbook-b.patch-27870 +arm-dts-ti-omap-fix-noisy-serial-with-overrun-thrott.patch +btrfs-return-euclean-for-delayed-tree-ref-with-a-ref.patch +btrfs-initialize-start_slot-in-btrfs_log_prealloc_ex.patch +i2c-mux-avoid-potential-false-error-message-in-i2c_m.patch +overlayfs-set-ctime-when-setting-mtime-and-atime.patch +gpio-timberdale-fix-potential-deadlock-on-tgpio-lock.patch +ata-libata-eh-fix-compilation-warning-in-ata_eh_link.patch +tracing-relax-trace_event_eval_update-execution-with.patch +hid-holtek-fix-slab-out-of-bounds-write-in-holtek_kb.patch +bluetooth-avoid-redundant-authentication.patch +bluetooth-hci_core-fix-build-warnings.patch +wifi-mac80211-allow-transmitting-eapol-frames-with-t.patch +wifi-cfg80211-avoid-leaking-stack-data-into-trace.patch +regulator-core-revert-fix-kobject-release-warning-an.patch +sky2-make-sure-there-is-at-least-one-frag_addr-avail.patch +drm-panel-orientation-quirks-add-quirk-for-one-mix-2.patch +btrfs-fix-some-wmaybe-uninitialized-warnings-in-ioct.patch +hid-multitouch-add-required-quirk-for-synaptics-0xcd.patch +bluetooth-hci_event-fix-using-memcmp-when-comparing-.patch diff --git a/queue-5.4/sky2-make-sure-there-is-at-least-one-frag_addr-avail.patch b/queue-5.4/sky2-make-sure-there-is-at-least-one-frag_addr-avail.patch new file mode 100644 index 00000000000..676bfe2ec3f --- /dev/null +++ b/queue-5.4/sky2-make-sure-there-is-at-least-one-frag_addr-avail.patch @@ -0,0 +1,73 @@ +From d10ca92704a113d31b873d1f04843bc041f72852 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 22 Sep 2023 09:50:39 -0700 +Subject: sky2: Make sure there is at least one frag_addr available + +From: Kees Cook + +[ Upstream commit 6a70e5cbedaf8ad10528ac9ac114f3ec20f422df ] + +In the pathological case of building sky2 with 16k PAGE_SIZE, the +frag_addr[] array would never be used, so the original code was correct +that size should be 0. But the compiler now gets upset with 0 size arrays +in places where it hasn't eliminated the code that might access such an +array (it can't figure out that in this case an rx skb with fragments +would never be created). To keep the compiler happy, make sure there is +at least 1 frag_addr in struct rx_ring_info: + + In file included from include/linux/skbuff.h:28, + from include/net/net_namespace.h:43, + from include/linux/netdevice.h:38, + from drivers/net/ethernet/marvell/sky2.c:18: + drivers/net/ethernet/marvell/sky2.c: In function 'sky2_rx_unmap_skb': + include/linux/dma-mapping.h:416:36: warning: array subscript i is outside array bounds of 'dma_addr_t[0]' {aka 'long long unsigned int[]'} [-Warray-bounds=] + 416 | #define dma_unmap_page(d, a, s, r) dma_unmap_page_attrs(d, a, s, r, 0) + | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + drivers/net/ethernet/marvell/sky2.c:1257:17: note: in expansion of macro 'dma_unmap_page' + 1257 | dma_unmap_page(&pdev->dev, re->frag_addr[i], + | ^~~~~~~~~~~~~~ + In file included from drivers/net/ethernet/marvell/sky2.c:41: + drivers/net/ethernet/marvell/sky2.h:2198:25: note: while referencing 'frag_addr' + 2198 | dma_addr_t frag_addr[ETH_JUMBO_MTU >> PAGE_SHIFT]; + | ^~~~~~~~~ + +With CONFIG_PAGE_SIZE_16KB=y, PAGE_SHIFT == 14, so: + + #define ETH_JUMBO_MTU 9000 + +causes "ETH_JUMBO_MTU >> PAGE_SHIFT" to be 0. Use "?: 1" to solve this build warning. + +Cc: Mirko Lindner +Cc: Stephen Hemminger +Cc: "David S. Miller" +Cc: Eric Dumazet +Cc: Jakub Kicinski +Cc: Paolo Abeni +Cc: netdev@vger.kernel.org +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202309191958.UBw1cjXk-lkp@intel.com/ +Reviewed-by: Alexander Lobakin +Signed-off-by: Kees Cook +Reviewed-by: Gustavo A. R. Silva +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/marvell/sky2.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/sky2.h b/drivers/net/ethernet/marvell/sky2.h +index b02b6523083ce..99451585a45f2 100644 +--- a/drivers/net/ethernet/marvell/sky2.h ++++ b/drivers/net/ethernet/marvell/sky2.h +@@ -2201,7 +2201,7 @@ struct rx_ring_info { + struct sk_buff *skb; + dma_addr_t data_addr; + DEFINE_DMA_UNMAP_LEN(data_size); +- dma_addr_t frag_addr[ETH_JUMBO_MTU >> PAGE_SHIFT]; ++ dma_addr_t frag_addr[ETH_JUMBO_MTU >> PAGE_SHIFT ?: 1]; + }; + + enum flow_control { +-- +2.40.1 + diff --git a/queue-5.4/tracing-relax-trace_event_eval_update-execution-with.patch b/queue-5.4/tracing-relax-trace_event_eval_update-execution-with.patch new file mode 100644 index 00000000000..bf1f357bc37 --- /dev/null +++ b/queue-5.4/tracing-relax-trace_event_eval_update-execution-with.patch @@ -0,0 +1,55 @@ +From d6f649ba7076f600f26de25b7302cf163c058d92 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 29 Sep 2023 21:16:37 +0200 +Subject: tracing: relax trace_event_eval_update() execution with + cond_resched() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Clément Léger + +[ Upstream commit 23cce5f25491968b23fb9c399bbfb25f13870cd9 ] + +When kernel is compiled without preemption, the eval_map_work_func() +(which calls trace_event_eval_update()) will not be preempted up to its +complete execution. This can actually cause a problem since if another +CPU call stop_machine(), the call will have to wait for the +eval_map_work_func() function to finish executing in the workqueue +before being able to be scheduled. This problem was observe on a SMP +system at boot time, when the CPU calling the initcalls executed +clocksource_done_booting() which in the end calls stop_machine(). We +observed a 1 second delay because one CPU was executing +eval_map_work_func() and was not preempted by the stop_machine() task. + +Adding a call to cond_resched() in trace_event_eval_update() allows +other tasks to be executed and thus continue working asynchronously +like before without blocking any pending task at boot time. + +Link: https://lore.kernel.org/linux-trace-kernel/20230929191637.416931-1-cleger@rivosinc.com + +Cc: Masami Hiramatsu +Signed-off-by: Clément Léger +Tested-by: Atish Patra +Reviewed-by: Atish Patra +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/trace_events.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c +index 51adf0817ef3a..4f42dd0880796 100644 +--- a/kernel/trace/trace_events.c ++++ b/kernel/trace/trace_events.c +@@ -2236,6 +2236,7 @@ void trace_event_eval_update(struct trace_eval_map **map, int len) + update_event_printk(call, map[i]); + } + } ++ cond_resched(); + } + up_write(&trace_event_sem); + } +-- +2.40.1 + diff --git a/queue-5.4/wifi-cfg80211-avoid-leaking-stack-data-into-trace.patch b/queue-5.4/wifi-cfg80211-avoid-leaking-stack-data-into-trace.patch new file mode 100644 index 00000000000..60faf222bdc --- /dev/null +++ b/queue-5.4/wifi-cfg80211-avoid-leaking-stack-data-into-trace.patch @@ -0,0 +1,38 @@ +From f71b6763b7f7bd21819edee769ae2e2fd8dfec79 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 25 Sep 2023 17:18:56 +0200 +Subject: wifi: cfg80211: avoid leaking stack data into trace + +From: Benjamin Berg + +[ Upstream commit 334bf33eec5701a1e4e967bcb7cc8611a998334b ] + +If the structure is not initialized then boolean types might be copied +into the tracing data without being initialised. This causes data from +the stack to leak into the trace and also triggers a UBSAN failure which +can easily be avoided here. + +Signed-off-by: Benjamin Berg +Link: https://lore.kernel.org/r/20230925171855.a9271ef53b05.I8180bae663984c91a3e036b87f36a640ba409817@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/wireless/nl80211.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c +index 8459f5b6002e1..0926a30bc7391 100644 +--- a/net/wireless/nl80211.c ++++ b/net/wireless/nl80211.c +@@ -6914,7 +6914,7 @@ static int nl80211_update_mesh_config(struct sk_buff *skb, + struct cfg80211_registered_device *rdev = info->user_ptr[0]; + struct net_device *dev = info->user_ptr[1]; + struct wireless_dev *wdev = dev->ieee80211_ptr; +- struct mesh_config cfg; ++ struct mesh_config cfg = {}; + u32 mask; + int err; + +-- +2.40.1 + diff --git a/queue-5.4/wifi-mac80211-allow-transmitting-eapol-frames-with-t.patch b/queue-5.4/wifi-mac80211-allow-transmitting-eapol-frames-with-t.patch new file mode 100644 index 00000000000..e31f3d80d31 --- /dev/null +++ b/queue-5.4/wifi-mac80211-allow-transmitting-eapol-frames-with-t.patch @@ -0,0 +1,110 @@ +From 9db7ec72ad75185e35da1c40824f2868429fd433 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Aug 2023 02:47:51 -0400 +Subject: wifi: mac80211: allow transmitting EAPOL frames with tainted key + +From: Wen Gong + +[ Upstream commit 61304336c67358d49a989e5e0060d8c99bad6ca8 ] + +Lower layer device driver stop/wake TX by calling ieee80211_stop_queue()/ +ieee80211_wake_queue() while hw scan. Sometimes hw scan and PTK rekey are +running in parallel, when M4 sent from wpa_supplicant arrive while the TX +queue is stopped, then the M4 will pending send, and then new key install +from wpa_supplicant. After TX queue wake up by lower layer device driver, +the M4 will be dropped by below call stack. + +When key install started, the current key flag is set KEY_FLAG_TAINTED in +ieee80211_pairwise_rekey(), and then mac80211 wait key install complete by +lower layer device driver. Meanwhile ieee80211_tx_h_select_key() will return +TX_DROP for the M4 in step 12 below, and then ieee80211_free_txskb() called +by ieee80211_tx_dequeue(), so the M4 will not send and free, then the rekey +process failed becaue AP not receive M4. Please see details in steps below. + +There are a interval between KEY_FLAG_TAINTED set for current key flag and +install key complete by lower layer device driver, the KEY_FLAG_TAINTED is +set in this interval, all packet including M4 will be dropped in this +interval, the interval is step 8~13 as below. + +issue steps: + TX thread install key thread +1. stop_queue -idle- +2. sending M4 -idle- +3. M4 pending -idle- +4. -idle- starting install key from wpa_supplicant +5. -idle- =>ieee80211_key_replace() +6. -idle- =>ieee80211_pairwise_rekey() and set + currently key->flags |= KEY_FLAG_TAINTED +7. -idle- =>ieee80211_key_enable_hw_accel() +8. -idle- =>drv_set_key() and waiting key install + complete from lower layer device driver +9. wake_queue -waiting state- +10. re-sending M4 -waiting state- +11. =>ieee80211_tx_h_select_key() -waiting state- +12. drop M4 by KEY_FLAG_TAINTED -waiting state- +13. -idle- install key complete with success/fail + success: clear flag KEY_FLAG_TAINTED + fail: start disconnect + +Hence add check in step 11 above to allow the EAPOL send out in the +interval. If lower layer device driver use the old key/cipher to encrypt +the M4, then AP received/decrypt M4 correctly, after M4 send out, lower +layer device driver install the new key/cipher to hardware and return +success. + +If lower layer device driver use new key/cipher to send the M4, then AP +will/should drop the M4, then it is same result with this issue, AP will/ +should kick out station as well as this issue. + +issue log: +kworker/u16:4-5238 [000] 6456.108926: stop_queue: phy1 queue:0, reason:0 +wpa_supplicant-961 [003] 6456.119737: rdev_tx_control_port: wiphy_name=phy1 name=wlan0 ifindex=6 dest=ARRAY[9e, 05, 31, 20, 9b, d0] proto=36488 unencrypted=0 +wpa_supplicant-961 [003] 6456.119839: rdev_return_int_cookie: phy1, returned 0, cookie: 504 +wpa_supplicant-961 [003] 6456.120287: rdev_add_key: phy1, netdev:wlan0(6), key_index: 0, mode: 0, pairwise: true, mac addr: 9e:05:31:20:9b:d0 +wpa_supplicant-961 [003] 6456.120453: drv_set_key: phy1 vif:wlan0(2) sta:9e:05:31:20:9b:d0 cipher:0xfac04, flags=0x9, keyidx=0, hw_key_idx=0 +kworker/u16:9-3829 [001] 6456.168240: wake_queue: phy1 queue:0, reason:0 +kworker/u16:9-3829 [001] 6456.168255: drv_wake_tx_queue: phy1 vif:wlan0(2) sta:9e:05:31:20:9b:d0 ac:0 tid:7 +kworker/u16:9-3829 [001] 6456.168305: cfg80211_control_port_tx_status: wdev(1), cookie: 504, ack: false +wpa_supplicant-961 [003] 6459.167982: drv_return_int: phy1 - -110 + +issue call stack: +nl80211_frame_tx_status+0x230/0x340 [cfg80211] +cfg80211_control_port_tx_status+0x1c/0x28 [cfg80211] +ieee80211_report_used_skb+0x374/0x3e8 [mac80211] +ieee80211_free_txskb+0x24/0x40 [mac80211] +ieee80211_tx_dequeue+0x644/0x954 [mac80211] +ath10k_mac_tx_push_txq+0xac/0x238 [ath10k_core] +ath10k_mac_op_wake_tx_queue+0xac/0xe0 [ath10k_core] +drv_wake_tx_queue+0x80/0x168 [mac80211] +__ieee80211_wake_txqs+0xe8/0x1c8 [mac80211] +_ieee80211_wake_txqs+0xb4/0x120 [mac80211] +ieee80211_wake_txqs+0x48/0x80 [mac80211] +tasklet_action_common+0xa8/0x254 +tasklet_action+0x2c/0x38 +__do_softirq+0xdc/0x384 + +Signed-off-by: Wen Gong +Link: https://lore.kernel.org/r/20230801064751.25803-1-quic_wgong@quicinc.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/tx.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c +index d82d22b6a2a94..8bd01dfa75cb1 100644 +--- a/net/mac80211/tx.c ++++ b/net/mac80211/tx.c +@@ -651,7 +651,8 @@ ieee80211_tx_h_select_key(struct ieee80211_tx_data *tx) + } + + if (unlikely(tx->key && tx->key->flags & KEY_FLAG_TAINTED && +- !ieee80211_is_deauth(hdr->frame_control))) ++ !ieee80211_is_deauth(hdr->frame_control)) && ++ tx->skb->protocol != tx->sdata->control_port_protocol) + return TX_DROP; + + if (!skip_hw && tx->key && +-- +2.40.1 +