From: Sasha Levin Date: Wed, 7 Apr 2021 23:53:05 +0000 (-0400) Subject: Fixes for 5.11 X-Git-Tag: v4.4.266~29 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=87c575089eed90ba56d7e13987b9fe3e079c2815;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.11 Signed-off-by: Sasha Levin --- diff --git a/queue-5.11/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch b/queue-5.11/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch new file mode 100644 index 00000000000..0c38b10f439 --- /dev/null +++ b/queue-5.11/arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch @@ -0,0 +1,41 @@ +From 345f7f6b95b56def8f68e236303dafc7653c4f46 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 15:56:44 +0000 +Subject: ARM: dts: am33xx: add aliases for mmc interfaces + +From: Mans Rullgard + +[ Upstream commit 9bbce32a20d6a72c767a7f85fd6127babd1410ac ] + +Without DT aliases, the numbering of mmc interfaces is unpredictable. +Adding them makes it possible to refer to devices consistently. The +popular suggestion to use UUIDs obviously doesn't work with a blank +device fresh from the factory. + +See commit fa2d0aa96941 ("mmc: core: Allow setting slot index via +device tree alias") for more discussion. + +Signed-off-by: Mans Rullgard +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/am33xx.dtsi | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/arch/arm/boot/dts/am33xx.dtsi b/arch/arm/boot/dts/am33xx.dtsi +index 5b213a1e68bb..5e33d0e88f5b 100644 +--- a/arch/arm/boot/dts/am33xx.dtsi ++++ b/arch/arm/boot/dts/am33xx.dtsi +@@ -40,6 +40,9 @@ aliases { + ethernet1 = &cpsw_emac1; + spi0 = &spi0; + spi1 = &spi1; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; + }; + + cpus { +-- +2.30.2 + diff --git a/queue-5.11/arm64-kernel-disable-cnp-on-carmel.patch b/queue-5.11/arm64-kernel-disable-cnp-on-carmel.patch new file mode 100644 index 00000000000..1a299cf7672 --- /dev/null +++ b/queue-5.11/arm64-kernel-disable-cnp-on-carmel.patch @@ -0,0 +1,119 @@ +From dbaa3038044c777e26881a2c9885c2dd253b955b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 17:28:09 -0700 +Subject: arm64: kernel: disable CNP on Carmel + +From: Rich Wiley + +[ Upstream commit 20109a859a9b514eb10c22b8a14b5704ffe93897 ] + +On NVIDIA Carmel cores, CNP behaves differently than it does on standard +ARM cores. On Carmel, if two cores have CNP enabled and share an L2 TLB +entry created by core0 for a specific ASID, a non-shareable TLBI from +core1 may still see the shared entry. On standard ARM cores, that TLBI +will invalidate the shared entry as well. + +This causes issues with patchsets that attempt to do local TLBIs based +on cpumasks instead of broadcast TLBIs. Avoid these issues by disabling +CNP support for NVIDIA Carmel cores. + +Signed-off-by: Rich Wiley +Link: https://lore.kernel.org/r/20210324002809.30271-1-rwiley@nvidia.com +[will: Fix pre-existing whitespace issue] +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + Documentation/arm64/silicon-errata.rst | 3 +++ + arch/arm64/Kconfig | 10 ++++++++++ + arch/arm64/include/asm/cpucaps.h | 3 ++- + arch/arm64/kernel/cpu_errata.c | 8 ++++++++ + arch/arm64/kernel/cpufeature.c | 5 ++++- + 5 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/Documentation/arm64/silicon-errata.rst b/Documentation/arm64/silicon-errata.rst +index 719510247292..d410a47ffa57 100644 +--- a/Documentation/arm64/silicon-errata.rst ++++ b/Documentation/arm64/silicon-errata.rst +@@ -130,6 +130,9 @@ stable kernels. + | Marvell | ARM-MMU-500 | #582743 | N/A | + +----------------+-----------------+-----------------+-----------------------------+ + +----------------+-----------------+-----------------+-----------------------------+ ++| NVIDIA | Carmel Core | N/A | NVIDIA_CARMEL_CNP_ERRATUM | +++----------------+-----------------+-----------------+-----------------------------+ +++----------------+-----------------+-----------------+-----------------------------+ + | Freescale/NXP | LS2080A/LS1043A | A-008585 | FSL_ERRATUM_A008585 | + +----------------+-----------------+-----------------+-----------------------------+ + +----------------+-----------------+-----------------+-----------------------------+ +diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig +index e42da99db91f..2517dd8c5a4d 100644 +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -805,6 +805,16 @@ config QCOM_FALKOR_ERRATUM_E1041 + + If unsure, say Y. + ++config NVIDIA_CARMEL_CNP_ERRATUM ++ bool "NVIDIA Carmel CNP: CNP on Carmel semantically different than ARM cores" ++ default y ++ help ++ If CNP is enabled on Carmel cores, non-sharable TLBIs on a core will not ++ invalidate shared TLB entries installed by a different core, as it would ++ on standard ARM cores. ++ ++ If unsure, say Y. ++ + config SOCIONEXT_SYNQUACER_PREITS + bool "Socionext Synquacer: Workaround for GICv3 pre-ITS" + default y +diff --git a/arch/arm64/include/asm/cpucaps.h b/arch/arm64/include/asm/cpucaps.h +index b77d997b173b..c40f2490cd7b 100644 +--- a/arch/arm64/include/asm/cpucaps.h ++++ b/arch/arm64/include/asm/cpucaps.h +@@ -66,7 +66,8 @@ + #define ARM64_WORKAROUND_1508412 58 + #define ARM64_HAS_LDAPR 59 + #define ARM64_KVM_PROTECTED_MODE 60 ++#define ARM64_WORKAROUND_NVIDIA_CARMEL_CNP 61 + +-#define ARM64_NCAPS 61 ++#define ARM64_NCAPS 62 + + #endif /* __ASM_CPUCAPS_H */ +diff --git a/arch/arm64/kernel/cpu_errata.c b/arch/arm64/kernel/cpu_errata.c +index a63428301f42..3fc281e4e655 100644 +--- a/arch/arm64/kernel/cpu_errata.c ++++ b/arch/arm64/kernel/cpu_errata.c +@@ -527,6 +527,14 @@ const struct arm64_cpu_capabilities arm64_errata[] = { + 0, 0, + 1, 0), + }, ++#endif ++#ifdef CONFIG_NVIDIA_CARMEL_CNP_ERRATUM ++ { ++ /* NVIDIA Carmel */ ++ .desc = "NVIDIA Carmel CNP erratum", ++ .capability = ARM64_WORKAROUND_NVIDIA_CARMEL_CNP, ++ ERRATA_MIDR_ALL_VERSIONS(MIDR_NVIDIA_CARMEL), ++ }, + #endif + { + } +diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c +index 33b6f56dcb21..b1f7bfadab9f 100644 +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -1270,7 +1270,10 @@ has_useable_cnp(const struct arm64_cpu_capabilities *entry, int scope) + * may share TLB entries with a CPU stuck in the crashed + * kernel. + */ +- if (is_kdump_kernel()) ++ if (is_kdump_kernel()) ++ return false; ++ ++ if (cpus_have_const_cap(ARM64_WORKAROUND_NVIDIA_CARMEL_CNP)) + return false; + + return has_cpuid_feature(entry, scope); +-- +2.30.2 + diff --git a/queue-5.11/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch b/queue-5.11/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch new file mode 100644 index 00000000000..ab7f069d090 --- /dev/null +++ b/queue-5.11/block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch @@ -0,0 +1,53 @@ +From 9a57ae5259613e5b0a4c0a09deebff6ec04bce65 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 16:52:19 +0800 +Subject: block: clear GD_NEED_PART_SCAN later in bdev_disk_changed + +From: Chris Chiu + +[ Upstream commit 5116784039f0421e9a619023cfba3e302c3d9adc ] + +The GD_NEED_PART_SCAN is set by bdev_check_media_change to initiate +a partition scan while removing a block device. It should be cleared +after blk_drop_paritions because blk_drop_paritions could return +-EBUSY and then the consequence __blkdev_get has no chance to do +delete_partition if GD_NEED_PART_SCAN already cleared. + +It causes some problems on some card readers. Ex. Realtek card +reader 0bda:0328 and 0bda:0158. The device node of the partition +will not disappear after the memory card removed. Thus the user +applications can not update the device mapping correctly. + +BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1920874 +Signed-off-by: Chris Chiu +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20210323085219.24428-1-chris.chiu@canonical.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/block_dev.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/block_dev.c b/fs/block_dev.c +index c33151020bcd..85500e2400cf 100644 +--- a/fs/block_dev.c ++++ b/fs/block_dev.c +@@ -1240,13 +1240,13 @@ int bdev_disk_changed(struct block_device *bdev, bool invalidate) + + lockdep_assert_held(&bdev->bd_mutex); + +- clear_bit(GD_NEED_PART_SCAN, &bdev->bd_disk->state); +- + rescan: + ret = blk_drop_partitions(bdev); + if (ret) + return ret; + ++ clear_bit(GD_NEED_PART_SCAN, &disk->state); ++ + /* + * Historically we only set the capacity to zero for devices that + * support partitions (independ of actually having partitions created). +-- +2.30.2 + diff --git a/queue-5.11/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch b/queue-5.11/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch new file mode 100644 index 00000000000..bf061ce3856 --- /dev/null +++ b/queue-5.11/bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch @@ -0,0 +1,95 @@ +From 9c68824f3f22c8e2e85a6720c3cc9c7e44d75ab8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 17:56:47 -0800 +Subject: bpf, x86: Use kvmalloc_array instead kmalloc_array in bpf_jit_comp + +From: Yonghong Song + +[ Upstream commit de920fc64cbaa031f947e9be964bda05fd090380 ] + +x86 bpf_jit_comp.c used kmalloc_array to store jited addresses +for each bpf insn. With a large bpf program, we have see the +following allocation failures in our production server: + + page allocation failure: order:5, mode:0x40cc0(GFP_KERNEL|__GFP_COMP), + nodemask=(null),cpuset=/,mems_allowed=0" + Call Trace: + dump_stack+0x50/0x70 + warn_alloc.cold.120+0x72/0xd2 + ? __alloc_pages_direct_compact+0x157/0x160 + __alloc_pages_slowpath+0xcdb/0xd00 + ? get_page_from_freelist+0xe44/0x1600 + ? vunmap_page_range+0x1ba/0x340 + __alloc_pages_nodemask+0x2c9/0x320 + kmalloc_order+0x18/0x80 + kmalloc_order_trace+0x1d/0xa0 + bpf_int_jit_compile+0x1e2/0x484 + ? kmalloc_order_trace+0x1d/0xa0 + bpf_prog_select_runtime+0xc3/0x150 + bpf_prog_load+0x480/0x720 + ? __mod_memcg_lruvec_state+0x21/0x100 + __do_sys_bpf+0xc31/0x2040 + ? close_pdeo+0x86/0xe0 + do_syscall_64+0x42/0x110 + entry_SYSCALL_64_after_hwframe+0x44/0xa9 + RIP: 0033:0x7f2f300f7fa9 + Code: Bad RIP value. + +Dumped assembly: + + ffffffff810b6d70 : + ; { + ffffffff810b6d70: e8 eb a5 b4 00 callq 0xffffffff81c01360 <__fentry__> + ffffffff810b6d75: 41 57 pushq %r15 + ... + ffffffff810b6f39: e9 72 fe ff ff jmp 0xffffffff810b6db0 + ; addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + ffffffff810b6f3e: 8b 45 0c movl 12(%rbp), %eax + ; return __kmalloc(bytes, flags); + ffffffff810b6f41: be c0 0c 00 00 movl $3264, %esi + ; addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + ffffffff810b6f46: 8d 78 01 leal 1(%rax), %edi + ; if (unlikely(check_mul_overflow(n, size, &bytes))) + ffffffff810b6f49: 48 c1 e7 02 shlq $2, %rdi + ; return __kmalloc(bytes, flags); + ffffffff810b6f4d: e8 8e 0c 1d 00 callq 0xffffffff81287be0 <__kmalloc> + ; if (!addrs) { + ffffffff810b6f52: 48 85 c0 testq %rax, %rax + +Change kmalloc_array() to kvmalloc_array() to avoid potential +allocation error for big bpf programs. + +Signed-off-by: Yonghong Song +Signed-off-by: Alexei Starovoitov +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/20210309015647.3657852-1-yhs@fb.com +Signed-off-by: Sasha Levin +--- + arch/x86/net/bpf_jit_comp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c +index 023ac12f54a2..4cf3612ccd37 100644 +--- a/arch/x86/net/bpf_jit_comp.c ++++ b/arch/x86/net/bpf_jit_comp.c +@@ -2038,7 +2038,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) + extra_pass = true; + goto skip_init_addrs; + } +- addrs = kmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); ++ addrs = kvmalloc_array(prog->len + 1, sizeof(*addrs), GFP_KERNEL); + if (!addrs) { + prog = orig_prog; + goto out_addrs; +@@ -2128,7 +2128,7 @@ struct bpf_prog *bpf_int_jit_compile(struct bpf_prog *prog) + if (image) + bpf_prog_fill_jited_linfo(prog, addrs + 1); + out_addrs: +- kfree(addrs); ++ kvfree(addrs); + kfree(jit_data); + prog->aux->jit_data = NULL; + } +-- +2.30.2 + diff --git a/queue-5.11/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch b/queue-5.11/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch new file mode 100644 index 00000000000..30dc29296ec --- /dev/null +++ b/queue-5.11/bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch @@ -0,0 +1,47 @@ +From 4f1caa52cf8dadb10da0be490601b3e07e6ee6d1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Feb 2021 13:06:57 +0200 +Subject: bus: ti-sysc: Fix warning on unbind if reset is not deasserted + +From: Tony Lindgren + +[ Upstream commit a7b5d7c4969aba8d1f04c29048906abaa71fb6a9 ] + +We currently get thefollowing on driver unbind if a reset is configured +and asserted: + +WARNING: CPU: 0 PID: 993 at drivers/reset/core.c:432 reset_control_assert +... +(reset_control_assert) from [] (sysc_remove+0x190/0x1e4) +(sysc_remove) from [] (platform_remove+0x24/0x3c) +(platform_remove) from [] (__device_release_driver+0x154/0x214) +(__device_release_driver) from [] (device_driver_detach+0x3c/0x8c) +(device_driver_detach) from [] (unbind_store+0x60/0xd4) +(unbind_store) from [] (kernfs_fop_write_iter+0x10c/0x1cc) + +Let's fix it by checking the reset status. + +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + drivers/bus/ti-sysc.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/bus/ti-sysc.c b/drivers/bus/ti-sysc.c +index a27d751cf219..3d74f237f005 100644 +--- a/drivers/bus/ti-sysc.c ++++ b/drivers/bus/ti-sysc.c +@@ -3053,7 +3053,9 @@ static int sysc_remove(struct platform_device *pdev) + + pm_runtime_put_sync(&pdev->dev); + pm_runtime_disable(&pdev->dev); +- reset_control_assert(ddata->rsts); ++ ++ if (!reset_control_status(ddata->rsts)) ++ reset_control_assert(ddata->rsts); + + unprepare: + sysc_unprepare(ddata); +-- +2.30.2 + diff --git a/queue-5.11/can-kvaser_usb-add-support-for-usbcan-pro-4xhs.patch b/queue-5.11/can-kvaser_usb-add-support-for-usbcan-pro-4xhs.patch new file mode 100644 index 00000000000..ff65696604c --- /dev/null +++ b/queue-5.11/can-kvaser_usb-add-support-for-usbcan-pro-4xhs.patch @@ -0,0 +1,58 @@ +From fb9376436c074dce0d73fb280aaba11b65a8edcd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Mar 2021 10:17:24 +0100 +Subject: can: kvaser_usb: Add support for USBcan Pro 4xHS + +From: Jimmy Assarsson + +[ Upstream commit 7507479c46b120c37ef83e59be7683a526e98e1a ] + +Add support for Kvaser USBcan Pro 4xHS. + +Link: https://lore.kernel.org/r/20210309091724.31262-2-jimmyassarsson@gmail.com +Signed-off-by: Jimmy Assarsson +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Sasha Levin +--- + drivers/net/can/usb/Kconfig | 1 + + drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c | 4 +++- + 2 files changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/can/usb/Kconfig b/drivers/net/can/usb/Kconfig +index c1e5d5b570b6..538f4d9adb91 100644 +--- a/drivers/net/can/usb/Kconfig ++++ b/drivers/net/can/usb/Kconfig +@@ -73,6 +73,7 @@ config CAN_KVASER_USB + - Kvaser Memorator Pro 5xHS + - Kvaser USBcan Light 4xHS + - Kvaser USBcan Pro 2xHS v2 ++ - Kvaser USBcan Pro 4xHS + - Kvaser USBcan Pro 5xHS + - Kvaser U100 + - Kvaser U100P +diff --git a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c +index e2d58846c40c..073c4a39e718 100644 +--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c ++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_core.c +@@ -86,8 +86,9 @@ + #define USB_U100_PRODUCT_ID 273 + #define USB_U100P_PRODUCT_ID 274 + #define USB_U100S_PRODUCT_ID 275 ++#define USB_USBCAN_PRO_4HS_PRODUCT_ID 276 + #define USB_HYDRA_PRODUCT_ID_END \ +- USB_U100S_PRODUCT_ID ++ USB_USBCAN_PRO_4HS_PRODUCT_ID + + static inline bool kvaser_is_leaf(const struct usb_device_id *id) + { +@@ -193,6 +194,7 @@ static const struct usb_device_id kvaser_usb_table[] = { + { USB_DEVICE(KVASER_VENDOR_ID, USB_U100_PRODUCT_ID) }, + { USB_DEVICE(KVASER_VENDOR_ID, USB_U100P_PRODUCT_ID) }, + { USB_DEVICE(KVASER_VENDOR_ID, USB_U100S_PRODUCT_ID) }, ++ { USB_DEVICE(KVASER_VENDOR_ID, USB_USBCAN_PRO_4HS_PRODUCT_ID) }, + { } + }; + MODULE_DEVICE_TABLE(usb, kvaser_usb_table); +-- +2.30.2 + diff --git a/queue-5.11/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch b/queue-5.11/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch new file mode 100644 index 00000000000..aa046bf1a3b --- /dev/null +++ b/queue-5.11/cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch @@ -0,0 +1,42 @@ +From fc65647c166ece40f2836c41ec85356d672a1ea2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 16:26:35 +1000 +Subject: cifs: revalidate mapping when we open files for SMB1 POSIX + +From: Ronnie Sahlberg + +[ Upstream commit cee8f4f6fcabfdf229542926128e9874d19016d5 ] + +RHBZ: 1933527 + +Under SMB1 + POSIX, if an inode is reused on a server after we have read and +cached a part of a file, when we then open the new file with the +re-cycled inode there is a chance that we may serve the old data out of cache +to the application. +This only happens for SMB1 (deprecated) and when posix are used. +The simplest solution to avoid this race is to force a revalidate +on smb1-posix open. + +Signed-off-by: Ronnie Sahlberg +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/file.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fs/cifs/file.c b/fs/cifs/file.c +index 6d001905c8e5..eef4f22b5e78 100644 +--- a/fs/cifs/file.c ++++ b/fs/cifs/file.c +@@ -165,6 +165,7 @@ int cifs_posix_open(char *full_path, struct inode **pinode, + goto posix_open_ret; + } + } else { ++ cifs_revalidate_mapping(*pinode); + cifs_fattr_to_inode(*pinode, &fattr); + } + +-- +2.30.2 + diff --git a/queue-5.11/cifs-silently-ignore-unknown-oplock-break-handle.patch b/queue-5.11/cifs-silently-ignore-unknown-oplock-break-handle.patch new file mode 100644 index 00000000000..e1461fb270d --- /dev/null +++ b/queue-5.11/cifs-silently-ignore-unknown-oplock-break-handle.patch @@ -0,0 +1,53 @@ +From 7c5aa6bb6c93664a3c23bd1a5fa93d17f3e3697d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 14:57:11 +0100 +Subject: cifs: Silently ignore unknown oplock break handle + +From: Vincent Whitchurch + +[ Upstream commit 219481a8f90ec3a5eed9638fb35609e4b1aeece7 ] + +Make SMB2 not print out an error when an oplock break is received for an +unknown handle, similar to SMB1. The debug message which is printed for +these unknown handles may also be misleading, so fix that too. + +The SMB2 lease break path is not affected by this patch. + +Without this, a program which writes to a file from one thread, and +opens, reads, and writes the same file from another thread triggers the +below errors several times a minute when run against a Samba server +configured with "smb2 leases = no". + + CIFS: VFS: \\192.168.0.1 No task to wake, unknown frame received! NumMids 2 + 00000000: 424d53fe 00000040 00000000 00000012 .SMB@........... + 00000010: 00000001 00000000 ffffffff ffffffff ................ + 00000020: 00000000 00000000 00000000 00000000 ................ + 00000030: 00000000 00000000 00000000 00000000 ................ + +Signed-off-by: Vincent Whitchurch +Reviewed-by: Tom Talpey +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Sasha Levin +--- + fs/cifs/smb2misc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/cifs/smb2misc.c b/fs/cifs/smb2misc.c +index d9073b569e17..53fb751bf210 100644 +--- a/fs/cifs/smb2misc.c ++++ b/fs/cifs/smb2misc.c +@@ -754,8 +754,8 @@ smb2_is_valid_oplock_break(char *buffer, struct TCP_Server_Info *server) + } + } + spin_unlock(&cifs_tcp_ses_lock); +- cifs_dbg(FYI, "Can not process oplock break for non-existent connection\n"); +- return false; ++ cifs_dbg(FYI, "No file id matched, oplock break ignored\n"); ++ return true; + } + + void +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-a6xx-make-sure-the-sqe-microcode-is-safe.patch b/queue-5.11/drm-msm-a6xx-make-sure-the-sqe-microcode-is-safe.patch new file mode 100644 index 00000000000..fb576c06f15 --- /dev/null +++ b/queue-5.11/drm-msm-a6xx-make-sure-the-sqe-microcode-is-safe.patch @@ -0,0 +1,131 @@ +From d07d71963c7532a19e5062034da4be53f455658f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Feb 2021 17:52:05 -0700 +Subject: drm/msm: a6xx: Make sure the SQE microcode is safe + +From: Jordan Crouse + +[ Upstream commit 8490f02a3ca45fd1bbcadc243b4db9b69d0e3450 ] + +Most a6xx targets have security issues that were fixed with new versions +of the microcode(s). Make sure that we are booting with a safe version of +the microcode for the target and print a message and error if not. + +v2: Add more informative error messages and fix typos + +Signed-off-by: Jordan Crouse +Reviewed-by: Akhil P Oommen +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 77 ++++++++++++++++++++++----- + 1 file changed, 64 insertions(+), 13 deletions(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +index 0366419d8bfe..e7a8442b59af 100644 +--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c ++++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +@@ -521,28 +521,73 @@ static int a6xx_cp_init(struct msm_gpu *gpu) + return a6xx_idle(gpu, ring) ? 0 : -EINVAL; + } + +-static void a6xx_ucode_check_version(struct a6xx_gpu *a6xx_gpu, ++/* ++ * Check that the microcode version is new enough to include several key ++ * security fixes. Return true if the ucode is safe. ++ */ ++static bool a6xx_ucode_check_version(struct a6xx_gpu *a6xx_gpu, + struct drm_gem_object *obj) + { ++ struct adreno_gpu *adreno_gpu = &a6xx_gpu->base; ++ struct msm_gpu *gpu = &adreno_gpu->base; + u32 *buf = msm_gem_get_vaddr(obj); ++ bool ret = false; + + if (IS_ERR(buf)) +- return; ++ return false; + + /* +- * If the lowest nibble is 0xa that is an indication that this microcode +- * has been patched. The actual version is in dword [3] but we only care +- * about the patchlevel which is the lowest nibble of dword [3] +- * +- * Otherwise check that the firmware is greater than or equal to 1.90 +- * which was the first version that had this fix built in ++ * Targets up to a640 (a618, a630 and a640) need to check for a ++ * microcode version that is patched to support the whereami opcode or ++ * one that is new enough to include it by default. + */ +- if (((buf[0] & 0xf) == 0xa) && (buf[2] & 0xf) >= 1) +- a6xx_gpu->has_whereami = true; +- else if ((buf[0] & 0xfff) > 0x190) +- a6xx_gpu->has_whereami = true; ++ if (adreno_is_a618(adreno_gpu) || adreno_is_a630(adreno_gpu) || ++ adreno_is_a640(adreno_gpu)) { ++ /* ++ * If the lowest nibble is 0xa that is an indication that this ++ * microcode has been patched. The actual version is in dword ++ * [3] but we only care about the patchlevel which is the lowest ++ * nibble of dword [3] ++ * ++ * Otherwise check that the firmware is greater than or equal ++ * to 1.90 which was the first version that had this fix built ++ * in ++ */ ++ if ((((buf[0] & 0xf) == 0xa) && (buf[2] & 0xf) >= 1) || ++ (buf[0] & 0xfff) >= 0x190) { ++ a6xx_gpu->has_whereami = true; ++ ret = true; ++ goto out; ++ } + ++ DRM_DEV_ERROR(&gpu->pdev->dev, ++ "a630 SQE ucode is too old. Have version %x need at least %x\n", ++ buf[0] & 0xfff, 0x190); ++ } else { ++ /* ++ * a650 tier targets don't need whereami but still need to be ++ * equal to or newer than 1.95 for other security fixes ++ */ ++ if (adreno_is_a650(adreno_gpu)) { ++ if ((buf[0] & 0xfff) >= 0x195) { ++ ret = true; ++ goto out; ++ } ++ ++ DRM_DEV_ERROR(&gpu->pdev->dev, ++ "a650 SQE ucode is too old. Have version %x need at least %x\n", ++ buf[0] & 0xfff, 0x195); ++ } ++ ++ /* ++ * When a660 is added those targets should return true here ++ * since those have all the critical security fixes built in ++ * from the start ++ */ ++ } ++out: + msm_gem_put_vaddr(obj); ++ return ret; + } + + static int a6xx_ucode_init(struct msm_gpu *gpu) +@@ -565,7 +610,13 @@ static int a6xx_ucode_init(struct msm_gpu *gpu) + } + + msm_gem_object_set_name(a6xx_gpu->sqe_bo, "sqefw"); +- a6xx_ucode_check_version(a6xx_gpu, a6xx_gpu->sqe_bo); ++ if (!a6xx_ucode_check_version(a6xx_gpu, a6xx_gpu->sqe_bo)) { ++ msm_gem_unpin_iova(a6xx_gpu->sqe_bo, gpu->aspace); ++ drm_gem_object_put(a6xx_gpu->sqe_bo); ++ ++ a6xx_gpu->sqe_bo = NULL; ++ return -EPERM; ++ } + } + + gpu_write64(gpu, REG_A6XX_CP_SQE_INSTR_BASE_LO, +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch b/queue-5.11/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch new file mode 100644 index 00000000000..040d9a0b3f3 --- /dev/null +++ b/queue-5.11/drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch @@ -0,0 +1,37 @@ +From f2e18c4532c7dd8cb0f0b902eef83b146b894914 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 28 Feb 2021 13:36:51 +0100 +Subject: drm/msm/adreno: a5xx_power: Don't apply A540 lm_setup to other GPUs + +From: Konrad Dybcio + +[ Upstream commit 4a9d36b0610aa7034340e976652e5b43320dd7c5 ] + +While passing the A530-specific lm_setup func to A530 and A540 +to !A530 was fine back when only these two were supported, it +certainly is not a good idea to send A540 specifics to smaller +GPUs like A508 and friends. + +Signed-off-by: Konrad Dybcio +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/adreno/a5xx_power.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a5xx_power.c b/drivers/gpu/drm/msm/adreno/a5xx_power.c +index f176a6f3eff6..e58670a61df4 100644 +--- a/drivers/gpu/drm/msm/adreno/a5xx_power.c ++++ b/drivers/gpu/drm/msm/adreno/a5xx_power.c +@@ -304,7 +304,7 @@ int a5xx_power_init(struct msm_gpu *gpu) + /* Set up the limits management */ + if (adreno_is_a530(adreno_gpu)) + a530_lm_setup(gpu); +- else ++ else if (adreno_is_a540(adreno_gpu)) + a540_lm_setup(gpu); + + /* Set up SP/TP power collpase */ +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch b/queue-5.11/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch new file mode 100644 index 00000000000..191f6bd4c69 --- /dev/null +++ b/queue-5.11/drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch @@ -0,0 +1,74 @@ +From 73e0123599f29cbb75e5b27a6f03a18853321eee Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 02:17:12 -0700 +Subject: drm/msm/disp/dpu1: icc path needs to be set before dpu runtime resume + +From: Kalyan Thota + +[ Upstream commit 627dc55c273dab308303a5217bd3e767d7083ddb ] + +DPU runtime resume will request for a min vote on the AXI bus as +it is a necessary step before turning ON the AXI clock. + +The change does below +1) Move the icc path set before requesting runtime get_sync. +2) remove the dependency of hw catalog for min ib vote +as it is initialized at a later point. + +Signed-off-by: Kalyan Thota +Tested-by: Matthias Kaehlcke +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c +index 374b0e8471e6..0f1b04ef61f2 100644 +--- a/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c ++++ b/drivers/gpu/drm/msm/disp/dpu1/dpu_kms.c +@@ -43,6 +43,8 @@ + #define DPU_DEBUGFS_DIR "msm_dpu" + #define DPU_DEBUGFS_HWMASKNAME "hw_log_mask" + ++#define MIN_IB_BW 400000000ULL /* Min ib vote 400MB */ ++ + static int dpu_kms_hw_init(struct msm_kms *kms); + static void _dpu_kms_mmu_destroy(struct dpu_kms *dpu_kms); + +@@ -931,6 +933,9 @@ static int dpu_kms_hw_init(struct msm_kms *kms) + DPU_DEBUG("REG_DMA is not defined"); + } + ++ if (of_device_is_compatible(dev->dev->of_node, "qcom,sc7180-mdss")) ++ dpu_kms_parse_data_bus_icc_path(dpu_kms); ++ + pm_runtime_get_sync(&dpu_kms->pdev->dev); + + dpu_kms->core_rev = readl_relaxed(dpu_kms->mmio + 0x0); +@@ -1032,9 +1037,6 @@ static int dpu_kms_hw_init(struct msm_kms *kms) + + dpu_vbif_init_memtypes(dpu_kms); + +- if (of_device_is_compatible(dev->dev->of_node, "qcom,sc7180-mdss")) +- dpu_kms_parse_data_bus_icc_path(dpu_kms); +- + pm_runtime_put_sync(&dpu_kms->pdev->dev); + + return 0; +@@ -1191,10 +1193,10 @@ static int __maybe_unused dpu_runtime_resume(struct device *dev) + + ddev = dpu_kms->dev; + ++ WARN_ON(!(dpu_kms->num_paths)); + /* Min vote of BW is required before turning on AXI clk */ + for (i = 0; i < dpu_kms->num_paths; i++) +- icc_set_bw(dpu_kms->path[i], 0, +- dpu_kms->catalog->perf.min_dram_ib); ++ icc_set_bw(dpu_kms->path[i], 0, Bps_to_icc(MIN_IB_BW)); + + rc = msm_dss_enable_clk(mp->clk_config, mp->num_clk, true); + if (rc) { +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch b/queue-5.11/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch new file mode 100644 index 00000000000..a59d6789afa --- /dev/null +++ b/queue-5.11/drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch @@ -0,0 +1,40 @@ +From d44799faf0f60df9ceee98967d8863f9646c176a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Feb 2021 02:05:28 +0300 +Subject: drm/msm/dsi_pll_7nm: Fix variable usage for pll_lockdet_rate + +From: Dmitry Baryshkov + +[ Upstream commit 9daaf31307856defb1070685418ce5a484ecda3a ] + +The PLL_LOCKDET_RATE_1 was being programmed with a hardcoded value +directly, but the same value was also being specified in the +dsi_pll_regs struct pll_lockdet_rate variable: let's use it! + +Based on 362cadf34b9f ("drm/msm/dsi_pll_10nm: Fix variable usage for +pll_lockdet_rate") + +Signed-off-by: Dmitry Baryshkov +Reviewed-by: Abhinav Kumar +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c +index c1f6708367ae..c1c41846b6b2 100644 +--- a/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c ++++ b/drivers/gpu/drm/msm/dsi/pll/dsi_pll_7nm.c +@@ -325,7 +325,7 @@ static void dsi_pll_commit(struct dsi_pll_7nm *pll) + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_LOW_1, reg->frac_div_start_low); + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_MID_1, reg->frac_div_start_mid); + pll_write(base + REG_DSI_7nm_PHY_PLL_FRAC_DIV_START_HIGH_1, reg->frac_div_start_high); +- pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCKDET_RATE_1, 0x40); ++ pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCKDET_RATE_1, reg->pll_lockdet_rate); + pll_write(base + REG_DSI_7nm_PHY_PLL_PLL_LOCK_DELAY, 0x06); + pll_write(base + REG_DSI_7nm_PHY_PLL_CMODE_1, 0x10); /* TODO: 0x00 for CPHY */ + pll_write(base + REG_DSI_7nm_PHY_PLL_CLOCK_INVERTERS, reg->pll_clock_inverters); +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-ratelimit-invalid-fence-message.patch b/queue-5.11/drm-msm-ratelimit-invalid-fence-message.patch new file mode 100644 index 00000000000..1f8de7fdcef --- /dev/null +++ b/queue-5.11/drm-msm-ratelimit-invalid-fence-message.patch @@ -0,0 +1,37 @@ +From 6f05535f94b7afb46ea21d2373432fd81a32e60d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Mar 2021 09:40:38 -0700 +Subject: drm/msm: Ratelimit invalid-fence message + +From: Rob Clark + +[ Upstream commit 7ad48d27a2846bfda29214fb454d001c3e02b9e7 ] + +We have seen a couple cases where low memory situations cause something +bad to happen, followed by a flood of these messages obscuring the root +cause. Lets ratelimit the dmesg spam so that next time it happens we +don't lose the kernel traces leading up to this. + +Signed-off-by: Rob Clark +Reviewed-by: Douglas Anderson +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/msm_fence.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/msm_fence.c b/drivers/gpu/drm/msm/msm_fence.c +index ad2703698b05..cd59a5918038 100644 +--- a/drivers/gpu/drm/msm/msm_fence.c ++++ b/drivers/gpu/drm/msm/msm_fence.c +@@ -45,7 +45,7 @@ int msm_wait_fence(struct msm_fence_context *fctx, uint32_t fence, + int ret; + + if (fence > fctx->last_fence) { +- DRM_ERROR("%s: waiting on invalid fence: %u (of %u)\n", ++ DRM_ERROR_RATELIMITED("%s: waiting on invalid fence: %u (of %u)\n", + fctx->name, fence, fctx->last_fence); + return -EINVAL; + } +-- +2.30.2 + diff --git a/queue-5.11/ia64-fix-format-strings-for-err_inject.patch b/queue-5.11/ia64-fix-format-strings-for-err_inject.patch new file mode 100644 index 00000000000..b36d1b0501f --- /dev/null +++ b/queue-5.11/ia64-fix-format-strings-for-err_inject.patch @@ -0,0 +1,110 @@ +From fd3ecea6900d36ffe097134449de2b0d590ac320 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:41 -0700 +Subject: ia64: fix format strings for err_inject + +From: Sergei Trofimovich + +[ Upstream commit 95d44a470a6814207d52dd6312203b0f4ef12710 ] + +Fix warning with %lx / u64 mismatch: + + arch/ia64/kernel/err_inject.c: In function 'show_resources': + arch/ia64/kernel/err_inject.c:62:22: warning: + format '%lx' expects argument of type 'long unsigned int', + but argument 3 has type 'u64' {aka 'long long unsigned int'} + 62 | return sprintf(buf, "%lx", name[cpu]); \ + | ^~~~~~~ + +Link: https://lkml.kernel.org/r/20210313104312.1548232-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/err_inject.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index 8b5b8e6bc9d9..dd5bfed52031 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -59,7 +59,7 @@ show_##name(struct device *dev, struct device_attribute *attr, \ + char *buf) \ + { \ + u32 cpu=dev->id; \ +- return sprintf(buf, "%lx\n", name[cpu]); \ ++ return sprintf(buf, "%llx\n", name[cpu]); \ + } + + #define store(name) \ +@@ -86,9 +86,9 @@ store_call_start(struct device *dev, struct device_attribute *attr, + + #ifdef ERR_INJ_DEBUG + printk(KERN_DEBUG "pal_mc_err_inject for cpu%d:\n", cpu); +- printk(KERN_DEBUG "err_type_info=%lx,\n", err_type_info[cpu]); +- printk(KERN_DEBUG "err_struct_info=%lx,\n", err_struct_info[cpu]); +- printk(KERN_DEBUG "err_data_buffer=%lx, %lx, %lx.\n", ++ printk(KERN_DEBUG "err_type_info=%llx,\n", err_type_info[cpu]); ++ printk(KERN_DEBUG "err_struct_info=%llx,\n", err_struct_info[cpu]); ++ printk(KERN_DEBUG "err_data_buffer=%llx, %llx, %llx.\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3); +@@ -117,8 +117,8 @@ store_call_start(struct device *dev, struct device_attribute *attr, + + #ifdef ERR_INJ_DEBUG + printk(KERN_DEBUG "Returns: status=%d,\n", (int)status[cpu]); +- printk(KERN_DEBUG "capabilities=%lx,\n", capabilities[cpu]); +- printk(KERN_DEBUG "resources=%lx\n", resources[cpu]); ++ printk(KERN_DEBUG "capabilities=%llx,\n", capabilities[cpu]); ++ printk(KERN_DEBUG "resources=%llx\n", resources[cpu]); + #endif + return size; + } +@@ -131,7 +131,7 @@ show_virtual_to_phys(struct device *dev, struct device_attribute *attr, + char *buf) + { + unsigned int cpu=dev->id; +- return sprintf(buf, "%lx\n", phys_addr[cpu]); ++ return sprintf(buf, "%llx\n", phys_addr[cpu]); + } + + static ssize_t +@@ -145,7 +145,7 @@ store_virtual_to_phys(struct device *dev, struct device_attribute *attr, + ret = get_user_pages_fast(virt_addr, 1, FOLL_WRITE, NULL); + if (ret<=0) { + #ifdef ERR_INJ_DEBUG +- printk("Virtual address %lx is not existing.\n",virt_addr); ++ printk("Virtual address %llx is not existing.\n", virt_addr); + #endif + return -EINVAL; + } +@@ -163,7 +163,7 @@ show_err_data_buffer(struct device *dev, + { + unsigned int cpu=dev->id; + +- return sprintf(buf, "%lx, %lx, %lx\n", ++ return sprintf(buf, "%llx, %llx, %llx\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3); +@@ -178,13 +178,13 @@ store_err_data_buffer(struct device *dev, + int ret; + + #ifdef ERR_INJ_DEBUG +- printk("write err_data_buffer=[%lx,%lx,%lx] on cpu%d\n", ++ printk("write err_data_buffer=[%llx,%llx,%llx] on cpu%d\n", + err_data_buffer[cpu].data1, + err_data_buffer[cpu].data2, + err_data_buffer[cpu].data3, + cpu); + #endif +- ret=sscanf(buf, "%lx, %lx, %lx", ++ ret = sscanf(buf, "%llx, %llx, %llx", + &err_data_buffer[cpu].data1, + &err_data_buffer[cpu].data2, + &err_data_buffer[cpu].data3); +-- +2.30.2 + diff --git a/queue-5.11/ia64-mca-allocate-early-mca-with-gfp_atomic.patch b/queue-5.11/ia64-mca-allocate-early-mca-with-gfp_atomic.patch new file mode 100644 index 00000000000..9ebcc53321b --- /dev/null +++ b/queue-5.11/ia64-mca-allocate-early-mca-with-gfp_atomic.patch @@ -0,0 +1,61 @@ +From 665021c20d354c919d7ffa468cb1ae13974437d3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:38 -0700 +Subject: ia64: mca: allocate early mca with GFP_ATOMIC + +From: Sergei Trofimovich + +[ Upstream commit f2a419cf495f95cac49ea289318b833477e1a0e2 ] + +The sleep warning happens at early boot right at secondary CPU +activation bootup: + + smp: Bringing up secondary CPUs ... + BUG: sleeping function called from invalid context at mm/page_alloc.c:4942 + in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 + CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.12.0-rc2-00007-g79e228d0b611-dirty #99 + .. + Call Trace: + show_stack+0x90/0xc0 + dump_stack+0x150/0x1c0 + ___might_sleep+0x1c0/0x2a0 + __might_sleep+0xa0/0x160 + __alloc_pages_nodemask+0x1a0/0x600 + alloc_page_interleave+0x30/0x1c0 + alloc_pages_current+0x2c0/0x340 + __get_free_pages+0x30/0xa0 + ia64_mca_cpu_init+0x2d0/0x3a0 + cpu_init+0x8b0/0x1440 + start_secondary+0x60/0x700 + start_ap+0x750/0x780 + Fixed BSP b0 value from CPU 1 + +As I understand interrupts are not enabled yet and system has a lot of +memory. There is little chance to sleep and switch to GFP_ATOMIC should +be a no-op. + +Link: https://lkml.kernel.org/r/20210315085045.204414-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + arch/ia64/kernel/mca.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 2703f7795672..bd0a51dc345a 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1822,7 +1822,7 @@ ia64_mca_cpu_init(void *cpu_data) + data = mca_bootmem(); + first_time = 0; + } else +- data = (void *)__get_free_pages(GFP_KERNEL, ++ data = (void *)__get_free_pages(GFP_ATOMIC, + get_order(sz)); + if (!data) + panic("Could not allocate MCA memory for cpu %d\n", +-- +2.30.2 + diff --git a/queue-5.11/io_uring-fix-timeout-cancel-return-code.patch b/queue-5.11/io_uring-fix-timeout-cancel-return-code.patch new file mode 100644 index 00000000000..3b593203c6a --- /dev/null +++ b/queue-5.11/io_uring-fix-timeout-cancel-return-code.patch @@ -0,0 +1,63 @@ +From fcdf1a9fc546d3c670e393d2b8a3ad3ff00d1438 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 18:32:42 +0000 +Subject: io_uring: fix timeout cancel return code + +From: Pavel Begunkov + +[ Upstream commit 1ee4160c73b2102a52bc97a4128a89c34821414f ] + +When we cancel a timeout we should emit a sensible return code, like +-ECANCELED but not 0, otherwise it may trick users. + +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/7b0ad1065e3bd1994722702bd0ba9e7bc9b0683b.1616696997.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Sasha Levin +--- + fs/io_uring.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/fs/io_uring.c b/fs/io_uring.c +index 8b4213de9e08..b1b3154c8d50 100644 +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -1594,7 +1594,7 @@ static void io_queue_async_work(struct io_kiocb *req) + io_queue_linked_timeout(link); + } + +-static void io_kill_timeout(struct io_kiocb *req) ++static void io_kill_timeout(struct io_kiocb *req, int status) + { + struct io_timeout_data *io = req->async_data; + int ret; +@@ -1604,7 +1604,7 @@ static void io_kill_timeout(struct io_kiocb *req) + atomic_set(&req->ctx->cq_timeouts, + atomic_read(&req->ctx->cq_timeouts) + 1); + list_del_init(&req->timeout.list); +- io_cqring_fill_event(req, 0); ++ io_cqring_fill_event(req, status); + io_put_req_deferred(req, 1); + } + } +@@ -1621,7 +1621,7 @@ static bool io_kill_timeouts(struct io_ring_ctx *ctx, struct task_struct *tsk, + spin_lock_irq(&ctx->completion_lock); + list_for_each_entry_safe(req, tmp, &ctx->timeout_list, timeout.list) { + if (io_match_task(req, tsk, files)) { +- io_kill_timeout(req); ++ io_kill_timeout(req, -ECANCELED); + canceled++; + } + } +@@ -1673,7 +1673,7 @@ static void io_flush_timeouts(struct io_ring_ctx *ctx) + break; + + list_del_init(&req->timeout.list); +- io_kill_timeout(req); ++ io_kill_timeout(req, 0); + } while (!list_empty(&ctx->timeout_list)); + + ctx->cq_last_tm_flush = seq; +-- +2.30.2 + diff --git a/queue-5.11/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch b/queue-5.11/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch new file mode 100644 index 00000000000..977213e5486 --- /dev/null +++ b/queue-5.11/kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch @@ -0,0 +1,98 @@ +From 41b54c0dc5e6b714681669121e29395bab15e66e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 12:01:28 +0000 +Subject: kselftest/arm64: sve: Do not use non-canonical FFR register value + +From: Andre Przywara + +[ Upstream commit 7011d72588d16a9e5f5d85acbc8b10019809599c ] + +The "First Fault Register" (FFR) is an SVE register that mimics a +predicate register, but clears bits when a load or store fails to handle +an element of a vector. The supposed usage scenario is to initialise +this register (using SETFFR), then *read* it later on to learn about +elements that failed to load or store. Explicit writes to this register +using the WRFFR instruction are only supposed to *restore* values +previously read from the register (for context-switching only). +As the manual describes, this register holds only certain values, it: +"... contains a monotonic predicate value, in which starting from bit 0 +there are zero or more 1 bits, followed only by 0 bits in any remaining +bit positions." +Any other value is UNPREDICTABLE and is not supposed to be "restored" +into the register. + +The SVE test currently tries to write a signature pattern into the +register, which is *not* a canonical FFR value. Apparently the existing +setups treat UNPREDICTABLE as "read-as-written", but a new +implementation actually only stores canonical values. As a consequence, +the sve-test fails immediately when comparing the FFR value: +----------- + # ./sve-test +Vector length: 128 bits +PID: 207 +Mismatch: PID=207, iteration=0, reg=48 + Expected [cf00] + Got [0f00] +Aborted +----------- + +Fix this by only populating the FFR with proper canonical values. +Effectively the requirement described above limits us to 17 unique +values over 16 bits worth of FFR, so we condense our signature down to 4 +bits (2 bits from the PID, 2 bits from the generation) and generate the +canonical pattern from it. Any bits describing elements above the +minimum 128 bit are set to 0. + +This aligns the FFR usage to the architecture and fixes the test on +microarchitectures implementing FFR in a more restricted way. + +Signed-off-by: Andre Przywara +Reviwed-by: Mark Brown +Link: https://lore.kernel.org/r/20210319120128.29452-1-andre.przywara@arm.com +Signed-off-by: Will Deacon +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/arm64/fp/sve-test.S | 22 ++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +diff --git a/tools/testing/selftests/arm64/fp/sve-test.S b/tools/testing/selftests/arm64/fp/sve-test.S +index 9210691aa998..e3e08d9c7020 100644 +--- a/tools/testing/selftests/arm64/fp/sve-test.S ++++ b/tools/testing/selftests/arm64/fp/sve-test.S +@@ -284,16 +284,28 @@ endfunction + // Set up test pattern in the FFR + // x0: pid + // x2: generation ++// ++// We need to generate a canonical FFR value, which consists of a number of ++// low "1" bits, followed by a number of zeros. This gives us 17 unique values ++// per 16 bits of FFR, so we create a 4 bit signature out of the PID and ++// generation, and use that as the initial number of ones in the pattern. ++// We fill the upper lanes of FFR with zeros. + // Beware: corrupts P0. + function setup_ffr + mov x4, x30 + +- bl pattern ++ and w0, w0, #0x3 ++ bfi w0, w2, #2, #2 ++ mov w1, #1 ++ lsl w1, w1, w0 ++ sub w1, w1, #1 ++ + ldr x0, =ffrref +- ldr x1, =scratch +- rdvl x2, #1 +- lsr x2, x2, #3 +- bl memcpy ++ strh w1, [x0], 2 ++ rdvl x1, #1 ++ lsr x1, x1, #3 ++ sub x1, x1, #2 ++ bl memclr + + mov x0, #0 + ldr x1, =ffrref +-- +2.30.2 + diff --git a/queue-5.11/kunit-tool-fix-a-python-tuple-typing-error.patch b/queue-5.11/kunit-tool-fix-a-python-tuple-typing-error.patch new file mode 100644 index 00000000000..d3f4af2bd6a --- /dev/null +++ b/queue-5.11/kunit-tool-fix-a-python-tuple-typing-error.patch @@ -0,0 +1,40 @@ +From 427b1a36dd8f63cc96e6bff8b143ddb2bd2dbb95 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Feb 2021 21:49:30 -0800 +Subject: kunit: tool: Fix a python tuple typing error + +From: David Gow + +[ Upstream commit 7421b1a4d10c633ca5f14c8236d3e2c1de07e52b ] + +The first argument to namedtuple() should match the name of the type, +which wasn't the case for KconfigEntryBase. + +Fixing this is enough to make mypy show no python typing errors again. + +Fixes 97752c39bd ("kunit: kunit_tool: Allow .kunitconfig to disable config items") +Signed-off-by: David Gow +Reviewed-by: Daniel Latypov +Acked-by: Brendan Higgins +Signed-off-by: Shuah Khan +Signed-off-by: Sasha Levin +--- + tools/testing/kunit/kunit_config.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/testing/kunit/kunit_config.py b/tools/testing/kunit/kunit_config.py +index bdd60230764b..27fe086d2d0d 100644 +--- a/tools/testing/kunit/kunit_config.py ++++ b/tools/testing/kunit/kunit_config.py +@@ -13,7 +13,7 @@ from typing import List, Set + CONFIG_IS_NOT_SET_PATTERN = r'^# CONFIG_(\w+) is not set$' + CONFIG_PATTERN = r'^CONFIG_(\w+)=(\S+|".*")$' + +-KconfigEntryBase = collections.namedtuple('KconfigEntry', ['name', 'value']) ++KconfigEntryBase = collections.namedtuple('KconfigEntryBase', ['name', 'value']) + + class KconfigEntry(KconfigEntryBase): + +-- +2.30.2 + diff --git a/queue-5.11/mac80211-check-crypto_aead_encrypt-for-errors.patch b/queue-5.11/mac80211-check-crypto_aead_encrypt-for-errors.patch new file mode 100644 index 00000000000..cf1ad746039 --- /dev/null +++ b/queue-5.11/mac80211-check-crypto_aead_encrypt-for-errors.patch @@ -0,0 +1,76 @@ +From e27fe06b0dd9e55c73f0c9a92985412a5811cec8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Mar 2021 12:41:36 -0800 +Subject: mac80211: Check crypto_aead_encrypt for errors + +From: Daniel Phan + +[ Upstream commit 58d25626f6f0ea5bcec3c13387b9f835d188723d ] + +crypto_aead_encrypt returns <0 on error, so if these calls are not checked, +execution may continue with failed encrypts. It also seems that these two +crypto_aead_encrypt calls are the only instances in the codebase that are +not checked for errors. + +Signed-off-by: Daniel Phan +Link: https://lore.kernel.org/r/20210309204137.823268-1-daniel.phan36@gmail.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/aead_api.c | 5 +++-- + net/mac80211/aes_gmac.c | 5 +++-- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/net/mac80211/aead_api.c b/net/mac80211/aead_api.c +index d7b3d905d535..b00d6f5b33f4 100644 +--- a/net/mac80211/aead_api.c ++++ b/net/mac80211/aead_api.c +@@ -23,6 +23,7 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, + struct aead_request *aead_req; + int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm); + u8 *__aad; ++ int ret; + + aead_req = kzalloc(reqsize + aad_len, GFP_ATOMIC); + if (!aead_req) +@@ -40,10 +41,10 @@ int aead_encrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, + aead_request_set_crypt(aead_req, sg, sg, data_len, b_0); + aead_request_set_ad(aead_req, sg[0].length); + +- crypto_aead_encrypt(aead_req); ++ ret = crypto_aead_encrypt(aead_req); + kfree_sensitive(aead_req); + +- return 0; ++ return ret; + } + + int aead_decrypt(struct crypto_aead *tfm, u8 *b_0, u8 *aad, size_t aad_len, +diff --git a/net/mac80211/aes_gmac.c b/net/mac80211/aes_gmac.c +index 6f3b3a0cc10a..512cab073f2e 100644 +--- a/net/mac80211/aes_gmac.c ++++ b/net/mac80211/aes_gmac.c +@@ -22,6 +22,7 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, + struct aead_request *aead_req; + int reqsize = sizeof(*aead_req) + crypto_aead_reqsize(tfm); + const __le16 *fc; ++ int ret; + + if (data_len < GMAC_MIC_LEN) + return -EINVAL; +@@ -59,10 +60,10 @@ int ieee80211_aes_gmac(struct crypto_aead *tfm, const u8 *aad, u8 *nonce, + aead_request_set_crypt(aead_req, sg, sg, 0, iv); + aead_request_set_ad(aead_req, GMAC_AAD_LEN + data_len); + +- crypto_aead_encrypt(aead_req); ++ ret = crypto_aead_encrypt(aead_req); + kfree_sensitive(aead_req); + +- return 0; ++ return ret; + } + + struct crypto_aead *ieee80211_aes_gmac_key_setup(const u8 key[], +-- +2.30.2 + diff --git a/queue-5.11/mac80211-choose-first-enabled-channel-for-monitor.patch b/queue-5.11/mac80211-choose-first-enabled-channel-for-monitor.patch new file mode 100644 index 00000000000..37975899e38 --- /dev/null +++ b/queue-5.11/mac80211-choose-first-enabled-channel-for-monitor.patch @@ -0,0 +1,53 @@ +From d7066ce4c33028eb4e2475d06addc19304c5f48f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 11 Mar 2021 10:59:07 +0530 +Subject: mac80211: choose first enabled channel for monitor + +From: Karthikeyan Kathirvel + +[ Upstream commit 041c881a0ba8a75f71118bd9766b78f04beed469 ] + +Even if the first channel from sband channel list is invalid +or disabled mac80211 ends up choosing it as the default channel +for monitor interfaces, making them not usable. + +Fix this by assigning the first available valid or enabled +channel instead. + +Signed-off-by: Karthikeyan Kathirvel +Link: https://lore.kernel.org/r/1615440547-7661-1-git-send-email-kathirve@codeaurora.org +[reword commit message, comment, code cleanups] +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/main.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/main.c b/net/mac80211/main.c +index dee88ec566ad..d1023188ef37 100644 +--- a/net/mac80211/main.c ++++ b/net/mac80211/main.c +@@ -970,8 +970,19 @@ int ieee80211_register_hw(struct ieee80211_hw *hw) + continue; + + if (!dflt_chandef.chan) { ++ /* ++ * Assign the first enabled channel to dflt_chandef ++ * from the list of channels ++ */ ++ for (i = 0; i < sband->n_channels; i++) ++ if (!(sband->channels[i].flags & ++ IEEE80211_CHAN_DISABLED)) ++ break; ++ /* if none found then use the first anyway */ ++ if (i == sband->n_channels) ++ i = 0; + cfg80211_chandef_create(&dflt_chandef, +- &sband->channels[0], ++ &sband->channels[i], + NL80211_CHAN_NO_HT); + /* init channel we're on */ + if (!local->use_chanctx && !local->_oper_chandef.chan) { +-- +2.30.2 + diff --git a/queue-5.11/math-export-mul_u64_u64_div_u64.patch b/queue-5.11/math-export-mul_u64_u64_div_u64.patch new file mode 100644 index 00000000000..fb448ab4cc1 --- /dev/null +++ b/queue-5.11/math-export-mul_u64_u64_div_u64.patch @@ -0,0 +1,29 @@ +From 83f0f2dc5d0a264ab71533b1ddf29ddd4013bfed Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 16:42:54 -0700 +Subject: math: Export mul_u64_u64_div_u64 + +From: David S. Miller + +[ Upstream commit bf45947864764548697e7515fe693e10f173f312 ] + +Fixes: f51d7bf1dbe5 ("ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation") +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + lib/math/div64.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/math/div64.c b/lib/math/div64.c +index 064d68a5391a..46866394fc84 100644 +--- a/lib/math/div64.c ++++ b/lib/math/div64.c +@@ -232,4 +232,5 @@ u64 mul_u64_u64_div_u64(u64 a, u64 b, u64 c) + + return res + div64_u64(a * b, c); + } ++EXPORT_SYMBOL(mul_u64_u64_div_u64); + #endif +-- +2.30.2 + diff --git a/queue-5.11/misdn-fix-crash-in-fritzpci.patch b/queue-5.11/misdn-fix-crash-in-fritzpci.patch new file mode 100644 index 00000000000..34b83088f46 --- /dev/null +++ b/queue-5.11/misdn-fix-crash-in-fritzpci.patch @@ -0,0 +1,86 @@ +From 10bf2767054cc4ae39f44d6467e84eeb426af98e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 23:27:35 -0500 +Subject: mISDN: fix crash in fritzpci + +From: Tong Zhang + +[ Upstream commit a9f81244d2e33e6dfcef120fefd30c96b3f7cdb0 ] + +setup_fritz() in avmfritz.c might fail with -EIO and in this case the +isac.type and isac.write_reg is not initialized and remains 0(NULL). +A subsequent call to isac_release() will dereference isac->write_reg and +crash. + +[ 1.737444] BUG: kernel NULL pointer dereference, address: 0000000000000000 +[ 1.737809] #PF: supervisor instruction fetch in kernel mode +[ 1.738106] #PF: error_code(0x0010) - not-present page +[ 1.738378] PGD 0 P4D 0 +[ 1.738515] Oops: 0010 [#1] SMP NOPTI +[ 1.738711] CPU: 0 PID: 180 Comm: systemd-udevd Not tainted 5.12.0-rc2+ #78 +[ 1.739077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-48-gd9c812dda519-p +rebuilt.qemu.org 04/01/2014 +[ 1.739664] RIP: 0010:0x0 +[ 1.739807] Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6. +[ 1.740200] RSP: 0018:ffffc9000027ba10 EFLAGS: 00010202 +[ 1.740478] RAX: 0000000000000000 RBX: ffff888102f41840 RCX: 0000000000000027 +[ 1.740853] RDX: 00000000000000ff RSI: 0000000000000020 RDI: ffff888102f41800 +[ 1.741226] RBP: ffffc9000027ba20 R08: ffff88817bc18440 R09: ffffc9000027b808 +[ 1.741600] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888102f41840 +[ 1.741976] R13: 00000000fffffffb R14: ffff888102f41800 R15: ffff8881008b0000 +[ 1.742351] FS: 00007fda3a38a8c0(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 +[ 1.742774] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1.743076] CR2: ffffffffffffffd6 CR3: 00000001021ec000 CR4: 00000000000006f0 +[ 1.743452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1.743828] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1.744206] Call Trace: +[ 1.744339] isac_release+0xcc/0xe0 [mISDNipac] +[ 1.744582] fritzpci_probe.cold+0x282/0x739 [avmfritz] +[ 1.744861] local_pci_probe+0x48/0x80 +[ 1.745063] pci_device_probe+0x10f/0x1c0 +[ 1.745278] really_probe+0xfb/0x420 +[ 1.745471] driver_probe_device+0xe9/0x160 +[ 1.745693] device_driver_attach+0x5d/0x70 +[ 1.745917] __driver_attach+0x8f/0x150 +[ 1.746123] ? device_driver_attach+0x70/0x70 +[ 1.746354] bus_for_each_dev+0x7e/0xc0 +[ 1.746560] driver_attach+0x1e/0x20 +[ 1.746751] bus_add_driver+0x152/0x1f0 +[ 1.746957] driver_register+0x74/0xd0 +[ 1.747157] ? 0xffffffffc00d8000 +[ 1.747334] __pci_register_driver+0x54/0x60 +[ 1.747562] AVM_init+0x36/0x1000 [avmfritz] +[ 1.747791] do_one_initcall+0x48/0x1d0 +[ 1.747997] ? __cond_resched+0x19/0x30 +[ 1.748206] ? kmem_cache_alloc_trace+0x390/0x440 +[ 1.748458] ? do_init_module+0x28/0x250 +[ 1.748669] do_init_module+0x62/0x250 +[ 1.748870] load_module+0x23ee/0x26a0 +[ 1.749073] __do_sys_finit_module+0xc2/0x120 +[ 1.749307] ? __do_sys_finit_module+0xc2/0x120 +[ 1.749549] __x64_sys_finit_module+0x1a/0x20 +[ 1.749782] do_syscall_64+0x38/0x90 + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/isdn/hardware/mISDN/mISDNipac.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/isdn/hardware/mISDN/mISDNipac.c b/drivers/isdn/hardware/mISDN/mISDNipac.c +index ec475087fbf9..39f841b42488 100644 +--- a/drivers/isdn/hardware/mISDN/mISDNipac.c ++++ b/drivers/isdn/hardware/mISDN/mISDNipac.c +@@ -694,7 +694,7 @@ isac_release(struct isac_hw *isac) + { + if (isac->type & IPAC_TYPE_ISACX) + WriteISAC(isac, ISACX_MASK, 0xff); +- else ++ else if (isac->type != 0) + WriteISAC(isac, ISAC_MASK, 0xff); + if (isac->dch.timer.function != NULL) { + del_timer(&isac->dch.timer); +-- +2.30.2 + diff --git a/queue-5.11/net-arcnet-com20020-fix-error-handling.patch b/queue-5.11/net-arcnet-com20020-fix-error-handling.patch new file mode 100644 index 00000000000..baf714db7be --- /dev/null +++ b/queue-5.11/net-arcnet-com20020-fix-error-handling.patch @@ -0,0 +1,136 @@ +From b1fe970fecf9af352dc2286ae4a44d310e8163c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 14 Mar 2021 14:08:36 -0400 +Subject: net: arcnet: com20020 fix error handling + +From: Tong Zhang + +[ Upstream commit 6577b9a551aedb86bca6d4438c28386361845108 ] + +There are two issues when handling error case in com20020pci_probe() + +1. priv might be not initialized yet when calling com20020pci_remove() +from com20020pci_probe(), since the priv is set at the very last but it +can jump to error handling in the middle and priv remains NULL. +2. memory leak - the net device is allocated in alloc_arcdev but not +properly released if error happens in the middle of the big for loop + +[ 1.529110] BUG: kernel NULL pointer dereference, address: 0000000000000008 +[ 1.531447] RIP: 0010:com20020pci_remove+0x15/0x60 [com20020_pci] +[ 1.536805] Call Trace: +[ 1.536939] com20020pci_probe+0x3f2/0x48c [com20020_pci] +[ 1.537226] local_pci_probe+0x48/0x80 +[ 1.539918] com20020pci_init+0x3f/0x1000 [com20020_pci] + +Signed-off-by: Tong Zhang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/arcnet/com20020-pci.c | 34 +++++++++++++++++-------------- + 1 file changed, 19 insertions(+), 15 deletions(-) + +diff --git a/drivers/net/arcnet/com20020-pci.c b/drivers/net/arcnet/com20020-pci.c +index 8bdc44b7e09a..3c8f665c1558 100644 +--- a/drivers/net/arcnet/com20020-pci.c ++++ b/drivers/net/arcnet/com20020-pci.c +@@ -127,6 +127,8 @@ static int com20020pci_probe(struct pci_dev *pdev, + int i, ioaddr, ret; + struct resource *r; + ++ ret = 0; ++ + if (pci_enable_device(pdev)) + return -EIO; + +@@ -139,6 +141,8 @@ static int com20020pci_probe(struct pci_dev *pdev, + priv->ci = ci; + mm = &ci->misc_map; + ++ pci_set_drvdata(pdev, priv); ++ + INIT_LIST_HEAD(&priv->list_dev); + + if (mm->size) { +@@ -161,7 +165,7 @@ static int com20020pci_probe(struct pci_dev *pdev, + dev = alloc_arcdev(device); + if (!dev) { + ret = -ENOMEM; +- goto out_port; ++ break; + } + dev->dev_port = i; + +@@ -178,7 +182,7 @@ static int com20020pci_probe(struct pci_dev *pdev, + pr_err("IO region %xh-%xh already allocated\n", + ioaddr, ioaddr + cm->size - 1); + ret = -EBUSY; +- goto out_port; ++ goto err_free_arcdev; + } + + /* Dummy access after Reset +@@ -216,18 +220,18 @@ static int com20020pci_probe(struct pci_dev *pdev, + if (arcnet_inb(ioaddr, COM20020_REG_R_STATUS) == 0xFF) { + pr_err("IO address %Xh is empty!\n", ioaddr); + ret = -EIO; +- goto out_port; ++ goto err_free_arcdev; + } + if (com20020_check(dev)) { + ret = -EIO; +- goto out_port; ++ goto err_free_arcdev; + } + + card = devm_kzalloc(&pdev->dev, sizeof(struct com20020_dev), + GFP_KERNEL); + if (!card) { + ret = -ENOMEM; +- goto out_port; ++ goto err_free_arcdev; + } + + card->index = i; +@@ -253,29 +257,29 @@ static int com20020pci_probe(struct pci_dev *pdev, + + ret = devm_led_classdev_register(&pdev->dev, &card->tx_led); + if (ret) +- goto out_port; ++ goto err_free_arcdev; + + ret = devm_led_classdev_register(&pdev->dev, &card->recon_led); + if (ret) +- goto out_port; ++ goto err_free_arcdev; + + dev_set_drvdata(&dev->dev, card); + + ret = com20020_found(dev, IRQF_SHARED); + if (ret) +- goto out_port; ++ goto err_free_arcdev; + + devm_arcnet_led_init(dev, dev->dev_id, i); + + list_add(&card->list, &priv->list_dev); +- } ++ continue; + +- pci_set_drvdata(pdev, priv); +- +- return 0; +- +-out_port: +- com20020pci_remove(pdev); ++err_free_arcdev: ++ free_arcdev(dev); ++ break; ++ } ++ if (ret) ++ com20020pci_remove(pdev); + return ret; + } + +-- +2.30.2 + diff --git a/queue-5.11/net-ipa-fix-init-header-command-validation.patch b/queue-5.11/net-ipa-fix-init-header-command-validation.patch new file mode 100644 index 00000000000..9d6dd40ce92 --- /dev/null +++ b/queue-5.11/net-ipa-fix-init-header-command-validation.patch @@ -0,0 +1,119 @@ +From 40aa85b78f38869391a63800feaa106783c0520d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sat, 20 Mar 2021 09:17:28 -0500 +Subject: net: ipa: fix init header command validation + +From: Alex Elder + +[ Upstream commit b4afd4b90a7cfe54c7cd9db49e3c36d552325eac ] + +We use ipa_cmd_header_valid() to ensure certain values we will +program into hardware are within range, well in advance of when we +actually program them. This way we avoid having to check for errors +when we actually program the hardware. + +Unfortunately the dev_err() call for a bad offset value does not +supply the arguments to match the format specifiers properly. +Fix this. + +There was also supposed to be a check to ensure the size to be +programmed fits in the field that holds it. Add this missing check. + +Rearrange the way we ensure the header table fits in overall IPA +memory range. + +Finally, update ipa_cmd_table_valid() so the format of messages +printed for errors matches what's done in ipa_cmd_header_valid(). + +Signed-off-by: Alex Elder +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ipa/ipa_cmd.c | 50 ++++++++++++++++++++++++++------------- + 1 file changed, 33 insertions(+), 17 deletions(-) + +diff --git a/drivers/net/ipa/ipa_cmd.c b/drivers/net/ipa/ipa_cmd.c +index eb65a11e33ea..1ce013a2d6ed 100644 +--- a/drivers/net/ipa/ipa_cmd.c ++++ b/drivers/net/ipa/ipa_cmd.c +@@ -175,21 +175,23 @@ bool ipa_cmd_table_valid(struct ipa *ipa, const struct ipa_mem *mem, + : field_max(IP_FLTRT_FLAGS_NHASH_ADDR_FMASK); + if (mem->offset > offset_max || + ipa->mem_offset > offset_max - mem->offset) { +- dev_err(dev, "IPv%c %s%s table region offset too large " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipv6 ? '6' : '4', hashed ? "hashed " : "", +- route ? "route" : "filter", +- ipa->mem_offset, mem->offset, offset_max); ++ dev_err(dev, "IPv%c %s%s table region offset too large\n", ++ ipv6 ? '6' : '4', hashed ? "hashed " : "", ++ route ? "route" : "filter"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ ipa->mem_offset, mem->offset, offset_max); ++ + return false; + } + + if (mem->offset > ipa->mem_size || + mem->size > ipa->mem_size - mem->offset) { +- dev_err(dev, "IPv%c %s%s table region out of range " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipv6 ? '6' : '4', hashed ? "hashed " : "", +- route ? "route" : "filter", +- mem->offset, mem->size, ipa->mem_size); ++ dev_err(dev, "IPv%c %s%s table region out of range\n", ++ ipv6 ? '6' : '4', hashed ? "hashed " : "", ++ route ? "route" : "filter"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ mem->offset, mem->size, ipa->mem_size); ++ + return false; + } + +@@ -205,22 +207,36 @@ static bool ipa_cmd_header_valid(struct ipa *ipa) + u32 size_max; + u32 size; + ++ /* In ipa_cmd_hdr_init_local_add() we record the offset and size ++ * of the header table memory area. Make sure the offset and size ++ * fit in the fields that need to hold them, and that the entire ++ * range is within the overall IPA memory range. ++ */ + offset_max = field_max(HDR_INIT_LOCAL_FLAGS_HDR_ADDR_FMASK); + if (mem->offset > offset_max || + ipa->mem_offset > offset_max - mem->offset) { +- dev_err(dev, "header table region offset too large " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- ipa->mem_offset + mem->offset, offset_max); ++ dev_err(dev, "header table region offset too large\n"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ ipa->mem_offset, mem->offset, offset_max); ++ + return false; + } + + size_max = field_max(HDR_INIT_LOCAL_FLAGS_TABLE_SIZE_FMASK); + size = ipa->mem[IPA_MEM_MODEM_HEADER].size; + size += ipa->mem[IPA_MEM_AP_HEADER].size; +- if (mem->offset > ipa->mem_size || size > ipa->mem_size - mem->offset) { +- dev_err(dev, "header table region out of range " +- "(0x%04x + 0x%04x > 0x%04x)\n", +- mem->offset, size, ipa->mem_size); ++ ++ if (size > size_max) { ++ dev_err(dev, "header table region size too large\n"); ++ dev_err(dev, " (0x%04x > 0x%08x)\n", size, size_max); ++ ++ return false; ++ } ++ if (size > ipa->mem_size || mem->offset > ipa->mem_size - size) { ++ dev_err(dev, "header table region out of range\n"); ++ dev_err(dev, " (0x%04x + 0x%04x > 0x%04x)\n", ++ mem->offset, size, ipa->mem_size); ++ + return false; + } + +-- +2.30.2 + diff --git a/queue-5.11/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch b/queue-5.11/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch new file mode 100644 index 00000000000..538b366f53c --- /dev/null +++ b/queue-5.11/net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch @@ -0,0 +1,40 @@ +From a1fd86219d7c25bc16939b015f31925f5ae9c5ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 12 Jan 2021 13:29:14 +0200 +Subject: net/mlx5e: Enforce minimum value check for ICOSQ size + +From: Tariq Toukan + +[ Upstream commit 5115daa675ccf70497fe56e8916cf738d8212c10 ] + +The ICOSQ size should not go below MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE. +Enforce this where it's missing. + +Signed-off-by: Tariq Toukan +Reviewed-by: Maxim Mikityanskiy +Reviewed-by: Saeed Mahameed +Signed-off-by: Saeed Mahameed +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +index aaa5a56b44c7..b6324d11a008 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +@@ -2317,8 +2317,9 @@ static u8 mlx5e_build_icosq_log_wq_sz(struct mlx5e_params *params, + { + switch (params->rq_wq_type) { + case MLX5_WQ_TYPE_LINKED_LIST_STRIDING_RQ: +- return order_base_2(MLX5E_UMR_WQEBBS) + +- mlx5e_get_rq_log_wq_sz(rqp->rqc); ++ return max_t(u8, MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE, ++ order_base_2(MLX5E_UMR_WQEBBS) + ++ mlx5e_get_rq_log_wq_sz(rqp->rqc)); + default: /* MLX5_WQ_TYPE_CYCLIC */ + return MLX5E_PARAMS_MINIMUM_LOG_SQ_SIZE; + } +-- +2.30.2 + diff --git a/queue-5.11/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch b/queue-5.11/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch new file mode 100644 index 00000000000..10cd16c3fee --- /dev/null +++ b/queue-5.11/net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch @@ -0,0 +1,42 @@ +From 1c3111c07aa23dfe3e1de1d0b26e54158b98977d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 10 Mar 2021 11:10:46 +0300 +Subject: net: pxa168_eth: Fix a potential data race in pxa168_eth_remove + +From: Pavel Andrianov + +[ Upstream commit 0571a753cb07982cc82f4a5115e0b321da89e1f3 ] + +pxa168_eth_remove() firstly calls unregister_netdev(), +then cancels a timeout work. unregister_netdev() shuts down a device +interface and removes it from the kernel tables. If the timeout occurs +in parallel, the timeout work (pxa168_eth_tx_timeout_task) performs stop +and open of the device. It may lead to an inconsistent state and memory +leaks. + +Found by Linux Driver Verification project (linuxtesting.org). + +Signed-off-by: Pavel Andrianov +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/marvell/pxa168_eth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/pxa168_eth.c b/drivers/net/ethernet/marvell/pxa168_eth.c +index d1e4d42e497d..3712e1786091 100644 +--- a/drivers/net/ethernet/marvell/pxa168_eth.c ++++ b/drivers/net/ethernet/marvell/pxa168_eth.c +@@ -1544,8 +1544,8 @@ static int pxa168_eth_remove(struct platform_device *pdev) + clk_disable_unprepare(pep->clk); + mdiobus_unregister(pep->smi_bus); + mdiobus_free(pep->smi_bus); +- unregister_netdev(dev); + cancel_work_sync(&pep->tx_timeout_task); ++ unregister_netdev(dev); + free_netdev(dev); + return 0; + } +-- +2.30.2 + diff --git a/queue-5.11/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch b/queue-5.11/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch new file mode 100644 index 00000000000..fa123968ad0 --- /dev/null +++ b/queue-5.11/netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch @@ -0,0 +1,36 @@ +From 4e5e8332773b09aad33615cd3228906dd39d93f9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 4 Mar 2021 04:10:50 -0500 +Subject: netfilter: conntrack: Fix gre tunneling over ipv6 + +From: Ludovic Senecaux + +[ Upstream commit 8b2030b4305951f44afef80225f1475618e25a73 ] + +This fix permits gre connections to be tracked within ip6tables rules + +Signed-off-by: Ludovic Senecaux +Acked-by: Florian Westphal +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nf_conntrack_proto_gre.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c +index 5b05487a60d2..db11e403d818 100644 +--- a/net/netfilter/nf_conntrack_proto_gre.c ++++ b/net/netfilter/nf_conntrack_proto_gre.c +@@ -218,9 +218,6 @@ int nf_conntrack_gre_packet(struct nf_conn *ct, + enum ip_conntrack_info ctinfo, + const struct nf_hook_state *state) + { +- if (state->pf != NFPROTO_IPV4) +- return -NF_ACCEPT; +- + if (!nf_ct_is_confirmed(ct)) { + unsigned int *timeouts = nf_ct_timeout_lookup(ct); + +-- +2.30.2 + diff --git a/queue-5.11/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch b/queue-5.11/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch new file mode 100644 index 00000000000..4f9e046b314 --- /dev/null +++ b/queue-5.11/netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch @@ -0,0 +1,36 @@ +From f44ccd4a077c60ac4a6302f5bdcf3ab53f6274a8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 17 Mar 2021 21:19:57 +0100 +Subject: netfilter: nftables: skip hook overlap logic if flowtable is stale + +From: Pablo Neira Ayuso + +[ Upstream commit 86fe2c19eec4728fd9a42ba18f3b47f0d5f9fd7c ] + +If the flowtable has been previously removed in this batch, skip the +hook overlap checks. This fixes spurious EEXIST errors when removing and +adding the flowtable in the same batch. + +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Sasha Levin +--- + net/netfilter/nf_tables_api.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c +index 24a7a6b17268..93d4bb39afb3 100644 +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -6749,6 +6749,9 @@ static int nft_register_flowtable_net_hooks(struct net *net, + + list_for_each_entry(hook, hook_list, list) { + list_for_each_entry(ft, &table->flowtables, list) { ++ if (!nft_is_active_next(net, ft)) ++ continue; ++ + list_for_each_entry(hook2, &ft->hook_list, list) { + if (hook->ops.dev == hook2->ops.dev && + hook->ops.pf == hook2->ops.pf) { +-- +2.30.2 + diff --git a/queue-5.11/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch b/queue-5.11/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch new file mode 100644 index 00000000000..50ff0f79c12 --- /dev/null +++ b/queue-5.11/platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch @@ -0,0 +1,44 @@ +From 9d5788253caa01040d1463edc960716e7ea7904d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Feb 2021 15:15:59 +0100 +Subject: platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 + +From: Alban Bedel + +[ Upstream commit 56678a5f44ef5f0ad9a67194bbee2280c6286534 ] + +Like a few other system the Lenovo ThinkPad X1 Tablet Gen 2 miss the +HEBC method, which prevent the power button from working. Add a quirk +to enable the button array on this system family and fix the power +button. + +Signed-off-by: Alban Bedel +Tested-by: Alexander Kobel +Link: https://lore.kernel.org/r/20210222141559.3775-1-albeu@free.fr +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel-hid.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/platform/x86/intel-hid.c b/drivers/platform/x86/intel-hid.c +index 2f5b8d09143e..57cc92891a57 100644 +--- a/drivers/platform/x86/intel-hid.c ++++ b/drivers/platform/x86/intel-hid.c +@@ -90,6 +90,13 @@ static const struct dmi_system_id button_array_table[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "HP Spectre x2 Detachable"), + }, + }, ++ { ++ .ident = "Lenovo ThinkPad X1 Tablet Gen 2", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "LENOVO"), ++ DMI_MATCH(DMI_PRODUCT_FAMILY, "ThinkPad X1 Tablet Gen 2"), ++ }, ++ }, + { } + }; + +-- +2.30.2 + diff --git a/queue-5.11/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch b/queue-5.11/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch new file mode 100644 index 00000000000..6f42ef0f8d7 --- /dev/null +++ b/queue-5.11/platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch @@ -0,0 +1,112 @@ +From 99b0572286ecb0afd9f148de1602076e78f43b9f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 13:18:44 -0700 +Subject: platform/x86: intel_pmc_core: Ignore GBE LTR on Tiger Lake platforms + +From: David E. Box + +[ Upstream commit d1635448f1105e549b4041aab930dbc6945fc635 ] + +Due to a HW limitation, the Latency Tolerance Reporting (LTR) value +programmed in the Tiger Lake GBE controller is not large enough to allow +the platform to enter Package C10, which in turn prevents the platform from +achieving its low power target during suspend-to-idle. Ignore the GBE LTR +value on Tiger Lake. LTR ignore functionality is currently performed solely +by a debugfs write call. Split out the LTR code into its own function that +can be called by both the debugfs writer and by this work around. + +Signed-off-by: David E. Box +Reviewed-by: Sasha Neftin +Cc: intel-wired-lan@lists.osuosl.org +Reviewed-by: Rajneesh Bhardwaj +Link: https://lore.kernel.org/r/20210319201844.3305399-2-david.e.box@linux.intel.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel_pmc_core.c | 50 +++++++++++++++++++-------- + 1 file changed, 35 insertions(+), 15 deletions(-) + +diff --git a/drivers/platform/x86/intel_pmc_core.c b/drivers/platform/x86/intel_pmc_core.c +index ee2f757515b0..b5888aeb4bcf 100644 +--- a/drivers/platform/x86/intel_pmc_core.c ++++ b/drivers/platform/x86/intel_pmc_core.c +@@ -863,34 +863,45 @@ static int pmc_core_pll_show(struct seq_file *s, void *unused) + } + DEFINE_SHOW_ATTRIBUTE(pmc_core_pll); + +-static ssize_t pmc_core_ltr_ignore_write(struct file *file, +- const char __user *userbuf, +- size_t count, loff_t *ppos) ++static int pmc_core_send_ltr_ignore(u32 value) + { + struct pmc_dev *pmcdev = &pmc; + const struct pmc_reg_map *map = pmcdev->map; +- u32 val, buf_size, fd; +- int err; +- +- buf_size = count < 64 ? count : 64; +- +- err = kstrtou32_from_user(userbuf, buf_size, 10, &val); +- if (err) +- return err; ++ u32 reg; ++ int err = 0; + + mutex_lock(&pmcdev->lock); + +- if (val > map->ltr_ignore_max) { ++ if (value > map->ltr_ignore_max) { + err = -EINVAL; + goto out_unlock; + } + +- fd = pmc_core_reg_read(pmcdev, map->ltr_ignore_offset); +- fd |= (1U << val); +- pmc_core_reg_write(pmcdev, map->ltr_ignore_offset, fd); ++ reg = pmc_core_reg_read(pmcdev, map->ltr_ignore_offset); ++ reg |= BIT(value); ++ pmc_core_reg_write(pmcdev, map->ltr_ignore_offset, reg); + + out_unlock: + mutex_unlock(&pmcdev->lock); ++ ++ return err; ++} ++ ++static ssize_t pmc_core_ltr_ignore_write(struct file *file, ++ const char __user *userbuf, ++ size_t count, loff_t *ppos) ++{ ++ u32 buf_size, value; ++ int err; ++ ++ buf_size = min_t(u32, count, 64); ++ ++ err = kstrtou32_from_user(userbuf, buf_size, 10, &value); ++ if (err) ++ return err; ++ ++ err = pmc_core_send_ltr_ignore(value); ++ + return err == 0 ? count : err; + } + +@@ -1244,6 +1255,15 @@ static int pmc_core_probe(struct platform_device *pdev) + pmcdev->pmc_xram_read_bit = pmc_core_check_read_lock_bit(); + dmi_check_system(pmc_core_dmi_table); + ++ /* ++ * On TGL, due to a hardware limitation, the GBE LTR blocks PC10 when ++ * a cable is attached. Tell the PMC to ignore it. ++ */ ++ if (pmcdev->map == &tgl_reg_map) { ++ dev_dbg(&pdev->dev, "ignoring GBE LTR\n"); ++ pmc_core_send_ltr_ignore(3); ++ } ++ + pmc_core_dbgfs_register(pmcdev); + + device_initialized = true; +-- +2.30.2 + diff --git a/queue-5.11/platform-x86-intel_pmt_class-initial-resource-to-0.patch b/queue-5.11/platform-x86-intel_pmt_class-initial-resource-to-0.patch new file mode 100644 index 00000000000..18ed948a4c1 --- /dev/null +++ b/queue-5.11/platform-x86-intel_pmt_class-initial-resource-to-0.patch @@ -0,0 +1,36 @@ +From 68f18b920ad0f58ddd32b384ef987dc2f145fc93 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Mar 2021 19:44:54 -0700 +Subject: platform/x86: intel_pmt_class: Initial resource to 0 + +From: David E. Box + +[ Upstream commit 7547deff8a221e6bf1e563cf1b636844a8e5378a ] + +Initialize the struct resource in intel_pmt_dev_register to zero to avoid a +fault should the char *name field be non-zero. + +Signed-off-by: David E. Box +Link: https://lore.kernel.org/r/20210317024455.3071477-1-david.e.box@linux.intel.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/intel_pmt_class.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/platform/x86/intel_pmt_class.c b/drivers/platform/x86/intel_pmt_class.c +index c8939fba4509..ee2b3bbeb83d 100644 +--- a/drivers/platform/x86/intel_pmt_class.c ++++ b/drivers/platform/x86/intel_pmt_class.c +@@ -173,7 +173,7 @@ static int intel_pmt_dev_register(struct intel_pmt_entry *entry, + struct intel_pmt_namespace *ns, + struct device *parent) + { +- struct resource res; ++ struct resource res = {0}; + struct device *dev; + int ret; + +-- +2.30.2 + diff --git a/queue-5.11/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch b/queue-5.11/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch new file mode 100644 index 00000000000..1a1b6479c30 --- /dev/null +++ b/queue-5.11/platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch @@ -0,0 +1,72 @@ +From 69ebfabeec0a451c758b67e3fbcaf3a9bcaf758b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 15 Mar 2021 20:58:24 +0100 +Subject: platform/x86: thinkpad_acpi: Allow the FnLock LED to change state + +From: Esteve Varela Colominas + +[ Upstream commit 3d677f12ea3a2097a16ded570623567403dea959 ] + +On many recent ThinkPad laptops, there's a new LED next to the ESC key, +that indicates the FnLock status. +When the Fn+ESC combo is pressed, FnLock is toggled, which causes the +Media Key functionality to change, making it so that the media keys +either perform their media key function, or function as an F-key by +default. The Fn key can be used the access the alternate function at any +time. + +With the current linux kernel, the LED doens't change state if you press +the Fn+ESC key combo. However, the media key functionality *does* +change. This is annoying, since the LED will stay on if it was on during +bootup, and it makes it hard to keep track what the current state of the +FnLock is. + +This patch calls an ACPI function, that gets the current media key +state, when the Fn+ESC key combo is pressed. Through testing it was +discovered that this function causes the LED to update correctly to +reflect the current state when this function is called. + +The relevant ACPI calls are the following: +\_SB_.PCI0.LPC0.EC0_.HKEY.GMKS: Get media key state, returns 0x603 if the FnLock mode is enabled, and 0x602 if it's disabled. +\_SB_.PCI0.LPC0.EC0_.HKEY.SMKS: Set media key state, sending a 1 will enable FnLock mode, and a 0 will disable it. + +Relevant discussion: +https://bugzilla.kernel.org/show_bug.cgi?id=207841 +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1881015 + +Signed-off-by: Esteve Varela Colominas +Link: https://lore.kernel.org/r/20210315195823.23212-1-esteve.varela@gmail.com +Signed-off-by: Hans de Goede +Signed-off-by: Sasha Levin +--- + drivers/platform/x86/thinkpad_acpi.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c +index f3e8eca8d86d..9f8da7155a89 100644 +--- a/drivers/platform/x86/thinkpad_acpi.c ++++ b/drivers/platform/x86/thinkpad_acpi.c +@@ -4080,13 +4080,19 @@ static bool hotkey_notify_6xxx(const u32 hkey, + + case TP_HKEY_EV_KEY_NUMLOCK: + case TP_HKEY_EV_KEY_FN: +- case TP_HKEY_EV_KEY_FN_ESC: + /* key press events, we just ignore them as long as the EC + * is still reporting them in the normal keyboard stream */ + *send_acpi_ev = false; + *ignore_acpi_ev = true; + return true; + ++ case TP_HKEY_EV_KEY_FN_ESC: ++ /* Get the media key status to foce the status LED to update */ ++ acpi_evalf(hkey_handle, NULL, "GMKS", "v"); ++ *send_acpi_ev = false; ++ *ignore_acpi_ev = true; ++ return true; ++ + case TP_HKEY_EV_TABLET_CHANGED: + tpacpi_input_send_tabletsw(); + hotkey_tablet_mode_notify_change(); +-- +2.30.2 + diff --git a/queue-5.11/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch b/queue-5.11/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch new file mode 100644 index 00000000000..410ec31665c --- /dev/null +++ b/queue-5.11/ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch @@ -0,0 +1,54 @@ +From 27bcb8382e5aebea6700cff9db6f80b4578b7637 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 16:02:29 +0800 +Subject: ptp_qoriq: fix overflow in ptp_qoriq_adjfine() u64 calcalation + +From: Yangbo Lu + +[ Upstream commit f51d7bf1dbe5522c51c93fe8faa5f4abbdf339cd ] + +Current calculation for diff of TMR_ADD register value may have +64-bit overflow in this code line, when long type scaled_ppm is +large. + +adj *= scaled_ppm; + +This patch is to resolve it by using mul_u64_u64_div_u64(). + +Signed-off-by: Yangbo Lu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/ptp/ptp_qoriq.c | 13 +++++++------ + 1 file changed, 7 insertions(+), 6 deletions(-) + +diff --git a/drivers/ptp/ptp_qoriq.c b/drivers/ptp/ptp_qoriq.c +index beb5f74944cd..08f4cf0ad9e3 100644 +--- a/drivers/ptp/ptp_qoriq.c ++++ b/drivers/ptp/ptp_qoriq.c +@@ -189,15 +189,16 @@ int ptp_qoriq_adjfine(struct ptp_clock_info *ptp, long scaled_ppm) + tmr_add = ptp_qoriq->tmr_add; + adj = tmr_add; + +- /* calculate diff as adj*(scaled_ppm/65536)/1000000 +- * and round() to the nearest integer ++ /* ++ * Calculate diff and round() to the nearest integer ++ * ++ * diff = adj * (ppb / 1000000000) ++ * = adj * scaled_ppm / 65536000000 + */ +- adj *= scaled_ppm; +- diff = div_u64(adj, 8000000); +- diff = (diff >> 13) + ((diff >> 12) & 1); ++ diff = mul_u64_u64_div_u64(adj, scaled_ppm, 32768000000); ++ diff = DIV64_U64_ROUND_UP(diff, 2); + + tmr_add = neg_adj ? tmr_add - diff : tmr_add + diff; +- + ptp_qoriq->write(®s->ctrl_regs->tmr_add, tmr_add); + + return 0; +-- +2.30.2 + diff --git a/queue-5.11/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch b/queue-5.11/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch new file mode 100644 index 00000000000..b7a05b55eb7 --- /dev/null +++ b/queue-5.11/scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch @@ -0,0 +1,44 @@ +From f41703dd63e3bfe967522b9759053569017d04b9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 22:24:31 +0100 +Subject: scsi: target: pscsi: Clean up after failure in pscsi_map_sg() + +From: Martin Wilck + +[ Upstream commit 36fa766faa0c822c860e636fe82b1affcd022974 ] + +If pscsi_map_sg() fails, make sure to drop references to already allocated +bios. + +Link: https://lore.kernel.org/r/20210323212431.15306-2-mwilck@suse.com +Reviewed-by: Christoph Hellwig +Reviewed-by: Lee Duncan +Signed-off-by: Martin Wilck +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/target/target_core_pscsi.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/target/target_core_pscsi.c b/drivers/target/target_core_pscsi.c +index 7994f27e4527..0689d550c37a 100644 +--- a/drivers/target/target_core_pscsi.c ++++ b/drivers/target/target_core_pscsi.c +@@ -939,6 +939,14 @@ pscsi_map_sg(struct se_cmd *cmd, struct scatterlist *sgl, u32 sgl_nents, + + return 0; + fail: ++ if (bio) ++ bio_put(bio); ++ while (req->bio) { ++ bio = req->bio; ++ req->bio = bio->bi_next; ++ bio_put(bio); ++ } ++ req->biotail = NULL; + return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; + } + +-- +2.30.2 + diff --git a/queue-5.11/selftests-vm-fix-out-of-tree-build.patch b/queue-5.11/selftests-vm-fix-out-of-tree-build.patch new file mode 100644 index 00000000000..e85fb79c2c3 --- /dev/null +++ b/queue-5.11/selftests-vm-fix-out-of-tree-build.patch @@ -0,0 +1,49 @@ +From d477fa93ac2f1407f5586b3665b4d88bbc58e0c6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 21:37:26 -0700 +Subject: selftests/vm: fix out-of-tree build + +From: Rong Chen + +[ Upstream commit 19ec368cbc7ee1915e78c120b7a49c7f14734192 ] + +When building out-of-tree, attempting to make target from $(OUTPUT) directory: + + make[1]: *** No rule to make target '$(OUTPUT)/protection_keys.c', needed by '$(OUTPUT)/protection_keys_32'. + +Link: https://lkml.kernel.org/r/20210315094700.522753-1-rong.a.chen@intel.com +Signed-off-by: Rong Chen +Reported-by: kernel test robot +Cc: Shuah Khan +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + tools/testing/selftests/vm/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/testing/selftests/vm/Makefile b/tools/testing/selftests/vm/Makefile +index d42115e4284d..8b0cd421ebd3 100644 +--- a/tools/testing/selftests/vm/Makefile ++++ b/tools/testing/selftests/vm/Makefile +@@ -101,7 +101,7 @@ endef + ifeq ($(CAN_BUILD_I386),1) + $(BINARIES_32): CFLAGS += -m32 + $(BINARIES_32): LDLIBS += -lrt -ldl -lm +-$(BINARIES_32): %_32: %.c ++$(BINARIES_32): $(OUTPUT)/%_32: %.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ + $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-32,$(t)))) + endif +@@ -109,7 +109,7 @@ endif + ifeq ($(CAN_BUILD_X86_64),1) + $(BINARIES_64): CFLAGS += -m64 + $(BINARIES_64): LDLIBS += -lrt -ldl +-$(BINARIES_64): %_64: %.c ++$(BINARIES_64): $(OUTPUT)/%_64: %.c + $(CC) $(CFLAGS) $(EXTRA_CFLAGS) $(notdir $^) $(LDLIBS) -o $@ + $(foreach t,$(TARGETS),$(eval $(call gen-target-rule-64,$(t)))) + endif +-- +2.30.2 + diff --git a/queue-5.11/series b/queue-5.11/series new file mode 100644 index 00000000000..e2855cf6d74 --- /dev/null +++ b/queue-5.11/series @@ -0,0 +1,36 @@ +arm-dts-am33xx-add-aliases-for-mmc-interfaces.patch +bus-ti-sysc-fix-warning-on-unbind-if-reset-is-not-de.patch +drm-msm-a6xx-make-sure-the-sqe-microcode-is-safe.patch +platform-x86-intel-hid-support-lenovo-thinkpad-x1-ta.patch +bpf-x86-use-kvmalloc_array-instead-kmalloc_array-in-.patch +net-mlx5e-enforce-minimum-value-check-for-icosq-size.patch +net-pxa168_eth-fix-a-potential-data-race-in-pxa168_e.patch +kunit-tool-fix-a-python-tuple-typing-error.patch +misdn-fix-crash-in-fritzpci.patch +net-arcnet-com20020-fix-error-handling.patch +can-kvaser_usb-add-support-for-usbcan-pro-4xhs.patch +mac80211-check-crypto_aead_encrypt-for-errors.patch +mac80211-choose-first-enabled-channel-for-monitor.patch +drm-msm-dsi_pll_7nm-fix-variable-usage-for-pll_lockd.patch +drm-msm-adreno-a5xx_power-don-t-apply-a540-lm_setup-.patch +drm-msm-ratelimit-invalid-fence-message.patch +netfilter-conntrack-fix-gre-tunneling-over-ipv6.patch +netfilter-nftables-skip-hook-overlap-logic-if-flowta.patch +net-ipa-fix-init-header-command-validation.patch +platform-x86-thinkpad_acpi-allow-the-fnlock-led-to-c.patch +kselftest-arm64-sve-do-not-use-non-canonical-ffr-reg.patch +drm-msm-disp-dpu1-icc-path-needs-to-be-set-before-dp.patch +x86-build-turn-off-fcf-protection-for-realmode-targe.patch +block-clear-gd_need_part_scan-later-in-bdev_disk_cha.patch +platform-x86-intel_pmt_class-initial-resource-to-0.patch +platform-x86-intel_pmc_core-ignore-gbe-ltr-on-tiger-.patch +ptp_qoriq-fix-overflow-in-ptp_qoriq_adjfine-u64-calc.patch +scsi-target-pscsi-clean-up-after-failure-in-pscsi_ma.patch +arm64-kernel-disable-cnp-on-carmel.patch +selftests-vm-fix-out-of-tree-build.patch +ia64-mca-allocate-early-mca-with-gfp_atomic.patch +ia64-fix-format-strings-for-err_inject.patch +cifs-revalidate-mapping-when-we-open-files-for-smb1-.patch +cifs-silently-ignore-unknown-oplock-break-handle.patch +io_uring-fix-timeout-cancel-return-code.patch +math-export-mul_u64_u64_div_u64.patch diff --git a/queue-5.11/x86-build-turn-off-fcf-protection-for-realmode-targe.patch b/queue-5.11/x86-build-turn-off-fcf-protection-for-realmode-targe.patch new file mode 100644 index 00000000000..4d79030fac5 --- /dev/null +++ b/queue-5.11/x86-build-turn-off-fcf-protection-for-realmode-targe.patch @@ -0,0 +1,43 @@ +From 4c69508142b7a737831ce26273e0bbb734684e20 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 13:48:36 +0100 +Subject: x86/build: Turn off -fcf-protection for realmode targets +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Arnd Bergmann + +[ Upstream commit 9fcb51c14da2953de585c5c6e50697b8a6e91a7b ] + +The new Ubuntu GCC packages turn on -fcf-protection globally, +which causes a build failure in the x86 realmode code: + + cc1: error: ‘-fcf-protection’ is not compatible with this target + +Turn it off explicitly on compilers that understand this option. + +Signed-off-by: Arnd Bergmann +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/20210323124846.1584944-1-arnd@kernel.org +Signed-off-by: Sasha Levin +--- + arch/x86/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/Makefile b/arch/x86/Makefile +index 30920d70b48b..828f24d547b2 100644 +--- a/arch/x86/Makefile ++++ b/arch/x86/Makefile +@@ -27,7 +27,7 @@ endif + REALMODE_CFLAGS := -m16 -g -Os -DDISABLE_BRANCH_PROFILING \ + -Wall -Wstrict-prototypes -march=i386 -mregparm=3 \ + -fno-strict-aliasing -fomit-frame-pointer -fno-pic \ +- -mno-mmx -mno-sse ++ -mno-mmx -mno-sse $(call cc-option,-fcf-protection=none) + + REALMODE_CFLAGS += -ffreestanding + REALMODE_CFLAGS += -fno-stack-protector +-- +2.30.2 +