From: Sasha Levin Date: Sat, 17 Apr 2021 23:26:59 +0000 (-0400) Subject: Fixes for 5.11 X-Git-Tag: v5.4.114~51 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a28abea13286e62fae9a793bdec2bbe8ca74c3e;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.11 Signed-off-by: Sasha Levin --- diff --git a/queue-5.11/acpi-x86-call-acpi_boot_table_init-after-acpi_table_.patch b/queue-5.11/acpi-x86-call-acpi_boot_table_init-after-acpi_table_.patch new file mode 100644 index 00000000000..07a64d770b2 --- /dev/null +++ b/queue-5.11/acpi-x86-call-acpi_boot_table_init-after-acpi_table_.patch @@ -0,0 +1,53 @@ +From 4327b945d2f8a7f687b6e35772478510d9df8bf1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 13 Apr 2021 16:01:00 +0200 +Subject: ACPI: x86: Call acpi_boot_table_init() after acpi_table_upgrade() + +From: Rafael J. Wysocki + +[ Upstream commit 6998a8800d73116187aad542391ce3b2dd0f9e30 ] + +Commit 1a1c130ab757 ("ACPI: tables: x86: Reserve memory occupied by +ACPI tables") attempted to address an issue with reserving the memory +occupied by ACPI tables, but it broke the initrd-based table override +mechanism relied on by multiple users. + +To restore the initrd-based ACPI table override functionality, move +the acpi_boot_table_init() invocation in setup_arch() on x86 after +the acpi_table_upgrade() one. + +Fixes: 1a1c130ab757 ("ACPI: tables: x86: Reserve memory occupied by ACPI tables") +Reported-by: Hans de Goede +Tested-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/setup.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c +index df964571a6b4..54a3048ebc5b 100644 +--- a/arch/x86/kernel/setup.c ++++ b/arch/x86/kernel/setup.c +@@ -1046,9 +1046,6 @@ void __init setup_arch(char **cmdline_p) + + cleanup_highmap(); + +- /* Look for ACPI tables and reserve memory occupied by them. */ +- acpi_boot_table_init(); +- + memblock_set_current_limit(ISA_END_ADDRESS); + e820__memblock_setup(); + +@@ -1133,6 +1130,8 @@ void __init setup_arch(char **cmdline_p) + reserve_initrd(); + + acpi_table_upgrade(); ++ /* Look for ACPI tables and reserve memory occupied by them. */ ++ acpi_boot_table_init(); + + vsmp_init(); + +-- +2.30.2 + diff --git a/queue-5.11/amd_sfh-add-dmi-quirk-table-for-bios-es-which-don-t-.patch b/queue-5.11/amd_sfh-add-dmi-quirk-table-for-bios-es-which-don-t-.patch new file mode 100644 index 00000000000..c40686523ea --- /dev/null +++ b/queue-5.11/amd_sfh-add-dmi-quirk-table-for-bios-es-which-don-t-.patch @@ -0,0 +1,78 @@ +From de0a4a93bb5f0b3e7f10dd83e501041c1c9b69ed Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 13:12:19 +0100 +Subject: AMD_SFH: Add DMI quirk table for BIOS-es which don't set the + activestatus bits + +From: Hans de Goede + +[ Upstream commit 25615e454a0ec198254f17d2ed79b607cb755d0e ] + +Some BIOS-es do not initialize the activestatus bits of the AMD_P2C_MSG3 +register. This cause the AMD_SFH driver to not register any sensors even +though the laptops in question do have sensors. + +Add a DMI quirk-table for specifying sensor-mask overrides based on +DMI match, to make the sensors work OOTB on these laptop models. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199715 +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1651886 +Fixes: 4f567b9f8141 ("SFH: PCIe driver to add support of AMD sensor fusion hub") +Signed-off-by: Hans de Goede +Acked-by: Sandeep Singh +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index ab0a9443e252..ddecc84fd6f0 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -77,11 +78,34 @@ void amd_stop_all_sensors(struct amd_mp2_dev *privdata) + writel(cmd_base.ul, privdata->mmio + AMD_C2P_MSG0); + } + ++static const struct dmi_system_id dmi_sensor_mask_overrides[] = { ++ { ++ .matches = { ++ DMI_MATCH(DMI_PRODUCT_NAME, "HP ENVY x360 Convertible 13-ag0xxx"), ++ }, ++ .driver_data = (void *)(ACEL_EN | MAGNO_EN), ++ }, ++ { ++ .matches = { ++ DMI_MATCH(DMI_PRODUCT_NAME, "HP ENVY x360 Convertible 15-cp0xxx"), ++ }, ++ .driver_data = (void *)(ACEL_EN | MAGNO_EN), ++ }, ++ { } ++}; ++ + int amd_mp2_get_sensor_num(struct amd_mp2_dev *privdata, u8 *sensor_id) + { + int activestatus, num_of_sensors = 0; ++ const struct dmi_system_id *dmi_id; + u32 activecontrolstatus; + ++ if (sensor_mask_override == -1) { ++ dmi_id = dmi_first_match(dmi_sensor_mask_overrides); ++ if (dmi_id) ++ sensor_mask_override = (long)dmi_id->driver_data; ++ } ++ + if (sensor_mask_override >= 0) { + activestatus = sensor_mask_override; + } else { +-- +2.30.2 + diff --git a/queue-5.11/amd_sfh-add-sensor_mask-module-parameter.patch b/queue-5.11/amd_sfh-add-sensor_mask-module-parameter.patch new file mode 100644 index 00000000000..f25bdf6f2fa --- /dev/null +++ b/queue-5.11/amd_sfh-add-sensor_mask-module-parameter.patch @@ -0,0 +1,66 @@ +From 5d80522b28d0503e0b0498df25938a70d88ccfb0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 13:12:18 +0100 +Subject: AMD_SFH: Add sensor_mask module parameter + +From: Hans de Goede + +[ Upstream commit 952f7d10c6b1685c6700fb24cf4ecbcf26ede77e ] + +Add a sensor_mask module parameter which can be used to override the +sensor-mask read from the activestatus bits of the AMD_P2C_MSG3 +registers. Some BIOS-es do not program the activestatus bits, leading +to the AMD-SFH driver not registering any HID devices even though the +laptop in question does actually have sensors. + +While at it also fix the wrong indentation of the MAGNO_EN define. + +BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=199715 +BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=1651886 +Fixes: 4f567b9f8141 ("SFH: PCIe driver to add support of AMD sensor fusion hub") +Suggested-by: Richard Neumann +Signed-off-by: Hans de Goede +Acked-by: Sandeep Singh +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index f3cdb4ea33da..ab0a9443e252 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -22,9 +22,13 @@ + + #define ACEL_EN BIT(0) + #define GYRO_EN BIT(1) +-#define MAGNO_EN BIT(2) ++#define MAGNO_EN BIT(2) + #define ALS_EN BIT(19) + ++static int sensor_mask_override = -1; ++module_param_named(sensor_mask, sensor_mask_override, int, 0444); ++MODULE_PARM_DESC(sensor_mask, "override the detected sensors mask"); ++ + void amd_start_sensor(struct amd_mp2_dev *privdata, struct amd_mp2_sensor_info info) + { + union sfh_cmd_param cmd_param; +@@ -78,8 +82,12 @@ int amd_mp2_get_sensor_num(struct amd_mp2_dev *privdata, u8 *sensor_id) + int activestatus, num_of_sensors = 0; + u32 activecontrolstatus; + +- activecontrolstatus = readl(privdata->mmio + AMD_P2C_MSG3); +- activestatus = activecontrolstatus >> 4; ++ if (sensor_mask_override >= 0) { ++ activestatus = sensor_mask_override; ++ } else { ++ activecontrolstatus = readl(privdata->mmio + AMD_P2C_MSG3); ++ activestatus = activecontrolstatus >> 4; ++ } + + if (ACEL_EN & activestatus) + sensor_id[num_of_sensors++] = accel_idx; +-- +2.30.2 + diff --git a/queue-5.11/amd_sfh-removed-unused-activecontrolstatus-member-fr.patch b/queue-5.11/amd_sfh-removed-unused-activecontrolstatus-member-fr.patch new file mode 100644 index 00000000000..f7affa16b2f --- /dev/null +++ b/queue-5.11/amd_sfh-removed-unused-activecontrolstatus-member-fr.patch @@ -0,0 +1,57 @@ +From 082b196d3a09bf226a5a671fe57cc8786dd6d2c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 28 Jan 2021 13:12:17 +0100 +Subject: AMD_SFH: Removed unused activecontrolstatus member from the + amd_mp2_dev struct + +From: Hans de Goede + +[ Upstream commit a9e54f4b62dcfed4432a5a89b1cd5903737f6e83 ] + +This value is only used once inside amd_mp2_get_sensor_num(), +so there is no need to store this in the amd_mp2_dev struct, +amd_mp2_get_sensor_num() can simple use a local variable for this. + +Fixes: 4f567b9f8141 ("SFH: PCIe driver to add support of AMD sensor fusion hub") +Signed-off-by: Hans de Goede +Acked-by: Sandeep Singh +Signed-off-by: Sasha Levin +--- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.c | 6 ++++-- + drivers/hid/amd-sfh-hid/amd_sfh_pcie.h | 1 - + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +index dbac16641662..f3cdb4ea33da 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.c +@@ -76,9 +76,11 @@ void amd_stop_all_sensors(struct amd_mp2_dev *privdata) + int amd_mp2_get_sensor_num(struct amd_mp2_dev *privdata, u8 *sensor_id) + { + int activestatus, num_of_sensors = 0; ++ u32 activecontrolstatus; ++ ++ activecontrolstatus = readl(privdata->mmio + AMD_P2C_MSG3); ++ activestatus = activecontrolstatus >> 4; + +- privdata->activecontrolstatus = readl(privdata->mmio + AMD_P2C_MSG3); +- activestatus = privdata->activecontrolstatus >> 4; + if (ACEL_EN & activestatus) + sensor_id[num_of_sensors++] = accel_idx; + +diff --git a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +index 8f8d19b2cfe5..489415f7c22c 100644 +--- a/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h ++++ b/drivers/hid/amd-sfh-hid/amd_sfh_pcie.h +@@ -61,7 +61,6 @@ struct amd_mp2_dev { + struct pci_dev *pdev; + struct amdtp_cl_data *cl_data; + void __iomem *mmio; +- u32 activecontrolstatus; + }; + + struct amd_mp2_sensor_info { +-- +2.30.2 + diff --git a/queue-5.11/arc-kernel-return-efault-if-copy_to_user-fails.patch b/queue-5.11/arc-kernel-return-efault-if-copy_to_user-fails.patch new file mode 100644 index 00000000000..c5f787fbabf --- /dev/null +++ b/queue-5.11/arc-kernel-return-efault-if-copy_to_user-fails.patch @@ -0,0 +1,44 @@ +From 9e9578c4d6e01ecd6d749fc44ce4075e05289077 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 1 Mar 2021 20:05:48 +0800 +Subject: arc: kernel: Return -EFAULT if copy_to_user() fails + +From: Wang Qing + +[ Upstream commit 46e152186cd89d940b26726fff11eb3f4935b45a ] + +The copy_to_user() function returns the number of bytes remaining to be +copied, but we want to return -EFAULT if the copy doesn't complete. + +Signed-off-by: Wang Qing +Signed-off-by: Vineet Gupta +Signed-off-by: Sasha Levin +--- + arch/arc/kernel/signal.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arc/kernel/signal.c b/arch/arc/kernel/signal.c +index a78d8f745a67..fdbe06c98895 100644 +--- a/arch/arc/kernel/signal.c ++++ b/arch/arc/kernel/signal.c +@@ -96,7 +96,7 @@ stash_usr_regs(struct rt_sigframe __user *sf, struct pt_regs *regs, + sizeof(sf->uc.uc_mcontext.regs.scratch)); + err |= __copy_to_user(&sf->uc.uc_sigmask, set, sizeof(sigset_t)); + +- return err; ++ return err ? -EFAULT : 0; + } + + static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf) +@@ -110,7 +110,7 @@ static int restore_usr_regs(struct pt_regs *regs, struct rt_sigframe __user *sf) + &(sf->uc.uc_mcontext.regs.scratch), + sizeof(sf->uc.uc_mcontext.regs.scratch)); + if (err) +- return err; ++ return -EFAULT; + + set_current_blocked(&set); + regs->bta = uregs.scratch.bta; +-- +2.30.2 + diff --git a/queue-5.11/arm-dts-drop-duplicate-sha2md5_fck-to-fix-clk_disabl.patch b/queue-5.11/arm-dts-drop-duplicate-sha2md5_fck-to-fix-clk_disabl.patch new file mode 100644 index 00000000000..b6c642e3308 --- /dev/null +++ b/queue-5.11/arm-dts-drop-duplicate-sha2md5_fck-to-fix-clk_disabl.patch @@ -0,0 +1,42 @@ +From e7dd5c85474b0ccfda1e443a554198cf9a434aa5 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 11:26:25 +0200 +Subject: ARM: dts: Drop duplicate sha2md5_fck to fix clk_disable race + +From: Tony Lindgren + +[ Upstream commit 140a776833957539c84301dbdb4c3013876de118 ] + +We have a duplicate legacy clock defined for sha2md5_fck that can +sometimes race with clk_disable() with the dts configured clock +for OMAP4_SHA2MD5_CLKCTRL when unused clocks are disabled during +boot causing an "Unhandled fault: imprecise external abort". + +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/omap44xx-clocks.dtsi | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/arch/arm/boot/dts/omap44xx-clocks.dtsi b/arch/arm/boot/dts/omap44xx-clocks.dtsi +index 532868591107..1f1c04d8f472 100644 +--- a/arch/arm/boot/dts/omap44xx-clocks.dtsi ++++ b/arch/arm/boot/dts/omap44xx-clocks.dtsi +@@ -770,14 +770,6 @@ + ti,max-div = <2>; + }; + +- sha2md5_fck: sha2md5_fck@15c8 { +- #clock-cells = <0>; +- compatible = "ti,gate-clock"; +- clocks = <&l3_div_ck>; +- ti,bit-shift = <1>; +- reg = <0x15c8>; +- }; +- + usb_phy_cm_clk32k: usb_phy_cm_clk32k@640 { + #clock-cells = <0>; + compatible = "ti,gate-clock"; +-- +2.30.2 + diff --git a/queue-5.11/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch b/queue-5.11/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch new file mode 100644 index 00000000000..d660bc52888 --- /dev/null +++ b/queue-5.11/arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch @@ -0,0 +1,55 @@ +From 7e95ad30caffd2238984b25c500962facd2705c7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 11:30:45 +0200 +Subject: ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 + +From: Tony Lindgren + +[ Upstream commit 77335a040178a0456d4eabc8bf17a7ca3ee4a327 ] + +Fix moving mmc devices with dts aliases as discussed on the lists. +Without this we now have internal eMMC mmc1 show up as mmc2 compared +to the earlier order of devices. + +Signed-off-by: Tony Lindgren +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/omap4.dtsi | 5 +++++ + arch/arm/boot/dts/omap5.dtsi | 5 +++++ + 2 files changed, 10 insertions(+) + +diff --git a/arch/arm/boot/dts/omap4.dtsi b/arch/arm/boot/dts/omap4.dtsi +index 72e4f6481776..4a9f9496a867 100644 +--- a/arch/arm/boot/dts/omap4.dtsi ++++ b/arch/arm/boot/dts/omap4.dtsi +@@ -22,6 +22,11 @@ + i2c1 = &i2c2; + i2c2 = &i2c3; + i2c3 = &i2c4; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; ++ mmc3 = &mmc4; ++ mmc4 = &mmc5; + serial0 = &uart1; + serial1 = &uart2; + serial2 = &uart3; +diff --git a/arch/arm/boot/dts/omap5.dtsi b/arch/arm/boot/dts/omap5.dtsi +index 5f1a8bd13880..c303510dfa97 100644 +--- a/arch/arm/boot/dts/omap5.dtsi ++++ b/arch/arm/boot/dts/omap5.dtsi +@@ -25,6 +25,11 @@ + i2c2 = &i2c3; + i2c3 = &i2c4; + i2c4 = &i2c5; ++ mmc0 = &mmc1; ++ mmc1 = &mmc2; ++ mmc2 = &mmc3; ++ mmc3 = &mmc4; ++ mmc4 = &mmc5; + serial0 = &uart1; + serial1 = &uart2; + serial2 = &uart3; +-- +2.30.2 + diff --git a/queue-5.11/arm-keystone-fix-integer-overflow-warning.patch b/queue-5.11/arm-keystone-fix-integer-overflow-warning.patch new file mode 100644 index 00000000000..65eb891e338 --- /dev/null +++ b/queue-5.11/arm-keystone-fix-integer-overflow-warning.patch @@ -0,0 +1,56 @@ +From 704799783b1b9ef22b5ae8b005940779b3049dfb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 14:18:05 +0100 +Subject: ARM: keystone: fix integer overflow warning + +From: Arnd Bergmann + +[ Upstream commit 844b85dda2f569943e1e018fdd63b6f7d1d6f08e ] + +clang warns about an impossible condition when building with 32-bit +phys_addr_t: + +arch/arm/mach-keystone/keystone.c:79:16: error: result of comparison of constant 51539607551 with expression of type 'phys_addr_t' (aka 'unsigned int') is always false [-Werror,-Wtautological-constant-out-of-range-compare] + mem_end > KEYSTONE_HIGH_PHYS_END) { + ~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~ +arch/arm/mach-keystone/keystone.c:78:16: error: result of comparison of constant 34359738368 with expression of type 'phys_addr_t' (aka 'unsigned int') is always true [-Werror,-Wtautological-constant-out-of-range-compare] + if (mem_start < KEYSTONE_HIGH_PHYS_START || + ~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~ + +Change the temporary variable to a fixed-size u64 to avoid the warning. + +Signed-off-by: Arnd Bergmann +Reviewed-by: Nathan Chancellor +Acked-by: Santosh Shilimkar +Link: https://lore.kernel.org/r/20210323131814.2751750-1-arnd@kernel.org' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + arch/arm/mach-keystone/keystone.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/mach-keystone/keystone.c b/arch/arm/mach-keystone/keystone.c +index cd711bfc591f..2c647bdf8d25 100644 +--- a/arch/arm/mach-keystone/keystone.c ++++ b/arch/arm/mach-keystone/keystone.c +@@ -65,7 +65,7 @@ static void __init keystone_init(void) + static long long __init keystone_pv_fixup(void) + { + long long offset; +- phys_addr_t mem_start, mem_end; ++ u64 mem_start, mem_end; + + mem_start = memblock_start_of_DRAM(); + mem_end = memblock_end_of_DRAM(); +@@ -78,7 +78,7 @@ static long long __init keystone_pv_fixup(void) + if (mem_start < KEYSTONE_HIGH_PHYS_START || + mem_end > KEYSTONE_HIGH_PHYS_END) { + pr_crit("Invalid address space for memory (%08llx-%08llx)\n", +- (u64)mem_start, (u64)mem_end); ++ mem_start, mem_end); + return 0; + } + +-- +2.30.2 + diff --git a/queue-5.11/arm-omap1-fix-building-with-clang-ias.patch b/queue-5.11/arm-omap1-fix-building-with-clang-ias.patch new file mode 100644 index 00000000000..ecc92878f0d --- /dev/null +++ b/queue-5.11/arm-omap1-fix-building-with-clang-ias.patch @@ -0,0 +1,56 @@ +From 41230f803b76c88e102125e3378712257b41c425 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Mar 2021 16:34:21 +0100 +Subject: ARM: omap1: fix building with clang IAS + +From: Arnd Bergmann + +[ Upstream commit 28399a5a6d569c9bdb612345e4933046ca37cde5 ] + +The clang integrated assembler fails to build one file with +a complex asm instruction: + +arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: error: invalid instruction, any one of the following would fix this: + mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit + ^ +arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: armv6t2 + mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit + ^ +arch/arm/mach-omap1/ams-delta-fiq-handler.S:249:2: note: instruction requires: thumb2 + mov r10, #(1 << (((NR_IRQS_LEGACY + 12) - NR_IRQS_LEGACY) % 32)) @ set deferred_fiq bit + ^ + +The problem is that 'NR_IRQS_LEGACY' is not defined here. Apparently +gas does not care because we first add and then subtract this number, +leading to the immediate value to be the same regardless of the +specific definition of NR_IRQS_LEGACY. + +Neither the way that 'gas' just silently builds this file, nor the +way that clang IAS makes nonsensical suggestions for how to fix it +is great. Fortunately there is an easy fix, which is to #include +the header that contains the definition. + +Signed-off-by: Arnd Bergmann +Acked-by: Tony Lindgren +Link: https://lore.kernel.org/r/20210308153430.2530616-1-arnd@kernel.org' +Signed-off-by: Arnd Bergmann +Signed-off-by: Sasha Levin +--- + arch/arm/mach-omap1/ams-delta-fiq-handler.S | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm/mach-omap1/ams-delta-fiq-handler.S b/arch/arm/mach-omap1/ams-delta-fiq-handler.S +index 14a6c3eb3298..f745a65d3bd7 100644 +--- a/arch/arm/mach-omap1/ams-delta-fiq-handler.S ++++ b/arch/arm/mach-omap1/ams-delta-fiq-handler.S +@@ -15,6 +15,7 @@ + #include + + #include ++#include + + #include "ams-delta-fiq.h" + #include "board-ams-delta.h" +-- +2.30.2 + diff --git a/queue-5.11/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch b/queue-5.11/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch new file mode 100644 index 00000000000..1b77a4c44dc --- /dev/null +++ b/queue-5.11/asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch @@ -0,0 +1,49 @@ +From 8eecfd69d3d6f9e1546ff1fd757fbcfa61f7037f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 2 Apr 2021 11:14:05 +0300 +Subject: ASoC: fsl_esai: Fix TDM slot setup for I2S mode + +From: Alexander Shiyan + +[ Upstream commit e7a48c710defa0e0fef54d42b7d9e4ab596e2761 ] + +When using the driver in I2S TDM mode, the fsl_esai_startup() +function rewrites the number of slots previously set by the +fsl_esai_set_dai_tdm_slot() function to 2. +To fix this, let's use the saved slot count value or, if TDM +is not used and the number of slots is not set, the driver will use +the default value (2), which is set by fsl_esai_probe(). + +Signed-off-by: Alexander Shiyan +Acked-by: Nicolin Chen +Link: https://lore.kernel.org/r/20210402081405.9892-1-shc_work@mail.ru +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/fsl/fsl_esai.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sound/soc/fsl/fsl_esai.c b/sound/soc/fsl/fsl_esai.c +index 39637ca78cdb..9f5f217a9607 100644 +--- a/sound/soc/fsl/fsl_esai.c ++++ b/sound/soc/fsl/fsl_esai.c +@@ -524,11 +524,13 @@ static int fsl_esai_startup(struct snd_pcm_substream *substream, + ESAI_SAICR_SYNC, esai_priv->synchronous ? + ESAI_SAICR_SYNC : 0); + +- /* Set a default slot number -- 2 */ ++ /* Set slots count */ + regmap_update_bits(esai_priv->regmap, REG_ESAI_TCCR, +- ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2)); ++ ESAI_xCCR_xDC_MASK, ++ ESAI_xCCR_xDC(esai_priv->slots)); + regmap_update_bits(esai_priv->regmap, REG_ESAI_RCCR, +- ESAI_xCCR_xDC_MASK, ESAI_xCCR_xDC(2)); ++ ESAI_xCCR_xDC_MASK, ++ ESAI_xCCR_xDC(esai_priv->slots)); + } + + return 0; +-- +2.30.2 + diff --git a/queue-5.11/asoc-max98373-added-30ms-turn-on-off-time-delay.patch b/queue-5.11/asoc-max98373-added-30ms-turn-on-off-time-delay.patch new file mode 100644 index 00000000000..6c8d95bd78e --- /dev/null +++ b/queue-5.11/asoc-max98373-added-30ms-turn-on-off-time-delay.patch @@ -0,0 +1,41 @@ +From 8c46d4c5d7fe2a2f5148e2571bea9f0e18ecb79c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 20:35:54 -0700 +Subject: ASoC: max98373: Added 30ms turn on/off time delay + +From: Ryan Lee + +[ Upstream commit 3a27875e91fb9c29de436199d20b33f9413aea77 ] + +Amp requires 10 ~ 30ms for the power ON and OFF. +Added 30ms delay for stability. + +Signed-off-by: Ryan Lee +Link: https://lore.kernel.org/r/20210325033555.29377-2-ryans.lee@maximintegrated.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/max98373.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sound/soc/codecs/max98373.c b/sound/soc/codecs/max98373.c +index 746c829312b8..1346a98ce8a1 100644 +--- a/sound/soc/codecs/max98373.c ++++ b/sound/soc/codecs/max98373.c +@@ -28,11 +28,13 @@ static int max98373_dac_event(struct snd_soc_dapm_widget *w, + regmap_update_bits(max98373->regmap, + MAX98373_R20FF_GLOBAL_SHDN, + MAX98373_GLOBAL_EN_MASK, 1); ++ usleep_range(30000, 31000); + break; + case SND_SOC_DAPM_POST_PMD: + regmap_update_bits(max98373->regmap, + MAX98373_R20FF_GLOBAL_SHDN, + MAX98373_GLOBAL_EN_MASK, 0); ++ usleep_range(30000, 31000); + max98373->tdm_mode = false; + break; + default: +-- +2.30.2 + diff --git a/queue-5.11/asoc-max98373-changed-amp-shutdown-register-as-volat.patch b/queue-5.11/asoc-max98373-changed-amp-shutdown-register-as-volat.patch new file mode 100644 index 00000000000..910ebf352d4 --- /dev/null +++ b/queue-5.11/asoc-max98373-changed-amp-shutdown-register-as-volat.patch @@ -0,0 +1,54 @@ +From 3b919350062222af4d69c55edae6334e4bca1ff3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 20:35:53 -0700 +Subject: ASoC: max98373: Changed amp shutdown register as volatile + +From: Ryan Lee + +[ Upstream commit a23f9099ff1541f15704e96b784d3846d2a4483d ] + +0x20FF(amp global enable) register was defined as non-volatile, +but it is not. Overheating, overcurrent can cause amp shutdown +in hardware. +'regmap_write' compare register readback value before writing +to avoid same value writing. 'regmap_read' just read cache +not actual hardware value for the non-volatile register. +When amp is internally shutdown by some reason, next 'AMP ON' +command can be ignored because regmap think amp is already ON. + +Signed-off-by: Ryan Lee +Link: https://lore.kernel.org/r/20210325033555.29377-1-ryans.lee@maximintegrated.com +Signed-off-by: Mark Brown +Signed-off-by: Sasha Levin +--- + sound/soc/codecs/max98373-i2c.c | 1 + + sound/soc/codecs/max98373-sdw.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/sound/soc/codecs/max98373-i2c.c b/sound/soc/codecs/max98373-i2c.c +index 85f6865019d4..ddb6436835d7 100644 +--- a/sound/soc/codecs/max98373-i2c.c ++++ b/sound/soc/codecs/max98373-i2c.c +@@ -446,6 +446,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg) + case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK: + case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK: + case MAX98373_R20B6_BDE_CUR_STATE_READBACK: ++ case MAX98373_R20FF_GLOBAL_SHDN: + case MAX98373_R21FF_REV_ID: + return true; + default: +diff --git a/sound/soc/codecs/max98373-sdw.c b/sound/soc/codecs/max98373-sdw.c +index b8d471d79e93..1a1f97f24601 100644 +--- a/sound/soc/codecs/max98373-sdw.c ++++ b/sound/soc/codecs/max98373-sdw.c +@@ -220,6 +220,7 @@ static bool max98373_volatile_reg(struct device *dev, unsigned int reg) + case MAX98373_R2054_MEAS_ADC_PVDD_CH_READBACK: + case MAX98373_R2055_MEAS_ADC_THERM_CH_READBACK: + case MAX98373_R20B6_BDE_CUR_STATE_READBACK: ++ case MAX98373_R20FF_GLOBAL_SHDN: + case MAX98373_R21FF_REV_ID: + /* SoundWire Control Port Registers */ + case MAX98373_R0040_SCP_INIT_STAT_1 ... MAX98373_R0070_SCP_FRAME_CTLR: +-- +2.30.2 + diff --git a/queue-5.11/bpf-take-module-reference-for-trampoline-in-module.patch b/queue-5.11/bpf-take-module-reference-for-trampoline-in-module.patch new file mode 100644 index 00000000000..688702271e2 --- /dev/null +++ b/queue-5.11/bpf-take-module-reference-for-trampoline-in-module.patch @@ -0,0 +1,117 @@ +From 70bcdd668ed0046b98a626787527306ceba7df11 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Mar 2021 11:59:00 +0100 +Subject: bpf: Take module reference for trampoline in module + +From: Jiri Olsa + +[ Upstream commit 861de02e5f3f2a104eecc5af1d248cb7bf8c5f75 ] + +Currently module can be unloaded even if there's a trampoline +register in it. It's easily reproduced by running in parallel: + + # while :; do ./test_progs -t module_attach; done + # while :; do rmmod bpf_testmod; sleep 0.5; done + +Taking the module reference in case the trampoline's ip is +within the module code. Releasing it when the trampoline's +ip is unregistered. + +Signed-off-by: Jiri Olsa +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20210326105900.151466-1-jolsa@kernel.org +Signed-off-by: Sasha Levin +--- + include/linux/bpf.h | 2 ++ + kernel/bpf/trampoline.c | 30 ++++++++++++++++++++++++++++++ + 2 files changed, 32 insertions(+) + +diff --git a/include/linux/bpf.h b/include/linux/bpf.h +index 564ebf91793e..88b581b75d5b 100644 +--- a/include/linux/bpf.h ++++ b/include/linux/bpf.h +@@ -41,6 +41,7 @@ struct bpf_local_storage; + struct bpf_local_storage_map; + struct kobject; + struct mem_cgroup; ++struct module; + + extern struct idr btf_idr; + extern spinlock_t btf_idr_lock; +@@ -630,6 +631,7 @@ struct bpf_trampoline { + /* Executable image of trampoline */ + struct bpf_tramp_image *cur_image; + u64 selector; ++ struct module *mod; + }; + + struct bpf_attach_target_info { +diff --git a/kernel/bpf/trampoline.c b/kernel/bpf/trampoline.c +index 986dabc3d11f..a431d7af884c 100644 +--- a/kernel/bpf/trampoline.c ++++ b/kernel/bpf/trampoline.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + + /* dummy _ops. The verifier will operate on target program's ops. */ + const struct bpf_verifier_ops bpf_extension_verifier_ops = { +@@ -87,6 +88,26 @@ out: + return tr; + } + ++static int bpf_trampoline_module_get(struct bpf_trampoline *tr) ++{ ++ struct module *mod; ++ int err = 0; ++ ++ preempt_disable(); ++ mod = __module_text_address((unsigned long) tr->func.addr); ++ if (mod && !try_module_get(mod)) ++ err = -ENOENT; ++ preempt_enable(); ++ tr->mod = mod; ++ return err; ++} ++ ++static void bpf_trampoline_module_put(struct bpf_trampoline *tr) ++{ ++ module_put(tr->mod); ++ tr->mod = NULL; ++} ++ + static int is_ftrace_location(void *ip) + { + long addr; +@@ -108,6 +129,9 @@ static int unregister_fentry(struct bpf_trampoline *tr, void *old_addr) + ret = unregister_ftrace_direct((long)ip, (long)old_addr); + else + ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, old_addr, NULL); ++ ++ if (!ret) ++ bpf_trampoline_module_put(tr); + return ret; + } + +@@ -134,10 +158,16 @@ static int register_fentry(struct bpf_trampoline *tr, void *new_addr) + return ret; + tr->func.ftrace_managed = ret; + ++ if (bpf_trampoline_module_get(tr)) ++ return -ENOENT; ++ + if (tr->func.ftrace_managed) + ret = register_ftrace_direct((long)ip, (long)new_addr); + else + ret = bpf_arch_text_poke(ip, BPF_MOD_CALL, NULL, new_addr); ++ ++ if (ret) ++ bpf_trampoline_module_put(tr); + return ret; + } + +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-dw-make-it-dependent-to-has_iomem.patch b/queue-5.11/dmaengine-dw-make-it-dependent-to-has_iomem.patch new file mode 100644 index 00000000000..d2458547ef4 --- /dev/null +++ b/queue-5.11/dmaengine-dw-make-it-dependent-to-has_iomem.patch @@ -0,0 +1,46 @@ +From bcceec695c12fc97ee7ff0c863930b3eb86a9d5b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 16:17:57 +0200 +Subject: dmaengine: dw: Make it dependent to HAS_IOMEM + +From: Andy Shevchenko + +[ Upstream commit 88cd1d6191b13689094310c2405394e4ce36d061 ] + +Some architectures do not provide devm_*() APIs. Hence make the driver +dependent on HAVE_IOMEM. + +Fixes: dbde5c2934d1 ("dw_dmac: use devm_* functions to simplify code") +Reported-by: kernel test robot +Signed-off-by: Andy Shevchenko +Acked-by: Viresh Kumar +Link: https://lore.kernel.org/r/20210324141757.24710-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/dw/Kconfig | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/dma/dw/Kconfig b/drivers/dma/dw/Kconfig +index e5162690de8f..db25f9b7778c 100644 +--- a/drivers/dma/dw/Kconfig ++++ b/drivers/dma/dw/Kconfig +@@ -10,6 +10,7 @@ config DW_DMAC_CORE + + config DW_DMAC + tristate "Synopsys DesignWare AHB DMA platform driver" ++ depends on HAS_IOMEM + select DW_DMAC_CORE + help + Support the Synopsys DesignWare AHB DMA controller. This +@@ -18,6 +19,7 @@ config DW_DMAC + config DW_DMAC_PCI + tristate "Synopsys DesignWare AHB DMA PCI driver" + depends on PCI ++ depends on HAS_IOMEM + select DW_DMAC_CORE + help + Support the Synopsys DesignWare AHB DMA controller on the +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-fix-a-double-free-in-dma_async_device_regi.patch b/queue-5.11/dmaengine-fix-a-double-free-in-dma_async_device_regi.patch new file mode 100644 index 00000000000..d1df5c6bc90 --- /dev/null +++ b/queue-5.11/dmaengine-fix-a-double-free-in-dma_async_device_regi.patch @@ -0,0 +1,47 @@ +From 3aae7d2464ebfdeea75fbbe203bc9f77847b6d53 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 30 Mar 2021 18:44:58 -0700 +Subject: dmaengine: Fix a double free in dma_async_device_register + +From: Lv Yunlong + +[ Upstream commit ea45b6008f8095db0cc09ad6e03c7785c2986197 ] + +In the first list_for_each_entry() macro of dma_async_device_register, +it gets the chan from list and calls __dma_async_device_channel_register +(..,chan). We can see that chan->local is allocated by alloc_percpu() and +it is freed chan->local by free_percpu(chan->local) when +__dma_async_device_channel_register() failed. + +But after __dma_async_device_channel_register() failed, the caller will +goto err_out and freed the chan->local in the second time by free_percpu(). + +The cause of this problem is forget to set chan->local to NULL when +chan->local was freed in __dma_async_device_channel_register(). My +patch sets chan->local to NULL when the callee failed to avoid double free. + +Fixes: d2fb0a0438384 ("dmaengine: break out channel registration") +Signed-off-by: Lv Yunlong +Reviewed-by: Dave Jiang +Link: https://lore.kernel.org/r/20210331014458.3944-1-lyl2019@mail.ustc.edu.cn +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/dmaengine.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/dma/dmaengine.c b/drivers/dma/dmaengine.c +index fe6a460c4373..af3ee288bc11 100644 +--- a/drivers/dma/dmaengine.c ++++ b/drivers/dma/dmaengine.c +@@ -1086,6 +1086,7 @@ static int __dma_async_device_channel_register(struct dma_device *device, + kfree(chan->dev); + err_free_local: + free_percpu(chan->local); ++ chan->local = NULL; + return rc; + } + +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-clear-msix-permission-entry-on-shutdo.patch b/queue-5.11/dmaengine-idxd-clear-msix-permission-entry-on-shutdo.patch new file mode 100644 index 00000000000..3d02097f762 --- /dev/null +++ b/queue-5.11/dmaengine-idxd-clear-msix-permission-entry-on-shutdo.patch @@ -0,0 +1,117 @@ +From 18f8f3bd35a224cf8bd105c4772bc5e91975d62e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Apr 2021 09:23:27 -0700 +Subject: dmaengine: idxd: clear MSIX permission entry on shutdown + +From: Dave Jiang + +[ Upstream commit 6df0e6c57dfc064af330071f372f11aa8c584997 ] + +Add disabling/clearing of MSIX permission entries on device shutdown to +mirror the enabling of the MSIX entries on probe. Current code left the +MSIX enabled and the pasid entries still programmed at device shutdown. + +Fixes: 8e50d392652f ("dmaengine: idxd: Add shared workqueue support") +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161824457969.882533.6020239898682672311.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/idxd/device.c | 30 ++++++++++++++++++++++++++++++ + drivers/dma/idxd/idxd.h | 2 ++ + drivers/dma/idxd/init.c | 11 ++--------- + 3 files changed, 34 insertions(+), 9 deletions(-) + +diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c +index 84a6ea60ecf0..c09687013d29 100644 +--- a/drivers/dma/idxd/device.c ++++ b/drivers/dma/idxd/device.c +@@ -574,6 +574,36 @@ void idxd_device_drain_pasid(struct idxd_device *idxd, int pasid) + } + + /* Device configuration bits */ ++void idxd_msix_perm_setup(struct idxd_device *idxd) ++{ ++ union msix_perm mperm; ++ int i, msixcnt; ++ ++ msixcnt = pci_msix_vec_count(idxd->pdev); ++ if (msixcnt < 0) ++ return; ++ ++ mperm.bits = 0; ++ mperm.pasid = idxd->pasid; ++ mperm.pasid_en = device_pasid_enabled(idxd); ++ for (i = 1; i < msixcnt; i++) ++ iowrite32(mperm.bits, idxd->reg_base + idxd->msix_perm_offset + i * 8); ++} ++ ++void idxd_msix_perm_clear(struct idxd_device *idxd) ++{ ++ union msix_perm mperm; ++ int i, msixcnt; ++ ++ msixcnt = pci_msix_vec_count(idxd->pdev); ++ if (msixcnt < 0) ++ return; ++ ++ mperm.bits = 0; ++ for (i = 1; i < msixcnt; i++) ++ iowrite32(mperm.bits, idxd->reg_base + idxd->msix_perm_offset + i * 8); ++} ++ + static void idxd_group_config_write(struct idxd_group *group) + { + struct idxd_device *idxd = group->idxd; +diff --git a/drivers/dma/idxd/idxd.h b/drivers/dma/idxd/idxd.h +index 81a0e65fd316..eda2ee10501f 100644 +--- a/drivers/dma/idxd/idxd.h ++++ b/drivers/dma/idxd/idxd.h +@@ -316,6 +316,8 @@ void idxd_unregister_driver(void); + struct bus_type *idxd_get_bus_type(struct idxd_device *idxd); + + /* device interrupt control */ ++void idxd_msix_perm_setup(struct idxd_device *idxd); ++void idxd_msix_perm_clear(struct idxd_device *idxd); + irqreturn_t idxd_irq_handler(int vec, void *data); + irqreturn_t idxd_misc_thread(int vec, void *data); + irqreturn_t idxd_wq_thread(int irq, void *data); +diff --git a/drivers/dma/idxd/init.c b/drivers/dma/idxd/init.c +index fa04acd5582a..8f3df64aa1be 100644 +--- a/drivers/dma/idxd/init.c ++++ b/drivers/dma/idxd/init.c +@@ -61,7 +61,6 @@ static int idxd_setup_interrupts(struct idxd_device *idxd) + struct idxd_irq_entry *irq_entry; + int i, msixcnt; + int rc = 0; +- union msix_perm mperm; + + msixcnt = pci_msix_vec_count(pdev); + if (msixcnt < 0) { +@@ -140,14 +139,7 @@ static int idxd_setup_interrupts(struct idxd_device *idxd) + } + + idxd_unmask_error_interrupts(idxd); +- +- /* Setup MSIX permission table */ +- mperm.bits = 0; +- mperm.pasid = idxd->pasid; +- mperm.pasid_en = device_pasid_enabled(idxd); +- for (i = 1; i < msixcnt; i++) +- iowrite32(mperm.bits, idxd->reg_base + idxd->msix_perm_offset + i * 8); +- ++ idxd_msix_perm_setup(idxd); + return 0; + + err_no_irq: +@@ -504,6 +496,7 @@ static void idxd_shutdown(struct pci_dev *pdev) + idxd_flush_work_list(irq_entry); + } + ++ idxd_msix_perm_clear(idxd); + destroy_workqueue(idxd->wq); + } + +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-fix-clobbering-of-swerr-overflow-bit-.patch b/queue-5.11/dmaengine-idxd-fix-clobbering-of-swerr-overflow-bit-.patch new file mode 100644 index 00000000000..5f27ee1961b --- /dev/null +++ b/queue-5.11/dmaengine-idxd-fix-clobbering-of-swerr-overflow-bit-.patch @@ -0,0 +1,41 @@ +From b478c93c33ddcd3798a8662732b33bf430a54107 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 16 Feb 2021 17:13:42 -0700 +Subject: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback + +From: Dave Jiang + +[ Upstream commit ea941ac294d75d0ace50797aebf0056f6f8f7a7f ] + +Current code blindly writes over the SWERR and the OVERFLOW bits. Write +back the bits actually read instead so the driver avoids clobbering the +OVERFLOW bit that comes after the register is read. + +Fixes: bfe1d56091c1 ("dmaengine: idxd: Init and probe for Intel data accelerators") +Reported-by: Sanjay Kumar +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161352082229.3511254.1002151220537623503.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/idxd/irq.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/dma/idxd/irq.c b/drivers/dma/idxd/irq.c +index a60ca11a5784..f1463fc58112 100644 +--- a/drivers/dma/idxd/irq.c ++++ b/drivers/dma/idxd/irq.c +@@ -124,7 +124,9 @@ static int process_misc_interrupts(struct idxd_device *idxd, u32 cause) + for (i = 0; i < 4; i++) + idxd->sw_err.bits[i] = ioread64(idxd->reg_base + + IDXD_SWERR_OFFSET + i * sizeof(u64)); +- iowrite64(IDXD_SWERR_ACK, idxd->reg_base + IDXD_SWERR_OFFSET); ++ ++ iowrite64(idxd->sw_err.bits[0] & IDXD_SWERR_ACK, ++ idxd->reg_base + IDXD_SWERR_OFFSET); + + if (idxd->sw_err.valid && idxd->sw_err.wq_idx_valid) { + int id = idxd->sw_err.wq_idx; +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-fix-delta_rec-and-crc-size-field-for-.patch b/queue-5.11/dmaengine-idxd-fix-delta_rec-and-crc-size-field-for-.patch new file mode 100644 index 00000000000..36a069ca2e4 --- /dev/null +++ b/queue-5.11/dmaengine-idxd-fix-delta_rec-and-crc-size-field-for-.patch @@ -0,0 +1,41 @@ +From d9208a6d3382abad64919eff1e3fca05b96ff2ad Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 16:36:25 -0700 +Subject: dmaengine: idxd: fix delta_rec and crc size field for completion + record + +From: Dave Jiang + +[ Upstream commit 4ac823e9cd85f66da274c951d21bf9f6b714b729 ] + +The delta_rec_size and crc_val in the completion record should +be 32bits and not 16bits. + +Fixes: bfe1d56091c1 ("dmaengine: idxd: Init and probe for Intel data accelerators") +Reported-by: Nikhil Rao +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161645618572.2003490.14466173451736323035.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + include/uapi/linux/idxd.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/uapi/linux/idxd.h b/include/uapi/linux/idxd.h +index 236d437947bc..e33997b4d750 100644 +--- a/include/uapi/linux/idxd.h ++++ b/include/uapi/linux/idxd.h +@@ -247,8 +247,8 @@ struct dsa_completion_record { + uint32_t rsvd2:8; + }; + +- uint16_t delta_rec_size; +- uint16_t crc_val; ++ uint32_t delta_rec_size; ++ uint32_t crc_val; + + /* DIF check & strip */ + struct { +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-fix-opcap-sysfs-attribute-output.patch b/queue-5.11/dmaengine-idxd-fix-opcap-sysfs-attribute-output.patch new file mode 100644 index 00000000000..9cd8b178ca8 --- /dev/null +++ b/queue-5.11/dmaengine-idxd-fix-opcap-sysfs-attribute-output.patch @@ -0,0 +1,46 @@ +From 9815f7dd55470824e9127d7905dadb747faf91d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 16:37:29 -0700 +Subject: dmaengine: idxd: fix opcap sysfs attribute output + +From: Dave Jiang + +[ Upstream commit ea6a5735d2a61b938a302eb3629272342a9e7c46 ] + +The operation capability register is 256bits. The current output only +prints out the first 64bits. Fix to output the entire 256bits. The current +code omits operation caps from IAX devices. + +Fixes: c52ca478233c ("dmaengine: idxd: add configuration component of driver") +Reported-by: Lucas Van +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161645624963.2003736.829798666998490151.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/idxd/sysfs.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/drivers/dma/idxd/sysfs.c b/drivers/dma/idxd/sysfs.c +index 4dbb03c545e4..c27ca01cf8b2 100644 +--- a/drivers/dma/idxd/sysfs.c ++++ b/drivers/dma/idxd/sysfs.c +@@ -1449,8 +1449,14 @@ static ssize_t op_cap_show(struct device *dev, + { + struct idxd_device *idxd = + container_of(dev, struct idxd_device, conf_dev); ++ int i, rc = 0; ++ ++ for (i = 0; i < 4; i++) ++ rc += sysfs_emit_at(buf, rc, "%#llx ", idxd->hw.opcap.bits[i]); + +- return sprintf(buf, "%#llx\n", idxd->hw.opcap.bits[0]); ++ rc--; ++ rc += sysfs_emit_at(buf, rc, "\n"); ++ return rc; + } + static DEVICE_ATTR_RO(op_cap); + +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-fix-wq-cleanup-of-wqcfg-registers.patch b/queue-5.11/dmaengine-idxd-fix-wq-cleanup-of-wqcfg-registers.patch new file mode 100644 index 00000000000..0f49538d172 --- /dev/null +++ b/queue-5.11/dmaengine-idxd-fix-wq-cleanup-of-wqcfg-registers.patch @@ -0,0 +1,140 @@ +From 7614ad10d76dc4cf3ec6eae10e3279004d1c109b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 12 Apr 2021 09:02:36 -0700 +Subject: dmaengine: idxd: fix wq cleanup of WQCFG registers + +From: Dave Jiang + +[ Upstream commit ea9aadc06a9f10ad20a90edc0a484f1147d88a7a ] + +A pre-release silicon erratum workaround where wq reset does not clear +WQCFG registers was leaked into upstream code. Use wq reset command +instead of blasting the MMIO region. This also address an issue where +we clobber registers in future devices. + +Fixes: da32b28c95a7 ("dmaengine: idxd: cleanup workqueue config after disabling") +Reported-by: Shreenivaas Devarajan +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161824330020.881560.16375921906426627033.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/idxd/device.c | 35 ++++++++++++++++++++++++----------- + drivers/dma/idxd/idxd.h | 1 + + drivers/dma/idxd/sysfs.c | 9 ++------- + 3 files changed, 27 insertions(+), 18 deletions(-) + +diff --git a/drivers/dma/idxd/device.c b/drivers/dma/idxd/device.c +index c09687013d29..31c819544a22 100644 +--- a/drivers/dma/idxd/device.c ++++ b/drivers/dma/idxd/device.c +@@ -282,6 +282,22 @@ void idxd_wq_drain(struct idxd_wq *wq) + idxd_cmd_exec(idxd, IDXD_CMD_DRAIN_WQ, operand, NULL); + } + ++void idxd_wq_reset(struct idxd_wq *wq) ++{ ++ struct idxd_device *idxd = wq->idxd; ++ struct device *dev = &idxd->pdev->dev; ++ u32 operand; ++ ++ if (wq->state != IDXD_WQ_ENABLED) { ++ dev_dbg(dev, "WQ %d in wrong state: %d\n", wq->id, wq->state); ++ return; ++ } ++ ++ operand = BIT(wq->id % 16) | ((wq->id / 16) << 16); ++ idxd_cmd_exec(idxd, IDXD_CMD_RESET_WQ, operand, NULL); ++ wq->state = IDXD_WQ_DISABLED; ++} ++ + int idxd_wq_map_portal(struct idxd_wq *wq) + { + struct idxd_device *idxd = wq->idxd; +@@ -363,8 +379,6 @@ int idxd_wq_disable_pasid(struct idxd_wq *wq) + void idxd_wq_disable_cleanup(struct idxd_wq *wq) + { + struct idxd_device *idxd = wq->idxd; +- struct device *dev = &idxd->pdev->dev; +- int i, wq_offset; + + lockdep_assert_held(&idxd->dev_lock); + memset(wq->wqcfg, 0, idxd->wqcfg_size); +@@ -376,14 +390,6 @@ void idxd_wq_disable_cleanup(struct idxd_wq *wq) + wq->ats_dis = 0; + clear_bit(WQ_FLAG_DEDICATED, &wq->flags); + memset(wq->name, 0, WQ_NAME_SIZE); +- +- for (i = 0; i < WQCFG_STRIDES(idxd); i++) { +- wq_offset = WQCFG_OFFSET(idxd, wq->id, i); +- iowrite32(0, idxd->reg_base + wq_offset); +- dev_dbg(dev, "WQ[%d][%d][%#x]: %#x\n", +- wq->id, i, wq_offset, +- ioread32(idxd->reg_base + wq_offset)); +- } + } + + /* Device control bits */ +@@ -672,7 +678,14 @@ static int idxd_wq_config_write(struct idxd_wq *wq) + if (!wq->group) + return 0; + +- memset(wq->wqcfg, 0, idxd->wqcfg_size); ++ /* ++ * Instead of memset the entire shadow copy of WQCFG, copy from the hardware after ++ * wq reset. This will copy back the sticky values that are present on some devices. ++ */ ++ for (i = 0; i < WQCFG_STRIDES(idxd); i++) { ++ wq_offset = WQCFG_OFFSET(idxd, wq->id, i); ++ wq->wqcfg->bits[i] = ioread32(idxd->reg_base + wq_offset); ++ } + + /* byte 0-3 */ + wq->wqcfg->wq_size = wq->size; +diff --git a/drivers/dma/idxd/idxd.h b/drivers/dma/idxd/idxd.h +index eda2ee10501f..76014c14f473 100644 +--- a/drivers/dma/idxd/idxd.h ++++ b/drivers/dma/idxd/idxd.h +@@ -343,6 +343,7 @@ void idxd_wq_free_resources(struct idxd_wq *wq); + int idxd_wq_enable(struct idxd_wq *wq); + int idxd_wq_disable(struct idxd_wq *wq); + void idxd_wq_drain(struct idxd_wq *wq); ++void idxd_wq_reset(struct idxd_wq *wq); + int idxd_wq_map_portal(struct idxd_wq *wq); + void idxd_wq_unmap_portal(struct idxd_wq *wq); + void idxd_wq_disable_cleanup(struct idxd_wq *wq); +diff --git a/drivers/dma/idxd/sysfs.c b/drivers/dma/idxd/sysfs.c +index 5f7bc4b1621a..18bf4d148989 100644 +--- a/drivers/dma/idxd/sysfs.c ++++ b/drivers/dma/idxd/sysfs.c +@@ -275,7 +275,6 @@ static void disable_wq(struct idxd_wq *wq) + { + struct idxd_device *idxd = wq->idxd; + struct device *dev = &idxd->pdev->dev; +- int rc; + + mutex_lock(&wq->wq_lock); + dev_dbg(dev, "%s removing WQ %s\n", __func__, dev_name(&wq->conf_dev)); +@@ -296,17 +295,13 @@ static void disable_wq(struct idxd_wq *wq) + idxd_wq_unmap_portal(wq); + + idxd_wq_drain(wq); +- rc = idxd_wq_disable(wq); ++ idxd_wq_reset(wq); + + idxd_wq_free_resources(wq); + wq->client_count = 0; + mutex_unlock(&wq->wq_lock); + +- if (rc < 0) +- dev_warn(dev, "Failed to disable %s: %d\n", +- dev_name(&wq->conf_dev), rc); +- else +- dev_info(dev, "wq %s disabled\n", dev_name(&wq->conf_dev)); ++ dev_info(dev, "wq %s disabled\n", dev_name(&wq->conf_dev)); + } + + static int idxd_config_bus_remove(struct device *dev) +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-idxd-fix-wq-size-store-permission-state.patch b/queue-5.11/dmaengine-idxd-fix-wq-size-store-permission-state.patch new file mode 100644 index 00000000000..d07c73d7172 --- /dev/null +++ b/queue-5.11/dmaengine-idxd-fix-wq-size-store-permission-state.patch @@ -0,0 +1,38 @@ +From 8b9e92851ae47a37699b1414f9789cc36691c4ce Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Apr 2021 12:59:47 -0700 +Subject: dmaengine: idxd: fix wq size store permission state + +From: Dave Jiang + +[ Upstream commit 0fff71c5a311e1264988179f7dcc217fda15fadd ] + +WQ size can only be changed when the device is disabled. Current code +allows change when device is enabled but wq is disabled. Change the check +to detect device state. + +Fixes: c52ca478233c ("dmaengine: idxd: add configuration component of driver") +Signed-off-by: Dave Jiang +Link: https://lore.kernel.org/r/161782558755.107710.18138252584838406025.stgit@djiang5-desk3.ch.intel.com +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/idxd/sysfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/idxd/sysfs.c b/drivers/dma/idxd/sysfs.c +index c27ca01cf8b2..5f7bc4b1621a 100644 +--- a/drivers/dma/idxd/sysfs.c ++++ b/drivers/dma/idxd/sysfs.c +@@ -989,7 +989,7 @@ static ssize_t wq_size_store(struct device *dev, + if (!test_bit(IDXD_FLAG_CONFIGURABLE, &idxd->flags)) + return -EPERM; + +- if (wq->state != IDXD_WQ_DISABLED) ++ if (idxd->state == IDXD_DEV_ENABLED) + return -EPERM; + + if (size + total_claimed_wq_size(idxd) - wq->size > idxd->max_wq_size) +-- +2.30.2 + diff --git a/queue-5.11/dmaengine-plx_dma-add-a-missing-put_device-on-error-.patch b/queue-5.11/dmaengine-plx_dma-add-a-missing-put_device-on-error-.patch new file mode 100644 index 00000000000..47422d03ad5 --- /dev/null +++ b/queue-5.11/dmaengine-plx_dma-add-a-missing-put_device-on-error-.patch @@ -0,0 +1,66 @@ +From 66dea1fd886fbf5f0b539ae69561484515181d24 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 16:19:59 +0300 +Subject: dmaengine: plx_dma: add a missing put_device() on error path + +From: Dan Carpenter + +[ Upstream commit 07503e6aefe4a6efd777062191944a14f03b3a18 ] + +Add a missing put_device(&pdev->dev) if the call to +dma_async_device_register(dma); fails. + +Fixes: 905ca51e63be ("dmaengine: plx-dma: Introduce PLX DMA engine PCI driver skeleton") +Signed-off-by: Dan Carpenter +Reviewed-by: Logan Gunthorpe +Link: https://lore.kernel.org/r/YFnq/0IQzixtAbC1@mwanda +Signed-off-by: Vinod Koul +Signed-off-by: Sasha Levin +--- + drivers/dma/plx_dma.c | 18 +++++++++++------- + 1 file changed, 11 insertions(+), 7 deletions(-) + +diff --git a/drivers/dma/plx_dma.c b/drivers/dma/plx_dma.c +index f387c5bbc170..166934544161 100644 +--- a/drivers/dma/plx_dma.c ++++ b/drivers/dma/plx_dma.c +@@ -507,10 +507,8 @@ static int plx_dma_create(struct pci_dev *pdev) + + rc = request_irq(pci_irq_vector(pdev, 0), plx_dma_isr, 0, + KBUILD_MODNAME, plxdev); +- if (rc) { +- kfree(plxdev); +- return rc; +- } ++ if (rc) ++ goto free_plx; + + spin_lock_init(&plxdev->ring_lock); + tasklet_setup(&plxdev->desc_task, plx_dma_desc_task); +@@ -540,14 +538,20 @@ static int plx_dma_create(struct pci_dev *pdev) + rc = dma_async_device_register(dma); + if (rc) { + pci_err(pdev, "Failed to register dma device: %d\n", rc); +- free_irq(pci_irq_vector(pdev, 0), plxdev); +- kfree(plxdev); +- return rc; ++ goto put_device; + } + + pci_set_drvdata(pdev, plxdev); + + return 0; ++ ++put_device: ++ put_device(&pdev->dev); ++ free_irq(pci_irq_vector(pdev, 0), plxdev); ++free_plx: ++ kfree(plxdev); ++ ++ return rc; + } + + static int plx_dma_probe(struct pci_dev *pdev, +-- +2.30.2 + diff --git a/queue-5.11/drm-amd-display-add-missing-mask-for-dcn3.patch b/queue-5.11/drm-amd-display-add-missing-mask-for-dcn3.patch new file mode 100644 index 00000000000..acd81b08259 --- /dev/null +++ b/queue-5.11/drm-amd-display-add-missing-mask-for-dcn3.patch @@ -0,0 +1,40 @@ +From 2bc1ea94b135456d0a95ca23f7d26e055dbce1dd Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 25 Mar 2021 03:44:11 -0400 +Subject: drm/amd/display: Add missing mask for DCN3 + +From: Qingqing Zhuo + +[ Upstream commit df7232c4c676be29f1cf45058ec156c1183539ff ] + +[Why] +DCN3 is not reusing DCN1 mask_sh_list, causing +SURFACE_FLIP_INT_MASK missing in the mapping. + +[How] +Add the corresponding entry to DCN3 list. + +Signed-off-by: Qingqing Zhuo +Reviewed-by: Nicholas Kazlauskas +Acked-by: Qingqing Zhuo +Signed-off-by: Alex Deucher +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.h b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.h +index 5fa150f34c60..2e89acf46e54 100644 +--- a/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.h ++++ b/drivers/gpu/drm/amd/display/dc/dcn30/dcn30_hubp.h +@@ -133,6 +133,7 @@ + HUBP_SF(HUBPREQ0_DCSURF_SURFACE_CONTROL, SECONDARY_SURFACE_DCC_EN, mask_sh),\ + HUBP_SF(HUBPREQ0_DCSURF_SURFACE_CONTROL, SECONDARY_SURFACE_DCC_IND_BLK, mask_sh),\ + HUBP_SF(HUBPREQ0_DCSURF_SURFACE_CONTROL, SECONDARY_SURFACE_DCC_IND_BLK_C, mask_sh),\ ++ HUBP_SF(HUBPREQ0_DCSURF_SURFACE_FLIP_INTERRUPT, SURFACE_FLIP_INT_MASK, mask_sh),\ + HUBP_SF(HUBPRET0_HUBPRET_CONTROL, DET_BUF_PLANE1_BASE_ADDRESS, mask_sh),\ + HUBP_SF(HUBPRET0_HUBPRET_CONTROL, CROSSBAR_SRC_CB_B, mask_sh),\ + HUBP_SF(HUBPRET0_HUBPRET_CONTROL, CROSSBAR_SRC_CR_R, mask_sh),\ +-- +2.30.2 + diff --git a/queue-5.11/drm-msm-fix-a5xx-a6xx-timestamps.patch b/queue-5.11/drm-msm-fix-a5xx-a6xx-timestamps.patch new file mode 100644 index 00000000000..6a080c13230 --- /dev/null +++ b/queue-5.11/drm-msm-fix-a5xx-a6xx-timestamps.patch @@ -0,0 +1,56 @@ +From 17e7fcb95a8edaf53ec13d6da92ee291818bd647 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 18:23:52 -0700 +Subject: drm/msm: Fix a5xx/a6xx timestamps + +From: Rob Clark + +[ Upstream commit 9fbd3088351b92e8c2cef6e37a39decb12a8d5bb ] + +They were reading a counter that was configured to ALWAYS_COUNT (ie. +cycles that the GPU is doing something) rather than ALWAYS_ON. This +isn't the thing that userspace is looking for. + +Signed-off-by: Rob Clark +Acked-by: Jordan Crouse +Message-Id: <20210325012358.1759770-2-robdclark@gmail.com> +Signed-off-by: Rob Clark +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/adreno/a5xx_gpu.c | 4 ++-- + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c +index 81506d2539b0..15898b9b9ce9 100644 +--- a/drivers/gpu/drm/msm/adreno/a5xx_gpu.c ++++ b/drivers/gpu/drm/msm/adreno/a5xx_gpu.c +@@ -1239,8 +1239,8 @@ static int a5xx_pm_suspend(struct msm_gpu *gpu) + + static int a5xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value) + { +- *value = gpu_read64(gpu, REG_A5XX_RBBM_PERFCTR_CP_0_LO, +- REG_A5XX_RBBM_PERFCTR_CP_0_HI); ++ *value = gpu_read64(gpu, REG_A5XX_RBBM_ALWAYSON_COUNTER_LO, ++ REG_A5XX_RBBM_ALWAYSON_COUNTER_HI); + + return 0; + } +diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +index a676811ef69d..b6e8ff2782da 100644 +--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c ++++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +@@ -1227,8 +1227,8 @@ static int a6xx_get_timestamp(struct msm_gpu *gpu, uint64_t *value) + /* Force the GPU power on so we can read this register */ + a6xx_gmu_set_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET); + +- *value = gpu_read64(gpu, REG_A6XX_RBBM_PERFCTR_CP_0_LO, +- REG_A6XX_RBBM_PERFCTR_CP_0_HI); ++ *value = gpu_read64(gpu, REG_A6XX_CP_ALWAYS_ON_COUNTER_LO, ++ REG_A6XX_CP_ALWAYS_ON_COUNTER_HI); + + a6xx_gmu_clear_oob(&a6xx_gpu->gmu, GMU_OOB_PERFCOUNTER_SET); + mutex_unlock(&perfcounter_oob); +-- +2.30.2 + diff --git a/queue-5.11/gpio-sysfs-obey-valid_mask.patch b/queue-5.11/gpio-sysfs-obey-valid_mask.patch new file mode 100644 index 00000000000..3e4725dc233 --- /dev/null +++ b/queue-5.11/gpio-sysfs-obey-valid_mask.patch @@ -0,0 +1,50 @@ +From 4770c296ac0361f3f42f7cef6bf7c2d407a7a93d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 29 Mar 2021 14:41:12 +0300 +Subject: gpio: sysfs: Obey valid_mask + +From: Matti Vaittinen + +[ Upstream commit 23cf00ddd2e1aacf1873e43f5e0c519c120daf7a ] + +Do not allow exporting GPIOs which are set invalid +by the driver's valid mask. + +Fixes: 726cb3ba4969 ("gpiolib: Support 'gpio-reserved-ranges' property") +Signed-off-by: Matti Vaittinen +Reviewed-by: Andy Shevchenko +Signed-off-by: Bartosz Golaszewski +Signed-off-by: Sasha Levin +--- + drivers/gpio/gpiolib-sysfs.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/gpio/gpiolib-sysfs.c b/drivers/gpio/gpiolib-sysfs.c +index 26c5466b8179..ae49bb23c6ed 100644 +--- a/drivers/gpio/gpiolib-sysfs.c ++++ b/drivers/gpio/gpiolib-sysfs.c +@@ -458,6 +458,8 @@ static ssize_t export_store(struct class *class, + long gpio; + struct gpio_desc *desc; + int status; ++ struct gpio_chip *gc; ++ int offset; + + status = kstrtol(buf, 0, &gpio); + if (status < 0) +@@ -469,6 +471,12 @@ static ssize_t export_store(struct class *class, + pr_warn("%s: invalid GPIO %ld\n", __func__, gpio); + return -EINVAL; + } ++ gc = desc->gdev->chip; ++ offset = gpio_chip_hwgpio(desc); ++ if (!gpiochip_line_is_valid(gc, offset)) { ++ pr_warn("%s: GPIO %ld masked\n", __func__, gpio); ++ return -EINVAL; ++ } + + /* No extra locking here; FLAG_SYSFS just signifies that the + * request and export were done by on behalf of userspace, so +-- +2.30.2 + diff --git a/queue-5.11/gpu-xen-fix-a-use-after-free-in-xen_drm_drv_init.patch b/queue-5.11/gpu-xen-fix-a-use-after-free-in-xen_drm_drv_init.patch new file mode 100644 index 00000000000..699cff8495e --- /dev/null +++ b/queue-5.11/gpu-xen-fix-a-use-after-free-in-xen_drm_drv_init.patch @@ -0,0 +1,59 @@ +From 5beff1a5e9a044fa80337bf593660b302272efd3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 22 Mar 2021 18:46:56 -0700 +Subject: gpu/xen: Fix a use after free in xen_drm_drv_init + +From: Lv Yunlong + +[ Upstream commit 52762efa2b256ed1c5274e5177cbd52ee11a2f6a ] + +In function displback_changed, has the call chain +displback_connect(front_info)->xen_drm_drv_init(front_info). +We can see that drm_info is assigned to front_info->drm_info +and drm_info is freed in fail branch in xen_drm_drv_init(). + +Later displback_disconnect(front_info) is called and it calls +xen_drm_drv_fini(front_info) cause a use after free by +drm_info = front_info->drm_info statement. + +My patch has done two things. First fixes the fail label which +drm_info = kzalloc() failed and still free the drm_info. +Second sets front_info->drm_info to NULL to avoid uaf. + +Signed-off-by: Lv Yunlong +Reviewed-by: Oleksandr Andrushchenko +Signed-off-by: Oleksandr Andrushchenko +Link: https://patchwork.freedesktop.org/patch/msgid/20210323014656.10068-1-lyl2019@mail.ustc.edu.cn +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/xen/xen_drm_front.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/xen/xen_drm_front.c b/drivers/gpu/drm/xen/xen_drm_front.c +index 30d9adf31c84..9f14d99c763c 100644 +--- a/drivers/gpu/drm/xen/xen_drm_front.c ++++ b/drivers/gpu/drm/xen/xen_drm_front.c +@@ -521,7 +521,7 @@ static int xen_drm_drv_init(struct xen_drm_front_info *front_info) + drm_dev = drm_dev_alloc(&xen_drm_driver, dev); + if (IS_ERR(drm_dev)) { + ret = PTR_ERR(drm_dev); +- goto fail; ++ goto fail_dev; + } + + drm_info->drm_dev = drm_dev; +@@ -551,8 +551,10 @@ fail_modeset: + drm_kms_helper_poll_fini(drm_dev); + drm_mode_config_cleanup(drm_dev); + drm_dev_put(drm_dev); +-fail: ++fail_dev: + kfree(drm_info); ++ front_info->drm_info = NULL; ++fail: + return ret; + } + +-- +2.30.2 + diff --git a/queue-5.11/input-nspire-keypad-enable-interrupts-only-when-open.patch b/queue-5.11/input-nspire-keypad-enable-interrupts-only-when-open.patch new file mode 100644 index 00000000000..a0e714a9e5a --- /dev/null +++ b/queue-5.11/input-nspire-keypad-enable-interrupts-only-when-open.patch @@ -0,0 +1,121 @@ +From 8546f002f51a8858cb78e196743bfbcf325d9ef8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 23 Mar 2021 10:45:55 -0700 +Subject: Input: nspire-keypad - enable interrupts only when opened + +From: Fabian Vogt + +[ Upstream commit 69d5ff3e9e51e23d5d81bf48480aa5671be67a71 ] + +The driver registers an interrupt handler in _probe, but didn't configure +them until later when the _open function is called. In between, the keypad +can fire an IRQ due to touchpad activity, which the handler ignores. This +causes the kernel to disable the interrupt, blocking the keypad from +working. + +Fix this by disabling interrupts before registering the handler. +Additionally, disable them in _close, so that they're only enabled while +open. + +Fixes: fc4f31461892 ("Input: add TI-Nspire keypad support") +Signed-off-by: Fabian Vogt +Link: https://lore.kernel.org/r/3383725.iizBOSrK1V@linux-e202.suse.de +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/keyboard/nspire-keypad.c | 56 ++++++++++++++------------ + 1 file changed, 31 insertions(+), 25 deletions(-) + +diff --git a/drivers/input/keyboard/nspire-keypad.c b/drivers/input/keyboard/nspire-keypad.c +index 63d5e488137d..e9fa1423f136 100644 +--- a/drivers/input/keyboard/nspire-keypad.c ++++ b/drivers/input/keyboard/nspire-keypad.c +@@ -93,9 +93,15 @@ static irqreturn_t nspire_keypad_irq(int irq, void *dev_id) + return IRQ_HANDLED; + } + +-static int nspire_keypad_chip_init(struct nspire_keypad *keypad) ++static int nspire_keypad_open(struct input_dev *input) + { ++ struct nspire_keypad *keypad = input_get_drvdata(input); + unsigned long val = 0, cycles_per_us, delay_cycles, row_delay_cycles; ++ int error; ++ ++ error = clk_prepare_enable(keypad->clk); ++ if (error) ++ return error; + + cycles_per_us = (clk_get_rate(keypad->clk) / 1000000); + if (cycles_per_us == 0) +@@ -121,30 +127,6 @@ static int nspire_keypad_chip_init(struct nspire_keypad *keypad) + keypad->int_mask = 1 << 1; + writel(keypad->int_mask, keypad->reg_base + KEYPAD_INTMSK); + +- /* Disable GPIO interrupts to prevent hanging on touchpad */ +- /* Possibly used to detect touchpad events */ +- writel(0, keypad->reg_base + KEYPAD_UNKNOWN_INT); +- /* Acknowledge existing interrupts */ +- writel(~0, keypad->reg_base + KEYPAD_UNKNOWN_INT_STS); +- +- return 0; +-} +- +-static int nspire_keypad_open(struct input_dev *input) +-{ +- struct nspire_keypad *keypad = input_get_drvdata(input); +- int error; +- +- error = clk_prepare_enable(keypad->clk); +- if (error) +- return error; +- +- error = nspire_keypad_chip_init(keypad); +- if (error) { +- clk_disable_unprepare(keypad->clk); +- return error; +- } +- + return 0; + } + +@@ -152,6 +134,11 @@ static void nspire_keypad_close(struct input_dev *input) + { + struct nspire_keypad *keypad = input_get_drvdata(input); + ++ /* Disable interrupts */ ++ writel(0, keypad->reg_base + KEYPAD_INTMSK); ++ /* Acknowledge existing interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_INT); ++ + clk_disable_unprepare(keypad->clk); + } + +@@ -210,6 +197,25 @@ static int nspire_keypad_probe(struct platform_device *pdev) + return -ENOMEM; + } + ++ error = clk_prepare_enable(keypad->clk); ++ if (error) { ++ dev_err(&pdev->dev, "failed to enable clock\n"); ++ return error; ++ } ++ ++ /* Disable interrupts */ ++ writel(0, keypad->reg_base + KEYPAD_INTMSK); ++ /* Acknowledge existing interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_INT); ++ ++ /* Disable GPIO interrupts to prevent hanging on touchpad */ ++ /* Possibly used to detect touchpad events */ ++ writel(0, keypad->reg_base + KEYPAD_UNKNOWN_INT); ++ /* Acknowledge existing GPIO interrupts */ ++ writel(~0, keypad->reg_base + KEYPAD_UNKNOWN_INT_STS); ++ ++ clk_disable_unprepare(keypad->clk); ++ + input_set_drvdata(input, keypad); + + input->id.bustype = BUS_HOST; +-- +2.30.2 + diff --git a/queue-5.11/iwlwifi-add-support-for-qu-with-ax201-device.patch b/queue-5.11/iwlwifi-add-support-for-qu-with-ax201-device.patch new file mode 100644 index 00000000000..d37fd72e7e0 --- /dev/null +++ b/queue-5.11/iwlwifi-add-support-for-qu-with-ax201-device.patch @@ -0,0 +1,36 @@ +From 99dc6f5090888cf0a2144c7205c489dcd494f274 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 26 Mar 2021 12:57:19 +0200 +Subject: iwlwifi: add support for Qu with AX201 device + +From: Matt Chen + +[ Upstream commit 97195d3cad852063208a1cd4f4d073459547a415 ] + +Add this specific Samsung AX201 sku to driver so it can be +detected and initialized successfully. + +Signed-off-by: Matt Chen +Signed-off-by: Luca Coelho +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/iwlwifi.20210326125611.30b622037714.Id9fd709cf1c8261c097bbfd7453f6476077dcafc@changeid +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/pcie/drv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c +index c55faa388948..018daa84ddd2 100644 +--- a/drivers/net/wireless/intel/iwlwifi/pcie/drv.c ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/drv.c +@@ -628,6 +628,7 @@ static const struct iwl_dev_info iwl_dev_info_table[] = { + IWL_DEV_INFO(0x4DF0, 0x1652, killer1650i_2ax_cfg_qu_b0_hr_b0, NULL), + IWL_DEV_INFO(0x4DF0, 0x2074, iwl_ax201_cfg_qu_hr, NULL), + IWL_DEV_INFO(0x4DF0, 0x4070, iwl_ax201_cfg_qu_hr, NULL), ++ IWL_DEV_INFO(0x4DF0, 0x6074, iwl_ax201_cfg_qu_hr, NULL), + + _IWL_DEV_INFO(IWL_CFG_ANY, IWL_CFG_ANY, + IWL_CFG_MAC_TYPE_PU, IWL_CFG_ANY, +-- +2.30.2 + diff --git a/queue-5.11/iwlwifi-fix-softirq-hardirq-disabling-in-iwl_pcie_en.patch b/queue-5.11/iwlwifi-fix-softirq-hardirq-disabling-in-iwl_pcie_en.patch new file mode 100644 index 00000000000..d0a18c1ba3d --- /dev/null +++ b/queue-5.11/iwlwifi-fix-softirq-hardirq-disabling-in-iwl_pcie_en.patch @@ -0,0 +1,141 @@ +From db058772a1e9bab27801a9bc11be4f673376da8a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 2 Mar 2021 11:26:55 +0100 +Subject: iwlwifi: Fix softirq/hardirq disabling in iwl_pcie_enqueue_hcmd() + +From: Jiri Kosina + +[ Upstream commit 2800aadc18a64c96b051bcb7da8a7df7d505db3f ] + +It's possible for iwl_pcie_enqueue_hcmd() to be called with hard IRQs +disabled (e.g. from LED core). We can't enable BHs in such a situation. + +Turn the unconditional BH-enable/BH-disable code into +hardirq-disable/conditional-enable. + +This fixes the warning below. + + WARNING: CPU: 1 PID: 1139 at kernel/softirq.c:178 __local_bh_enable_ip+0xa5/0xf0 + CPU: 1 PID: 1139 Comm: NetworkManager Not tainted 5.12.0-rc1-00004-gb4ded168af79 #7 + Hardware name: LENOVO 20K5S22R00/20K5S22R00, BIOS R0IET38W (1.16 ) 05/31/2017 + RIP: 0010:__local_bh_enable_ip+0xa5/0xf0 + Code: f7 69 e8 ee 23 14 00 fb 66 0f 1f 44 00 00 65 8b 05 f0 f4 f7 69 85 c0 74 3f 48 83 c4 08 5b c3 65 8b 05 9b fe f7 69 85 c0 75 8e <0f> 0b eb 8a 48 89 3c 24 e8 4e 20 14 00 48 8b 3c 24 eb 91 e8 13 4e + RSP: 0018:ffffafd580b13298 EFLAGS: 00010046 + RAX: 0000000000000000 RBX: 0000000000000201 RCX: 0000000000000000 + RDX: 0000000000000003 RSI: 0000000000000201 RDI: ffffffffc1272389 + RBP: ffff96517ae4c018 R08: 0000000000000001 R09: 0000000000000000 + R10: ffffafd580b13178 R11: 0000000000000001 R12: ffff96517b060000 + R13: 0000000000000000 R14: ffffffff80000000 R15: 0000000000000001 + FS: 00007fc604ebefc0(0000) GS:ffff965267480000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 000055fb3fef13b2 CR3: 0000000109112004 CR4: 00000000003706e0 + Call Trace: + ? _raw_spin_unlock_bh+0x1f/0x30 + iwl_pcie_enqueue_hcmd+0x5d9/0xa00 [iwlwifi] + iwl_trans_txq_send_hcmd+0x6c/0x430 [iwlwifi] + iwl_trans_send_cmd+0x88/0x170 [iwlwifi] + ? lock_acquire+0x277/0x3d0 + iwl_mvm_send_cmd+0x32/0x80 [iwlmvm] + iwl_mvm_led_set+0xc2/0xe0 [iwlmvm] + ? led_trigger_event+0x46/0x70 + led_trigger_event+0x46/0x70 + ieee80211_do_open+0x5c5/0xa20 [mac80211] + ieee80211_open+0x67/0x90 [mac80211] + __dev_open+0xd4/0x150 + __dev_change_flags+0x19e/0x1f0 + dev_change_flags+0x23/0x60 + do_setlink+0x30d/0x1230 + ? lock_is_held_type+0xb4/0x120 + ? __nla_validate_parse.part.7+0x57/0xcb0 + ? __lock_acquire+0x2e1/0x1a50 + __rtnl_newlink+0x560/0x910 + ? __lock_acquire+0x2e1/0x1a50 + ? __lock_acquire+0x2e1/0x1a50 + ? lock_acquire+0x277/0x3d0 + ? sock_def_readable+0x5/0x290 + ? lock_is_held_type+0xb4/0x120 + ? find_held_lock+0x2d/0x90 + ? sock_def_readable+0xb3/0x290 + ? lock_release+0x166/0x2a0 + ? lock_is_held_type+0x90/0x120 + rtnl_newlink+0x47/0x70 + rtnetlink_rcv_msg+0x25c/0x470 + ? netlink_deliver_tap+0x97/0x3e0 + ? validate_linkmsg+0x350/0x350 + netlink_rcv_skb+0x50/0x100 + netlink_unicast+0x1b2/0x280 + netlink_sendmsg+0x336/0x450 + sock_sendmsg+0x5b/0x60 + ____sys_sendmsg+0x1ed/0x250 + ? copy_msghdr_from_user+0x5c/0x90 + ___sys_sendmsg+0x88/0xd0 + ? lock_is_held_type+0xb4/0x120 + ? find_held_lock+0x2d/0x90 + ? lock_release+0x166/0x2a0 + ? __fget_files+0xfe/0x1d0 + ? __sys_sendmsg+0x5e/0xa0 + __sys_sendmsg+0x5e/0xa0 + ? lockdep_hardirqs_on_prepare+0xd9/0x170 + do_syscall_64+0x33/0x80 + entry_SYSCALL_64_after_hwframe+0x44/0xae + RIP: 0033:0x7fc605c9572d + Code: 28 89 54 24 1c 48 89 74 24 10 89 7c 24 08 e8 da ee ff ff 8b 54 24 1c 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 33 44 89 c7 48 89 44 24 08 e8 2e ef ff ff 48 + RSP: 002b:00007fffc83789f0 EFLAGS: 00000293 ORIG_RAX: 000000000000002e + RAX: ffffffffffffffda RBX: 000055ef468570c0 RCX: 00007fc605c9572d + RDX: 0000000000000000 RSI: 00007fffc8378a30 RDI: 000000000000000c + RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 + R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 + R13: 00007fffc8378b80 R14: 00007fffc8378b7c R15: 0000000000000000 + irq event stamp: 170785 + hardirqs last enabled at (170783): [] __local_bh_enable_ip+0x82/0xf0 + hardirqs last disabled at (170784): [] _raw_read_lock_irqsave+0x8d/0x90 + softirqs last enabled at (170782): [] iwl_pcie_enqueue_hcmd+0x5d9/0xa00 [iwlwifi] + softirqs last disabled at (170785): [] iwl_pcie_enqueue_hcmd+0x116/0xa00 [iwlwifi] + +Signed-off-by: Jiri Kosina +Tested-by: Sedat Dilek # LLVM/Clang v12.0.0-rc3 +Acked-by: Luca Coelho +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/nycvar.YFH.7.76.2103021125430.12405@cbobk.fhfr.pm +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c +index 689f51968049..2280f05fbc18 100644 +--- a/drivers/net/wireless/intel/iwlwifi/pcie/tx.c ++++ b/drivers/net/wireless/intel/iwlwifi/pcie/tx.c +@@ -929,6 +929,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans, + u32 cmd_pos; + const u8 *cmddata[IWL_MAX_CMD_TBS_PER_TFD]; + u16 cmdlen[IWL_MAX_CMD_TBS_PER_TFD]; ++ unsigned long flags; + + if (WARN(!trans->wide_cmd_header && + group_id > IWL_ALWAYS_LONG_GROUP, +@@ -1012,10 +1013,10 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans, + goto free_dup_buf; + } + +- spin_lock_bh(&txq->lock); ++ spin_lock_irqsave(&txq->lock, flags); + + if (iwl_txq_space(trans, txq) < ((cmd->flags & CMD_ASYNC) ? 2 : 1)) { +- spin_unlock_bh(&txq->lock); ++ spin_unlock_irqrestore(&txq->lock, flags); + + IWL_ERR(trans, "No space in command queue\n"); + iwl_op_mode_cmd_queue_full(trans->op_mode); +@@ -1175,7 +1176,7 @@ static int iwl_pcie_enqueue_hcmd(struct iwl_trans *trans, + unlock_reg: + spin_unlock(&trans_pcie->reg_lock); + out: +- spin_unlock_bh(&txq->lock); ++ spin_unlock_irqrestore(&txq->lock, flags); + free_dup_buf: + if (idx < 0) + kfree(dup_buf); +-- +2.30.2 + diff --git a/queue-5.11/lib-fix-kconfig-dependency-on-arch_want_frame_pointe.patch b/queue-5.11/lib-fix-kconfig-dependency-on-arch_want_frame_pointe.patch new file mode 100644 index 00000000000..704fbd921fc --- /dev/null +++ b/queue-5.11/lib-fix-kconfig-dependency-on-arch_want_frame_pointe.patch @@ -0,0 +1,68 @@ +From 6a451b6dbf662de10b363e8b0984d07dd6605c8b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 9 Apr 2021 13:27:47 -0700 +Subject: lib: fix kconfig dependency on ARCH_WANT_FRAME_POINTERS + +From: Julian Braha + +[ Upstream commit 7d37cb2c912dc5c25ffac784a4f9b98c06c6bd08 ] + +When LATENCYTOP, LOCKDEP, or FAULT_INJECTION_STACKTRACE_FILTER is +enabled and ARCH_WANT_FRAME_POINTERS is disabled, Kbuild gives a warning +such as: + + WARNING: unmet direct dependencies detected for FRAME_POINTER + Depends on [n]: DEBUG_KERNEL [=y] && (M68K || UML || SUPERH) || ARCH_WANT_FRAME_POINTERS [=n] || MCOUNT [=n] + Selected by [y]: + - LATENCYTOP [=y] && DEBUG_KERNEL [=y] && STACKTRACE_SUPPORT [=y] && PROC_FS [=y] && !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86 + +Depending on ARCH_WANT_FRAME_POINTERS causes a recursive dependency +error. ARCH_WANT_FRAME_POINTERS is to be selected by the architecture, +and is not supposed to be overridden by other config options. + +Link: https://lkml.kernel.org/r/20210329165329.27994-1-julianbraha@gmail.com +Signed-off-by: Julian Braha +Cc: Andreas Schwab +Cc: Geert Uytterhoeven +Cc: Necip Fazil Yildiran +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Sasha Levin +--- + lib/Kconfig.debug | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 7937265ef879..431b6b7ec04d 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -1325,7 +1325,7 @@ config LOCKDEP + bool + depends on DEBUG_KERNEL && LOCK_DEBUGGING_SUPPORT + select STACKTRACE +- select FRAME_POINTER if !MIPS && !PPC && !ARM && !S390 && !MICROBLAZE && !ARC && !X86 ++ depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86 + select KALLSYMS + select KALLSYMS_ALL + +@@ -1619,7 +1619,7 @@ config LATENCYTOP + depends on DEBUG_KERNEL + depends on STACKTRACE_SUPPORT + depends on PROC_FS +- select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86 ++ depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86 + select KALLSYMS + select KALLSYMS_ALL + select STACKTRACE +@@ -1872,7 +1872,7 @@ config FAULT_INJECTION_STACKTRACE_FILTER + depends on FAULT_INJECTION_DEBUG_FS && STACKTRACE_SUPPORT + depends on !X86_64 + select STACKTRACE +- select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM && !ARC && !X86 ++ depends on FRAME_POINTER || MIPS || PPC || S390 || MICROBLAZE || ARM || ARC || X86 + help + Provide stacktrace filter for fault-injection capabilities + +-- +2.30.2 + diff --git a/queue-5.11/lockdep-add-a-missing-initialization-hint-to-the-inf.patch b/queue-5.11/lockdep-add-a-missing-initialization-hint-to-the-inf.patch new file mode 100644 index 00000000000..1f957748841 --- /dev/null +++ b/queue-5.11/lockdep-add-a-missing-initialization-hint-to-the-inf.patch @@ -0,0 +1,43 @@ +From d4f3b6a26001d1ce8ac951ad16ca7d290ddb37b2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 21 Mar 2021 15:49:13 +0900 +Subject: lockdep: Add a missing initialization hint to the "INFO: Trying to + register non-static key" message + +From: Tetsuo Handa + +[ Upstream commit 3a85969e9d912d5dd85362ee37b5f81266e00e77 ] + +Since this message is printed when dynamically allocated spinlocks (e.g. +kzalloc()) are used without initialization (e.g. spin_lock_init()), +suggest to developers to check whether initialization functions for objects +were called, before making developers wonder what annotation is missing. + +[ mingo: Minor tweaks to the message. ] + +Signed-off-by: Tetsuo Handa +Signed-off-by: Ingo Molnar +Link: https://lore.kernel.org/r/20210321064913.4619-1-penguin-kernel@I-love.SAKURA.ne.jp +Signed-off-by: Ingo Molnar +Signed-off-by: Sasha Levin +--- + kernel/locking/lockdep.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/kernel/locking/lockdep.c b/kernel/locking/lockdep.c +index eead7efbe7e5..38d7c03e694c 100644 +--- a/kernel/locking/lockdep.c ++++ b/kernel/locking/lockdep.c +@@ -930,7 +930,8 @@ static bool assign_lock_key(struct lockdep_map *lock) + /* Debug-check: all keys must be persistent! */ + debug_locks_off(); + pr_err("INFO: trying to register non-static key.\n"); +- pr_err("the code is fine but needs lockdep annotation.\n"); ++ pr_err("The code is fine but needs lockdep annotation, or maybe\n"); ++ pr_err("you didn't initialize this object before use?\n"); + pr_err("turning off the locking correctness validator.\n"); + dump_stack(); + return false; +-- +2.30.2 + diff --git a/queue-5.11/mac80211-clear-sta-fast_rx-when-sta-removed-from-4-a.patch b/queue-5.11/mac80211-clear-sta-fast_rx-when-sta-removed-from-4-a.patch new file mode 100644 index 00000000000..dfa327ff595 --- /dev/null +++ b/queue-5.11/mac80211-clear-sta-fast_rx-when-sta-removed-from-4-a.patch @@ -0,0 +1,70 @@ +From 79610863ba3dfdf76d2d907a9325700a995e333d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 19:48:52 +0530 +Subject: mac80211: clear sta->fast_rx when STA removed from 4-addr VLAN + +From: Seevalamuthu Mariappan + +[ Upstream commit dd0b45538146cb6a54d6da7663b8c3afd16ebcfd ] + +In some race conditions, with more clients and traffic configuration, +below crash is seen when making the interface down. sta->fast_rx wasn't +cleared when STA gets removed from 4-addr AP_VLAN interface. The crash is +due to try accessing 4-addr AP_VLAN interface's net_device (fast_rx->dev) +which has been deleted already. + +Resolve this by clearing sta->fast_rx pointer when STA removes +from a 4-addr VLAN. + +[ 239.449529] Unable to handle kernel NULL pointer dereference at virtual address 00000004 +[ 239.449531] pgd = 80204000 +... +[ 239.481496] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.4.60 #227 +[ 239.481591] Hardware name: Generic DT based system +[ 239.487665] task: be05b700 ti: be08e000 task.ti: be08e000 +[ 239.492360] PC is at get_rps_cpu+0x2d4/0x31c +[ 239.497823] LR is at 0xbe08fc54 +... +[ 239.778574] [<80739740>] (get_rps_cpu) from [<8073cb10>] (netif_receive_skb_internal+0x8c/0xac) +[ 239.786722] [<8073cb10>] (netif_receive_skb_internal) from [<8073d578>] (napi_gro_receive+0x48/0xc4) +[ 239.795267] [<8073d578>] (napi_gro_receive) from [] (ieee80211_mark_rx_ba_filtered_frames+0xbcc/0x12d4 [mac80211]) +[ 239.804776] [] (ieee80211_mark_rx_ba_filtered_frames [mac80211]) from [] (ieee80211_rx_napi+0x7b8/0x8c8 [mac8 + 0211]) +[ 239.815857] [] (ieee80211_rx_napi [mac80211]) from [] (ath11k_dp_process_rx+0x7bc/0x8c8 [ath11k]) +[ 239.827757] [] (ath11k_dp_process_rx [ath11k]) from [] (ath11k_dp_service_srng+0x2c0/0x2e0 [ath11k]) +[ 239.838484] [] (ath11k_dp_service_srng [ath11k]) from [<7f55b7dc>] (ath11k_ahb_ext_grp_napi_poll+0x20/0x84 [ath11k_ahb] + ) +[ 239.849419] [<7f55b7dc>] (ath11k_ahb_ext_grp_napi_poll [ath11k_ahb]) from [<8073ce1c>] (net_rx_action+0xe0/0x28c) +[ 239.860945] [<8073ce1c>] (net_rx_action) from [<80324868>] (__do_softirq+0xe4/0x228) +[ 239.871269] [<80324868>] (__do_softirq) from [<80324c48>] (irq_exit+0x98/0x108) +[ 239.879080] [<80324c48>] (irq_exit) from [<8035c59c>] (__handle_domain_irq+0x90/0xb4) +[ 239.886114] [<8035c59c>] (__handle_domain_irq) from [<8030137c>] (gic_handle_irq+0x50/0x94) +[ 239.894100] [<8030137c>] (gic_handle_irq) from [<803024c0>] (__irq_svc+0x40/0x74) + +Signed-off-by: Seevalamuthu Mariappan +Link: https://lore.kernel.org/r/1616163532-3881-1-git-send-email-seevalam@codeaurora.org +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + net/mac80211/cfg.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c +index 68a0de02b561..860bc35383d5 100644 +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -1788,8 +1788,10 @@ static int ieee80211_change_station(struct wiphy *wiphy, + } + + if (sta->sdata->vif.type == NL80211_IFTYPE_AP_VLAN && +- sta->sdata->u.vlan.sta) ++ sta->sdata->u.vlan.sta) { ++ ieee80211_clear_fast_rx(sta); + RCU_INIT_POINTER(sta->sdata->u.vlan.sta, NULL); ++ } + + if (test_sta_flag(sta, WLAN_STA_AUTHORIZED)) + ieee80211_vif_dec_num_mcast(sta->sdata); +-- +2.30.2 + diff --git a/queue-5.11/mtd-rawnand-mtk-fix-waitrdy-break-condition-and-time.patch b/queue-5.11/mtd-rawnand-mtk-fix-waitrdy-break-condition-and-time.patch new file mode 100644 index 00000000000..32147ddd310 --- /dev/null +++ b/queue-5.11/mtd-rawnand-mtk-fix-waitrdy-break-condition-and-time.patch @@ -0,0 +1,49 @@ +From 779e097fee552c9b937a94aa86226aa2ce75844a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 9 Mar 2021 01:01:07 +0100 +Subject: mtd: rawnand: mtk: Fix WAITRDY break condition and timeout + +From: Hauke Mehrtens + +[ Upstream commit 2fb164f0ce95e504e2688b4f984893c29ebd19ab ] + +This fixes NAND_OP_WAITRDY_INSTR operation in the driver. Without this +change the driver waits till the system is busy, but we should wait till +the busy flag is cleared. The readl_poll_timeout() function gets a break +condition, not a wait condition. + +In addition fix the timeout. The timeout_ms is given in ms, but the +readl_poll_timeout() function takes the timeout in us. Multiple the +given timeout by 1000 to convert it. + +Without this change, the driver does not work at all, it doesn't even +identify the NAND chip. + +Fixes: 5197360f9e09 ("mtd: rawnand: mtk: Convert the driver to exec_op()") +Signed-off-by: Hauke Mehrtens +Reviewed-by: Boris Brezillon +Signed-off-by: Miquel Raynal +Link: https://lore.kernel.org/linux-mtd/20210309000107.1368404-1-hauke@hauke-m.de +Signed-off-by: Sasha Levin +--- + drivers/mtd/nand/raw/mtk_nand.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/mtd/nand/raw/mtk_nand.c b/drivers/mtd/nand/raw/mtk_nand.c +index 57f1f1708994..5c5c92132287 100644 +--- a/drivers/mtd/nand/raw/mtk_nand.c ++++ b/drivers/mtd/nand/raw/mtk_nand.c +@@ -488,8 +488,8 @@ static int mtk_nfc_exec_instr(struct nand_chip *chip, + return 0; + case NAND_OP_WAITRDY_INSTR: + return readl_poll_timeout(nfc->regs + NFI_STA, status, +- status & STA_BUSY, 20, +- instr->ctx.waitrdy.timeout_ms); ++ !(status & STA_BUSY), 20, ++ instr->ctx.waitrdy.timeout_ms * 1000); + default: + break; + } +-- +2.30.2 + diff --git a/queue-5.11/neighbour-disregard-dead-dst-in-neigh_update.patch b/queue-5.11/neighbour-disregard-dead-dst-in-neigh_update.patch new file mode 100644 index 00000000000..a7552028de4 --- /dev/null +++ b/queue-5.11/neighbour-disregard-dead-dst-in-neigh_update.patch @@ -0,0 +1,51 @@ +From 3de4e6ec6eb162fb78644bbb1285fdab88a9f147 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 14:33:37 -0400 +Subject: neighbour: Disregard DEAD dst in neigh_update + +From: Tong Zhu + +[ Upstream commit d47ec7a0a7271dda08932d6208e4ab65ab0c987c ] + +After a short network outage, the dst_entry is timed out and put +in DST_OBSOLETE_DEAD. We are in this code because arp reply comes +from this neighbour after network recovers. There is a potential +race condition that dst_entry is still in DST_OBSOLETE_DEAD. +With that, another neighbour lookup causes more harm than good. + +In best case all packets in arp_queue are lost. This is +counterproductive to the original goal of finding a better path +for those packets. + +I observed a worst case with 4.x kernel where a dst_entry in +DST_OBSOLETE_DEAD state is associated with loopback net_device. +It leads to an ethernet header with all zero addresses. +A packet with all zero source MAC address is quite deadly with +mac80211, ath9k and 802.11 block ack. It fails +ieee80211_find_sta_by_ifaddr in ath9k (xmit.c). Ath9k flushes tx +queue (ath_tx_complete_aggr). BAW (block ack window) is not +updated. BAW logic is damaged and ath9k transmission is disabled. + +Signed-off-by: Tong Zhu +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/core/neighbour.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index 6d2d557442dc..7b413fe907d6 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -1380,7 +1380,7 @@ static int __neigh_update(struct neighbour *neigh, const u8 *lladdr, + * we can reinject the packet there. + */ + n2 = NULL; +- if (dst) { ++ if (dst && dst->obsolete != DST_OBSOLETE_DEAD) { + n2 = dst_neigh_lookup_skb(dst, skb); + if (n2) + n1 = n2; +-- +2.30.2 + diff --git a/queue-5.11/net-axienet-allow-setups-without-mdio.patch b/queue-5.11/net-axienet-allow-setups-without-mdio.patch new file mode 100644 index 00000000000..77251ac02e4 --- /dev/null +++ b/queue-5.11/net-axienet-allow-setups-without-mdio.patch @@ -0,0 +1,91 @@ +From 2c4a36fc4d0fadb1f76ea40057c02f7e66d53e2d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 24 Mar 2021 14:05:36 +0100 +Subject: net: axienet: allow setups without MDIO + +From: Daniel Mack + +[ Upstream commit de9c7854e6e1589f639c6352112956d08243b659 ] + +In setups with fixed-link settings there is no mdio node in DTS. +axienet_probe() already handles that gracefully but lp->mii_bus is +then NULL. + +Fix code that tries to blindly grab the MDIO lock by introducing two helper +functions that make the locking conditional. + +Signed-off-by: Daniel Mack +Reviewed-by: Radhey Shyam Pandey +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/xilinx/xilinx_axienet.h | 12 ++++++++++++ + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 12 ++++++------ + 2 files changed, 18 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet.h b/drivers/net/ethernet/xilinx/xilinx_axienet.h +index a03c3ca1b28d..9e2cddba3b5b 100644 +--- a/drivers/net/ethernet/xilinx/xilinx_axienet.h ++++ b/drivers/net/ethernet/xilinx/xilinx_axienet.h +@@ -497,6 +497,18 @@ static inline u32 axinet_ior_read_mcr(struct axienet_local *lp) + return axienet_ior(lp, XAE_MDIO_MCR_OFFSET); + } + ++static inline void axienet_lock_mii(struct axienet_local *lp) ++{ ++ if (lp->mii_bus) ++ mutex_lock(&lp->mii_bus->mdio_lock); ++} ++ ++static inline void axienet_unlock_mii(struct axienet_local *lp) ++{ ++ if (lp->mii_bus) ++ mutex_unlock(&lp->mii_bus->mdio_lock); ++} ++ + /** + * axienet_iow - Memory mapped Axi Ethernet register write + * @lp: Pointer to axienet local structure +diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +index 4cd701a9277d..82176dd2cdf3 100644 +--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c ++++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +@@ -1053,9 +1053,9 @@ static int axienet_open(struct net_device *ndev) + * including the MDIO. MDIO must be disabled before resetting. + * Hold MDIO bus lock to avoid MDIO accesses during the reset. + */ +- mutex_lock(&lp->mii_bus->mdio_lock); ++ axienet_lock_mii(lp); + ret = axienet_device_reset(ndev); +- mutex_unlock(&lp->mii_bus->mdio_lock); ++ axienet_unlock_mii(lp); + + ret = phylink_of_phy_connect(lp->phylink, lp->dev->of_node, 0); + if (ret) { +@@ -1148,9 +1148,9 @@ static int axienet_stop(struct net_device *ndev) + } + + /* Do a reset to ensure DMA is really stopped */ +- mutex_lock(&lp->mii_bus->mdio_lock); ++ axienet_lock_mii(lp); + __axienet_device_reset(lp); +- mutex_unlock(&lp->mii_bus->mdio_lock); ++ axienet_unlock_mii(lp); + + cancel_work_sync(&lp->dma_err_task); + +@@ -1664,9 +1664,9 @@ static void axienet_dma_err_handler(struct work_struct *work) + * including the MDIO. MDIO must be disabled before resetting. + * Hold MDIO bus lock to avoid MDIO accesses during the reset. + */ +- mutex_lock(&lp->mii_bus->mdio_lock); ++ axienet_lock_mii(lp); + __axienet_device_reset(lp); +- mutex_unlock(&lp->mii_bus->mdio_lock); ++ axienet_unlock_mii(lp); + + for (i = 0; i < lp->tx_bd_num; i++) { + cur_p = &lp->tx_bd_v[i]; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch new file mode 100644 index 00000000000..1d5c7f374dd --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-dev.patch @@ -0,0 +1,38 @@ +From 8597d45bd915de777d49c21e296f275ecfb270b6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:46 -0400 +Subject: net: ieee802154: forbid monitor for add llsec dev + +From: Alexander Aring + +[ Upstream commit 5303f956b05a2886ff42890908156afaec0f95ac ] + +This patch forbids to add llsec dev for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-8-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 8a9019aa00c3..c8576dc0686d 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1768,6 +1768,9 @@ static int nl802154_add_llsec_dev(struct sk_buff *skb, struct genl_info *info) + struct wpan_dev *wpan_dev = dev->ieee802154_ptr; + struct ieee802154_llsec_device dev_desc; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (ieee802154_llsec_parse_device(info->attrs[NL802154_ATTR_SEC_DEVICE], + &dev_desc) < 0) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch new file mode 100644 index 00000000000..6f479c198c3 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch @@ -0,0 +1,38 @@ +From 103aee8f276b11fcb3abe79c866924b0b20925ac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:49 -0400 +Subject: net: ieee802154: forbid monitor for add llsec devkey + +From: Alexander Aring + +[ Upstream commit a347b3b394868fef15b16f143719df56184be81d ] + +This patch forbids to add llsec devkey for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-11-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 40022e137094..023c1e75daf9 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1920,6 +1920,9 @@ static int nl802154_add_llsec_devkey(struct sk_buff *skb, struct genl_info *info + struct ieee802154_llsec_device_key key; + __le64 extended_addr; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || + nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack) < 0) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-key.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-key.patch new file mode 100644 index 00000000000..f904f656290 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-key.patch @@ -0,0 +1,38 @@ +From d643a4db2d5ddd478bc988be45725135b5fbf82f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:43 -0400 +Subject: net: ieee802154: forbid monitor for add llsec key + +From: Alexander Aring + +[ Upstream commit 08470c5453339369bd3d590c4cbb0b5961cdcbb6 ] + +This patch forbids to add llsec key for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-5-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index a7cb28a78c6f..6036516ddb9e 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1557,6 +1557,9 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info) + struct ieee802154_llsec_key_id id = { }; + u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { }; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_KEY] || + nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack)) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch new file mode 100644 index 00000000000..34955065156 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch @@ -0,0 +1,38 @@ +From 81641d25be94fb173ae00950bf5a27a92c48ae45 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:52 -0400 +Subject: net: ieee802154: forbid monitor for add llsec seclevel + +From: Alexander Aring + +[ Upstream commit 9ec87e322428d4734ac647d1a8e507434086993d ] + +This patch forbids to add llsec seclevel for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-14-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 10fc37e45e2b..f0b47d43c9f6 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -2120,6 +2120,9 @@ static int nl802154_add_llsec_seclevel(struct sk_buff *skb, + struct wpan_dev *wpan_dev = dev->ieee802154_ptr; + struct ieee802154_llsec_seclevel sl; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (llsec_parse_seclevel(info->attrs[NL802154_ATTR_SEC_LEVEL], + &sl) < 0) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-dev.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-dev.patch new file mode 100644 index 00000000000..438507c6d01 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-dev.patch @@ -0,0 +1,38 @@ +From 84ff509abc6d20d1f7cc6c505de5f1f53437b1ba Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:47 -0400 +Subject: net: ieee802154: forbid monitor for del llsec dev + +From: Alexander Aring + +[ Upstream commit ad8f9de1f3566686af35b1c6b43240726541da61 ] + +This patch forbids to del llsec dev for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-9-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index c8576dc0686d..da4bd6bc4567 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1786,6 +1786,9 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info) + struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1]; + __le64 extended_addr; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_DEVICE] || + nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack)) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-devkey.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-devkey.patch new file mode 100644 index 00000000000..0700c29fbf4 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-devkey.patch @@ -0,0 +1,38 @@ +From 28606e11958acb8878bd21b15d3ce1f69b3bc2d0 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:50 -0400 +Subject: net: ieee802154: forbid monitor for del llsec devkey + +From: Alexander Aring + +[ Upstream commit 6fb8045319ef172dc88a8142e7f8b58c7608137e ] + +This patch forbids to del llsec devkey for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-12-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 023c1e75daf9..87dac717d197 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1954,6 +1954,9 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info + struct ieee802154_llsec_device_key key; + __le64 extended_addr; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] || + nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack)) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-key.patch b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-key.patch new file mode 100644 index 00000000000..6743f4ac836 --- /dev/null +++ b/queue-5.11/net-ieee802154-forbid-monitor-for-del-llsec-key.patch @@ -0,0 +1,38 @@ +From d2bba85ce6df40ec5b39ad926c995fe4c8420091 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:44 -0400 +Subject: net: ieee802154: forbid monitor for del llsec key + +From: Alexander Aring + +[ Upstream commit b6e2949544a183f590ae6f3ef2d1aaaa2c44e38a ] + +This patch forbids to del llsec key for monitor interfaces which we +don't support yet. Otherwise we will access llsec mib which isn't +initialized for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-6-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 6036516ddb9e..47c57347ab7f 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1609,6 +1609,9 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info) + struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1]; + struct ieee802154_llsec_key_id id; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) ++ return -EOPNOTSUPP; ++ + if (!info->attrs[NL802154_ATTR_SEC_KEY] || + nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack)) + return -EINVAL; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch b/queue-5.11/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch new file mode 100644 index 00000000000..31f52f6acf8 --- /dev/null +++ b/queue-5.11/net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch @@ -0,0 +1,40 @@ +From dd911ab89a19f1b7ffe1a483c39c769ab3ca79d9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:48 -0400 +Subject: net: ieee802154: stop dump llsec devkeys for monitors + +From: Alexander Aring + +[ Upstream commit 080d1a57a94d93e70f84b7a360baa351388c574f ] + +This patch stops dumping llsec devkeys for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-10-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index da4bd6bc4567..40022e137094 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1858,6 +1858,11 @@ nl802154_dump_llsec_devkey(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch b/queue-5.11/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch new file mode 100644 index 00000000000..9b06e993e71 --- /dev/null +++ b/queue-5.11/net-ieee802154-stop-dump-llsec-devs-for-monitors.patch @@ -0,0 +1,40 @@ +From b2f254ca22d1951da51fdcef61d15fbbff5899e9 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:45 -0400 +Subject: net: ieee802154: stop dump llsec devs for monitors + +From: Alexander Aring + +[ Upstream commit 5582d641e6740839c9b83efd1fbf9bcd00b6f5fc ] + +This patch stops dumping llsec devs for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-7-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 47c57347ab7f..8a9019aa00c3 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1677,6 +1677,11 @@ nl802154_dump_llsec_dev(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch b/queue-5.11/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch new file mode 100644 index 00000000000..e6791b1f9f0 --- /dev/null +++ b/queue-5.11/net-ieee802154-stop-dump-llsec-keys-for-monitors.patch @@ -0,0 +1,40 @@ +From 125b765d0ca29efda788e405029a691980586e44 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:42 -0400 +Subject: net: ieee802154: stop dump llsec keys for monitors + +From: Alexander Aring + +[ Upstream commit fb3c5cdf88cd504ef11d59e8d656f4bc896c6922 ] + +This patch stops dumping llsec keys for monitors which we don't support +yet. Otherwise we will access llsec mib which isn't initialized for +monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-4-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index d1b6a9665b17..a7cb28a78c6f 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -1498,6 +1498,11 @@ nl802154_dump_llsec_key(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-5.11/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch b/queue-5.11/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch new file mode 100644 index 00000000000..93f517af325 --- /dev/null +++ b/queue-5.11/net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch @@ -0,0 +1,40 @@ +From 6f409f3379444ce9e52f8143fd8bb22168f0f859 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 4 Apr 2021 20:30:51 -0400 +Subject: net: ieee802154: stop dump llsec seclevels for monitors + +From: Alexander Aring + +[ Upstream commit 4c9b4f55ad1f5a4b6206ac4ea58f273126d21925 ] + +This patch stops dumping llsec seclevels for monitors which we don't +support yet. Otherwise we will access llsec mib which isn't initialized +for monitors. + +Signed-off-by: Alexander Aring +Link: https://lore.kernel.org/r/20210405003054.256017-13-aahringo@redhat.com +Signed-off-by: Stefan Schmidt +Signed-off-by: Sasha Levin +--- + net/ieee802154/nl802154.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c +index 87dac717d197..10fc37e45e2b 100644 +--- a/net/ieee802154/nl802154.c ++++ b/net/ieee802154/nl802154.c +@@ -2031,6 +2031,11 @@ nl802154_dump_llsec_seclevel(struct sk_buff *skb, struct netlink_callback *cb) + if (err) + return err; + ++ if (wpan_dev->iftype == NL802154_IFTYPE_MONITOR) { ++ err = skb->len; ++ goto out_err; ++ } ++ + if (!wpan_dev->netdev) { + err = -EINVAL; + goto out_err; +-- +2.30.2 + diff --git a/queue-5.11/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch b/queue-5.11/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch new file mode 100644 index 00000000000..aea324d86c5 --- /dev/null +++ b/queue-5.11/net-rds-avoid-potential-use-after-free-in-rds_send_r.patch @@ -0,0 +1,50 @@ +From 649dbab00420f7e525a2eb84b7743a32d9ac02cb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 6 Apr 2021 19:09:12 -0500 +Subject: net/rds: Avoid potential use after free in rds_send_remove_from_sock + +From: Aditya Pakki + +[ Upstream commit 0c85a7e87465f2d4cbc768e245f4f45b2f299b05 ] + +In case of rs failure in rds_send_remove_from_sock(), the 'rm' resource +is freed and later under spinlock, causing potential use-after-free. +Set the free pointer to NULL to avoid undefined behavior. + +Signed-off-by: Aditya Pakki +Acked-by: Santosh Shilimkar +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/rds/message.c | 1 + + net/rds/send.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/rds/message.c b/net/rds/message.c +index 799034e0f513..4fc66ff0f1ec 100644 +--- a/net/rds/message.c ++++ b/net/rds/message.c +@@ -180,6 +180,7 @@ void rds_message_put(struct rds_message *rm) + rds_message_purge(rm); + + kfree(rm); ++ rm = NULL; + } + } + EXPORT_SYMBOL_GPL(rds_message_put); +diff --git a/net/rds/send.c b/net/rds/send.c +index 985d0b7713ac..fe5264b9d4b3 100644 +--- a/net/rds/send.c ++++ b/net/rds/send.c +@@ -665,7 +665,7 @@ static void rds_send_remove_from_sock(struct list_head *messages, int status) + unlock_and_drop: + spin_unlock_irqrestore(&rm->m_rs_lock, flags); + rds_message_put(rm); +- if (was_on_sock) ++ if (was_on_sock && rm) + rds_message_put(rm); + } + +-- +2.30.2 + diff --git a/queue-5.11/net-tipc-fix-spelling-errors-in-net-tipc-module.patch b/queue-5.11/net-tipc-fix-spelling-errors-in-net-tipc-module.patch new file mode 100644 index 00000000000..0dbf398cd77 --- /dev/null +++ b/queue-5.11/net-tipc-fix-spelling-errors-in-net-tipc-module.patch @@ -0,0 +1,67 @@ +From 521fbd72eeb2eb40d310291515c6b65137896500 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 7 Apr 2021 09:59:45 +0800 +Subject: net: tipc: Fix spelling errors in net/tipc module + +From: Zheng Yongjun + +[ Upstream commit a79ace4b312953c5835fafb12adc3cb6878b26bd ] + +These patches fix a series of spelling errors in net/tipc module. + +Reported-by: Hulk Robot +Signed-off-by: Zheng Yongjun +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/tipc/bearer.h | 6 +++--- + net/tipc/net.c | 2 +- + net/tipc/node.c | 2 +- + 3 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/net/tipc/bearer.h b/net/tipc/bearer.h +index 6bf4550aa1ac..57c6a1a719e2 100644 +--- a/net/tipc/bearer.h ++++ b/net/tipc/bearer.h +@@ -154,9 +154,9 @@ struct tipc_media { + * care of initializing all other fields. + */ + struct tipc_bearer { +- void __rcu *media_ptr; /* initalized by media */ +- u32 mtu; /* initalized by media */ +- struct tipc_media_addr addr; /* initalized by media */ ++ void __rcu *media_ptr; /* initialized by media */ ++ u32 mtu; /* initialized by media */ ++ struct tipc_media_addr addr; /* initialized by media */ + char name[TIPC_MAX_BEARER_NAME]; + struct tipc_media *media; + struct tipc_media_addr bcast_addr; +diff --git a/net/tipc/net.c b/net/tipc/net.c +index a129f661bee3..faf6bf554514 100644 +--- a/net/tipc/net.c ++++ b/net/tipc/net.c +@@ -89,7 +89,7 @@ + * - A spin lock to protect the registry of kernel/driver users (reg.c) + * - A global spin_lock (tipc_port_lock), which only task is to ensure + * consistency where more than one port is involved in an operation, +- * i.e., whe a port is part of a linked list of ports. ++ * i.e., when a port is part of a linked list of ports. + * There are two such lists; 'port_list', which is used for management, + * and 'wait_list', which is used to queue ports during congestion. + * +diff --git a/net/tipc/node.c b/net/tipc/node.c +index 136338b85504..e0ee83263a39 100644 +--- a/net/tipc/node.c ++++ b/net/tipc/node.c +@@ -1734,7 +1734,7 @@ int tipc_node_xmit(struct net *net, struct sk_buff_head *list, + } + + /* tipc_node_xmit_skb(): send single buffer to destination +- * Buffers sent via this functon are generally TIPC_SYSTEM_IMPORTANCE ++ * Buffers sent via this function are generally TIPC_SYSTEM_IMPORTANCE + * messages, which will not be rejected + * The only exception is datagram messages rerouted after secondary + * lookup, which are rare and safe to dispose of anyway. +-- +2.30.2 + diff --git a/queue-5.11/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch b/queue-5.11/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch new file mode 100644 index 00000000000..1dc47f0c6aa --- /dev/null +++ b/queue-5.11/pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch @@ -0,0 +1,54 @@ +From 2b86e5154bfdd4c060213e9a772f295846e99551 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 5 Apr 2021 21:29:22 -0700 +Subject: pcnet32: Use pci_resource_len to validate PCI resource + +From: Guenter Roeck + +[ Upstream commit 66c3f05ddc538ee796321210c906b6ae6fc0792a ] + +pci_resource_start() is not a good indicator to determine if a PCI +resource exists or not, since the resource may start at address 0. +This is seen when trying to instantiate the driver in qemu for riscv32 +or riscv64. + +pci 0000:00:01.0: reg 0x10: [io 0x0000-0x001f] +pci 0000:00:01.0: reg 0x14: [mem 0x00000000-0x0000001f] +... +pcnet32: card has no PCI IO resources, aborting + +Use pci_resouce_len() instead. + +Signed-off-by: Guenter Roeck +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + drivers/net/ethernet/amd/pcnet32.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/amd/pcnet32.c b/drivers/net/ethernet/amd/pcnet32.c +index 187b0b9a6e1d..f78daba60b35 100644 +--- a/drivers/net/ethernet/amd/pcnet32.c ++++ b/drivers/net/ethernet/amd/pcnet32.c +@@ -1534,8 +1534,7 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent) + } + pci_set_master(pdev); + +- ioaddr = pci_resource_start(pdev, 0); +- if (!ioaddr) { ++ if (!pci_resource_len(pdev, 0)) { + if (pcnet32_debug & NETIF_MSG_PROBE) + pr_err("card has no PCI IO resources, aborting\n"); + err = -ENODEV; +@@ -1548,6 +1547,8 @@ pcnet32_probe_pci(struct pci_dev *pdev, const struct pci_device_id *ent) + pr_err("architecture does not support 32bit PCI busmaster DMA\n"); + goto err_disable_dev; + } ++ ++ ioaddr = pci_resource_start(pdev, 0); + if (!request_region(ioaddr, PCNET32_TOTAL_SIZE, "pcnet32_probe_pci")) { + if (pcnet32_debug & NETIF_MSG_PROBE) + pr_err("io address range already allocated\n"); +-- +2.30.2 + diff --git a/queue-5.11/powerpc-signal32-fix-oops-on-sigreturn-with-unmapped.patch b/queue-5.11/powerpc-signal32-fix-oops-on-sigreturn-with-unmapped.patch new file mode 100644 index 00000000000..f66eb0efd89 --- /dev/null +++ b/queue-5.11/powerpc-signal32-fix-oops-on-sigreturn-with-unmapped.patch @@ -0,0 +1,155 @@ +From 24f32be00eef7f223464409a64ab7d39e2e50ea6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 31 Mar 2021 14:07:04 +0000 +Subject: powerpc/signal32: Fix Oops on sigreturn with unmapped VDSO + +From: Christophe Leroy + +[ Upstream commit acca57217c688c5bbbd5140974533d81e8757cc9 ] + +PPC32 encounters a KUAP fault when trying to handle a signal with +VDSO unmapped. + + Kernel attempted to read user page (7fc07ec0) - exploit attempt? (uid: 0) + BUG: Unable to handle kernel data access on read at 0x7fc07ec0 + Faulting instruction address: 0xc00111d4 + Oops: Kernel access of bad area, sig: 11 [#1] + BE PAGE_SIZE=16K PREEMPT CMPC885 + CPU: 0 PID: 353 Comm: sigreturn_vdso Not tainted 5.12.0-rc4-s3k-dev-01553-gb30c310ea220 #4814 + NIP: c00111d4 LR: c0005a28 CTR: 00000000 + REGS: cadb3dd0 TRAP: 0300 Not tainted (5.12.0-rc4-s3k-dev-01553-gb30c310ea220) + MSR: 00009032 CR: 48000884 XER: 20000000 + DAR: 7fc07ec0 DSISR: 88000000 + GPR00: c0007788 cadb3e90 c28d4a40 7fc07ec0 7fc07ed0 000004e0 7fc07ce0 00000000 + GPR08: 00000001 00000001 7fc07ec0 00000000 28000282 1001b828 100a0920 00000000 + GPR16: 100cac0c 100b0000 105c43a4 105c5685 100d0000 100d0000 100d0000 100b2e9e + GPR24: ffffffff 105c43c8 00000000 7fc07ec8 cadb3f40 cadb3ec8 c28d4a40 00000000 + NIP [c00111d4] flush_icache_range+0x90/0xb4 + LR [c0005a28] handle_signal32+0x1bc/0x1c4 + Call Trace: + [cadb3e90] [100d0000] 0x100d0000 (unreliable) + [cadb3ec0] [c0007788] do_notify_resume+0x260/0x314 + [cadb3f20] [c000c764] syscall_exit_prepare+0x120/0x184 + [cadb3f30] [c00100b4] ret_from_syscall+0xc/0x28 + --- interrupt: c00 at 0xfe807f8 + NIP: 0fe807f8 LR: 10001060 CTR: c0139378 + REGS: cadb3f40 TRAP: 0c00 Not tainted (5.12.0-rc4-s3k-dev-01553-gb30c310ea220) + MSR: 0000d032 CR: 28000482 XER: 20000000 + + GPR00: 00000025 7fc081c0 77bb1690 00000000 0000000a 28000482 00000001 0ff03a38 + GPR08: 0000d032 00006de5 c28d4a40 00000009 88000482 1001b828 100a0920 00000000 + GPR16: 100cac0c 100b0000 105c43a4 105c5685 100d0000 100d0000 100d0000 100b2e9e + GPR24: ffffffff 105c43c8 00000000 77ba7628 10002398 10010000 10002124 00024000 + NIP [0fe807f8] 0xfe807f8 + LR [10001060] 0x10001060 + --- interrupt: c00 + Instruction dump: + 38630010 7c001fac 38630010 4200fff0 7c0004ac 4c00012c 4e800020 7c001fac + 2c0a0000 38630010 4082ffcc 4bffffe4 <7c00186c> 2c070000 39430010 4082ff8c + ---[ end trace 3973fb72b049cb06 ]--- + +This is because flush_icache_range() is called on user addresses. + +The same problem was detected some time ago on PPC64. It was fixed by +enabling KUAP in commit 59bee45b9712 ("powerpc/mm: Fix missing KUAP +disable in flush_coherent_icache()"). + +PPC32 doesn't use flush_coherent_icache() and fallbacks on +clean_dcache_range() and invalidate_icache_range(). + +We could fix it similarly by enabling user access in those functions, +but this is overkill for just flushing two instructions. + +The two instructions are 8 bytes aligned, so a single dcbst/icbi is +enough to flush them. Do like __patch_instruction() and inline +a dcbst followed by an icbi just after the write of the instructions, +while user access is still allowed. The isync is not required because +rfi will be used to return to user. + +icbi() is handled as a read so read-write user access is needed. + +Signed-off-by: Christophe Leroy +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/bde9154e5351a5ac7bca3d59cdb5a5e8edacbb79.1617199569.git.christophe.leroy@csgroup.eu +Signed-off-by: Sasha Levin +--- + arch/powerpc/kernel/signal_32.c | 20 ++++++++------------ + 1 file changed, 8 insertions(+), 12 deletions(-) + +diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c +index 934cbdf6dd10..30eddc69c9cf 100644 +--- a/arch/powerpc/kernel/signal_32.c ++++ b/arch/powerpc/kernel/signal_32.c +@@ -775,7 +775,7 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, + else + prepare_save_user_regs(1); + +- if (!user_write_access_begin(frame, sizeof(*frame))) ++ if (!user_access_begin(frame, sizeof(*frame))) + goto badframe; + + /* Put the siginfo & fill in most of the ucontext */ +@@ -809,17 +809,15 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, + unsafe_put_user(PPC_INST_ADDI + __NR_rt_sigreturn, &mctx->mc_pad[0], + failed); + unsafe_put_user(PPC_INST_SC, &mctx->mc_pad[1], failed); ++ asm("dcbst %y0; sync; icbi %y0; sync" :: "Z" (mctx->mc_pad[0])); + } + unsafe_put_sigset_t(&frame->uc.uc_sigmask, oldset, failed); + +- user_write_access_end(); ++ user_access_end(); + + if (copy_siginfo_to_user(&frame->info, &ksig->info)) + goto badframe; + +- if (tramp == (unsigned long)mctx->mc_pad) +- flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long)); +- + regs->link = tramp; + + #ifdef CONFIG_PPC_FPU_REGS +@@ -844,7 +842,7 @@ int handle_rt_signal32(struct ksignal *ksig, sigset_t *oldset, + return 0; + + failed: +- user_write_access_end(); ++ user_access_end(); + + badframe: + signal_fault(tsk, regs, "handle_rt_signal32", frame); +@@ -879,7 +877,7 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, + else + prepare_save_user_regs(1); + +- if (!user_write_access_begin(frame, sizeof(*frame))) ++ if (!user_access_begin(frame, sizeof(*frame))) + goto badframe; + sc = (struct sigcontext __user *) &frame->sctx; + +@@ -908,11 +906,9 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, + /* Set up the sigreturn trampoline: li r0,sigret; sc */ + unsafe_put_user(PPC_INST_ADDI + __NR_sigreturn, &mctx->mc_pad[0], failed); + unsafe_put_user(PPC_INST_SC, &mctx->mc_pad[1], failed); ++ asm("dcbst %y0; sync; icbi %y0; sync" :: "Z" (mctx->mc_pad[0])); + } +- user_write_access_end(); +- +- if (tramp == (unsigned long)mctx->mc_pad) +- flush_icache_range(tramp, tramp + 2 * sizeof(unsigned long)); ++ user_access_end(); + + regs->link = tramp; + +@@ -934,7 +930,7 @@ int handle_signal32(struct ksignal *ksig, sigset_t *oldset, + return 0; + + failed: +- user_write_access_end(); ++ user_access_end(); + + badframe: + signal_fault(tsk, regs, "handle_signal32", frame); +-- +2.30.2 + diff --git a/queue-5.11/remoteproc-pru-fix-loading-of-gnu-binutils-elf.patch b/queue-5.11/remoteproc-pru-fix-loading-of-gnu-binutils-elf.patch new file mode 100644 index 00000000000..8e8cd85762b --- /dev/null +++ b/queue-5.11/remoteproc-pru-fix-loading-of-gnu-binutils-elf.patch @@ -0,0 +1,57 @@ +From 3af86613ff5de8c46804c96754048104eecae55c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 30 Dec 2020 12:50:05 +0200 +Subject: remoteproc: pru: Fix loading of GNU Binutils ELF + +From: Dimitar Dimitrov + +[ Upstream commit e6d9423d31b2f9bdd0220fd0584e3bb6ed2c4e52 ] + +PRU port of GNU Binutils lacks support for separate address spaces. +PRU IRAM addresses are marked with artificial offset to differentiate +them from DRAM addresses. Hence remoteproc must mask IRAM addresses +coming from GNU ELF in order to get the true hardware address. + +PRU firmware used for testing was the example in: + https://github.com/dinuxbg/pru-gcc-examples/tree/master/blinking-led/pru + +Signed-off-by: Dimitar Dimitrov +Link: https://lore.kernel.org/r/20201230105005.30492-1-dimitar@dinux.eu +Signed-off-by: Bjorn Andersson +Signed-off-by: Sasha Levin +--- + drivers/remoteproc/pru_rproc.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/drivers/remoteproc/pru_rproc.c b/drivers/remoteproc/pru_rproc.c +index 16979c1cd2f4..dcb380e868df 100644 +--- a/drivers/remoteproc/pru_rproc.c ++++ b/drivers/remoteproc/pru_rproc.c +@@ -450,6 +450,24 @@ static void *pru_i_da_to_va(struct pru_rproc *pru, u32 da, size_t len) + if (len == 0) + return NULL; + ++ /* ++ * GNU binutils do not support multiple address spaces. The GNU ++ * linker's default linker script places IRAM at an arbitrary high ++ * offset, in order to differentiate it from DRAM. Hence we need to ++ * strip the artificial offset in the IRAM addresses coming from the ++ * ELF file. ++ * ++ * The TI proprietary linker would never set those higher IRAM address ++ * bits anyway. PRU architecture limits the program counter to 16-bit ++ * word-address range. This in turn corresponds to 18-bit IRAM ++ * byte-address range for ELF. ++ * ++ * Two more bits are added just in case to make the final 20-bit mask. ++ * Idea is to have a safeguard in case TI decides to add banking ++ * in future SoCs. ++ */ ++ da &= 0xfffff; ++ + if (da >= PRU_IRAM_DA && + da + len <= PRU_IRAM_DA + pru->mem_regions[PRU_IOMEM_IRAM].size) { + offset = da - PRU_IRAM_DA; +-- +2.30.2 + diff --git a/queue-5.11/scsi-scsi_transport_srp-don-t-block-target-in-srp_po.patch b/queue-5.11/scsi-scsi_transport_srp-don-t-block-target-in-srp_po.patch new file mode 100644 index 00000000000..2057608d0c6 --- /dev/null +++ b/queue-5.11/scsi-scsi_transport_srp-don-t-block-target-in-srp_po.patch @@ -0,0 +1,52 @@ +From e97204ba23552aa807ee14ecad2c29fd57bc2ce8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 1 Apr 2021 11:11:05 +0200 +Subject: scsi: scsi_transport_srp: Don't block target in SRP_PORT_LOST state + +From: Martin Wilck + +[ Upstream commit 5cd0f6f57639c5afbb36100c69281fee82c95ee7 ] + +rport_dev_loss_timedout() sets the rport state to SRP_PORT_LOST and the +SCSI target state to SDEV_TRANSPORT_OFFLINE. If this races with +srp_reconnect_work(), a warning is printed: + +Mar 27 18:48:07 ictm1604s01h4 kernel: dev_loss_tmo expired for SRP port-18:1 / host18. +Mar 27 18:48:07 ictm1604s01h4 kernel: ------------[ cut here ]------------ +Mar 27 18:48:07 ictm1604s01h4 kernel: scsi_internal_device_block(18:0:0:100) failed: ret = -22 +Mar 27 18:48:07 ictm1604s01h4 kernel: Call Trace: +Mar 27 18:48:07 ictm1604s01h4 kernel: ? scsi_target_unblock+0x50/0x50 [scsi_mod] +Mar 27 18:48:07 ictm1604s01h4 kernel: starget_for_each_device+0x80/0xb0 [scsi_mod] +Mar 27 18:48:07 ictm1604s01h4 kernel: target_block+0x24/0x30 [scsi_mod] +Mar 27 18:48:07 ictm1604s01h4 kernel: device_for_each_child+0x57/0x90 +Mar 27 18:48:07 ictm1604s01h4 kernel: srp_reconnect_rport+0xe4/0x230 [scsi_transport_srp] +Mar 27 18:48:07 ictm1604s01h4 kernel: srp_reconnect_work+0x40/0xc0 [scsi_transport_srp] + +Avoid this by not trying to block targets for rports in SRP_PORT_LOST +state. + +Link: https://lore.kernel.org/r/20210401091105.8046-1-mwilck@suse.com +Reviewed-by: Bart Van Assche +Signed-off-by: Martin Wilck +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/scsi_transport_srp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c +index 1e939a2a387f..98a34ed10f1a 100644 +--- a/drivers/scsi/scsi_transport_srp.c ++++ b/drivers/scsi/scsi_transport_srp.c +@@ -541,7 +541,7 @@ int srp_reconnect_rport(struct srp_rport *rport) + res = mutex_lock_interruptible(&rport->mutex); + if (res) + goto out; +- if (rport->state != SRP_RPORT_FAIL_FAST) ++ if (rport->state != SRP_RPORT_FAIL_FAST && rport->state != SRP_RPORT_LOST) + /* + * sdev state must be SDEV_TRANSPORT_OFFLINE, transition + * to SDEV_BLOCK is illegal. Calling scsi_target_unblock() +-- +2.30.2 + diff --git a/queue-5.11/series b/queue-5.11/series new file mode 100644 index 00000000000..a95e62e45ff --- /dev/null +++ b/queue-5.11/series @@ -0,0 +1,54 @@ +amd_sfh-removed-unused-activecontrolstatus-member-fr.patch +amd_sfh-add-sensor_mask-module-parameter.patch +amd_sfh-add-dmi-quirk-table-for-bios-es-which-don-t-.patch +mtd-rawnand-mtk-fix-waitrdy-break-condition-and-time.patch +input-nspire-keypad-enable-interrupts-only-when-open.patch +gpio-sysfs-obey-valid_mask.patch +dmaengine-idxd-fix-clobbering-of-swerr-overflow-bit-.patch +dmaengine-idxd-fix-delta_rec-and-crc-size-field-for-.patch +dmaengine-idxd-fix-opcap-sysfs-attribute-output.patch +dmaengine-idxd-fix-wq-size-store-permission-state.patch +dmaengine-dw-make-it-dependent-to-has_iomem.patch +dmaengine-fix-a-double-free-in-dma_async_device_regi.patch +dmaengine-plx_dma-add-a-missing-put_device-on-error-.patch +dmaengine-idxd-clear-msix-permission-entry-on-shutdo.patch +dmaengine-idxd-fix-wq-cleanup-of-wqcfg-registers.patch +acpi-x86-call-acpi_boot_table_init-after-acpi_table_.patch +arm-dts-drop-duplicate-sha2md5_fck-to-fix-clk_disabl.patch +arm-dts-fix-moving-mmc-devices-with-aliases-for-omap.patch +remoteproc-pru-fix-loading-of-gnu-binutils-elf.patch +lockdep-add-a-missing-initialization-hint-to-the-inf.patch +arc-kernel-return-efault-if-copy_to_user-fails.patch +iwlwifi-fix-softirq-hardirq-disabling-in-iwl_pcie_en.patch +xfrm-beet-mode-doesn-t-support-fragments-for-inner-p.patch +asoc-max98373-changed-amp-shutdown-register-as-volat.patch +asoc-max98373-added-30ms-turn-on-off-time-delay.patch +net-axienet-allow-setups-without-mdio.patch +gpu-xen-fix-a-use-after-free-in-xen_drm_drv_init.patch +bpf-take-module-reference-for-trampoline-in-module.patch +neighbour-disregard-dead-dst-in-neigh_update.patch +powerpc-signal32-fix-oops-on-sigreturn-with-unmapped.patch +arm-keystone-fix-integer-overflow-warning.patch +arm-omap1-fix-building-with-clang-ias.patch +drm-msm-fix-a5xx-a6xx-timestamps.patch +asoc-fsl_esai-fix-tdm-slot-setup-for-i2s-mode.patch +scsi-scsi_transport_srp-don-t-block-target-in-srp_po.patch +iwlwifi-add-support-for-qu-with-ax201-device.patch +net-ieee802154-stop-dump-llsec-keys-for-monitors.patch +net-ieee802154-forbid-monitor-for-add-llsec-key.patch +net-ieee802154-forbid-monitor-for-del-llsec-key.patch +net-ieee802154-stop-dump-llsec-devs-for-monitors.patch +net-ieee802154-forbid-monitor-for-add-llsec-dev.patch +net-ieee802154-forbid-monitor-for-del-llsec-dev.patch +net-ieee802154-stop-dump-llsec-devkeys-for-monitors.patch +net-ieee802154-forbid-monitor-for-add-llsec-devkey.patch +net-ieee802154-forbid-monitor-for-del-llsec-devkey.patch +net-ieee802154-stop-dump-llsec-seclevels-for-monitor.patch +net-ieee802154-forbid-monitor-for-add-llsec-seclevel.patch +pcnet32-use-pci_resource_len-to-validate-pci-resourc.patch +net-rds-avoid-potential-use-after-free-in-rds_send_r.patch +net-tipc-fix-spelling-errors-in-net-tipc-module.patch +drm-amd-display-add-missing-mask-for-dcn3.patch +mac80211-clear-sta-fast_rx-when-sta-removed-from-4-a.patch +virt_wifi-return-micros-for-bss-tsf-values.patch +lib-fix-kconfig-dependency-on-arch_want_frame_pointe.patch diff --git a/queue-5.11/virt_wifi-return-micros-for-bss-tsf-values.patch b/queue-5.11/virt_wifi-return-micros-for-bss-tsf-values.patch new file mode 100644 index 00000000000..adcab07d19c --- /dev/null +++ b/queue-5.11/virt_wifi-return-micros-for-bss-tsf-values.patch @@ -0,0 +1,50 @@ +From 8317104988595f22e275c0b7a55207cb00aee9ea Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 18 Mar 2021 13:04:19 -0700 +Subject: virt_wifi: Return micros for BSS TSF values + +From: A. Cody Schuffelen + +[ Upstream commit b57aa17f07c9270e576ef7df09f142978b5a75f0 ] + +cfg80211_inform_bss expects to receive a TSF value, but is given the +time since boot in nanoseconds. TSF values are expected to be at +microsecond scale rather than nanosecond scale. + +Signed-off-by: A. Cody Schuffelen +Link: https://lore.kernel.org/r/20210318200419.1421034-1-schuffelen@google.com +Signed-off-by: Johannes Berg +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/virt_wifi.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wireless/virt_wifi.c b/drivers/net/wireless/virt_wifi.c +index c878097f0dda..1df959532c7d 100644 +--- a/drivers/net/wireless/virt_wifi.c ++++ b/drivers/net/wireless/virt_wifi.c +@@ -12,6 +12,7 @@ + #include + #include + #include ++#include + #include + + static struct wiphy *common_wiphy; +@@ -168,11 +169,11 @@ static void virt_wifi_scan_result(struct work_struct *work) + scan_result.work); + struct wiphy *wiphy = priv_to_wiphy(priv); + struct cfg80211_scan_info scan_info = { .aborted = false }; ++ u64 tsf = div_u64(ktime_get_boottime_ns(), 1000); + + informed_bss = cfg80211_inform_bss(wiphy, &channel_5ghz, + CFG80211_BSS_FTYPE_PRESP, +- fake_router_bssid, +- ktime_get_boottime_ns(), ++ fake_router_bssid, tsf, + WLAN_CAPABILITY_ESS, 0, + (void *)&ssid, sizeof(ssid), + DBM_TO_MBM(-50), GFP_KERNEL); +-- +2.30.2 + diff --git a/queue-5.11/xfrm-beet-mode-doesn-t-support-fragments-for-inner-p.patch b/queue-5.11/xfrm-beet-mode-doesn-t-support-fragments-for-inner-p.patch new file mode 100644 index 00000000000..190ab0134e3 --- /dev/null +++ b/queue-5.11/xfrm-beet-mode-doesn-t-support-fragments-for-inner-p.patch @@ -0,0 +1,64 @@ +From 31579f83146bacacc825537c897aebd321877b6f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 19 Mar 2021 18:27:58 +0800 +Subject: xfrm: BEET mode doesn't support fragments for inner packets + +From: Xin Long + +[ Upstream commit 68dc022d04eb0fd60a540e242dcb11ec1bee07e2 ] + +BEET mode replaces the IP(6) Headers with new IP(6) Headers when sending +packets. However, when it's a fragment before the replacement, currently +kernel keeps the fragment flag and replace the address field then encaps +it with ESP. It would cause in RX side the fragments to get reassembled +before decapping with ESP, which is incorrect. + +In Xiumei's testing, these fragments went over an xfrm interface and got +encapped with ESP in the device driver, and the traffic was broken. + +I don't have a good way to fix it, but only to warn this out in dmesg. + +Reported-by: Xiumei Mu +Signed-off-by: Xin Long +Signed-off-by: Steffen Klassert +Signed-off-by: Sasha Levin +--- + net/xfrm/xfrm_output.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c +index b81ca117dac7..e4cb0ff4dcf4 100644 +--- a/net/xfrm/xfrm_output.c ++++ b/net/xfrm/xfrm_output.c +@@ -660,6 +660,12 @@ static int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb) + { + int err; + ++ if (x->outer_mode.encap == XFRM_MODE_BEET && ++ ip_is_fragment(ip_hdr(skb))) { ++ net_warn_ratelimited("BEET mode doesn't support inner IPv4 fragments\n"); ++ return -EAFNOSUPPORT; ++ } ++ + err = xfrm4_tunnel_check_size(skb); + if (err) + return err; +@@ -705,8 +711,15 @@ out: + static int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb) + { + #if IS_ENABLED(CONFIG_IPV6) ++ unsigned int ptr = 0; + int err; + ++ if (x->outer_mode.encap == XFRM_MODE_BEET && ++ ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL, NULL) >= 0) { ++ net_warn_ratelimited("BEET mode doesn't support inner IPv6 fragments\n"); ++ return -EAFNOSUPPORT; ++ } ++ + err = xfrm6_tunnel_check_size(skb); + if (err) + return err; +-- +2.30.2 +