From: Greg Kroah-Hartman Date: Mon, 22 Aug 2022 13:04:43 +0000 (+0200) Subject: 4.14-stable patches X-Git-Tag: v4.9.326~39 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=923ee0d989ad5dfa2fb27df72d70b823e1725c15;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch igb-add-lock-to-avoid-data-race.patch netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch powerpc-pci-fix-get_phb_number-locking.patch --- diff --git a/queue-4.14/fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch b/queue-4.14/fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch new file mode 100644 index 00000000000..4e3918ff0e6 --- /dev/null +++ b/queue-4.14/fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch @@ -0,0 +1,39 @@ +From 61d5e2a251fb20c2c5e998c3f1d52ed6d5360319 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Cs=C3=B3k=C3=A1s=20Bence?= +Date: Thu, 11 Aug 2022 12:13:49 +0200 +Subject: fec: Fix timer capture timing in `fec_ptp_enable_pps()` +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Csókás Bence + +commit 61d5e2a251fb20c2c5e998c3f1d52ed6d5360319 upstream. + +Code reimplements functionality already in `fec_ptp_read()`, +but misses check for FEC_QUIRK_BUG_CAPTURE. Replace with function call. + +Fixes: 28b5f058cf1d ("net: fec: ptp: fix convergence issue to support LinuxPTP stack") +Signed-off-by: Csókás Bence +Link: https://lore.kernel.org/r/20220811101348.13755-1-csokas.bence@prolan.hu +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/freescale/fec_ptp.c | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +--- a/drivers/net/ethernet/freescale/fec_ptp.c ++++ b/drivers/net/ethernet/freescale/fec_ptp.c +@@ -155,11 +155,7 @@ static int fec_ptp_enable_pps(struct fec + * NSEC_PER_SEC - ts.tv_nsec. Add the remaining nanoseconds + * to current timer would be next second. + */ +- tempval = readl(fep->hwp + FEC_ATIME_CTRL); +- tempval |= FEC_T_CTRL_CAPTURE; +- writel(tempval, fep->hwp + FEC_ATIME_CTRL); +- +- tempval = readl(fep->hwp + FEC_ATIME); ++ tempval = fep->cc.read(&fep->cc); + /* Convert the ptp local counter to 1588 timestamp */ + ns = timecounter_cyc2time(&fep->tc, tempval); + ts = ns_to_timespec64(ns); diff --git a/queue-4.14/i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch b/queue-4.14/i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch new file mode 100644 index 00000000000..a78cbe95793 --- /dev/null +++ b/queue-4.14/i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch @@ -0,0 +1,42 @@ +From 57c942bc3bef0970f0b21f8e0998e76a900ea80d Mon Sep 17 00:00:00 2001 +From: Alan Brady +Date: Tue, 2 Aug 2022 10:19:17 +0200 +Subject: i40e: Fix to stop tx_timeout recovery if GLOBR fails + +From: Alan Brady + +commit 57c942bc3bef0970f0b21f8e0998e76a900ea80d upstream. + +When a tx_timeout fires, the PF attempts to recover by incrementally +resetting. First we try a PFR, then CORER and finally a GLOBR. If the +GLOBR fails, then we keep hitting the tx_timeout and incrementing the +recovery level and issuing dmesgs, which is both annoying to the user +and accomplishes nothing. + +If the GLOBR fails, then we're pretty much totally hosed, and there's +not much else we can do to recover, so this makes it such that we just +kill the VSI and stop hitting the tx_timeout in such a case. + +Fixes: 41c445ff0f48 ("i40e: main driver core") +Signed-off-by: Alan Brady +Signed-off-by: Mateusz Palczewski +Tested-by: Gurucharan (A Contingent worker at Intel) +Signed-off-by: Tony Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_main.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/i40e/i40e_main.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_main.c +@@ -405,7 +405,9 @@ static void i40e_tx_timeout(struct net_d + set_bit(__I40E_GLOBAL_RESET_REQUESTED, pf->state); + break; + default: +- netdev_err(netdev, "tx_timeout recovery unsuccessful\n"); ++ netdev_err(netdev, "tx_timeout recovery unsuccessful, device is in non-recoverable state.\n"); ++ set_bit(__I40E_DOWN_REQUESTED, pf->state); ++ set_bit(__I40E_VSI_DOWN_REQUESTED, vsi->state); + break; + } + diff --git a/queue-4.14/igb-add-lock-to-avoid-data-race.patch b/queue-4.14/igb-add-lock-to-avoid-data-race.patch new file mode 100644 index 00000000000..781a7598259 --- /dev/null +++ b/queue-4.14/igb-add-lock-to-avoid-data-race.patch @@ -0,0 +1,126 @@ +From 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 Mon Sep 17 00:00:00 2001 +From: Lin Ma +Date: Wed, 17 Aug 2022 11:49:21 -0700 +Subject: igb: Add lock to avoid data race + +From: Lin Ma + +commit 6faee3d4ee8be0f0367d0c3d826afb3571b7a5e0 upstream. + +The commit c23d92b80e0b ("igb: Teardown SR-IOV before +unregister_netdev()") places the unregister_netdev() call after the +igb_disable_sriov() call to avoid functionality issue. + +However, it introduces several race conditions when detaching a device. +For example, when .remove() is called, the below interleaving leads to +use-after-free. + + (FREE from device detaching) | (USE from netdev core) +igb_remove | igb_ndo_get_vf_config + igb_disable_sriov | vf >= adapter->vfs_allocated_count? + kfree(adapter->vf_data) | + adapter->vfs_allocated_count = 0 | + | memcpy(... adapter->vf_data[vf] + +Moreover, the igb_disable_sriov() also suffers from data race with the +requests from VF driver. + + (FREE from device detaching) | (USE from requests) +igb_remove | igb_msix_other + igb_disable_sriov | igb_msg_task + kfree(adapter->vf_data) | vf < adapter->vfs_allocated_count + adapter->vfs_allocated_count = 0 | + +To this end, this commit first eliminates the data races from netdev +core by using rtnl_lock (similar to commit 719479230893 ("dpaa2-eth: add +MAC/PHY support through phylink")). And then adds a spinlock to +eliminate races from driver requests. (similar to commit 1e53834ce541 +("ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero") + +Fixes: c23d92b80e0b ("igb: Teardown SR-IOV before unregister_netdev()") +Signed-off-by: Lin Ma +Tested-by: Konrad Jankowski +Signed-off-by: Tony Nguyen +Link: https://lore.kernel.org/r/20220817184921.735244-1-anthony.l.nguyen@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/igb/igb.h | 2 ++ + drivers/net/ethernet/intel/igb/igb_main.c | 12 +++++++++++- + 2 files changed, 13 insertions(+), 1 deletion(-) + +--- a/drivers/net/ethernet/intel/igb/igb.h ++++ b/drivers/net/ethernet/intel/igb/igb.h +@@ -599,6 +599,8 @@ struct igb_adapter { + struct igb_mac_addr *mac_table; + struct vf_mac_filter vf_macs; + struct vf_mac_filter *vf_mac_list; ++ /* lock for VF resources */ ++ spinlock_t vfs_lock; + }; + + /* flags controlling PTP/1588 function */ +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -2805,6 +2805,7 @@ static int igb_disable_sriov(struct pci_ + struct net_device *netdev = pci_get_drvdata(pdev); + struct igb_adapter *adapter = netdev_priv(netdev); + struct e1000_hw *hw = &adapter->hw; ++ unsigned long flags; + + /* reclaim resources allocated to VFs */ + if (adapter->vf_data) { +@@ -2817,12 +2818,13 @@ static int igb_disable_sriov(struct pci_ + pci_disable_sriov(pdev); + msleep(500); + } +- ++ spin_lock_irqsave(&adapter->vfs_lock, flags); + kfree(adapter->vf_mac_list); + adapter->vf_mac_list = NULL; + kfree(adapter->vf_data); + adapter->vf_data = NULL; + adapter->vfs_allocated_count = 0; ++ spin_unlock_irqrestore(&adapter->vfs_lock, flags); + wr32(E1000_IOVCTL, E1000_IOVCTL_REUSE_VFQ); + wrfl(); + msleep(100); +@@ -2984,7 +2986,9 @@ static void igb_remove(struct pci_dev *p + igb_release_hw_control(adapter); + + #ifdef CONFIG_PCI_IOV ++ rtnl_lock(); + igb_disable_sriov(pdev); ++ rtnl_unlock(); + #endif + + unregister_netdev(netdev); +@@ -3137,6 +3141,9 @@ static int igb_sw_init(struct igb_adapte + + spin_lock_init(&adapter->nfc_lock); + spin_lock_init(&adapter->stats64_lock); ++ ++ /* init spinlock to avoid concurrency of VF resources */ ++ spin_lock_init(&adapter->vfs_lock); + #ifdef CONFIG_PCI_IOV + switch (hw->mac.type) { + case e1000_82576: +@@ -6776,8 +6783,10 @@ unlock: + static void igb_msg_task(struct igb_adapter *adapter) + { + struct e1000_hw *hw = &adapter->hw; ++ unsigned long flags; + u32 vf; + ++ spin_lock_irqsave(&adapter->vfs_lock, flags); + for (vf = 0; vf < adapter->vfs_allocated_count; vf++) { + /* process any reset requests */ + if (!igb_check_for_rst(hw, vf)) +@@ -6791,6 +6800,7 @@ static void igb_msg_task(struct igb_adap + if (!igb_check_for_ack(hw, vf)) + igb_rcv_ack_from_vf(adapter, vf); + } ++ spin_unlock_irqrestore(&adapter->vfs_lock, flags); + } + + /** diff --git a/queue-4.14/netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch b/queue-4.14/netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch new file mode 100644 index 00000000000..4f0fab3f346 --- /dev/null +++ b/queue-4.14/netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch @@ -0,0 +1,30 @@ +From 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Tue, 9 Aug 2022 17:23:53 +0200 +Subject: netfilter: nf_tables: really skip inactive sets when allocating name + +From: Pablo Neira Ayuso + +commit 271c5ca826e0c3c53e0eb4032f8eaedea1ee391c upstream. + +While looping to build the bitmap of used anonymous set names, check the +current set in the iteration, instead of the one that is being created. + +Fixes: 37a9cc525525 ("netfilter: nf_tables: add generation mask to sets") +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/netfilter/nf_tables_api.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -2797,7 +2797,7 @@ cont: + list_for_each_entry(i, &ctx->table->sets, list) { + int tmp; + +- if (!nft_is_active_next(ctx->net, set)) ++ if (!nft_is_active_next(ctx->net, i)) + continue; + if (!sscanf(i->name, name, &tmp)) + continue; diff --git a/queue-4.14/powerpc-pci-fix-get_phb_number-locking.patch b/queue-4.14/powerpc-pci-fix-get_phb_number-locking.patch new file mode 100644 index 00000000000..affc682e733 --- /dev/null +++ b/queue-4.14/powerpc-pci-fix-get_phb_number-locking.patch @@ -0,0 +1,105 @@ +From 8d48562a2729742f767b0fdd994d6b2a56a49c63 Mon Sep 17 00:00:00 2001 +From: Michael Ellerman +Date: Mon, 15 Aug 2022 16:55:23 +1000 +Subject: powerpc/pci: Fix get_phb_number() locking + +From: Michael Ellerman + +commit 8d48562a2729742f767b0fdd994d6b2a56a49c63 upstream. + +The recent change to get_phb_number() causes a DEBUG_ATOMIC_SLEEP +warning on some systems: + + BUG: sleeping function called from invalid context at kernel/locking/mutex.c:580 + in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: swapper + preempt_count: 1, expected: 0 + RCU nest depth: 0, expected: 0 + 1 lock held by swapper/1: + #0: c157efb0 (hose_spinlock){+.+.}-{2:2}, at: pcibios_alloc_controller+0x64/0x220 + Preemption disabled at: + [<00000000>] 0x0 + CPU: 0 PID: 1 Comm: swapper Not tainted 5.19.0-yocto-standard+ #1 + Call Trace: + [d101dc90] [c073b264] dump_stack_lvl+0x50/0x8c (unreliable) + [d101dcb0] [c0093b70] __might_resched+0x258/0x2a8 + [d101dcd0] [c0d3e634] __mutex_lock+0x6c/0x6ec + [d101dd50] [c0a84174] of_alias_get_id+0x50/0xf4 + [d101dd80] [c002ec78] pcibios_alloc_controller+0x1b8/0x220 + [d101ddd0] [c140c9dc] pmac_pci_init+0x198/0x784 + [d101de50] [c140852c] discover_phbs+0x30/0x4c + [d101de60] [c0007fd4] do_one_initcall+0x94/0x344 + [d101ded0] [c1403b40] kernel_init_freeable+0x1a8/0x22c + [d101df10] [c00086e0] kernel_init+0x34/0x160 + [d101df30] [c001b334] ret_from_kernel_thread+0x5c/0x64 + +This is because pcibios_alloc_controller() holds hose_spinlock but +of_alias_get_id() takes of_mutex which can sleep. + +The hose_spinlock protects the phb_bitmap, and also the hose_list, but +it doesn't need to be held while get_phb_number() calls the OF routines, +because those are only looking up information in the device tree. + +So fix it by having get_phb_number() take the hose_spinlock itself, only +where required, and then dropping the lock before returning. +pcibios_alloc_controller() then needs to take the lock again before the +list_add() but that's safe, the order of the list is not important. + +Fixes: 0fe1e96fef0a ("powerpc/pci: Prefer PCI domain assignment via DT 'linux,pci-domain' and alias") +Reported-by: Guenter Roeck +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220815065550.1303620-1-mpe@ellerman.id.au +Signed-off-by: Greg Kroah-Hartman +--- + arch/powerpc/kernel/pci-common.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +--- a/arch/powerpc/kernel/pci-common.c ++++ b/arch/powerpc/kernel/pci-common.c +@@ -73,10 +73,6 @@ const struct dma_map_ops *get_pci_dma_op + } + EXPORT_SYMBOL(get_pci_dma_ops); + +-/* +- * This function should run under locking protection, specifically +- * hose_spinlock. +- */ + static int get_phb_number(struct device_node *dn) + { + int ret, phb_id = -1; +@@ -113,15 +109,20 @@ static int get_phb_number(struct device_ + if (!ret) + phb_id = (int)(prop & (MAX_PHBS - 1)); + ++ spin_lock(&hose_spinlock); ++ + /* We need to be sure to not use the same PHB number twice. */ + if ((phb_id >= 0) && !test_and_set_bit(phb_id, phb_bitmap)) +- return phb_id; ++ goto out_unlock; + + /* If everything fails then fallback to dynamic PHB numbering. */ + phb_id = find_first_zero_bit(phb_bitmap, MAX_PHBS); + BUG_ON(phb_id >= MAX_PHBS); + set_bit(phb_id, phb_bitmap); + ++out_unlock: ++ spin_unlock(&hose_spinlock); ++ + return phb_id; + } + +@@ -132,10 +133,13 @@ struct pci_controller *pcibios_alloc_con + phb = zalloc_maybe_bootmem(sizeof(struct pci_controller), GFP_KERNEL); + if (phb == NULL) + return NULL; +- spin_lock(&hose_spinlock); ++ + phb->global_number = get_phb_number(dev); ++ ++ spin_lock(&hose_spinlock); + list_add_tail(&phb->list_node, &hose_list); + spin_unlock(&hose_spinlock); ++ + phb->dn = dev; + phb->is_dynamic = slab_is_available(); + #ifdef CONFIG_PPC64 diff --git a/queue-4.14/series b/queue-4.14/series index c577ddb47a2..263736517a1 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -200,3 +200,8 @@ nios2-traced-syscall-does-need-to-check-the-syscall-number.patch nios2-fix-syscall-restart-checks.patch nios2-restarts-apply-only-to-the-first-sigframe-we-build.patch nios2-add-force_successful_syscall_return.patch +netfilter-nf_tables-really-skip-inactive-sets-when-allocating-name.patch +powerpc-pci-fix-get_phb_number-locking.patch +i40e-fix-to-stop-tx_timeout-recovery-if-globr-fails.patch +fec-fix-timer-capture-timing-in-fec_ptp_enable_pps.patch +igb-add-lock-to-avoid-data-race.patch