From: Greg Kroah-Hartman Date: Tue, 30 Jul 2024 14:13:30 +0000 (+0200) Subject: 5.15-stable patches X-Git-Tag: v6.1.103~20 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0ae6351359fd899ddf33031758c024a62603f16;p=thirdparty%2Fkernel%2Fstable-queue.git 5.15-stable patches added patches: bluetooth-btusb-add-realtek-rtl8852be-support-id-0x13d3-0x3591.patch bluetooth-btusb-add-rtl8852be-device-0489-e125-to-device-tables.patch io_uring-io-wq-limit-retrying-worker-initialisation.patch kernel-rerun-task_work-while-freezing-in-get_signal.patch nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch --- diff --git a/queue-5.15/bluetooth-btusb-add-realtek-rtl8852be-support-id-0x13d3-0x3591.patch b/queue-5.15/bluetooth-btusb-add-realtek-rtl8852be-support-id-0x13d3-0x3591.patch new file mode 100644 index 00000000000..86fa3f35aeb --- /dev/null +++ b/queue-5.15/bluetooth-btusb-add-realtek-rtl8852be-support-id-0x13d3-0x3591.patch @@ -0,0 +1,65 @@ +From 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 Mon Sep 17 00:00:00 2001 +From: WangYuli +Date: Sat, 22 Jun 2024 12:09:59 +0800 +Subject: Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 + +From: WangYuli + +commit 473a89b4ed7fd52a419340f7c540d5c8fc96fc75 upstream. + +Add the support ID(0x13d3, 0x3591) to usb_device_id table for +Realtek RTL8852BE. + +The device table is as follows: + +T: Bus=01 Lev=02 Prnt=03 Port=00 Cnt=01 Dev#= 5 Spd=12 MxCh= 0 +D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=13d3 ProdID=3591 Rev= 0.00 +S: Manufacturer=Realtek +S: Product=Bluetooth Radio +S: SerialNumber=00e04c000001 +C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA +I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms +I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms +I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms +I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms +I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms + +Cc: stable@vger.kernel.org +Signed-off-by: Wentao Guan +Signed-off-by: WangYuli +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Erpeng Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btusb.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -559,6 +559,8 @@ static const struct usb_device_id blackl + BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, ++ { USB_DEVICE(0x13d3, 0x3591), .driver_info = BTUSB_REALTEK | ++ BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, + diff --git a/queue-5.15/bluetooth-btusb-add-rtl8852be-device-0489-e125-to-device-tables.patch b/queue-5.15/bluetooth-btusb-add-rtl8852be-device-0489-e125-to-device-tables.patch new file mode 100644 index 00000000000..7e0c1b3c18e --- /dev/null +++ b/queue-5.15/bluetooth-btusb-add-rtl8852be-device-0489-e125-to-device-tables.patch @@ -0,0 +1,63 @@ +From 295ef07a9dae6182ad4b689aa8c6a7dbba21474c Mon Sep 17 00:00:00 2001 +From: Hilda Wu +Date: Mon, 17 Jun 2024 17:05:18 +0800 +Subject: Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables + +From: Hilda Wu + +commit 295ef07a9dae6182ad4b689aa8c6a7dbba21474c upstream. + +Add the support ID 0489:e125 to usb_device_id table for +Realtek RTL8852B chip. + +The device info from /sys/kernel/debug/usb/devices as below. + +T: Bus=01 Lev=01 Prnt=01 Port=07 Cnt=03 Dev#= 5 Spd=12 MxCh= 0 +D: Ver= 1.00 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 +P: Vendor=0489 ProdID=e125 Rev= 0.00 +S: Manufacturer=Realtek +S: Product=Bluetooth Radio +S: SerialNumber=00e04c000001 +C:* #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=500mA +I:* If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=81(I) Atr=03(Int.) MxPS= 16 Ivl=1ms +E: Ad=02(O) Atr=02(Bulk) MxPS= 64 Ivl=0ms +E: Ad=82(I) Atr=02(Bulk) MxPS= 64 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 0 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 0 Ivl=1ms +I: If#= 1 Alt= 1 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 9 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 9 Ivl=1ms +I: If#= 1 Alt= 2 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 17 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 17 Ivl=1ms +I: If#= 1 Alt= 3 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 25 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 25 Ivl=1ms +I: If#= 1 Alt= 4 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 33 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 33 Ivl=1ms +I: If#= 1 Alt= 5 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb +E: Ad=03(O) Atr=01(Isoc) MxPS= 49 Ivl=1ms +E: Ad=83(I) Atr=01(Isoc) MxPS= 49 Ivl=1ms + +Signed-off-by: Hilda Wu +Signed-off-by: Luiz Augusto von Dentz +Signed-off-by: Erpeng Xu +Signed-off-by: Greg Kroah-Hartman +--- + drivers/bluetooth/btusb.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/bluetooth/btusb.c ++++ b/drivers/bluetooth/btusb.c +@@ -559,6 +559,8 @@ static const struct usb_device_id blackl + BTUSB_WIDEBAND_SPEECH }, + { USB_DEVICE(0x0cb5, 0xc547), .driver_info = BTUSB_REALTEK | + BTUSB_WIDEBAND_SPEECH }, ++ { USB_DEVICE(0x0489, 0xe125), .driver_info = BTUSB_REALTEK | ++ BTUSB_WIDEBAND_SPEECH }, + + /* Silicon Wave based devices */ + { USB_DEVICE(0x0c10, 0x0000), .driver_info = BTUSB_SWAVE }, diff --git a/queue-5.15/io_uring-io-wq-limit-retrying-worker-initialisation.patch b/queue-5.15/io_uring-io-wq-limit-retrying-worker-initialisation.patch new file mode 100644 index 00000000000..be9cebedbeb --- /dev/null +++ b/queue-5.15/io_uring-io-wq-limit-retrying-worker-initialisation.patch @@ -0,0 +1,84 @@ +From e2aa81d4fc08889e47250315fbdb0db1365a849d Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 10 Jul 2024 18:58:17 +0100 +Subject: io_uring/io-wq: limit retrying worker initialisation + +From: Pavel Begunkov + +commit 0453aad676ff99787124b9b3af4a5f59fbe808e2 upstream. + +If io-wq worker creation fails, we retry it by queueing up a task_work. +tasK_work is needed because it should be done from the user process +context. The problem is that retries are not limited, and if queueing a +task_work is the reason for the failure, we might get into an infinite +loop. + +It doesn't seem to happen now but it would with the following patch +executing task_work in the freezer's loop. For now, arbitrarily limit the +number of attempts to create a worker. + +Cc: stable@vger.kernel.org +Fixes: 3146cba99aa28 ("io-wq: make worker creation resilient against signals") +Reported-by: Julian Orth +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/8280436925db88448c7c85c6656edee1a43029ea.1720634146.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + io_uring/io-wq.c | 10 +++++++--- + 1 file changed, 7 insertions(+), 3 deletions(-) + +--- a/io_uring/io-wq.c ++++ b/io_uring/io-wq.c +@@ -19,6 +19,7 @@ + #include "io-wq.h" + + #define WORKER_IDLE_TIMEOUT (5 * HZ) ++#define WORKER_INIT_LIMIT 3 + + enum { + IO_WORKER_F_UP = 1, /* up and active */ +@@ -54,6 +55,7 @@ struct io_worker { + unsigned long create_state; + struct callback_head create_work; + int create_index; ++ int init_retries; + + union { + struct rcu_head rcu; +@@ -732,7 +734,7 @@ static bool io_wq_work_match_all(struct + return true; + } + +-static inline bool io_should_retry_thread(long err) ++static inline bool io_should_retry_thread(struct io_worker *worker, long err) + { + /* + * Prevent perpetual task_work retry, if the task (or its group) is +@@ -740,6 +742,8 @@ static inline bool io_should_retry_threa + */ + if (fatal_signal_pending(current)) + return false; ++ if (worker->init_retries++ >= WORKER_INIT_LIMIT) ++ return false; + + switch (err) { + case -EAGAIN: +@@ -766,7 +770,7 @@ static void create_worker_cont(struct ca + io_init_new_worker(wqe, worker, tsk); + io_worker_release(worker); + return; +- } else if (!io_should_retry_thread(PTR_ERR(tsk))) { ++ } else if (!io_should_retry_thread(worker, PTR_ERR(tsk))) { + struct io_wqe_acct *acct = io_wqe_get_acct(worker); + + atomic_dec(&acct->nr_running); +@@ -831,7 +835,7 @@ fail: + tsk = create_io_thread(io_wqe_worker, worker, wqe->node); + if (!IS_ERR(tsk)) { + io_init_new_worker(wqe, worker, tsk); +- } else if (!io_should_retry_thread(PTR_ERR(tsk))) { ++ } else if (!io_should_retry_thread(worker, PTR_ERR(tsk))) { + kfree(worker); + goto fail; + } else { diff --git a/queue-5.15/kernel-rerun-task_work-while-freezing-in-get_signal.patch b/queue-5.15/kernel-rerun-task_work-while-freezing-in-get_signal.patch new file mode 100644 index 00000000000..4b9f80c80dc --- /dev/null +++ b/queue-5.15/kernel-rerun-task_work-while-freezing-in-get_signal.patch @@ -0,0 +1,66 @@ +From f416e4a185dc3d007ea478db3ff75f47cd689eb6 Mon Sep 17 00:00:00 2001 +From: Pavel Begunkov +Date: Wed, 10 Jul 2024 18:58:18 +0100 +Subject: kernel: rerun task_work while freezing in get_signal() + +From: Pavel Begunkov + +commit 943ad0b62e3c21f324c4884caa6cb4a871bca05c upstream. + +io_uring can asynchronously add a task_work while the task is getting +freezed. TIF_NOTIFY_SIGNAL will prevent the task from sleeping in +do_freezer_trap(), and since the get_signal()'s relock loop doesn't +retry task_work, the task will spin there not being able to sleep +until the freezing is cancelled / the task is killed / etc. + +Run task_works in the freezer path. Keep the patch small and simple +so it can be easily back ported, but we might need to do some cleaning +after and look if there are other places with similar problems. + +Cc: stable@vger.kernel.org +Link: https://github.com/systemd/systemd/issues/33626 +Fixes: 12db8b690010c ("entry: Add support for TIF_NOTIFY_SIGNAL") +Reported-by: Julian Orth +Acked-by: Oleg Nesterov +Acked-by: Tejun Heo +Signed-off-by: Pavel Begunkov +Link: https://lore.kernel.org/r/89ed3a52933370deaaf61a0a620a6ac91f1e754d.1720634146.git.asml.silence@gmail.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/sched/signal.h | 6 ++++++ + kernel/signal.c | 8 ++++++++ + 2 files changed, 14 insertions(+) + +--- a/include/linux/sched/signal.h ++++ b/include/linux/sched/signal.h +@@ -347,6 +347,12 @@ extern void sigqueue_free(struct sigqueu + extern int send_sigqueue(struct sigqueue *, struct pid *, enum pid_type); + extern int do_sigaction(int, struct k_sigaction *, struct k_sigaction *); + ++static inline void clear_notify_signal(void) ++{ ++ clear_thread_flag(TIF_NOTIFY_SIGNAL); ++ smp_mb__after_atomic(); ++} ++ + static inline int restart_syscall(void) + { + set_tsk_thread_flag(current, TIF_SIGPENDING); +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -2579,6 +2579,14 @@ static void do_freezer_trap(void) + spin_unlock_irq(¤t->sighand->siglock); + cgroup_enter_frozen(); + freezable_schedule(); ++ ++ /* ++ * We could've been woken by task_work, run it to clear ++ * TIF_NOTIFY_SIGNAL. The caller will retry if necessary. ++ */ ++ clear_notify_signal(); ++ if (unlikely(READ_ONCE(current->task_works))) ++ task_work_run(); + } + + static int ptrace_signal(int signr, kernel_siginfo_t *info) diff --git a/queue-5.15/nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch b/queue-5.15/nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch new file mode 100644 index 00000000000..6660c7e327c --- /dev/null +++ b/queue-5.15/nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch @@ -0,0 +1,97 @@ +From 4811f7af6090e8f5a398fbdd766f903ef6c0d787 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Thu, 25 Jul 2024 14:20:07 +0900 +Subject: nilfs2: handle inconsistent state in nilfs_btnode_create_block() + +From: Ryusuke Konishi + +commit 4811f7af6090e8f5a398fbdd766f903ef6c0d787 upstream. + +Syzbot reported that a buffer state inconsistency was detected in +nilfs_btnode_create_block(), triggering a kernel bug. + +It is not appropriate to treat this inconsistency as a bug; it can occur +if the argument block address (the buffer index of the newly created +block) is a virtual block number and has been reallocated due to +corruption of the bitmap used to manage its allocation state. + +So, modify nilfs_btnode_create_block() and its callers to treat it as a +possible filesystem error, rather than triggering a kernel bug. + +Link: https://lkml.kernel.org/r/20240725052007.4562-1-konishi.ryusuke@gmail.com +Fixes: a60be987d45d ("nilfs2: B-tree node cache") +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+89cc4f2324ed37988b60@syzkaller.appspotmail.com +Closes: https://syzkaller.appspot.com/bug?extid=89cc4f2324ed37988b60 +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/btnode.c | 25 ++++++++++++++++++++----- + fs/nilfs2/btree.c | 4 ++-- + 2 files changed, 22 insertions(+), 7 deletions(-) + +--- a/fs/nilfs2/btnode.c ++++ b/fs/nilfs2/btnode.c +@@ -51,12 +51,21 @@ nilfs_btnode_create_block(struct address + + bh = nilfs_grab_buffer(inode, btnc, blocknr, BIT(BH_NILFS_Node)); + if (unlikely(!bh)) +- return NULL; ++ return ERR_PTR(-ENOMEM); + + if (unlikely(buffer_mapped(bh) || buffer_uptodate(bh) || + buffer_dirty(bh))) { +- brelse(bh); +- BUG(); ++ /* ++ * The block buffer at the specified new address was already ++ * in use. This can happen if it is a virtual block number ++ * and has been reallocated due to corruption of the bitmap ++ * used to manage its allocation state (if not, the buffer ++ * clearing of an abandoned b-tree node is missing somewhere). ++ */ ++ nilfs_error(inode->i_sb, ++ "state inconsistency probably due to duplicate use of b-tree node block address %llu (ino=%lu)", ++ (unsigned long long)blocknr, inode->i_ino); ++ goto failed; + } + memset(bh->b_data, 0, i_blocksize(inode)); + bh->b_bdev = inode->i_sb->s_bdev; +@@ -67,6 +76,12 @@ nilfs_btnode_create_block(struct address + unlock_page(bh->b_page); + put_page(bh->b_page); + return bh; ++ ++failed: ++ unlock_page(bh->b_page); ++ put_page(bh->b_page); ++ brelse(bh); ++ return ERR_PTR(-EIO); + } + + int nilfs_btnode_submit_block(struct address_space *btnc, __u64 blocknr, +@@ -217,8 +232,8 @@ retry: + } + + nbh = nilfs_btnode_create_block(btnc, newkey); +- if (!nbh) +- return -ENOMEM; ++ if (IS_ERR(nbh)) ++ return PTR_ERR(nbh); + + BUG_ON(nbh == obh); + ctxt->newbh = nbh; +--- a/fs/nilfs2/btree.c ++++ b/fs/nilfs2/btree.c +@@ -63,8 +63,8 @@ static int nilfs_btree_get_new_block(con + struct buffer_head *bh; + + bh = nilfs_btnode_create_block(btnc, ptr); +- if (!bh) +- return -ENOMEM; ++ if (IS_ERR(bh)) ++ return PTR_ERR(bh); + + set_buffer_nilfs_volatile(bh); + *bhp = bh; diff --git a/queue-5.15/series b/queue-5.15/series index dc9362600ec..0a52af6aad6 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -253,3 +253,8 @@ mips-loongson64-test-register-availability-before-use.patch drm-panfrost-mark-simple_ondemand-governor-as-softdep.patch rbd-rename-rbd_lock_state_releasing-and-releasing_wait.patch rbd-don-t-assume-rbd_lock_state_locked-for-exclusive-mappings.patch +bluetooth-btusb-add-rtl8852be-device-0489-e125-to-device-tables.patch +bluetooth-btusb-add-realtek-rtl8852be-support-id-0x13d3-0x3591.patch +nilfs2-handle-inconsistent-state-in-nilfs_btnode_create_block.patch +io_uring-io-wq-limit-retrying-worker-initialisation.patch +kernel-rerun-task_work-while-freezing-in-get_signal.patch