From: Greg Kroah-Hartman Date: Fri, 27 Oct 2023 15:15:07 +0000 (+0200) Subject: 6.5-stable patches X-Git-Tag: v6.1.61~70 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b8fdc8a43e6609d9a13c966e07acb1b9188dde80;p=thirdparty%2Fkernel%2Fstable-queue.git 6.5-stable patches added patches: accel-ivpu-don-t-enter-d0i3-during-flr.patch arm-dts-rockchip-add-missing-arm-timer-interrupt-for-rk3128.patch arm-dts-rockchip-add-missing-quirk-for-rk3128-s-dma-engine.patch arm-dts-rockchip-fix-i2c0-register-address-for-rk3128.patch arm-dts-rockchip-fix-timer-clocks-for-rk3128.patch arm-omap1-ams-delta-fix-modem-initialization-failure.patch arm64-dts-qcom-apq8096-db820c-fix-missing-clock-populate.patch arm64-dts-qcom-msm8996-xiaomi-fix-missing-clock-populate.patch arm64-dts-qcom-sa8775p-correct-pmic-gpio-label-in-gpio-ranges.patch arm64-dts-rockchip-add-i2s0-2ch-bus-bclk-off-pins-to-rk3399.patch arm64-dts-rockchip-fix-i2s0-pin-conflict-on-rock-pi-4-boards.patch arm64-dts-rockchip-set-codec-system-clock-fixed-on-px30-ringneck-haikou.patch arm64-dts-rockchip-use-codec-as-clock-master-on-px30-ringneck-haikou.patch drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch drm-dp_mst-fix-null-deref-in-get_mst_branch_device_by_guid_helper.patch drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch hugetlbfs-clear-resv_map-pointer-if-mmap-fails.patch hugetlbfs-extend-hugetlb_vma_lock-to-private-vmas.patch i40e-sync-next_to_clean-and-next_to_process-for-programming-status-desc.patch maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch mm-migrate-fix-do_pages_move-for-compat-pointers.patch mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch selftests-mm-include-mman-header-to-access-mremap_dontunmap-identifier.patch vdpa-mlx5-fix-double-release-of-debugfs-entry.patch vdpa_sim_blk-fix-the-potential-leak-of-mgmt_dev.patch vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch virtio-crypto-handle-config-changed-by-work-queue.patch virtio-mmio-fix-memory-leak-of-vm_dev.patch virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch virtio_pci-fix-the-common-cfg-map-size.patch vsock-virtio-initialize-the_virtio_vsock-before-using-vqs.patch --- diff --git a/queue-6.5/accel-ivpu-don-t-enter-d0i3-during-flr.patch b/queue-6.5/accel-ivpu-don-t-enter-d0i3-during-flr.patch new file mode 100644 index 00000000000..ab9c9332b65 --- /dev/null +++ b/queue-6.5/accel-ivpu-don-t-enter-d0i3-during-flr.patch @@ -0,0 +1,108 @@ +From 828d63042aeca132a93938b98dc7f1a6c97bbc51 Mon Sep 17 00:00:00 2001 +From: Jacek Lawrynowicz +Date: Tue, 3 Oct 2023 08:42:13 +0200 +Subject: accel/ivpu: Don't enter d0i3 during FLR + +From: Jacek Lawrynowicz + +commit 828d63042aeca132a93938b98dc7f1a6c97bbc51 upstream. + +Avoid HW bug on some platforms where we enter D0i3 state +and CPU is in low power states (C8 or above). + +Fixes: 852be13f3bd3 ("accel/ivpu: Add PM support") +Cc: stable@vger.kernel.org +Signed-off-by: Jacek Lawrynowicz +Reviewed-by: Stanislaw Gruszka +Signed-off-by: Stanislaw Gruszka +Link: https://patchwork.freedesktop.org/patch/msgid/20231003064213.1527327-1-stanislaw.gruszka@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/accel/ivpu/ivpu_drv.c | 11 ++++++++--- + drivers/accel/ivpu/ivpu_drv.h | 1 + + drivers/accel/ivpu/ivpu_hw.h | 8 ++++++++ + drivers/accel/ivpu/ivpu_hw_mtl.c | 1 + + drivers/accel/ivpu/ivpu_pm.c | 3 ++- + 5 files changed, 20 insertions(+), 4 deletions(-) + +--- a/drivers/accel/ivpu/ivpu_drv.c ++++ b/drivers/accel/ivpu/ivpu_drv.c +@@ -343,14 +343,19 @@ int ivpu_boot(struct ivpu_device *vdev) + return 0; + } + +-int ivpu_shutdown(struct ivpu_device *vdev) ++void ivpu_prepare_for_reset(struct ivpu_device *vdev) + { +- int ret; +- + ivpu_hw_irq_disable(vdev); + disable_irq(vdev->irq); + ivpu_ipc_disable(vdev); + ivpu_mmu_disable(vdev); ++} ++ ++int ivpu_shutdown(struct ivpu_device *vdev) ++{ ++ int ret; ++ ++ ivpu_prepare_for_reset(vdev); + + ret = ivpu_hw_power_down(vdev); + if (ret) +--- a/drivers/accel/ivpu/ivpu_drv.h ++++ b/drivers/accel/ivpu/ivpu_drv.h +@@ -144,6 +144,7 @@ void ivpu_file_priv_put(struct ivpu_file + + int ivpu_boot(struct ivpu_device *vdev); + int ivpu_shutdown(struct ivpu_device *vdev); ++void ivpu_prepare_for_reset(struct ivpu_device *vdev); + + static inline bool ivpu_is_mtl(struct ivpu_device *vdev) + { +--- a/drivers/accel/ivpu/ivpu_hw.h ++++ b/drivers/accel/ivpu/ivpu_hw.h +@@ -13,6 +13,7 @@ struct ivpu_hw_ops { + int (*power_up)(struct ivpu_device *vdev); + int (*boot_fw)(struct ivpu_device *vdev); + int (*power_down)(struct ivpu_device *vdev); ++ int (*reset)(struct ivpu_device *vdev); + bool (*is_idle)(struct ivpu_device *vdev); + void (*wdt_disable)(struct ivpu_device *vdev); + void (*diagnose_failure)(struct ivpu_device *vdev); +@@ -90,6 +91,13 @@ static inline int ivpu_hw_power_down(str + return vdev->hw->ops->power_down(vdev); + }; + ++static inline int ivpu_hw_reset(struct ivpu_device *vdev) ++{ ++ ivpu_dbg(vdev, PM, "HW reset\n"); ++ ++ return vdev->hw->ops->reset(vdev); ++}; ++ + static inline void ivpu_hw_wdt_disable(struct ivpu_device *vdev) + { + vdev->hw->ops->wdt_disable(vdev); +--- a/drivers/accel/ivpu/ivpu_hw_mtl.c ++++ b/drivers/accel/ivpu/ivpu_hw_mtl.c +@@ -1041,6 +1041,7 @@ const struct ivpu_hw_ops ivpu_hw_mtl_ops + .power_up = ivpu_hw_mtl_power_up, + .is_idle = ivpu_hw_mtl_is_idle, + .power_down = ivpu_hw_mtl_power_down, ++ .reset = ivpu_hw_mtl_reset, + .boot_fw = ivpu_hw_mtl_boot_fw, + .wdt_disable = ivpu_hw_mtl_wdt_disable, + .diagnose_failure = ivpu_hw_mtl_diagnose_failure, +--- a/drivers/accel/ivpu/ivpu_pm.c ++++ b/drivers/accel/ivpu/ivpu_pm.c +@@ -260,7 +260,8 @@ void ivpu_pm_reset_prepare_cb(struct pci + + ivpu_dbg(vdev, PM, "Pre-reset..\n"); + atomic_set(&vdev->pm->in_reset, 1); +- ivpu_shutdown(vdev); ++ ivpu_prepare_for_reset(vdev); ++ ivpu_hw_reset(vdev); + ivpu_pm_prepare_cold_boot(vdev); + ivpu_jobs_abort_all(vdev); + ivpu_dbg(vdev, PM, "Pre-reset done.\n"); diff --git a/queue-6.5/arm-dts-rockchip-add-missing-arm-timer-interrupt-for-rk3128.patch b/queue-6.5/arm-dts-rockchip-add-missing-arm-timer-interrupt-for-rk3128.patch new file mode 100644 index 00000000000..4a7768633d4 --- /dev/null +++ b/queue-6.5/arm-dts-rockchip-add-missing-arm-timer-interrupt-for-rk3128.patch @@ -0,0 +1,38 @@ +From 7e3be9ea299927e6d65242c247eca0a21bc26a58 Mon Sep 17 00:00:00 2001 +From: Alex Bee +Date: Tue, 29 Aug 2023 22:37:23 +0200 +Subject: ARM: dts: rockchip: Add missing arm timer interrupt for RK3128 + +From: Alex Bee + +commit 7e3be9ea299927e6d65242c247eca0a21bc26a58 upstream. + +The Cortex-A7 timer has 4 interrupts. +Add the missing one. + +Fixes: a0201bff6259 ("ARM: dts: rockchip: add rk3128 soc dtsi") +Signed-off-by: Alex Bee +Link: https://lore.kernel.org/r/20230829203721.281455-8-knaerzche@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/rockchip/rk3128.dtsi | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/rockchip/rk3128.dtsi b/arch/arm/boot/dts/rockchip/rk3128.dtsi +index 2e345097b9bd..bf55d4575311 100644 +--- a/arch/arm/boot/dts/rockchip/rk3128.dtsi ++++ b/arch/arm/boot/dts/rockchip/rk3128.dtsi +@@ -64,7 +64,8 @@ timer { + compatible = "arm,armv7-timer"; + interrupts = , + , +- ; ++ , ++ ; + arm,cpu-registers-not-fw-configured; + clock-frequency = <24000000>; + }; +-- +2.42.0 + diff --git a/queue-6.5/arm-dts-rockchip-add-missing-quirk-for-rk3128-s-dma-engine.patch b/queue-6.5/arm-dts-rockchip-add-missing-quirk-for-rk3128-s-dma-engine.patch new file mode 100644 index 00000000000..94846cd469e --- /dev/null +++ b/queue-6.5/arm-dts-rockchip-add-missing-quirk-for-rk3128-s-dma-engine.patch @@ -0,0 +1,37 @@ +From b0b4e978784943c4ed8412dbb475178f8c51ba8e Mon Sep 17 00:00:00 2001 +From: Alex Bee +Date: Tue, 29 Aug 2023 22:37:25 +0200 +Subject: ARM: dts: rockchip: Add missing quirk for RK3128's dma engine + +From: Alex Bee + +commit b0b4e978784943c4ed8412dbb475178f8c51ba8e upstream. + +Like most other Rockchip ARM SoCs, the PL330 needs the +arm,pl330-periph-burst quirk in order to work as expected. +Add it. + +Fixes: a0201bff6259 ("ARM: dts: rockchip: add rk3128 soc dtsi") +Signed-off-by: Alex Bee +Link: https://lore.kernel.org/r/20230829203721.281455-10-knaerzche@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/rockchip/rk3128.dtsi | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/arm/boot/dts/rockchip/rk3128.dtsi b/arch/arm/boot/dts/rockchip/rk3128.dtsi +index bf55d4575311..9125bf22e971 100644 +--- a/arch/arm/boot/dts/rockchip/rk3128.dtsi ++++ b/arch/arm/boot/dts/rockchip/rk3128.dtsi +@@ -459,6 +459,7 @@ pdma: dma-controller@20078000 { + interrupts = , + ; + arm,pl330-broken-no-flushp; ++ arm,pl330-periph-burst; + clocks = <&cru ACLK_DMAC>; + clock-names = "apb_pclk"; + #dma-cells = <1>; +-- +2.42.0 + diff --git a/queue-6.5/arm-dts-rockchip-fix-i2c0-register-address-for-rk3128.patch b/queue-6.5/arm-dts-rockchip-fix-i2c0-register-address-for-rk3128.patch new file mode 100644 index 00000000000..a96572da687 --- /dev/null +++ b/queue-6.5/arm-dts-rockchip-fix-i2c0-register-address-for-rk3128.patch @@ -0,0 +1,36 @@ +From 2e9cbc4167da3134412ce47e4cdadbfdea30bbff Mon Sep 17 00:00:00 2001 +From: Alex Bee +Date: Tue, 29 Aug 2023 22:37:21 +0200 +Subject: ARM: dts: rockchip: Fix i2c0 register address for RK3128 + +From: Alex Bee + +commit 2e9cbc4167da3134412ce47e4cdadbfdea30bbff upstream. + +The register address for i2c0 is missing a 0x to mark it as hex. + +Fixes: a0201bff6259 ("ARM: dts: rockchip: add rk3128 soc dtsi") +Signed-off-by: Alex Bee +Link: https://lore.kernel.org/r/20230829203721.281455-6-knaerzche@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/rockchip/rk3128.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/rockchip/rk3128.dtsi b/arch/arm/boot/dts/rockchip/rk3128.dtsi +index b63bd4ad3143..2e345097b9bd 100644 +--- a/arch/arm/boot/dts/rockchip/rk3128.dtsi ++++ b/arch/arm/boot/dts/rockchip/rk3128.dtsi +@@ -426,7 +426,7 @@ saradc: saradc@2006c000 { + + i2c0: i2c@20072000 { + compatible = "rockchip,rk3128-i2c", "rockchip,rk3288-i2c"; +- reg = <20072000 0x1000>; ++ reg = <0x20072000 0x1000>; + interrupts = ; + clock-names = "i2c"; + clocks = <&cru PCLK_I2C0>; +-- +2.42.0 + diff --git a/queue-6.5/arm-dts-rockchip-fix-timer-clocks-for-rk3128.patch b/queue-6.5/arm-dts-rockchip-fix-timer-clocks-for-rk3128.patch new file mode 100644 index 00000000000..98a24ee30e8 --- /dev/null +++ b/queue-6.5/arm-dts-rockchip-fix-timer-clocks-for-rk3128.patch @@ -0,0 +1,84 @@ +From 2c68d26f072b449bd45427241612cb3f8f997f82 Mon Sep 17 00:00:00 2001 +From: Alex Bee +Date: Tue, 29 Aug 2023 22:37:27 +0200 +Subject: ARM: dts: rockchip: Fix timer clocks for RK3128 + +From: Alex Bee + +commit 2c68d26f072b449bd45427241612cb3f8f997f82 upstream. + +Currently the Rockchip timer source clocks are set to xin24 for no obvious +reason and the actual timer clocks (SCLK_TIMER*) will get disabled during +boot process as they have no user. That will make the SoC stuck as no timer +source exists. + +Fixes: a0201bff6259 ("ARM: dts: rockchip: add rk3128 soc dtsi") +Signed-off-by: Alex Bee +Link: https://lore.kernel.org/r/20230829203721.281455-12-knaerzche@gmail.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/rockchip/rk3128.dtsi | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/arch/arm/boot/dts/rockchip/rk3128.dtsi b/arch/arm/boot/dts/rockchip/rk3128.dtsi +index 9125bf22e971..88a4b0d6d928 100644 +--- a/arch/arm/boot/dts/rockchip/rk3128.dtsi ++++ b/arch/arm/boot/dts/rockchip/rk3128.dtsi +@@ -234,7 +234,7 @@ timer0: timer@20044000 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x20044000 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER0>; + clock-names = "pclk", "timer"; + }; + +@@ -242,7 +242,7 @@ timer1: timer@20044020 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x20044020 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER1>; + clock-names = "pclk", "timer"; + }; + +@@ -250,7 +250,7 @@ timer2: timer@20044040 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x20044040 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER2>; + clock-names = "pclk", "timer"; + }; + +@@ -258,7 +258,7 @@ timer3: timer@20044060 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x20044060 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER3>; + clock-names = "pclk", "timer"; + }; + +@@ -266,7 +266,7 @@ timer4: timer@20044080 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x20044080 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER4>; + clock-names = "pclk", "timer"; + }; + +@@ -274,7 +274,7 @@ timer5: timer@200440a0 { + compatible = "rockchip,rk3128-timer", "rockchip,rk3288-timer"; + reg = <0x200440a0 0x20>; + interrupts = ; +- clocks = <&cru PCLK_TIMER>, <&xin24m>; ++ clocks = <&cru PCLK_TIMER>, <&cru SCLK_TIMER5>; + clock-names = "pclk", "timer"; + }; + +-- +2.42.0 + diff --git a/queue-6.5/arm-omap1-ams-delta-fix-modem-initialization-failure.patch b/queue-6.5/arm-omap1-ams-delta-fix-modem-initialization-failure.patch new file mode 100644 index 00000000000..ab85f3aae73 --- /dev/null +++ b/queue-6.5/arm-omap1-ams-delta-fix-modem-initialization-failure.patch @@ -0,0 +1,166 @@ +From 5447da5d610b5701c1103cd4665b49da87fdf032 Mon Sep 17 00:00:00 2001 +From: Janusz Krzysztofik +Date: Wed, 11 Oct 2023 19:49:55 +0200 +Subject: ARM: OMAP1: ams-delta: Fix MODEM initialization failure + +From: Janusz Krzysztofik + +commit 5447da5d610b5701c1103cd4665b49da87fdf032 upstream. + +Regulator drivers were modified to use asynchronous device probe. Since +then, the board .init_late hook fails to acquire a GPIO based fixed +regulator needed by an on-board voice MODEM device, and unregisters the +MODEM. That in turn triggers a so far not discovered bug of device +unregister function called for a device with no associated release() op. + +serial8250 serial8250.1: incomplete constraints, dummy supplies not allowed +WARNING: CPU: 0 PID: 1 at drivers/base/core.c:2486 device_release+0x98/0xa8 +Device 'serial8250.1' does not have a release() function, it is broken and + must be fixed. See Documentation/core-api/kobject.rst. +... +put_device from platform_device_put+0x1c/0x24 +platform_device_put from ams_delta_init_late+0x4c/0x68 +ams_delta_init_late from init_machine_late+0x1c/0x94 +init_machine_late from do_one_initcall+0x60/0x1d4 + +As a consequence, ASoC CODEC driver is no longer able to control its +device over the voice MODEM's tty interface. + +cx20442-codec: ASoC: error at soc_component_write_no_lock + on cx20442-codec for register: [0x00000000] -5 +cx20442-codec: ASoC: error at snd_soc_component_update_bits_legacy + on cx20442-codec for register: [0x00000000] -5 +cx20442-codec: ASoC: error at snd_soc_component_update_bits + on cx20442-codec for register: [0x00000000] -5 + +The regulator hangs of a GPIO pin controlled by basic-mmio-gpio driver. +Unlike most GPIO drivers, that driver doesn't probe for devices before +device_initcall, then GPIO pins under its control are not availabele to +majority of devices probed at that phase, including regulators. On the +other hand, serial8250 driver used by the MODEM device neither accepts via +platform data nor handles regulators, then the board file is not able to +teach that driver to return -EPROBE_DEFER when the regulator is not ready +so the failed probe is retried after late_initcall. + +Resolve the issue by extending description of the MODEM device with a +dedicated power management domain. Acquire the regulator from the +domain's .activate hook and return -EPROBE_DEFER if the regulator is not +available. Having that under control, add the regulator device +description to the list of platform devices initialized from .init_machine +and drop the no longer needed custom .init_late hook. + +v2: Trim down the warning for prettier git log output (Tony). + +Fixes: 259b93b21a9f ("regulator: Set PROBE_PREFER_ASYNCHRONOUS for drivers that existed in 4.14") +Signed-off-by: Janusz Krzysztofik +Cc: stable@vger.kernel.org # v6.4+ +Message-ID: <20231011175038.1907629-1-jmkrzyszt@gmail.com> +Signed-off-by: Tony Lindgren +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mach-omap1/board-ams-delta.c | 60 +++++++-------------------- + 1 file changed, 16 insertions(+), 44 deletions(-) + +diff --git a/arch/arm/mach-omap1/board-ams-delta.c b/arch/arm/mach-omap1/board-ams-delta.c +index 9808cd27e2cf..67de96c7717d 100644 +--- a/arch/arm/mach-omap1/board-ams-delta.c ++++ b/arch/arm/mach-omap1/board-ams-delta.c +@@ -550,6 +550,7 @@ static struct platform_device *ams_delta_devices[] __initdata = { + &ams_delta_nand_device, + &ams_delta_lcd_device, + &cx20442_codec_device, ++ &modem_nreset_device, + }; + + static struct gpiod_lookup_table *ams_delta_gpio_tables[] __initdata = { +@@ -782,26 +783,28 @@ static struct plat_serial8250_port ams_delta_modem_ports[] = { + { }, + }; + ++static int ams_delta_modem_pm_activate(struct device *dev) ++{ ++ modem_priv.regulator = regulator_get(dev, "RESET#"); ++ if (IS_ERR(modem_priv.regulator)) ++ return -EPROBE_DEFER; ++ ++ return 0; ++} ++ ++static struct dev_pm_domain ams_delta_modem_pm_domain = { ++ .activate = ams_delta_modem_pm_activate, ++}; ++ + static struct platform_device ams_delta_modem_device = { + .name = "serial8250", + .id = PLAT8250_DEV_PLATFORM1, + .dev = { + .platform_data = ams_delta_modem_ports, ++ .pm_domain = &ams_delta_modem_pm_domain, + }, + }; + +-static int __init modem_nreset_init(void) +-{ +- int err; +- +- err = platform_device_register(&modem_nreset_device); +- if (err) +- pr_err("Couldn't register the modem regulator device\n"); +- +- return err; +-} +- +- + /* + * This function expects MODEM IRQ number already assigned to the port. + * The MODEM device requires its RESET# pin kept high during probe. +@@ -833,37 +836,6 @@ static int __init ams_delta_modem_init(void) + } + arch_initcall_sync(ams_delta_modem_init); + +-static int __init late_init(void) +-{ +- int err; +- +- err = modem_nreset_init(); +- if (err) +- return err; +- +- /* +- * Once the modem device is registered, the modem_nreset +- * regulator can be requested on behalf of that device. +- */ +- modem_priv.regulator = regulator_get(&ams_delta_modem_device.dev, +- "RESET#"); +- if (IS_ERR(modem_priv.regulator)) { +- err = PTR_ERR(modem_priv.regulator); +- goto unregister; +- } +- return 0; +- +-unregister: +- platform_device_unregister(&ams_delta_modem_device); +- return err; +-} +- +-static void __init ams_delta_init_late(void) +-{ +- omap1_init_late(); +- late_init(); +-} +- + static void __init ams_delta_map_io(void) + { + omap1_map_io(); +@@ -877,7 +849,7 @@ MACHINE_START(AMS_DELTA, "Amstrad E3 (Delta)") + .init_early = omap1_init_early, + .init_irq = omap1_init_irq, + .init_machine = ams_delta_init, +- .init_late = ams_delta_init_late, ++ .init_late = omap1_init_late, + .init_time = omap1_timer_init, + .restart = omap1_restart, + MACHINE_END +-- +2.42.0 + diff --git a/queue-6.5/arm64-dts-qcom-apq8096-db820c-fix-missing-clock-populate.patch b/queue-6.5/arm64-dts-qcom-apq8096-db820c-fix-missing-clock-populate.patch new file mode 100644 index 00000000000..43e189c72c2 --- /dev/null +++ b/queue-6.5/arm64-dts-qcom-apq8096-db820c-fix-missing-clock-populate.patch @@ -0,0 +1,78 @@ +From 2ca3e844e3f978c0dbc95072dbf379abfc4a27db Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 1 Sep 2023 10:18:11 +0200 +Subject: arm64: dts: qcom: apq8096-db820c: fix missing clock populate + +From: Krzysztof Kozlowski + +commit 2ca3e844e3f978c0dbc95072dbf379abfc4a27db upstream. + +Commit 704e26678c8d ("arm64: dts: qcom: apq8096-db820c: drop simple-bus +from clocks") removed "simple-bus" compatible from "clocks" node, but +one of the clocks - divclk1 - is a gpio-gate-clock, which does not have +CLK_OF_DECLARE. This means it will not be instantiated if placed in +some subnode. Move the clocks to the root node, so regular devices will +be populated. + +Reported-by: Dmitry Baryshkov +Closes: https://lore.kernel.org/all/CAA8EJprF==p87oN+RiwAiNeURF1JcHGfL2Ez5zxqYPRRbN-hhg@mail.gmail.com/ +Cc: stable@vger.kernel.org +Fixes: 704e26678c8d ("arm64: dts: qcom: apq8096-db820c: drop simple-bus from clocks") +Signed-off-by: Krzysztof Kozlowski +Reviewed-by: Dmitry Baryshkov +Tested-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20230901081812.19121-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/apq8096-db820c.dts | 32 ++++++++++----------- + 1 file changed, 15 insertions(+), 17 deletions(-) + +diff --git a/arch/arm64/boot/dts/qcom/apq8096-db820c.dts b/arch/arm64/boot/dts/qcom/apq8096-db820c.dts +index 385b178314db..3067a4091a7a 100644 +--- a/arch/arm64/boot/dts/qcom/apq8096-db820c.dts ++++ b/arch/arm64/boot/dts/qcom/apq8096-db820c.dts +@@ -62,25 +62,23 @@ chosen { + stdout-path = "serial0:115200n8"; + }; + +- clocks { +- divclk4: divclk4 { +- compatible = "fixed-clock"; +- #clock-cells = <0>; +- clock-frequency = <32768>; +- clock-output-names = "divclk4"; ++ div1_mclk: divclk1 { ++ compatible = "gpio-gate-clock"; ++ pinctrl-0 = <&audio_mclk>; ++ pinctrl-names = "default"; ++ clocks = <&rpmcc RPM_SMD_DIV_CLK1>; ++ #clock-cells = <0>; ++ enable-gpios = <&pm8994_gpios 15 0>; ++ }; + +- pinctrl-names = "default"; +- pinctrl-0 = <&divclk4_pin_a>; +- }; ++ divclk4: divclk4 { ++ compatible = "fixed-clock"; ++ #clock-cells = <0>; ++ clock-frequency = <32768>; ++ clock-output-names = "divclk4"; + +- div1_mclk: divclk1 { +- compatible = "gpio-gate-clock"; +- pinctrl-0 = <&audio_mclk>; +- pinctrl-names = "default"; +- clocks = <&rpmcc RPM_SMD_DIV_CLK1>; +- #clock-cells = <0>; +- enable-gpios = <&pm8994_gpios 15 0>; +- }; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&divclk4_pin_a>; + }; + + gpio-keys { +-- +2.42.0 + diff --git a/queue-6.5/arm64-dts-qcom-msm8996-xiaomi-fix-missing-clock-populate.patch b/queue-6.5/arm64-dts-qcom-msm8996-xiaomi-fix-missing-clock-populate.patch new file mode 100644 index 00000000000..ea3c9598702 --- /dev/null +++ b/queue-6.5/arm64-dts-qcom-msm8996-xiaomi-fix-missing-clock-populate.patch @@ -0,0 +1,108 @@ +From 725f593692ceedeab639b661298955b6f9ba8ec3 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 1 Sep 2023 10:18:12 +0200 +Subject: arm64: dts: qcom: msm8996-xiaomi: fix missing clock populate + +From: Krzysztof Kozlowski + +commit 725f593692ceedeab639b661298955b6f9ba8ec3 upstream. + +Commit 338958e30c68 ("arm64: dts: qcom: msm8996-xiaomi: drop simple-bus +from clocks") removed "simple-bus" compatible from "clocks" node, but +one of the clocks - divclk1 - is a gpio-gate-clock, which does not have +CLK_OF_DECLARE. This means it will not be instantiated if placed in +some subnode. Move the clocks to the root node, so regular devices will +be populated. + +Reported-by: Dmitry Baryshkov +Closes: https://lore.kernel.org/all/CAA8EJprF==p87oN+RiwAiNeURF1JcHGfL2Ez5zxqYPRRbN-hhg@mail.gmail.com/ +Cc: stable@vger.kernel.org +Fixes: 338958e30c68 ("arm64: dts: qcom: msm8996-xiaomi: drop simple-bus from clocks") +Signed-off-by: Krzysztof Kozlowski +Reviewed-by: Dmitry Baryshkov +Link: https://lore.kernel.org/r/20230901081812.19121-2-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + .../boot/dts/qcom/msm8996-xiaomi-common.dtsi | 32 +++++++++---------- + .../boot/dts/qcom/msm8996-xiaomi-gemini.dts | 18 +++++------ + 2 files changed, 23 insertions(+), 27 deletions(-) + +diff --git a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi +index bcd2397eb373..06f8ff624181 100644 +--- a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi ++++ b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-common.dtsi +@@ -11,26 +11,24 @@ + #include + + / { +- clocks { +- divclk1_cdc: divclk1 { +- compatible = "gpio-gate-clock"; +- clocks = <&rpmcc RPM_SMD_DIV_CLK1>; +- #clock-cells = <0>; +- enable-gpios = <&pm8994_gpios 15 GPIO_ACTIVE_HIGH>; ++ divclk1_cdc: divclk1 { ++ compatible = "gpio-gate-clock"; ++ clocks = <&rpmcc RPM_SMD_DIV_CLK1>; ++ #clock-cells = <0>; ++ enable-gpios = <&pm8994_gpios 15 GPIO_ACTIVE_HIGH>; + +- pinctrl-names = "default"; +- pinctrl-0 = <&divclk1_default>; +- }; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&divclk1_default>; ++ }; + +- divclk4: divclk4 { +- compatible = "fixed-clock"; +- #clock-cells = <0>; +- clock-frequency = <32768>; +- clock-output-names = "divclk4"; ++ divclk4: divclk4 { ++ compatible = "fixed-clock"; ++ #clock-cells = <0>; ++ clock-frequency = <32768>; ++ clock-output-names = "divclk4"; + +- pinctrl-names = "default"; +- pinctrl-0 = <&divclk4_pin_a>; +- }; ++ pinctrl-names = "default"; ++ pinctrl-0 = <&divclk4_pin_a>; + }; + + gpio-keys { +diff --git a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts +index d1066edaea47..f8e9d90afab0 100644 +--- a/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts ++++ b/arch/arm64/boot/dts/qcom/msm8996-xiaomi-gemini.dts +@@ -20,16 +20,14 @@ / { + qcom,pmic-id = <0x20009 0x2000a 0x00 0x00>; + qcom,board-id = <31 0>; + +- clocks { +- divclk2_haptics: divclk2 { +- compatible = "fixed-clock"; +- #clock-cells = <0>; +- clock-frequency = <32768>; +- clock-output-names = "divclk2"; +- +- pinctrl-names = "default"; +- pinctrl-0 = <&divclk2_pin_a>; +- }; ++ divclk2_haptics: divclk2 { ++ compatible = "fixed-clock"; ++ #clock-cells = <0>; ++ clock-frequency = <32768>; ++ clock-output-names = "divclk2"; ++ ++ pinctrl-names = "default"; ++ pinctrl-0 = <&divclk2_pin_a>; + }; + }; + +-- +2.42.0 + diff --git a/queue-6.5/arm64-dts-qcom-sa8775p-correct-pmic-gpio-label-in-gpio-ranges.patch b/queue-6.5/arm64-dts-qcom-sa8775p-correct-pmic-gpio-label-in-gpio-ranges.patch new file mode 100644 index 00000000000..7a1fb89dc26 --- /dev/null +++ b/queue-6.5/arm64-dts-qcom-sa8775p-correct-pmic-gpio-label-in-gpio-ranges.patch @@ -0,0 +1,45 @@ +From f822899c28572a854f2c746da5ed707d752458ab Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Fri, 18 Aug 2023 15:55:38 +0200 +Subject: arm64: dts: qcom: sa8775p: correct PMIC GPIO label in gpio-ranges + +From: Krzysztof Kozlowski + +commit f822899c28572a854f2c746da5ed707d752458ab upstream. + +There are several PMICs with GPIO nodes and one of the nodes referenced +other's in gpio-ranges which could result in deferred-probes like: + + qcom-spmi-gpio c440000.spmi:pmic@2:gpio@8800: can't add gpio chip + +Reported-by: Brian Masney +Closes: https://lore.kernel.org/all/ZN5KIlI+RDu92jsi@brian-x1/ +Fixes: e5a893a7cec5 ("arm64: dts: qcom: sa8775p: add PMIC GPIO controller nodes") +Signed-off-by: Krzysztof Kozlowski +Reviewed-by: Brian Masney +Reviewed-by: Bartosz Golaszewski +Tested-by: Bartosz Golaszewski +Reviewed-by: Konrad Dybcio +Link: https://lore.kernel.org/r/20230818135538.47481-1-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi b/arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi +index 3c3b6287cd27..eaa43f022a65 100644 +--- a/arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi ++++ b/arch/arm64/boot/dts/qcom/sa8775p-pmics.dtsi +@@ -173,7 +173,7 @@ pmm8654au_1_gpios: gpio@8800 { + compatible = "qcom,pmm8654au-gpio", "qcom,spmi-gpio"; + reg = <0x8800>; + gpio-controller; +- gpio-ranges = <&pmm8654au_2_gpios 0 0 12>; ++ gpio-ranges = <&pmm8654au_1_gpios 0 0 12>; + #gpio-cells = <2>; + interrupt-controller; + #interrupt-cells = <2>; +-- +2.42.0 + diff --git a/queue-6.5/arm64-dts-rockchip-add-i2s0-2ch-bus-bclk-off-pins-to-rk3399.patch b/queue-6.5/arm64-dts-rockchip-add-i2s0-2ch-bus-bclk-off-pins-to-rk3399.patch new file mode 100644 index 00000000000..193e11ee3f8 --- /dev/null +++ b/queue-6.5/arm64-dts-rockchip-add-i2s0-2ch-bus-bclk-off-pins-to-rk3399.patch @@ -0,0 +1,46 @@ +From 3975e72b164dc8347a28dd0d5f11b346af534635 Mon Sep 17 00:00:00 2001 +From: Christopher Obbard +Date: Fri, 13 Oct 2023 12:47:26 +0100 +Subject: arm64: dts: rockchip: Add i2s0-2ch-bus-bclk-off pins to RK3399 + +From: Christopher Obbard + +commit 3975e72b164dc8347a28dd0d5f11b346af534635 upstream. + +Commit 0efaf8078393 ("arm64: dts: rockchip: add i2s0-2ch-bus pins on +rk3399") introduced a pinctl for i2s0 in two-channel mode. Commit +91419ae0420f ("arm64: dts: rockchip: use BCLK to GPIO switch on rk3399") +modified i2s0 to switch the corresponding pins off when idle. + +Although an idle pinctrl node was added for i2s0 in 8-channel mode, a +similar idle pinctrl node for i2s0 in 2-channel mode was not added. Add +it. + +Fixes: 91419ae0420f ("arm64: dts: rockchip: use BCLK to GPIO switch on rk3399") +Signed-off-by: Christopher Obbard +Link: https://lore.kernel.org/r/20231013114737.494410-2-chris.obbard@collabora.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/rockchip/rk3399.dtsi | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +--- a/arch/arm64/boot/dts/rockchip/rk3399.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399.dtsi +@@ -2430,6 +2430,16 @@ + <4 RK_PA0 1 &pcfg_pull_none>; + }; + ++ i2s0_2ch_bus_bclk_off: i2s0-2ch-bus-bclk-off { ++ rockchip,pins = ++ <3 RK_PD0 RK_FUNC_GPIO &pcfg_pull_none>, ++ <3 RK_PD1 1 &pcfg_pull_none>, ++ <3 RK_PD2 1 &pcfg_pull_none>, ++ <3 RK_PD3 1 &pcfg_pull_none>, ++ <3 RK_PD7 1 &pcfg_pull_none>, ++ <4 RK_PA0 1 &pcfg_pull_none>; ++ }; ++ + i2s0_8ch_bus: i2s0-8ch-bus { + rockchip,pins = + <3 RK_PD0 1 &pcfg_pull_none>, diff --git a/queue-6.5/arm64-dts-rockchip-fix-i2s0-pin-conflict-on-rock-pi-4-boards.patch b/queue-6.5/arm64-dts-rockchip-fix-i2s0-pin-conflict-on-rock-pi-4-boards.patch new file mode 100644 index 00000000000..8bd9bbf6cf9 --- /dev/null +++ b/queue-6.5/arm64-dts-rockchip-fix-i2s0-pin-conflict-on-rock-pi-4-boards.patch @@ -0,0 +1,55 @@ +From 8cd79b729e746cb167f1563d015a93fc0a079899 Mon Sep 17 00:00:00 2001 +From: Christopher Obbard +Date: Fri, 13 Oct 2023 12:47:27 +0100 +Subject: arm64: dts: rockchip: Fix i2s0 pin conflict on ROCK Pi 4 boards + +From: Christopher Obbard + +commit 8cd79b729e746cb167f1563d015a93fc0a079899 upstream. + +Commit 91419ae0420f ("arm64: dts: rockchip: use BCLK to GPIO switch on +rk3399") modified i2s0 to switch the corresponding pins off when idle. +For the ROCK Pi 4 boards, this means that i2s0 has the following pinctrl +setting: + + pinctrl-names = "bclk_on", "bclk_off"; + pinctrl-0 = <&i2s0_2ch_bus>; + pinctrl-1 = <&i2s0_8ch_bus_bclk_off>; + +Due to this change, i2s0 fails to probe on my Radxa ROCK 4SE and ROCK Pi +4B boards: + + rockchip-pinctrl pinctrl: pin gpio3-29 already requested by leds; cannot claim for ff880000.i2s + rockchip-pinctrl pinctrl: pin-125 (ff880000.i2s) status -22 + rockchip-pinctrl pinctrl: could not request pin 125 (gpio3-29) from group i2s0-8ch-bus-bclk-off on device rockchip-pinctrl + rockchip-i2s ff880000.i2s: Error applying setting, reverse things back + rockchip-i2s ff880000.i2s: bclk disable failed -22 + +A pin requested for i2s0_8ch_bus_bclk_off has already been requested by +user_led2, so whichever driver probes first will have the pin allocated. + +The hardware uses 2-channel i2s so fix this error by setting pinctl-1 to +i2s0_2ch_bus_bclk_off which doesn't contain the pin allocated to user_led2. + +I checked the schematics for all Radxa boards based on ROCK Pi 4 and this +change is compatible with all boards. + +Fixes: 91419ae0420f ("arm64: dts: rockchip: use BCLK to GPIO switch on rk3399") +Signed-off-by: Christopher Obbard +Link: https://lore.kernel.org/r/20231013114737.494410-3-chris.obbard@collabora.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi +@@ -493,6 +493,7 @@ + + &i2s0 { + pinctrl-0 = <&i2s0_2ch_bus>; ++ pinctrl-1 = <&i2s0_2ch_bus_bclk_off>; + rockchip,capture-channels = <2>; + rockchip,playback-channels = <2>; + status = "okay"; diff --git a/queue-6.5/arm64-dts-rockchip-set-codec-system-clock-fixed-on-px30-ringneck-haikou.patch b/queue-6.5/arm64-dts-rockchip-set-codec-system-clock-fixed-on-px30-ringneck-haikou.patch new file mode 100644 index 00000000000..996269e652c --- /dev/null +++ b/queue-6.5/arm64-dts-rockchip-set-codec-system-clock-fixed-on-px30-ringneck-haikou.patch @@ -0,0 +1,56 @@ +From 1e585cd0aad3d491938230318d6d479f09589fd8 Mon Sep 17 00:00:00 2001 +From: Jakob Unterwurzacher +Date: Thu, 7 Sep 2023 17:17:16 +0200 +Subject: arm64: dts: rockchip: set codec system-clock-fixed on px30-ringneck-haikou +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Jakob Unterwurzacher + +commit 1e585cd0aad3d491938230318d6d479f09589fd8 upstream. + +Having sgtl5000_clk defines as "fixed-clock" is not enough to prevent +the dai subsystem from overwriting the frequency via sgtl5000_set_dai_sysclk. + +Setting system-clock-fixed does the job, and now a 1kHz sine wave +comes out as actually 1kHz, no matter the sample rate of the source. + +Testcase: These should sound the same: + + speaker-test -r 48000 -t sine -f 1000 + speaker-test -r 24000 -t sine -f 1000 + +Also remove the clock link here as having it in sgtl5000 and +sgtl5000_codec causes duplicate clock unprepares with associated +backtrace. + +Cc: stable@vger.kernel.org +Fixes: c484cf93f61b ("arm64: dts: rockchip: add PX30-µQ7 (Ringneck) SoM with Haikou baseboard") +Signed-off-by: Jakob Unterwurzacher +Link: https://lore.kernel.org/r/20230907151725.198347-2-jakob.unterwurzacher@theobroma-systems.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts b/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts +index 8792fae50257..de0a1f2af983 100644 +--- a/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts ++++ b/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts +@@ -72,8 +72,10 @@ i2s0-sound { + simple-audio-card,bitclock-master = <&sgtl5000_codec>; + + sgtl5000_codec: simple-audio-card,codec { +- clocks = <&sgtl5000_clk>; + sound-dai = <&sgtl5000>; ++ // Prevent the dai subsystem from overwriting the clock ++ // frequency. We are using a fixed-frequency oscillator. ++ system-clock-fixed; + }; + + simple-audio-card,cpu { +-- +2.42.0 + diff --git a/queue-6.5/arm64-dts-rockchip-use-codec-as-clock-master-on-px30-ringneck-haikou.patch b/queue-6.5/arm64-dts-rockchip-use-codec-as-clock-master-on-px30-ringneck-haikou.patch new file mode 100644 index 00000000000..7e516784a2f --- /dev/null +++ b/queue-6.5/arm64-dts-rockchip-use-codec-as-clock-master-on-px30-ringneck-haikou.patch @@ -0,0 +1,63 @@ +From 84fa1865edbb3800f3344e2a5bc73c187adf42d0 Mon Sep 17 00:00:00 2001 +From: Ermin Sunj +Date: Thu, 7 Sep 2023 17:17:15 +0200 +Subject: arm64: dts: rockchip: use codec as clock master on px30-ringneck-haikou +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Ermin Sunj + +commit 84fa1865edbb3800f3344e2a5bc73c187adf42d0 upstream. + +If the codec is not the clock master, the MCLK needs to be +synchronous to both I2S_SCL ans I2S_LRCLK. We do not have that +on Haikou, causing distorted audio. + +Before: + + Running an audio test script on Ringneck, 1kHz + output sine wave is not stable and shows distortion. + +After: + + 10h audio test script loop failed only one time. + That is 0.00014% failure rate. + +Cc: stable@vger.kernel.org +Fixes: c484cf93f61b ("arm64: dts: rockchip: add PX30-µQ7 (Ringneck) SoM with Haikou baseboard") +Signed-off-by: Ermin Sunj +Signed-off-by: Jakob Unterwurzacher +Link: https://lore.kernel.org/r/20230907151725.198347-1-jakob.unterwurzacher@theobroma-systems.com +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts b/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts +index 08a3ad3e7ae9..8792fae50257 100644 +--- a/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts ++++ b/arch/arm64/boot/dts/rockchip/px30-ringneck-haikou.dts +@@ -68,15 +68,15 @@ i2s0-sound { + simple-audio-card,format = "i2s"; + simple-audio-card,name = "Haikou,I2S-codec"; + simple-audio-card,mclk-fs = <512>; ++ simple-audio-card,frame-master = <&sgtl5000_codec>; ++ simple-audio-card,bitclock-master = <&sgtl5000_codec>; + +- simple-audio-card,codec { ++ sgtl5000_codec: simple-audio-card,codec { + clocks = <&sgtl5000_clk>; + sound-dai = <&sgtl5000>; + }; + + simple-audio-card,cpu { +- bitclock-master; +- frame-master; + sound-dai = <&i2s0_8ch>; + }; + }; +-- +2.42.0 + diff --git a/queue-6.5/drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch b/queue-6.5/drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch new file mode 100644 index 00000000000..e584849be29 --- /dev/null +++ b/queue-6.5/drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch @@ -0,0 +1,39 @@ +From 64ffd2f1d00c6235dabe9704bbb0d9ce3e28147f Mon Sep 17 00:00:00 2001 +From: Mario Limonciello +Date: Fri, 20 Oct 2023 10:26:29 -0500 +Subject: drm/amd: Disable ASPM for VI w/ all Intel systems + +From: Mario Limonciello + +commit 64ffd2f1d00c6235dabe9704bbb0d9ce3e28147f upstream. + +Originally we were quirking ASPM disabled specifically for VI when +used with Alder Lake, but it appears to have problems with Rocket +Lake as well. + +Like we've done in the case of dpm for newer platforms, disable +ASPM for all Intel systems. + +Cc: stable@vger.kernel.org # 5.15+ +Fixes: 0064b0ce85bb ("drm/amd/pm: enable ASPM by default") +Reported-and-tested-by: Paolo Gentili +Closes: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2036742 +Signed-off-by: Mario Limonciello +Reviewed-by: Alex Deucher +Signed-off-by: Alex Deucher +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/amdgpu/vi.c ++++ b/drivers/gpu/drm/amd/amdgpu/vi.c +@@ -1124,7 +1124,7 @@ static void vi_program_aspm(struct amdgp + bool bL1SS = false; + bool bClkReqSupport = true; + +- if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_aspm_support_quirk()) ++ if (!amdgpu_device_should_use_aspm(adev) || !amdgpu_device_pcie_dynamic_switching_supported()) + return; + + if (adev->flags & AMD_IS_APU || diff --git a/queue-6.5/drm-dp_mst-fix-null-deref-in-get_mst_branch_device_by_guid_helper.patch b/queue-6.5/drm-dp_mst-fix-null-deref-in-get_mst_branch_device_by_guid_helper.patch new file mode 100644 index 00000000000..73a0c59b495 --- /dev/null +++ b/queue-6.5/drm-dp_mst-fix-null-deref-in-get_mst_branch_device_by_guid_helper.patch @@ -0,0 +1,67 @@ +From 3d887d512494d678b17c57b835c32f4e48d34f26 Mon Sep 17 00:00:00 2001 +From: Lukasz Majczak +Date: Fri, 22 Sep 2023 08:34:10 +0200 +Subject: drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() + +From: Lukasz Majczak + +commit 3d887d512494d678b17c57b835c32f4e48d34f26 upstream. + +As drm_dp_get_mst_branch_device_by_guid() is called from +drm_dp_get_mst_branch_device_by_guid(), mstb parameter has to be checked, +otherwise NULL dereference may occur in the call to +the memcpy() and cause following: + +[12579.365869] BUG: kernel NULL pointer dereference, address: 0000000000000049 +[12579.365878] #PF: supervisor read access in kernel mode +[12579.365880] #PF: error_code(0x0000) - not-present page +[12579.365882] PGD 0 P4D 0 +[12579.365887] Oops: 0000 [#1] PREEMPT SMP NOPTI +... +[12579.365895] Workqueue: events_long drm_dp_mst_up_req_work +[12579.365899] RIP: 0010:memcmp+0xb/0x29 +[12579.365921] Call Trace: +[12579.365927] get_mst_branch_device_by_guid_helper+0x22/0x64 +[12579.365930] drm_dp_mst_up_req_work+0x137/0x416 +[12579.365933] process_one_work+0x1d0/0x419 +[12579.365935] worker_thread+0x11a/0x289 +[12579.365938] kthread+0x13e/0x14f +[12579.365941] ? process_one_work+0x419/0x419 +[12579.365943] ? kthread_blkcg+0x31/0x31 +[12579.365946] ret_from_fork+0x1f/0x30 + +As get_mst_branch_device_by_guid_helper() is recursive, moving condition +to the first line allow to remove a similar one for step over of NULL elements +inside a loop. + +Fixes: 5e93b8208d3c ("drm/dp/mst: move GUID storage from mgr, port to only mst branch") +Cc: # 4.14+ +Signed-off-by: Lukasz Majczak +Reviewed-by: Radoslaw Biernacki +Signed-off-by: Manasi Navare +Link: https://patchwork.freedesktop.org/patch/msgid/20230922063410.23626-1-lma@semihalf.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/display/drm_dp_mst_topology.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/gpu/drm/display/drm_dp_mst_topology.c ++++ b/drivers/gpu/drm/display/drm_dp_mst_topology.c +@@ -2574,14 +2574,14 @@ static struct drm_dp_mst_branch *get_mst + struct drm_dp_mst_branch *found_mstb; + struct drm_dp_mst_port *port; + ++ if (!mstb) ++ return NULL; ++ + if (memcmp(mstb->guid, guid, 16) == 0) + return mstb; + + + list_for_each_entry(port, &mstb->ports, next) { +- if (!port->mstb) +- continue; +- + found_mstb = get_mst_branch_device_by_guid_helper(port->mstb, guid); + + if (found_mstb) diff --git a/queue-6.5/drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch b/queue-6.5/drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch new file mode 100644 index 00000000000..c0b217ac9fc --- /dev/null +++ b/queue-6.5/drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch @@ -0,0 +1,59 @@ +From 4cbed7702eb775cca22fff6827a549092cb59f61 Mon Sep 17 00:00:00 2001 +From: Umesh Nerlige Ramappa +Date: Fri, 20 Oct 2023 08:24:41 -0700 +Subject: drm/i915/pmu: Check if pmu is closed before stopping event + +From: Umesh Nerlige Ramappa + +commit 4cbed7702eb775cca22fff6827a549092cb59f61 upstream. + +When the driver unbinds, pmu is unregistered and i915->uabi_engines is +set to RB_ROOT. Due to this, when i915 PMU tries to stop the engine +events, it issues a warn_on because engine lookup fails. + +All perf hooks are taking care of this using a pmu->closed flag that is +set when PMU unregisters. The stop event seems to have been left out. + +Check for pmu->closed in pmu_event_stop as well. + +Based on discussion here - +https://patchwork.freedesktop.org/patch/492079/?series=105790&rev=2 + +v2: s/is/if/ in commit title +v3: Add fixes tag and cc stable + +Cc: # v5.11+ +Fixes: b00bccb3f0bb ("drm/i915/pmu: Handle PCI unbind") +Signed-off-by: Umesh Nerlige Ramappa +Reviewed-by: Tvrtko Ursulin +Reviewed-by: Andi Shyti +Signed-off-by: Andi Shyti +Link: https://patchwork.freedesktop.org/patch/msgid/20231020152441.3764850-1-umesh.nerlige.ramappa@intel.com +(cherry picked from commit 31f6a06f0c543b43a38fab10f39e5fc45ad62aa2) +Signed-off-by: Rodrigo Vivi +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/i915_pmu.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/drivers/gpu/drm/i915/i915_pmu.c ++++ b/drivers/gpu/drm/i915/i915_pmu.c +@@ -832,9 +832,18 @@ static void i915_pmu_event_start(struct + + static void i915_pmu_event_stop(struct perf_event *event, int flags) + { ++ struct drm_i915_private *i915 = ++ container_of(event->pmu, typeof(*i915), pmu.base); ++ struct i915_pmu *pmu = &i915->pmu; ++ ++ if (pmu->closed) ++ goto out; ++ + if (flags & PERF_EF_UPDATE) + i915_pmu_event_read(event); + i915_pmu_disable(event); ++ ++out: + event->hw.state = PERF_HES_STOPPED; + } + diff --git a/queue-6.5/hugetlbfs-clear-resv_map-pointer-if-mmap-fails.patch b/queue-6.5/hugetlbfs-clear-resv_map-pointer-if-mmap-fails.patch new file mode 100644 index 00000000000..c6206e62be0 --- /dev/null +++ b/queue-6.5/hugetlbfs-clear-resv_map-pointer-if-mmap-fails.patch @@ -0,0 +1,87 @@ +From 92fe9dcbe4e109a7ce6bab3e452210a35b0ab493 Mon Sep 17 00:00:00 2001 +From: Rik van Riel +Date: Thu, 5 Oct 2023 23:59:06 -0400 +Subject: hugetlbfs: clear resv_map pointer if mmap fails + +From: Rik van Riel + +commit 92fe9dcbe4e109a7ce6bab3e452210a35b0ab493 upstream. + +Patch series "hugetlbfs: close race between MADV_DONTNEED and page fault", v7. + +Malloc libraries, like jemalloc and tcalloc, take decisions on when to +call madvise independently from the code in the main application. + +This sometimes results in the application page faulting on an address, +right after the malloc library has shot down the backing memory with +MADV_DONTNEED. + +Usually this is harmless, because we always have some 4kB pages sitting +around to satisfy a page fault. However, with hugetlbfs systems often +allocate only the exact number of huge pages that the application wants. + +Due to TLB batching, hugetlbfs MADV_DONTNEED will free pages outside of +any lock taken on the page fault path, which can open up the following +race condition: + + CPU 1 CPU 2 + + MADV_DONTNEED + unmap page + shoot down TLB entry + page fault + fail to allocate a huge page + killed with SIGBUS + free page + +Fix that race by extending the hugetlb_vma_lock locking scheme to also +cover private hugetlb mappings (with resv_map), and pulling the locking +from __unmap_hugepage_final_range into helper functions called from +zap_page_range_single. This ensures page faults stay locked out of the +MADV_DONTNEED VMA until the huge pages have actually been freed. + + +This patch (of 3): + +Hugetlbfs leaves a dangling pointer in the VMA if mmap fails. This has +not been a problem so far, but other code in this patch series tries to +follow that pointer. + +Link: https://lkml.kernel.org/r/20231006040020.3677377-1-riel@surriel.com +Link: https://lkml.kernel.org/r/20231006040020.3677377-2-riel@surriel.com +Fixes: 04ada095dcfc ("hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing") +Signed-off-by: Mike Kravetz +Signed-off-by: Rik van Riel +Cc: Matthew Wilcox (Oracle) +Cc: Muchun Song +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/hugetlb.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -1132,8 +1132,7 @@ static void set_vma_resv_map(struct vm_a + VM_BUG_ON_VMA(!is_vm_hugetlb_page(vma), vma); + VM_BUG_ON_VMA(vma->vm_flags & VM_MAYSHARE, vma); + +- set_vma_private_data(vma, (get_vma_private_data(vma) & +- HPAGE_RESV_MASK) | (unsigned long)map); ++ set_vma_private_data(vma, (unsigned long)map); + } + + static void set_vma_resv_flags(struct vm_area_struct *vma, unsigned long flags) +@@ -7015,8 +7014,10 @@ out_err: + */ + if (chg >= 0 && add < 0) + region_abort(resv_map, from, to, regions_needed); +- if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) ++ if (vma && is_vma_resv_set(vma, HPAGE_RESV_OWNER)) { + kref_put(&resv_map->refs, resv_map_release); ++ set_vma_resv_map(vma, NULL); ++ } + return false; + } + diff --git a/queue-6.5/hugetlbfs-extend-hugetlb_vma_lock-to-private-vmas.patch b/queue-6.5/hugetlbfs-extend-hugetlb_vma_lock-to-private-vmas.patch new file mode 100644 index 00000000000..7315fb7d4bb --- /dev/null +++ b/queue-6.5/hugetlbfs-extend-hugetlb_vma_lock-to-private-vmas.patch @@ -0,0 +1,159 @@ +From bf4916922c60f43efaa329744b3eef539aa6a2b2 Mon Sep 17 00:00:00 2001 +From: Rik van Riel +Date: Thu, 5 Oct 2023 23:59:07 -0400 +Subject: hugetlbfs: extend hugetlb_vma_lock to private VMAs + +From: Rik van Riel + +commit bf4916922c60f43efaa329744b3eef539aa6a2b2 upstream. + +Extend the locking scheme used to protect shared hugetlb mappings from +truncate vs page fault races, in order to protect private hugetlb mappings +(with resv_map) against MADV_DONTNEED. + +Add a read-write semaphore to the resv_map data structure, and use that +from the hugetlb_vma_(un)lock_* functions, in preparation for closing the +race between MADV_DONTNEED and page faults. + +Link: https://lkml.kernel.org/r/20231006040020.3677377-3-riel@surriel.com +Fixes: 04ada095dcfc ("hugetlb: don't delete vma_lock in hugetlb MADV_DONTNEED processing") +Signed-off-by: Rik van Riel +Reviewed-by: Mike Kravetz +Cc: Matthew Wilcox (Oracle) +Cc: Muchun Song +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + include/linux/hugetlb.h | 6 ++++++ + mm/hugetlb.c | 41 +++++++++++++++++++++++++++++++++++++---- + 2 files changed, 43 insertions(+), 4 deletions(-) + +--- a/include/linux/hugetlb.h ++++ b/include/linux/hugetlb.h +@@ -58,6 +58,7 @@ struct resv_map { + long adds_in_progress; + struct list_head region_cache; + long region_cache_count; ++ struct rw_semaphore rw_sema; + #ifdef CONFIG_CGROUP_HUGETLB + /* + * On private mappings, the counter to uncharge reservations is stored +@@ -1245,6 +1246,11 @@ static inline bool __vma_shareable_lock( + return (vma->vm_flags & VM_MAYSHARE) && vma->vm_private_data; + } + ++static inline bool __vma_private_lock(struct vm_area_struct *vma) ++{ ++ return (!(vma->vm_flags & VM_MAYSHARE)) && vma->vm_private_data; ++} ++ + /* + * Safe version of huge_pte_offset() to check the locks. See comments + * above huge_pte_offset(). +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -96,6 +96,7 @@ static void hugetlb_vma_lock_alloc(struc + static void __hugetlb_vma_unlock_write_free(struct vm_area_struct *vma); + static void hugetlb_unshare_pmds(struct vm_area_struct *vma, + unsigned long start, unsigned long end); ++static struct resv_map *vma_resv_map(struct vm_area_struct *vma); + + static inline bool subpool_is_free(struct hugepage_subpool *spool) + { +@@ -266,6 +267,10 @@ void hugetlb_vma_lock_read(struct vm_are + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + down_read(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ down_read(&resv_map->rw_sema); + } + } + +@@ -275,6 +280,10 @@ void hugetlb_vma_unlock_read(struct vm_a + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + up_read(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ up_read(&resv_map->rw_sema); + } + } + +@@ -284,6 +293,10 @@ void hugetlb_vma_lock_write(struct vm_ar + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + down_write(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ down_write(&resv_map->rw_sema); + } + } + +@@ -293,17 +306,27 @@ void hugetlb_vma_unlock_write(struct vm_ + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + up_write(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ up_write(&resv_map->rw_sema); + } + } + + int hugetlb_vma_trylock_write(struct vm_area_struct *vma) + { +- struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + +- if (!__vma_shareable_lock(vma)) +- return 1; ++ if (__vma_shareable_lock(vma)) { ++ struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + +- return down_write_trylock(&vma_lock->rw_sema); ++ return down_write_trylock(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ return down_write_trylock(&resv_map->rw_sema); ++ } ++ ++ return 1; + } + + void hugetlb_vma_assert_locked(struct vm_area_struct *vma) +@@ -312,6 +335,10 @@ void hugetlb_vma_assert_locked(struct vm + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + lockdep_assert_held(&vma_lock->rw_sema); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ lockdep_assert_held(&resv_map->rw_sema); + } + } + +@@ -344,6 +371,11 @@ static void __hugetlb_vma_unlock_write_f + struct hugetlb_vma_lock *vma_lock = vma->vm_private_data; + + __hugetlb_vma_unlock_write_put(vma_lock); ++ } else if (__vma_private_lock(vma)) { ++ struct resv_map *resv_map = vma_resv_map(vma); ++ ++ /* no free for anon vmas, but still need to unlock */ ++ up_write(&resv_map->rw_sema); + } + } + +@@ -1062,6 +1094,7 @@ struct resv_map *resv_map_alloc(void) + kref_init(&resv_map->refs); + spin_lock_init(&resv_map->lock); + INIT_LIST_HEAD(&resv_map->regions); ++ init_rwsem(&resv_map->rw_sema); + + resv_map->adds_in_progress = 0; + /* diff --git a/queue-6.5/i40e-sync-next_to_clean-and-next_to_process-for-programming-status-desc.patch b/queue-6.5/i40e-sync-next_to_clean-and-next_to_process-for-programming-status-desc.patch new file mode 100644 index 00000000000..b375d7e8e02 --- /dev/null +++ b/queue-6.5/i40e-sync-next_to_clean-and-next_to_process-for-programming-status-desc.patch @@ -0,0 +1,63 @@ +From 068d8b75c1aee153193522211ace6c13c21cd16b Mon Sep 17 00:00:00 2001 +From: Tirthendu Sarkar +Date: Thu, 19 Oct 2023 13:38:52 -0700 +Subject: i40e: sync next_to_clean and next_to_process for programming status desc +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Tirthendu Sarkar + +commit 068d8b75c1aee153193522211ace6c13c21cd16b upstream. + +When a programming status desc is encountered on the rx_ring, +next_to_process is bumped along with cleaned_count but next_to_clean is +not. This causes I40E_DESC_UNUSED() macro to misbehave resulting in +overwriting whole ring with new buffers. + +Update next_to_clean to point to next_to_process on seeing a programming +status desc if not in the middle of handling a multi-frag packet. Also, +bump cleaned_count only for such case as otherwise next_to_clean buffer +may be returned to hardware on reaching clean_threshold. + +Fixes: e9031f2da1ae ("i40e: introduce next_to_process to i40e_ring") +Suggested-by: Maciej Fijalkowski +Reported-by: hq.dev+kernel@msdfc.xyz +Reported by: Solomon Peachy +Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217678 +Tested-by: hq.dev+kernel@msdfc.xyz +Tested by: Indrek Järve +Signed-off-by: Tirthendu Sarkar +Tested-by: Arpana Arland (A Contingent worker at Intel) +Signed-off-by: Jacob Keller +Acked-by: Maciej Fijalkowski +Link: https://lore.kernel.org/r/20231019203852.3663665-1-jacob.e.keller@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/intel/i40e/i40e_txrx.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/intel/i40e/i40e_txrx.c b/drivers/net/ethernet/intel/i40e/i40e_txrx.c +index 0b3a27f118fb..50c70a8e470a 100644 +--- a/drivers/net/ethernet/intel/i40e/i40e_txrx.c ++++ b/drivers/net/ethernet/intel/i40e/i40e_txrx.c +@@ -2544,7 +2544,14 @@ static int i40e_clean_rx_irq(struct i40e_ring *rx_ring, int budget, + rx_buffer = i40e_rx_bi(rx_ring, ntp); + i40e_inc_ntp(rx_ring); + i40e_reuse_rx_page(rx_ring, rx_buffer); +- cleaned_count++; ++ /* Update ntc and bump cleaned count if not in the ++ * middle of mb packet. ++ */ ++ if (rx_ring->next_to_clean == ntp) { ++ rx_ring->next_to_clean = ++ rx_ring->next_to_process; ++ cleaned_count++; ++ } + continue; + } + +-- +2.42.0 + diff --git a/queue-6.5/maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch b/queue-6.5/maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch new file mode 100644 index 00000000000..6c38b60f134 --- /dev/null +++ b/queue-6.5/maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch @@ -0,0 +1,213 @@ +From 099d7439ce03d0e7bc8f0c3d7878b562f3a48d3d Mon Sep 17 00:00:00 2001 +From: "Liam R. Howlett" +Date: Thu, 12 Oct 2023 11:52:33 -0400 +Subject: maple_tree: add GFP_KERNEL to allocations in mas_expected_entries() + +From: Liam R. Howlett + +commit 099d7439ce03d0e7bc8f0c3d7878b562f3a48d3d upstream. + +Users complained about OOM errors during fork without triggering +compaction. This can be fixed by modifying the flags used in +mas_expected_entries() so that the compaction will be triggered in low +memory situations. Since mas_expected_entries() is only used during fork, +the extra argument does not need to be passed through. + +Additionally, the two test_maple_tree test cases and one benchmark test +were altered to use the correct locking type so that allocations would not +trigger sleeping and thus fail. Testing was completed with lockdep atomic +sleep detection. + +The additional locking change requires rwsem support additions to the +tools/ directory through the use of pthreads pthread_rwlock_t. With this +change test_maple_tree works in userspace, as a module, and in-kernel. + +Users may notice that the system gave up early on attempting to start new +processes instead of attempting to reclaim memory. + +Link: https://lkml.kernel.org/r/20230915093243epcms1p46fa00bbac1ab7b7dca94acb66c44c456@epcms1p4 +Link: https://lkml.kernel.org/r/20231012155233.2272446-1-Liam.Howlett@oracle.com +Fixes: 54a611b60590 ("Maple Tree: add new data structure") +Signed-off-by: Liam R. Howlett +Reviewed-by: Peng Zhang +Cc: +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + lib/maple_tree.c | 2 +- + lib/test_maple_tree.c | 35 ++++++++++++++++++++++++----------- + tools/include/linux/rwsem.h | 40 ++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 65 insertions(+), 12 deletions(-) + create mode 100644 tools/include/linux/rwsem.h + +--- a/lib/maple_tree.c ++++ b/lib/maple_tree.c +@@ -5729,7 +5729,7 @@ int mas_expected_entries(struct ma_state + /* Internal nodes */ + nr_nodes += DIV_ROUND_UP(nr_nodes, nonleaf_cap); + /* Add working room for split (2 nodes) + new parents */ +- mas_node_count(mas, nr_nodes + 3); ++ mas_node_count_gfp(mas, nr_nodes + 3, GFP_KERNEL); + + /* Detect if allocations run out */ + mas->mas_flags |= MA_STATE_PREALLOC; +--- a/lib/test_maple_tree.c ++++ b/lib/test_maple_tree.c +@@ -9,6 +9,7 @@ + + #include + #include ++#include + + #define MTREE_ALLOC_MAX 0x2000000000000Ul + #define CONFIG_MAPLE_SEARCH +@@ -1714,17 +1715,21 @@ static noinline void __init check_forkin + void *val; + MA_STATE(mas, mt, 0, 0); + MA_STATE(newmas, mt, 0, 0); ++ struct rw_semaphore newmt_lock; ++ ++ init_rwsem(&newmt_lock); + + for (i = 0; i <= nr_entries; i++) + mtree_store_range(mt, i*10, i*10 + 5, + xa_mk_value(i), GFP_KERNEL); + + mt_set_non_kernel(99999); +- mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE); ++ mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN); ++ mt_set_external_lock(&newmt, &newmt_lock); + newmas.tree = &newmt; + mas_reset(&newmas); + mas_reset(&mas); +- mas_lock(&newmas); ++ down_write(&newmt_lock); + mas.index = 0; + mas.last = 0; + if (mas_expected_entries(&newmas, nr_entries)) { +@@ -1739,10 +1744,10 @@ static noinline void __init check_forkin + } + rcu_read_unlock(); + mas_destroy(&newmas); +- mas_unlock(&newmas); + mt_validate(&newmt); + mt_set_non_kernel(0); +- mtree_destroy(&newmt); ++ __mt_destroy(&newmt); ++ up_write(&newmt_lock); + } + + static noinline void __init check_iteration(struct maple_tree *mt) +@@ -1853,6 +1858,10 @@ static noinline void __init bench_forkin + void *val; + MA_STATE(mas, mt, 0, 0); + MA_STATE(newmas, mt, 0, 0); ++ struct rw_semaphore newmt_lock; ++ ++ init_rwsem(&newmt_lock); ++ mt_set_external_lock(&newmt, &newmt_lock); + + for (i = 0; i <= nr_entries; i++) + mtree_store_range(mt, i*10, i*10 + 5, +@@ -1867,7 +1876,7 @@ static noinline void __init bench_forkin + mas.index = 0; + mas.last = 0; + rcu_read_lock(); +- mas_lock(&newmas); ++ down_write(&newmt_lock); + if (mas_expected_entries(&newmas, nr_entries)) { + printk("OOM!"); + BUG_ON(1); +@@ -1878,11 +1887,11 @@ static noinline void __init bench_forkin + mas_store(&newmas, val); + } + mas_destroy(&newmas); +- mas_unlock(&newmas); + rcu_read_unlock(); + mt_validate(&newmt); + mt_set_non_kernel(0); +- mtree_destroy(&newmt); ++ __mt_destroy(&newmt); ++ up_write(&newmt_lock); + } + } + #endif +@@ -2489,6 +2498,10 @@ static noinline void __init check_dup_ga + void *tmp; + MA_STATE(mas, mt, 0, 0); + MA_STATE(newmas, &newmt, 0, 0); ++ struct rw_semaphore newmt_lock; ++ ++ init_rwsem(&newmt_lock); ++ mt_set_external_lock(&newmt, &newmt_lock); + + if (!zero_start) + i = 1; +@@ -2498,9 +2511,9 @@ static noinline void __init check_dup_ga + mtree_store_range(mt, i*10, (i+1)*10 - gap, + xa_mk_value(i), GFP_KERNEL); + +- mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE); ++ mt_init_flags(&newmt, MT_FLAGS_ALLOC_RANGE | MT_FLAGS_LOCK_EXTERN); + mt_set_non_kernel(99999); +- mas_lock(&newmas); ++ down_write(&newmt_lock); + ret = mas_expected_entries(&newmas, nr_entries); + mt_set_non_kernel(0); + MT_BUG_ON(mt, ret != 0); +@@ -2513,9 +2526,9 @@ static noinline void __init check_dup_ga + } + rcu_read_unlock(); + mas_destroy(&newmas); +- mas_unlock(&newmas); + +- mtree_destroy(&newmt); ++ __mt_destroy(&newmt); ++ up_write(&newmt_lock); + } + + /* Duplicate many sizes of trees. Mainly to test expected entry values */ +--- /dev/null ++++ b/tools/include/linux/rwsem.h +@@ -0,0 +1,40 @@ ++/* SPDX-License-Identifier: GPL-2.0+ */ ++#ifndef _TOOLS__RWSEM_H ++#define _TOOLS__RWSEM_H ++ ++#include ++ ++struct rw_semaphore { ++ pthread_rwlock_t lock; ++}; ++ ++static inline int init_rwsem(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_init(&sem->lock, NULL); ++} ++ ++static inline int exit_rwsem(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_destroy(&sem->lock); ++} ++ ++static inline int down_read(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_rdlock(&sem->lock); ++} ++ ++static inline int up_read(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_unlock(&sem->lock); ++} ++ ++static inline int down_write(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_wrlock(&sem->lock); ++} ++ ++static inline int up_write(struct rw_semaphore *sem) ++{ ++ return pthread_rwlock_unlock(&sem->lock); ++} ++#endif /* _TOOLS_RWSEM_H */ diff --git a/queue-6.5/mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch b/queue-6.5/mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch new file mode 100644 index 00000000000..56efdacb909 --- /dev/null +++ b/queue-6.5/mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch @@ -0,0 +1,46 @@ +From e0f81ab1e4f42ffece6440dc78f583eb352b9a71 Mon Sep 17 00:00:00 2001 +From: Sebastian Ott +Date: Fri, 29 Sep 2023 10:19:41 -0700 +Subject: mm: fix vm_brk_flags() to not bail out while holding lock + +From: Sebastian Ott + +commit e0f81ab1e4f42ffece6440dc78f583eb352b9a71 upstream. + +Calling vm_brk_flags() with flags set other than VM_EXEC will exit the +function without releasing the mmap_write_lock. + +Just do the sanity check before the lock is acquired. This doesn't fix an +actual issue since no caller sets a flag other than VM_EXEC. + +Link: https://lkml.kernel.org/r/20230929171937.work.697-kees@kernel.org +Fixes: 2e7ce7d354f2 ("mm/mmap: change do_brk_flags() to expand existing VMA and add do_brk_munmap()") +Signed-off-by: Sebastian Ott +Signed-off-by: Kees Cook +Reviewed-by: Liam R. Howlett +Cc: Yu Zhao +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/mmap.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/mm/mmap.c ++++ b/mm/mmap.c +@@ -3136,13 +3136,13 @@ int vm_brk_flags(unsigned long addr, uns + if (!len) + return 0; + +- if (mmap_write_lock_killable(mm)) +- return -EINTR; +- + /* Until we need other flags, refuse anything except VM_EXEC. */ + if ((flags & (~VM_EXEC)) != 0) + return -EINVAL; + ++ if (mmap_write_lock_killable(mm)) ++ return -EINTR; ++ + ret = check_brk_limits(addr, len); + if (ret) + goto limits_failed; diff --git a/queue-6.5/mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch b/queue-6.5/mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch new file mode 100644 index 00000000000..e535e1290bf --- /dev/null +++ b/queue-6.5/mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch @@ -0,0 +1,46 @@ +From 51f625377561e5b167da2db5aafb7ee268f691c5 Mon Sep 17 00:00:00 2001 +From: "Liam R. Howlett" +Date: Thu, 28 Sep 2023 13:24:32 -0400 +Subject: mm/mempolicy: fix set_mempolicy_home_node() previous VMA pointer + +From: Liam R. Howlett + +commit 51f625377561e5b167da2db5aafb7ee268f691c5 upstream. + +The two users of mbind_range() are expecting that mbind_range() will +update the pointer to the previous VMA, or return an error. However, +set_mempolicy_home_node() does not call mbind_range() if there is no VMA +policy. The fix is to update the pointer to the previous VMA prior to +continuing iterating the VMAs when there is no policy. + +Users may experience a WARN_ON() during VMA policy updates when updating +a range of VMAs on the home node. + +Link: https://lkml.kernel.org/r/20230928172432.2246534-1-Liam.Howlett@oracle.com +Link: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HGJsmLcUuwQ@mail.gmail.com/ +Fixes: f4e9e0e69468 ("mm/mempolicy: fix use-after-free of VMA iterator") +Signed-off-by: Liam R. Howlett +Reported-by: Yikebaer Aizezi +Closes: https://lore.kernel.org/linux-mm/CALcu4rbT+fMVNaO_F2izaCT+e7jzcAciFkOvk21HGJsmLcUuwQ@mail.gmail.com/ +Reviewed-by: Lorenzo Stoakes +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/mempolicy.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/mm/mempolicy.c ++++ b/mm/mempolicy.c +@@ -1543,8 +1543,10 @@ SYSCALL_DEFINE4(set_mempolicy_home_node, + * the home node for vmas we already updated before. + */ + old = vma_policy(vma); +- if (!old) ++ if (!old) { ++ prev = vma; + continue; ++ } + if (old->mode != MPOL_BIND && old->mode != MPOL_PREFERRED_MANY) { + err = -EOPNOTSUPP; + break; diff --git a/queue-6.5/mm-migrate-fix-do_pages_move-for-compat-pointers.patch b/queue-6.5/mm-migrate-fix-do_pages_move-for-compat-pointers.patch new file mode 100644 index 00000000000..34594a863e0 --- /dev/null +++ b/queue-6.5/mm-migrate-fix-do_pages_move-for-compat-pointers.patch @@ -0,0 +1,74 @@ +From 229e2253766c7cdfe024f1fe280020cc4711087c Mon Sep 17 00:00:00 2001 +From: Gregory Price +Date: Tue, 3 Oct 2023 10:48:56 -0400 +Subject: mm/migrate: fix do_pages_move for compat pointers + +From: Gregory Price + +commit 229e2253766c7cdfe024f1fe280020cc4711087c upstream. + +do_pages_move does not handle compat pointers for the page list. +correctly. Add in_compat_syscall check and appropriate get_user fetch +when iterating the page list. + +It makes the syscall in compat mode (32-bit userspace, 64-bit kernel) +work the same way as the native 32-bit syscall again, restoring the +behavior before my broken commit 5b1b561ba73c ("mm: simplify +compat_sys_move_pages"). + +More specifically, my patch moved the parsing of the 'pages' array from +the main entry point into do_pages_stat(), which left the syscall +working correctly for the 'stat' operation (nodes = NULL), while the +'move' operation (nodes != NULL) is now missing the conversion and +interprets 'pages' as an array of 64-bit pointers instead of the +intended 32-bit userspace pointers. + +It is possible that nobody noticed this bug because the few +applications that actually call move_pages are unlikely to run in +compat mode because of their large memory requirements, but this +clearly fixes a user-visible regression and should have been caught by +ltp. + +Link: https://lkml.kernel.org/r/20231003144857.752952-1-gregory.price@memverge.com +Fixes: 5b1b561ba73c ("mm: simplify compat_sys_move_pages") +Signed-off-by: Gregory Price +Reported-by: Arnd Bergmann +Co-developed-by: Arnd Bergmann +Cc: Jonathan Cameron +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/migrate.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/mm/migrate.c ++++ b/mm/migrate.c +@@ -2160,6 +2160,7 @@ static int do_pages_move(struct mm_struc + const int __user *nodes, + int __user *status, int flags) + { ++ compat_uptr_t __user *compat_pages = (void __user *)pages; + int current_node = NUMA_NO_NODE; + LIST_HEAD(pagelist); + int start, i; +@@ -2172,8 +2173,17 @@ static int do_pages_move(struct mm_struc + int node; + + err = -EFAULT; +- if (get_user(p, pages + i)) +- goto out_flush; ++ if (in_compat_syscall()) { ++ compat_uptr_t cp; ++ ++ if (get_user(cp, compat_pages + i)) ++ goto out_flush; ++ ++ p = compat_ptr(cp); ++ } else { ++ if (get_user(p, pages + i)) ++ goto out_flush; ++ } + if (get_user(node, nodes + i)) + goto out_flush; + diff --git a/queue-6.5/mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch b/queue-6.5/mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch new file mode 100644 index 00000000000..3ecb4f98280 --- /dev/null +++ b/queue-6.5/mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch @@ -0,0 +1,63 @@ +From 61e21cf2d2c3cc5e60e8d0a62a77e250fccda62c Mon Sep 17 00:00:00 2001 +From: Kemeng Shi +Date: Wed, 27 Sep 2023 17:44:01 +0800 +Subject: mm/page_alloc: correct start page when guard page debug is enabled + +From: Kemeng Shi + +commit 61e21cf2d2c3cc5e60e8d0a62a77e250fccda62c upstream. + +When guard page debug is enabled and set_page_guard returns success, we +miss to forward page to point to start of next split range and we will do +split unexpectedly in page range without target page. Move start page +update before set_page_guard to fix this. + +As we split to wrong target page, then splited pages are not able to merge +back to original order when target page is put back and splited pages +except target page is not usable. To be specific: + +Consider target page is the third page in buddy page with order 2. +| buddy-2 | Page | Target | Page | + +After break down to target page, we will only set first page to Guard +because of bug. +| Guard | Page | Target | Page | + +When we try put_page_back_buddy with target page, the buddy page of target +if neither guard nor buddy, Then it's not able to construct original page +with order 2 +| Guard | Page | buddy-0 | Page | + +All pages except target page is not in free list and is not usable. + +Link: https://lkml.kernel.org/r/20230927094401.68205-1-shikemeng@huaweicloud.com +Fixes: 06be6ff3d2ec ("mm,hwpoison: rework soft offline for free pages") +Signed-off-by: Kemeng Shi +Acked-by: Naoya Horiguchi +Cc: Matthew Wilcox (Oracle) +Cc: Oscar Salvador +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + mm/page_alloc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/mm/page_alloc.c ++++ b/mm/page_alloc.c +@@ -6528,6 +6528,7 @@ static void break_down_buddy_pages(struc + next_page = page; + current_buddy = page + size; + } ++ page = next_page; + + if (set_page_guard(zone, current_buddy, high, migratetype)) + continue; +@@ -6535,7 +6536,6 @@ static void break_down_buddy_pages(struc + if (current_buddy != target) { + add_to_free_list(current_buddy, zone, high, migratetype); + set_buddy_order(current_buddy, high); +- page = next_page; + } + } + } diff --git a/queue-6.5/nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch b/queue-6.5/nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch new file mode 100644 index 00000000000..5ddc59fe1fd --- /dev/null +++ b/queue-6.5/nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch @@ -0,0 +1,51 @@ +From 1aee9158bc978f91701c5992e395efbc6da2de3c Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Sat, 14 Oct 2023 21:34:40 -0400 +Subject: nfsd: lock_rename() needs both directories to live on the same fs + +From: Al Viro + +commit 1aee9158bc978f91701c5992e395efbc6da2de3c upstream. + +... checking that after lock_rename() is too late. Incidentally, +NFSv2 had no nfserr_xdev... + +Fixes: aa387d6ce153 "nfsd: fix EXDEV checking in rename" +Cc: stable@vger.kernel.org # v3.9+ +Reviewed-by: Jeff Layton +Acked-by: Chuck Lever +Tested-by: Jeff Layton +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman +--- + fs/nfsd/vfs.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/fs/nfsd/vfs.c ++++ b/fs/nfsd/vfs.c +@@ -1781,6 +1781,12 @@ nfsd_rename(struct svc_rqst *rqstp, stru + if (!flen || isdotent(fname, flen) || !tlen || isdotent(tname, tlen)) + goto out; + ++ err = (rqstp->rq_vers == 2) ? nfserr_acces : nfserr_xdev; ++ if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt) ++ goto out; ++ if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry) ++ goto out; ++ + retry: + host_err = fh_want_write(ffhp); + if (host_err) { +@@ -1812,12 +1818,6 @@ retry: + if (ndentry == trap) + goto out_dput_new; + +- host_err = -EXDEV; +- if (ffhp->fh_export->ex_path.mnt != tfhp->fh_export->ex_path.mnt) +- goto out_dput_new; +- if (ffhp->fh_export->ex_path.dentry != tfhp->fh_export->ex_path.dentry) +- goto out_dput_new; +- + if ((ndentry->d_sb->s_export_op->flags & EXPORT_OP_CLOSE_BEFORE_UNLINK) && + nfsd_has_cached_files(ndentry)) { + close_cached = true; diff --git a/queue-6.5/selftests-mm-include-mman-header-to-access-mremap_dontunmap-identifier.patch b/queue-6.5/selftests-mm-include-mman-header-to-access-mremap_dontunmap-identifier.patch new file mode 100644 index 00000000000..c9a635cc870 --- /dev/null +++ b/queue-6.5/selftests-mm-include-mman-header-to-access-mremap_dontunmap-identifier.patch @@ -0,0 +1,42 @@ +From e2de156b0d918b5ebe975577d25f9ef92379a756 Mon Sep 17 00:00:00 2001 +From: Samasth Norway Ananda +Date: Thu, 12 Oct 2023 08:52:57 -0700 +Subject: selftests/mm: include mman header to access MREMAP_DONTUNMAP identifier + +From: Samasth Norway Ananda + +commit e2de156b0d918b5ebe975577d25f9ef92379a756 upstream. + +Definition for MREMAP_DONTUNMAP is not present in glibc older than 2.32 +thus throwing an undeclared error when running make on mm. Including +linux/mman.h solves the build error for people having older glibc. + +Link: https://lkml.kernel.org/r/20231012155257.891776-1-samasth.norway.ananda@oracle.com +Fixes: 0183d777c29a ("selftests: mm: remove duplicate unneeded defines") +Signed-off-by: Samasth Norway Ananda +Reported-by: Linux Kernel Functional Testing +Closes: https://lore.kernel.org/linux-mm/CA+G9fYvV-71XqpCr_jhdDfEtN701fBdG3q+=bafaZiGwUXy_aA@mail.gmail.com/ +Tested-by: Muhammad Usama Anjum +Cc: Shuah Khan +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/mm/mremap_dontunmap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/tools/testing/selftests/mm/mremap_dontunmap.c b/tools/testing/selftests/mm/mremap_dontunmap.c +index ca2359835e75..a06e73ec8568 100644 +--- a/tools/testing/selftests/mm/mremap_dontunmap.c ++++ b/tools/testing/selftests/mm/mremap_dontunmap.c +@@ -7,6 +7,7 @@ + */ + #define _GNU_SOURCE + #include ++#include + #include + #include + #include +-- +2.42.0 + diff --git a/queue-6.5/series b/queue-6.5/series index 7a6ffa9ec21..c065f256ecf 100644 --- a/queue-6.5/series +++ b/queue-6.5/series @@ -6,3 +6,37 @@ smb3-do-not-start-laundromat-thread-when-dir-leases.patch smb-client-do-not-start-laundromat-thread-on-nohandl.patch smb-client-make-laundromat-a-delayed-worker.patch smb-client-prevent-new-fids-from-being-removed-by-la.patch +virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch +virtio-mmio-fix-memory-leak-of-vm_dev.patch +virtio-crypto-handle-config-changed-by-work-queue.patch +virtio_pci-fix-the-common-cfg-map-size.patch +vsock-virtio-initialize-the_virtio_vsock-before-using-vqs.patch +vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch +arm64-dts-qcom-apq8096-db820c-fix-missing-clock-populate.patch +arm64-dts-qcom-msm8996-xiaomi-fix-missing-clock-populate.patch +arm64-dts-rockchip-use-codec-as-clock-master-on-px30-ringneck-haikou.patch +arm64-dts-rockchip-set-codec-system-clock-fixed-on-px30-ringneck-haikou.patch +arm64-dts-qcom-sa8775p-correct-pmic-gpio-label-in-gpio-ranges.patch +arm64-dts-rockchip-add-i2s0-2ch-bus-bclk-off-pins-to-rk3399.patch +arm64-dts-rockchip-fix-i2s0-pin-conflict-on-rock-pi-4-boards.patch +i40e-sync-next_to_clean-and-next_to_process-for-programming-status-desc.patch +mm-fix-vm_brk_flags-to-not-bail-out-while-holding-lock.patch +hugetlbfs-clear-resv_map-pointer-if-mmap-fails.patch +mm-page_alloc-correct-start-page-when-guard-page-debug-is-enabled.patch +mm-migrate-fix-do_pages_move-for-compat-pointers.patch +selftests-mm-include-mman-header-to-access-mremap_dontunmap-identifier.patch +mm-mempolicy-fix-set_mempolicy_home_node-previous-vma-pointer.patch +hugetlbfs-extend-hugetlb_vma_lock-to-private-vmas.patch +maple_tree-add-gfp_kernel-to-allocations-in-mas_expected_entries.patch +nfsd-lock_rename-needs-both-directories-to-live-on-the-same-fs.patch +vdpa_sim_blk-fix-the-potential-leak-of-mgmt_dev.patch +vdpa-mlx5-fix-double-release-of-debugfs-entry.patch +arm-omap1-ams-delta-fix-modem-initialization-failure.patch +arm-dts-rockchip-fix-i2c0-register-address-for-rk3128.patch +arm-dts-rockchip-add-missing-arm-timer-interrupt-for-rk3128.patch +arm-dts-rockchip-add-missing-quirk-for-rk3128-s-dma-engine.patch +arm-dts-rockchip-fix-timer-clocks-for-rk3128.patch +accel-ivpu-don-t-enter-d0i3-during-flr.patch +drm-i915-pmu-check-if-pmu-is-closed-before-stopping-event.patch +drm-amd-disable-aspm-for-vi-w-all-intel-systems.patch +drm-dp_mst-fix-null-deref-in-get_mst_branch_device_by_guid_helper.patch diff --git a/queue-6.5/vdpa-mlx5-fix-double-release-of-debugfs-entry.patch b/queue-6.5/vdpa-mlx5-fix-double-release-of-debugfs-entry.patch new file mode 100644 index 00000000000..23796c2b8a5 --- /dev/null +++ b/queue-6.5/vdpa-mlx5-fix-double-release-of-debugfs-entry.patch @@ -0,0 +1,86 @@ +From f8a3db47d944a33eac1f37358db560e5aabbfbca Mon Sep 17 00:00:00 2001 +From: Dragos Tatulea +Date: Tue, 29 Aug 2023 20:40:09 +0300 +Subject: vdpa/mlx5: Fix double release of debugfs entry + +From: Dragos Tatulea + +commit f8a3db47d944a33eac1f37358db560e5aabbfbca upstream. + +The error path in setup_driver deletes the debugfs entry but doesn't +clear the pointer. During .dev_del the invalid pointer will be released +again causing a crash. + +This patch fixes the issue by always clearing the debugfs entry in +mlx5_vdpa_remove_debugfs. Also, stop removing the debugfs entry in +.dev_del op: the debugfs entry is already handled within the +setup_driver/teardown_driver scope. + +Cc: stable@vger.kernel.org +Fixes: f0417e72add5 ("vdpa/mlx5: Add and remove debugfs in setup/teardown driver") +Signed-off-by: Dragos Tatulea +Reviewed-by: Gal Pressman +Message-Id: <20230829174014.928189-2-dtatulea@nvidia.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vdpa/mlx5/net/debug.c | 5 +++-- + drivers/vdpa/mlx5/net/mlx5_vnet.c | 7 ++----- + drivers/vdpa/mlx5/net/mlx5_vnet.h | 2 +- + 3 files changed, 6 insertions(+), 8 deletions(-) + +--- a/drivers/vdpa/mlx5/net/debug.c ++++ b/drivers/vdpa/mlx5/net/debug.c +@@ -146,7 +146,8 @@ void mlx5_vdpa_add_debugfs(struct mlx5_v + ndev->rx_dent = debugfs_create_dir("rx", ndev->debugfs); + } + +-void mlx5_vdpa_remove_debugfs(struct dentry *dbg) ++void mlx5_vdpa_remove_debugfs(struct mlx5_vdpa_net *ndev) + { +- debugfs_remove_recursive(dbg); ++ debugfs_remove_recursive(ndev->debugfs); ++ ndev->debugfs = NULL; + } +--- a/drivers/vdpa/mlx5/net/mlx5_vnet.c ++++ b/drivers/vdpa/mlx5/net/mlx5_vnet.c +@@ -2758,7 +2758,7 @@ err_tir: + err_rqt: + teardown_virtqueues(ndev); + err_setup: +- mlx5_vdpa_remove_debugfs(ndev->debugfs); ++ mlx5_vdpa_remove_debugfs(ndev); + out: + return err; + } +@@ -2772,8 +2772,7 @@ static void teardown_driver(struct mlx5_ + if (!ndev->setup) + return; + +- mlx5_vdpa_remove_debugfs(ndev->debugfs); +- ndev->debugfs = NULL; ++ mlx5_vdpa_remove_debugfs(ndev); + teardown_steering(ndev); + destroy_tir(ndev); + destroy_rqt(ndev); +@@ -3534,8 +3533,6 @@ static void mlx5_vdpa_dev_del(struct vdp + struct mlx5_vdpa_net *ndev = to_mlx5_vdpa_ndev(mvdev); + struct workqueue_struct *wq; + +- mlx5_vdpa_remove_debugfs(ndev->debugfs); +- ndev->debugfs = NULL; + unregister_link_notifier(ndev); + _vdpa_unregister_device(dev); + wq = mvdev->wq; +--- a/drivers/vdpa/mlx5/net/mlx5_vnet.h ++++ b/drivers/vdpa/mlx5/net/mlx5_vnet.h +@@ -97,7 +97,7 @@ struct macvlan_node { + }; + + void mlx5_vdpa_add_debugfs(struct mlx5_vdpa_net *ndev); +-void mlx5_vdpa_remove_debugfs(struct dentry *dbg); ++void mlx5_vdpa_remove_debugfs(struct mlx5_vdpa_net *ndev); + void mlx5_vdpa_add_rx_flow_table(struct mlx5_vdpa_net *ndev); + void mlx5_vdpa_remove_rx_flow_table(struct mlx5_vdpa_net *ndev); + void mlx5_vdpa_add_tirn(struct mlx5_vdpa_net *ndev); diff --git a/queue-6.5/vdpa_sim_blk-fix-the-potential-leak-of-mgmt_dev.patch b/queue-6.5/vdpa_sim_blk-fix-the-potential-leak-of-mgmt_dev.patch new file mode 100644 index 00000000000..dcec11a46b4 --- /dev/null +++ b/queue-6.5/vdpa_sim_blk-fix-the-potential-leak-of-mgmt_dev.patch @@ -0,0 +1,45 @@ +From d121df789b159e9a8ee770666f210975a81e8111 Mon Sep 17 00:00:00 2001 +From: "Shawn.Shao" +Date: Mon, 21 Aug 2023 14:03:33 +0800 +Subject: vdpa_sim_blk: Fix the potential leak of mgmt_dev + +From: Shawn.Shao + +commit d121df789b159e9a8ee770666f210975a81e8111 upstream. + +If the shared_buffer allocation fails, need to unregister mgmt_dev first. + +Cc: stable@vger.kernel.org +Fixes: abebb16254b36 ("vdpa_sim_blk: support shared backend") +Signed-off-by: Shawn.Shao +Acked-by: Jason Wang +Message-Id: <20230821060333.1155-1-shawn.shao@jaguarmicro.com> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vdpa/vdpa_sim/vdpa_sim_blk.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c b/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c +index 00d7d72713be..b3a3cb165795 100644 +--- a/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c ++++ b/drivers/vdpa/vdpa_sim/vdpa_sim_blk.c +@@ -499,12 +499,13 @@ static int __init vdpasim_blk_init(void) + GFP_KERNEL); + if (!shared_buffer) { + ret = -ENOMEM; +- goto parent_err; ++ goto mgmt_dev_err; + } + } + + return 0; +- ++mgmt_dev_err: ++ vdpa_mgmtdev_unregister(&mgmt_dev); + parent_err: + device_unregister(&vdpasim_blk_mgmtdev); + return ret; +-- +2.42.0 + diff --git a/queue-6.5/vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch b/queue-6.5/vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch new file mode 100644 index 00000000000..d0e34e5323d --- /dev/null +++ b/queue-6.5/vhost-allow-null-msg.size-on-vhost_iotlb_invalidate.patch @@ -0,0 +1,49 @@ +From ca50ec377c2e94b0a9f8735de2856cd0f13beab4 Mon Sep 17 00:00:00 2001 +From: Eric Auger +Date: Wed, 27 Sep 2023 16:05:44 +0200 +Subject: vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE + +From: Eric Auger + +commit ca50ec377c2e94b0a9f8735de2856cd0f13beab4 upstream. + +Commit e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb +entries") Forbade vhost iotlb msg with null size to prevent entries +with size = start = 0 and last = ULONG_MAX to end up in the iotlb. + +Then commit 95932ab2ea07 ("vhost: allow batching hint without size") +only applied the check for VHOST_IOTLB_UPDATE and VHOST_IOTLB_INVALIDATE +message types to fix a regression observed with batching hit. + +Still, the introduction of that check introduced a regression for +some users attempting to invalidate the whole ULONG_MAX range by +setting the size to 0. This is the case with qemu/smmuv3/vhost +integration which does not work anymore. It Looks safe to partially +revert the original commit and allow VHOST_IOTLB_INVALIDATE messages +with null size. vhost_iotlb_del_range() will compute a correct end +iova. Same for vhost_vdpa_iotlb_unmap(). + +Signed-off-by: Eric Auger +Fixes: e2ae38cf3d91 ("vhost: fix hung thread due to erroneous iotlb entries") +Cc: stable@vger.kernel.org # v5.17+ +Acked-by: Jason Wang +Message-Id: <20230927140544.205088-1-eric.auger@redhat.com> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/vhost/vhost.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/drivers/vhost/vhost.c ++++ b/drivers/vhost/vhost.c +@@ -1458,9 +1458,7 @@ ssize_t vhost_chr_write_iter(struct vhos + goto done; + } + +- if ((msg.type == VHOST_IOTLB_UPDATE || +- msg.type == VHOST_IOTLB_INVALIDATE) && +- msg.size == 0) { ++ if (msg.type == VHOST_IOTLB_UPDATE && msg.size == 0) { + ret = -EINVAL; + goto done; + } diff --git a/queue-6.5/virtio-crypto-handle-config-changed-by-work-queue.patch b/queue-6.5/virtio-crypto-handle-config-changed-by-work-queue.patch new file mode 100644 index 00000000000..cedf627737d --- /dev/null +++ b/queue-6.5/virtio-crypto-handle-config-changed-by-work-queue.patch @@ -0,0 +1,90 @@ +From fa2e6947aa8844f25f5bad0d8cd1a541d9bc83eb Mon Sep 17 00:00:00 2001 +From: zhenwei pi +Date: Sat, 7 Oct 2023 14:43:09 +0800 +Subject: virtio-crypto: handle config changed by work queue + +From: zhenwei pi + +commit fa2e6947aa8844f25f5bad0d8cd1a541d9bc83eb upstream. + +MST pointed out: config change callback is also handled incorrectly +in this driver, it takes a mutex from interrupt context. + +Handle config changed by work queue instead. + +Cc: stable@vger.kernel.org +Cc: Gonglei (Arei) +Cc: Halil Pasic +Cc: Michael S. Tsirkin +Signed-off-by: zhenwei pi +Message-Id: <20231007064309.844889-1-pizhenwei@bytedance.com> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + drivers/crypto/virtio/virtio_crypto_common.h | 3 +++ + drivers/crypto/virtio/virtio_crypto_core.c | 14 +++++++++++++- + 2 files changed, 16 insertions(+), 1 deletion(-) + +--- a/drivers/crypto/virtio/virtio_crypto_common.h ++++ b/drivers/crypto/virtio/virtio_crypto_common.h +@@ -35,6 +35,9 @@ struct virtio_crypto { + struct virtqueue *ctrl_vq; + struct data_queue *data_vq; + ++ /* Work struct for config space updates */ ++ struct work_struct config_work; ++ + /* To protect the vq operations for the controlq */ + spinlock_t ctrl_lock; + +--- a/drivers/crypto/virtio/virtio_crypto_core.c ++++ b/drivers/crypto/virtio/virtio_crypto_core.c +@@ -335,6 +335,14 @@ static void virtcrypto_del_vqs(struct vi + virtcrypto_free_queues(vcrypto); + } + ++static void vcrypto_config_changed_work(struct work_struct *work) ++{ ++ struct virtio_crypto *vcrypto = ++ container_of(work, struct virtio_crypto, config_work); ++ ++ virtcrypto_update_status(vcrypto); ++} ++ + static int virtcrypto_probe(struct virtio_device *vdev) + { + int err = -EFAULT; +@@ -454,6 +462,8 @@ static int virtcrypto_probe(struct virti + if (err) + goto free_engines; + ++ INIT_WORK(&vcrypto->config_work, vcrypto_config_changed_work); ++ + return 0; + + free_engines: +@@ -490,6 +500,7 @@ static void virtcrypto_remove(struct vir + + dev_info(&vdev->dev, "Start virtcrypto_remove.\n"); + ++ flush_work(&vcrypto->config_work); + if (virtcrypto_dev_started(vcrypto)) + virtcrypto_dev_stop(vcrypto); + virtio_reset_device(vdev); +@@ -504,7 +515,7 @@ static void virtcrypto_config_changed(st + { + struct virtio_crypto *vcrypto = vdev->priv; + +- virtcrypto_update_status(vcrypto); ++ schedule_work(&vcrypto->config_work); + } + + #ifdef CONFIG_PM_SLEEP +@@ -512,6 +523,7 @@ static int virtcrypto_freeze(struct virt + { + struct virtio_crypto *vcrypto = vdev->priv; + ++ flush_work(&vcrypto->config_work); + virtio_reset_device(vdev); + virtcrypto_free_unused_reqs(vcrypto); + if (virtcrypto_dev_started(vcrypto)) diff --git a/queue-6.5/virtio-mmio-fix-memory-leak-of-vm_dev.patch b/queue-6.5/virtio-mmio-fix-memory-leak-of-vm_dev.patch new file mode 100644 index 00000000000..b2c5e042fd3 --- /dev/null +++ b/queue-6.5/virtio-mmio-fix-memory-leak-of-vm_dev.patch @@ -0,0 +1,86 @@ +From fab7f259227b8f70aa6d54e1de1a1f5f4729041c Mon Sep 17 00:00:00 2001 +From: Maximilian Heyne +Date: Mon, 11 Sep 2023 09:03:29 +0000 +Subject: virtio-mmio: fix memory leak of vm_dev + +From: Maximilian Heyne + +commit fab7f259227b8f70aa6d54e1de1a1f5f4729041c upstream. + +With the recent removal of vm_dev from devres its memory is only freed +via the callback virtio_mmio_release_dev. However, this only takes +effect after device_add is called by register_virtio_device. Until then +it's an unmanaged resource and must be explicitly freed on error exit. + +This bug was discovered and resolved using Coverity Static Analysis +Security Testing (SAST) by Synopsys, Inc. + +Cc: stable@vger.kernel.org +Fixes: 55c91fedd03d ("virtio-mmio: don't break lifecycle of vm_dev") +Signed-off-by: Maximilian Heyne +Reviewed-by: Catalin Marinas +Tested-by: Catalin Marinas +Reviewed-by: Xuan Zhuo +Signed-off-by: Greg Kroah-Hartman + +Message-Id: <20230911090328.40538-1-mheyne@amazon.de> +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Wolfram Sang +--- + drivers/virtio/virtio_mmio.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +--- a/drivers/virtio/virtio_mmio.c ++++ b/drivers/virtio/virtio_mmio.c +@@ -631,14 +631,17 @@ static int virtio_mmio_probe(struct plat + spin_lock_init(&vm_dev->lock); + + vm_dev->base = devm_platform_ioremap_resource(pdev, 0); +- if (IS_ERR(vm_dev->base)) +- return PTR_ERR(vm_dev->base); ++ if (IS_ERR(vm_dev->base)) { ++ rc = PTR_ERR(vm_dev->base); ++ goto free_vm_dev; ++ } + + /* Check magic value */ + magic = readl(vm_dev->base + VIRTIO_MMIO_MAGIC_VALUE); + if (magic != ('v' | 'i' << 8 | 'r' << 16 | 't' << 24)) { + dev_warn(&pdev->dev, "Wrong magic value 0x%08lx!\n", magic); +- return -ENODEV; ++ rc = -ENODEV; ++ goto free_vm_dev; + } + + /* Check device version */ +@@ -646,7 +649,8 @@ static int virtio_mmio_probe(struct plat + if (vm_dev->version < 1 || vm_dev->version > 2) { + dev_err(&pdev->dev, "Version %ld not supported!\n", + vm_dev->version); +- return -ENXIO; ++ rc = -ENXIO; ++ goto free_vm_dev; + } + + vm_dev->vdev.id.device = readl(vm_dev->base + VIRTIO_MMIO_DEVICE_ID); +@@ -655,7 +659,8 @@ static int virtio_mmio_probe(struct plat + * virtio-mmio device with an ID 0 is a (dummy) placeholder + * with no function. End probing now with no error reported. + */ +- return -ENODEV; ++ rc = -ENODEV; ++ goto free_vm_dev; + } + vm_dev->vdev.id.vendor = readl(vm_dev->base + VIRTIO_MMIO_VENDOR_ID); + +@@ -685,6 +690,10 @@ static int virtio_mmio_probe(struct plat + put_device(&vm_dev->vdev.dev); + + return rc; ++ ++free_vm_dev: ++ kfree(vm_dev); ++ return rc; + } + + static int virtio_mmio_remove(struct platform_device *pdev) diff --git a/queue-6.5/virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch b/queue-6.5/virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch new file mode 100644 index 00000000000..64a206e9fae --- /dev/null +++ b/queue-6.5/virtio_balloon-fix-endless-deflation-and-inflation-on-arm64.patch @@ -0,0 +1,97 @@ +From 07622bd415639e9709579f400afd19e7e9866e5e Mon Sep 17 00:00:00 2001 +From: Gavin Shan +Date: Thu, 31 Aug 2023 11:10:07 +1000 +Subject: virtio_balloon: Fix endless deflation and inflation on arm64 + +From: Gavin Shan + +commit 07622bd415639e9709579f400afd19e7e9866e5e upstream. + +The deflation request to the target, which isn't unaligned to the +guest page size causes endless deflation and inflation actions. For +example, we receive the flooding QMP events for the changes on memory +balloon's size after a deflation request to the unaligned target is +sent for the ARM64 guest, where we have 64KB base page size. + + /home/gavin/sandbox/qemu.main/build/qemu-system-aarch64 \ + -accel kvm -machine virt,gic-version=host -cpu host \ + -smp maxcpus=8,cpus=8,sockets=2,clusters=2,cores=2,threads=1 \ + -m 1024M,slots=16,maxmem=64G \ + -object memory-backend-ram,id=mem0,size=512M \ + -object memory-backend-ram,id=mem1,size=512M \ + -numa node,nodeid=0,memdev=mem0,cpus=0-3 \ + -numa node,nodeid=1,memdev=mem1,cpus=4-7 \ + : \ + -device virtio-balloon-pci,id=balloon0,bus=pcie.10 + + { "execute" : "balloon", "arguments": { "value" : 1073672192 } } + {"return": {}} + {"timestamp": {"seconds": 1693272173, "microseconds": 88667}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272174, "microseconds": 89704}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272175, "microseconds": 90819}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272176, "microseconds": 91961}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272177, "microseconds": 93040}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}} + {"timestamp": {"seconds": 1693272178, "microseconds": 94117}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}} + {"timestamp": {"seconds": 1693272179, "microseconds": 95337}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272180, "microseconds": 96615}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}} + {"timestamp": {"seconds": 1693272181, "microseconds": 97626}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272182, "microseconds": 98693}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}} + {"timestamp": {"seconds": 1693272183, "microseconds": 99698}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272184, "microseconds": 100727}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272185, "microseconds": 90430}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + {"timestamp": {"seconds": 1693272186, "microseconds": 102999}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073676288}} + : + + +Fix it by aligning the target up to the guest page size, 64KB in this +specific case. With this applied, no flooding QMP events are observed +and the memory balloon's size can be stablizied to 0x3ffe0000 soon +after the deflation request is sent. + + { "execute" : "balloon", "arguments": { "value" : 1073672192 } } + {"return": {}} + {"timestamp": {"seconds": 1693273328, "microseconds": 793075}, \ + "event": "BALLOON_CHANGE", "data": {"actual": 1073610752}} + { "execute" : "query-balloon" } + {"return": {"actual": 1073610752}} + +Cc: stable@vger.kernel.org +Signed-off-by: Gavin Shan +Tested-by: Zhenyu Zhang +Message-Id: <20230831011007.1032822-1-gshan@redhat.com> +Signed-off-by: Michael S. Tsirkin +Reviewed-by: David Hildenbrand +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virtio/virtio_balloon.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/virtio/virtio_balloon.c ++++ b/drivers/virtio/virtio_balloon.c +@@ -395,7 +395,11 @@ static inline s64 towards_target(struct + virtio_cread_le(vb->vdev, struct virtio_balloon_config, num_pages, + &num_pages); + +- target = num_pages; ++ /* ++ * Aligned up to guest page size to avoid inflating and deflating ++ * balloon endlessly. ++ */ ++ target = ALIGN(num_pages, VIRTIO_BALLOON_PAGES_PER_PAGE); + return target - vb->num_pages; + } + diff --git a/queue-6.5/virtio_pci-fix-the-common-cfg-map-size.patch b/queue-6.5/virtio_pci-fix-the-common-cfg-map-size.patch new file mode 100644 index 00000000000..16faa378489 --- /dev/null +++ b/queue-6.5/virtio_pci-fix-the-common-cfg-map-size.patch @@ -0,0 +1,39 @@ +From 061b39fdfe7fd98946e67637213bcbb10a318cca Mon Sep 17 00:00:00 2001 +From: Xuan Zhuo +Date: Tue, 10 Oct 2023 11:11:18 +0800 +Subject: virtio_pci: fix the common cfg map size + +From: Xuan Zhuo + +commit 061b39fdfe7fd98946e67637213bcbb10a318cca upstream. + +The function vp_modern_map_capability() takes the size parameter, +which corresponds to the size of virtio_pci_common_cfg. As a result, +this indicates the size of memory area to map. + +Now the size is the size of virtio_pci_common_cfg, but some feature(such +as the _F_RING_RESET) needs the virtio_pci_modern_common_cfg, so this +commit changes the size to the size of virtio_pci_modern_common_cfg. + +Cc: stable@vger.kernel.org +Fixes: 0b50cece0b78 ("virtio_pci: introduce helper to get/set queue reset") +Signed-off-by: Xuan Zhuo +Message-Id: <20231010031120.81272-3-xuanzhuo@linux.alibaba.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/virtio/virtio_pci_modern_dev.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/virtio/virtio_pci_modern_dev.c ++++ b/drivers/virtio/virtio_pci_modern_dev.c +@@ -291,7 +291,7 @@ int vp_modern_probe(struct virtio_pci_mo + err = -EINVAL; + mdev->common = vp_modern_map_capability(mdev, common, + sizeof(struct virtio_pci_common_cfg), 4, +- 0, sizeof(struct virtio_pci_common_cfg), ++ 0, sizeof(struct virtio_pci_modern_common_cfg), + NULL, NULL); + if (!mdev->common) + goto err_map_common; diff --git a/queue-6.5/vsock-virtio-initialize-the_virtio_vsock-before-using-vqs.patch b/queue-6.5/vsock-virtio-initialize-the_virtio_vsock-before-using-vqs.patch new file mode 100644 index 00000000000..d53cf7a556c --- /dev/null +++ b/queue-6.5/vsock-virtio-initialize-the_virtio_vsock-before-using-vqs.patch @@ -0,0 +1,76 @@ +From 53b08c4985158430fd6d035fb49443bada535210 Mon Sep 17 00:00:00 2001 +From: Alexandru Matei +Date: Tue, 24 Oct 2023 22:17:42 +0300 +Subject: vsock/virtio: initialize the_virtio_vsock before using VQs + +From: Alexandru Matei + +commit 53b08c4985158430fd6d035fb49443bada535210 upstream. + +Once VQs are filled with empty buffers and we kick the host, it can send +connection requests. If the_virtio_vsock is not initialized before, +replies are silently dropped and do not reach the host. + +virtio_transport_send_pkt() can queue packets once the_virtio_vsock is +set, but they won't be processed until vsock->tx_run is set to true. We +queue vsock->send_pkt_work when initialization finishes to send those +packets queued earlier. + +Fixes: 0deab087b16a ("vsock/virtio: use RCU to avoid use-after-free on the_virtio_vsock") +Signed-off-by: Alexandru Matei +Reviewed-by: Stefano Garzarella +Link: https://lore.kernel.org/r/20231024191742.14259-1-alexandru.matei@uipath.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/vmw_vsock/virtio_transport.c | 18 +++++++++++++++++- + 1 file changed, 17 insertions(+), 1 deletion(-) + +--- a/net/vmw_vsock/virtio_transport.c ++++ b/net/vmw_vsock/virtio_transport.c +@@ -555,6 +555,11 @@ static int virtio_vsock_vqs_init(struct + + virtio_device_ready(vdev); + ++ return 0; ++} ++ ++static void virtio_vsock_vqs_start(struct virtio_vsock *vsock) ++{ + mutex_lock(&vsock->tx_lock); + vsock->tx_run = true; + mutex_unlock(&vsock->tx_lock); +@@ -569,7 +574,16 @@ static int virtio_vsock_vqs_init(struct + vsock->event_run = true; + mutex_unlock(&vsock->event_lock); + +- return 0; ++ /* virtio_transport_send_pkt() can queue packets once ++ * the_virtio_vsock is set, but they won't be processed until ++ * vsock->tx_run is set to true. We queue vsock->send_pkt_work ++ * when initialization finishes to send those packets queued ++ * earlier. ++ * We don't need to queue the other workers (rx, event) because ++ * as long as we don't fill the queues with empty buffers, the ++ * host can't send us any notification. ++ */ ++ queue_work(virtio_vsock_workqueue, &vsock->send_pkt_work); + } + + static void virtio_vsock_vqs_del(struct virtio_vsock *vsock) +@@ -664,6 +678,7 @@ static int virtio_vsock_probe(struct vir + goto out; + + rcu_assign_pointer(the_virtio_vsock, vsock); ++ virtio_vsock_vqs_start(vsock); + + mutex_unlock(&the_virtio_vsock_mutex); + +@@ -736,6 +751,7 @@ static int virtio_vsock_restore(struct v + goto out; + + rcu_assign_pointer(the_virtio_vsock, vsock); ++ virtio_vsock_vqs_start(vsock); + + out: + mutex_unlock(&the_virtio_vsock_mutex);