From: Greg Kroah-Hartman Date: Sat, 10 Apr 2021 13:51:54 +0000 (+0200) Subject: 5.11-stable patches X-Git-Tag: v4.19.187~68 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e71df4215d97f889bc157d01df0eaf520924ad0a;p=thirdparty%2Fkernel%2Fstable-queue.git 5.11-stable patches added patches: acpi-processor-fix-build-when-config_acpi_processor-m.patch arm-dts-turris-omnia-configure-led-intn-pin-as-interrupt-pin.patch cifs-escape-spaces-in-share-names.patch cifs-on-cifs_reconnect-resolve-the-hostname-again.patch drm-amdgpu-fix-size-overflow.patch drm-amdgpu-smu7-fix-cac-setting-on-topaz.patch drm-i915-fix-invalid-access-to-acpi-_dsm-objects.patch drm-radeon-fix-size-overflow.patch ethtool-fix-incorrect-datatype-in-set_eee-ops.patch fs-direct-io-fix-missing-sdio-boundary.patch gcov-re-fix-clang-11-support.patch ia64-fix-user_stack_pointer-for-ptrace.patch ib-hfi1-fix-probe-time-panic-when-aip-is-enabled-with-a-buggy-bios.patch lookup_mountpoint-we-are-cleaning-jumped-flag-too-late.patch nds32-flush_dcache_page-use-page_mapping_file-to-avoid-races-with-swapoff.patch net-dsa-lantiq_gswip-configure-all-remaining-gswip_mii_cfg-bits.patch net-dsa-lantiq_gswip-don-t-use-phy-auto-polling.patch net-dsa-lantiq_gswip-let-gswip-automatically-set-the-xmii-clock.patch net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch of-property-fw_devlink-do-not-link-.-nr-gpios.patch parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch parisc-parisc-agp-requires-sba-iommu-driver.patch rfkill-revert-back-to-old-userspace-api-by-default.patch --- diff --git a/queue-5.11/acpi-processor-fix-build-when-config_acpi_processor-m.patch b/queue-5.11/acpi-processor-fix-build-when-config_acpi_processor-m.patch new file mode 100644 index 00000000000..c1980b8da4a --- /dev/null +++ b/queue-5.11/acpi-processor-fix-build-when-config_acpi_processor-m.patch @@ -0,0 +1,107 @@ +From fa26d0c778b432d3d9814ea82552e813b33eeb5c Mon Sep 17 00:00:00 2001 +From: Vitaly Kuznetsov +Date: Tue, 6 Apr 2021 17:56:40 +0200 +Subject: ACPI: processor: Fix build when CONFIG_ACPI_PROCESSOR=m + +From: Vitaly Kuznetsov + +commit fa26d0c778b432d3d9814ea82552e813b33eeb5c upstream. + +Commit 8cdddd182bd7 ("ACPI: processor: Fix CPU0 wakeup in +acpi_idle_play_dead()") tried to fix CPU0 hotplug breakage by copying +wakeup_cpu0() + start_cpu0() logic from hlt_play_dead()//mwait_play_dead() +into acpi_idle_play_dead(). The problem is that these functions are not +exported to modules so when CONFIG_ACPI_PROCESSOR=m build fails. + +The issue could've been fixed by exporting both wakeup_cpu0()/start_cpu0() +(the later from assembly) but it seems putting the whole pattern into a +new function and exporting it instead is better. + +Reported-by: kernel test robot +Fixes: 8cdddd182bd7 ("CPI: processor: Fix CPU0 wakeup in acpi_idle_play_dead()") +Cc: # 5.10+ +Signed-off-by: Vitaly Kuznetsov +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + arch/x86/include/asm/smp.h | 2 +- + arch/x86/kernel/smpboot.c | 26 ++++++++++++-------------- + drivers/acpi/processor_idle.c | 4 +--- + 3 files changed, 14 insertions(+), 18 deletions(-) + +--- a/arch/x86/include/asm/smp.h ++++ b/arch/x86/include/asm/smp.h +@@ -132,7 +132,7 @@ void native_play_dead(void); + void play_dead_common(void); + void wbinvd_on_cpu(int cpu); + int wbinvd_on_all_cpus(void); +-bool wakeup_cpu0(void); ++void cond_wakeup_cpu0(void); + + void native_smp_send_reschedule(int cpu); + void native_send_call_func_ipi(const struct cpumask *mask); +--- a/arch/x86/kernel/smpboot.c ++++ b/arch/x86/kernel/smpboot.c +@@ -1659,13 +1659,17 @@ void play_dead_common(void) + local_irq_disable(); + } + +-bool wakeup_cpu0(void) ++/** ++ * cond_wakeup_cpu0 - Wake up CPU0 if needed. ++ * ++ * If NMI wants to wake up CPU0, start CPU0. ++ */ ++void cond_wakeup_cpu0(void) + { + if (smp_processor_id() == 0 && enable_start_cpu0) +- return true; +- +- return false; ++ start_cpu0(); + } ++EXPORT_SYMBOL_GPL(cond_wakeup_cpu0); + + /* + * We need to flush the caches before going to sleep, lest we have +@@ -1734,11 +1738,8 @@ static inline void mwait_play_dead(void) + __monitor(mwait_ptr, 0, 0); + mb(); + __mwait(eax, 0); +- /* +- * If NMI wants to wake up CPU0, start CPU0. +- */ +- if (wakeup_cpu0()) +- start_cpu0(); ++ ++ cond_wakeup_cpu0(); + } + } + +@@ -1749,11 +1750,8 @@ void hlt_play_dead(void) + + while (1) { + native_halt(); +- /* +- * If NMI wants to wake up CPU0, start CPU0. +- */ +- if (wakeup_cpu0()) +- start_cpu0(); ++ ++ cond_wakeup_cpu0(); + } + } + +--- a/drivers/acpi/processor_idle.c ++++ b/drivers/acpi/processor_idle.c +@@ -544,9 +544,7 @@ static int acpi_idle_play_dead(struct cp + return -ENODEV; + + #if defined(CONFIG_X86) && defined(CONFIG_HOTPLUG_CPU) +- /* If NMI wants to wake up CPU0, start CPU0. */ +- if (wakeup_cpu0()) +- start_cpu0(); ++ cond_wakeup_cpu0(); + #endif + } + diff --git a/queue-5.11/arm-dts-turris-omnia-configure-led-intn-pin-as-interrupt-pin.patch b/queue-5.11/arm-dts-turris-omnia-configure-led-intn-pin-as-interrupt-pin.patch new file mode 100644 index 00000000000..b7f412b4484 --- /dev/null +++ b/queue-5.11/arm-dts-turris-omnia-configure-led-intn-pin-as-interrupt-pin.patch @@ -0,0 +1,56 @@ +From a26c56ae67fa9fbb45a8a232dcd7ebaa7af16086 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marek=20Beh=C3=BAn?= +Date: Sun, 21 Feb 2021 00:11:44 +0100 +Subject: ARM: dts: turris-omnia: configure LED[2]/INTn pin as interrupt pin +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Marek Behún + +commit a26c56ae67fa9fbb45a8a232dcd7ebaa7af16086 upstream. + +Use the `marvell,reg-init` DT property to configure the LED[2]/INTn pin +of the Marvell 88E1514 ethernet PHY on Turris Omnia into interrupt mode. + +Without this the pin is by default in LED[2] mode, and the Marvell PHY +driver configures LED[2] into "On - Link, Blink - Activity" mode. + +This fixes the issue where the pca9538 GPIO/interrupt controller (which +can't mask interrupts in HW) received too many interrupts and after a +time started ignoring the interrupt with error message: + IRQ 71: nobody cared + +There is a work in progress to have the Marvell PHY driver support +parsing PHY LED nodes from OF and registering the LEDs as Linux LED +class devices. Once this is done the PHY driver can also automatically +set the pin into INTn mode if it does not find LED[2] in OF. + +Until then, though, we fix this via `marvell,reg-init` DT property. + +Signed-off-by: Marek Behún +Reported-by: Rui Salvaterra +Fixes: 26ca8b52d6e1 ("ARM: dts: add support for Turris Omnia") +Cc: Uwe Kleine-König +Cc: linux-arm-kernel@lists.infradead.org +Cc: Andrew Lunn +Cc: Gregory CLEMENT +Cc: +Tested-by: Rui Salvaterra +Reviewed-by: Andrew Lunn +Signed-off-by: Gregory CLEMENT +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/boot/dts/armada-385-turris-omnia.dts | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/arm/boot/dts/armada-385-turris-omnia.dts ++++ b/arch/arm/boot/dts/armada-385-turris-omnia.dts +@@ -389,6 +389,7 @@ + phy1: ethernet-phy@1 { + compatible = "ethernet-phy-ieee802.3-c22"; + reg = <1>; ++ marvell,reg-init = <3 18 0 0x4985>; + + /* irq is connected to &pcawan pin 7 */ + }; diff --git a/queue-5.11/cifs-escape-spaces-in-share-names.patch b/queue-5.11/cifs-escape-spaces-in-share-names.patch new file mode 100644 index 00000000000..865598579ca --- /dev/null +++ b/queue-5.11/cifs-escape-spaces-in-share-names.patch @@ -0,0 +1,35 @@ +From 0fc9322ab5e1fe6910c9673e1a7ff29f7dd72611 Mon Sep 17 00:00:00 2001 +From: Maciek Borzecki +Date: Tue, 6 Apr 2021 17:02:29 +0200 +Subject: cifs: escape spaces in share names + +From: Maciek Borzecki + +commit 0fc9322ab5e1fe6910c9673e1a7ff29f7dd72611 upstream. + +Commit 653a5efb849a ("cifs: update super_operations to show_devname") +introduced the display of devname for cifs mounts. However, when mounting +a share which has a whitespace in the name, that exact share name is also +displayed in mountinfo. Make sure that all whitespace is escaped. + +Signed-off-by: Maciek Borzecki +CC: # 5.11+ +Reviewed-by: Shyam Prasad N +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/cifsfs.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/fs/cifs/cifsfs.c ++++ b/fs/cifs/cifsfs.c +@@ -475,7 +475,8 @@ static int cifs_show_devname(struct seq_ + seq_puts(m, "none"); + else { + convert_delimiter(devname, '/'); +- seq_puts(m, devname); ++ /* escape all spaces in share names */ ++ seq_escape(m, devname, " \t"); + kfree(devname); + } + return 0; diff --git a/queue-5.11/cifs-on-cifs_reconnect-resolve-the-hostname-again.patch b/queue-5.11/cifs-on-cifs_reconnect-resolve-the-hostname-again.patch new file mode 100644 index 00000000000..fd4bcda3edb --- /dev/null +++ b/queue-5.11/cifs-on-cifs_reconnect-resolve-the-hostname-again.patch @@ -0,0 +1,120 @@ +From 4e456b30f78c429b183db420e23b26cde7e03a78 Mon Sep 17 00:00:00 2001 +From: Shyam Prasad N +Date: Wed, 31 Mar 2021 14:35:24 +0000 +Subject: cifs: On cifs_reconnect, resolve the hostname again. + +From: Shyam Prasad N + +commit 4e456b30f78c429b183db420e23b26cde7e03a78 upstream. + +On cifs_reconnect, make sure that DNS resolution happens again. +It could be the cause of connection to go dead in the first place. + +This also contains the fix for a build issue identified by Intel bot. +Reported-by: kernel test robot + +Signed-off-by: Shyam Prasad N +Reviewed-by: Paulo Alcantara (SUSE) +Reviewed-by: Pavel Shilovsky +CC: # 5.11+ +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/cifs/Kconfig | 3 +-- + fs/cifs/Makefile | 5 +++-- + fs/cifs/connect.c | 17 ++++++++++++++++- + 3 files changed, 20 insertions(+), 5 deletions(-) + +--- a/fs/cifs/Kconfig ++++ b/fs/cifs/Kconfig +@@ -18,6 +18,7 @@ config CIFS + select CRYPTO_AES + select CRYPTO_LIB_DES + select KEYS ++ select DNS_RESOLVER + help + This is the client VFS module for the SMB3 family of NAS protocols, + (including support for the most recent, most secure dialect SMB3.1.1) +@@ -112,7 +113,6 @@ config CIFS_WEAK_PW_HASH + config CIFS_UPCALL + bool "Kerberos/SPNEGO advanced session setup" + depends on CIFS +- select DNS_RESOLVER + help + Enables an upcall mechanism for CIFS which accesses userspace helper + utilities to provide SPNEGO packaged (RFC 4178) Kerberos tickets +@@ -179,7 +179,6 @@ config CIFS_DEBUG_DUMP_KEYS + config CIFS_DFS_UPCALL + bool "DFS feature support" + depends on CIFS +- select DNS_RESOLVER + help + Distributed File System (DFS) support is used to access shares + transparently in an enterprise name space, even if the share +--- a/fs/cifs/Makefile ++++ b/fs/cifs/Makefile +@@ -10,13 +10,14 @@ cifs-y := trace.o cifsfs.o cifssmb.o cif + cifs_unicode.o nterr.o cifsencrypt.o \ + readdir.o ioctl.o sess.o export.o smb1ops.o unc.o winucase.o \ + smb2ops.o smb2maperror.o smb2transport.o \ +- smb2misc.o smb2pdu.o smb2inode.o smb2file.o cifsacl.o fs_context.o ++ smb2misc.o smb2pdu.o smb2inode.o smb2file.o cifsacl.o fs_context.o \ ++ dns_resolve.o + + cifs-$(CONFIG_CIFS_XATTR) += xattr.o + + cifs-$(CONFIG_CIFS_UPCALL) += cifs_spnego.o + +-cifs-$(CONFIG_CIFS_DFS_UPCALL) += dns_resolve.o cifs_dfs_ref.o dfs_cache.o ++cifs-$(CONFIG_CIFS_DFS_UPCALL) += cifs_dfs_ref.o dfs_cache.o + + cifs-$(CONFIG_CIFS_SWN_UPCALL) += netlink.o cifs_swn.o + +--- a/fs/cifs/connect.c ++++ b/fs/cifs/connect.c +@@ -87,7 +87,6 @@ static void cifs_prune_tlinks(struct wor + * + * This should be called with server->srv_mutex held. + */ +-#ifdef CONFIG_CIFS_DFS_UPCALL + static int reconn_set_ipaddr_from_hostname(struct TCP_Server_Info *server) + { + int rc; +@@ -124,6 +123,7 @@ static int reconn_set_ipaddr_from_hostna + return !rc ? -1 : 0; + } + ++#ifdef CONFIG_CIFS_DFS_UPCALL + /* These functions must be called with server->srv_mutex held */ + static void reconn_set_next_dfs_target(struct TCP_Server_Info *server, + struct cifs_sb_info *cifs_sb, +@@ -321,14 +321,29 @@ cifs_reconnect(struct TCP_Server_Info *s + #endif + + #ifdef CONFIG_CIFS_DFS_UPCALL ++ if (cifs_sb && cifs_sb->origin_fullpath) + /* + * Set up next DFS target server (if any) for reconnect. If DFS + * feature is disabled, then we will retry last server we + * connected to before. + */ + reconn_set_next_dfs_target(server, cifs_sb, &tgt_list, &tgt_it); ++ else { ++#endif ++ /* ++ * Resolve the hostname again to make sure that IP address is up-to-date. ++ */ ++ rc = reconn_set_ipaddr_from_hostname(server); ++ if (rc) { ++ cifs_dbg(FYI, "%s: failed to resolve hostname: %d\n", ++ __func__, rc); ++ } ++ ++#ifdef CONFIG_CIFS_DFS_UPCALL ++ } + #endif + ++ + #ifdef CONFIG_CIFS_SWN_UPCALL + } + #endif diff --git a/queue-5.11/drm-amdgpu-fix-size-overflow.patch b/queue-5.11/drm-amdgpu-fix-size-overflow.patch new file mode 100644 index 00000000000..d5c2dff6f89 --- /dev/null +++ b/queue-5.11/drm-amdgpu-fix-size-overflow.patch @@ -0,0 +1,35 @@ +From 1b0b6e939f112949089e32ec89fd27796677263a Mon Sep 17 00:00:00 2001 +From: xinhui pan +Date: Wed, 7 Apr 2021 19:29:39 +0800 +Subject: drm/amdgpu: Fix size overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: xinhui pan + +commit 1b0b6e939f112949089e32ec89fd27796677263a upstream. + +ttm->num_pages is uint32. Hit overflow when << PAGE_SHIFT directly + +Fixes: 230c079fdcf4 ("drm/ttm: make num_pages uint32_t") +Signed-off-by: xinhui pan +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c ++++ b/drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c +@@ -907,7 +907,7 @@ static int amdgpu_ttm_tt_pin_userptr(str + + /* Allocate an SG array and squash pages into it */ + r = sg_alloc_table_from_pages(ttm->sg, ttm->pages, ttm->num_pages, 0, +- ttm->num_pages << PAGE_SHIFT, ++ (u64)ttm->num_pages << PAGE_SHIFT, + GFP_KERNEL); + if (r) + goto release_sg; diff --git a/queue-5.11/drm-amdgpu-smu7-fix-cac-setting-on-topaz.patch b/queue-5.11/drm-amdgpu-smu7-fix-cac-setting-on-topaz.patch new file mode 100644 index 00000000000..d24380410a5 --- /dev/null +++ b/queue-5.11/drm-amdgpu-smu7-fix-cac-setting-on-topaz.patch @@ -0,0 +1,34 @@ +From cdcc108a2aced5f9cbc45920e29bf49819e5477f Mon Sep 17 00:00:00 2001 +From: Alex Deucher +Date: Wed, 7 Apr 2021 09:28:23 -0400 +Subject: drm/amdgpu/smu7: fix CAC setting on TOPAZ + +From: Alex Deucher + +commit cdcc108a2aced5f9cbc45920e29bf49819e5477f upstream. + +We need to enable MC CAC for mclk switching to work. + +Fixes: d765129a719f ("drm/amd/pm: correct sclk/mclk dpm enablement") +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/1561 +Tested-by: Konstantin Kharlamov +Reviewed-by: Evan Quan +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c ++++ b/drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu7_hwmgr.c +@@ -1224,7 +1224,8 @@ static int smu7_enable_sclk_mclk_dpm(str + (hwmgr->chip_id == CHIP_POLARIS10) || + (hwmgr->chip_id == CHIP_POLARIS11) || + (hwmgr->chip_id == CHIP_POLARIS12) || +- (hwmgr->chip_id == CHIP_TONGA)) ++ (hwmgr->chip_id == CHIP_TONGA) || ++ (hwmgr->chip_id == CHIP_TOPAZ)) + PHM_WRITE_FIELD(hwmgr->device, MC_SEQ_CNTL_3, CAC_EN, 0x1); + + diff --git a/queue-5.11/drm-i915-fix-invalid-access-to-acpi-_dsm-objects.patch b/queue-5.11/drm-i915-fix-invalid-access-to-acpi-_dsm-objects.patch new file mode 100644 index 00000000000..c7d4823e06c --- /dev/null +++ b/queue-5.11/drm-i915-fix-invalid-access-to-acpi-_dsm-objects.patch @@ -0,0 +1,71 @@ +From b6a37a93c9ac3900987c79b726d0bb3699d8db4e Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Fri, 2 Apr 2021 10:23:17 +0200 +Subject: drm/i915: Fix invalid access to ACPI _DSM objects +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Takashi Iwai + +commit b6a37a93c9ac3900987c79b726d0bb3699d8db4e upstream. + +intel_dsm_platform_mux_info() tries to parse the ACPI package data +from _DSM for the debug information, but it assumes the fixed format +without checking what values are stored in the elements actually. +When an unexpected value is returned from BIOS, it may lead to GPF or +NULL dereference, as reported recently. + +Add the checks of the contents in the returned values and skip the +values for invalid cases. + +v1->v2: Check the info contents before dereferencing, too + +BugLink: http://bugzilla.opensuse.org/show_bug.cgi?id=1184074 +Cc: +Signed-off-by: Takashi Iwai +Signed-off-by: Ville Syrjälä +Link: https://patchwork.freedesktop.org/patch/msgid/20210402082317.871-1-tiwai@suse.de +(cherry picked from commit 337d7a1621c7f02af867229990ac67c97da1b53a) +Signed-off-by: Rodrigo Vivi +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/i915/display/intel_acpi.c | 22 ++++++++++++++++++++-- + 1 file changed, 20 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/i915/display/intel_acpi.c ++++ b/drivers/gpu/drm/i915/display/intel_acpi.c +@@ -84,13 +84,31 @@ static void intel_dsm_platform_mux_info( + return; + } + ++ if (!pkg->package.count) { ++ DRM_DEBUG_DRIVER("no connection in _DSM\n"); ++ return; ++ } ++ + connector_count = &pkg->package.elements[0]; + DRM_DEBUG_DRIVER("MUX info connectors: %lld\n", + (unsigned long long)connector_count->integer.value); + for (i = 1; i < pkg->package.count; i++) { + union acpi_object *obj = &pkg->package.elements[i]; +- union acpi_object *connector_id = &obj->package.elements[0]; +- union acpi_object *info = &obj->package.elements[1]; ++ union acpi_object *connector_id; ++ union acpi_object *info; ++ ++ if (obj->type != ACPI_TYPE_PACKAGE || obj->package.count < 2) { ++ DRM_DEBUG_DRIVER("Invalid object for MUX #%d\n", i); ++ continue; ++ } ++ ++ connector_id = &obj->package.elements[0]; ++ info = &obj->package.elements[1]; ++ if (info->type != ACPI_TYPE_BUFFER || info->buffer.length < 4) { ++ DRM_DEBUG_DRIVER("Invalid info for MUX obj #%d\n", i); ++ continue; ++ } ++ + DRM_DEBUG_DRIVER("Connector id: 0x%016llx\n", + (unsigned long long)connector_id->integer.value); + DRM_DEBUG_DRIVER(" port id: %s\n", diff --git a/queue-5.11/drm-radeon-fix-size-overflow.patch b/queue-5.11/drm-radeon-fix-size-overflow.patch new file mode 100644 index 00000000000..57b6131417f --- /dev/null +++ b/queue-5.11/drm-radeon-fix-size-overflow.patch @@ -0,0 +1,44 @@ +From 2efc021060c2aa55e1e8f7b98249d3ea63232fc7 Mon Sep 17 00:00:00 2001 +From: xinhui pan +Date: Wed, 7 Apr 2021 20:57:50 +0800 +Subject: drm/radeon: Fix size overflow +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: xinhui pan + +commit 2efc021060c2aa55e1e8f7b98249d3ea63232fc7 upstream. + +ttm->num_pages is uint32. Hit overflow when << PAGE_SHIFT directly + +Fixes: 230c079fdcf4 ("drm/ttm: make num_pages uint32_t") +Signed-off-by: xinhui pan +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/radeon/radeon_ttm.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/gpu/drm/radeon/radeon_ttm.c ++++ b/drivers/gpu/drm/radeon/radeon_ttm.c +@@ -365,7 +365,7 @@ static int radeon_ttm_tt_pin_userptr(str + if (gtt->userflags & RADEON_GEM_USERPTR_ANONONLY) { + /* check that we only pin down anonymous memory + to prevent problems with writeback */ +- unsigned long end = gtt->userptr + ttm->num_pages * PAGE_SIZE; ++ unsigned long end = gtt->userptr + (u64)ttm->num_pages * PAGE_SIZE; + struct vm_area_struct *vma; + vma = find_vma(gtt->usermm, gtt->userptr); + if (!vma || vma->vm_file || vma->vm_end < end) +@@ -387,7 +387,7 @@ static int radeon_ttm_tt_pin_userptr(str + } while (pinned < ttm->num_pages); + + r = sg_alloc_table_from_pages(ttm->sg, ttm->pages, ttm->num_pages, 0, +- ttm->num_pages << PAGE_SHIFT, ++ (u64)ttm->num_pages << PAGE_SHIFT, + GFP_KERNEL); + if (r) + goto release_sg; diff --git a/queue-5.11/ethtool-fix-incorrect-datatype-in-set_eee-ops.patch b/queue-5.11/ethtool-fix-incorrect-datatype-in-set_eee-ops.patch new file mode 100644 index 00000000000..69aa59f7352 --- /dev/null +++ b/queue-5.11/ethtool-fix-incorrect-datatype-in-set_eee-ops.patch @@ -0,0 +1,37 @@ +From 63cf32389925e234d166fb1a336b46de7f846003 Mon Sep 17 00:00:00 2001 +From: Wong Vee Khee +Date: Tue, 6 Apr 2021 21:17:30 +0800 +Subject: ethtool: fix incorrect datatype in set_eee ops + +From: Wong Vee Khee + +commit 63cf32389925e234d166fb1a336b46de7f846003 upstream. + +The member 'tx_lpi_timer' is defined with __u32 datatype in the ethtool +header file. Hence, we should use ethnl_update_u32() in set_eee ops. + +Fixes: fd77be7bd43c ("ethtool: set EEE settings with EEE_SET request") +Cc: # 5.10.x +Cc: Michal Kubecek +Signed-off-by: Wong Vee Khee +Reviewed-by: Jakub Kicinski +Reviewed-by: Michal Kubecek +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ethtool/eee.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/net/ethtool/eee.c ++++ b/net/ethtool/eee.c +@@ -169,8 +169,8 @@ int ethnl_set_eee(struct sk_buff *skb, s + ethnl_update_bool32(&eee.eee_enabled, tb[ETHTOOL_A_EEE_ENABLED], &mod); + ethnl_update_bool32(&eee.tx_lpi_enabled, + tb[ETHTOOL_A_EEE_TX_LPI_ENABLED], &mod); +- ethnl_update_bool32(&eee.tx_lpi_timer, tb[ETHTOOL_A_EEE_TX_LPI_TIMER], +- &mod); ++ ethnl_update_u32(&eee.tx_lpi_timer, tb[ETHTOOL_A_EEE_TX_LPI_TIMER], ++ &mod); + ret = 0; + if (!mod) + goto out_ops; diff --git a/queue-5.11/fs-direct-io-fix-missing-sdio-boundary.patch b/queue-5.11/fs-direct-io-fix-missing-sdio-boundary.patch new file mode 100644 index 00000000000..3f35ec7044a --- /dev/null +++ b/queue-5.11/fs-direct-io-fix-missing-sdio-boundary.patch @@ -0,0 +1,58 @@ +From df41872b68601059dd4a84858952dcae58acd331 Mon Sep 17 00:00:00 2001 +From: Jack Qiu +Date: Fri, 9 Apr 2021 13:27:35 -0700 +Subject: fs: direct-io: fix missing sdio->boundary + +From: Jack Qiu + +commit df41872b68601059dd4a84858952dcae58acd331 upstream. + +I encountered a hung task issue, but not a performance one. I run DIO +on a device (need lba continuous, for example open channel ssd), maybe +hungtask in below case: + + DIO: Checkpoint: + get addr A(at boundary), merge into BIO, + no submit because boundary missing + flush dirty data(get addr A+1), wait IO(A+1) + writeback timeout, because DIO(A) didn't submit + get addr A+2 fail, because checkpoint is doing + +dio_send_cur_page() may clear sdio->boundary, so prevent it from missing +a boundary. + +Link: https://lkml.kernel.org/r/20210322042253.38312-1-jack.qiu@huawei.com +Fixes: b1058b981272 ("direct-io: submit bio after boundary buffer is added to it") +Signed-off-by: Jack Qiu +Reviewed-by: Jan Kara +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/direct-io.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +--- a/fs/direct-io.c ++++ b/fs/direct-io.c +@@ -810,6 +810,7 @@ submit_page_section(struct dio *dio, str + struct buffer_head *map_bh) + { + int ret = 0; ++ int boundary = sdio->boundary; /* dio_send_cur_page may clear it */ + + if (dio->op == REQ_OP_WRITE) { + /* +@@ -848,10 +849,10 @@ submit_page_section(struct dio *dio, str + sdio->cur_page_fs_offset = sdio->block_in_file << sdio->blkbits; + out: + /* +- * If sdio->boundary then we want to schedule the IO now to ++ * If boundary then we want to schedule the IO now to + * avoid metadata seeks. + */ +- if (sdio->boundary) { ++ if (boundary) { + ret = dio_send_cur_page(dio, sdio, map_bh); + if (sdio->bio) + dio_bio_submit(dio, sdio); diff --git a/queue-5.11/gcov-re-fix-clang-11-support.patch b/queue-5.11/gcov-re-fix-clang-11-support.patch new file mode 100644 index 00000000000..e499e688daf --- /dev/null +++ b/queue-5.11/gcov-re-fix-clang-11-support.patch @@ -0,0 +1,121 @@ +From 9562fd132985ea9185388a112e50f2a51557827d Mon Sep 17 00:00:00 2001 +From: Nick Desaulniers +Date: Fri, 9 Apr 2021 13:27:26 -0700 +Subject: gcov: re-fix clang-11+ support + +From: Nick Desaulniers + +commit 9562fd132985ea9185388a112e50f2a51557827d upstream. + +LLVM changed the expected function signature for llvm_gcda_emit_function() +in the clang-11 release. Users of clang-11 or newer may have noticed +their kernels producing invalid coverage information: + + $ llvm-cov gcov -a -c -u -f -b .gcda -- gcno=.gcno + 1 : checksum mismatch, \ + (, ) != (, ) + 2 Invalid .gcda File! + ... + +Fix up the function signatures so calling this function interprets its +parameters correctly and computes the correct cfg checksum. In +particular, in clang-11, the additional checksum is no longer optional. + +Link: https://reviews.llvm.org/rG25544ce2df0daa4304c07e64b9c8b0f7df60c11d +Link: https://lkml.kernel.org/r/20210408184631.1156669-1-ndesaulniers@google.com +Reported-by: Prasad Sodagudi +Tested-by: Prasad Sodagudi +Signed-off-by: Nick Desaulniers +Reviewed-by: Nathan Chancellor +Cc: [5.4+] +Signed-off-by: Greg Kroah-Hartman + +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +--- + kernel/gcov/clang.c | 29 +++++++++++++++++++---------- + 1 file changed, 19 insertions(+), 10 deletions(-) + +--- a/kernel/gcov/clang.c ++++ b/kernel/gcov/clang.c +@@ -70,7 +70,9 @@ struct gcov_fn_info { + + u32 ident; + u32 checksum; ++#if CONFIG_CLANG_VERSION < 110000 + u8 use_extra_checksum; ++#endif + u32 cfg_checksum; + + u32 num_counters; +@@ -145,10 +147,8 @@ void llvm_gcda_emit_function(u32 ident, + + list_add_tail(&info->head, ¤t_info->functions); + } +-EXPORT_SYMBOL(llvm_gcda_emit_function); + #else +-void llvm_gcda_emit_function(u32 ident, u32 func_checksum, +- u8 use_extra_checksum, u32 cfg_checksum) ++void llvm_gcda_emit_function(u32 ident, u32 func_checksum, u32 cfg_checksum) + { + struct gcov_fn_info *info = kzalloc(sizeof(*info), GFP_KERNEL); + +@@ -158,12 +158,11 @@ void llvm_gcda_emit_function(u32 ident, + INIT_LIST_HEAD(&info->head); + info->ident = ident; + info->checksum = func_checksum; +- info->use_extra_checksum = use_extra_checksum; + info->cfg_checksum = cfg_checksum; + list_add_tail(&info->head, ¤t_info->functions); + } +-EXPORT_SYMBOL(llvm_gcda_emit_function); + #endif ++EXPORT_SYMBOL(llvm_gcda_emit_function); + + void llvm_gcda_emit_arcs(u32 num_counters, u64 *counters) + { +@@ -293,11 +292,16 @@ int gcov_info_is_compatible(struct gcov_ + !list_is_last(&fn_ptr2->head, &info2->functions)) { + if (fn_ptr1->checksum != fn_ptr2->checksum) + return false; ++#if CONFIG_CLANG_VERSION < 110000 + if (fn_ptr1->use_extra_checksum != fn_ptr2->use_extra_checksum) + return false; + if (fn_ptr1->use_extra_checksum && + fn_ptr1->cfg_checksum != fn_ptr2->cfg_checksum) + return false; ++#else ++ if (fn_ptr1->cfg_checksum != fn_ptr2->cfg_checksum) ++ return false; ++#endif + fn_ptr1 = list_next_entry(fn_ptr1, head); + fn_ptr2 = list_next_entry(fn_ptr2, head); + } +@@ -529,17 +533,22 @@ static size_t convert_to_gcda(char *buff + + list_for_each_entry(fi_ptr, &info->functions, head) { + u32 i; +- u32 len = 2; +- +- if (fi_ptr->use_extra_checksum) +- len++; + + pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION); +- pos += store_gcov_u32(buffer, pos, len); ++#if CONFIG_CLANG_VERSION < 110000 ++ pos += store_gcov_u32(buffer, pos, ++ fi_ptr->use_extra_checksum ? 3 : 2); ++#else ++ pos += store_gcov_u32(buffer, pos, 3); ++#endif + pos += store_gcov_u32(buffer, pos, fi_ptr->ident); + pos += store_gcov_u32(buffer, pos, fi_ptr->checksum); ++#if CONFIG_CLANG_VERSION < 110000 + if (fi_ptr->use_extra_checksum) + pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum); ++#else ++ pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum); ++#endif + + pos += store_gcov_u32(buffer, pos, GCOV_TAG_COUNTER_BASE); + pos += store_gcov_u32(buffer, pos, fi_ptr->num_counters * 2); diff --git a/queue-5.11/ia64-fix-user_stack_pointer-for-ptrace.patch b/queue-5.11/ia64-fix-user_stack_pointer-for-ptrace.patch new file mode 100644 index 00000000000..47e88538e3e --- /dev/null +++ b/queue-5.11/ia64-fix-user_stack_pointer-for-ptrace.patch @@ -0,0 +1,71 @@ +From 7ad1e366167837daeb93d0bacb57dee820b0b898 Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich +Date: Fri, 9 Apr 2021 13:27:32 -0700 +Subject: ia64: fix user_stack_pointer() for ptrace() + +From: Sergei Trofimovich + +commit 7ad1e366167837daeb93d0bacb57dee820b0b898 upstream. + +ia64 has two stacks: + + - memory stack (or stack), pointed at by by r12 + + - register backing store (register stack), pointed at by + ar.bsp/ar.bspstore with complications around dirty + register frame on CPU. + +In [1] Dmitry noticed that PTRACE_GET_SYSCALL_INFO returns the register +stack instead memory stack. + +The bug comes from the fact that user_stack_pointer() and +current_user_stack_pointer() don't return the same register: + + ulong user_stack_pointer(struct pt_regs *regs) { return regs->ar_bspstore; } + #define current_user_stack_pointer() (current_pt_regs()->r12) + +The change gets both back in sync. + +I think ptrace(PTRACE_GET_SYSCALL_INFO) is the only affected user by +this bug on ia64. + +The change fixes 'rt_sigreturn.gen.test' strace test where it was +observed initially. + +Link: https://bugs.gentoo.org/769614 [1] +Link: https://lkml.kernel.org/r/20210331084447.2561532-1-slyfox@gentoo.org +Signed-off-by: Sergei Trofimovich +Reported-by: Dmitry V. Levin +Cc: Oleg Nesterov +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/ia64/include/asm/ptrace.h | 8 +------- + 1 file changed, 1 insertion(+), 7 deletions(-) + +--- a/arch/ia64/include/asm/ptrace.h ++++ b/arch/ia64/include/asm/ptrace.h +@@ -54,8 +54,7 @@ + + static inline unsigned long user_stack_pointer(struct pt_regs *regs) + { +- /* FIXME: should this be bspstore + nr_dirty regs? */ +- return regs->ar_bspstore; ++ return regs->r12; + } + + static inline int is_syscall_success(struct pt_regs *regs) +@@ -79,11 +78,6 @@ static inline long regs_return_value(str + unsigned long __ip = instruction_pointer(regs); \ + (__ip & ~3UL) + ((__ip & 3UL) << 2); \ + }) +-/* +- * Why not default? Because user_stack_pointer() on ia64 gives register +- * stack backing store instead... +- */ +-#define current_user_stack_pointer() (current_pt_regs()->r12) + + /* given a pointer to a task_struct, return the user's pt_regs */ + # define task_pt_regs(t) (((struct pt_regs *) ((char *) (t) + IA64_STK_OFFSET)) - 1) diff --git a/queue-5.11/ib-hfi1-fix-probe-time-panic-when-aip-is-enabled-with-a-buggy-bios.patch b/queue-5.11/ib-hfi1-fix-probe-time-panic-when-aip-is-enabled-with-a-buggy-bios.patch new file mode 100644 index 00000000000..51bb965f5d3 --- /dev/null +++ b/queue-5.11/ib-hfi1-fix-probe-time-panic-when-aip-is-enabled-with-a-buggy-bios.patch @@ -0,0 +1,192 @@ +From 5de61a47eb9064cbbc5f3360d639e8e34a690a54 Mon Sep 17 00:00:00 2001 +From: Mike Marciniszyn +Date: Mon, 29 Mar 2021 09:48:19 -0400 +Subject: IB/hfi1: Fix probe time panic when AIP is enabled with a buggy BIOS + +From: Mike Marciniszyn + +commit 5de61a47eb9064cbbc5f3360d639e8e34a690a54 upstream. + +A panic can result when AIP is enabled: + + BUG: unable to handle kernel NULL pointer dereference at 000000000000000 + PGD 0 P4D 0 + Oops: 0000 1 SMP PTI + CPU: 70 PID: 981 Comm: systemd-udevd Tainted: G OE --------- - - 4.18.0-240.el8.x86_64 #1 + Hardware name: Intel Corporation S2600KP/S2600KP, BIOS SE5C610.86B.01.01.0005.101720141054 10/17/2014 + RIP: 0010:__bitmap_and+0x1b/0x70 + RSP: 0018:ffff99aa0845f9f0 EFLAGS: 00010246 + RAX: 0000000000000000 RBX: ffff8d5a6fc18000 RCX: 0000000000000048 + RDX: 0000000000000000 RSI: ffffffffc06336f0 RDI: ffff8d5a8fa67750 + RBP: 0000000000000079 R08: 0000000fffffffff R09: 0000000000000000 + R10: 0000000000000000 R11: 0000000000000001 R12: ffffffffc06336f0 + R13: 00000000000000a0 R14: ffff8d5a6fc18000 R15: 0000000000000003 + FS: 00007fec137a5980(0000) GS:ffff8d5a9fa80000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 0000000000000000 CR3: 0000000a04b48002 CR4: 00000000001606e0 + Call Trace: + hfi1_num_netdev_contexts+0x7c/0x110 [hfi1] + hfi1_init_dd+0xd7f/0x1a90 [hfi1] + ? pci_bus_read_config_dword+0x49/0x70 + ? pci_mmcfg_read+0x3e/0xe0 + do_init_one.isra.18+0x336/0x640 [hfi1] + local_pci_probe+0x41/0x90 + pci_device_probe+0x105/0x1c0 + really_probe+0x212/0x440 + driver_probe_device+0x49/0xc0 + device_driver_attach+0x50/0x60 + __driver_attach+0x61/0x130 + ? device_driver_attach+0x60/0x60 + bus_for_each_dev+0x77/0xc0 + ? klist_add_tail+0x3b/0x70 + bus_add_driver+0x14d/0x1e0 + ? dev_init+0x10b/0x10b [hfi1] + driver_register+0x6b/0xb0 + ? dev_init+0x10b/0x10b [hfi1] + hfi1_mod_init+0x1e6/0x20a [hfi1] + do_one_initcall+0x46/0x1c3 + ? free_unref_page_commit+0x91/0x100 + ? _cond_resched+0x15/0x30 + ? kmem_cache_alloc_trace+0x140/0x1c0 + do_init_module+0x5a/0x220 + load_module+0x14b4/0x17e0 + ? __do_sys_finit_module+0xa8/0x110 + __do_sys_finit_module+0xa8/0x110 + do_syscall_64+0x5b/0x1a0 + +The issue happens when pcibus_to_node() returns NO_NUMA_NODE. + +Fix this issue by moving the initialization of dd->node to hfi1_devdata +allocation and remove the other pcibus_to_node() calls in the probe path +and use dd->node instead. + +Affinity logic is adjusted to use a new field dd->affinity_entry as a +guard instead of dd->node. + +Fixes: 4730f4a6c6b2 ("IB/hfi1: Activate the dummy netdev") +Link: https://lore.kernel.org/r/1617025700-31865-4-git-send-email-dennis.dalessandro@cornelisnetworks.com +Cc: stable@vger.kernel.org +Signed-off-by: Mike Marciniszyn +Signed-off-by: Dennis Dalessandro +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/infiniband/hw/hfi1/affinity.c | 21 +++++---------------- + drivers/infiniband/hw/hfi1/hfi.h | 1 + + drivers/infiniband/hw/hfi1/init.c | 10 +++++++++- + drivers/infiniband/hw/hfi1/netdev_rx.c | 3 +-- + 4 files changed, 16 insertions(+), 19 deletions(-) + +--- a/drivers/infiniband/hw/hfi1/affinity.c ++++ b/drivers/infiniband/hw/hfi1/affinity.c +@@ -632,22 +632,11 @@ static void _dev_comp_vect_cpu_mask_clea + */ + int hfi1_dev_affinity_init(struct hfi1_devdata *dd) + { +- int node = pcibus_to_node(dd->pcidev->bus); + struct hfi1_affinity_node *entry; + const struct cpumask *local_mask; + int curr_cpu, possible, i, ret; + bool new_entry = false; + +- /* +- * If the BIOS does not have the NUMA node information set, select +- * NUMA 0 so we get consistent performance. +- */ +- if (node < 0) { +- dd_dev_err(dd, "Invalid PCI NUMA node. Performance may be affected\n"); +- node = 0; +- } +- dd->node = node; +- + local_mask = cpumask_of_node(dd->node); + if (cpumask_first(local_mask) >= nr_cpu_ids) + local_mask = topology_core_cpumask(0); +@@ -660,7 +649,7 @@ int hfi1_dev_affinity_init(struct hfi1_d + * create an entry in the global affinity structure and initialize it. + */ + if (!entry) { +- entry = node_affinity_allocate(node); ++ entry = node_affinity_allocate(dd->node); + if (!entry) { + dd_dev_err(dd, + "Unable to allocate global affinity node\n"); +@@ -751,6 +740,7 @@ int hfi1_dev_affinity_init(struct hfi1_d + if (new_entry) + node_affinity_add_tail(entry); + ++ dd->affinity_entry = entry; + mutex_unlock(&node_affinity.lock); + + return 0; +@@ -766,10 +756,9 @@ void hfi1_dev_affinity_clean_up(struct h + { + struct hfi1_affinity_node *entry; + +- if (dd->node < 0) +- return; +- + mutex_lock(&node_affinity.lock); ++ if (!dd->affinity_entry) ++ goto unlock; + entry = node_affinity_lookup(dd->node); + if (!entry) + goto unlock; +@@ -780,8 +769,8 @@ void hfi1_dev_affinity_clean_up(struct h + */ + _dev_comp_vect_cpu_mask_clean_up(dd, entry); + unlock: ++ dd->affinity_entry = NULL; + mutex_unlock(&node_affinity.lock); +- dd->node = NUMA_NO_NODE; + } + + /* +--- a/drivers/infiniband/hw/hfi1/hfi.h ++++ b/drivers/infiniband/hw/hfi1/hfi.h +@@ -1409,6 +1409,7 @@ struct hfi1_devdata { + spinlock_t irq_src_lock; + int vnic_num_vports; + struct net_device *dummy_netdev; ++ struct hfi1_affinity_node *affinity_entry; + + /* Keeps track of IPoIB RSM rule users */ + atomic_t ipoib_rsm_usr_num; +--- a/drivers/infiniband/hw/hfi1/init.c ++++ b/drivers/infiniband/hw/hfi1/init.c +@@ -1277,7 +1277,6 @@ static struct hfi1_devdata *hfi1_alloc_d + dd->pport = (struct hfi1_pportdata *)(dd + 1); + dd->pcidev = pdev; + pci_set_drvdata(pdev, dd); +- dd->node = NUMA_NO_NODE; + + ret = xa_alloc_irq(&hfi1_dev_table, &dd->unit, dd, xa_limit_32b, + GFP_KERNEL); +@@ -1287,6 +1286,15 @@ static struct hfi1_devdata *hfi1_alloc_d + goto bail; + } + rvt_set_ibdev_name(&dd->verbs_dev.rdi, "%s_%d", class_name(), dd->unit); ++ /* ++ * If the BIOS does not have the NUMA node information set, select ++ * NUMA 0 so we get consistent performance. ++ */ ++ dd->node = pcibus_to_node(pdev->bus); ++ if (dd->node == NUMA_NO_NODE) { ++ dd_dev_err(dd, "Invalid PCI NUMA node. Performance may be affected\n"); ++ dd->node = 0; ++ } + + /* + * Initialize all locks for the device. This needs to be as early as +--- a/drivers/infiniband/hw/hfi1/netdev_rx.c ++++ b/drivers/infiniband/hw/hfi1/netdev_rx.c +@@ -173,8 +173,7 @@ u32 hfi1_num_netdev_contexts(struct hfi1 + return 0; + } + +- cpumask_and(node_cpu_mask, cpu_mask, +- cpumask_of_node(pcibus_to_node(dd->pcidev->bus))); ++ cpumask_and(node_cpu_mask, cpu_mask, cpumask_of_node(dd->node)); + + available_cpus = cpumask_weight(node_cpu_mask); + diff --git a/queue-5.11/lookup_mountpoint-we-are-cleaning-jumped-flag-too-late.patch b/queue-5.11/lookup_mountpoint-we-are-cleaning-jumped-flag-too-late.patch new file mode 100644 index 00000000000..0b2a3132e89 --- /dev/null +++ b/queue-5.11/lookup_mountpoint-we-are-cleaning-jumped-flag-too-late.patch @@ -0,0 +1,46 @@ +From 4f0ed93fb92d3528c73c80317509df3f800a222b Mon Sep 17 00:00:00 2001 +From: Al Viro +Date: Tue, 6 Apr 2021 19:46:51 -0400 +Subject: LOOKUP_MOUNTPOINT: we are cleaning "jumped" flag too late + +From: Al Viro + +commit 4f0ed93fb92d3528c73c80317509df3f800a222b upstream. + +That (and traversals in case of umount .) should be done before +complete_walk(). Either a braino or mismerge damage on queue +reorders - either way, I should've spotted that much earlier. + +Fucked-up-by: Al Viro +X-Paperbag: Brown +Fixes: 161aff1d93ab "LOOKUP_MOUNTPOINT: fold path_mountpointat() into path_lookupat()" +Cc: stable@vger.kernel.org # v5.7+ +Signed-off-by: Al Viro +Signed-off-by: Greg Kroah-Hartman +--- + fs/namei.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/fs/namei.c ++++ b/fs/namei.c +@@ -2330,16 +2330,16 @@ static int path_lookupat(struct nameidat + while (!(err = link_path_walk(s, nd)) && + (s = lookup_last(nd)) != NULL) + ; ++ if (!err && unlikely(nd->flags & LOOKUP_MOUNTPOINT)) { ++ err = handle_lookup_down(nd); ++ nd->flags &= ~LOOKUP_JUMPED; // no d_weak_revalidate(), please... ++ } + if (!err) + err = complete_walk(nd); + + if (!err && nd->flags & LOOKUP_DIRECTORY) + if (!d_can_lookup(nd->path.dentry)) + err = -ENOTDIR; +- if (!err && unlikely(nd->flags & LOOKUP_MOUNTPOINT)) { +- err = handle_lookup_down(nd); +- nd->flags &= ~LOOKUP_JUMPED; // no d_weak_revalidate(), please... +- } + if (!err) { + *path = nd->path; + nd->path.mnt = NULL; diff --git a/queue-5.11/nds32-flush_dcache_page-use-page_mapping_file-to-avoid-races-with-swapoff.patch b/queue-5.11/nds32-flush_dcache_page-use-page_mapping_file-to-avoid-races-with-swapoff.patch new file mode 100644 index 00000000000..5ac035463a7 --- /dev/null +++ b/queue-5.11/nds32-flush_dcache_page-use-page_mapping_file-to-avoid-races-with-swapoff.patch @@ -0,0 +1,47 @@ +From a3a8833dffb7e7329c2586b8bfc531adb503f123 Mon Sep 17 00:00:00 2001 +From: Mike Rapoport +Date: Fri, 9 Apr 2021 13:27:23 -0700 +Subject: nds32: flush_dcache_page: use page_mapping_file to avoid races with swapoff + +From: Mike Rapoport + +commit a3a8833dffb7e7329c2586b8bfc531adb503f123 upstream. + +Commit cb9f753a3731 ("mm: fix races between swapoff and flush dcache") +updated flush_dcache_page implementations on several architectures to +use page_mapping_file() in order to avoid races between page_mapping() +and swapoff(). + +This update missed arch/nds32 and there is a possibility of a race +there. + +Replace page_mapping() with page_mapping_file() in nds32 implementation +of flush_dcache_page(). + +Link: https://lkml.kernel.org/r/20210330175126.26500-1-rppt@kernel.org +Fixes: cb9f753a3731 ("mm: fix races between swapoff and flush dcache") +Signed-off-by: Mike Rapoport +Reviewed-by: Matthew Wilcox (Oracle) +Acked-by: Greentime Hu +Cc: Huang Ying +Cc: Nick Hu +Cc: Vincent Chen +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + arch/nds32/mm/cacheflush.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/nds32/mm/cacheflush.c ++++ b/arch/nds32/mm/cacheflush.c +@@ -238,7 +238,7 @@ void flush_dcache_page(struct page *page + { + struct address_space *mapping; + +- mapping = page_mapping(page); ++ mapping = page_mapping_file(page); + if (mapping && !mapping_mapped(mapping)) + set_bit(PG_dcache_dirty, &page->flags); + else { diff --git a/queue-5.11/net-dsa-lantiq_gswip-configure-all-remaining-gswip_mii_cfg-bits.patch b/queue-5.11/net-dsa-lantiq_gswip-configure-all-remaining-gswip_mii_cfg-bits.patch new file mode 100644 index 00000000000..68fc5cd14d6 --- /dev/null +++ b/queue-5.11/net-dsa-lantiq_gswip-configure-all-remaining-gswip_mii_cfg-bits.patch @@ -0,0 +1,93 @@ +From 4b5923249b8fa427943b50b8f35265176472be38 Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Thu, 8 Apr 2021 20:38:28 +0200 +Subject: net: dsa: lantiq_gswip: Configure all remaining GSWIP_MII_CFG bits + +From: Martin Blumenstingl + +commit 4b5923249b8fa427943b50b8f35265176472be38 upstream. + +There are a few more bits in the GSWIP_MII_CFG register for which we +did rely on the boot-loader (or the hardware defaults) to set them up +properly. + +For some external RMII PHYs we need to select the GSWIP_MII_CFG_RMII_CLK +bit and also we should un-set it for non-RMII PHYs. The +GSWIP_MII_CFG_RMII_CLK bit is ignored for other PHY connection modes. + +The GSWIP IP also supports in-band auto-negotiation for RGMII PHYs when +the GSWIP_MII_CFG_RGMII_IBS bit is set. Clear this bit always as there's +no known hardware which uses this (so it is not tested yet). + +Clear the xMII isolation bit when set at initialization time if it was +previously set by the bootloader. Not doing so could lead to no traffic +(neither RX nor TX) on a port with this bit set. + +While here, also add the GSWIP_MII_CFG_RESET bit. We don't need to +manage it because this bit is self-clearning when set. We still add it +here to get a better overview of the GSWIP_MII_CFG register. + +Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Cc: stable@vger.kernel.org +Suggested-by: Hauke Mehrtens +Acked-by: Hauke Mehrtens +Signed-off-by: Martin Blumenstingl +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/dsa/lantiq_gswip.c | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -93,8 +93,12 @@ + + /* GSWIP MII Registers */ + #define GSWIP_MII_CFGp(p) (0x2 * (p)) ++#define GSWIP_MII_CFG_RESET BIT(15) + #define GSWIP_MII_CFG_EN BIT(14) ++#define GSWIP_MII_CFG_ISOLATE BIT(13) + #define GSWIP_MII_CFG_LDCLKDIS BIT(12) ++#define GSWIP_MII_CFG_RGMII_IBS BIT(8) ++#define GSWIP_MII_CFG_RMII_CLK BIT(7) + #define GSWIP_MII_CFG_MODE_MIIP 0x0 + #define GSWIP_MII_CFG_MODE_MIIM 0x1 + #define GSWIP_MII_CFG_MODE_RMIIP 0x2 +@@ -833,9 +837,11 @@ static int gswip_setup(struct dsa_switch + /* Configure the MDIO Clock 2.5 MHz */ + gswip_mdio_mask(priv, 0xff, 0x09, GSWIP_MDIO_MDC_CFG1); + +- /* Disable the xMII link */ ++ /* Disable the xMII interface and clear it's isolation bit */ + for (i = 0; i < priv->hw_info->max_ports; i++) +- gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_EN, 0, i); ++ gswip_mii_mask_cfg(priv, ++ GSWIP_MII_CFG_EN | GSWIP_MII_CFG_ISOLATE, ++ 0, i); + + /* enable special tag insertion on cpu port */ + gswip_switch_mask(priv, 0, GSWIP_FDMA_PCTRL_STEN, +@@ -1611,6 +1617,9 @@ static void gswip_phylink_mac_config(str + break; + case PHY_INTERFACE_MODE_RMII: + miicfg |= GSWIP_MII_CFG_MODE_RMIIM; ++ ++ /* Configure the RMII clock as output: */ ++ miicfg |= GSWIP_MII_CFG_RMII_CLK; + break; + case PHY_INTERFACE_MODE_RGMII: + case PHY_INTERFACE_MODE_RGMII_ID: +@@ -1623,7 +1632,11 @@ static void gswip_phylink_mac_config(str + "Unsupported interface: %d\n", state->interface); + return; + } +- gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_MODE_MASK, miicfg, port); ++ ++ gswip_mii_mask_cfg(priv, ++ GSWIP_MII_CFG_MODE_MASK | GSWIP_MII_CFG_RMII_CLK | ++ GSWIP_MII_CFG_RGMII_IBS | GSWIP_MII_CFG_LDCLKDIS, ++ miicfg, port); + + switch (state->interface) { + case PHY_INTERFACE_MODE_RGMII_ID: diff --git a/queue-5.11/net-dsa-lantiq_gswip-don-t-use-phy-auto-polling.patch b/queue-5.11/net-dsa-lantiq_gswip-don-t-use-phy-auto-polling.patch new file mode 100644 index 00000000000..b166f1d33d7 --- /dev/null +++ b/queue-5.11/net-dsa-lantiq_gswip-don-t-use-phy-auto-polling.patch @@ -0,0 +1,317 @@ +From 3e9005be87777afc902b9f5497495898202d335d Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Thu, 8 Apr 2021 20:38:27 +0200 +Subject: net: dsa: lantiq_gswip: Don't use PHY auto polling + +From: Martin Blumenstingl + +commit 3e9005be87777afc902b9f5497495898202d335d upstream. + +PHY auto polling on the GSWIP hardware can be used so link changes +(speed, link up/down, etc.) can be detected automatically. Internally +GSWIP reads the PHY's registers for this functionality. Based on this +automatic detection GSWIP can also automatically re-configure it's port +settings. Unfortunately this auto polling (and configuration) mechanism +seems to cause various issues observed by different people on different +devices: +- FritzBox 7360v2: the two Gbit/s ports (connected to the two internal + PHY11G instances) are working fine but the two Fast Ethernet ports + (using an AR8030 RMII PHY) are completely dead (neither RX nor TX are + received). It turns out that the AR8030 PHY sets the BMSR_ESTATEN bit + as well as the ESTATUS_1000_TFULL and ESTATUS_1000_XFULL bits. This + makes the PHY auto polling state machine (rightfully?) think that the + established link speed (when the other side is Gbit/s capable) is + 1Gbit/s. +- None of the Ethernet ports on the Zyxel P-2812HNU-F1 (two are + connected to the internal PHY11G GPHYs while the other three are + external RGMII PHYs) are working. Neither RX nor TX traffic was + observed. It is not clear which part of the PHY auto polling state- + machine caused this. +- FritzBox 7412 (only one LAN port which is connected to one of the + internal GPHYs running in PHY22F / Fast Ethernet mode) was seeing + random disconnects (link down events could be seen). Sometimes all + traffic would stop after such disconnect. It is not clear which part + of the PHY auto polling state-machine cauased this. +- TP-Link TD-W9980 (two ports are connected to the internal GPHYs + running in PHY11G / Gbit/s mode, the other two are external RGMII + PHYs) was affected by similar issues as the FritzBox 7412 just without + the "link down" events + +Switch to software based configuration instead of PHY auto polling (and +letting the GSWIP hardware configure the ports automatically) for the +following link parameters: +- link up/down +- link speed +- full/half duplex +- flow control (RX / TX pause) + +After a big round of manual testing by various people (who helped test +this on OpenWrt) it turns out that this fixes all reported issues. + +Additionally it can be considered more future proof because any +"quirk" which is implemented for a PHY on the driver side can now be +used with the GSWIP hardware as well because Linux is in control of the +link parameters. + +As a nice side-effect this also solves a problem where fixed-links were +not supported previously because we were relying on the PHY auto polling +mechanism, which cannot work for fixed-links as there's no PHY from +where it can read the registers. Configuring the link settings on the +GSWIP ports means that we now use the settings from device-tree also for +ports with fixed-links. + +Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Fixes: 3e6fdeb28f4c33 ("net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock") +Cc: stable@vger.kernel.org +Acked-by: Hauke Mehrtens +Reviewed-by: Andrew Lunn +Signed-off-by: Martin Blumenstingl +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/dsa/lantiq_gswip.c | 185 +++++++++++++++++++++++++++++++++++------ + 1 file changed, 159 insertions(+), 26 deletions(-) + +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -190,6 +190,23 @@ + #define GSWIP_PCE_DEFPVID(p) (0x486 + ((p) * 0xA)) + + #define GSWIP_MAC_FLEN 0x8C5 ++#define GSWIP_MAC_CTRL_0p(p) (0x903 + ((p) * 0xC)) ++#define GSWIP_MAC_CTRL_0_PADEN BIT(8) ++#define GSWIP_MAC_CTRL_0_FCS_EN BIT(7) ++#define GSWIP_MAC_CTRL_0_FCON_MASK 0x0070 ++#define GSWIP_MAC_CTRL_0_FCON_AUTO 0x0000 ++#define GSWIP_MAC_CTRL_0_FCON_RX 0x0010 ++#define GSWIP_MAC_CTRL_0_FCON_TX 0x0020 ++#define GSWIP_MAC_CTRL_0_FCON_RXTX 0x0030 ++#define GSWIP_MAC_CTRL_0_FCON_NONE 0x0040 ++#define GSWIP_MAC_CTRL_0_FDUP_MASK 0x000C ++#define GSWIP_MAC_CTRL_0_FDUP_AUTO 0x0000 ++#define GSWIP_MAC_CTRL_0_FDUP_EN 0x0004 ++#define GSWIP_MAC_CTRL_0_FDUP_DIS 0x000C ++#define GSWIP_MAC_CTRL_0_GMII_MASK 0x0003 ++#define GSWIP_MAC_CTRL_0_GMII_AUTO 0x0000 ++#define GSWIP_MAC_CTRL_0_GMII_MII 0x0001 ++#define GSWIP_MAC_CTRL_0_GMII_RGMII 0x0002 + #define GSWIP_MAC_CTRL_2p(p) (0x905 + ((p) * 0xC)) + #define GSWIP_MAC_CTRL_2_MLEN BIT(3) /* Maximum Untagged Frame Lnegth */ + +@@ -653,16 +670,13 @@ static int gswip_port_enable(struct dsa_ + GSWIP_SDMA_PCTRLp(port)); + + if (!dsa_is_cpu_port(ds, port)) { +- u32 macconf = GSWIP_MDIO_PHY_LINK_AUTO | +- GSWIP_MDIO_PHY_SPEED_AUTO | +- GSWIP_MDIO_PHY_FDUP_AUTO | +- GSWIP_MDIO_PHY_FCONTX_AUTO | +- GSWIP_MDIO_PHY_FCONRX_AUTO | +- (phydev->mdio.addr & GSWIP_MDIO_PHY_ADDR_MASK); +- +- gswip_mdio_w(priv, macconf, GSWIP_MDIO_PHYp(port)); +- /* Activate MDIO auto polling */ +- gswip_mdio_mask(priv, 0, BIT(port), GSWIP_MDIO_MDC_CFG0); ++ u32 mdio_phy = 0; ++ ++ if (phydev) ++ mdio_phy = phydev->mdio.addr & GSWIP_MDIO_PHY_ADDR_MASK; ++ ++ gswip_mdio_mask(priv, GSWIP_MDIO_PHY_ADDR_MASK, mdio_phy, ++ GSWIP_MDIO_PHYp(port)); + } + + return 0; +@@ -675,14 +689,6 @@ static void gswip_port_disable(struct ds + if (!dsa_is_user_port(ds, port)) + return; + +- if (!dsa_is_cpu_port(ds, port)) { +- gswip_mdio_mask(priv, GSWIP_MDIO_PHY_LINK_DOWN, +- GSWIP_MDIO_PHY_LINK_MASK, +- GSWIP_MDIO_PHYp(port)); +- /* Deactivate MDIO auto polling */ +- gswip_mdio_mask(priv, BIT(port), 0, GSWIP_MDIO_MDC_CFG0); +- } +- + gswip_switch_mask(priv, GSWIP_FDMA_PCTRL_EN, 0, + GSWIP_FDMA_PCTRLp(port)); + gswip_switch_mask(priv, GSWIP_SDMA_PCTRL_EN, 0, +@@ -806,20 +812,31 @@ static int gswip_setup(struct dsa_switch + gswip_switch_w(priv, BIT(cpu_port), GSWIP_PCE_PMAP2); + gswip_switch_w(priv, BIT(cpu_port), GSWIP_PCE_PMAP3); + +- /* disable PHY auto polling */ ++ /* Deactivate MDIO PHY auto polling. Some PHYs as the AR8030 have an ++ * interoperability problem with this auto polling mechanism because ++ * their status registers think that the link is in a different state ++ * than it actually is. For the AR8030 it has the BMSR_ESTATEN bit set ++ * as well as ESTATUS_1000_TFULL and ESTATUS_1000_XFULL. This makes the ++ * auto polling state machine consider the link being negotiated with ++ * 1Gbit/s. Since the PHY itself is a Fast Ethernet RMII PHY this leads ++ * to the switch port being completely dead (RX and TX are both not ++ * working). ++ * Also with various other PHY / port combinations (PHY11G GPHY, PHY22F ++ * GPHY, external RGMII PEF7071/7072) any traffic would stop. Sometimes ++ * it would work fine for a few minutes to hours and then stop, on ++ * other device it would no traffic could be sent or received at all. ++ * Testing shows that when PHY auto polling is disabled these problems ++ * go away. ++ */ + gswip_mdio_w(priv, 0x0, GSWIP_MDIO_MDC_CFG0); ++ + /* Configure the MDIO Clock 2.5 MHz */ + gswip_mdio_mask(priv, 0xff, 0x09, GSWIP_MDIO_MDC_CFG1); + +- for (i = 0; i < priv->hw_info->max_ports; i++) { +- /* Disable the xMII link */ ++ /* Disable the xMII link */ ++ for (i = 0; i < priv->hw_info->max_ports; i++) + gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_EN, 0, i); + +- /* Automatically select the xMII interface clock */ +- gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_RATE_MASK, +- GSWIP_MII_CFG_RATE_AUTO, i); +- } +- + /* enable special tag insertion on cpu port */ + gswip_switch_mask(priv, 0, GSWIP_FDMA_PCTRL_STEN, + GSWIP_FDMA_PCTRLp(cpu_port)); +@@ -1469,6 +1486,112 @@ unsupported: + return; + } + ++static void gswip_port_set_link(struct gswip_priv *priv, int port, bool link) ++{ ++ u32 mdio_phy; ++ ++ if (link) ++ mdio_phy = GSWIP_MDIO_PHY_LINK_UP; ++ else ++ mdio_phy = GSWIP_MDIO_PHY_LINK_DOWN; ++ ++ gswip_mdio_mask(priv, GSWIP_MDIO_PHY_LINK_MASK, mdio_phy, ++ GSWIP_MDIO_PHYp(port)); ++} ++ ++static void gswip_port_set_speed(struct gswip_priv *priv, int port, int speed, ++ phy_interface_t interface) ++{ ++ u32 mdio_phy = 0, mii_cfg = 0, mac_ctrl_0 = 0; ++ ++ switch (speed) { ++ case SPEED_10: ++ mdio_phy = GSWIP_MDIO_PHY_SPEED_M10; ++ ++ if (interface == PHY_INTERFACE_MODE_RMII) ++ mii_cfg = GSWIP_MII_CFG_RATE_M50; ++ else ++ mii_cfg = GSWIP_MII_CFG_RATE_M2P5; ++ ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_GMII_MII; ++ break; ++ ++ case SPEED_100: ++ mdio_phy = GSWIP_MDIO_PHY_SPEED_M100; ++ ++ if (interface == PHY_INTERFACE_MODE_RMII) ++ mii_cfg = GSWIP_MII_CFG_RATE_M50; ++ else ++ mii_cfg = GSWIP_MII_CFG_RATE_M25; ++ ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_GMII_MII; ++ break; ++ ++ case SPEED_1000: ++ mdio_phy = GSWIP_MDIO_PHY_SPEED_G1; ++ ++ mii_cfg = GSWIP_MII_CFG_RATE_M125; ++ ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_GMII_RGMII; ++ break; ++ } ++ ++ gswip_mdio_mask(priv, GSWIP_MDIO_PHY_SPEED_MASK, mdio_phy, ++ GSWIP_MDIO_PHYp(port)); ++ gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_RATE_MASK, mii_cfg, port); ++ gswip_switch_mask(priv, GSWIP_MAC_CTRL_0_GMII_MASK, mac_ctrl_0, ++ GSWIP_MAC_CTRL_0p(port)); ++} ++ ++static void gswip_port_set_duplex(struct gswip_priv *priv, int port, int duplex) ++{ ++ u32 mac_ctrl_0, mdio_phy; ++ ++ if (duplex == DUPLEX_FULL) { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FDUP_EN; ++ mdio_phy = GSWIP_MDIO_PHY_FDUP_EN; ++ } else { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FDUP_DIS; ++ mdio_phy = GSWIP_MDIO_PHY_FDUP_DIS; ++ } ++ ++ gswip_switch_mask(priv, GSWIP_MAC_CTRL_0_FDUP_MASK, mac_ctrl_0, ++ GSWIP_MAC_CTRL_0p(port)); ++ gswip_mdio_mask(priv, GSWIP_MDIO_PHY_FDUP_MASK, mdio_phy, ++ GSWIP_MDIO_PHYp(port)); ++} ++ ++static void gswip_port_set_pause(struct gswip_priv *priv, int port, ++ bool tx_pause, bool rx_pause) ++{ ++ u32 mac_ctrl_0, mdio_phy; ++ ++ if (tx_pause && rx_pause) { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FCON_RXTX; ++ mdio_phy = GSWIP_MDIO_PHY_FCONTX_EN | ++ GSWIP_MDIO_PHY_FCONRX_EN; ++ } else if (tx_pause) { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FCON_TX; ++ mdio_phy = GSWIP_MDIO_PHY_FCONTX_EN | ++ GSWIP_MDIO_PHY_FCONRX_DIS; ++ } else if (rx_pause) { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FCON_RX; ++ mdio_phy = GSWIP_MDIO_PHY_FCONTX_DIS | ++ GSWIP_MDIO_PHY_FCONRX_EN; ++ } else { ++ mac_ctrl_0 = GSWIP_MAC_CTRL_0_FCON_NONE; ++ mdio_phy = GSWIP_MDIO_PHY_FCONTX_DIS | ++ GSWIP_MDIO_PHY_FCONRX_DIS; ++ } ++ ++ gswip_switch_mask(priv, GSWIP_MAC_CTRL_0_FCON_MASK, ++ mac_ctrl_0, GSWIP_MAC_CTRL_0p(port)); ++ gswip_mdio_mask(priv, ++ GSWIP_MDIO_PHY_FCONTX_MASK | ++ GSWIP_MDIO_PHY_FCONRX_MASK, ++ mdio_phy, GSWIP_MDIO_PHYp(port)); ++} ++ + static void gswip_phylink_mac_config(struct dsa_switch *ds, int port, + unsigned int mode, + const struct phylink_link_state *state) +@@ -1525,6 +1648,9 @@ static void gswip_phylink_mac_link_down( + struct gswip_priv *priv = ds->priv; + + gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_EN, 0, port); ++ ++ if (!dsa_is_cpu_port(ds, port)) ++ gswip_port_set_link(priv, port, false); + } + + static void gswip_phylink_mac_link_up(struct dsa_switch *ds, int port, +@@ -1536,6 +1662,13 @@ static void gswip_phylink_mac_link_up(st + { + struct gswip_priv *priv = ds->priv; + ++ if (!dsa_is_cpu_port(ds, port)) { ++ gswip_port_set_link(priv, port, true); ++ gswip_port_set_speed(priv, port, speed, interface); ++ gswip_port_set_duplex(priv, port, duplex); ++ gswip_port_set_pause(priv, port, tx_pause, rx_pause); ++ } ++ + gswip_mii_mask_cfg(priv, 0, GSWIP_MII_CFG_EN, port); + } + diff --git a/queue-5.11/net-dsa-lantiq_gswip-let-gswip-automatically-set-the-xmii-clock.patch b/queue-5.11/net-dsa-lantiq_gswip-let-gswip-automatically-set-the-xmii-clock.patch new file mode 100644 index 00000000000..823bfdfa99f --- /dev/null +++ b/queue-5.11/net-dsa-lantiq_gswip-let-gswip-automatically-set-the-xmii-clock.patch @@ -0,0 +1,47 @@ +From 3e6fdeb28f4c331acbd27bdb0effc4befd4ef8e8 Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Wed, 24 Mar 2021 20:36:04 +0100 +Subject: net: dsa: lantiq_gswip: Let GSWIP automatically set the xMII clock + +From: Martin Blumenstingl + +commit 3e6fdeb28f4c331acbd27bdb0effc4befd4ef8e8 upstream. + +The xMII interface clock depends on the PHY interface (MII, RMII, RGMII) +as well as the current link speed. Explicitly configure the GSWIP to +automatically select the appropriate xMII interface clock. + +This fixes an issue seen by some users where ports using an external +RMII or RGMII PHY were deaf (no RX or TX traffic could be seen). Most +likely this is due to an "invalid" xMII clock being selected either by +the bootloader or hardware-defaults. + +Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Signed-off-by: Martin Blumenstingl +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/dsa/lantiq_gswip.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -811,10 +811,15 @@ static int gswip_setup(struct dsa_switch + /* Configure the MDIO Clock 2.5 MHz */ + gswip_mdio_mask(priv, 0xff, 0x09, GSWIP_MDIO_MDC_CFG1); + +- /* Disable the xMII link */ +- for (i = 0; i < priv->hw_info->max_ports; i++) ++ for (i = 0; i < priv->hw_info->max_ports; i++) { ++ /* Disable the xMII link */ + gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_EN, 0, i); + ++ /* Automatically select the xMII interface clock */ ++ gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_RATE_MASK, ++ GSWIP_MII_CFG_RATE_AUTO, i); ++ } ++ + /* enable special tag insertion on cpu port */ + gswip_switch_mask(priv, 0, GSWIP_FDMA_PCTRL_STEN, + GSWIP_FDMA_PCTRLp(cpu_port)); diff --git a/queue-5.11/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch b/queue-5.11/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch new file mode 100644 index 00000000000..c542606ce72 --- /dev/null +++ b/queue-5.11/net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch @@ -0,0 +1,39 @@ +From 864db232dc7036aa2de19749c3d5be0143b24f8f Mon Sep 17 00:00:00 2001 +From: Muhammad Usama Anjum +Date: Fri, 9 Apr 2021 03:01:29 +0500 +Subject: net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh + +From: Muhammad Usama Anjum + +commit 864db232dc7036aa2de19749c3d5be0143b24f8f upstream. + +nlh is being checked for validtity two times when it is dereferenced in +this function. Check for validity again when updating the flags through +nlh pointer to make the dereferencing safe. + +CC: +Addresses-Coverity: ("NULL pointer dereference") +Signed-off-by: Muhammad Usama Anjum +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/route.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -5203,9 +5203,11 @@ static int ip6_route_multipath_add(struc + * nexthops have been replaced by first new, the rest should + * be added to it. + */ +- cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | +- NLM_F_REPLACE); +- cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; ++ if (cfg->fc_nlinfo.nlh) { ++ cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | ++ NLM_F_REPLACE); ++ cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; ++ } + nhn++; + } + diff --git a/queue-5.11/ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch b/queue-5.11/ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch new file mode 100644 index 00000000000..ad8c17ba426 --- /dev/null +++ b/queue-5.11/ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch @@ -0,0 +1,148 @@ +From 90bd070aae6c4fb5d302f9c4b9c88be60c8197ec Mon Sep 17 00:00:00 2001 +From: Wengang Wang +Date: Fri, 9 Apr 2021 13:27:29 -0700 +Subject: ocfs2: fix deadlock between setattr and dio_end_io_write + +From: Wengang Wang + +commit 90bd070aae6c4fb5d302f9c4b9c88be60c8197ec upstream. + +The following deadlock is detected: + + truncate -> setattr path is waiting for pending direct IO to be done (inode->i_dio_count become zero) with inode->i_rwsem held (down_write). + + PID: 14827 TASK: ffff881686a9af80 CPU: 20 COMMAND: "ora_p005_hrltd9" + #0 __schedule at ffffffff818667cc + #1 schedule at ffffffff81866de6 + #2 inode_dio_wait at ffffffff812a2d04 + #3 ocfs2_setattr at ffffffffc05f322e [ocfs2] + #4 notify_change at ffffffff812a5a09 + #5 do_truncate at ffffffff812808f5 + #6 do_sys_ftruncate.constprop.18 at ffffffff81280cf2 + #7 sys_ftruncate at ffffffff81280d8e + #8 do_syscall_64 at ffffffff81003949 + #9 entry_SYSCALL_64_after_hwframe at ffffffff81a001ad + +dio completion path is going to complete one direct IO (decrement +inode->i_dio_count), but before that it hung at locking inode->i_rwsem: + + #0 __schedule+700 at ffffffff818667cc + #1 schedule+54 at ffffffff81866de6 + #2 rwsem_down_write_failed+536 at ffffffff8186aa28 + #3 call_rwsem_down_write_failed+23 at ffffffff8185a1b7 + #4 down_write+45 at ffffffff81869c9d + #5 ocfs2_dio_end_io_write+180 at ffffffffc05d5444 [ocfs2] + #6 ocfs2_dio_end_io+85 at ffffffffc05d5a85 [ocfs2] + #7 dio_complete+140 at ffffffff812c873c + #8 dio_aio_complete_work+25 at ffffffff812c89f9 + #9 process_one_work+361 at ffffffff810b1889 + #10 worker_thread+77 at ffffffff810b233d + #11 kthread+261 at ffffffff810b7fd5 + #12 ret_from_fork+62 at ffffffff81a0035e + +Thus above forms ABBA deadlock. The same deadlock was mentioned in +upstream commit 28f5a8a7c033 ("ocfs2: should wait dio before inode lock +in ocfs2_setattr()"). It seems that that commit only removed the +cluster lock (the victim of above dead lock) from the ABBA deadlock +party. + +End-user visible effects: Process hang in truncate -> ocfs2_setattr path +and other processes hang at ocfs2_dio_end_io_write path. + +This is to fix the deadlock itself. It removes inode_lock() call from +dio completion path to remove the deadlock and add ip_alloc_sem lock in +setattr path to synchronize the inode modifications. + +[wen.gang.wang@oracle.com: remove the "had_alloc_lock" as suggested] + Link: https://lkml.kernel.org/r/20210402171344.1605-1-wen.gang.wang@oracle.com + +Link: https://lkml.kernel.org/r/20210331203654.3911-1-wen.gang.wang@oracle.com +Signed-off-by: Wengang Wang +Reviewed-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/aops.c | 11 +---------- + fs/ocfs2/file.c | 8 ++++++-- + 2 files changed, 7 insertions(+), 12 deletions(-) + +--- a/fs/ocfs2/aops.c ++++ b/fs/ocfs2/aops.c +@@ -2295,7 +2295,7 @@ static int ocfs2_dio_end_io_write(struct + struct ocfs2_alloc_context *meta_ac = NULL; + handle_t *handle = NULL; + loff_t end = offset + bytes; +- int ret = 0, credits = 0, locked = 0; ++ int ret = 0, credits = 0; + + ocfs2_init_dealloc_ctxt(&dealloc); + +@@ -2306,13 +2306,6 @@ static int ocfs2_dio_end_io_write(struct + !dwc->dw_orphaned) + goto out; + +- /* ocfs2_file_write_iter will get i_mutex, so we need not lock if we +- * are in that context. */ +- if (dwc->dw_writer_pid != task_pid_nr(current)) { +- inode_lock(inode); +- locked = 1; +- } +- + ret = ocfs2_inode_lock(inode, &di_bh, 1); + if (ret < 0) { + mlog_errno(ret); +@@ -2393,8 +2386,6 @@ out: + if (meta_ac) + ocfs2_free_alloc_context(meta_ac); + ocfs2_run_deallocs(osb, &dealloc); +- if (locked) +- inode_unlock(inode); + ocfs2_dio_free_write_ctx(inode, dwc); + + return ret; +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -1244,22 +1244,24 @@ int ocfs2_setattr(struct dentry *dentry, + goto bail_unlock; + } + } ++ down_write(&OCFS2_I(inode)->ip_alloc_sem); + handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS + + 2 * ocfs2_quota_trans_credits(sb)); + if (IS_ERR(handle)) { + status = PTR_ERR(handle); + mlog_errno(status); +- goto bail_unlock; ++ goto bail_unlock_alloc; + } + status = __dquot_transfer(inode, transfer_to); + if (status < 0) + goto bail_commit; + } else { ++ down_write(&OCFS2_I(inode)->ip_alloc_sem); + handle = ocfs2_start_trans(osb, OCFS2_INODE_UPDATE_CREDITS); + if (IS_ERR(handle)) { + status = PTR_ERR(handle); + mlog_errno(status); +- goto bail_unlock; ++ goto bail_unlock_alloc; + } + } + +@@ -1272,6 +1274,8 @@ int ocfs2_setattr(struct dentry *dentry, + + bail_commit: + ocfs2_commit_trans(osb, handle); ++bail_unlock_alloc: ++ up_write(&OCFS2_I(inode)->ip_alloc_sem); + bail_unlock: + if (status && inode_locked) { + ocfs2_inode_unlock_tracker(inode, 1, &oh, had_lock); diff --git a/queue-5.11/of-property-fw_devlink-do-not-link-.-nr-gpios.patch b/queue-5.11/of-property-fw_devlink-do-not-link-.-nr-gpios.patch new file mode 100644 index 00000000000..d15da1a284d --- /dev/null +++ b/queue-5.11/of-property-fw_devlink-do-not-link-.-nr-gpios.patch @@ -0,0 +1,60 @@ +From d473d32c2fbac2d1d7082c61899cfebd34eb267a Mon Sep 17 00:00:00 2001 +From: Ilya Lipnitskiy +Date: Mon, 5 Apr 2021 15:25:40 -0700 +Subject: of: property: fw_devlink: do not link ".*,nr-gpios" + +From: Ilya Lipnitskiy + +commit d473d32c2fbac2d1d7082c61899cfebd34eb267a upstream. + +[,]nr-gpios property is used by some GPIO drivers[0] to indicate +the number of GPIOs present on a system, not define a GPIO. nr-gpios is +not configured by #gpio-cells and can't be parsed along with other +"*-gpios" properties. + +nr-gpios without the "," prefix is not allowed by the DT +spec[1], so only add exception for the ",nr-gpios" suffix and let the +error message continue being printed for non-compliant implementations. + +[0] nr-gpios is referenced in Documentation/devicetree/bindings/gpio: + - gpio-adnp.txt + - gpio-xgene-sb.txt + - gpio-xlp.txt + - snps,dw-apb-gpio.yaml + +[1] Link: https://github.com/devicetree-org/dt-schema/blob/cb53a16a1eb3e2169ce170c071e47940845ec26e/schemas/gpio/gpio-consumer.yaml#L20 + +Fixes errors such as: + OF: /palmbus@300000/gpio@600: could not find phandle + +Fixes: 7f00be96f125 ("of: property: Add device link support for interrupt-parent, dmas and -gpio(s)") +Signed-off-by: Ilya Lipnitskiy +Cc: Saravana Kannan +Cc: stable@vger.kernel.org # v5.5+ +Link: https://lore.kernel.org/r/20210405222540.18145-1-ilya.lipnitskiy@gmail.com +Signed-off-by: Rob Herring +Signed-off-by: Greg Kroah-Hartman +--- + drivers/of/property.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +--- a/drivers/of/property.c ++++ b/drivers/of/property.c +@@ -1260,7 +1260,16 @@ DEFINE_SIMPLE_PROP(pinctrl7, "pinctrl-7" + DEFINE_SIMPLE_PROP(pinctrl8, "pinctrl-8", NULL) + DEFINE_SUFFIX_PROP(regulators, "-supply", NULL) + DEFINE_SUFFIX_PROP(gpio, "-gpio", "#gpio-cells") +-DEFINE_SUFFIX_PROP(gpios, "-gpios", "#gpio-cells") ++ ++static struct device_node *parse_gpios(struct device_node *np, ++ const char *prop_name, int index) ++{ ++ if (!strcmp_suffix(prop_name, ",nr-gpios")) ++ return NULL; ++ ++ return parse_suffix_prop_cells(np, prop_name, index, "-gpios", ++ "#gpio-cells"); ++} + + static struct device_node *parse_iommu_maps(struct device_node *np, + const char *prop_name, int index) diff --git a/queue-5.11/parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch b/queue-5.11/parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch new file mode 100644 index 00000000000..2ccd258ff37 --- /dev/null +++ b/queue-5.11/parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch @@ -0,0 +1,41 @@ +From 4d752e5af63753ab5140fc282929b98eaa4bd12e Mon Sep 17 00:00:00 2001 +From: Gao Xiang +Date: Tue, 6 Apr 2021 12:59:29 +0800 +Subject: parisc: avoid a warning on u8 cast for cmpxchg on u8 pointers + +From: Gao Xiang + +commit 4d752e5af63753ab5140fc282929b98eaa4bd12e upstream. + +commit b344d6a83d01 ("parisc: add support for cmpxchg on u8 pointers") +can generate a sparse warning ("cast truncates bits from constant +value"), which has been reported several times [1] [2] [3]. + +The original code worked as expected, but anyway, let silence such +sparse warning as what others did [4]. + +[1] https://lore.kernel.org/r/202104061220.nRMBwCXw-lkp@intel.com +[2] https://lore.kernel.org/r/202012291914.T5Agcn99-lkp@intel.com +[3] https://lore.kernel.org/r/202008210829.KVwn7Xeh%25lkp@intel.com +[4] https://lore.kernel.org/r/20210315131512.133720-2-jacopo+renesas@jmondi.org +Cc: Liam Beguin +Cc: Helge Deller +Cc: stable@vger.kernel.org # v5.8+ +Signed-off-by: Gao Xiang +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/include/asm/cmpxchg.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/parisc/include/asm/cmpxchg.h ++++ b/arch/parisc/include/asm/cmpxchg.h +@@ -72,7 +72,7 @@ __cmpxchg(volatile void *ptr, unsigned l + #endif + case 4: return __cmpxchg_u32((unsigned int *)ptr, + (unsigned int)old, (unsigned int)new_); +- case 1: return __cmpxchg_u8((u8 *)ptr, (u8)old, (u8)new_); ++ case 1: return __cmpxchg_u8((u8 *)ptr, old & 0xff, new_ & 0xff); + } + __cmpxchg_called_with_bad_pointer(); + return old; diff --git a/queue-5.11/parisc-parisc-agp-requires-sba-iommu-driver.patch b/queue-5.11/parisc-parisc-agp-requires-sba-iommu-driver.patch new file mode 100644 index 00000000000..1694a772a41 --- /dev/null +++ b/queue-5.11/parisc-parisc-agp-requires-sba-iommu-driver.patch @@ -0,0 +1,31 @@ +From 9054284e8846b0105aad43a4e7174ca29fffbc44 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Tue, 6 Apr 2021 11:32:52 +0200 +Subject: parisc: parisc-agp requires SBA IOMMU driver + +From: Helge Deller + +commit 9054284e8846b0105aad43a4e7174ca29fffbc44 upstream. + +Add a dependency to the SBA IOMMU driver to avoid: +ERROR: modpost: "sba_list" [drivers/char/agp/parisc-agp.ko] undefined! + +Reported-by: kernel test robot +Cc: stable@vger.kernel.org +Signed-off-by: Helge Deller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/char/agp/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/char/agp/Kconfig ++++ b/drivers/char/agp/Kconfig +@@ -125,7 +125,7 @@ config AGP_HP_ZX1 + + config AGP_PARISC + tristate "HP Quicksilver AGP support" +- depends on AGP && PARISC && 64BIT ++ depends on AGP && PARISC && 64BIT && IOMMU_SBA + help + This option gives you AGP GART support for the HP Quicksilver + AGP bus adapter on HP PA-RISC machines (Ok, just on the C8000 diff --git a/queue-5.11/rfkill-revert-back-to-old-userspace-api-by-default.patch b/queue-5.11/rfkill-revert-back-to-old-userspace-api-by-default.patch new file mode 100644 index 00000000000..e02f682c74f --- /dev/null +++ b/queue-5.11/rfkill-revert-back-to-old-userspace-api-by-default.patch @@ -0,0 +1,194 @@ +From 71826654ce40112f0651b6f4e94c422354f4adb6 Mon Sep 17 00:00:00 2001 +From: Johannes Berg +Date: Fri, 19 Mar 2021 23:25:11 +0100 +Subject: rfkill: revert back to old userspace API by default + +From: Johannes Berg + +commit 71826654ce40112f0651b6f4e94c422354f4adb6 upstream. + +Recompiling with the new extended version of struct rfkill_event +broke systemd in *two* ways: + - It used "sizeof(struct rfkill_event)" to read the event, but + then complained if it actually got something != 8, this broke + it on new kernels (that include the updated API); + - It used sizeof(struct rfkill_event) to write a command, but + didn't implement the intended expansion protocol where the + kernel returns only how many bytes it accepted, and errored + out due to the unexpected smaller size on kernels that didn't + include the updated API. + +Even though systemd has now been fixed, that fix may not be always +deployed, and other applications could potentially have similar +issues. + +As such, in the interest of avoiding regressions, revert the +default API "struct rfkill_event" back to the original size. + +Instead, add a new "struct rfkill_event_ext" that extends it by +the new field, and even more clearly document that applications +should be prepared for extensions in two ways: + * write might only accept fewer bytes on older kernels, and + will return how many to let userspace know which data may + have been ignored; + * read might return anything between 8 (the original size) and + whatever size the application sized its buffer at, indicating + how much event data was supported by the kernel. + +Perhaps that will help avoid such issues in the future and we +won't have to come up with another version of the struct if we +ever need to extend it again. + +Applications that want to take advantage of the new field will +have to be modified to use struct rfkill_event_ext instead now, +which comes with the danger of them having already been updated +to use it from 'struct rfkill_event', but I found no evidence +of that, and it's still relatively new. + +Cc: stable@vger.kernel.org # 5.11 +Reported-by: Takashi Iwai +Tested-by: Sedat Dilek # LLVM/Clang v12.0.0-r4 (x86-64) +Link: https://lore.kernel.org/r/20210319232510.f1a139cfdd9c.Ic5c7c9d1d28972059e132ea653a21a427c326678@changeid +Signed-off-by: Johannes Berg +Signed-off-by: Greg Kroah-Hartman +--- + include/uapi/linux/rfkill.h | 82 +++++++++++++++++++++++++++++++++++++------- + net/rfkill/core.c | 7 ++- + 2 files changed, 73 insertions(+), 16 deletions(-) + +--- a/include/uapi/linux/rfkill.h ++++ b/include/uapi/linux/rfkill.h +@@ -86,34 +86,90 @@ enum rfkill_hard_block_reasons { + * @op: operation code + * @hard: hard state (0/1) + * @soft: soft state (0/1) ++ * ++ * Structure used for userspace communication on /dev/rfkill, ++ * used for events from the kernel and control to the kernel. ++ */ ++struct rfkill_event { ++ __u32 idx; ++ __u8 type; ++ __u8 op; ++ __u8 soft; ++ __u8 hard; ++} __attribute__((packed)); ++ ++/** ++ * struct rfkill_event_ext - events for userspace on /dev/rfkill ++ * @idx: index of dev rfkill ++ * @type: type of the rfkill struct ++ * @op: operation code ++ * @hard: hard state (0/1) ++ * @soft: soft state (0/1) + * @hard_block_reasons: valid if hard is set. One or several reasons from + * &enum rfkill_hard_block_reasons. + * + * Structure used for userspace communication on /dev/rfkill, + * used for events from the kernel and control to the kernel. ++ * ++ * See the extensibility docs below. + */ +-struct rfkill_event { ++struct rfkill_event_ext { + __u32 idx; + __u8 type; + __u8 op; + __u8 soft; + __u8 hard; ++ ++ /* ++ * older kernels will accept/send only up to this point, ++ * and if extended further up to any chunk marked below ++ */ ++ + __u8 hard_block_reasons; + } __attribute__((packed)); + +-/* +- * We are planning to be backward and forward compatible with changes +- * to the event struct, by adding new, optional, members at the end. +- * When reading an event (whether the kernel from userspace or vice +- * versa) we need to accept anything that's at least as large as the +- * version 1 event size, but might be able to accept other sizes in +- * the future. +- * +- * One exception is the kernel -- we already have two event sizes in +- * that we've made the 'hard' member optional since our only option +- * is to ignore it anyway. ++/** ++ * DOC: Extensibility ++ * ++ * Originally, we had planned to allow backward and forward compatible ++ * changes by just adding fields at the end of the structure that are ++ * then not reported on older kernels on read(), and not written to by ++ * older kernels on write(), with the kernel reporting the size it did ++ * accept as the result. ++ * ++ * This would have allowed userspace to detect on read() and write() ++ * which kernel structure version it was dealing with, and if was just ++ * recompiled it would have gotten the new fields, but obviously not ++ * accessed them, but things should've continued to work. ++ * ++ * Unfortunately, while actually exercising this mechanism to add the ++ * hard block reasons field, we found that userspace (notably systemd) ++ * did all kinds of fun things not in line with this scheme: ++ * ++ * 1. treat the (expected) short writes as an error; ++ * 2. ask to read sizeof(struct rfkill_event) but then compare the ++ * actual return value to RFKILL_EVENT_SIZE_V1 and treat any ++ * mismatch as an error. ++ * ++ * As a consequence, just recompiling with a new struct version caused ++ * things to no longer work correctly on old and new kernels. ++ * ++ * Hence, we've rolled back &struct rfkill_event to the original version ++ * and added &struct rfkill_event_ext. This effectively reverts to the ++ * old behaviour for all userspace, unless it explicitly opts in to the ++ * rules outlined here by using the new &struct rfkill_event_ext. ++ * ++ * Userspace using &struct rfkill_event_ext must adhere to the following ++ * rules ++ * ++ * 1. accept short writes, optionally using them to detect that it's ++ * running on an older kernel; ++ * 2. accept short reads, knowing that this means it's running on an ++ * older kernel; ++ * 3. treat reads that are as long as requested as acceptable, not ++ * checking against RFKILL_EVENT_SIZE_V1 or such. + */ +-#define RFKILL_EVENT_SIZE_V1 8 ++#define RFKILL_EVENT_SIZE_V1 sizeof(struct rfkill_event) + + /* ioctl for turning off rfkill-input (if present) */ + #define RFKILL_IOC_MAGIC 'R' +--- a/net/rfkill/core.c ++++ b/net/rfkill/core.c +@@ -69,7 +69,7 @@ struct rfkill { + + struct rfkill_int_event { + struct list_head list; +- struct rfkill_event ev; ++ struct rfkill_event_ext ev; + }; + + struct rfkill_data { +@@ -253,7 +253,8 @@ static void rfkill_global_led_trigger_un + } + #endif /* CONFIG_RFKILL_LEDS */ + +-static void rfkill_fill_event(struct rfkill_event *ev, struct rfkill *rfkill, ++static void rfkill_fill_event(struct rfkill_event_ext *ev, ++ struct rfkill *rfkill, + enum rfkill_operation op) + { + unsigned long flags; +@@ -1237,7 +1238,7 @@ static ssize_t rfkill_fop_write(struct f + size_t count, loff_t *pos) + { + struct rfkill *rfkill; +- struct rfkill_event ev; ++ struct rfkill_event_ext ev; + int ret; + + /* we don't need the 'hard' variable but accept it */ diff --git a/queue-5.11/series b/queue-5.11/series index f325b8a8db2..eda9555a799 100644 --- a/queue-5.11/series +++ b/queue-5.11/series @@ -12,3 +12,27 @@ selinux-make-nslot-handling-in-avtab-more-robust.patch selinux-fix-cond_list-corruption-when-changing-booleans.patch selinux-fix-race-between-old-and-new-sidtab.patch xen-evtchn-change-irq_info-lock-to-raw_spinlock_t.patch +net-ipv6-check-for-validity-before-dereferencing-cfg-fc_nlinfo.nlh.patch +net-dsa-lantiq_gswip-let-gswip-automatically-set-the-xmii-clock.patch +net-dsa-lantiq_gswip-don-t-use-phy-auto-polling.patch +net-dsa-lantiq_gswip-configure-all-remaining-gswip_mii_cfg-bits.patch +drm-i915-fix-invalid-access-to-acpi-_dsm-objects.patch +acpi-processor-fix-build-when-config_acpi_processor-m.patch +drm-radeon-fix-size-overflow.patch +drm-amdgpu-fix-size-overflow.patch +drm-amdgpu-smu7-fix-cac-setting-on-topaz.patch +rfkill-revert-back-to-old-userspace-api-by-default.patch +cifs-escape-spaces-in-share-names.patch +cifs-on-cifs_reconnect-resolve-the-hostname-again.patch +ib-hfi1-fix-probe-time-panic-when-aip-is-enabled-with-a-buggy-bios.patch +lookup_mountpoint-we-are-cleaning-jumped-flag-too-late.patch +gcov-re-fix-clang-11-support.patch +ia64-fix-user_stack_pointer-for-ptrace.patch +nds32-flush_dcache_page-use-page_mapping_file-to-avoid-races-with-swapoff.patch +ocfs2-fix-deadlock-between-setattr-and-dio_end_io_write.patch +fs-direct-io-fix-missing-sdio-boundary.patch +ethtool-fix-incorrect-datatype-in-set_eee-ops.patch +of-property-fw_devlink-do-not-link-.-nr-gpios.patch +parisc-parisc-agp-requires-sba-iommu-driver.patch +parisc-avoid-a-warning-on-u8-cast-for-cmpxchg-on-u8-pointers.patch +arm-dts-turris-omnia-configure-led-intn-pin-as-interrupt-pin.patch