From 67bda23a5951881e6095b65b203f2532d3b679f0 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 1 Aug 2023 08:22:05 +0200 Subject: [PATCH] 6.4-stable patches added patches: 9p-fix-ignored-return-value-in-v9fs_dir_release.patch arm64-sme-set-new-vector-length-before-reallocating.patch asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch fs-9p-remove-unnecessary-and-overrestrictive-check.patch fs-9p-remove-unnecessary-invalidate_inode_pages2.patch loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch loongarch-fix-return-value-underflow-in-exception-path.patch mptcp-more-accurate-nl-event-generation.patch pm-sleep-wakeirq-fix-wake-irq-arming.patch revert-um-use-swap-to-make-code-cleaner.patch s390-dasd-fix-hanging-device-after-quiesce-resume.patch s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch soundwire-fix-enumeration-completion.patch thermal-of-fix-double-free-on-unregistration.patch --- ...red-return-value-in-v9fs_dir_release.patch | 54 ++++++++ ...ew-vector-length-before-reallocating.patch | 54 ++++++++ ...cache-for-wm8904_adc_test_0-register.patch | 40 ++++++ ...e-mismatch-in-file-cache-mode-helper.patch | 39 ++++++ ...o-in-comparison-logic-for-cache-mode.patch | 33 +++++ ...nnecessary-and-overrestrictive-check.patch | 37 ++++++ ...-unnecessary-invalidate_inode_pages2.patch | 32 +++++ ...able-bpf_probe_read-str-on-loongarch.patch | 39 ++++++ ...condition-to-call-lu32id-in-move_imm.patch | 37 ++++++ ...rn-value-underflow-in-exception-path.patch | 69 ++++++++++ ...cp-more-accurate-nl-event-generation.patch | 39 ++++++ ...pm-sleep-wakeirq-fix-wake-irq-arming.patch | 88 +++++++++++++ ...ert-um-use-swap-to-make-code-cleaner.patch | 68 ++++++++++ ...-hanging-device-after-quiesce-resume.patch | 44 +++++++ ...r-message-only-for-the-correct-error.patch | 51 ++++++++ ...n-only-check-for-ip6tables-if-needed.patch | 38 ++++++ ...statically-linked-against-glibc-2.35.patch | 78 +++++++++++ queue-6.4/series | 19 +++ ...soundwire-fix-enumeration-completion.patch | 70 ++++++++++ ...of-fix-double-free-on-unregistration.patch | 122 ++++++++++++++++++ 20 files changed, 1051 insertions(+) create mode 100644 queue-6.4/9p-fix-ignored-return-value-in-v9fs_dir_release.patch create mode 100644 queue-6.4/arm64-sme-set-new-vector-length-before-reallocating.patch create mode 100644 queue-6.4/asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch create mode 100644 queue-6.4/fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch create mode 100644 queue-6.4/fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch create mode 100644 queue-6.4/fs-9p-remove-unnecessary-and-overrestrictive-check.patch create mode 100644 queue-6.4/fs-9p-remove-unnecessary-invalidate_inode_pages2.patch create mode 100644 queue-6.4/loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch create mode 100644 queue-6.4/loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch create mode 100644 queue-6.4/loongarch-fix-return-value-underflow-in-exception-path.patch create mode 100644 queue-6.4/mptcp-more-accurate-nl-event-generation.patch create mode 100644 queue-6.4/pm-sleep-wakeirq-fix-wake-irq-arming.patch create mode 100644 queue-6.4/revert-um-use-swap-to-make-code-cleaner.patch create mode 100644 queue-6.4/s390-dasd-fix-hanging-device-after-quiesce-resume.patch create mode 100644 queue-6.4/s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch create mode 100644 queue-6.4/selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch create mode 100644 queue-6.4/selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch create mode 100644 queue-6.4/soundwire-fix-enumeration-completion.patch create mode 100644 queue-6.4/thermal-of-fix-double-free-on-unregistration.patch diff --git a/queue-6.4/9p-fix-ignored-return-value-in-v9fs_dir_release.patch b/queue-6.4/9p-fix-ignored-return-value-in-v9fs_dir_release.patch new file mode 100644 index 00000000000..8276bea974c --- /dev/null +++ b/queue-6.4/9p-fix-ignored-return-value-in-v9fs_dir_release.patch @@ -0,0 +1,54 @@ +From eee4a119e96c2f58cfd1b6d4de42095abc5f8877 Mon Sep 17 00:00:00 2001 +From: Dominique Martinet +Date: Wed, 3 May 2023 16:49:25 +0900 +Subject: 9p: fix ignored return value in v9fs_dir_release + +From: Dominique Martinet + +commit eee4a119e96c2f58cfd1b6d4de42095abc5f8877 upstream. + +retval from filemap_fdatawrite was immediately overwritten by the +following p9_fid_put: preserve any error in fdatawrite if there +was any first. + +This fixes the following scan-build warning: +fs/9p/vfs_dir.c:220:4: warning: Value stored to 'retval' is never read [deadcode.DeadStores] + retval = filemap_fdatawrite(inode->i_mapping); + ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Fixes: 89c58cb395ec ("fs/9p: fix error reporting in v9fs_dir_release") +Cc: stable@vger.kernel.org +Reviewed-by: Simon Horman +Signed-off-by: Dominique Martinet +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Greg Kroah-Hartman +--- + fs/9p/vfs_dir.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/fs/9p/vfs_dir.c b/fs/9p/vfs_dir.c +index 45b684b7d8d7..4102759a5cb5 100644 +--- a/fs/9p/vfs_dir.c ++++ b/fs/9p/vfs_dir.c +@@ -208,7 +208,7 @@ int v9fs_dir_release(struct inode *inode, struct file *filp) + struct p9_fid *fid; + __le32 version; + loff_t i_size; +- int retval = 0; ++ int retval = 0, put_err; + + fid = filp->private_data; + p9_debug(P9_DEBUG_VFS, "inode: %p filp: %p fid: %d\n", +@@ -221,7 +221,8 @@ int v9fs_dir_release(struct inode *inode, struct file *filp) + spin_lock(&inode->i_lock); + hlist_del(&fid->ilist); + spin_unlock(&inode->i_lock); +- retval = p9_fid_put(fid); ++ put_err = p9_fid_put(fid); ++ retval = retval < 0 ? retval : put_err; + } + + if ((filp->f_mode & FMODE_WRITE)) { +-- +2.41.0 + diff --git a/queue-6.4/arm64-sme-set-new-vector-length-before-reallocating.patch b/queue-6.4/arm64-sme-set-new-vector-length-before-reallocating.patch new file mode 100644 index 00000000000..078aa425466 --- /dev/null +++ b/queue-6.4/arm64-sme-set-new-vector-length-before-reallocating.patch @@ -0,0 +1,54 @@ +From 05d881b85b48c7ac6a7c92ce00aa916c4a84d052 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Wed, 26 Jul 2023 13:12:26 +0100 +Subject: arm64/sme: Set new vector length before reallocating + +From: Mark Brown + +commit 05d881b85b48c7ac6a7c92ce00aa916c4a84d052 upstream. + +As part of fixing the allocation of the buffer for SVE state when changing +SME vector length we introduced an immediate reallocation of the SVE state, +this is also done when changing the SVE vector length for consistency. +Unfortunately this reallocation is done prior to writing the new vector +length to the task struct, meaning the allocation is done with the old +vector length and can lead to memory corruption due to an undersized buffer +being used. + +Move the update of the vector length before the allocation to ensure that +the new vector length is taken into account. + +For some reason this isn't triggering any problems when running tests on +the arm64 fixes branch (even after repeated tries) but is triggering +issues very often after merge into mainline. + +Fixes: d4d5be94a878 ("arm64/fpsimd: Ensure SME storage is allocated after SVE VL changes") +Signed-off-by: Mark Brown +Cc: +Link: https://lore.kernel.org/r/20230726-arm64-fix-sme-fix-v1-1-7752ec58af27@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/fpsimd.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/kernel/fpsimd.c ++++ b/arch/arm64/kernel/fpsimd.c +@@ -917,6 +917,8 @@ int vec_set_vector_length(struct task_st + if (task == current) + put_cpu_fpsimd_context(); + ++ task_set_vl(task, type, vl); ++ + /* + * Free the changed states if they are not in use, SME will be + * reallocated to the correct size on next use and we just +@@ -931,8 +933,6 @@ int vec_set_vector_length(struct task_st + if (free_sme) + sme_free(task); + +- task_set_vl(task, type, vl); +- + out: + update_tsk_thread_flag(task, vec_vl_inherit_flag(type), + flags & PR_SVE_VL_INHERIT); diff --git a/queue-6.4/asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch b/queue-6.4/asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch new file mode 100644 index 00000000000..c2b1eed6a6a --- /dev/null +++ b/queue-6.4/asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch @@ -0,0 +1,40 @@ +From f061e2be8689057cb4ec0dbffa9f03e1a23cdcb2 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Sun, 23 Jul 2023 00:27:22 +0100 +Subject: ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register + +From: Mark Brown + +commit f061e2be8689057cb4ec0dbffa9f03e1a23cdcb2 upstream. + +The WM8904_ADC_TEST_0 register is modified as part of updating the OSR +controls but does not have a cache default, leading to errors when we try +to modify these controls in cache only mode with no prior read: + +wm8904 3-001a: ASoC: error at snd_soc_component_update_bits on wm8904.3-001a for register: [0x000000c6] -16 + +Add a read of the register to probe() to fill the cache and avoid both the +error messages and the misconfiguration of the chip which will result. + +Acked-by: Charles Keepax +Signed-off-by: Mark Brown +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230723-asoc-fix-wm8904-adc-test-read-v1-1-2cdf2edd83fd@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/codecs/wm8904.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/sound/soc/codecs/wm8904.c ++++ b/sound/soc/codecs/wm8904.c +@@ -2308,6 +2308,9 @@ static int wm8904_i2c_probe(struct i2c_c + regmap_update_bits(wm8904->regmap, WM8904_BIAS_CONTROL_0, + WM8904_POBCTRL, 0); + ++ /* Fill the cache for the ADC test register */ ++ regmap_read(wm8904->regmap, WM8904_ADC_TEST_0, &val); ++ + /* Can leave the device powered off until we need it */ + regcache_cache_only(wm8904->regmap, true); + regulator_bulk_disable(ARRAY_SIZE(wm8904->supplies), wm8904->supplies); diff --git a/queue-6.4/fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch b/queue-6.4/fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch new file mode 100644 index 00000000000..1fad8d96ba1 --- /dev/null +++ b/queue-6.4/fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch @@ -0,0 +1,39 @@ +From 09430aba3a9ffd986834614a3406a13588170bde Mon Sep 17 00:00:00 2001 +From: Eric Van Hensbergen +Date: Wed, 19 Jul 2023 16:22:32 +0000 +Subject: fs/9p: fix type mismatch in file cache mode helper + +From: Eric Van Hensbergen + +commit 09430aba3a9ffd986834614a3406a13588170bde upstream. + +There were two flags (s_flags and s_cache) which had incorrect signed +type in the parameters of the file cache mode helper function. + +Cc: stable@vger.kernel.org +Fixes: 1543b4c5071c ("fs/9p: remove writeback fid and fix per-file modes") +Reviewed-by: Dominique Martinet +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Greg Kroah-Hartman +--- + fs/9p/fid.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/fs/9p/fid.h b/fs/9p/fid.h +index 297c2c377e3d..29281b7c3887 100644 +--- a/fs/9p/fid.h ++++ b/fs/9p/fid.h +@@ -46,8 +46,8 @@ static inline struct p9_fid *v9fs_fid_clone(struct dentry *dentry) + * NOTE: these are set after open so only reflect 9p client not + * underlying file system on server. + */ +-static inline void v9fs_fid_add_modes(struct p9_fid *fid, int s_flags, +- int s_cache, unsigned int f_flags) ++static inline void v9fs_fid_add_modes(struct p9_fid *fid, unsigned int s_flags, ++ unsigned int s_cache, unsigned int f_flags) + { + if (fid->qid.type != P9_QTFILE) + return; +-- +2.41.0 + diff --git a/queue-6.4/fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch b/queue-6.4/fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch new file mode 100644 index 00000000000..b616104b8b3 --- /dev/null +++ b/queue-6.4/fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch @@ -0,0 +1,33 @@ +From 878cb3e0337d7c3096aee301a2a3cd358dc8aa81 Mon Sep 17 00:00:00 2001 +From: Eric Van Hensbergen +Date: Wed, 19 Jul 2023 16:22:31 +0000 +Subject: fs/9p: fix typo in comparison logic for cache mode + +From: Eric Van Hensbergen + +commit 878cb3e0337d7c3096aee301a2a3cd358dc8aa81 upstream. + +There appears to be a typo in the comparison statement for the logic +which sets a file's cache mode based on mount flags. + +Cc: stable@vger.kernel.org +Fixes: 1543b4c5071c ("fs/9p: remove writeback fid and fix per-file modes") +Reviewed-by: Christian Schoenebeck +Reviewed-by: Dominique Martinet +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Greg Kroah-Hartman +--- + fs/9p/fid.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/9p/fid.h ++++ b/fs/9p/fid.h +@@ -57,7 +57,7 @@ static inline void v9fs_fid_add_modes(st + (s_flags & V9FS_DIRECT_IO) || (f_flags & O_DIRECT)) { + fid->mode |= P9L_DIRECT; /* no read or write cache */ + } else if ((!(s_cache & CACHE_WRITEBACK)) || +- (f_flags & O_DSYNC) | (s_flags & V9FS_SYNC)) { ++ (f_flags & O_DSYNC) || (s_flags & V9FS_SYNC)) { + fid->mode |= P9L_NOWRITECACHE; + } + } diff --git a/queue-6.4/fs-9p-remove-unnecessary-and-overrestrictive-check.patch b/queue-6.4/fs-9p-remove-unnecessary-and-overrestrictive-check.patch new file mode 100644 index 00000000000..6d9bf64f470 --- /dev/null +++ b/queue-6.4/fs-9p-remove-unnecessary-and-overrestrictive-check.patch @@ -0,0 +1,37 @@ +From 75b396821cb71164dac3a1ad51dda4781ea8dbad Mon Sep 17 00:00:00 2001 +From: Eric Van Hensbergen +Date: Wed, 19 Jul 2023 16:22:30 +0000 +Subject: fs/9p: remove unnecessary and overrestrictive check + +From: Eric Van Hensbergen + +commit 75b396821cb71164dac3a1ad51dda4781ea8dbad upstream. + +This eliminates a check for shared that was overrestrictive and +prevented read-only mmaps when writeback caches weren't enabled. + +Cc: stable@vger.kernel.org +Fixes: 1543b4c5071c ("fs/9p: remove writeback fid and fix per-file modes") +Reported-by: Robert Schwebel +Closes: https://lore.kernel.org/v9fs/ZK25XZ%2BGpR3KHIB%2F@pengutronix.de +Reviewed-by: Dominique Martinet +Reviewed-by: Christian Schoenebeck +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Greg Kroah-Hartman +--- + fs/9p/vfs_file.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/fs/9p/vfs_file.c ++++ b/fs/9p/vfs_file.c +@@ -483,9 +483,7 @@ v9fs_file_mmap(struct file *filp, struct + p9_debug(P9_DEBUG_MMAP, "filp :%p\n", filp); + + if (!(v9ses->cache & CACHE_WRITEBACK)) { +- p9_debug(P9_DEBUG_CACHE, "(no mmap mode)"); +- if (vma->vm_flags & VM_MAYSHARE) +- return -ENODEV; ++ p9_debug(P9_DEBUG_CACHE, "(read-only mmap mode)"); + invalidate_inode_pages2(filp->f_mapping); + return generic_file_readonly_mmap(filp, vma); + } diff --git a/queue-6.4/fs-9p-remove-unnecessary-invalidate_inode_pages2.patch b/queue-6.4/fs-9p-remove-unnecessary-invalidate_inode_pages2.patch new file mode 100644 index 00000000000..45db84a78f1 --- /dev/null +++ b/queue-6.4/fs-9p-remove-unnecessary-invalidate_inode_pages2.patch @@ -0,0 +1,32 @@ +From 350cd9b959757e7c571f45fab29d116d5f67cbff Mon Sep 17 00:00:00 2001 +From: Eric Van Hensbergen +Date: Wed, 19 Jul 2023 16:22:33 +0000 +Subject: fs/9p: remove unnecessary invalidate_inode_pages2 + +From: Eric Van Hensbergen + +commit 350cd9b959757e7c571f45fab29d116d5f67cbff upstream. + +There was an invalidate_inode_pages2 added to readonly mmap path +that is unnecessary since that path is only entered when writeback +cache is disabled on mount. + +Cc: stable@vger.kernel.org +Fixes: 1543b4c5071c ("fs/9p: remove writeback fid and fix per-file modes") +Reviewed-by: Christian Schoenebeck +Signed-off-by: Eric Van Hensbergen +Signed-off-by: Greg Kroah-Hartman +--- + fs/9p/vfs_file.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/fs/9p/vfs_file.c ++++ b/fs/9p/vfs_file.c +@@ -484,7 +484,6 @@ v9fs_file_mmap(struct file *filp, struct + + if (!(v9ses->cache & CACHE_WRITEBACK)) { + p9_debug(P9_DEBUG_CACHE, "(read-only mmap mode)"); +- invalidate_inode_pages2(filp->f_mapping); + return generic_file_readonly_mmap(filp, vma); + } + diff --git a/queue-6.4/loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch b/queue-6.4/loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch new file mode 100644 index 00000000000..811ec79ae15 --- /dev/null +++ b/queue-6.4/loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch @@ -0,0 +1,39 @@ +From de0e30bee86d0f99c696a1fea34474e556a946ec Mon Sep 17 00:00:00 2001 +From: Chenguang Zhao +Date: Fri, 28 Jul 2023 10:30:42 +0800 +Subject: LoongArch: BPF: Enable bpf_probe_read{, str}() on LoongArch + +From: Chenguang Zhao + +commit de0e30bee86d0f99c696a1fea34474e556a946ec upstream. + +Currently nettrace does not work on LoongArch due to missing +bpf_probe_read{,str}() support, with the error message: + + ERROR: failed to load kprobe-based eBPF + ERROR: failed to load kprobe-based bpf + +According to commit 0ebeea8ca8a4d1d ("bpf: Restrict bpf_probe_read{, +str}() only to archs where they work"), we only need to select +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE to add said support, +because LoongArch does have non-overlapping address ranges for kernel +and userspace. + +Cc: stable@vger.kernel.org # 6.1 +Signed-off-by: Chenguang Zhao +Signed-off-by: Huacai Chen +Signed-off-by: Greg Kroah-Hartman +--- + arch/loongarch/Kconfig | 1 + + 1 file changed, 1 insertion(+) + +--- a/arch/loongarch/Kconfig ++++ b/arch/loongarch/Kconfig +@@ -12,6 +12,7 @@ config LOONGARCH + select ARCH_HAS_ACPI_TABLE_UPGRADE if ACPI + select ARCH_HAS_FORTIFY_SOURCE + select ARCH_HAS_NMI_SAFE_THIS_CPU_OPS ++ select ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE + select ARCH_HAS_PTE_SPECIAL + select ARCH_HAS_TICK_BROADCAST if GENERIC_CLOCKEVENTS_BROADCAST + select ARCH_INLINE_READ_LOCK if !PREEMPTION diff --git a/queue-6.4/loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch b/queue-6.4/loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch new file mode 100644 index 00000000000..d8c78e3134c --- /dev/null +++ b/queue-6.4/loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch @@ -0,0 +1,37 @@ +From 4eece7e6de94d833c8aeed2f438faf487cbf94ff Mon Sep 17 00:00:00 2001 +From: Tiezhu Yang +Date: Fri, 28 Jul 2023 10:30:42 +0800 +Subject: LoongArch: BPF: Fix check condition to call lu32id in move_imm() + +From: Tiezhu Yang + +commit 4eece7e6de94d833c8aeed2f438faf487cbf94ff upstream. + +As the code comment says, the initial aim is to reduce one instruction +in some corner cases, if bit[51:31] is all 0 or all 1, no need to call +lu32id. That is to say, it should call lu32id only if bit[51:31] is not +all 0 and not all 1. The current code always call lu32id, the result is +right but the logic is unexpected and wrong, fix it. + +Cc: stable@vger.kernel.org # 6.1 +Fixes: 5dc615520c4d ("LoongArch: Add BPF JIT support") +Reported-by: Colin King (gmail) +Closes: https://lore.kernel.org/all/bcf97046-e336-712a-ac68-7fd194f2953e@gmail.com/ +Signed-off-by: Tiezhu Yang +Signed-off-by: Huacai Chen +Signed-off-by: Greg Kroah-Hartman +--- + arch/loongarch/net/bpf_jit.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/loongarch/net/bpf_jit.h ++++ b/arch/loongarch/net/bpf_jit.h +@@ -150,7 +150,7 @@ static inline void move_imm(struct jit_c + * no need to call lu32id to do a new filled operation. + */ + imm_51_31 = (imm >> 31) & 0x1fffff; +- if (imm_51_31 != 0 || imm_51_31 != 0x1fffff) { ++ if (imm_51_31 != 0 && imm_51_31 != 0x1fffff) { + /* lu32id rd, imm_51_32 */ + imm_51_32 = (imm >> 32) & 0xfffff; + emit_insn(ctx, lu32id, rd, imm_51_32); diff --git a/queue-6.4/loongarch-fix-return-value-underflow-in-exception-path.patch b/queue-6.4/loongarch-fix-return-value-underflow-in-exception-path.patch new file mode 100644 index 00000000000..c0276edb053 --- /dev/null +++ b/queue-6.4/loongarch-fix-return-value-underflow-in-exception-path.patch @@ -0,0 +1,69 @@ +From e66d511fc92201ba481392e54896f1aeadfcf0e9 Mon Sep 17 00:00:00 2001 +From: WANG Rui +Date: Fri, 28 Jul 2023 10:30:42 +0800 +Subject: LoongArch: Fix return value underflow in exception path + +From: WANG Rui + +commit e66d511fc92201ba481392e54896f1aeadfcf0e9 upstream. + +This patch fixes an underflow issue in the return value within the +exception path, specifically at .Llt8 when the remaining length is less +than 8 bytes. + +Cc: stable@vger.kernel.org +Fixes: 8941e93ca590 ("LoongArch: Optimize memory ops (memset/memcpy/memmove)") +Reported-by: Weihao Li +Signed-off-by: WANG Rui +Signed-off-by: Huacai Chen +Signed-off-by: Greg Kroah-Hartman +--- + arch/loongarch/lib/clear_user.S | 3 ++- + arch/loongarch/lib/copy_user.S | 3 ++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/arch/loongarch/lib/clear_user.S b/arch/loongarch/lib/clear_user.S +index fd1d62b244f2..9dcf71719387 100644 +--- a/arch/loongarch/lib/clear_user.S ++++ b/arch/loongarch/lib/clear_user.S +@@ -108,6 +108,7 @@ SYM_FUNC_START(__clear_user_fast) + addi.d a3, a2, -8 + bgeu a0, a3, .Llt8 + 15: st.d zero, a0, 0 ++ addi.d a0, a0, 8 + + .Llt8: + 16: st.d zero, a2, -8 +@@ -188,7 +189,7 @@ SYM_FUNC_START(__clear_user_fast) + _asm_extable 13b, .L_fixup_handle_0 + _asm_extable 14b, .L_fixup_handle_1 + _asm_extable 15b, .L_fixup_handle_0 +- _asm_extable 16b, .L_fixup_handle_1 ++ _asm_extable 16b, .L_fixup_handle_0 + _asm_extable 17b, .L_fixup_handle_s0 + _asm_extable 18b, .L_fixup_handle_s0 + _asm_extable 19b, .L_fixup_handle_s0 +diff --git a/arch/loongarch/lib/copy_user.S b/arch/loongarch/lib/copy_user.S +index b21f6d5d38f5..fecd08cad702 100644 +--- a/arch/loongarch/lib/copy_user.S ++++ b/arch/loongarch/lib/copy_user.S +@@ -136,6 +136,7 @@ SYM_FUNC_START(__copy_user_fast) + bgeu a1, a4, .Llt8 + 30: ld.d t0, a1, 0 + 31: st.d t0, a0, 0 ++ addi.d a0, a0, 8 + + .Llt8: + 32: ld.d t0, a3, -8 +@@ -246,7 +247,7 @@ SYM_FUNC_START(__copy_user_fast) + _asm_extable 30b, .L_fixup_handle_0 + _asm_extable 31b, .L_fixup_handle_0 + _asm_extable 32b, .L_fixup_handle_0 +- _asm_extable 33b, .L_fixup_handle_1 ++ _asm_extable 33b, .L_fixup_handle_0 + _asm_extable 34b, .L_fixup_handle_s0 + _asm_extable 35b, .L_fixup_handle_s0 + _asm_extable 36b, .L_fixup_handle_s0 +-- +2.41.0 + diff --git a/queue-6.4/mptcp-more-accurate-nl-event-generation.patch b/queue-6.4/mptcp-more-accurate-nl-event-generation.patch new file mode 100644 index 00000000000..ac48f7dccd7 --- /dev/null +++ b/queue-6.4/mptcp-more-accurate-nl-event-generation.patch @@ -0,0 +1,39 @@ +From 21d9b73a7d5241905367098d260a3c68b811da32 Mon Sep 17 00:00:00 2001 +From: Paolo Abeni +Date: Tue, 25 Jul 2023 11:34:56 -0700 +Subject: mptcp: more accurate NL event generation + +From: Paolo Abeni + +commit 21d9b73a7d5241905367098d260a3c68b811da32 upstream. + +Currently the mptcp code generate a "new listener" event even +if the actual listen() syscall fails. Address the issue moving +the event generation call under the successful branch. + +Cc: stable@vger.kernel.org +Fixes: f8c9dfbd875b ("mptcp: add pm listener events") +Reviewed-by: Mat Martineau +Signed-off-by: Paolo Abeni +Signed-off-by: Mat Martineau +Link: https://lore.kernel.org/r/20230725-send-net-20230725-v1-2-6f60fe7137a9@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/mptcp/protocol.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/net/mptcp/protocol.c ++++ b/net/mptcp/protocol.c +@@ -3717,10 +3717,9 @@ static int mptcp_listen(struct socket *s + if (!err) { + sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1); + mptcp_copy_inaddrs(sk, ssock->sk); ++ mptcp_event_pm_listener(ssock->sk, MPTCP_EVENT_LISTENER_CREATED); + } + +- mptcp_event_pm_listener(ssock->sk, MPTCP_EVENT_LISTENER_CREATED); +- + unlock: + release_sock(sk); + return err; diff --git a/queue-6.4/pm-sleep-wakeirq-fix-wake-irq-arming.patch b/queue-6.4/pm-sleep-wakeirq-fix-wake-irq-arming.patch new file mode 100644 index 00000000000..0ad647804ac --- /dev/null +++ b/queue-6.4/pm-sleep-wakeirq-fix-wake-irq-arming.patch @@ -0,0 +1,88 @@ +From 8527beb12087238d4387607597b4020bc393c4b4 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Thu, 13 Jul 2023 16:57:39 +0200 +Subject: PM: sleep: wakeirq: fix wake irq arming + +From: Johan Hovold + +commit 8527beb12087238d4387607597b4020bc393c4b4 upstream. + +The decision whether to enable a wake irq during suspend can not be done +based on the runtime PM state directly as a driver may use wake irqs +without implementing runtime PM. Such drivers specifically leave the +state set to the default 'suspended' and the wake irq is thus never +enabled at suspend. + +Add a new wake irq flag to track whether a dedicated wake irq has been +enabled at runtime suspend and therefore must not be enabled at system +suspend. + +Note that pm_runtime_enabled() can not be used as runtime PM is always +disabled during late suspend. + +Fixes: 69728051f5bf ("PM / wakeirq: Fix unbalanced IRQ enable for wakeirq") +Cc: 4.16+ # 4.16+ +Signed-off-by: Johan Hovold +Reviewed-by: Tony Lindgren +Tested-by: Tony Lindgren +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/power/power.h | 1 + + drivers/base/power/wakeirq.c | 12 ++++++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +--- a/drivers/base/power/power.h ++++ b/drivers/base/power/power.h +@@ -29,6 +29,7 @@ extern u64 pm_runtime_active_time(struct + #define WAKE_IRQ_DEDICATED_MASK (WAKE_IRQ_DEDICATED_ALLOCATED | \ + WAKE_IRQ_DEDICATED_MANAGED | \ + WAKE_IRQ_DEDICATED_REVERSE) ++#define WAKE_IRQ_DEDICATED_ENABLED BIT(3) + + struct wake_irq { + struct device *dev; +--- a/drivers/base/power/wakeirq.c ++++ b/drivers/base/power/wakeirq.c +@@ -314,8 +314,10 @@ void dev_pm_enable_wake_irq_check(struct + return; + + enable: +- if (!can_change_status || !(wirq->status & WAKE_IRQ_DEDICATED_REVERSE)) ++ if (!can_change_status || !(wirq->status & WAKE_IRQ_DEDICATED_REVERSE)) { + enable_irq(wirq->irq); ++ wirq->status |= WAKE_IRQ_DEDICATED_ENABLED; ++ } + } + + /** +@@ -336,8 +338,10 @@ void dev_pm_disable_wake_irq_check(struc + if (cond_disable && (wirq->status & WAKE_IRQ_DEDICATED_REVERSE)) + return; + +- if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED) ++ if (wirq->status & WAKE_IRQ_DEDICATED_MANAGED) { ++ wirq->status &= ~WAKE_IRQ_DEDICATED_ENABLED; + disable_irq_nosync(wirq->irq); ++ } + } + + /** +@@ -376,7 +380,7 @@ void dev_pm_arm_wake_irq(struct wake_irq + + if (device_may_wakeup(wirq->dev)) { + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && +- !pm_runtime_status_suspended(wirq->dev)) ++ !(wirq->status & WAKE_IRQ_DEDICATED_ENABLED)) + enable_irq(wirq->irq); + + enable_irq_wake(wirq->irq); +@@ -399,7 +403,7 @@ void dev_pm_disarm_wake_irq(struct wake_ + disable_irq_wake(wirq->irq); + + if (wirq->status & WAKE_IRQ_DEDICATED_ALLOCATED && +- !pm_runtime_status_suspended(wirq->dev)) ++ !(wirq->status & WAKE_IRQ_DEDICATED_ENABLED)) + disable_irq_nosync(wirq->irq); + } + } diff --git a/queue-6.4/revert-um-use-swap-to-make-code-cleaner.patch b/queue-6.4/revert-um-use-swap-to-make-code-cleaner.patch new file mode 100644 index 00000000000..bb08bcb8015 --- /dev/null +++ b/queue-6.4/revert-um-use-swap-to-make-code-cleaner.patch @@ -0,0 +1,68 @@ +From dddfa05eb58076ad60f9a66e7155a5b3502b2dd5 Mon Sep 17 00:00:00 2001 +From: Andy Shevchenko +Date: Mon, 24 Jul 2023 17:31:31 +0300 +Subject: Revert "um: Use swap() to make code cleaner" + +From: Andy Shevchenko + +commit dddfa05eb58076ad60f9a66e7155a5b3502b2dd5 upstream. + +This reverts commit 9b0da3f22307af693be80f5d3a89dc4c7f360a85. + +The sigio.c is clearly user space code which is handled by +arch/um/scripts/Makefile.rules (see USER_OBJS rule). + +The above mentioned commit simply broke this agreement, +we may not use Linux kernel internal headers in them without +thorough thinking. + +Hence, revert the wrong commit. + +Link: https://lkml.kernel.org/r/20230724143131.30090-1-andriy.shevchenko@linux.intel.com +Signed-off-by: Andy Shevchenko +Reported-by: kernel test robot +Closes: https://lore.kernel.org/oe-kbuild-all/202307212304.cH79zJp1-lkp@intel.com/ +Cc: Anton Ivanov +Cc: Herve Codina +Cc: Jason A. Donenfeld +Cc: Johannes Berg +Cc: Rasmus Villemoes +Cc: Richard Weinberger +Cc: Yang Guang +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + arch/um/os-Linux/sigio.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/arch/um/os-Linux/sigio.c ++++ b/arch/um/os-Linux/sigio.c +@@ -3,7 +3,6 @@ + * Copyright (C) 2002 - 2008 Jeff Dike (jdike@{addtoit,linux.intel}.com) + */ + +-#include + #include + #include + #include +@@ -51,7 +50,7 @@ static struct pollfds all_sigio_fds; + + static int write_sigio_thread(void *unused) + { +- struct pollfds *fds; ++ struct pollfds *fds, tmp; + struct pollfd *p; + int i, n, respond_fd; + char c; +@@ -78,7 +77,9 @@ static int write_sigio_thread(void *unus + "write_sigio_thread : " + "read on socket failed, " + "err = %d\n", errno); +- swap(current_poll, next_poll); ++ tmp = current_poll; ++ current_poll = next_poll; ++ next_poll = tmp; + respond_fd = sigio_private[1]; + } + else { diff --git a/queue-6.4/s390-dasd-fix-hanging-device-after-quiesce-resume.patch b/queue-6.4/s390-dasd-fix-hanging-device-after-quiesce-resume.patch new file mode 100644 index 00000000000..44397077432 --- /dev/null +++ b/queue-6.4/s390-dasd-fix-hanging-device-after-quiesce-resume.patch @@ -0,0 +1,44 @@ +From 05f1d8ed03f547054efbc4d29bb7991c958ede95 Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Fri, 21 Jul 2023 21:36:44 +0200 +Subject: s390/dasd: fix hanging device after quiesce/resume + +From: Stefan Haberland + +commit 05f1d8ed03f547054efbc4d29bb7991c958ede95 upstream. + +Quiesce and resume are functions that tell the DASD driver to stop/resume +issuing I/Os to a specific DASD. + +On resume dasd_schedule_block_bh() is called to kick handling of IO +requests again. This does unfortunately not cover internal requests which +are used for path verification for example. + +This could lead to a hanging device when a path event or anything else +that triggers internal requests occurs on a quiesced device. + +Fix by also calling dasd_schedule_device_bh() which triggers handling of +internal requests on resume. + +Fixes: 8e09f21574ea ("[S390] dasd: add hyper PAV support to DASD device driver, part 1") + +Cc: stable@vger.kernel.org +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Link: https://lore.kernel.org/r/20230721193647.3889634-2-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/block/dasd_ioctl.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/s390/block/dasd_ioctl.c ++++ b/drivers/s390/block/dasd_ioctl.c +@@ -131,6 +131,7 @@ static int dasd_ioctl_resume(struct dasd + spin_unlock_irqrestore(get_ccwdev_lock(base->cdev), flags); + + dasd_schedule_block_bh(block); ++ dasd_schedule_device_bh(base); + return 0; + } + diff --git a/queue-6.4/s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch b/queue-6.4/s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch new file mode 100644 index 00000000000..16a482bc088 --- /dev/null +++ b/queue-6.4/s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch @@ -0,0 +1,51 @@ +From 856d8e3c633b183df23549ce760ae84478a7098d Mon Sep 17 00:00:00 2001 +From: Stefan Haberland +Date: Fri, 21 Jul 2023 21:36:47 +0200 +Subject: s390/dasd: print copy pair message only for the correct error + +From: Stefan Haberland + +commit 856d8e3c633b183df23549ce760ae84478a7098d upstream. + +The DASD driver has certain types of requests that might be rejected by +the storage server or z/VM because they are not supported. Since the +missing support of the command is not a real issue there is no user +visible kernel error message for this. + +For copy pair setups there is a specific error that IO is not allowed on +secondary devices. This error case is explicitly handled and an error +message is printed. + +The code checking for the error did use a bitwise 'and' that is used to +check for specific bits. But in this case the whole sense byte has to +match. + +This leads to the problem that the copy pair related error message is +erroneously printed for other error cases that are usually not reported. +This might heavily confuse users and lead to follow on actions that might +disrupt application processing. + +Fix by checking the sense byte for the exact value and not single bits. + +Cc: stable@vger.kernel.org # 6.1+ +Fixes: 1fca631a1185 ("s390/dasd: suppress generic error messages for PPRC secondary devices") +Signed-off-by: Stefan Haberland +Reviewed-by: Jan Hoeppner +Link: https://lore.kernel.org/r/20230721193647.3889634-5-sth@linux.ibm.com +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + drivers/s390/block/dasd_3990_erp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/s390/block/dasd_3990_erp.c ++++ b/drivers/s390/block/dasd_3990_erp.c +@@ -1050,7 +1050,7 @@ dasd_3990_erp_com_rej(struct dasd_ccw_re + dev_err(&device->cdev->dev, "An I/O request was rejected" + " because writing is inhibited\n"); + erp = dasd_3990_erp_cleanup(erp, DASD_CQR_FAILED); +- } else if (sense[7] & SNS7_INVALID_ON_SEC) { ++ } else if (sense[7] == SNS7_INVALID_ON_SEC) { + dev_err(&device->cdev->dev, "An I/O request was rejected on a copy pair secondary device\n"); + /* suppress dump of sense data for this error */ + set_bit(DASD_CQR_SUPPRESS_CR, &erp->refers->flags); diff --git a/queue-6.4/selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch b/queue-6.4/selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch new file mode 100644 index 00000000000..008eb5ececd --- /dev/null +++ b/queue-6.4/selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch @@ -0,0 +1,38 @@ +From 016e7ba47f33064fbef8c4307a2485d2669dfd03 Mon Sep 17 00:00:00 2001 +From: Matthieu Baerts +Date: Tue, 25 Jul 2023 11:34:55 -0700 +Subject: selftests: mptcp: join: only check for ip6tables if needed + +From: Matthieu Baerts + +commit 016e7ba47f33064fbef8c4307a2485d2669dfd03 upstream. + +If 'iptables-legacy' is available, 'ip6tables-legacy' command will be +used instead of 'ip6tables'. So no need to look if 'ip6tables' is +available in this case. + +Cc: stable@vger.kernel.org +Fixes: 0c4cd3f86a40 ("selftests: mptcp: join: use 'iptables-legacy' if available") +Acked-by: Paolo Abeni +Signed-off-by: Matthieu Baerts +Signed-off-by: Mat Martineau +Link: https://lore.kernel.org/r/20230725-send-net-20230725-v1-1-6f60fe7137a9@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/net/mptcp/mptcp_join.sh | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +--- a/tools/testing/selftests/net/mptcp/mptcp_join.sh ++++ b/tools/testing/selftests/net/mptcp/mptcp_join.sh +@@ -156,9 +156,7 @@ check_tools() + elif ! iptables -V &> /dev/null; then + echo "SKIP: Could not run all tests without iptables tool" + exit $ksft_skip +- fi +- +- if ! ip6tables -V &> /dev/null; then ++ elif ! ip6tables -V &> /dev/null; then + echo "SKIP: Could not run all tests without ip6tables tool" + exit $ksft_skip + fi diff --git a/queue-6.4/selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch b/queue-6.4/selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch new file mode 100644 index 00000000000..7c1879884a3 --- /dev/null +++ b/queue-6.4/selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch @@ -0,0 +1,78 @@ +From 3bcbc20942db5d738221cca31a928efc09827069 Mon Sep 17 00:00:00 2001 +From: Sean Christopherson +Date: Fri, 21 Jul 2023 15:33:52 -0700 +Subject: selftests/rseq: Play nice with binaries statically linked against glibc 2.35+ + +From: Sean Christopherson + +commit 3bcbc20942db5d738221cca31a928efc09827069 upstream. + +To allow running rseq and KVM's rseq selftests as statically linked +binaries, initialize the various "trampoline" pointers to point directly +at the expect glibc symbols, and skip the dlysm() lookups if the rseq +size is non-zero, i.e. the binary is statically linked *and* the libc +registered its own rseq. + +Define weak versions of the symbols so as not to break linking against +libc versions that don't support rseq in any capacity. + +The KVM selftests in particular are often statically linked so that they +can be run on targets with very limited runtime environments, i.e. test +machines. + +Fixes: 233e667e1ae3 ("selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35") +Cc: Aaron Lewis +Cc: kvm@vger.kernel.org +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Message-Id: <20230721223352.2333911-1-seanjc@google.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/rseq/rseq.c | 28 ++++++++++++++++++++++------ + 1 file changed, 22 insertions(+), 6 deletions(-) + +--- a/tools/testing/selftests/rseq/rseq.c ++++ b/tools/testing/selftests/rseq/rseq.c +@@ -34,9 +34,17 @@ + #include "../kselftest.h" + #include "rseq.h" + +-static const ptrdiff_t *libc_rseq_offset_p; +-static const unsigned int *libc_rseq_size_p; +-static const unsigned int *libc_rseq_flags_p; ++/* ++ * Define weak versions to play nice with binaries that are statically linked ++ * against a libc that doesn't support registering its own rseq. ++ */ ++__weak ptrdiff_t __rseq_offset; ++__weak unsigned int __rseq_size; ++__weak unsigned int __rseq_flags; ++ ++static const ptrdiff_t *libc_rseq_offset_p = &__rseq_offset; ++static const unsigned int *libc_rseq_size_p = &__rseq_size; ++static const unsigned int *libc_rseq_flags_p = &__rseq_flags; + + /* Offset from the thread pointer to the rseq area. */ + ptrdiff_t rseq_offset; +@@ -155,9 +163,17 @@ unsigned int get_rseq_feature_size(void) + static __attribute__((constructor)) + void rseq_init(void) + { +- libc_rseq_offset_p = dlsym(RTLD_NEXT, "__rseq_offset"); +- libc_rseq_size_p = dlsym(RTLD_NEXT, "__rseq_size"); +- libc_rseq_flags_p = dlsym(RTLD_NEXT, "__rseq_flags"); ++ /* ++ * If the libc's registered rseq size isn't already valid, it may be ++ * because the binary is dynamically linked and not necessarily due to ++ * libc not having registered a restartable sequence. Try to find the ++ * symbols if that's the case. ++ */ ++ if (!*libc_rseq_size_p) { ++ libc_rseq_offset_p = dlsym(RTLD_NEXT, "__rseq_offset"); ++ libc_rseq_size_p = dlsym(RTLD_NEXT, "__rseq_size"); ++ libc_rseq_flags_p = dlsym(RTLD_NEXT, "__rseq_flags"); ++ } + if (libc_rseq_size_p && libc_rseq_offset_p && libc_rseq_flags_p && + *libc_rseq_size_p != 0) { + /* rseq registration owned by glibc */ diff --git a/queue-6.4/series b/queue-6.4/series index 638524666f2..953ecc6c4e0 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -206,3 +206,22 @@ net-dsa-qca8k-fix-broken-search_and_del.patch net-dsa-qca8k-fix-mdb-add-del-case-with-0-vid.patch io_uring-gate-iowait-schedule-on-having-pending-requests.patch iommufd-set-end-correctly-when-doing-batch-carry.patch +selftests-rseq-play-nice-with-binaries-statically-linked-against-glibc-2.35.patch +selftests-mptcp-join-only-check-for-ip6tables-if-needed.patch +soundwire-fix-enumeration-completion.patch +revert-um-use-swap-to-make-code-cleaner.patch +loongarch-fix-return-value-underflow-in-exception-path.patch +loongarch-bpf-fix-check-condition-to-call-lu32id-in-move_imm.patch +loongarch-bpf-enable-bpf_probe_read-str-on-loongarch.patch +9p-fix-ignored-return-value-in-v9fs_dir_release.patch +fs-9p-remove-unnecessary-and-overrestrictive-check.patch +fs-9p-fix-typo-in-comparison-logic-for-cache-mode.patch +fs-9p-fix-type-mismatch-in-file-cache-mode-helper.patch +fs-9p-remove-unnecessary-invalidate_inode_pages2.patch +s390-dasd-fix-hanging-device-after-quiesce-resume.patch +s390-dasd-print-copy-pair-message-only-for-the-correct-error.patch +mptcp-more-accurate-nl-event-generation.patch +asoc-wm8904-fill-the-cache-for-wm8904_adc_test_0-register.patch +arm64-sme-set-new-vector-length-before-reallocating.patch +pm-sleep-wakeirq-fix-wake-irq-arming.patch +thermal-of-fix-double-free-on-unregistration.patch diff --git a/queue-6.4/soundwire-fix-enumeration-completion.patch b/queue-6.4/soundwire-fix-enumeration-completion.patch new file mode 100644 index 00000000000..10ec059a441 --- /dev/null +++ b/queue-6.4/soundwire-fix-enumeration-completion.patch @@ -0,0 +1,70 @@ +From c40d6b3249b11d60e09d81530588f56233d9aa44 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Wed, 5 Jul 2023 14:30:11 +0200 +Subject: soundwire: fix enumeration completion + +From: Johan Hovold + +commit c40d6b3249b11d60e09d81530588f56233d9aa44 upstream. + +The soundwire subsystem uses two completion structures that allow +drivers to wait for soundwire device to become enumerated on the bus and +initialised by their drivers, respectively. + +The code implementing the signalling is currently broken as it does not +signal all current and future waiters and also uses the wrong +reinitialisation function, which can potentially lead to memory +corruption if there are still waiters on the queue. + +Not signalling future waiters specifically breaks sound card probe +deferrals as codec drivers can not tell that the soundwire device is +already attached when being reprobed. Some codec runtime PM +implementations suffer from similar problems as waiting for enumeration +during resume can also timeout despite the device already having been +enumerated. + +Fixes: fb9469e54fa7 ("soundwire: bus: fix race condition with enumeration_complete signaling") +Fixes: a90def068127 ("soundwire: bus: fix race condition with initialization_complete signaling") +Cc: stable@vger.kernel.org # 5.7 +Cc: Pierre-Louis Bossart +Cc: Rander Wang +Signed-off-by: Johan Hovold +Reviewed-by: Pierre-Louis Bossart +Link: https://lore.kernel.org/r/20230705123018.30903-2-johan+linaro@kernel.org +Signed-off-by: Vinod Koul +Signed-off-by: Greg Kroah-Hartman +--- + drivers/soundwire/bus.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/soundwire/bus.c ++++ b/drivers/soundwire/bus.c +@@ -908,8 +908,8 @@ static void sdw_modify_slave_status(stru + "initializing enumeration and init completion for Slave %d\n", + slave->dev_num); + +- init_completion(&slave->enumeration_complete); +- init_completion(&slave->initialization_complete); ++ reinit_completion(&slave->enumeration_complete); ++ reinit_completion(&slave->initialization_complete); + + } else if ((status == SDW_SLAVE_ATTACHED) && + (slave->status == SDW_SLAVE_UNATTACHED)) { +@@ -917,7 +917,7 @@ static void sdw_modify_slave_status(stru + "signaling enumeration completion for Slave %d\n", + slave->dev_num); + +- complete(&slave->enumeration_complete); ++ complete_all(&slave->enumeration_complete); + } + slave->status = status; + mutex_unlock(&bus->bus_lock); +@@ -1941,7 +1941,7 @@ int sdw_handle_slave_status(struct sdw_b + "signaling initialization completion for Slave %d\n", + slave->dev_num); + +- complete(&slave->initialization_complete); ++ complete_all(&slave->initialization_complete); + + /* + * If the manager became pm_runtime active, the peripherals will be diff --git a/queue-6.4/thermal-of-fix-double-free-on-unregistration.patch b/queue-6.4/thermal-of-fix-double-free-on-unregistration.patch new file mode 100644 index 00000000000..591ca05ce66 --- /dev/null +++ b/queue-6.4/thermal-of-fix-double-free-on-unregistration.patch @@ -0,0 +1,122 @@ +From ac4436a5b20e0ef1f608a9ef46c08d5d142f8da6 Mon Sep 17 00:00:00 2001 +From: Ahmad Fatoum +Date: Sat, 8 Jul 2023 13:27:20 +0200 +Subject: thermal: of: fix double-free on unregistration + +From: Ahmad Fatoum + +commit ac4436a5b20e0ef1f608a9ef46c08d5d142f8da6 upstream. + +Since commit 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal +zone parameters structure"), thermal_zone_device_register() allocates +a copy of the tzp argument and frees it when unregistering, so +thermal_of_zone_register() now ends up leaking its original tzp and +double-freeing the tzp copy. Fix this by locating tzp on stack instead. + +Fixes: 3d439b1a2ad3 ("thermal/core: Alloc-copy-free the thermal zone parameters structure") +Signed-off-by: Ahmad Fatoum +Acked-by: Daniel Lezcano +Cc: 6.4+ # 6.4+: 8bcbb18c61d6: thermal: core: constify params in thermal_zone_device_register +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Greg Kroah-Hartman +--- + drivers/thermal/thermal_of.c | 27 ++++++--------------------- + 1 file changed, 6 insertions(+), 21 deletions(-) + +diff --git a/drivers/thermal/thermal_of.c b/drivers/thermal/thermal_of.c +index 6fb14e521197..bc07ae1c284c 100644 +--- a/drivers/thermal/thermal_of.c ++++ b/drivers/thermal/thermal_of.c +@@ -238,17 +238,13 @@ static int thermal_of_monitor_init(struct device_node *np, int *delay, int *pdel + return 0; + } + +-static struct thermal_zone_params *thermal_of_parameters_init(struct device_node *np) ++static void thermal_of_parameters_init(struct device_node *np, ++ struct thermal_zone_params *tzp) + { +- struct thermal_zone_params *tzp; + int coef[2]; + int ncoef = ARRAY_SIZE(coef); + int prop, ret; + +- tzp = kzalloc(sizeof(*tzp), GFP_KERNEL); +- if (!tzp) +- return ERR_PTR(-ENOMEM); +- + tzp->no_hwmon = true; + + if (!of_property_read_u32(np, "sustainable-power", &prop)) +@@ -267,8 +263,6 @@ static struct thermal_zone_params *thermal_of_parameters_init(struct device_node + + tzp->slope = coef[0]; + tzp->offset = coef[1]; +- +- return tzp; + } + + static struct device_node *thermal_of_zone_get_by_name(struct thermal_zone_device *tz) +@@ -442,13 +436,11 @@ static int thermal_of_unbind(struct thermal_zone_device *tz, + static void thermal_of_zone_unregister(struct thermal_zone_device *tz) + { + struct thermal_trip *trips = tz->trips; +- struct thermal_zone_params *tzp = tz->tzp; + struct thermal_zone_device_ops *ops = tz->ops; + + thermal_zone_device_disable(tz); + thermal_zone_device_unregister(tz); + kfree(trips); +- kfree(tzp); + kfree(ops); + } + +@@ -477,7 +469,7 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * + { + struct thermal_zone_device *tz; + struct thermal_trip *trips; +- struct thermal_zone_params *tzp; ++ struct thermal_zone_params tzp = {}; + struct thermal_zone_device_ops *of_ops; + struct device_node *np; + int delay, pdelay; +@@ -509,12 +501,7 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * + goto out_kfree_trips; + } + +- tzp = thermal_of_parameters_init(np); +- if (IS_ERR(tzp)) { +- ret = PTR_ERR(tzp); +- pr_err("Failed to initialize parameter from %pOFn: %d\n", np, ret); +- goto out_kfree_trips; +- } ++ thermal_of_parameters_init(np, &tzp); + + of_ops->bind = thermal_of_bind; + of_ops->unbind = thermal_of_unbind; +@@ -522,12 +509,12 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * + mask = GENMASK_ULL((ntrips) - 1, 0); + + tz = thermal_zone_device_register_with_trips(np->name, trips, ntrips, +- mask, data, of_ops, tzp, ++ mask, data, of_ops, &tzp, + pdelay, delay); + if (IS_ERR(tz)) { + ret = PTR_ERR(tz); + pr_err("Failed to register thermal zone %pOFn: %d\n", np, ret); +- goto out_kfree_tzp; ++ goto out_kfree_trips; + } + + ret = thermal_zone_device_enable(tz); +@@ -540,8 +527,6 @@ static struct thermal_zone_device *thermal_of_zone_register(struct device_node * + + return tz; + +-out_kfree_tzp: +- kfree(tzp); + out_kfree_trips: + kfree(trips); + out_kfree_of_ops: +-- +2.41.0 + -- 2.47.3