From 72fd3cb0e3c4ca625452c7fc82cb1dd423ac521d Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 21 Aug 2023 13:46:19 +0200 Subject: [PATCH] 6.4-stable patches added patches: alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch blk-crypto-dynamically-allocate-fallback-profile.patch cifs-release-folio-lock-on-fscache-read-hit.patch dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch mmc-block-fix-in_flight-value-error.patch mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch regulator-da9063-better-fix-null-deref-with-partial-dt.patch riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch smb-client-fix-null-auth.patch virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch --- ...01au-capture-and-playback-interfaces.patch | 58 +++++ ...x-wifi-bluetooth-on-rock-pi-4-boards.patch | 43 ++++ ...p-for-target-when-writing-ssve-state.patch | 124 ++++++++++ ...the-task-sees-zt-writes-on-first-use.patch | 59 +++++ ...ynamically-allocate-fallback-profile.patch | 129 +++++++++++ ...lease-folio-lock-on-fscache-read-hit.patch | 65 ++++++ ...775p-tlmm-add-gpio-function-constant.patch | 39 ++++ ...t-handling-for-userspace-xu-mappings.patch | 44 ++++ .../mmc-block-fix-in_flight-value-error.patch | 75 ++++++ ...nction-calls-in-sdhci_f_sdh30_remove.patch | 52 +++++ ...ix-double-mmc_free_host-in-wbsd_init.patch | 33 +++ ...ork-with-lightweight-spinlock-checks.patch | 219 ++++++++++++++++++ ...etter-fix-null-deref-with-partial-dt.patch | 62 +++++ ...encei-issue-between-gcc-and-binutils.patch | 111 +++++++++ queue-6.4/series | 16 ++ queue-6.4/smb-client-fix-null-auth.patch | 49 ++++ ...-virtio_net_ctrl_mq_hash_config-case.patch | 55 +++++ 17 files changed, 1233 insertions(+) create mode 100644 queue-6.4/alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch create mode 100644 queue-6.4/arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch create mode 100644 queue-6.4/arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch create mode 100644 queue-6.4/arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch create mode 100644 queue-6.4/blk-crypto-dynamically-allocate-fallback-profile.patch create mode 100644 queue-6.4/cifs-release-folio-lock-on-fscache-read-hit.patch create mode 100644 queue-6.4/dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch create mode 100644 queue-6.4/media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch create mode 100644 queue-6.4/mmc-block-fix-in_flight-value-error.patch create mode 100644 queue-6.4/mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch create mode 100644 queue-6.4/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch create mode 100644 queue-6.4/parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch create mode 100644 queue-6.4/regulator-da9063-better-fix-null-deref-with-partial-dt.patch create mode 100644 queue-6.4/riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch create mode 100644 queue-6.4/smb-client-fix-null-auth.patch create mode 100644 queue-6.4/virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch diff --git a/queue-6.4/alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch b/queue-6.4/alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch new file mode 100644 index 00000000000..d1cfddd887a --- /dev/null +++ b/queue-6.4/alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch @@ -0,0 +1,58 @@ +From 788449ae57f4273111b779bbcaad552b67f517d5 Mon Sep 17 00:00:00 2001 +From: dengxiang +Date: Thu, 3 Aug 2023 10:44:37 +0800 +Subject: ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces. + +From: dengxiang + +commit 788449ae57f4273111b779bbcaad552b67f517d5 upstream. + +This patch adds a USB quirk for Mythware XA001AU USB interface. + +Signed-off-by: dengxiang +Cc: +Link: https://lore.kernel.org/r/20230803024437.370069-1-dengxiang@nfschina.com +Signed-off-by: Takashi Iwai +Signed-off-by: Greg Kroah-Hartman +--- + sound/usb/quirks-table.h | 29 +++++++++++++++++++++++++++++ + 1 file changed, 29 insertions(+) + +--- a/sound/usb/quirks-table.h ++++ b/sound/usb/quirks-table.h +@@ -4507,6 +4507,35 @@ YAMAHA_DEVICE(0x7010, "UB99"), + } + } + }, ++{ ++ /* Advanced modes of the Mythware XA001AU. ++ * For the standard mode, Mythware XA001AU has ID ffad:a001 ++ */ ++ USB_DEVICE_VENDOR_SPEC(0xffad, 0xa001), ++ .driver_info = (unsigned long) &(const struct snd_usb_audio_quirk) { ++ .vendor_name = "Mythware", ++ .product_name = "XA001AU", ++ .ifnum = QUIRK_ANY_INTERFACE, ++ .type = QUIRK_COMPOSITE, ++ .data = (const struct snd_usb_audio_quirk[]) { ++ { ++ .ifnum = 0, ++ .type = QUIRK_IGNORE_INTERFACE, ++ }, ++ { ++ .ifnum = 1, ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE, ++ }, ++ { ++ .ifnum = 2, ++ .type = QUIRK_AUDIO_STANDARD_INTERFACE, ++ }, ++ { ++ .ifnum = -1 ++ } ++ } ++ } ++}, + + #undef USB_DEVICE_VENDOR_SPEC + #undef USB_AUDIO_DEVICE diff --git a/queue-6.4/arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch b/queue-6.4/arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch new file mode 100644 index 00000000000..54a14295261 --- /dev/null +++ b/queue-6.4/arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch @@ -0,0 +1,43 @@ +From ebceec271e552a2b05e47d8ef0597052b1a39449 Mon Sep 17 00:00:00 2001 +From: Yogesh Hegde +Date: Tue, 18 Jul 2023 22:09:41 +0530 +Subject: arm64: dts: rockchip: Fix Wifi/Bluetooth on ROCK Pi 4 boards + +From: Yogesh Hegde + +commit ebceec271e552a2b05e47d8ef0597052b1a39449 upstream. + +This patch fixes an issue affecting the Wifi/Bluetooth connectivity on +ROCK Pi 4 boards. Commit f471b1b2db08 ("arm64: dts: rockchip: Fix Bluetooth +on ROCK Pi 4 boards") introduced a problem with the clock configuration. +Specifically, the clock-names property of the sdio-pwrseq node was not +updated to 'lpo', causing the driver to wait indefinitely for the wrong clock +signal 'ext_clock' instead of the expected one 'lpo'. This prevented the proper +initialization of Wifi/Bluetooth chip on ROCK Pi 4 boards. + +To address this, this patch updates the clock-names property of the +sdio-pwrseq node to "lpo" to align with the changes made to the bluetooth node. + +This patch has been tested on ROCK Pi 4B. + +Fixes: f471b1b2db08 ("arm64: dts: rockchip: Fix Bluetooth on ROCK Pi 4 boards") +Cc: stable@vger.kernel.org +Signed-off-by: Yogesh Hegde +Link: https://lore.kernel.org/r/ZLbATQRjOl09aLAp@zephyrusG14 +Signed-off-by: Heiko Stuebner +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi ++++ b/arch/arm64/boot/dts/rockchip/rk3399-rock-pi-4.dtsi +@@ -45,7 +45,7 @@ + sdio_pwrseq: sdio-pwrseq { + compatible = "mmc-pwrseq-simple"; + clocks = <&rk808 1>; +- clock-names = "ext_clock"; ++ clock-names = "lpo"; + pinctrl-names = "default"; + pinctrl-0 = <&wifi_enable_h>; + reset-gpios = <&gpio0 RK_PB2 GPIO_ACTIVE_LOW>; diff --git a/queue-6.4/arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch b/queue-6.4/arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch new file mode 100644 index 00000000000..31f0c6d8d42 --- /dev/null +++ b/queue-6.4/arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch @@ -0,0 +1,124 @@ +From 5d0a8d2fba50e9c07cde4aad7fba28c008b07a5b Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Thu, 10 Aug 2023 12:28:19 +0100 +Subject: arm64/ptrace: Ensure that SME is set up for target when writing SSVE state + +From: Mark Brown + +commit 5d0a8d2fba50e9c07cde4aad7fba28c008b07a5b upstream. + +When we use NT_ARM_SSVE to either enable streaming mode or change the +vector length for a process we do not currently do anything to ensure that +there is storage allocated for the SME specific register state. If the +task had not previously used SME or we changed the vector length then +the task will not have had TIF_SME set or backing storage for ZA/ZT +allocated, resulting in inconsistent register sizes when saving state +and spurious traps which flush the newly set register state. + +We should set TIF_SME to disable traps and ensure that storage is +allocated for ZA and ZT if it is not already allocated. This requires +modifying sme_alloc() to make the flush of any existing register state +optional so we don't disturb existing state for ZA and ZT. + +Fixes: e12310a0d30f ("arm64/sme: Implement ptrace support for streaming mode SVE registers") +Reported-by: David Spickett +Signed-off-by: Mark Brown +Cc: # 5.19.x +Link: https://lore.kernel.org/r/20230810-arm64-fix-ptrace-race-v1-1-a5361fad2bd6@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/include/asm/fpsimd.h | 4 ++-- + arch/arm64/kernel/fpsimd.c | 6 +++--- + arch/arm64/kernel/ptrace.c | 11 +++++++++-- + arch/arm64/kernel/signal.c | 2 +- + 4 files changed, 15 insertions(+), 8 deletions(-) + +--- a/arch/arm64/include/asm/fpsimd.h ++++ b/arch/arm64/include/asm/fpsimd.h +@@ -356,7 +356,7 @@ static inline int sme_max_virtualisable_ + return vec_max_virtualisable_vl(ARM64_VEC_SME); + } + +-extern void sme_alloc(struct task_struct *task); ++extern void sme_alloc(struct task_struct *task, bool flush); + extern unsigned int sme_get_vl(void); + extern int sme_set_current_vl(unsigned long arg); + extern int sme_get_current_vl(void); +@@ -388,7 +388,7 @@ static inline void sme_smstart_sm(void) + static inline void sme_smstop_sm(void) { } + static inline void sme_smstop(void) { } + +-static inline void sme_alloc(struct task_struct *task) { } ++static inline void sme_alloc(struct task_struct *task, bool flush) { } + static inline void sme_setup(void) { } + static inline unsigned int sme_get_vl(void) { return 0; } + static inline int sme_max_vl(void) { return 0; } +--- a/arch/arm64/kernel/fpsimd.c ++++ b/arch/arm64/kernel/fpsimd.c +@@ -1285,9 +1285,9 @@ void fpsimd_release_task(struct task_str + * the interest of testability and predictability, the architecture + * guarantees that when ZA is enabled it will be zeroed. + */ +-void sme_alloc(struct task_struct *task) ++void sme_alloc(struct task_struct *task, bool flush) + { +- if (task->thread.sme_state) { ++ if (task->thread.sme_state && flush) { + memset(task->thread.sme_state, 0, sme_state_size(task)); + return; + } +@@ -1515,7 +1515,7 @@ void do_sme_acc(unsigned long esr, struc + } + + sve_alloc(current, false); +- sme_alloc(current); ++ sme_alloc(current, true); + if (!current->thread.sve_state || !current->thread.sme_state) { + force_sig(SIGKILL); + return; +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -881,6 +881,13 @@ static int sve_set_common(struct task_st + break; + case ARM64_VEC_SME: + target->thread.svcr |= SVCR_SM_MASK; ++ ++ /* ++ * Disable traps and ensure there is SME storage but ++ * preserve any currently set values in ZA/ZT. ++ */ ++ sme_alloc(target, false); ++ set_tsk_thread_flag(target, TIF_SME); + break; + default: + WARN_ON_ONCE(1); +@@ -1100,7 +1107,7 @@ static int za_set(struct task_struct *ta + } + + /* Allocate/reinit ZA storage */ +- sme_alloc(target); ++ sme_alloc(target, true); + if (!target->thread.sme_state) { + ret = -ENOMEM; + goto out; +@@ -1171,7 +1178,7 @@ static int zt_set(struct task_struct *ta + return -EINVAL; + + if (!thread_za_enabled(&target->thread)) { +- sme_alloc(target); ++ sme_alloc(target, true); + if (!target->thread.sme_state) + return -ENOMEM; + } +--- a/arch/arm64/kernel/signal.c ++++ b/arch/arm64/kernel/signal.c +@@ -474,7 +474,7 @@ static int restore_za_context(struct use + fpsimd_flush_task_state(current); + /* From now, fpsimd_thread_switch() won't touch thread.sve_state */ + +- sme_alloc(current); ++ sme_alloc(current, true); + if (!current->thread.sme_state) { + current->thread.svcr &= ~SVCR_ZA_MASK; + clear_thread_flag(TIF_SME); diff --git a/queue-6.4/arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch b/queue-6.4/arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch new file mode 100644 index 00000000000..292aac6f0d1 --- /dev/null +++ b/queue-6.4/arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch @@ -0,0 +1,59 @@ +From 2f43f549cd0b3164ea0345e59aa3958c0d243383 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Wed, 16 Aug 2023 19:40:07 +0100 +Subject: arm64/ptrace: Ensure that the task sees ZT writes on first use + +From: Mark Brown + +commit 2f43f549cd0b3164ea0345e59aa3958c0d243383 upstream. + +When the value of ZT is set via ptrace we don't disable traps for SME. +This means that when a the task has never used SME before then the value +set via ptrace will never be seen by the target task since it will +trigger a SME access trap which will flush the register state. + +Disable SME traps when setting ZT, this means we also need to allocate +storage for SVE if it is not already allocated, for the benefit of +streaming SVE. + +Fixes: f90b529bcbe5 ("arm64/sme: Implement ZT0 ptrace support") +Signed-off-by: Mark Brown +Cc: # 6.3.x +Link: https://lore.kernel.org/r/20230816-arm64-zt-ptrace-first-use-v2-1-00aa82847e28@kernel.org +Signed-off-by: Catalin Marinas +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm64/kernel/ptrace.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/arch/arm64/kernel/ptrace.c b/arch/arm64/kernel/ptrace.c +index a31af7a1abe3..187aa2b175b4 100644 +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1177,6 +1177,11 @@ static int zt_set(struct task_struct *target, + if (!system_supports_sme2()) + return -EINVAL; + ++ /* Ensure SVE storage in case this is first use of SME */ ++ sve_alloc(target, false); ++ if (!target->thread.sve_state) ++ return -ENOMEM; ++ + if (!thread_za_enabled(&target->thread)) { + sme_alloc(target, true); + if (!target->thread.sme_state) +@@ -1186,8 +1191,10 @@ static int zt_set(struct task_struct *target, + ret = user_regset_copyin(&pos, &count, &kbuf, &ubuf, + thread_zt_state(&target->thread), + 0, ZT_SIG_REG_BYTES); +- if (ret == 0) ++ if (ret == 0) { + target->thread.svcr |= SVCR_ZA_MASK; ++ set_tsk_thread_flag(target, TIF_SME); ++ } + + fpsimd_flush_task_state(target); + +-- +2.41.0 + diff --git a/queue-6.4/blk-crypto-dynamically-allocate-fallback-profile.patch b/queue-6.4/blk-crypto-dynamically-allocate-fallback-profile.patch new file mode 100644 index 00000000000..f250cd64786 --- /dev/null +++ b/queue-6.4/blk-crypto-dynamically-allocate-fallback-profile.patch @@ -0,0 +1,129 @@ +From c984ff1423ae9f70b1f28ce811856db0d9c99021 Mon Sep 17 00:00:00 2001 +From: Sweet Tea Dorminy +Date: Thu, 17 Aug 2023 10:15:56 -0400 +Subject: blk-crypto: dynamically allocate fallback profile + +From: Sweet Tea Dorminy + +commit c984ff1423ae9f70b1f28ce811856db0d9c99021 upstream. + +blk_crypto_profile_init() calls lockdep_register_key(), which warns and +does not register if the provided memory is a static object. +blk-crypto-fallback currently has a static blk_crypto_profile and calls +blk_crypto_profile_init() thereupon, resulting in the warning and +failure to register. + +Fortunately it is simple enough to use a dynamically allocated profile +and make lockdep function correctly. + +Fixes: 2fb48d88e77f ("blk-crypto: use dynamic lock class for blk_crypto_profile::lock") +Cc: stable@vger.kernel.org +Signed-off-by: Sweet Tea Dorminy +Reviewed-by: Eric Biggers +Link: https://lore.kernel.org/r/20230817141615.15387-1-sweettea-kernel@dorminy.me +Signed-off-by: Jens Axboe +Signed-off-by: Greg Kroah-Hartman +--- + block/blk-crypto-fallback.c | 36 +++++++++++++++++++++++------------- + 1 file changed, 23 insertions(+), 13 deletions(-) + +--- a/block/blk-crypto-fallback.c ++++ b/block/blk-crypto-fallback.c +@@ -78,7 +78,7 @@ static struct blk_crypto_fallback_keyslo + struct crypto_skcipher *tfms[BLK_ENCRYPTION_MODE_MAX]; + } *blk_crypto_keyslots; + +-static struct blk_crypto_profile blk_crypto_fallback_profile; ++static struct blk_crypto_profile *blk_crypto_fallback_profile; + static struct workqueue_struct *blk_crypto_wq; + static mempool_t *blk_crypto_bounce_page_pool; + static struct bio_set crypto_bio_split; +@@ -292,7 +292,7 @@ static bool blk_crypto_fallback_encrypt_ + * Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for + * this bio's algorithm and key. + */ +- blk_st = blk_crypto_get_keyslot(&blk_crypto_fallback_profile, ++ blk_st = blk_crypto_get_keyslot(blk_crypto_fallback_profile, + bc->bc_key, &slot); + if (blk_st != BLK_STS_OK) { + src_bio->bi_status = blk_st; +@@ -395,7 +395,7 @@ static void blk_crypto_fallback_decrypt_ + * Get a blk-crypto-fallback keyslot that contains a crypto_skcipher for + * this bio's algorithm and key. + */ +- blk_st = blk_crypto_get_keyslot(&blk_crypto_fallback_profile, ++ blk_st = blk_crypto_get_keyslot(blk_crypto_fallback_profile, + bc->bc_key, &slot); + if (blk_st != BLK_STS_OK) { + bio->bi_status = blk_st; +@@ -499,7 +499,7 @@ bool blk_crypto_fallback_bio_prep(struct + return false; + } + +- if (!__blk_crypto_cfg_supported(&blk_crypto_fallback_profile, ++ if (!__blk_crypto_cfg_supported(blk_crypto_fallback_profile, + &bc->bc_key->crypto_cfg)) { + bio->bi_status = BLK_STS_NOTSUPP; + return false; +@@ -526,7 +526,7 @@ bool blk_crypto_fallback_bio_prep(struct + + int blk_crypto_fallback_evict_key(const struct blk_crypto_key *key) + { +- return __blk_crypto_evict_key(&blk_crypto_fallback_profile, key); ++ return __blk_crypto_evict_key(blk_crypto_fallback_profile, key); + } + + static bool blk_crypto_fallback_inited; +@@ -534,7 +534,6 @@ static int blk_crypto_fallback_init(void + { + int i; + int err; +- struct blk_crypto_profile *profile = &blk_crypto_fallback_profile; + + if (blk_crypto_fallback_inited) + return 0; +@@ -545,18 +544,27 @@ static int blk_crypto_fallback_init(void + if (err) + goto out; + +- err = blk_crypto_profile_init(profile, blk_crypto_num_keyslots); +- if (err) ++ /* Dynamic allocation is needed because of lockdep_register_key(). */ ++ blk_crypto_fallback_profile = ++ kzalloc(sizeof(*blk_crypto_fallback_profile), GFP_KERNEL); ++ if (!blk_crypto_fallback_profile) { ++ err = -ENOMEM; + goto fail_free_bioset; ++ } ++ ++ err = blk_crypto_profile_init(blk_crypto_fallback_profile, ++ blk_crypto_num_keyslots); ++ if (err) ++ goto fail_free_profile; + err = -ENOMEM; + +- profile->ll_ops = blk_crypto_fallback_ll_ops; +- profile->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE; ++ blk_crypto_fallback_profile->ll_ops = blk_crypto_fallback_ll_ops; ++ blk_crypto_fallback_profile->max_dun_bytes_supported = BLK_CRYPTO_MAX_IV_SIZE; + + /* All blk-crypto modes have a crypto API fallback. */ + for (i = 0; i < BLK_ENCRYPTION_MODE_MAX; i++) +- profile->modes_supported[i] = 0xFFFFFFFF; +- profile->modes_supported[BLK_ENCRYPTION_MODE_INVALID] = 0; ++ blk_crypto_fallback_profile->modes_supported[i] = 0xFFFFFFFF; ++ blk_crypto_fallback_profile->modes_supported[BLK_ENCRYPTION_MODE_INVALID] = 0; + + blk_crypto_wq = alloc_workqueue("blk_crypto_wq", + WQ_UNBOUND | WQ_HIGHPRI | +@@ -597,7 +605,9 @@ fail_free_keyslots: + fail_free_wq: + destroy_workqueue(blk_crypto_wq); + fail_destroy_profile: +- blk_crypto_profile_destroy(profile); ++ blk_crypto_profile_destroy(blk_crypto_fallback_profile); ++fail_free_profile: ++ kfree(blk_crypto_fallback_profile); + fail_free_bioset: + bioset_exit(&crypto_bio_split); + out: diff --git a/queue-6.4/cifs-release-folio-lock-on-fscache-read-hit.patch b/queue-6.4/cifs-release-folio-lock-on-fscache-read-hit.patch new file mode 100644 index 00000000000..f7630793ef3 --- /dev/null +++ b/queue-6.4/cifs-release-folio-lock-on-fscache-read-hit.patch @@ -0,0 +1,65 @@ +From 69513dd669e243928f7450893190915a88f84a2b Mon Sep 17 00:00:00 2001 +From: Russell Harmon via samba-technical +Date: Thu, 10 Aug 2023 00:19:22 -0700 +Subject: cifs: Release folio lock on fscache read hit. + +From: Russell Harmon via samba-technical + +commit 69513dd669e243928f7450893190915a88f84a2b upstream. + +Under the current code, when cifs_readpage_worker is called, the call +contract is that the callee should unlock the page. This is documented +in the read_folio section of Documentation/filesystems/vfs.rst as: + +> The filesystem should unlock the folio once the read has completed, +> whether it was successful or not. + +Without this change, when fscache is in use and cache hit occurs during +a read, the page lock is leaked, producing the following stack on +subsequent reads (via mmap) to the page: + +$ cat /proc/3890/task/12864/stack +[<0>] folio_wait_bit_common+0x124/0x350 +[<0>] filemap_read_folio+0xad/0xf0 +[<0>] filemap_fault+0x8b1/0xab0 +[<0>] __do_fault+0x39/0x150 +[<0>] do_fault+0x25c/0x3e0 +[<0>] __handle_mm_fault+0x6ca/0xc70 +[<0>] handle_mm_fault+0xe9/0x350 +[<0>] do_user_addr_fault+0x225/0x6c0 +[<0>] exc_page_fault+0x84/0x1b0 +[<0>] asm_exc_page_fault+0x27/0x30 + +This requires a reboot to resolve; it is a deadlock. + +Note however that the call to cifs_readpage_from_fscache does mark the +page clean, but does not free the folio lock. This happens in +__cifs_readpage_from_fscache on success. Releasing the lock at that +point however is not appropriate as cifs_readahead also calls +cifs_readpage_from_fscache and *does* unconditionally release the lock +after its return. This change therefore effectively makes +cifs_readpage_worker work like cifs_readahead. + +Signed-off-by: Russell Harmon +Acked-by: Paulo Alcantara (SUSE) +Reviewed-by: David Howells +Cc: stable@vger.kernel.org +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/client/file.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/smb/client/file.c ++++ b/fs/smb/client/file.c +@@ -4681,9 +4681,9 @@ static int cifs_readpage_worker(struct f + + io_error: + kunmap(page); +- unlock_page(page); + + read_complete: ++ unlock_page(page); + return rc; + } + diff --git a/queue-6.4/dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch b/queue-6.4/dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch new file mode 100644 index 00000000000..492fa373c5a --- /dev/null +++ b/queue-6.4/dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch @@ -0,0 +1,39 @@ +From f00295e890bbc8780cd2076ee17bc7a08a53091c Mon Sep 17 00:00:00 2001 +From: Shazad Hussain +Date: Wed, 19 Jul 2023 16:33:44 +0530 +Subject: dt-bindings: pinctrl: qcom,sa8775p-tlmm: add gpio function constant + +From: Shazad Hussain + +commit f00295e890bbc8780cd2076ee17bc7a08a53091c upstream. + +Alternative function 'gpio' is not listed in the constants for pin +configuration, so adding this constant to the list. + +Cc: stable@vger.kernel.org +Fixes: 9a2aaee23c79 ("dt-bindings: pinctrl: describe sa8775p-tlmm") +Signed-off-by: Shazad Hussain +Reviewed-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230719110344.19983-1-quic_shazhuss@quicinc.com +Signed-off-by: Linus Walleij +Signed-off-by: Greg Kroah-Hartman +--- + .../devicetree/bindings/pinctrl/qcom,sa8775p-tlmm.yaml | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/devicetree/bindings/pinctrl/qcom,sa8775p-tlmm.yaml b/Documentation/devicetree/bindings/pinctrl/qcom,sa8775p-tlmm.yaml +index e608a4f1bcae..e119a226a4b1 100644 +--- a/Documentation/devicetree/bindings/pinctrl/qcom,sa8775p-tlmm.yaml ++++ b/Documentation/devicetree/bindings/pinctrl/qcom,sa8775p-tlmm.yaml +@@ -87,7 +87,7 @@ $defs: + emac0_mdc, emac0_mdio, emac0_ptp_aux, emac0_ptp_pps, emac1_mcg0, + emac1_mcg1, emac1_mcg2, emac1_mcg3, emac1_mdc, emac1_mdio, + emac1_ptp_aux, emac1_ptp_pps, gcc_gp1, gcc_gp2, gcc_gp3, +- gcc_gp4, gcc_gp5, hs0_mi2s, hs1_mi2s, hs2_mi2s, ibi_i3c, ++ gcc_gp4, gcc_gp5, gpio, hs0_mi2s, hs1_mi2s, hs2_mi2s, ibi_i3c, + jitter_bist, mdp0_vsync0, mdp0_vsync1, mdp0_vsync2, mdp0_vsync3, + mdp0_vsync4, mdp0_vsync5, mdp0_vsync6, mdp0_vsync7, mdp0_vsync8, + mdp1_vsync0, mdp1_vsync1, mdp1_vsync2, mdp1_vsync3, mdp1_vsync4, +-- +2.41.0 + diff --git a/queue-6.4/media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch b/queue-6.4/media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch new file mode 100644 index 00000000000..b0dd59dc804 --- /dev/null +++ b/queue-6.4/media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch @@ -0,0 +1,44 @@ +From 6d00f4ec1205a01a6aac1fe3ce04d53a6b2ede59 Mon Sep 17 00:00:00 2001 +From: Laurent Pinchart +Date: Tue, 6 Jun 2023 18:55:30 +0200 +Subject: media: uvcvideo: Fix menu count handling for userspace XU mappings + +From: Laurent Pinchart + +commit 6d00f4ec1205a01a6aac1fe3ce04d53a6b2ede59 upstream. + +When commit 716c330433e3 ("media: uvcvideo: Use standard names for +menus") reworked the handling of menu controls, it inadvertently +replaced a GENMASK(n - 1, 0) with a BIT_MASK(n). The latter isn't +equivalent to the former, which broke adding XU mappings from userspace. +Fix it. + +Link: https://lore.kernel.org/linux-media/468a36ec-c3ac-cb47-e12f-5906239ae3cd@spahan.ch/ + +Cc: stable@vger.kernel.org +Reported-by: Poncho +Fixes: 716c330433e3 ("media: uvcvideo: Use standard names for menus") +Signed-off-by: Laurent Pinchart +Reviewed-by: Ricardo Ribalda +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Greg Kroah-Hartman +--- + drivers/media/usb/uvc/uvc_v4l2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c +index 5ac2a424b13d..f4988f03640a 100644 +--- a/drivers/media/usb/uvc/uvc_v4l2.c ++++ b/drivers/media/usb/uvc/uvc_v4l2.c +@@ -45,7 +45,7 @@ static int uvc_control_add_xu_mapping(struct uvc_video_chain *chain, + map->menu_names = NULL; + map->menu_mapping = NULL; + +- map->menu_mask = BIT_MASK(xmap->menu_count); ++ map->menu_mask = GENMASK(xmap->menu_count - 1, 0); + + size = xmap->menu_count * sizeof(*map->menu_mapping); + map->menu_mapping = kzalloc(size, GFP_KERNEL); +-- +2.41.0 + diff --git a/queue-6.4/mmc-block-fix-in_flight-value-error.patch b/queue-6.4/mmc-block-fix-in_flight-value-error.patch new file mode 100644 index 00000000000..3707717459f --- /dev/null +++ b/queue-6.4/mmc-block-fix-in_flight-value-error.patch @@ -0,0 +1,75 @@ +From 4b430d4ac99750ee2ae2f893f1055c7af1ec3dc5 Mon Sep 17 00:00:00 2001 +From: Yibin Ding +Date: Wed, 2 Aug 2023 10:30:23 +0800 +Subject: mmc: block: Fix in_flight[issue_type] value error + +From: Yibin Ding + +commit 4b430d4ac99750ee2ae2f893f1055c7af1ec3dc5 upstream. + +For a completed request, after the mmc_blk_mq_complete_rq(mq, req) +function is executed, the bitmap_tags corresponding to the +request will be cleared, that is, the request will be regarded as +idle. If the request is acquired by a different type of process at +this time, the issue_type of the request may change. It further +caused the value of mq->in_flight[issue_type] to be abnormal, +and a large number of requests could not be sent. + +p1: p2: +mmc_blk_mq_complete_rq + blk_mq_free_request + blk_mq_get_request + blk_mq_rq_ctx_init +mmc_blk_mq_dec_in_flight + mmc_issue_type(mq, req) + +This strategy can ensure the consistency of issue_type +before and after executing mmc_blk_mq_complete_rq. + +Fixes: 81196976ed94 ("mmc: block: Add blk-mq support") +Cc: stable@vger.kernel.org +Signed-off-by: Yibin Ding +Acked-by: Adrian Hunter +Link: https://lore.kernel.org/r/20230802023023.1318134-1-yunlong.xing@unisoc.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/core/block.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/drivers/mmc/core/block.c ++++ b/drivers/mmc/core/block.c +@@ -2097,14 +2097,14 @@ static void mmc_blk_mq_poll_completion(s + mmc_blk_urgent_bkops(mq, mqrq); + } + +-static void mmc_blk_mq_dec_in_flight(struct mmc_queue *mq, struct request *req) ++static void mmc_blk_mq_dec_in_flight(struct mmc_queue *mq, enum mmc_issue_type issue_type) + { + unsigned long flags; + bool put_card; + + spin_lock_irqsave(&mq->lock, flags); + +- mq->in_flight[mmc_issue_type(mq, req)] -= 1; ++ mq->in_flight[issue_type] -= 1; + + put_card = (mmc_tot_in_flight(mq) == 0); + +@@ -2117,6 +2117,7 @@ static void mmc_blk_mq_dec_in_flight(str + static void mmc_blk_mq_post_req(struct mmc_queue *mq, struct request *req, + bool can_sleep) + { ++ enum mmc_issue_type issue_type = mmc_issue_type(mq, req); + struct mmc_queue_req *mqrq = req_to_mmc_queue_req(req); + struct mmc_request *mrq = &mqrq->brq.mrq; + struct mmc_host *host = mq->card->host; +@@ -2136,7 +2137,7 @@ static void mmc_blk_mq_post_req(struct m + blk_mq_complete_request(req); + } + +- mmc_blk_mq_dec_in_flight(mq, req); ++ mmc_blk_mq_dec_in_flight(mq, issue_type); + } + + void mmc_blk_mq_recovery(struct mmc_queue *mq) diff --git a/queue-6.4/mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch b/queue-6.4/mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch new file mode 100644 index 00000000000..5c8b73b377f --- /dev/null +++ b/queue-6.4/mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch @@ -0,0 +1,52 @@ +From 58abdd80b93b09023ca03007b608685c41e3a289 Mon Sep 17 00:00:00 2001 +From: Yangtao Li +Date: Thu, 27 Jul 2023 15:00:51 +0800 +Subject: mmc: f-sdh30: fix order of function calls in sdhci_f_sdh30_remove +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Yangtao Li + +commit 58abdd80b93b09023ca03007b608685c41e3a289 upstream. + +The order of function calls in sdhci_f_sdh30_remove is wrong, +let's call sdhci_pltfm_unregister first. + +Cc: Uwe Kleine-König +Fixes: 5def5c1c15bf ("mmc: sdhci-f-sdh30: Replace with sdhci_pltfm") +Signed-off-by: Yangtao Li +Reported-by: Uwe Kleine-König +Acked-by: Uwe Kleine-König +Acked-by: Adrian Hunter +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230727070051.17778-62-frank.li@vivo.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/sdhci_f_sdh30.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +--- a/drivers/mmc/host/sdhci_f_sdh30.c ++++ b/drivers/mmc/host/sdhci_f_sdh30.c +@@ -210,13 +210,16 @@ static int sdhci_f_sdh30_remove(struct p + { + struct sdhci_host *host = platform_get_drvdata(pdev); + struct f_sdhost_priv *priv = sdhci_f_sdhost_priv(host); +- +- reset_control_assert(priv->rst); +- clk_disable_unprepare(priv->clk); +- clk_disable_unprepare(priv->clk_iface); ++ struct clk *clk_iface = priv->clk_iface; ++ struct reset_control *rst = priv->rst; ++ struct clk *clk = priv->clk; + + sdhci_pltfm_unregister(pdev); + ++ reset_control_assert(rst); ++ clk_disable_unprepare(clk); ++ clk_disable_unprepare(clk_iface); ++ + return 0; + } + diff --git a/queue-6.4/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch b/queue-6.4/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch new file mode 100644 index 00000000000..4f4c10fbdf8 --- /dev/null +++ b/queue-6.4/mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch @@ -0,0 +1,33 @@ +From d83035433701919ac6db15f7737cbf554c36c1a6 Mon Sep 17 00:00:00 2001 +From: Yang Yingliang +Date: Mon, 7 Aug 2023 20:44:42 +0800 +Subject: mmc: wbsd: fix double mmc_free_host() in wbsd_init() + +From: Yang Yingliang + +commit d83035433701919ac6db15f7737cbf554c36c1a6 upstream. + +mmc_free_host() has already be called in wbsd_free_mmc(), +remove the mmc_free_host() in error path in wbsd_init(). + +Fixes: dc5b9b50fc9d ("mmc: wbsd: fix return value check of mmc_add_host()") +Signed-off-by: Yang Yingliang +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230807124443.3431366-1-yangyingliang@huawei.com +Signed-off-by: Ulf Hansson +Signed-off-by: Greg Kroah-Hartman +--- + drivers/mmc/host/wbsd.c | 2 -- + 1 file changed, 2 deletions(-) + +--- a/drivers/mmc/host/wbsd.c ++++ b/drivers/mmc/host/wbsd.c +@@ -1705,8 +1705,6 @@ static int wbsd_init(struct device *dev, + + wbsd_release_resources(host); + wbsd_free_mmc(dev); +- +- mmc_free_host(mmc); + return ret; + } + diff --git a/queue-6.4/parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch b/queue-6.4/parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch new file mode 100644 index 00000000000..b4c7db6c193 --- /dev/null +++ b/queue-6.4/parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch @@ -0,0 +1,219 @@ +From 7a894c87374771f3cfb1b8e5453fbe03f1fb8135 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sun, 13 Aug 2023 22:11:19 +0200 +Subject: parisc: Fix CONFIG_TLB_PTLOCK to work with lightweight spinlock checks + +From: Helge Deller + +commit 7a894c87374771f3cfb1b8e5453fbe03f1fb8135 upstream. + +For the TLB_PTLOCK checks we used an optimization to store the spc +register into the spinlock to unlock it. This optimization works as +long as the lightweight spinlock checks (CONFIG_LIGHTWEIGHT_SPINLOCK_CHECK) +aren't enabled, because they really check if the lock word is zero or +__ARCH_SPIN_LOCK_UNLOCKED_VAL and abort with a kernel crash +("Spinlock was trashed") otherwise. + +Drop that optimization to make it possible to activate both checks +at the same time. + +Noticed-by: Sam James +Signed-off-by: Helge Deller +Tested-by: Sam James +Cc: stable@vger.kernel.org # v6.4+ +Fixes: 15e64ef6520e ("parisc: Add lightweight spinlock checks") +Signed-off-by: Greg Kroah-Hartman +--- + arch/parisc/kernel/entry.S | 47 +++++++++++++++++++------------------- + 1 file changed, 23 insertions(+), 24 deletions(-) + +diff --git a/arch/parisc/kernel/entry.S b/arch/parisc/kernel/entry.S +index 0e5ebfe8d9d2..ae03b8679696 100644 +--- a/arch/parisc/kernel/entry.S ++++ b/arch/parisc/kernel/entry.S +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -406,7 +407,7 @@ + LDREG 0(\ptp),\pte + bb,<,n \pte,_PAGE_PRESENT_BIT,3f + b \fault +- stw \spc,0(\tmp) ++ stw \tmp1,0(\tmp) + 99: ALTERNATIVE(98b, 99b, ALT_COND_NO_SMP, INSN_NOP) + #endif + 2: LDREG 0(\ptp),\pte +@@ -415,24 +416,22 @@ + .endm + + /* Release page_table_lock without reloading lock address. +- Note that the values in the register spc are limited to +- NR_SPACE_IDS (262144). Thus, the stw instruction always +- stores a nonzero value even when register spc is 64 bits. + We use an ordered store to ensure all prior accesses are + performed prior to releasing the lock. */ +- .macro ptl_unlock0 spc,tmp ++ .macro ptl_unlock0 spc,tmp,tmp2 + #ifdef CONFIG_TLB_PTLOCK +-98: or,COND(=) %r0,\spc,%r0 +- stw,ma \spc,0(\tmp) ++98: ldi __ARCH_SPIN_LOCK_UNLOCKED_VAL, \tmp2 ++ or,COND(=) %r0,\spc,%r0 ++ stw,ma \tmp2,0(\tmp) + 99: ALTERNATIVE(98b, 99b, ALT_COND_NO_SMP, INSN_NOP) + #endif + .endm + + /* Release page_table_lock. */ +- .macro ptl_unlock1 spc,tmp ++ .macro ptl_unlock1 spc,tmp,tmp2 + #ifdef CONFIG_TLB_PTLOCK + 98: get_ptl \tmp +- ptl_unlock0 \spc,\tmp ++ ptl_unlock0 \spc,\tmp,\tmp2 + 99: ALTERNATIVE(98b, 99b, ALT_COND_NO_SMP, INSN_NOP) + #endif + .endm +@@ -1125,7 +1124,7 @@ dtlb_miss_20w: + + idtlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1151,7 +1150,7 @@ nadtlb_miss_20w: + + idtlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1185,7 +1184,7 @@ dtlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1218,7 +1217,7 @@ nadtlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1247,7 +1246,7 @@ dtlb_miss_20: + + idtlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1275,7 +1274,7 @@ nadtlb_miss_20: + + idtlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1320,7 +1319,7 @@ itlb_miss_20w: + + iitlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1344,7 +1343,7 @@ naitlb_miss_20w: + + iitlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1378,7 +1377,7 @@ itlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1402,7 +1401,7 @@ naitlb_miss_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1432,7 +1431,7 @@ itlb_miss_20: + + iitlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1452,7 +1451,7 @@ naitlb_miss_20: + + iitlbt pte,prot + +- ptl_unlock1 spc,t0 ++ ptl_unlock1 spc,t0,t1 + rfir + nop + +@@ -1482,7 +1481,7 @@ dbit_trap_20w: + + idtlbt pte,prot + +- ptl_unlock0 spc,t0 ++ ptl_unlock0 spc,t0,t1 + rfir + nop + #else +@@ -1508,7 +1507,7 @@ dbit_trap_11: + + mtsp t1, %sr1 /* Restore sr1 */ + +- ptl_unlock0 spc,t0 ++ ptl_unlock0 spc,t0,t1 + rfir + nop + +@@ -1528,7 +1527,7 @@ dbit_trap_20: + + idtlbt pte,prot + +- ptl_unlock0 spc,t0 ++ ptl_unlock0 spc,t0,t1 + rfir + nop + #endif +-- +2.41.0 + diff --git a/queue-6.4/regulator-da9063-better-fix-null-deref-with-partial-dt.patch b/queue-6.4/regulator-da9063-better-fix-null-deref-with-partial-dt.patch new file mode 100644 index 00000000000..82f71c1e801 --- /dev/null +++ b/queue-6.4/regulator-da9063-better-fix-null-deref-with-partial-dt.patch @@ -0,0 +1,62 @@ +From 30c694fd4a99fbbc4115d180156ca01b60953371 Mon Sep 17 00:00:00 2001 +From: Martin Fuzzey +Date: Fri, 4 Aug 2023 10:34:30 +0200 +Subject: regulator: da9063: better fix null deref with partial DT + +From: Martin Fuzzey + +commit 30c694fd4a99fbbc4115d180156ca01b60953371 upstream. + +Two versions of the original patch were sent but V1 was merged instead +of V2 due to a mistake. + +So update to V2. + +The advantage of V2 is that it completely avoids dereferencing the pointer, +even just to take the address, which may fix problems with some compilers. +Both versions work on my gcc 9.4 but use the safer one. + +Fixes: 98e2dd5f7a8b ("regulator: da9063: fix null pointer deref with partial DT config") +Signed-off-by: Martin Fuzzey +Tested-by: Benjamin Bara +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230804083514.1887124-1-martin.fuzzey@flowbird.group +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/regulator/da9063-regulator.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/regulator/da9063-regulator.c b/drivers/regulator/da9063-regulator.c +index dfd5ec9f75c9..a0621665a6d2 100644 +--- a/drivers/regulator/da9063-regulator.c ++++ b/drivers/regulator/da9063-regulator.c +@@ -778,9 +778,6 @@ static int da9063_check_xvp_constraints(struct regulator_config *config) + const struct notification_limit *uv_l = &constr->under_voltage_limits; + const struct notification_limit *ov_l = &constr->over_voltage_limits; + +- if (!config->init_data) /* No config in DT, pointers will be invalid */ +- return 0; +- + /* make sure that only one severity is used to clarify if unchanged, enabled or disabled */ + if ((!!uv_l->prot + !!uv_l->err + !!uv_l->warn) > 1) { + dev_err(config->dev, "%s: at most one voltage monitoring severity allowed!\n", +@@ -1031,9 +1028,12 @@ static int da9063_regulator_probe(struct platform_device *pdev) + config.of_node = da9063_reg_matches[id].of_node; + config.regmap = da9063->regmap; + +- ret = da9063_check_xvp_constraints(&config); +- if (ret) +- return ret; ++ /* Checking constraints requires init_data from DT. */ ++ if (config.init_data) { ++ ret = da9063_check_xvp_constraints(&config); ++ if (ret) ++ return ret; ++ } + + regl->rdev = devm_regulator_register(&pdev->dev, ®l->desc, + &config); +-- +2.41.0 + diff --git a/queue-6.4/riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch b/queue-6.4/riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch new file mode 100644 index 00000000000..7eeae8272e5 --- /dev/null +++ b/queue-6.4/riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch @@ -0,0 +1,111 @@ +From ca09f772cccaeec4cd05a21528c37a260aa2dd2c Mon Sep 17 00:00:00 2001 +From: Mingzheng Xing +Date: Thu, 10 Aug 2023 00:56:48 +0800 +Subject: riscv: Handle zicsr/zifencei issue between gcc and binutils + +From: Mingzheng Xing + +commit ca09f772cccaeec4cd05a21528c37a260aa2dd2c upstream. + +Binutils-2.38 and GCC-12.1.0 bumped[0][1] the default ISA spec to the newer +20191213 version which moves some instructions from the I extension to the +Zicsr and Zifencei extensions. So if one of the binutils and GCC exceeds +that version, we should explicitly specifying Zicsr and Zifencei via -march +to cope with the new changes. but this only occurs when binutils >= 2.36 +and GCC >= 11.1.0. It's a different story when binutils < 2.36. + +binutils-2.36 supports the Zifencei extension[2] and splits Zifencei and +Zicsr from I[3]. GCC-11.1.0 is particular[4] because it add support Zicsr +and Zifencei extension for -march. binutils-2.35 does not support the +Zifencei extension, and does not need to specify Zicsr and Zifencei when +working with GCC >= 12.1.0. + +To make our lives easier, let's relax the check to binutils >= 2.36 in +CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI. For the other two cases, +where clang < 17 or GCC < 11.1.0, we will deal with them in +CONFIG_TOOLCHAIN_NEEDS_OLD_ISA_SPEC. + +For more information, please refer to: +commit 6df2a016c0c8 ("riscv: fix build with binutils 2.38") +commit e89c2e815e76 ("riscv: Handle zicsr/zifencei issues between clang and binutils") + +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=aed44286efa8ae8717a77d94b51ac3614e2ca6dc [0] +Link: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=98416dbb0a62579d4a7a4a76bab51b5b52fec2cd [1] +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=5a1b31e1e1cee6e9f1c92abff59cdcfff0dddf30 [2] +Link: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=729a53530e86972d1143553a415db34e6e01d5d2 [3] +Link: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b03be74bad08c382da47e048007a78fa3fb4ef49 [4] +Link: https://lore.kernel.org/all/20230308220842.1231003-1-conor@kernel.org +Link: https://lore.kernel.org/all/20230223220546.52879-1-conor@kernel.org +Reviewed-by: Conor Dooley +Acked-by: Guo Ren +Cc: +Signed-off-by: Mingzheng Xing +Link: https://lore.kernel.org/r/20230809165648.21071-1-xingmingzheng@iscas.ac.cn +Signed-off-by: Palmer Dabbelt +Signed-off-by: Greg Kroah-Hartman +--- + arch/riscv/Kconfig | 28 +++++++++++++++++----------- + arch/riscv/kernel/compat_vdso/Makefile | 8 +++++++- + 2 files changed, 24 insertions(+), 12 deletions(-) + +--- a/arch/riscv/Kconfig ++++ b/arch/riscv/Kconfig +@@ -525,24 +525,30 @@ config TOOLCHAIN_HAS_ZIHINTPAUSE + config TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI + def_bool y + # https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=aed44286efa8ae8717a77d94b51ac3614e2ca6dc +- depends on AS_IS_GNU && AS_VERSION >= 23800 ++ # https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=98416dbb0a62579d4a7a4a76bab51b5b52fec2cd ++ depends on AS_IS_GNU && AS_VERSION >= 23600 + help +- Newer binutils versions default to ISA spec version 20191213 which +- moves some instructions from the I extension to the Zicsr and Zifencei +- extensions. ++ Binutils-2.38 and GCC-12.1.0 bumped the default ISA spec to the newer ++ 20191213 version, which moves some instructions from the I extension to ++ the Zicsr and Zifencei extensions. This requires explicitly specifying ++ Zicsr and Zifencei when binutils >= 2.38 or GCC >= 12.1.0. Zicsr ++ and Zifencei are supported in binutils from version 2.36 onwards. ++ To make life easier, and avoid forcing toolchains that default to a ++ newer ISA spec to version 2.2, relax the check to binutils >= 2.36. ++ For clang < 17 or GCC < 11.1.0, for which this is not possible, this is ++ dealt with in CONFIG_TOOLCHAIN_NEEDS_OLD_ISA_SPEC. + + config TOOLCHAIN_NEEDS_OLD_ISA_SPEC + def_bool y + depends on TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI + # https://github.com/llvm/llvm-project/commit/22e199e6afb1263c943c0c0d4498694e15bf8a16 +- depends on CC_IS_CLANG && CLANG_VERSION < 170000 ++ # https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=b03be74bad08c382da47e048007a78fa3fb4ef49 ++ depends on (CC_IS_CLANG && CLANG_VERSION < 170000) || (CC_IS_GCC && GCC_VERSION < 110100) + help +- Certain versions of clang do not support zicsr and zifencei via -march +- but newer versions of binutils require it for the reasons noted in the +- help text of CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI. This +- option causes an older ISA spec compatible with these older versions +- of clang to be passed to GAS, which has the same result as passing zicsr +- and zifencei to -march. ++ Certain versions of clang and GCC do not support zicsr and zifencei via ++ -march. This option causes an older ISA spec compatible with these older ++ versions of clang and GCC to be passed to GAS, which has the same result ++ as passing zicsr and zifencei to -march. + + config FPU + bool "FPU support" +--- a/arch/riscv/kernel/compat_vdso/Makefile ++++ b/arch/riscv/kernel/compat_vdso/Makefile +@@ -11,7 +11,13 @@ compat_vdso-syms += flush_icache + COMPAT_CC := $(CC) + COMPAT_LD := $(LD) + +-COMPAT_CC_FLAGS := -march=rv32g -mabi=ilp32 ++# binutils 2.35 does not support the zifencei extension, but in the ISA ++# spec 20191213, G stands for IMAFD_ZICSR_ZIFENCEI. ++ifdef CONFIG_TOOLCHAIN_NEEDS_EXPLICIT_ZICSR_ZIFENCEI ++ COMPAT_CC_FLAGS := -march=rv32g -mabi=ilp32 ++else ++ COMPAT_CC_FLAGS := -march=rv32imafd -mabi=ilp32 ++endif + COMPAT_LD_FLAGS := -melf32lriscv + + # Disable attributes, as they're useless and break the build. diff --git a/queue-6.4/series b/queue-6.4/series index 6ee20b5bde9..77cb93de993 100644 --- a/queue-6.4/series +++ b/queue-6.4/series @@ -203,3 +203,19 @@ riscv-entry-set-a0-enosys-only-when-syscall-1.patch riscv-correct-riscv_insn_is_c_jr-and-riscv_insn_is_c.patch riscv-uaccess-return-the-number-of-bytes-effectively.patch serial-8250-fix-oops-for-port-pm-on-uart_change_pm.patch +alsa-usb-audio-add-support-for-mythware-xa001au-capture-and-playback-interfaces.patch +cifs-release-folio-lock-on-fscache-read-hit.patch +parisc-fix-config_tlb_ptlock-to-work-with-lightweight-spinlock-checks.patch +riscv-handle-zicsr-zifencei-issue-between-gcc-and-binutils.patch +smb-client-fix-null-auth.patch +regulator-da9063-better-fix-null-deref-with-partial-dt.patch +virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch +arm64-dts-rockchip-fix-wifi-bluetooth-on-rock-pi-4-boards.patch +arm64-ptrace-ensure-that-sme-is-set-up-for-target-when-writing-ssve-state.patch +arm64-ptrace-ensure-that-the-task-sees-zt-writes-on-first-use.patch +blk-crypto-dynamically-allocate-fallback-profile.patch +media-uvcvideo-fix-menu-count-handling-for-userspace-xu-mappings.patch +dt-bindings-pinctrl-qcom-sa8775p-tlmm-add-gpio-function-constant.patch +mmc-f-sdh30-fix-order-of-function-calls-in-sdhci_f_sdh30_remove.patch +mmc-wbsd-fix-double-mmc_free_host-in-wbsd_init.patch +mmc-block-fix-in_flight-value-error.patch diff --git a/queue-6.4/smb-client-fix-null-auth.patch b/queue-6.4/smb-client-fix-null-auth.patch new file mode 100644 index 00000000000..3138cd1b689 --- /dev/null +++ b/queue-6.4/smb-client-fix-null-auth.patch @@ -0,0 +1,49 @@ +From 270d73e6507f9c7fff43844d74f86365df000b36 Mon Sep 17 00:00:00 2001 +From: Scott Mayhew +Date: Wed, 16 Aug 2023 00:23:56 -0500 +Subject: smb: client: fix null auth + +From: Scott Mayhew + +commit 270d73e6507f9c7fff43844d74f86365df000b36 upstream. + +Commit abdb1742a312 removed code that clears ctx->username when sec=none, so attempting +to mount with '-o sec=none' now fails with -EACCES. Fix it by adding that logic to the +parsing of the 'sec' option, as well as checking if the mount is using null auth before +setting the username when parsing the 'user' option. + +Fixes: abdb1742a312 ("cifs: get rid of mount options string parsing") +Cc: stable@vger.kernel.org +Signed-off-by: Scott Mayhew +Reviewed-by: Paulo Alcantara (SUSE) +Signed-off-by: Steve French +Signed-off-by: Greg Kroah-Hartman +--- + fs/smb/client/fs_context.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/fs/smb/client/fs_context.c b/fs/smb/client/fs_context.c +index 4946a0c59600..67e16c2ac90e 100644 +--- a/fs/smb/client/fs_context.c ++++ b/fs/smb/client/fs_context.c +@@ -231,6 +231,8 @@ cifs_parse_security_flavors(struct fs_context *fc, char *value, struct smb3_fs_c + break; + case Opt_sec_none: + ctx->nullauth = 1; ++ kfree(ctx->username); ++ ctx->username = NULL; + break; + default: + cifs_errorf(fc, "bad security option: %s\n", value); +@@ -1201,6 +1203,8 @@ static int smb3_fs_context_parse_param(struct fs_context *fc, + case Opt_user: + kfree(ctx->username); + ctx->username = NULL; ++ if (ctx->nullauth) ++ break; + if (strlen(param->string) == 0) { + /* null user, ie. anonymous authentication */ + ctx->nullauth = 1; +-- +2.41.0 + diff --git a/queue-6.4/virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch b/queue-6.4/virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch new file mode 100644 index 00000000000..5c4930c346d --- /dev/null +++ b/queue-6.4/virtio-net-zero-max_tx_vq-field-for-virtio_net_ctrl_mq_hash_config-case.patch @@ -0,0 +1,55 @@ +From 2c507ce90e02cd78d00fd4b0fe26c8641873c13f Mon Sep 17 00:00:00 2001 +From: Hawkins Jiawei +Date: Thu, 10 Aug 2023 19:04:05 +0800 +Subject: virtio-net: Zero max_tx_vq field for VIRTIO_NET_CTRL_MQ_HASH_CONFIG case +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Hawkins Jiawei + +commit 2c507ce90e02cd78d00fd4b0fe26c8641873c13f upstream. + +Kernel uses `struct virtio_net_ctrl_rss` to save command-specific-data +for both the VIRTIO_NET_CTRL_MQ_HASH_CONFIG and +VIRTIO_NET_CTRL_MQ_RSS_CONFIG commands. + +According to the VirtIO standard, "Field reserved MUST contain zeroes. +It is defined to make the structure to match the layout of +virtio_net_rss_config structure, defined in 5.1.6.5.7.". + +Yet for the VIRTIO_NET_CTRL_MQ_HASH_CONFIG command case, the `max_tx_vq` +field in struct virtio_net_ctrl_rss, which corresponds to the +`reserved` field in struct virtio_net_hash_config, is not zeroed, +thereby violating the VirtIO standard. + +This patch solves this problem by zeroing this field in +virtnet_init_default_rss(). + +Cc: Andrew Melnychenko +Cc: stable@vger.kernel.org +Fixes: c7114b1249fa ("drivers/net/virtio_net: Added basic RSS support.") +Signed-off-by: Hawkins Jiawei +Acked-by: Jason Wang +Acked-by: Eugenio Pérez +Acked-by: Michael S. Tsirkin +Message-Id: <20230810110405.25558-1-yin31149@gmail.com> +Signed-off-by: Michael S. Tsirkin +Reviewed-by: Xuan Zhuo +Acked-by: Jason Wang +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/virtio_net.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -2652,7 +2652,7 @@ static void virtnet_init_default_rss(str + vi->ctrl->rss.indirection_table[i] = indir_val; + } + +- vi->ctrl->rss.max_tx_vq = vi->curr_queue_pairs; ++ vi->ctrl->rss.max_tx_vq = vi->has_rss ? vi->curr_queue_pairs : 0; + vi->ctrl->rss.hash_key_length = vi->rss_key_size; + + netdev_rss_key_fill(vi->ctrl->rss.key, vi->rss_key_size); -- 2.47.3