From 8b125e3957c0b5a795b9674186e6eb265a5412e8 Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Mon, 21 Apr 2025 07:19:44 -0400 Subject: [PATCH] Fixes for 6.12 Signed-off-by: Sasha Levin --- ...decrement-refcount-on-error-in-sw_sy.patch | 71 +++++++ ...-msm-a6xx-don-t-let-ib_size-overflow.patch | 78 ++++++++ ...rect-dispatch-configuration-for-v3d-.patch | 77 ++++++++ ...bdex_statx-call-to-vfs_getattr_nosec.patch | 127 ++++++++++++ ...ttr-interface-function-checking-at_g.patch | 187 ++++++++++++++++++ ...harmless-garbage-value-problem-in-vf.patch | 57 ++++++ ...rect-hash-size-in-register_ftrace_di.patch | 44 +++++ queue-6.12/i2c-atr-fix-wrong-include.patch | 49 +++++ ...d-missing-selections-of-config_crc32.patch | 179 +++++++++++++++++ ..._count-directly-if-fail-to-queue-dl_.patch | 75 +++++++ queue-6.12/series | 10 + 11 files changed, 954 insertions(+) create mode 100644 queue-6.12/dma-buf-sw_sync-decrement-refcount-on-error-in-sw_sy.patch create mode 100644 queue-6.12/drm-msm-a6xx-don-t-let-ib_size-overflow.patch create mode 100644 queue-6.12/drm-v3d-fix-indirect-dispatch-configuration-for-v3d-.patch create mode 100644 queue-6.12/fs-move-the-bdex_statx-call-to-vfs_getattr_nosec.patch create mode 100644 queue-6.12/fs-simplify-getattr-interface-function-checking-at_g.patch create mode 100644 queue-6.12/fs-stat.c-avoid-harmless-garbage-value-problem-in-vf.patch create mode 100644 queue-6.12/ftrace-fix-incorrect-hash-size-in-register_ftrace_di.patch create mode 100644 queue-6.12/i2c-atr-fix-wrong-include.patch create mode 100644 queue-6.12/nfs-add-missing-selections-of-config_crc32.patch create mode 100644 queue-6.12/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch diff --git a/queue-6.12/dma-buf-sw_sync-decrement-refcount-on-error-in-sw_sy.patch b/queue-6.12/dma-buf-sw_sync-decrement-refcount-on-error-in-sw_sy.patch new file mode 100644 index 0000000000..14c4cd1763 --- /dev/null +++ b/queue-6.12/dma-buf-sw_sync-decrement-refcount-on-error-in-sw_sy.patch @@ -0,0 +1,71 @@ +From 1a60f88d5fbfad5c784daff46f2f06d22daecede Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Apr 2025 14:01:26 +0300 +Subject: dma-buf/sw_sync: Decrement refcount on error in + sw_sync_ioctl_get_deadline() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Dan Carpenter + +[ Upstream commit d27326a9999286fa45ad063f760e63329254f130 ] + +Call dma_fence_put(fence) before returning an error if +dma_fence_to_sync_pt() fails. Use an unwind ladder at the +end of the function to do the cleanup. + +Fixes: 70e67aaec2f4 ("dma-buf/sw_sync: Add fence deadline support") +Signed-off-by: Dan Carpenter +Reviewed-by: Christian König +Link: https://patchwork.freedesktop.org/patch/msgid/a010a1ac-107b-4fc0-a052-9fd3706ad690@stanley.mountain +Signed-off-by: Christian König +Signed-off-by: Sasha Levin +--- + drivers/dma-buf/sw_sync.c | 19 ++++++++++++++----- + 1 file changed, 14 insertions(+), 5 deletions(-) + +diff --git a/drivers/dma-buf/sw_sync.c b/drivers/dma-buf/sw_sync.c +index c353029789cf1..1290886f065e3 100644 +--- a/drivers/dma-buf/sw_sync.c ++++ b/drivers/dma-buf/sw_sync.c +@@ -444,15 +444,17 @@ static int sw_sync_ioctl_get_deadline(struct sync_timeline *obj, unsigned long a + return -EINVAL; + + pt = dma_fence_to_sync_pt(fence); +- if (!pt) +- return -EINVAL; ++ if (!pt) { ++ ret = -EINVAL; ++ goto put_fence; ++ } + + spin_lock_irqsave(fence->lock, flags); +- if (test_bit(SW_SYNC_HAS_DEADLINE_BIT, &fence->flags)) { +- data.deadline_ns = ktime_to_ns(pt->deadline); +- } else { ++ if (!test_bit(SW_SYNC_HAS_DEADLINE_BIT, &fence->flags)) { + ret = -ENOENT; ++ goto unlock; + } ++ data.deadline_ns = ktime_to_ns(pt->deadline); + spin_unlock_irqrestore(fence->lock, flags); + + dma_fence_put(fence); +@@ -464,6 +466,13 @@ static int sw_sync_ioctl_get_deadline(struct sync_timeline *obj, unsigned long a + return -EFAULT; + + return 0; ++ ++unlock: ++ spin_unlock_irqrestore(fence->lock, flags); ++put_fence: ++ dma_fence_put(fence); ++ ++ return ret; + } + + static long sw_sync_ioctl(struct file *file, unsigned int cmd, +-- +2.39.5 + diff --git a/queue-6.12/drm-msm-a6xx-don-t-let-ib_size-overflow.patch b/queue-6.12/drm-msm-a6xx-don-t-let-ib_size-overflow.patch new file mode 100644 index 0000000000..51e1021b4b --- /dev/null +++ b/queue-6.12/drm-msm-a6xx-don-t-let-ib_size-overflow.patch @@ -0,0 +1,78 @@ +From 45123e6f691ab09fb06c6d8a403e2e0065b2370f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Mar 2025 08:00:06 -0700 +Subject: drm/msm/a6xx+: Don't let IB_SIZE overflow + +From: Rob Clark + +[ Upstream commit 9d78f02503227d3554d26cf8ca73276105c98f3e ] + +IB_SIZE is only b0..b19. Starting with a6xx gen3, additional fields +were added above the IB_SIZE. Accidentially setting them can cause +badness. Fix this by properly defining the CP_INDIRECT_BUFFER packet +and using the generated builder macro to ensure unintended bits are not +set. + +v2: add missing type attribute for IB_BASE +v3: fix offset attribute in xml + +Reported-by: Connor Abbott +Fixes: a83366ef19ea ("drm/msm/a6xx: add A640/A650 to gpulist") +Signed-off-by: Rob Clark +Patchwork: https://patchwork.freedesktop.org/patch/643396/ +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/msm/adreno/a6xx_gpu.c | 8 ++++---- + drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml | 7 +++++++ + 2 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +index 702b8d4b34972..d903ad9c0b5fb 100644 +--- a/drivers/gpu/drm/msm/adreno/a6xx_gpu.c ++++ b/drivers/gpu/drm/msm/adreno/a6xx_gpu.c +@@ -233,10 +233,10 @@ static void a6xx_submit(struct msm_gpu *gpu, struct msm_gem_submit *submit) + break; + fallthrough; + case MSM_SUBMIT_CMD_BUF: +- OUT_PKT7(ring, CP_INDIRECT_BUFFER_PFE, 3); ++ OUT_PKT7(ring, CP_INDIRECT_BUFFER, 3); + OUT_RING(ring, lower_32_bits(submit->cmd[i].iova)); + OUT_RING(ring, upper_32_bits(submit->cmd[i].iova)); +- OUT_RING(ring, submit->cmd[i].size); ++ OUT_RING(ring, A5XX_CP_INDIRECT_BUFFER_2_IB_SIZE(submit->cmd[i].size)); + ibs++; + break; + } +@@ -319,10 +319,10 @@ static void a7xx_submit(struct msm_gpu *gpu, struct msm_gem_submit *submit) + break; + fallthrough; + case MSM_SUBMIT_CMD_BUF: +- OUT_PKT7(ring, CP_INDIRECT_BUFFER_PFE, 3); ++ OUT_PKT7(ring, CP_INDIRECT_BUFFER, 3); + OUT_RING(ring, lower_32_bits(submit->cmd[i].iova)); + OUT_RING(ring, upper_32_bits(submit->cmd[i].iova)); +- OUT_RING(ring, submit->cmd[i].size); ++ OUT_RING(ring, A5XX_CP_INDIRECT_BUFFER_2_IB_SIZE(submit->cmd[i].size)); + ibs++; + break; + } +diff --git a/drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml b/drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml +index cab01af55d222..c6cdc5c003dc0 100644 +--- a/drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml ++++ b/drivers/gpu/drm/msm/registers/adreno/adreno_pm4.xml +@@ -2264,5 +2264,12 @@ opcode: CP_LOAD_STATE4 (30) (4 dwords) + + + ++ ++ ++ ++ ++ ++ ++ + + +-- +2.39.5 + diff --git a/queue-6.12/drm-v3d-fix-indirect-dispatch-configuration-for-v3d-.patch b/queue-6.12/drm-v3d-fix-indirect-dispatch-configuration-for-v3d-.patch new file mode 100644 index 0000000000..8880a7f783 --- /dev/null +++ b/queue-6.12/drm-v3d-fix-indirect-dispatch-configuration-for-v3d-.patch @@ -0,0 +1,77 @@ +From 86dc6232623a2c43d83120810d8e4d067b94d7fc Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Apr 2025 17:50:06 -0300 +Subject: drm/v3d: Fix Indirect Dispatch configuration for V3D 7.1.6 and later +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Maíra Canal + +[ Upstream commit dcdae6e92d4e062da29235fe88980604595e3f0f ] + +This commit is a resubmission of commit 1fe1c66274fb ("drm/v3d: Fix +Indirect Dispatch configuration for V3D 7.1.6 and later"), which was +accidentally reverted by commit 91dae758bdb8 ("Merge tag +'drm-misc-next-2024-08-01' of https://gitlab.freedesktop.org/drm/misc/kernel +into drm-next"), likely due to an unfortunate conflict resolution. + +From the original commit message: + +``` +`args->cfg[4]` is configured in Indirect Dispatch using the number of +batches. Currently, for all V3D tech versions, `args->cfg[4]` equals the +number of batches subtracted by 1. But, for V3D 7.1.6 and later, we must not +subtract 1 from the number of batches. + +Implement the fix by checking the V3D tech version and revision. + +Fixes several `dEQP-VK.synchronization*` CTS tests related to Indirect Dispatch. +``` + +Fixes: 91dae758bdb8 ("Merge tag 'drm-misc-next-2024-08-01' of https://gitlab.freedesktop.org/drm/misc/kernel into drm-next") +Signed-off-by: Maíra Canal +Reviewed-by: Iago Toral Quiroga +Link: https://lore.kernel.org/r/20250409205051.9639-1-mcanal@igalia.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/v3d/v3d_sched.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/v3d/v3d_sched.c b/drivers/gpu/drm/v3d/v3d_sched.c +index 3066cfdb054cc..4a6aa36619fe3 100644 +--- a/drivers/gpu/drm/v3d/v3d_sched.c ++++ b/drivers/gpu/drm/v3d/v3d_sched.c +@@ -410,7 +410,8 @@ v3d_rewrite_csd_job_wg_counts_from_indirect(struct v3d_cpu_job *job) + struct v3d_bo *bo = to_v3d_bo(job->base.bo[0]); + struct v3d_bo *indirect = to_v3d_bo(indirect_csd->indirect); + struct drm_v3d_submit_csd *args = &indirect_csd->job->args; +- u32 *wg_counts; ++ struct v3d_dev *v3d = job->base.v3d; ++ u32 num_batches, *wg_counts; + + v3d_get_bo_vaddr(bo); + v3d_get_bo_vaddr(indirect); +@@ -423,8 +424,17 @@ v3d_rewrite_csd_job_wg_counts_from_indirect(struct v3d_cpu_job *job) + args->cfg[0] = wg_counts[0] << V3D_CSD_CFG012_WG_COUNT_SHIFT; + args->cfg[1] = wg_counts[1] << V3D_CSD_CFG012_WG_COUNT_SHIFT; + args->cfg[2] = wg_counts[2] << V3D_CSD_CFG012_WG_COUNT_SHIFT; +- args->cfg[4] = DIV_ROUND_UP(indirect_csd->wg_size, 16) * +- (wg_counts[0] * wg_counts[1] * wg_counts[2]) - 1; ++ ++ num_batches = DIV_ROUND_UP(indirect_csd->wg_size, 16) * ++ (wg_counts[0] * wg_counts[1] * wg_counts[2]); ++ ++ /* V3D 7.1.6 and later don't subtract 1 from the number of batches */ ++ if (v3d->ver < 71 || (v3d->ver == 71 && v3d->rev < 6)) ++ args->cfg[4] = num_batches - 1; ++ else ++ args->cfg[4] = num_batches; ++ ++ WARN_ON(args->cfg[4] == ~0); + + for (int i = 0; i < 3; i++) { + /* 0xffffffff indicates that the uniform rewrite is not needed */ +-- +2.39.5 + diff --git a/queue-6.12/fs-move-the-bdex_statx-call-to-vfs_getattr_nosec.patch b/queue-6.12/fs-move-the-bdex_statx-call-to-vfs_getattr_nosec.patch new file mode 100644 index 0000000000..242af65f89 --- /dev/null +++ b/queue-6.12/fs-move-the-bdex_statx-call-to-vfs_getattr_nosec.patch @@ -0,0 +1,127 @@ +From ac96e4171af6fe91c6bc75cf4ea1e648e5500a55 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 17 Apr 2025 08:40:42 +0200 +Subject: fs: move the bdex_statx call to vfs_getattr_nosec +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Christoph Hellwig + +[ Upstream commit 777d0961ff95b26d5887fdae69900374364976f3 ] + +Currently bdex_statx is only called from the very high-level +vfs_statx_path function, and thus bypassing it for in-kernel calls +to vfs_getattr or vfs_getattr_nosec. + +This breaks querying the block ѕize of the underlying device in the +loop driver and also is a pitfall for any other new kernel caller. + +Move the call into the lowest level helper to ensure all callers get +the right results. + +Fixes: 2d985f8c6b91 ("vfs: support STATX_DIOALIGN on block devices") +Fixes: f4774e92aab8 ("loop: take the file system minimum dio alignment into account") +Reported-by: "Darrick J. Wong" +Signed-off-by: Christoph Hellwig +Link: https://lore.kernel.org/20250417064042.712140-1-hch@lst.de +Signed-off-by: Christian Brauner +Signed-off-by: Sasha Levin +--- + block/bdev.c | 3 +-- + fs/stat.c | 32 ++++++++++++++++++-------------- + include/linux/blkdev.h | 6 +++--- + 3 files changed, 22 insertions(+), 19 deletions(-) + +diff --git a/block/bdev.c b/block/bdev.c +index 738e3c8457e7f..1f1282a0dc653 100644 +--- a/block/bdev.c ++++ b/block/bdev.c +@@ -1269,8 +1269,7 @@ void sync_bdevs(bool wait) + /* + * Handle STATX_{DIOALIGN, WRITE_ATOMIC} for block devices. + */ +-void bdev_statx(struct path *path, struct kstat *stat, +- u32 request_mask) ++void bdev_statx(const struct path *path, struct kstat *stat, u32 request_mask) + { + struct inode *backing_inode; + struct block_device *bdev; +diff --git a/fs/stat.c b/fs/stat.c +index b399b881bbbf9..8ce0fc9cad5d0 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -162,12 +162,25 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, + STATX_ATTR_DAX); + + idmap = mnt_idmap(path->mnt); +- if (inode->i_op->getattr) +- return inode->i_op->getattr(idmap, path, stat, +- request_mask, +- query_flags); ++ if (inode->i_op->getattr) { ++ int ret; ++ ++ ret = inode->i_op->getattr(idmap, path, stat, request_mask, ++ query_flags); ++ if (ret) ++ return ret; ++ } else { ++ generic_fillattr(idmap, request_mask, inode, stat); ++ } ++ ++ /* ++ * If this is a block device inode, override the filesystem attributes ++ * with the block device specific parameters that need to be obtained ++ * from the bdev backing inode. ++ */ ++ if (S_ISBLK(stat->mode)) ++ bdev_statx(path, stat, request_mask); + +- generic_fillattr(idmap, request_mask, inode, stat); + return 0; + } + EXPORT_SYMBOL(vfs_getattr_nosec); +@@ -260,15 +273,6 @@ static int vfs_statx_path(struct path *path, int flags, struct kstat *stat, + if (path_mounted(path)) + stat->attributes |= STATX_ATTR_MOUNT_ROOT; + stat->attributes_mask |= STATX_ATTR_MOUNT_ROOT; +- +- /* +- * If this is a block device inode, override the filesystem +- * attributes with the block device specific parameters that need to be +- * obtained from the bdev backing inode. +- */ +- if (S_ISBLK(stat->mode)) +- bdev_statx(path, stat, request_mask); +- + return 0; + } + +diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h +index 8f37c5dd52b21..2aa9cb446c6c8 100644 +--- a/include/linux/blkdev.h ++++ b/include/linux/blkdev.h +@@ -1624,7 +1624,7 @@ int sync_blockdev(struct block_device *bdev); + int sync_blockdev_range(struct block_device *bdev, loff_t lstart, loff_t lend); + int sync_blockdev_nowait(struct block_device *bdev); + void sync_bdevs(bool wait); +-void bdev_statx(struct path *, struct kstat *, u32); ++void bdev_statx(const struct path *path, struct kstat *stat, u32 request_mask); + void printk_all_partitions(void); + int __init early_lookup_bdev(const char *pathname, dev_t *dev); + #else +@@ -1642,8 +1642,8 @@ static inline int sync_blockdev_nowait(struct block_device *bdev) + static inline void sync_bdevs(bool wait) + { + } +-static inline void bdev_statx(struct path *path, struct kstat *stat, +- u32 request_mask) ++static inline void bdev_statx(const struct path *path, struct kstat *stat, ++ u32 request_mask) + { + } + static inline void printk_all_partitions(void) +-- +2.39.5 + diff --git a/queue-6.12/fs-simplify-getattr-interface-function-checking-at_g.patch b/queue-6.12/fs-simplify-getattr-interface-function-checking-at_g.patch new file mode 100644 index 0000000000..2a2c11e3b0 --- /dev/null +++ b/queue-6.12/fs-simplify-getattr-interface-function-checking-at_g.patch @@ -0,0 +1,187 @@ +From 11c74829cae321a5b870db6d926431b83847c171 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 1 Nov 2024 15:37:03 -0400 +Subject: fs: Simplify getattr interface function checking AT_GETATTR_NOSEC + flag + +From: Stefan Berger + +[ Upstream commit 95f567f81e43a1bcb5fbf0559e55b7505707300d ] + +Commit 8a924db2d7b5 ("fs: Pass AT_GETATTR_NOSEC flag to getattr interface +function")' introduced the AT_GETATTR_NOSEC flag to ensure that the +call paths only call vfs_getattr_nosec if it is set instead of vfs_getattr. +Now, simplify the getattr interface functions of filesystems where the flag +AT_GETATTR_NOSEC is checked. + +There is only a single caller of inode_operations getattr function and it +is located in fs/stat.c in vfs_getattr_nosec. The caller there is the only +one from which the AT_GETATTR_NOSEC flag is passed from. + +Two filesystems are checking this flag in .getattr and the flag is always +passed to them unconditionally from only vfs_getattr_nosec: + +- ecryptfs: Simplify by always calling vfs_getattr_nosec in + ecryptfs_getattr. From there the flag is passed to no other + function and this function is not called otherwise. + +- overlayfs: Simplify by always calling vfs_getattr_nosec in + ovl_getattr. From there the flag is passed to no other + function and this function is not called otherwise. + +The query_flags in vfs_getattr_nosec will mask-out AT_GETATTR_NOSEC from +any caller using AT_STATX_SYNC_TYPE as mask so that the flag is not +important inside this function. Also, since no filesystem is checking the +flag anymore, remove the flag entirely now, including the BUG_ON check that +never triggered. + +The net change of the changes here combined with the original commit is +that ecryptfs and overlayfs do not call vfs_getattr but only +vfs_getattr_nosec. + +Fixes: 8a924db2d7b5 ("fs: Pass AT_GETATTR_NOSEC flag to getattr interface function") +Reported-by: Al Viro +Closes: https://lore.kernel.org/linux-fsdevel/20241101011724.GN1350452@ZenIV/T/#u +Cc: Tyler Hicks +Cc: ecryptfs@vger.kernel.org +Cc: Miklos Szeredi +Cc: Amir Goldstein +Cc: linux-unionfs@vger.kernel.org +Cc: Christian Brauner +Cc: linux-fsdevel@vger.kernel.org +Reviewed-by: Christian Brauner +Signed-off-by: Stefan Berger +Signed-off-by: Al Viro +Stable-dep-of: 777d0961ff95 ("fs: move the bdex_statx call to vfs_getattr_nosec") +Signed-off-by: Sasha Levin +--- + fs/ecryptfs/inode.c | 12 ++---------- + fs/overlayfs/inode.c | 10 +++++----- + fs/overlayfs/overlayfs.h | 8 -------- + fs/stat.c | 5 +---- + include/uapi/linux/fcntl.h | 4 ---- + 5 files changed, 8 insertions(+), 31 deletions(-) + +diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c +index cbdf82f0183f3..a9819ddb1ab85 100644 +--- a/fs/ecryptfs/inode.c ++++ b/fs/ecryptfs/inode.c +@@ -1008,14 +1008,6 @@ static int ecryptfs_getattr_link(struct mnt_idmap *idmap, + return rc; + } + +-static int ecryptfs_do_getattr(const struct path *path, struct kstat *stat, +- u32 request_mask, unsigned int flags) +-{ +- if (flags & AT_GETATTR_NOSEC) +- return vfs_getattr_nosec(path, stat, request_mask, flags); +- return vfs_getattr(path, stat, request_mask, flags); +-} +- + static int ecryptfs_getattr(struct mnt_idmap *idmap, + const struct path *path, struct kstat *stat, + u32 request_mask, unsigned int flags) +@@ -1024,8 +1016,8 @@ static int ecryptfs_getattr(struct mnt_idmap *idmap, + struct kstat lower_stat; + int rc; + +- rc = ecryptfs_do_getattr(ecryptfs_dentry_to_lower_path(dentry), +- &lower_stat, request_mask, flags); ++ rc = vfs_getattr_nosec(ecryptfs_dentry_to_lower_path(dentry), ++ &lower_stat, request_mask, flags); + if (!rc) { + fsstack_copy_attr_all(d_inode(dentry), + ecryptfs_inode_to_lower(d_inode(dentry))); +diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c +index baa54c718bd72..97dd70d631446 100644 +--- a/fs/overlayfs/inode.c ++++ b/fs/overlayfs/inode.c +@@ -170,7 +170,7 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, + + type = ovl_path_real(dentry, &realpath); + old_cred = ovl_override_creds(dentry->d_sb); +- err = ovl_do_getattr(&realpath, stat, request_mask, flags); ++ err = vfs_getattr_nosec(&realpath, stat, request_mask, flags); + if (err) + goto out; + +@@ -195,8 +195,8 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, + (!is_dir ? STATX_NLINK : 0); + + ovl_path_lower(dentry, &realpath); +- err = ovl_do_getattr(&realpath, &lowerstat, lowermask, +- flags); ++ err = vfs_getattr_nosec(&realpath, &lowerstat, lowermask, ++ flags); + if (err) + goto out; + +@@ -248,8 +248,8 @@ int ovl_getattr(struct mnt_idmap *idmap, const struct path *path, + + ovl_path_lowerdata(dentry, &realpath); + if (realpath.dentry) { +- err = ovl_do_getattr(&realpath, &lowerdatastat, +- lowermask, flags); ++ err = vfs_getattr_nosec(&realpath, &lowerdatastat, ++ lowermask, flags); + if (err) + goto out; + } else { +diff --git a/fs/overlayfs/overlayfs.h b/fs/overlayfs/overlayfs.h +index 500a9634ad533..63ad4511c1208 100644 +--- a/fs/overlayfs/overlayfs.h ++++ b/fs/overlayfs/overlayfs.h +@@ -412,14 +412,6 @@ static inline bool ovl_open_flags_need_copy_up(int flags) + return ((OPEN_FMODE(flags) & FMODE_WRITE) || (flags & O_TRUNC)); + } + +-static inline int ovl_do_getattr(const struct path *path, struct kstat *stat, +- u32 request_mask, unsigned int flags) +-{ +- if (flags & AT_GETATTR_NOSEC) +- return vfs_getattr_nosec(path, stat, request_mask, flags); +- return vfs_getattr(path, stat, request_mask, flags); +-} +- + /* util.c */ + int ovl_get_write_access(struct dentry *dentry); + void ovl_put_write_access(struct dentry *dentry); +diff --git a/fs/stat.c b/fs/stat.c +index 41e598376d7e3..cbc0fcd4fba39 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -165,7 +165,7 @@ int vfs_getattr_nosec(const struct path *path, struct kstat *stat, + if (inode->i_op->getattr) + return inode->i_op->getattr(idmap, path, stat, + request_mask, +- query_flags | AT_GETATTR_NOSEC); ++ query_flags); + + generic_fillattr(idmap, request_mask, inode, stat); + return 0; +@@ -198,9 +198,6 @@ int vfs_getattr(const struct path *path, struct kstat *stat, + { + int retval; + +- if (WARN_ON_ONCE(query_flags & AT_GETATTR_NOSEC)) +- return -EPERM; +- + retval = security_inode_getattr(path); + if (retval) + return retval; +diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h +index 87e2dec79fea4..a40833bf2855e 100644 +--- a/include/uapi/linux/fcntl.h ++++ b/include/uapi/linux/fcntl.h +@@ -154,8 +154,4 @@ + usable with open_by_handle_at(2). */ + #define AT_HANDLE_MNT_ID_UNIQUE 0x001 /* Return the u64 unique mount ID. */ + +-#if defined(__KERNEL__) +-#define AT_GETATTR_NOSEC 0x80000000 +-#endif +- + #endif /* _UAPI_LINUX_FCNTL_H */ +-- +2.39.5 + diff --git a/queue-6.12/fs-stat.c-avoid-harmless-garbage-value-problem-in-vf.patch b/queue-6.12/fs-stat.c-avoid-harmless-garbage-value-problem-in-vf.patch new file mode 100644 index 0000000000..05085ca6e0 --- /dev/null +++ b/queue-6.12/fs-stat.c-avoid-harmless-garbage-value-problem-in-vf.patch @@ -0,0 +1,57 @@ +From 6fe5034f85c4cb6e3574c78f6546f5e3e0dc7f74 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 19 Jan 2025 10:59:47 +0800 +Subject: fs/stat.c: avoid harmless garbage value problem in vfs_statx_path() + +From: Su Hui + +[ Upstream commit 0fac3ed473dd2955053be6671cdd747807f5e488 ] + +Clang static checker(scan-build) warning: +fs/stat.c:287:21: warning: The left expression of the compound assignment is +an uninitialized value. The computed value will also be garbage. + 287 | stat->result_mask |= STATX_MNT_ID_UNIQUE; + | ~~~~~~~~~~~~~~~~~ ^ +fs/stat.c:290:21: warning: The left expression of the compound assignment is +an uninitialized value. The computed value will also be garbage. + 290 | stat->result_mask |= STATX_MNT_ID; + +When vfs_getattr() failed because of security_inode_getattr(), 'stat' is +uninitialized. In this case, there is a harmless garbage problem in +vfs_statx_path(). It's better to return error directly when +vfs_getattr() failed, avoiding garbage value and more clearly. + +Signed-off-by: Su Hui +Link: https://lore.kernel.org/r/20250119025946.1168957-1-suhui@nfschina.com +Signed-off-by: Christian Brauner +Stable-dep-of: 777d0961ff95 ("fs: move the bdex_statx call to vfs_getattr_nosec") +Signed-off-by: Sasha Levin +--- + fs/stat.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/fs/stat.c b/fs/stat.c +index cbc0fcd4fba39..b399b881bbbf9 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -246,6 +246,8 @@ static int vfs_statx_path(struct path *path, int flags, struct kstat *stat, + u32 request_mask) + { + int error = vfs_getattr(path, stat, request_mask, flags); ++ if (error) ++ return error; + + if (request_mask & STATX_MNT_ID_UNIQUE) { + stat->mnt_id = real_mount(path->mnt)->mnt_id_unique; +@@ -267,7 +269,7 @@ static int vfs_statx_path(struct path *path, int flags, struct kstat *stat, + if (S_ISBLK(stat->mode)) + bdev_statx(path, stat, request_mask); + +- return error; ++ return 0; + } + + static int vfs_statx_fd(int fd, int flags, struct kstat *stat, +-- +2.39.5 + diff --git a/queue-6.12/ftrace-fix-incorrect-hash-size-in-register_ftrace_di.patch b/queue-6.12/ftrace-fix-incorrect-hash-size-in-register_ftrace_di.patch new file mode 100644 index 0000000000..c62ebcb4b5 --- /dev/null +++ b/queue-6.12/ftrace-fix-incorrect-hash-size-in-register_ftrace_di.patch @@ -0,0 +1,44 @@ +From 5a8f6e0fcd470af2325a12abf67bcdd486b72be7 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 13 Apr 2025 09:44:44 +0800 +Subject: ftrace: fix incorrect hash size in register_ftrace_direct() + +From: Menglong Dong + +[ Upstream commit 92f1d3b40179b15630d72e2c6e4e25a899b67ba9 ] + +The maximum of the ftrace hash bits is made fls(32) in +register_ftrace_direct(), which seems illogical. So, we fix it by making +the max hash bits FTRACE_HASH_MAX_BITS instead. + +Link: https://lore.kernel.org/20250413014444.36724-1-dongml2@chinatelecom.cn +Fixes: d05cb470663a ("ftrace: Fix modification of direct_function hash while in use") +Signed-off-by: Menglong Dong +Acked-by: Masami Hiramatsu (Google) +Signed-off-by: Steven Rostedt (Google) +Signed-off-by: Sasha Levin +--- + kernel/trace/ftrace.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c +index 90b59c627bb8e..e67d67f7b9065 100644 +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -5944,9 +5944,10 @@ int register_ftrace_direct(struct ftrace_ops *ops, unsigned long addr) + + /* Make a copy hash to place the new and the old entries in */ + size = hash->count + direct_functions->count; +- if (size > 32) +- size = 32; +- new_hash = alloc_ftrace_hash(fls(size)); ++ size = fls(size); ++ if (size > FTRACE_HASH_MAX_BITS) ++ size = FTRACE_HASH_MAX_BITS; ++ new_hash = alloc_ftrace_hash(size); + if (!new_hash) + goto out_unlock; + +-- +2.39.5 + diff --git a/queue-6.12/i2c-atr-fix-wrong-include.patch b/queue-6.12/i2c-atr-fix-wrong-include.patch new file mode 100644 index 0000000000..9872d6ce7a --- /dev/null +++ b/queue-6.12/i2c-atr-fix-wrong-include.patch @@ -0,0 +1,49 @@ +From a4516c3d0812cf37529a4c300429bd46932a08be Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 31 Mar 2025 10:16:46 +0300 +Subject: i2c: atr: Fix wrong include + +From: Andy Shevchenko + +[ Upstream commit 75caec0c2aa3a7ec84348d438c74cb8a2eb4de97 ] + +The fwnode.h is not supposed to be used by the drivers as it +has the definitions for the core parts for different device +property provider implementations. Drop it. + +Note, that fwnode API for drivers is provided in property.h +which is included here. + +Fixes: a076a860acae ("media: i2c: add I2C Address Translator (ATR) support") +Signed-off-by: Andy Shevchenko +Acked-by: Mukesh Kumar Savaliya +Reviewed-by: Luca Ceresoli +Reviewed-by: Tomi Valkeinen +[wsa: reworded subject] +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/i2c-atr.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/i2c/i2c-atr.c b/drivers/i2c/i2c-atr.c +index 0d54d0b5e3273..5342e934aa5e4 100644 +--- a/drivers/i2c/i2c-atr.c ++++ b/drivers/i2c/i2c-atr.c +@@ -8,12 +8,12 @@ + * Originally based on i2c-mux.c + */ + +-#include + #include + #include + #include + #include + #include ++#include + #include + #include + +-- +2.39.5 + diff --git a/queue-6.12/nfs-add-missing-selections-of-config_crc32.patch b/queue-6.12/nfs-add-missing-selections-of-config_crc32.patch new file mode 100644 index 0000000000..5e611fb0d5 --- /dev/null +++ b/queue-6.12/nfs-add-missing-selections-of-config_crc32.patch @@ -0,0 +1,179 @@ +From bee241f8b3aea50bc761523bd72e501af94fd27a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 1 Apr 2025 15:02:21 -0700 +Subject: nfs: add missing selections of CONFIG_CRC32 + +From: Eric Biggers + +[ Upstream commit cd35b6cb46649750b7dbd0df0e2d767415d8917b ] + +nfs.ko, nfsd.ko, and lockd.ko all use crc32_le(), which is available +only when CONFIG_CRC32 is enabled. But the only NFS kconfig option that +selected CONFIG_CRC32 was CONFIG_NFS_DEBUG, which is client-specific and +did not actually guard the use of crc32_le() even on the client. + +The code worked around this bug by only actually calling crc32_le() when +CONFIG_CRC32 is built-in, instead hard-coding '0' in other cases. This +avoided randconfig build errors, and in real kernels the fallback code +was unlikely to be reached since CONFIG_CRC32 is 'default y'. But, this +really needs to just be done properly, especially now that I'm planning +to update CONFIG_CRC32 to not be 'default y'. + +Therefore, make CONFIG_NFS_FS, CONFIG_NFSD, and CONFIG_LOCKD select +CONFIG_CRC32. Then remove the fallback code that becomes unnecessary, +as well as the selection of CONFIG_CRC32 from CONFIG_NFS_DEBUG. + +Fixes: 1264a2f053a3 ("NFS: refactor code for calculating the crc32 hash of a filehandle") +Signed-off-by: Eric Biggers +Acked-by: Anna Schumaker +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + fs/Kconfig | 1 + + fs/nfs/Kconfig | 2 +- + fs/nfs/internal.h | 7 ------- + fs/nfs/nfs4session.h | 4 ---- + fs/nfsd/Kconfig | 1 + + fs/nfsd/nfsfh.h | 7 ------- + include/linux/nfs.h | 7 ------- + 7 files changed, 3 insertions(+), 26 deletions(-) + +diff --git a/fs/Kconfig b/fs/Kconfig +index aae170fc27952..3117304676331 100644 +--- a/fs/Kconfig ++++ b/fs/Kconfig +@@ -369,6 +369,7 @@ config GRACE_PERIOD + config LOCKD + tristate + depends on FILE_LOCKING ++ select CRC32 + select GRACE_PERIOD + + config LOCKD_V4 +diff --git a/fs/nfs/Kconfig b/fs/nfs/Kconfig +index d3f76101ad4b9..07932ce9246c1 100644 +--- a/fs/nfs/Kconfig ++++ b/fs/nfs/Kconfig +@@ -2,6 +2,7 @@ + config NFS_FS + tristate "NFS client support" + depends on INET && FILE_LOCKING && MULTIUSER ++ select CRC32 + select LOCKD + select SUNRPC + select NFS_COMMON +@@ -196,7 +197,6 @@ config NFS_USE_KERNEL_DNS + config NFS_DEBUG + bool + depends on NFS_FS && SUNRPC_DEBUG +- select CRC32 + default y + + config NFS_DISABLE_UDP_SUPPORT +diff --git a/fs/nfs/internal.h b/fs/nfs/internal.h +index 6bcc4b0e00ab7..8b568a514fd1c 100644 +--- a/fs/nfs/internal.h ++++ b/fs/nfs/internal.h +@@ -895,18 +895,11 @@ u64 nfs_timespec_to_change_attr(const struct timespec64 *ts) + return ((u64)ts->tv_sec << 30) + ts->tv_nsec; + } + +-#ifdef CONFIG_CRC32 + static inline u32 nfs_stateid_hash(const nfs4_stateid *stateid) + { + return ~crc32_le(0xFFFFFFFF, &stateid->other[0], + NFS4_STATEID_OTHER_SIZE); + } +-#else +-static inline u32 nfs_stateid_hash(nfs4_stateid *stateid) +-{ +- return 0; +-} +-#endif + + static inline bool nfs_error_is_fatal(int err) + { +diff --git a/fs/nfs/nfs4session.h b/fs/nfs/nfs4session.h +index 351616c61df54..f9c291e2165cd 100644 +--- a/fs/nfs/nfs4session.h ++++ b/fs/nfs/nfs4session.h +@@ -148,16 +148,12 @@ static inline void nfs4_copy_sessionid(struct nfs4_sessionid *dst, + memcpy(dst->data, src->data, NFS4_MAX_SESSIONID_LEN); + } + +-#ifdef CONFIG_CRC32 + /* + * nfs_session_id_hash - calculate the crc32 hash for the session id + * @session - pointer to session + */ + #define nfs_session_id_hash(sess_id) \ + (~crc32_le(0xFFFFFFFF, &(sess_id)->data[0], sizeof((sess_id)->data))) +-#else +-#define nfs_session_id_hash(session) (0) +-#endif + #else /* defined(CONFIG_NFS_V4_1) */ + + static inline int nfs4_init_session(struct nfs_client *clp) +diff --git a/fs/nfsd/Kconfig b/fs/nfsd/Kconfig +index c0bd1509ccd48..9eb2e795c43c4 100644 +--- a/fs/nfsd/Kconfig ++++ b/fs/nfsd/Kconfig +@@ -4,6 +4,7 @@ config NFSD + depends on INET + depends on FILE_LOCKING + depends on FSNOTIFY ++ select CRC32 + select LOCKD + select SUNRPC + select EXPORTFS +diff --git a/fs/nfsd/nfsfh.h b/fs/nfsd/nfsfh.h +index 876152a91f122..5103c2f4d2253 100644 +--- a/fs/nfsd/nfsfh.h ++++ b/fs/nfsd/nfsfh.h +@@ -267,7 +267,6 @@ static inline bool fh_fsid_match(const struct knfsd_fh *fh1, + return true; + } + +-#ifdef CONFIG_CRC32 + /** + * knfsd_fh_hash - calculate the crc32 hash for the filehandle + * @fh - pointer to filehandle +@@ -279,12 +278,6 @@ static inline u32 knfsd_fh_hash(const struct knfsd_fh *fh) + { + return ~crc32_le(0xFFFFFFFF, fh->fh_raw, fh->fh_size); + } +-#else +-static inline u32 knfsd_fh_hash(const struct knfsd_fh *fh) +-{ +- return 0; +-} +-#endif + + /** + * fh_clear_pre_post_attrs - Reset pre/post attributes +diff --git a/include/linux/nfs.h b/include/linux/nfs.h +index 9ad727ddfedb3..0906a0b40c6aa 100644 +--- a/include/linux/nfs.h ++++ b/include/linux/nfs.h +@@ -55,7 +55,6 @@ enum nfs3_stable_how { + NFS_INVALID_STABLE_HOW = -1 + }; + +-#ifdef CONFIG_CRC32 + /** + * nfs_fhandle_hash - calculate the crc32 hash for the filehandle + * @fh - pointer to filehandle +@@ -67,10 +66,4 @@ static inline u32 nfs_fhandle_hash(const struct nfs_fh *fh) + { + return ~crc32_le(0xFFFFFFFF, &fh->data[0], fh->size); + } +-#else /* CONFIG_CRC32 */ +-static inline u32 nfs_fhandle_hash(const struct nfs_fh *fh) +-{ +- return 0; +-} +-#endif /* CONFIG_CRC32 */ + #endif /* _LINUX_NFS_H */ +-- +2.39.5 + diff --git a/queue-6.12/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch b/queue-6.12/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch new file mode 100644 index 0000000000..dc10c90ef9 --- /dev/null +++ b/queue-6.12/nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch @@ -0,0 +1,75 @@ +From f4512eccb6a9fc07f07e9dbc3562954d34eb85fa Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 10 Apr 2025 09:57:08 +0800 +Subject: nfsd: decrease sc_count directly if fail to queue dl_recall + +From: Li Lingfeng + +[ Upstream commit a1d14d931bf700c1025db8c46d6731aa5cf440f9 ] + +A deadlock warning occurred when invoking nfs4_put_stid following a failed +dl_recall queue operation: + T1 T2 + nfs4_laundromat + nfs4_get_client_reaplist + nfs4_anylock_blockers +__break_lease + spin_lock // ctx->flc_lock + spin_lock // clp->cl_lock + nfs4_lockowner_has_blockers + locks_owner_has_blockers + spin_lock // flctx->flc_lock + nfsd_break_deleg_cb + nfsd_break_one_deleg + nfs4_put_stid + refcount_dec_and_lock + spin_lock // clp->cl_lock + +When a file is opened, an nfs4_delegation is allocated with sc_count +initialized to 1, and the file_lease holds a reference to the delegation. +The file_lease is then associated with the file through kernel_setlease. + +The disassociation is performed in nfsd4_delegreturn via the following +call chain: +nfsd4_delegreturn --> destroy_delegation --> destroy_unhashed_deleg --> +nfs4_unlock_deleg_lease --> kernel_setlease --> generic_delete_lease +The corresponding sc_count reference will be released after this +disassociation. + +Since nfsd_break_one_deleg executes while holding the flc_lock, the +disassociation process becomes blocked when attempting to acquire flc_lock +in generic_delete_lease. This means: +1) sc_count in nfsd_break_one_deleg will not be decremented to 0; +2) The nfs4_put_stid called by nfsd_break_one_deleg will not attempt to +acquire cl_lock; +3) Consequently, no deadlock condition is created. + +Given that sc_count in nfsd_break_one_deleg remains non-zero, we can +safely perform refcount_dec on sc_count directly. This approach +effectively avoids triggering deadlock warnings. + +Fixes: 230ca758453c ("nfsd: put dl_stid if fail to queue dl_recall") +Signed-off-by: Li Lingfeng +Reviewed-by: Jeff Layton +Signed-off-by: Chuck Lever +Signed-off-by: Sasha Levin +--- + fs/nfsd/nfs4state.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c +index 5e81c819c3846..c50839a015e94 100644 +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -5287,7 +5287,7 @@ static void nfsd_break_one_deleg(struct nfs4_delegation *dp) + queued = nfsd4_run_cb(&dp->dl_recall); + WARN_ON_ONCE(!queued); + if (!queued) +- nfs4_put_stid(&dp->dl_stid); ++ refcount_dec(&dp->dl_stid.sc_count); + } + + /* Called from break_lease() with flc_lock held. */ +-- +2.39.5 + diff --git a/queue-6.12/series b/queue-6.12/series index f6baa040e5..d64d5c5b8d 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -80,3 +80,13 @@ kunit-qemu_configs-sh-respect-kunit-cmdline.patch riscv-kgdb-do-not-inline-arch_kgdb_breakpoint.patch riscv-kgdb-remove-.option-norvc-.option-rvc-for-kgdb.patch cpufreq-sched-fix-the-usage-of-cpufreq_need_update_l.patch +drm-v3d-fix-indirect-dispatch-configuration-for-v3d-.patch +dma-buf-sw_sync-decrement-refcount-on-error-in-sw_sy.patch +nfs-add-missing-selections-of-config_crc32.patch +nfsd-decrease-sc_count-directly-if-fail-to-queue-dl_.patch +i2c-atr-fix-wrong-include.patch +fs-simplify-getattr-interface-function-checking-at_g.patch +fs-stat.c-avoid-harmless-garbage-value-problem-in-vf.patch +fs-move-the-bdex_statx-call-to-vfs_getattr_nosec.patch +ftrace-fix-incorrect-hash-size-in-register_ftrace_di.patch +drm-msm-a6xx-don-t-let-ib_size-overflow.patch -- 2.47.3