From c47e28f353bba38448f72e2fa5f5d3b786c18efa Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 28 Sep 2023 16:55:24 -0400 Subject: [PATCH] Fixes for 6.1 Signed-off-by: Sasha Levin --- ...-extend-ram-to-full-256mb-for-linksy.patch | 44 +++ ...8974pro-castor-correct-inverted-x-of.patch | 39 +++ ...8974pro-castor-correct-touchscreen-f.patch | 46 +++ ...8974pro-castor-correct-touchscreen-s.patch | 40 +++ ...exynos4210-i9100-fix-lcd-screen-s-ph.patch | 44 +++ ...dm845-db845c-mark-cont-splash-memory.patch | 58 ++++ ...h-tlb-after-unmapping-for-gfx-v9.4.3.patch | 46 +++ ...t-missing-tlb-flush-on-gfx10-and-lat.patch | 38 +++ ...a-repeat-loop-when-getting-a-locked-.patch | 49 +++ ...ze-iteration-over-sparse-directories.patch | 284 ++++++++++++++++++ ...ey_type_ep11_aes-handling-in-pkey_cl.patch | 204 +++++++++++++ ...ect-qpair-depending-on-which-cpu-pos.patch | 208 +++++++++++++ ...-raw_smp_processor_id-instead-of-smp.patch | 125 ++++++++ queue-6.1/series | 15 + ...nup-mac80211-references-on-failure-d.patch | 61 ++++ ...tx-status-reporting-in-encap-offload.patch | 134 +++++++++ 16 files changed, 1435 insertions(+) create mode 100644 queue-6.1/arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch create mode 100644 queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch create mode 100644 queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch create mode 100644 queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch create mode 100644 queue-6.1/arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch create mode 100644 queue-6.1/arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch create mode 100644 queue-6.1/drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch create mode 100644 queue-6.1/drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch create mode 100644 queue-6.1/f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch create mode 100644 queue-6.1/f2fs-optimize-iteration-over-sparse-directories.patch create mode 100644 queue-6.1/s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch create mode 100644 queue-6.1/scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch create mode 100644 queue-6.1/scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch create mode 100644 queue-6.1/wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch create mode 100644 queue-6.1/wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch diff --git a/queue-6.1/arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch b/queue-6.1/arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch new file mode 100644 index 00000000000..ef6cf87050e --- /dev/null +++ b/queue-6.1/arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch @@ -0,0 +1,44 @@ +From aea5b3aa0817c3ab71900afdb6d97b4711374333 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 12 Jul 2023 03:40:17 +0200 +Subject: ARM: dts: BCM5301X: Extend RAM to full 256MB for Linksys EA6500 V2 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Aleksey Nasibulin + +[ Upstream commit 91994e59079dcb455783d3f9ea338eea6f671af3 ] + +Linksys ea6500-v2 have 256MB of ram. Currently we only use 128MB. +Expand the definition to use all the available RAM. + +Fixes: 03e96644d7a8 ("ARM: dts: BCM5301X: Add basic DT for Linksys EA6500 V2") +Signed-off-by: Aleksey Nasibulin +Signed-off-by: Christian Marangi +Cc: stable@vger.kernel.org +Acked-by: Rafał Miłecki +Link: https://lore.kernel.org/r/20230712014017.28123-1-ansuelsmth@gmail.com +Signed-off-by: Florian Fainelli +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts +index f1412ba83defb..0454423fe166c 100644 +--- a/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts ++++ b/arch/arm/boot/dts/bcm4708-linksys-ea6500-v2.dts +@@ -19,7 +19,8 @@ + + memory@0 { + device_type = "memory"; +- reg = <0x00000000 0x08000000>; ++ reg = <0x00000000 0x08000000>, ++ <0x88000000 0x08000000>; + }; + + gpio-keys { +-- +2.40.1 + diff --git a/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch new file mode 100644 index 00000000000..317457ab5a3 --- /dev/null +++ b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch @@ -0,0 +1,39 @@ +From ecc6cd4ca7d619c8ffbcd274e1e225366f01fd29 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Jul 2023 13:53:33 +0200 +Subject: ARM: dts: qcom: msm8974pro-castor: correct inverted X of touchscreen + +From: Krzysztof Kozlowski + +[ Upstream commit 43db69268149049540b1d2bbe8a69e59d5cb43b6 ] + +There is no syna,f11-flip-x property, so assume intention was to use +touchscreen-inverted-x. + +Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet") +Cc: +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230720115335.137354-4-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Sasha Levin +--- + .../arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +index 3f45f5c5d37b5..4abc85c181690 100644 +--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts ++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +@@ -131,8 +131,8 @@ + + rmi-f11@11 { + reg = <0x11>; +- syna,f11-flip-x = <1>; + syna,sensor-type = <1>; ++ touchscreen-inverted-x; + }; + }; + }; +-- +2.40.1 + diff --git a/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch new file mode 100644 index 00000000000..49821951925 --- /dev/null +++ b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch @@ -0,0 +1,46 @@ +From bea04543fdce056575a7d632170b62a2978b58b2 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Jul 2023 13:53:34 +0200 +Subject: ARM: dts: qcom: msm8974pro-castor: correct touchscreen function names + +From: Krzysztof Kozlowski + +[ Upstream commit 31fba16c19c45b2b3a7c23b0bfef80aed1b29050 ] + +The node names for functions of Synaptics RMI4 touchscreen must be as +"rmi4-fXX", as required by bindings and Linux driver. + + qcom-msm8974pro-sony-xperia-shinano-castor.dtb: synaptics@2c: Unevaluated properties are not allowed ('rmi-f01@1', 'rmi-f11@11' were unexpected) + +Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet") +Cc: +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230720115335.137354-5-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Sasha Levin +--- + .../boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +index 4abc85c181690..a572ac630c1b3 100644 +--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts ++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +@@ -124,12 +124,12 @@ + + syna,startup-delay-ms = <10>; + +- rmi-f01@1 { ++ rmi4-f01@1 { + reg = <0x1>; + syna,nosleep = <1>; + }; + +- rmi-f11@11 { ++ rmi4-f11@11 { + reg = <0x11>; + syna,sensor-type = <1>; + touchscreen-inverted-x; +-- +2.40.1 + diff --git a/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch new file mode 100644 index 00000000000..39b0fee5271 --- /dev/null +++ b/queue-6.1/arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch @@ -0,0 +1,40 @@ +From d987afb64b4d1b92c0b43081e7a9358a28a9d335 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 20 Jul 2023 13:53:35 +0200 +Subject: ARM: dts: qcom: msm8974pro-castor: correct touchscreen + syna,nosleep-mode + +From: Krzysztof Kozlowski + +[ Upstream commit 7c74379afdfee7b13f1cd8ff1ad6e0f986aec96c ] + +There is no syna,nosleep property in Synaptics RMI4 touchscreen: + + qcom-msm8974pro-sony-xperia-shinano-castor.dtb: synaptics@2c: rmi4-f01@1: 'syna,nosleep' does not match any of the regexes: 'pinctrl-[0-9]+' + +Fixes: ab80661883de ("ARM: dts: qcom: msm8974: Add Sony Xperia Z2 Tablet") +Cc: +Signed-off-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230720115335.137354-6-krzysztof.kozlowski@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Sasha Levin +--- + .../arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +index a572ac630c1b3..cc49bb777df8a 100644 +--- a/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts ++++ b/arch/arm/boot/dts/qcom-msm8974pro-sony-xperia-shinano-castor.dts +@@ -126,7 +126,7 @@ + + rmi4-f01@1 { + reg = <0x1>; +- syna,nosleep = <1>; ++ syna,nosleep-mode = <1>; + }; + + rmi4-f11@11 { +-- +2.40.1 + diff --git a/queue-6.1/arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch b/queue-6.1/arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch new file mode 100644 index 00000000000..09177aba770 --- /dev/null +++ b/queue-6.1/arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch @@ -0,0 +1,44 @@ +From 2a6a5a70b23e6648c6723a1330863b4507c5f828 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 14 Jul 2023 17:37:20 +0200 +Subject: ARM: dts: samsung: exynos4210-i9100: Fix LCD screen's physical size + +From: Paul Cercueil + +[ Upstream commit b3f3fc32e5ff1e848555af8616318cc667457f90 ] + +The previous values were completely bogus, and resulted in the computed +DPI ratio being much lower than reality, causing applications and UIs to +misbehave. + +The new values were measured by myself with a ruler. + +Signed-off-by: Paul Cercueil +Acked-by: Sam Ravnborg +Fixes: 8620cc2f99b7 ("ARM: dts: exynos: Add devicetree file for the Galaxy S2") +Cc: # v5.8+ +Link: https://lore.kernel.org/r/20230714153720.336990-1-paul@crapouillou.net +Signed-off-by: Krzysztof Kozlowski +Signed-off-by: Sasha Levin +--- + arch/arm/boot/dts/exynos4210-i9100.dts | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/arch/arm/boot/dts/exynos4210-i9100.dts b/arch/arm/boot/dts/exynos4210-i9100.dts +index bba85011ecc93..53e023fc1cacf 100644 +--- a/arch/arm/boot/dts/exynos4210-i9100.dts ++++ b/arch/arm/boot/dts/exynos4210-i9100.dts +@@ -201,8 +201,8 @@ + power-on-delay = <10>; + reset-delay = <10>; + +- panel-width-mm = <90>; +- panel-height-mm = <154>; ++ panel-width-mm = <56>; ++ panel-height-mm = <93>; + + display-timings { + timing { +-- +2.40.1 + diff --git a/queue-6.1/arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch b/queue-6.1/arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch new file mode 100644 index 00000000000..88dfc8cfd68 --- /dev/null +++ b/queue-6.1/arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch @@ -0,0 +1,58 @@ +From 52421601e6f8a2ce92fdb63a13cc1f92a4e6552f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 26 Jul 2023 18:57:19 +0530 +Subject: arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as + reserved + +From: Amit Pundir + +[ Upstream commit 110e70fccce4f22b53986ae797d665ffb1950aa6 ] + +Adding a reserved memory region for the framebuffer memory +(the splash memory region set up by the bootloader). + +It fixes a kernel panic (arm-smmu: Unhandled context fault +at this particular memory region) reported on DB845c running +v5.10.y. + +Cc: stable@vger.kernel.org # v5.10+ +Reviewed-by: Caleb Connolly +Signed-off-by: Amit Pundir +Acked-by: Krzysztof Kozlowski +Link: https://lore.kernel.org/r/20230726132719.2117369-2-amit.pundir@linaro.org +Signed-off-by: Bjorn Andersson +Signed-off-by: Sasha Levin +--- + arch/arm64/boot/dts/qcom/sdm845-db845c.dts | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/arch/arm64/boot/dts/qcom/sdm845-db845c.dts b/arch/arm64/boot/dts/qcom/sdm845-db845c.dts +index c289bf0903b45..c9efcb894a52f 100644 +--- a/arch/arm64/boot/dts/qcom/sdm845-db845c.dts ++++ b/arch/arm64/boot/dts/qcom/sdm845-db845c.dts +@@ -100,6 +100,14 @@ + }; + }; + ++ reserved-memory { ++ /* Cont splash region set up by the bootloader */ ++ cont_splash_mem: framebuffer@9d400000 { ++ reg = <0x0 0x9d400000 0x0 0x2400000>; ++ no-map; ++ }; ++ }; ++ + lt9611_1v8: lt9611-vdd18-regulator { + compatible = "regulator-fixed"; + regulator-name = "LT9611_1V8"; +@@ -512,6 +520,7 @@ + }; + + &mdss { ++ memory-region = <&cont_splash_mem>; + status = "okay"; + }; + +-- +2.40.1 + diff --git a/queue-6.1/drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch b/queue-6.1/drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch new file mode 100644 index 00000000000..b9909baae41 --- /dev/null +++ b/queue-6.1/drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch @@ -0,0 +1,46 @@ +From f3670c6cf280a7c5039c0cb5f6c8492b625dfe77 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 9 Feb 2023 18:23:16 -0500 +Subject: drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 + +From: Philip Yang + +[ Upstream commit 75dda67c7213c3e0d17244a8c42547c27ee746f8 ] + +kfd_flush_tlb_after_unmap should return true for GFX v9.4.3, to do TLB +heavyweight flush after unmapping from GPU to guarantee that the GPU +will not access pages after they have been unmapped. This also helps +improve the mapping to GPU performance. + +Without this, KFD accidently flush TLB after mapping to GPU because the +vm update sequence number is increased by previous unmapping. + +Signed-off-by: Philip Yang +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Stable-dep-of: edcfe22985d0 ("drm/amdkfd: Insert missing TLB flush on GFX10 and later") +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +index 6d6588b9beed7..f374f112f7b71 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +@@ -1349,9 +1349,9 @@ void kfd_flush_tlb(struct kfd_process_device *pdd, enum TLB_FLUSH_TYPE type); + + static inline bool kfd_flush_tlb_after_unmap(struct kfd_dev *dev) + { +- return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) || +- (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && +- dev->adev->sdma.instance[0].fw_version >= 18) || ++ return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 3) || ++ KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) || ++ (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && dev->sdma_fw_version >= 18) || + KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 0); + } + +-- +2.40.1 + diff --git a/queue-6.1/drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch b/queue-6.1/drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch new file mode 100644 index 00000000000..6d0bc35e2ac --- /dev/null +++ b/queue-6.1/drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch @@ -0,0 +1,38 @@ +From 346b09f334c01040556ba9904556975f78d4db24 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Sep 2023 14:49:06 -0400 +Subject: drm/amdkfd: Insert missing TLB flush on GFX10 and later + +From: Harish Kasiviswanathan + +[ Upstream commit edcfe22985d09ee8e2346c9217f5a52ab150099f ] + +Heavy-weight TLB flush is required after unmap on all GPUs for +correctness and security. + +Signed-off-by: Harish Kasiviswanathan +Reviewed-by: Felix Kuehling +Signed-off-by: Alex Deucher +Cc: stable@vger.kernel.org +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/amd/amdkfd/kfd_priv.h | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +index f374f112f7b71..ec8a576ac5a9e 100644 +--- a/drivers/gpu/drm/amd/amdkfd/kfd_priv.h ++++ b/drivers/gpu/drm/amd/amdkfd/kfd_priv.h +@@ -1349,8 +1349,7 @@ void kfd_flush_tlb(struct kfd_process_device *pdd, enum TLB_FLUSH_TYPE type); + + static inline bool kfd_flush_tlb_after_unmap(struct kfd_dev *dev) + { +- return KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 3) || +- KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 2) || ++ return KFD_GC_VERSION(dev) > IP_VERSION(9, 4, 2) || + (KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 1) && dev->sdma_fw_version >= 18) || + KFD_GC_VERSION(dev) == IP_VERSION(9, 4, 0); + } +-- +2.40.1 + diff --git a/queue-6.1/f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch b/queue-6.1/f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch new file mode 100644 index 00000000000..9fa5ff7bce5 --- /dev/null +++ b/queue-6.1/f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch @@ -0,0 +1,49 @@ +From d3cca2333de0eebe16fad47182618ad212c67cac Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 19 Jan 2023 10:47:00 -0800 +Subject: f2fs: get out of a repeat loop when getting a locked data page + +From: Jaegeuk Kim + +[ Upstream commit d2d9bb3b6d2fbccb5b33d3a85a2830971625a4ea ] + +https://bugzilla.kernel.org/show_bug.cgi?id=216050 + +Somehow we're getting a page which has a different mapping. +Let's avoid the infinite loop. + +Cc: +Signed-off-by: Jaegeuk Kim +Signed-off-by: Sasha Levin +--- + fs/f2fs/data.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c +index 0faed0575f8aa..a982f91b71eb2 100644 +--- a/fs/f2fs/data.c ++++ b/fs/f2fs/data.c +@@ -1329,18 +1329,14 @@ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index, + { + struct address_space *mapping = inode->i_mapping; + struct page *page; +-repeat: ++ + page = f2fs_get_read_data_page(inode, index, 0, for_write, NULL); + if (IS_ERR(page)) + return page; + + /* wait for read completion */ + lock_page(page); +- if (unlikely(page->mapping != mapping)) { +- f2fs_put_page(page, 1); +- goto repeat; +- } +- if (unlikely(!PageUptodate(page))) { ++ if (unlikely(page->mapping != mapping || !PageUptodate(page))) { + f2fs_put_page(page, 1); + return ERR_PTR(-EIO); + } +-- +2.40.1 + diff --git a/queue-6.1/f2fs-optimize-iteration-over-sparse-directories.patch b/queue-6.1/f2fs-optimize-iteration-over-sparse-directories.patch new file mode 100644 index 00000000000..443783587fe --- /dev/null +++ b/queue-6.1/f2fs-optimize-iteration-over-sparse-directories.patch @@ -0,0 +1,284 @@ +From d6a8264e2a56a94418a498455db46363eb2d6320 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 8 Nov 2022 22:33:21 +0800 +Subject: f2fs: optimize iteration over sparse directories + +From: Chao Yu + +[ Upstream commit 59237a21776f70ffb0420611c23e7158e1317037 ] + +Wei Chen reports a kernel bug as blew: + +INFO: task syz-executor.0:29056 blocked for more than 143 seconds. + Not tainted 5.15.0-rc5 #1 +"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. +task:syz-executor.0 state:D stack:14632 pid:29056 ppid: 6574 flags:0x00000004 +Call Trace: + __schedule+0x4a1/0x1720 + schedule+0x36/0xe0 + rwsem_down_write_slowpath+0x322/0x7a0 + fscrypt_ioctl_set_policy+0x11f/0x2a0 + __f2fs_ioctl+0x1a9f/0x5780 + f2fs_ioctl+0x89/0x3a0 + __x64_sys_ioctl+0xe8/0x140 + do_syscall_64+0x34/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Eric did some investigation on this issue, quoted from reply of Eric: + +"Well, the quality of this bug report has a lot to be desired (not on +upstream kernel, reproducer is full of totally irrelevant stuff, not +sent to the mailing list of the filesystem whose disk image is being +fuzzed, etc.). But what is going on is that f2fs_empty_dir() doesn't +consider the case of a directory with an extremely large i_size on a +malicious disk image. + +Specifically, the reproducer mounts an f2fs image with a directory +that has an i_size of 14814520042850357248, then calls +FS_IOC_SET_ENCRYPTION_POLICY on it. + +That results in a call to f2fs_empty_dir() to check whether the +directory is empty. f2fs_empty_dir() then iterates through all +3616826182336513 blocks the directory allegedly contains to check +whether any contain anything. i_rwsem is held during this, so +anything else that tries to take it will hang." + +In order to solve this issue, let's use f2fs_get_next_page_offset() +to speed up iteration by skipping holes for all below functions: +- f2fs_empty_dir +- f2fs_readdir +- find_in_level + +The way why we can speed up iteration was described in +'commit 3cf4574705b4 ("f2fs: introduce get_next_page_offset to speed +up SEEK_DATA")'. + +Meanwhile, in f2fs_empty_dir(), let's use f2fs_find_data_page() +instead f2fs_get_lock_data_page(), due to i_rwsem was held in +caller of f2fs_empty_dir(), there shouldn't be any races, so it's +fine to not lock dentry page during lookuping dirents in the page. + +Link: https://lore.kernel.org/lkml/536944df-a0ae-1dd8-148f-510b476e1347@kernel.org/T/ +Reported-by: Wei Chen +Cc: Eric Biggers +Signed-off-by: Chao Yu +Signed-off-by: Jaegeuk Kim +Stable-dep-of: d2d9bb3b6d2f ("f2fs: get out of a repeat loop when getting a locked data page") +Signed-off-by: Sasha Levin +--- + fs/f2fs/data.c | 17 ++++++++++++----- + fs/f2fs/dir.c | 34 ++++++++++++++++++++++++---------- + fs/f2fs/f2fs.h | 5 +++-- + fs/f2fs/gc.c | 4 ++-- + 4 files changed, 41 insertions(+), 19 deletions(-) + +diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c +index c230824ab5e6e..0faed0575f8aa 100644 +--- a/fs/f2fs/data.c ++++ b/fs/f2fs/data.c +@@ -1212,7 +1212,8 @@ int f2fs_get_block(struct dnode_of_data *dn, pgoff_t index) + } + + struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index, +- blk_opf_t op_flags, bool for_write) ++ blk_opf_t op_flags, bool for_write, ++ pgoff_t *next_pgofs) + { + struct address_space *mapping = inode->i_mapping; + struct dnode_of_data dn; +@@ -1238,12 +1239,17 @@ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index, + + set_new_dnode(&dn, inode, NULL, NULL, 0); + err = f2fs_get_dnode_of_data(&dn, index, LOOKUP_NODE); +- if (err) ++ if (err) { ++ if (err == -ENOENT && next_pgofs) ++ *next_pgofs = f2fs_get_next_page_offset(&dn, index); + goto put_err; ++ } + f2fs_put_dnode(&dn); + + if (unlikely(dn.data_blkaddr == NULL_ADDR)) { + err = -ENOENT; ++ if (next_pgofs) ++ *next_pgofs = index + 1; + goto put_err; + } + if (dn.data_blkaddr != NEW_ADDR && +@@ -1287,7 +1293,8 @@ struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index, + return ERR_PTR(err); + } + +-struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index) ++struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index, ++ pgoff_t *next_pgofs) + { + struct address_space *mapping = inode->i_mapping; + struct page *page; +@@ -1297,7 +1304,7 @@ struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index) + return page; + f2fs_put_page(page, 0); + +- page = f2fs_get_read_data_page(inode, index, 0, false); ++ page = f2fs_get_read_data_page(inode, index, 0, false, next_pgofs); + if (IS_ERR(page)) + return page; + +@@ -1323,7 +1330,7 @@ struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index, + struct address_space *mapping = inode->i_mapping; + struct page *page; + repeat: +- page = f2fs_get_read_data_page(inode, index, 0, for_write); ++ page = f2fs_get_read_data_page(inode, index, 0, for_write, NULL); + if (IS_ERR(page)) + return page; + +diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c +index bf5ba75b75d24..8373eba3a1337 100644 +--- a/fs/f2fs/dir.c ++++ b/fs/f2fs/dir.c +@@ -340,6 +340,7 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir, + unsigned int bidx, end_block; + struct page *dentry_page; + struct f2fs_dir_entry *de = NULL; ++ pgoff_t next_pgofs; + bool room = false; + int max_slots; + +@@ -350,12 +351,13 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir, + le32_to_cpu(fname->hash) % nbucket); + end_block = bidx + nblock; + +- for (; bidx < end_block; bidx++) { ++ while (bidx < end_block) { + /* no need to allocate new dentry pages to all the indices */ +- dentry_page = f2fs_find_data_page(dir, bidx); ++ dentry_page = f2fs_find_data_page(dir, bidx, &next_pgofs); + if (IS_ERR(dentry_page)) { + if (PTR_ERR(dentry_page) == -ENOENT) { + room = true; ++ bidx = next_pgofs; + continue; + } else { + *res_page = dentry_page; +@@ -376,6 +378,8 @@ static struct f2fs_dir_entry *find_in_level(struct inode *dir, + if (max_slots >= s) + room = true; + f2fs_put_page(dentry_page, 0); ++ ++ bidx++; + } + + if (!de && room && F2FS_I(dir)->chash != fname->hash) { +@@ -963,7 +967,7 @@ void f2fs_delete_entry(struct f2fs_dir_entry *dentry, struct page *page, + + bool f2fs_empty_dir(struct inode *dir) + { +- unsigned long bidx; ++ unsigned long bidx = 0; + struct page *dentry_page; + unsigned int bit_pos; + struct f2fs_dentry_block *dentry_blk; +@@ -972,13 +976,17 @@ bool f2fs_empty_dir(struct inode *dir) + if (f2fs_has_inline_dentry(dir)) + return f2fs_empty_inline_dir(dir); + +- for (bidx = 0; bidx < nblock; bidx++) { +- dentry_page = f2fs_get_lock_data_page(dir, bidx, false); ++ while (bidx < nblock) { ++ pgoff_t next_pgofs; ++ ++ dentry_page = f2fs_find_data_page(dir, bidx, &next_pgofs); + if (IS_ERR(dentry_page)) { +- if (PTR_ERR(dentry_page) == -ENOENT) ++ if (PTR_ERR(dentry_page) == -ENOENT) { ++ bidx = next_pgofs; + continue; +- else ++ } else { + return false; ++ } + } + + dentry_blk = page_address(dentry_page); +@@ -990,10 +998,12 @@ bool f2fs_empty_dir(struct inode *dir) + NR_DENTRY_IN_BLOCK, + bit_pos); + +- f2fs_put_page(dentry_page, 1); ++ f2fs_put_page(dentry_page, 0); + + if (bit_pos < NR_DENTRY_IN_BLOCK) + return false; ++ ++ bidx++; + } + return true; + } +@@ -1111,7 +1121,8 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx) + goto out_free; + } + +- for (; n < npages; n++, ctx->pos = n * NR_DENTRY_IN_BLOCK) { ++ for (; n < npages; ctx->pos = n * NR_DENTRY_IN_BLOCK) { ++ pgoff_t next_pgofs; + + /* allow readdir() to be interrupted */ + if (fatal_signal_pending(current)) { +@@ -1125,11 +1136,12 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx) + page_cache_sync_readahead(inode->i_mapping, ra, file, n, + min(npages - n, (pgoff_t)MAX_DIR_RA_PAGES)); + +- dentry_page = f2fs_find_data_page(inode, n); ++ dentry_page = f2fs_find_data_page(inode, n, &next_pgofs); + if (IS_ERR(dentry_page)) { + err = PTR_ERR(dentry_page); + if (err == -ENOENT) { + err = 0; ++ n = next_pgofs; + continue; + } else { + goto out_free; +@@ -1148,6 +1160,8 @@ static int f2fs_readdir(struct file *file, struct dir_context *ctx) + } + + f2fs_put_page(dentry_page, 0); ++ ++ n++; + } + out_free: + fscrypt_fname_free_buffer(&fstr); +diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h +index 37dca728ff967..f56abb39601ac 100644 +--- a/fs/f2fs/f2fs.h ++++ b/fs/f2fs/f2fs.h +@@ -3784,8 +3784,9 @@ int f2fs_reserve_new_block(struct dnode_of_data *dn); + int f2fs_get_block(struct dnode_of_data *dn, pgoff_t index); + int f2fs_reserve_block(struct dnode_of_data *dn, pgoff_t index); + struct page *f2fs_get_read_data_page(struct inode *inode, pgoff_t index, +- blk_opf_t op_flags, bool for_write); +-struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index); ++ blk_opf_t op_flags, bool for_write, pgoff_t *next_pgofs); ++struct page *f2fs_find_data_page(struct inode *inode, pgoff_t index, ++ pgoff_t *next_pgofs); + struct page *f2fs_get_lock_data_page(struct inode *inode, pgoff_t index, + bool for_write); + struct page *f2fs_get_new_data_page(struct inode *inode, +diff --git a/fs/f2fs/gc.c b/fs/f2fs/gc.c +index aa4d513daa8f8..ec7212f7a9b73 100644 +--- a/fs/f2fs/gc.c ++++ b/fs/f2fs/gc.c +@@ -1600,8 +1600,8 @@ static int gc_data_segment(struct f2fs_sb_info *sbi, struct f2fs_summary *sum, + continue; + } + +- data_page = f2fs_get_read_data_page(inode, +- start_bidx, REQ_RAHEAD, true); ++ data_page = f2fs_get_read_data_page(inode, start_bidx, ++ REQ_RAHEAD, true, NULL); + f2fs_up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]); + if (IS_ERR(data_page)) { + iput(inode); +-- +2.40.1 + diff --git a/queue-6.1/s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch b/queue-6.1/s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch new file mode 100644 index 00000000000..9086503daf1 --- /dev/null +++ b/queue-6.1/s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch @@ -0,0 +1,204 @@ +From 451bda8ebdf0012fdfddfa8bf53a405ffe193d95 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 25 Jul 2023 11:24:47 +0200 +Subject: s390/pkey: fix PKEY_TYPE_EP11_AES handling in PKEY_CLR2SECK2 IOCTL + +From: Holger Dengler + +[ Upstream commit da2863f15945de100b95c72d5656541d30956c5d ] + +Commit 'fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC +private keys")' introduced PKEY_TYPE_EP11_AES for the PKEY_CLR2SECK2 +IOCTL to convert an AES clearkey into a securekey of this type. +Unfortunately, all PKEY_CLR2SECK2 IOCTL requests with type +PKEY_TYPE_EP11_AES return with an error (-EINVAL). Fix the handling +for PKEY_TYPE_EP11_AES in PKEY_CLR2SECK2 IOCTL, so that userspace can +convert clearkey blobs into PKEY_TYPE_EP11_AES securekey blobs. + +Cc: stable@vger.kernel.org # v5.10+ +Fixes: fa6999e326fe ("s390/pkey: support CCA and EP11 secure ECC private keys") +Signed-off-by: Holger Dengler +Reviewed-by: Ingo Franzki +Signed-off-by: Heiko Carstens +Signed-off-by: Sasha Levin +--- + drivers/s390/crypto/pkey_api.c | 16 +++++-- + drivers/s390/crypto/zcrypt_ep11misc.c | 61 ++++++++++++++++++++------- + drivers/s390/crypto/zcrypt_ep11misc.h | 3 +- + 3 files changed, 60 insertions(+), 20 deletions(-) + +diff --git a/drivers/s390/crypto/pkey_api.c b/drivers/s390/crypto/pkey_api.c +index 2b92ec20ed68e..df0f19e6d9235 100644 +--- a/drivers/s390/crypto/pkey_api.c ++++ b/drivers/s390/crypto/pkey_api.c +@@ -212,7 +212,8 @@ static int pkey_clr2ep11key(const u8 *clrkey, size_t clrkeylen, + card = apqns[i] >> 16; + dom = apqns[i] & 0xFFFF; + rc = ep11_clr2keyblob(card, dom, clrkeylen * 8, +- 0, clrkey, keybuf, keybuflen); ++ 0, clrkey, keybuf, keybuflen, ++ PKEY_TYPE_EP11); + if (rc == 0) + break; + } +@@ -627,6 +628,11 @@ static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, + if (*keybufsize < MINEP11AESKEYBLOBSIZE) + return -EINVAL; + break; ++ case PKEY_TYPE_EP11_AES: ++ if (*keybufsize < (sizeof(struct ep11kblob_header) + ++ MINEP11AESKEYBLOBSIZE)) ++ return -EINVAL; ++ break; + default: + return -EINVAL; + } +@@ -645,9 +651,11 @@ static int pkey_clr2seckey2(const struct pkey_apqn *apqns, size_t nr_apqns, + for (i = 0, rc = -ENODEV; i < nr_apqns; i++) { + card = apqns[i].card; + dom = apqns[i].domain; +- if (ktype == PKEY_TYPE_EP11) { ++ if (ktype == PKEY_TYPE_EP11 || ++ ktype == PKEY_TYPE_EP11_AES) { + rc = ep11_clr2keyblob(card, dom, ksize, kflags, +- clrkey, keybuf, keybufsize); ++ clrkey, keybuf, keybufsize, ++ ktype); + } else if (ktype == PKEY_TYPE_CCA_DATA) { + rc = cca_clr2seckey(card, dom, ksize, + clrkey, keybuf); +@@ -1361,7 +1369,7 @@ static long pkey_unlocked_ioctl(struct file *filp, unsigned int cmd, + apqns = _copy_apqns_from_user(kcs.apqns, kcs.apqn_entries); + if (IS_ERR(apqns)) + return PTR_ERR(apqns); +- kkey = kmalloc(klen, GFP_KERNEL); ++ kkey = kzalloc(klen, GFP_KERNEL); + if (!kkey) { + kfree(apqns); + return -ENOMEM; +diff --git a/drivers/s390/crypto/zcrypt_ep11misc.c b/drivers/s390/crypto/zcrypt_ep11misc.c +index 20bbeec1a1a22..77e1ffaafaea1 100644 +--- a/drivers/s390/crypto/zcrypt_ep11misc.c ++++ b/drivers/s390/crypto/zcrypt_ep11misc.c +@@ -1000,12 +1000,12 @@ static int ep11_cryptsingle(u16 card, u16 domain, + return rc; + } + +-static int ep11_unwrapkey(u16 card, u16 domain, +- const u8 *kek, size_t keksize, +- const u8 *enckey, size_t enckeysize, +- u32 mech, const u8 *iv, +- u32 keybitsize, u32 keygenflags, +- u8 *keybuf, size_t *keybufsize) ++static int _ep11_unwrapkey(u16 card, u16 domain, ++ const u8 *kek, size_t keksize, ++ const u8 *enckey, size_t enckeysize, ++ u32 mech, const u8 *iv, ++ u32 keybitsize, u32 keygenflags, ++ u8 *keybuf, size_t *keybufsize) + { + struct uw_req_pl { + struct pl_head head; +@@ -1042,7 +1042,6 @@ static int ep11_unwrapkey(u16 card, u16 domain, + struct ep11_cprb *req = NULL, *rep = NULL; + struct ep11_target_dev target; + struct ep11_urb *urb = NULL; +- struct ep11keyblob *kb; + size_t req_pl_size; + int api, rc = -ENOMEM; + u8 *p; +@@ -1124,14 +1123,9 @@ static int ep11_unwrapkey(u16 card, u16 domain, + goto out; + } + +- /* copy key blob and set header values */ ++ /* copy key blob */ + memcpy(keybuf, rep_pl->data, rep_pl->data_len); + *keybufsize = rep_pl->data_len; +- kb = (struct ep11keyblob *)keybuf; +- kb->head.type = TOKTYPE_NON_CCA; +- kb->head.len = rep_pl->data_len; +- kb->head.version = TOKVER_EP11_AES; +- kb->head.bitlen = keybitsize; + + out: + kfree(req); +@@ -1140,6 +1134,42 @@ static int ep11_unwrapkey(u16 card, u16 domain, + return rc; + } + ++static int ep11_unwrapkey(u16 card, u16 domain, ++ const u8 *kek, size_t keksize, ++ const u8 *enckey, size_t enckeysize, ++ u32 mech, const u8 *iv, ++ u32 keybitsize, u32 keygenflags, ++ u8 *keybuf, size_t *keybufsize, ++ u8 keybufver) ++{ ++ struct ep11kblob_header *hdr; ++ size_t hdr_size, pl_size; ++ u8 *pl; ++ int rc; ++ ++ rc = ep11_kb_split(keybuf, *keybufsize, keybufver, ++ &hdr, &hdr_size, &pl, &pl_size); ++ if (rc) ++ return rc; ++ ++ rc = _ep11_unwrapkey(card, domain, kek, keksize, enckey, enckeysize, ++ mech, iv, keybitsize, keygenflags, ++ pl, &pl_size); ++ if (rc) ++ return rc; ++ ++ *keybufsize = hdr_size + pl_size; ++ ++ /* update header information */ ++ hdr = (struct ep11kblob_header *)keybuf; ++ hdr->type = TOKTYPE_NON_CCA; ++ hdr->len = *keybufsize; ++ hdr->version = keybufver; ++ hdr->bitlen = keybitsize; ++ ++ return 0; ++} ++ + static int ep11_wrapkey(u16 card, u16 domain, + const u8 *key, size_t keysize, + u32 mech, const u8 *iv, +@@ -1274,7 +1304,8 @@ static int ep11_wrapkey(u16 card, u16 domain, + } + + int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags, +- const u8 *clrkey, u8 *keybuf, size_t *keybufsize) ++ const u8 *clrkey, u8 *keybuf, size_t *keybufsize, ++ u32 keytype) + { + int rc; + u8 encbuf[64], *kek = NULL; +@@ -1321,7 +1352,7 @@ int ep11_clr2keyblob(u16 card, u16 domain, u32 keybitsize, u32 keygenflags, + /* Step 3: import the encrypted key value as a new key */ + rc = ep11_unwrapkey(card, domain, kek, keklen, + encbuf, encbuflen, 0, def_iv, +- keybitsize, 0, keybuf, keybufsize); ++ keybitsize, 0, keybuf, keybufsize, keytype); + if (rc) { + DEBUG_ERR( + "%s importing key value as new key failed,, rc=%d\n", +diff --git a/drivers/s390/crypto/zcrypt_ep11misc.h b/drivers/s390/crypto/zcrypt_ep11misc.h +index ed328c354bade..b7f9cbe3d58de 100644 +--- a/drivers/s390/crypto/zcrypt_ep11misc.h ++++ b/drivers/s390/crypto/zcrypt_ep11misc.h +@@ -113,7 +113,8 @@ int ep11_genaeskey(u16 card, u16 domain, u32 keybitsize, u32 keygenflags, + * Generate EP11 AES secure key with given clear key value. + */ + int ep11_clr2keyblob(u16 cardnr, u16 domain, u32 keybitsize, u32 keygenflags, +- const u8 *clrkey, u8 *keybuf, size_t *keybufsize); ++ const u8 *clrkey, u8 *keybuf, size_t *keybufsize, ++ u32 keytype); + + /* + * Build a list of ep11 apqns meeting the following constrains: +-- +2.40.1 + diff --git a/queue-6.1/scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch b/queue-6.1/scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch new file mode 100644 index 00000000000..4adff1e6796 --- /dev/null +++ b/queue-6.1/scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch @@ -0,0 +1,208 @@ +From 26bd82bb4799b0356c878b9aa664daaf00e5d98b Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 21 Dec 2022 20:39:32 -0800 +Subject: scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets + called + +From: Shreyas Deodhar + +[ Upstream commit 1d201c81d4cc6840735bbcc99e6031503e5cf3b8 ] + +In current I/O path, Tx and Rx may not be processed on same CPU. This may +lead to thrashing and optimum performance may not be achieved. + +Pick qpair such that Tx and Rx are processed on same CPU. + +Signed-off-by: Shreyas Deodhar +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Stable-dep-of: 59f10a05b5c7 ("scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()") +Signed-off-by: Sasha Levin +--- + drivers/scsi/qla2xxx/qla_def.h | 2 ++ + drivers/scsi/qla2xxx/qla_init.c | 2 -- + drivers/scsi/qla2xxx/qla_inline.h | 55 +++++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_isr.c | 3 +- + drivers/scsi/qla2xxx/qla_nvme.c | 4 +++ + drivers/scsi/qla2xxx/qla_os.c | 6 ++++ + 6 files changed, 69 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h +index 7d282906598f3..817efdd32ad63 100644 +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3475,6 +3475,7 @@ struct qla_msix_entry { + int have_irq; + int in_use; + uint32_t vector; ++ uint32_t vector_base0; + uint16_t entry; + char name[30]; + void *handle; +@@ -4133,6 +4134,7 @@ struct qla_hw_data { + struct req_que **req_q_map; + struct rsp_que **rsp_q_map; + struct qla_qpair **queue_pair_map; ++ struct qla_qpair **qp_cpu_map; + unsigned long req_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)]; + unsigned long rsp_qid_map[(QLA_MAX_QUEUES / 8) / sizeof(unsigned long)]; + unsigned long qpair_qid_map[(QLA_MAX_QUEUES / 8) +diff --git a/drivers/scsi/qla2xxx/qla_init.c b/drivers/scsi/qla2xxx/qla_init.c +index 36abdb0de1694..79de31e7e8b2a 100644 +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -9758,8 +9758,6 @@ struct qla_qpair *qla2xxx_create_qpair(struct scsi_qla_host *vha, int qos, + qpair->req = ha->req_q_map[req_id]; + qpair->rsp->req = qpair->req; + qpair->rsp->qpair = qpair; +- /* init qpair to this cpu. Will adjust at run time. */ +- qla_cpu_update(qpair, raw_smp_processor_id()); + + if (IS_T10_PI_CAPABLE(ha) && ql2xenabledif) { + if (ha->fw_attributes & BIT_4) +diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h +index a7b5d11146827..d5cf9db2a8ea3 100644 +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -573,3 +573,58 @@ fcport_is_bigger(fc_port_t *fcport) + { + return !fcport_is_smaller(fcport); + } ++ ++static inline struct qla_qpair * ++qla_mapq_nvme_select_qpair(struct qla_hw_data *ha, struct qla_qpair *qpair) ++{ ++ int cpuid = smp_processor_id(); ++ ++ if (qpair->cpuid != cpuid && ++ ha->qp_cpu_map[cpuid]) { ++ qpair = ha->qp_cpu_map[cpuid]; ++ } ++ return qpair; ++} ++ ++static inline void ++qla_mapq_init_qp_cpu_map(struct qla_hw_data *ha, ++ struct qla_msix_entry *msix, ++ struct qla_qpair *qpair) ++{ ++ const struct cpumask *mask; ++ unsigned int cpu; ++ ++ if (!ha->qp_cpu_map) ++ return; ++ mask = pci_irq_get_affinity(ha->pdev, msix->vector_base0); ++ qpair->cpuid = cpumask_first(mask); ++ for_each_cpu(cpu, mask) { ++ ha->qp_cpu_map[cpu] = qpair; ++ } ++ msix->cpuid = qpair->cpuid; ++} ++ ++static inline void ++qla_mapq_free_qp_cpu_map(struct qla_hw_data *ha) ++{ ++ if (ha->qp_cpu_map) { ++ kfree(ha->qp_cpu_map); ++ ha->qp_cpu_map = NULL; ++ } ++} ++ ++static inline int qla_mapq_alloc_qp_cpu_map(struct qla_hw_data *ha) ++{ ++ scsi_qla_host_t *vha = pci_get_drvdata(ha->pdev); ++ ++ if (!ha->qp_cpu_map) { ++ ha->qp_cpu_map = kcalloc(NR_CPUS, sizeof(struct qla_qpair *), ++ GFP_KERNEL); ++ if (!ha->qp_cpu_map) { ++ ql_log(ql_log_fatal, vha, 0x0180, ++ "Unable to allocate memory for qp_cpu_map ptrs.\n"); ++ return -1; ++ } ++ } ++ return 0; ++} +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c +index 0111249cc8774..a5e6246127ed3 100644 +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3819,7 +3819,6 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha, + + if (rsp->qpair->cpuid != smp_processor_id() || !rsp->qpair->rcv_intr) { + rsp->qpair->rcv_intr = 1; +- qla_cpu_update(rsp->qpair, smp_processor_id()); + } + + #define __update_rsp_in(_is_shadow_hba, _rsp, _rsp_in) \ +@@ -4425,6 +4424,7 @@ qla24xx_enable_msix(struct qla_hw_data *ha, struct rsp_que *rsp) + for (i = 0; i < ha->msix_count; i++) { + qentry = &ha->msix_entries[i]; + qentry->vector = pci_irq_vector(ha->pdev, i); ++ qentry->vector_base0 = i; + qentry->entry = i; + qentry->have_irq = 0; + qentry->in_use = 0; +@@ -4652,5 +4652,6 @@ int qla25xx_request_irq(struct qla_hw_data *ha, struct qla_qpair *qpair, + } + msix->have_irq = 1; + msix->handle = qpair; ++ qla_mapq_init_qp_cpu_map(ha, msix, qpair); + return ret; + } +diff --git a/drivers/scsi/qla2xxx/qla_nvme.c b/drivers/scsi/qla2xxx/qla_nvme.c +index c9a6fc882a801..9941b38eac93c 100644 +--- a/drivers/scsi/qla2xxx/qla_nvme.c ++++ b/drivers/scsi/qla2xxx/qla_nvme.c +@@ -609,6 +609,7 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport, + fc_port_t *fcport; + struct srb_iocb *nvme; + struct scsi_qla_host *vha; ++ struct qla_hw_data *ha; + int rval; + srb_t *sp; + struct qla_qpair *qpair = hw_queue_handle; +@@ -629,6 +630,7 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport, + return -ENODEV; + + vha = fcport->vha; ++ ha = vha->hw; + + if (test_bit(ABORT_ISP_ACTIVE, &vha->dpc_flags)) + return -EBUSY; +@@ -643,6 +645,8 @@ static int qla_nvme_post_cmd(struct nvme_fc_local_port *lport, + if (fcport->nvme_flag & NVME_FLAG_RESETTING) + return -EBUSY; + ++ qpair = qla_mapq_nvme_select_qpair(ha, qpair); ++ + /* Alloc SRB structure */ + sp = qla2xxx_get_qpair_sp(vha, qpair, fcport, GFP_ATOMIC); + if (!sp) +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 78f7cd16967fa..b33ffec1cb75e 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -480,6 +480,11 @@ static int qla2x00_alloc_queues(struct qla_hw_data *ha, struct req_que *req, + "Unable to allocate memory for queue pair ptrs.\n"); + goto fail_qpair_map; + } ++ if (qla_mapq_alloc_qp_cpu_map(ha) != 0) { ++ kfree(ha->queue_pair_map); ++ ha->queue_pair_map = NULL; ++ goto fail_qpair_map; ++ } + } + + /* +@@ -554,6 +559,7 @@ static void qla2x00_free_queues(struct qla_hw_data *ha) + ha->base_qpair = NULL; + } + ++ qla_mapq_free_qp_cpu_map(ha); + spin_lock_irqsave(&ha->hardware_lock, flags); + for (cnt = 0; cnt < ha->max_req_queues; cnt++) { + if (!test_bit(cnt, ha->req_qid_map)) +-- +2.40.1 + diff --git a/queue-6.1/scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch b/queue-6.1/scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch new file mode 100644 index 00000000000..a766cad0bd2 --- /dev/null +++ b/queue-6.1/scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch @@ -0,0 +1,125 @@ +From f71b288bb266ac31d178f5d4e5e6d426f1d3fd76 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 31 Aug 2023 16:51:46 +0530 +Subject: scsi: qla2xxx: Use raw_smp_processor_id() instead of + smp_processor_id() + +From: Nilesh Javali + +[ Upstream commit 59f10a05b5c7b675256a66e3161741239889ff80 ] + +The following call trace was observed: + +localhost kernel: nvme nvme0: NVME-FC{0}: controller connect complete +localhost kernel: BUG: using smp_processor_id() in preemptible [00000000] code: kworker/u129:4/75092 +localhost kernel: nvme nvme0: NVME-FC{0}: new ctrl: NQN "nqn.1992-08.com.netapp:sn.b42d198afb4d11ecad6d00a098d6abfa:subsystem.PR_Channel2022_RH84_subsystem_291" +localhost kernel: caller is qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] +localhost kernel: CPU: 6 PID: 75092 Comm: kworker/u129:4 Kdump: loaded Tainted: G B W OE --------- --- 5.14.0-70.22.1.el9_0.x86_64+debug #1 +localhost kernel: Hardware name: HPE ProLiant XL420 Gen10/ProLiant XL420 Gen10, BIOS U39 01/13/2022 +localhost kernel: Workqueue: nvme-wq nvme_async_event_work [nvme_core] +localhost kernel: Call Trace: +localhost kernel: dump_stack_lvl+0x57/0x7d +localhost kernel: check_preemption_disabled+0xc8/0xd0 +localhost kernel: qla_nvme_post_cmd+0x216/0x1380 [qla2xxx] + +Use raw_smp_processor_id() instead of smp_processor_id(). + +Also use queue_work() across the driver instead of queue_work_on() thus +avoiding usage of smp_processor_id() when CONFIG_DEBUG_PREEMPT is enabled. + +Cc: stable@vger.kernel.org +Suggested-by: John Garry +Signed-off-by: Nilesh Javali +Link: https://lore.kernel.org/r/20230831112146.32595-2-njavali@marvell.com +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/qla2xxx/qla_inline.h | 2 +- + drivers/scsi/qla2xxx/qla_isr.c | 6 +++--- + drivers/scsi/qla2xxx/qla_target.c | 3 +-- + drivers/scsi/qla2xxx/tcm_qla2xxx.c | 4 ++-- + 4 files changed, 7 insertions(+), 8 deletions(-) + +diff --git a/drivers/scsi/qla2xxx/qla_inline.h b/drivers/scsi/qla2xxx/qla_inline.h +index d5cf9db2a8ea3..e66441355f7ae 100644 +--- a/drivers/scsi/qla2xxx/qla_inline.h ++++ b/drivers/scsi/qla2xxx/qla_inline.h +@@ -577,7 +577,7 @@ fcport_is_bigger(fc_port_t *fcport) + static inline struct qla_qpair * + qla_mapq_nvme_select_qpair(struct qla_hw_data *ha, struct qla_qpair *qpair) + { +- int cpuid = smp_processor_id(); ++ int cpuid = raw_smp_processor_id(); + + if (qpair->cpuid != cpuid && + ha->qp_cpu_map[cpuid]) { +diff --git a/drivers/scsi/qla2xxx/qla_isr.c b/drivers/scsi/qla2xxx/qla_isr.c +index a5e6246127ed3..cf1025c917267 100644 +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3817,7 +3817,7 @@ void qla24xx_process_response_queue(struct scsi_qla_host *vha, + if (!ha->flags.fw_started) + return; + +- if (rsp->qpair->cpuid != smp_processor_id() || !rsp->qpair->rcv_intr) { ++ if (rsp->qpair->cpuid != raw_smp_processor_id() || !rsp->qpair->rcv_intr) { + rsp->qpair->rcv_intr = 1; + } + +@@ -4305,7 +4305,7 @@ qla2xxx_msix_rsp_q(int irq, void *dev_id) + } + ha = qpair->hw; + +- queue_work_on(smp_processor_id(), ha->wq, &qpair->q_work); ++ queue_work(ha->wq, &qpair->q_work); + + return IRQ_HANDLED; + } +@@ -4331,7 +4331,7 @@ qla2xxx_msix_rsp_q_hs(int irq, void *dev_id) + wrt_reg_dword(®->hccr, HCCRX_CLR_RISC_INT); + spin_unlock_irqrestore(&ha->hardware_lock, flags); + +- queue_work_on(smp_processor_id(), ha->wq, &qpair->q_work); ++ queue_work(ha->wq, &qpair->q_work); + + return IRQ_HANDLED; + } +diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c +index 545473a0ffc84..5a5beb41786ed 100644 +--- a/drivers/scsi/qla2xxx/qla_target.c ++++ b/drivers/scsi/qla2xxx/qla_target.c +@@ -4442,8 +4442,7 @@ static int qlt_handle_cmd_for_atio(struct scsi_qla_host *vha, + queue_work_on(cmd->se_cmd.cpuid, qla_tgt_wq, &cmd->work); + } else if (ha->msix_count) { + if (cmd->atio.u.isp24.fcp_cmnd.rddata) +- queue_work_on(smp_processor_id(), qla_tgt_wq, +- &cmd->work); ++ queue_work(qla_tgt_wq, &cmd->work); + else + queue_work_on(cmd->se_cmd.cpuid, qla_tgt_wq, + &cmd->work); +diff --git a/drivers/scsi/qla2xxx/tcm_qla2xxx.c b/drivers/scsi/qla2xxx/tcm_qla2xxx.c +index 8fa0056b56ddb..e54ee6770e79f 100644 +--- a/drivers/scsi/qla2xxx/tcm_qla2xxx.c ++++ b/drivers/scsi/qla2xxx/tcm_qla2xxx.c +@@ -310,7 +310,7 @@ static void tcm_qla2xxx_free_cmd(struct qla_tgt_cmd *cmd) + cmd->trc_flags |= TRC_CMD_DONE; + + INIT_WORK(&cmd->work, tcm_qla2xxx_complete_free); +- queue_work_on(smp_processor_id(), tcm_qla2xxx_free_wq, &cmd->work); ++ queue_work(tcm_qla2xxx_free_wq, &cmd->work); + } + + /* +@@ -557,7 +557,7 @@ static void tcm_qla2xxx_handle_data(struct qla_tgt_cmd *cmd) + cmd->trc_flags |= TRC_DATA_IN; + cmd->cmd_in_wq = 1; + INIT_WORK(&cmd->work, tcm_qla2xxx_handle_data_work); +- queue_work_on(smp_processor_id(), tcm_qla2xxx_free_wq, &cmd->work); ++ queue_work(tcm_qla2xxx_free_wq, &cmd->work); + } + + static int tcm_qla2xxx_chk_dif_tags(uint32_t tag) +-- +2.40.1 + diff --git a/queue-6.1/series b/queue-6.1/series index e4b4df7cc16..4be35b08fa6 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -89,3 +89,18 @@ gpio-tb10x-fix-an-error-handling-path-in-tb10x_gpio_.patch i2c-mux-demux-pinctrl-check-the-return-value-of-devm.patch i2c-mux-gpio-add-missing-fwnode_handle_put.patch i2c-xiic-correct-return-value-check-for-xiic_reinit.patch +arm-dts-bcm5301x-extend-ram-to-full-256mb-for-linksy.patch +arm-dts-samsung-exynos4210-i9100-fix-lcd-screen-s-ph.patch +arm-dts-qcom-msm8974pro-castor-correct-inverted-x-of.patch +arm-dts-qcom-msm8974pro-castor-correct-touchscreen-f.patch +arm-dts-qcom-msm8974pro-castor-correct-touchscreen-s.patch +f2fs-optimize-iteration-over-sparse-directories.patch +f2fs-get-out-of-a-repeat-loop-when-getting-a-locked-.patch +s390-pkey-fix-pkey_type_ep11_aes-handling-in-pkey_cl.patch +arm64-dts-qcom-sdm845-db845c-mark-cont-splash-memory.patch +wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch +wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch +scsi-qla2xxx-select-qpair-depending-on-which-cpu-pos.patch +scsi-qla2xxx-use-raw_smp_processor_id-instead-of-smp.patch +drm-amdkfd-flush-tlb-after-unmapping-for-gfx-v9.4.3.patch +drm-amdkfd-insert-missing-tlb-flush-on-gfx10-and-lat.patch diff --git a/queue-6.1/wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch b/queue-6.1/wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch new file mode 100644 index 00000000000..5ca8ae28901 --- /dev/null +++ b/queue-6.1/wifi-ath11k-cleanup-mac80211-references-on-failure-d.patch @@ -0,0 +1,61 @@ +From 92dd5dbdd10402280500de0b2fecb27b8cc549c3 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 22 Aug 2023 16:42:24 +0300 +Subject: wifi: ath11k: Cleanup mac80211 references on failure during + tx_complete + +From: Sven Eckelmann + +[ Upstream commit 29d15589f084d71a4ea8c544039c5839db0236e2 ] + +When a function is using functions from mac80211 to free an skb then it +should do it consistently and not switch to the generic dev_kfree_skb_any +(or similar functions). Otherwise (like in the error handlers), mac80211 +will will not be aware of the freed skb and thus not clean up related +information in its internal data structures. + +Not doing so lead in the past to filled up structure which then prevented +new clients to connect. + +Fixes: d5c65159f289 ("ath11k: driver for Qualcomm IEEE 802.11ax devices") +Fixes: 6257c702264c ("wifi: ath11k: fix tx status reporting in encap offload mode") +Cc: stable@vger.kernel.org +Signed-off-by: Sven Eckelmann +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230802-ath11k-ack_status_leak-v2-2-c0af729d6229@narfation.org +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath11k/dp_tx.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c +index 08a28464eb7a9..64c8ccac22d27 100644 +--- a/drivers/net/wireless/ath/ath11k/dp_tx.c ++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c +@@ -344,7 +344,7 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab, + dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE); + + if (!skb_cb->vif) { +- dev_kfree_skb_any(msdu); ++ ieee80211_free_txskb(ar->hw, msdu); + return; + } + +@@ -566,12 +566,12 @@ static void ath11k_dp_tx_complete_msdu(struct ath11k *ar, + dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE); + + if (unlikely(!rcu_access_pointer(ab->pdevs_active[ar->pdev_idx]))) { +- dev_kfree_skb_any(msdu); ++ ieee80211_free_txskb(ar->hw, msdu); + return; + } + + if (unlikely(!skb_cb->vif)) { +- dev_kfree_skb_any(msdu); ++ ieee80211_free_txskb(ar->hw, msdu); + return; + } + +-- +2.40.1 + diff --git a/queue-6.1/wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch b/queue-6.1/wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch new file mode 100644 index 00000000000..b82caa2417f --- /dev/null +++ b/queue-6.1/wifi-ath11k-fix-tx-status-reporting-in-encap-offload.patch @@ -0,0 +1,134 @@ +From 9bbadbf7eb4631b635935bc15b3868a93e287505 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 17 Apr 2023 13:35:02 +0300 +Subject: wifi: ath11k: fix tx status reporting in encap offload mode + +From: Pradeep Kumar Chitrapu + +[ Upstream commit 6257c702264c44d74c6b71f0c62a7665da2dc356 ] + +ieee80211_tx_status() treats packets in 802.11 frame format and +tries to extract sta address from packet header. When tx encap +offload is enabled, this becomes invalid operation. Hence, switch +to using ieee80211_tx_status_ext() after filling in station +address for handling both 802.11 and 802.3 frames. + +Tested-on: QCN9074 hw1.0 PCI WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1 + +Signed-off-by: Pradeep Kumar Chitrapu +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20230403195738.25367-2-quic_pradeepc@quicinc.com +Stable-dep-of: 29d15589f084 ("wifi: ath11k: Cleanup mac80211 references on failure during tx_complete") +Signed-off-by: Sasha Levin +--- + drivers/net/wireless/ath/ath11k/dp.h | 4 +++ + drivers/net/wireless/ath/ath11k/dp_tx.c | 33 ++++++++++++++++++++++++- + drivers/net/wireless/ath/ath11k/dp_tx.h | 1 + + 3 files changed, 37 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/ath/ath11k/dp.h b/drivers/net/wireless/ath/ath11k/dp.h +index be9eafc872b3b..232fd2e638bf6 100644 +--- a/drivers/net/wireless/ath/ath11k/dp.h ++++ b/drivers/net/wireless/ath/ath11k/dp.h +@@ -303,12 +303,16 @@ struct ath11k_dp { + + #define HTT_TX_WBM_COMP_STATUS_OFFSET 8 + ++#define HTT_INVALID_PEER_ID 0xffff ++ + /* HTT tx completion is overlaid in wbm_release_ring */ + #define HTT_TX_WBM_COMP_INFO0_STATUS GENMASK(12, 9) + #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13) + #define HTT_TX_WBM_COMP_INFO0_REINJECT_REASON GENMASK(16, 13) + + #define HTT_TX_WBM_COMP_INFO1_ACK_RSSI GENMASK(31, 24) ++#define HTT_TX_WBM_COMP_INFO2_SW_PEER_ID GENMASK(15, 0) ++#define HTT_TX_WBM_COMP_INFO2_VALID BIT(21) + + struct htt_tx_wbm_completion { + u32 info0; +diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.c b/drivers/net/wireless/ath/ath11k/dp_tx.c +index 8afbba2369354..08a28464eb7a9 100644 +--- a/drivers/net/wireless/ath/ath11k/dp_tx.c ++++ b/drivers/net/wireless/ath/ath11k/dp_tx.c +@@ -316,10 +316,12 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab, + struct dp_tx_ring *tx_ring, + struct ath11k_dp_htt_wbm_tx_status *ts) + { ++ struct ieee80211_tx_status status = { 0 }; + struct sk_buff *msdu; + struct ieee80211_tx_info *info; + struct ath11k_skb_cb *skb_cb; + struct ath11k *ar; ++ struct ath11k_peer *peer; + + spin_lock(&tx_ring->tx_idr_lock); + msdu = idr_remove(&tx_ring->txbuf_idr, ts->msdu_id); +@@ -341,6 +343,11 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab, + + dma_unmap_single(ab->dev, skb_cb->paddr, msdu->len, DMA_TO_DEVICE); + ++ if (!skb_cb->vif) { ++ dev_kfree_skb_any(msdu); ++ return; ++ } ++ + memset(&info->status, 0, sizeof(info->status)); + + if (ts->acked) { +@@ -355,7 +362,23 @@ ath11k_dp_tx_htt_tx_complete_buf(struct ath11k_base *ab, + } + } + +- ieee80211_tx_status(ar->hw, msdu); ++ spin_lock_bh(&ab->base_lock); ++ peer = ath11k_peer_find_by_id(ab, ts->peer_id); ++ if (!peer || !peer->sta) { ++ ath11k_dbg(ab, ATH11K_DBG_DATA, ++ "dp_tx: failed to find the peer with peer_id %d\n", ++ ts->peer_id); ++ spin_unlock_bh(&ab->base_lock); ++ dev_kfree_skb_any(msdu); ++ return; ++ } ++ spin_unlock_bh(&ab->base_lock); ++ ++ status.sta = peer->sta; ++ status.info = info; ++ status.skb = msdu; ++ ++ ieee80211_tx_status_ext(ar->hw, &status); + } + + static void +@@ -379,7 +402,15 @@ ath11k_dp_tx_process_htt_tx_complete(struct ath11k_base *ab, + ts.msdu_id = msdu_id; + ts.ack_rssi = FIELD_GET(HTT_TX_WBM_COMP_INFO1_ACK_RSSI, + status_desc->info1); ++ ++ if (FIELD_GET(HTT_TX_WBM_COMP_INFO2_VALID, status_desc->info2)) ++ ts.peer_id = FIELD_GET(HTT_TX_WBM_COMP_INFO2_SW_PEER_ID, ++ status_desc->info2); ++ else ++ ts.peer_id = HTT_INVALID_PEER_ID; ++ + ath11k_dp_tx_htt_tx_complete_buf(ab, tx_ring, &ts); ++ + break; + case HAL_WBM_REL_HTT_TX_COMP_STATUS_REINJ: + case HAL_WBM_REL_HTT_TX_COMP_STATUS_INSPECT: +diff --git a/drivers/net/wireless/ath/ath11k/dp_tx.h b/drivers/net/wireless/ath/ath11k/dp_tx.h +index e87d65bfbf06e..68a21ea9b9346 100644 +--- a/drivers/net/wireless/ath/ath11k/dp_tx.h ++++ b/drivers/net/wireless/ath/ath11k/dp_tx.h +@@ -13,6 +13,7 @@ struct ath11k_dp_htt_wbm_tx_status { + u32 msdu_id; + bool acked; + int ack_rssi; ++ u16 peer_id; + }; + + void ath11k_dp_tx_update_txcompl(struct ath11k *ar, struct hal_tx_status *ts); +-- +2.40.1 + -- 2.47.3