From fc82e08f3337d56067df101bcc017737939d065e Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sun, 23 Jul 2023 16:10:22 +0200 Subject: [PATCH] 5.10-stable patches added patches: asoc-fsl_sai-disable-bit-clock-with-transmitter.patch btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch can-bcm-fix-uaf-in-bcm_proc_show.patch drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch drm-client-fix-memory-leak-in-drm_client_target_cloned.patch fuse-revalidate-don-t-invalidate-if-interrupted.patch keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch regmap-account-for-register-length-in-smbus-i-o-limits.patch regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch selftests-tc-add-ct-action-kconfig-dep.patch selftests-tc-set-timeout-to-15-minutes.patch --- ...i-disable-bit-clock-with-transmitter.patch | 43 +++++ ...ion-with-qgroups-enabled-after-abort.patch | 89 +++++++++ .../can-bcm-fix-uaf-in-bcm_proc_show.patch | 92 +++++++++ ...ory-leak-in-drm_client_modeset_probe.patch | 46 +++++ ...ory-leak-in-drm_client_target_cloned.patch | 68 +++++++ ...date-don-t-invalidate-if-interrupted.patch | 34 ++++ ...icate-key-to-a-keyring-s-assoc_array.patch | 177 ++++++++++++++++++ ...duced-by-switch-to-die_get_decl_file.patch | 115 ++++++++++++ ...-register-length-in-smbus-i-o-limits.patch | 54 ++++++ ...ion-of-maximum-transfer-length-fixes.patch | 64 +++++++ ...lftests-tc-add-ct-action-kconfig-dep.patch | 43 +++++ ...lftests-tc-set-timeout-to-15-minutes.patch | 43 +++++ queue-5.10/series | 12 ++ 13 files changed, 880 insertions(+) create mode 100644 queue-5.10/asoc-fsl_sai-disable-bit-clock-with-transmitter.patch create mode 100644 queue-5.10/btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch create mode 100644 queue-5.10/can-bcm-fix-uaf-in-bcm_proc_show.patch create mode 100644 queue-5.10/drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch create mode 100644 queue-5.10/drm-client-fix-memory-leak-in-drm_client_target_cloned.patch create mode 100644 queue-5.10/fuse-revalidate-don-t-invalidate-if-interrupted.patch create mode 100644 queue-5.10/keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch create mode 100644 queue-5.10/perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch create mode 100644 queue-5.10/regmap-account-for-register-length-in-smbus-i-o-limits.patch create mode 100644 queue-5.10/regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch create mode 100644 queue-5.10/selftests-tc-add-ct-action-kconfig-dep.patch create mode 100644 queue-5.10/selftests-tc-set-timeout-to-15-minutes.patch diff --git a/queue-5.10/asoc-fsl_sai-disable-bit-clock-with-transmitter.patch b/queue-5.10/asoc-fsl_sai-disable-bit-clock-with-transmitter.patch new file mode 100644 index 00000000000..1f341340367 --- /dev/null +++ b/queue-5.10/asoc-fsl_sai-disable-bit-clock-with-transmitter.patch @@ -0,0 +1,43 @@ +From 269f399dc19f0e5c51711c3ba3bd06e0ef6ef403 Mon Sep 17 00:00:00 2001 +From: Matus Gajdos +Date: Wed, 12 Jul 2023 14:49:33 +0200 +Subject: ASoC: fsl_sai: Disable bit clock with transmitter + +From: Matus Gajdos + +commit 269f399dc19f0e5c51711c3ba3bd06e0ef6ef403 upstream. + +Otherwise bit clock remains running writing invalid data to the DAC. + +Signed-off-by: Matus Gajdos +Acked-by: Shengjiu Wang +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230712124934.32232-1-matuszpd@gmail.com +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + sound/soc/fsl/fsl_sai.c | 2 +- + sound/soc/fsl/fsl_sai.h | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +--- a/sound/soc/fsl/fsl_sai.c ++++ b/sound/soc/fsl/fsl_sai.c +@@ -552,7 +552,7 @@ static void fsl_sai_config_disable(struc + u32 xcsr, count = 100; + + regmap_update_bits(sai->regmap, FSL_SAI_xCSR(tx, ofs), +- FSL_SAI_CSR_TERE, 0); ++ FSL_SAI_CSR_TERE | FSL_SAI_CSR_BCE, 0); + + /* TERE will remain set till the end of current frame */ + do { +--- a/sound/soc/fsl/fsl_sai.h ++++ b/sound/soc/fsl/fsl_sai.h +@@ -87,6 +87,7 @@ + /* SAI Transmit/Receive Control Register */ + #define FSL_SAI_CSR_TERE BIT(31) + #define FSL_SAI_CSR_SE BIT(30) ++#define FSL_SAI_CSR_BCE BIT(28) + #define FSL_SAI_CSR_FR BIT(25) + #define FSL_SAI_CSR_SR BIT(24) + #define FSL_SAI_CSR_xF_SHIFT 16 diff --git a/queue-5.10/btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch b/queue-5.10/btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch new file mode 100644 index 00000000000..7d08db87820 --- /dev/null +++ b/queue-5.10/btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch @@ -0,0 +1,89 @@ +From aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6 Mon Sep 17 00:00:00 2001 +From: Filipe Manana +Date: Fri, 14 Jul 2023 13:42:06 +0100 +Subject: btrfs: fix warning when putting transaction with qgroups enabled after abort + +From: Filipe Manana + +commit aa84ce8a78a1a5c10cdf9c7a5fb0c999fbc2c8d6 upstream. + +If we have a transaction abort with qgroups enabled we get a warning +triggered when doing the final put on the transaction, like this: + + [552.6789] ------------[ cut here ]------------ + [552.6815] WARNING: CPU: 4 PID: 81745 at fs/btrfs/transaction.c:144 btrfs_put_transaction+0x123/0x130 [btrfs] + [552.6817] Modules linked in: btrfs blake2b_generic xor (...) + [552.6819] CPU: 4 PID: 81745 Comm: btrfs-transacti Tainted: G W 6.4.0-rc6-btrfs-next-134+ #1 + [552.6819] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014 + [552.6819] RIP: 0010:btrfs_put_transaction+0x123/0x130 [btrfs] + [552.6821] Code: bd a0 01 00 (...) + [552.6821] RSP: 0018:ffffa168c0527e28 EFLAGS: 00010286 + [552.6821] RAX: ffff936042caed00 RBX: ffff93604a3eb448 RCX: 0000000000000000 + [552.6821] RDX: ffff93606421b028 RSI: ffffffff92ff0878 RDI: ffff93606421b010 + [552.6821] RBP: ffff93606421b000 R08: 0000000000000000 R09: ffffa168c0d07c20 + [552.6821] R10: 0000000000000000 R11: ffff93608dc52950 R12: ffffa168c0527e70 + [552.6821] R13: ffff93606421b000 R14: ffff93604a3eb420 R15: ffff93606421b028 + [552.6821] FS: 0000000000000000(0000) GS:ffff93675fb00000(0000) knlGS:0000000000000000 + [552.6821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + [552.6821] CR2: 0000558ad262b000 CR3: 000000014feda005 CR4: 0000000000370ee0 + [552.6822] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 + [552.6822] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 + [552.6822] Call Trace: + [552.6822] + [552.6822] ? __warn+0x80/0x130 + [552.6822] ? btrfs_put_transaction+0x123/0x130 [btrfs] + [552.6824] ? report_bug+0x1f4/0x200 + [552.6824] ? handle_bug+0x42/0x70 + [552.6824] ? exc_invalid_op+0x14/0x70 + [552.6824] ? asm_exc_invalid_op+0x16/0x20 + [552.6824] ? btrfs_put_transaction+0x123/0x130 [btrfs] + [552.6826] btrfs_cleanup_transaction+0xe7/0x5e0 [btrfs] + [552.6828] ? _raw_spin_unlock_irqrestore+0x23/0x40 + [552.6828] ? try_to_wake_up+0x94/0x5e0 + [552.6828] ? __pfx_process_timeout+0x10/0x10 + [552.6828] transaction_kthread+0x103/0x1d0 [btrfs] + [552.6830] ? __pfx_transaction_kthread+0x10/0x10 [btrfs] + [552.6832] kthread+0xee/0x120 + [552.6832] ? __pfx_kthread+0x10/0x10 + [552.6832] ret_from_fork+0x29/0x50 + [552.6832] + [552.6832] ---[ end trace 0000000000000000 ]--- + +This corresponds to this line of code: + + void btrfs_put_transaction(struct btrfs_transaction *transaction) + { + (...) + WARN_ON(!RB_EMPTY_ROOT( + &transaction->delayed_refs.dirty_extent_root)); + (...) + } + +The warning happens because btrfs_qgroup_destroy_extent_records(), called +in the transaction abort path, we free all entries from the rbtree +"dirty_extent_root" with rbtree_postorder_for_each_entry_safe(), but we +don't actually empty the rbtree - it's still pointing to nodes that were +freed. + +So set the rbtree's root node to NULL to avoid this warning (assign +RB_ROOT). + +Fixes: 81f7eb00ff5b ("btrfs: destroy qgroup extent records on transaction abort") +CC: stable@vger.kernel.org # 5.10+ +Reviewed-by: Josef Bacik +Reviewed-by: Qu Wenruo +Signed-off-by: Filipe Manana +Signed-off-by: David Sterba +Signed-off-by: Greg Kroah-Hartman +--- + fs/btrfs/qgroup.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/fs/btrfs/qgroup.c ++++ b/fs/btrfs/qgroup.c +@@ -4376,4 +4376,5 @@ void btrfs_qgroup_destroy_extent_records + ulist_free(entry->old_roots); + kfree(entry); + } ++ *root = RB_ROOT; + } diff --git a/queue-5.10/can-bcm-fix-uaf-in-bcm_proc_show.patch b/queue-5.10/can-bcm-fix-uaf-in-bcm_proc_show.patch new file mode 100644 index 00000000000..37d47836ec2 --- /dev/null +++ b/queue-5.10/can-bcm-fix-uaf-in-bcm_proc_show.patch @@ -0,0 +1,92 @@ +From 55c3b96074f3f9b0aee19bf93cd71af7516582bb Mon Sep 17 00:00:00 2001 +From: YueHaibing +Date: Sat, 15 Jul 2023 17:25:43 +0800 +Subject: can: bcm: Fix UAF in bcm_proc_show() + +From: YueHaibing + +commit 55c3b96074f3f9b0aee19bf93cd71af7516582bb upstream. + +BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 +Read of size 8 at addr ffff888155846230 by task cat/7862 + +CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 +Call Trace: + + dump_stack_lvl+0xd5/0x150 + print_report+0xc1/0x5e0 + kasan_report+0xba/0xf0 + bcm_proc_show+0x969/0xa80 + seq_read_iter+0x4f6/0x1260 + seq_read+0x165/0x210 + proc_reg_read+0x227/0x300 + vfs_read+0x1d5/0x8d0 + ksys_read+0x11e/0x240 + do_syscall_64+0x35/0xb0 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +Allocated by task 7846: + kasan_save_stack+0x1e/0x40 + kasan_set_track+0x21/0x30 + __kasan_kmalloc+0x9e/0xa0 + bcm_sendmsg+0x264b/0x44e0 + sock_sendmsg+0xda/0x180 + ____sys_sendmsg+0x735/0x920 + ___sys_sendmsg+0x11d/0x1b0 + __sys_sendmsg+0xfa/0x1d0 + do_syscall_64+0x35/0xb0 + entry_SYSCALL_64_after_hwframe+0x63/0xcd + +Freed by task 7846: + kasan_save_stack+0x1e/0x40 + kasan_set_track+0x21/0x30 + kasan_save_free_info+0x27/0x40 + ____kasan_slab_free+0x161/0x1c0 + slab_free_freelist_hook+0x119/0x220 + __kmem_cache_free+0xb4/0x2e0 + rcu_core+0x809/0x1bd0 + +bcm_op is freed before procfs entry be removed in bcm_release(), +this lead to bcm_proc_show() may read the freed bcm_op. + +Fixes: ffd980f976e7 ("[CAN]: Add broadcast manager (bcm) protocol") +Signed-off-by: YueHaibing +Reviewed-by: Oliver Hartkopp +Acked-by: Oliver Hartkopp +Link: https://lore.kernel.org/all/20230715092543.15548-1-yuehaibing@huawei.com +Cc: stable@vger.kernel.org +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Greg Kroah-Hartman +--- + net/can/bcm.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +--- a/net/can/bcm.c ++++ b/net/can/bcm.c +@@ -1521,6 +1521,12 @@ static int bcm_release(struct socket *so + + lock_sock(sk); + ++#if IS_ENABLED(CONFIG_PROC_FS) ++ /* remove procfs entry */ ++ if (net->can.bcmproc_dir && bo->bcm_proc_read) ++ remove_proc_entry(bo->procname, net->can.bcmproc_dir); ++#endif /* CONFIG_PROC_FS */ ++ + list_for_each_entry_safe(op, next, &bo->tx_ops, list) + bcm_remove_op(op); + +@@ -1556,12 +1562,6 @@ static int bcm_release(struct socket *so + list_for_each_entry_safe(op, next, &bo->rx_ops, list) + bcm_remove_op(op); + +-#if IS_ENABLED(CONFIG_PROC_FS) +- /* remove procfs entry */ +- if (net->can.bcmproc_dir && bo->bcm_proc_read) +- remove_proc_entry(bo->procname, net->can.bcmproc_dir); +-#endif /* CONFIG_PROC_FS */ +- + /* remove device reference */ + if (bo->bound) { + bo->bound = 0; diff --git a/queue-5.10/drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch b/queue-5.10/drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch new file mode 100644 index 00000000000..6d6365350ff --- /dev/null +++ b/queue-5.10/drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch @@ -0,0 +1,46 @@ +From 2329cc7a101af1a844fbf706c0724c0baea38365 Mon Sep 17 00:00:00 2001 +From: Jocelyn Falempe +Date: Tue, 11 Jul 2023 11:20:44 +0200 +Subject: drm/client: Fix memory leak in drm_client_modeset_probe + +From: Jocelyn Falempe + +commit 2329cc7a101af1a844fbf706c0724c0baea38365 upstream. + +When a new mode is set to modeset->mode, the previous mode should be freed. +This fixes the following kmemleak report: + +drm_mode_duplicate+0x45/0x220 [drm] +drm_client_modeset_probe+0x944/0xf50 [drm] +__drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] +drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] +drm_client_register+0x169/0x240 [drm] +ast_pci_probe+0x142/0x190 [ast] +local_pci_probe+0xdc/0x180 +work_for_cpu_fn+0x4e/0xa0 +process_one_work+0x8b7/0x1540 +worker_thread+0x70a/0xed0 +kthread+0x29f/0x340 +ret_from_fork+0x1f/0x30 + +cc: +Reported-by: Zhang Yi +Signed-off-by: Jocelyn Falempe +Reviewed-by: Javier Martinez Canillas +Reviewed-by: Thomas Zimmermann +Link: https://patchwork.freedesktop.org/patch/msgid/20230711092203.68157-3-jfalempe@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_client_modeset.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/gpu/drm/drm_client_modeset.c ++++ b/drivers/gpu/drm/drm_client_modeset.c +@@ -864,6 +864,7 @@ int drm_client_modeset_probe(struct drm_ + break; + } + ++ kfree(modeset->mode); + modeset->mode = drm_mode_duplicate(dev, mode); + drm_connector_get(connector); + modeset->connectors[modeset->num_connectors++] = connector; diff --git a/queue-5.10/drm-client-fix-memory-leak-in-drm_client_target_cloned.patch b/queue-5.10/drm-client-fix-memory-leak-in-drm_client_target_cloned.patch new file mode 100644 index 00000000000..93f6ff650ee --- /dev/null +++ b/queue-5.10/drm-client-fix-memory-leak-in-drm_client_target_cloned.patch @@ -0,0 +1,68 @@ +From c2a88e8bdf5f6239948d75283d0ae7e0c7945b03 Mon Sep 17 00:00:00 2001 +From: Jocelyn Falempe +Date: Tue, 11 Jul 2023 11:20:43 +0200 +Subject: drm/client: Fix memory leak in drm_client_target_cloned + +From: Jocelyn Falempe + +commit c2a88e8bdf5f6239948d75283d0ae7e0c7945b03 upstream. + +dmt_mode is allocated and never freed in this function. +It was found with the ast driver, but most drivers using generic fbdev +setup are probably affected. + +This fixes the following kmemleak report: + backtrace: + [<00000000b391296d>] drm_mode_duplicate+0x45/0x220 [drm] + [<00000000e45bb5b3>] drm_client_target_cloned.constprop.0+0x27b/0x480 [drm] + [<00000000ed2d3a37>] drm_client_modeset_probe+0x6bd/0xf50 [drm] + [<0000000010e5cc9d>] __drm_fb_helper_initial_config_and_unlock+0xb4/0x2c0 [drm_kms_helper] + [<00000000909f82ca>] drm_fbdev_client_hotplug+0x2bc/0x4d0 [drm_kms_helper] + [<00000000063a69aa>] drm_client_register+0x169/0x240 [drm] + [<00000000a8c61525>] ast_pci_probe+0x142/0x190 [ast] + [<00000000987f19bb>] local_pci_probe+0xdc/0x180 + [<000000004fca231b>] work_for_cpu_fn+0x4e/0xa0 + [<0000000000b85301>] process_one_work+0x8b7/0x1540 + [<000000003375b17c>] worker_thread+0x70a/0xed0 + [<00000000b0d43cd9>] kthread+0x29f/0x340 + [<000000008d770833>] ret_from_fork+0x1f/0x30 +unreferenced object 0xff11000333089a00 (size 128): + +cc: +Fixes: 1d42bbc8f7f9 ("drm/fbdev: fix cloning on fbcon") +Reported-by: Zhang Yi +Signed-off-by: Jocelyn Falempe +Reviewed-by: Javier Martinez Canillas +Reviewed-by: Thomas Zimmermann +Link: https://patchwork.freedesktop.org/patch/msgid/20230711092203.68157-2-jfalempe@redhat.com +Signed-off-by: Greg Kroah-Hartman +--- + drivers/gpu/drm/drm_client_modeset.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/gpu/drm/drm_client_modeset.c ++++ b/drivers/gpu/drm/drm_client_modeset.c +@@ -308,6 +308,9 @@ static bool drm_client_target_cloned(str + can_clone = true; + dmt_mode = drm_mode_find_dmt(dev, 1024, 768, 60, false); + ++ if (!dmt_mode) ++ goto fail; ++ + for (i = 0; i < connector_count; i++) { + if (!enabled[i]) + continue; +@@ -323,11 +326,13 @@ static bool drm_client_target_cloned(str + if (!modes[i]) + can_clone = false; + } ++ kfree(dmt_mode); + + if (can_clone) { + DRM_DEBUG_KMS("can clone using 1024x768\n"); + return true; + } ++fail: + DRM_INFO("kms: can't enable cloning when we probably wanted to.\n"); + return false; + } diff --git a/queue-5.10/fuse-revalidate-don-t-invalidate-if-interrupted.patch b/queue-5.10/fuse-revalidate-don-t-invalidate-if-interrupted.patch new file mode 100644 index 00000000000..08fc64e3e8c --- /dev/null +++ b/queue-5.10/fuse-revalidate-don-t-invalidate-if-interrupted.patch @@ -0,0 +1,34 @@ +From a9d1c4c6df0e568207907c04aed9e7beb1294c42 Mon Sep 17 00:00:00 2001 +From: Miklos Szeredi +Date: Wed, 7 Jun 2023 17:49:20 +0200 +Subject: fuse: revalidate: don't invalidate if interrupted + +From: Miklos Szeredi + +commit a9d1c4c6df0e568207907c04aed9e7beb1294c42 upstream. + +If the LOOKUP request triggered from fuse_dentry_revalidate() is +interrupted, then the dentry will be invalidated, possibly resulting in +submounts being unmounted. + +Reported-by: Xu Rongbo +Closes: https://lore.kernel.org/all/CAJfpegswN_CJJ6C3RZiaK6rpFmNyWmXfaEpnQUJ42KCwNF5tWw@mail.gmail.com/ +Fixes: 9e6268db496a ("[PATCH] FUSE - read-write operations") +Cc: +Signed-off-by: Miklos Szeredi +Signed-off-by: Greg Kroah-Hartman +--- + fs/fuse/dir.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/fs/fuse/dir.c ++++ b/fs/fuse/dir.c +@@ -249,7 +249,7 @@ static int fuse_dentry_revalidate(struct + spin_unlock(&fi->lock); + } + kfree(forget); +- if (ret == -ENOMEM) ++ if (ret == -ENOMEM || ret == -EINTR) + goto out; + if (ret || fuse_invalid_attr(&outarg.attr) || + fuse_stale_inode(inode, outarg.generation, &outarg.attr)) diff --git a/queue-5.10/keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch b/queue-5.10/keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch new file mode 100644 index 00000000000..75ed3459f73 --- /dev/null +++ b/queue-5.10/keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch @@ -0,0 +1,177 @@ +From d55901522f96082a43b9842d34867363c0cdbac5 Mon Sep 17 00:00:00 2001 +From: Petr Pavlu +Date: Thu, 23 Mar 2023 14:04:12 +0100 +Subject: keys: Fix linking a duplicate key to a keyring's assoc_array + +From: Petr Pavlu + +commit d55901522f96082a43b9842d34867363c0cdbac5 upstream. + +When making a DNS query inside the kernel using dns_query(), the request +code can in rare cases end up creating a duplicate index key in the +assoc_array of the destination keyring. It is eventually found by +a BUG_ON() check in the assoc_array implementation and results in +a crash. + +Example report: +[2158499.700025] kernel BUG at ../lib/assoc_array.c:652! +[2158499.700039] invalid opcode: 0000 [#1] SMP PTI +[2158499.700065] CPU: 3 PID: 31985 Comm: kworker/3:1 Kdump: loaded Not tainted 5.3.18-150300.59.90-default #1 SLE15-SP3 +[2158499.700096] Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 +[2158499.700351] Workqueue: cifsiod cifs_resolve_server [cifs] +[2158499.700380] RIP: 0010:assoc_array_insert+0x85f/0xa40 +[2158499.700401] Code: ff 74 2b 48 8b 3b 49 8b 45 18 4c 89 e6 48 83 e7 fe e8 95 ec 74 00 3b 45 88 7d db 85 c0 79 d4 0f 0b 0f 0b 0f 0b e8 41 f2 be ff <0f> 0b 0f 0b 81 7d 88 ff ff ff 7f 4c 89 eb 4c 8b ad 58 ff ff ff 0f +[2158499.700448] RSP: 0018:ffffc0bd6187faf0 EFLAGS: 00010282 +[2158499.700470] RAX: ffff9f1ea7da2fe8 RBX: ffff9f1ea7da2fc1 RCX: 0000000000000005 +[2158499.700492] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000000 +[2158499.700515] RBP: ffffc0bd6187fbb0 R08: ffff9f185faf1100 R09: 0000000000000000 +[2158499.700538] R10: ffff9f1ea7da2cc0 R11: 000000005ed8cec8 R12: ffffc0bd6187fc28 +[2158499.700561] R13: ffff9f15feb8d000 R14: ffff9f1ea7da2fc0 R15: ffff9f168dc0d740 +[2158499.700585] FS: 0000000000000000(0000) GS:ffff9f185fac0000(0000) knlGS:0000000000000000 +[2158499.700610] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[2158499.700630] CR2: 00007fdd94fca238 CR3: 0000000809d8c006 CR4: 00000000003706e0 +[2158499.700702] Call Trace: +[2158499.700741] ? key_alloc+0x447/0x4b0 +[2158499.700768] ? __key_link_begin+0x43/0xa0 +[2158499.700790] __key_link_begin+0x43/0xa0 +[2158499.700814] request_key_and_link+0x2c7/0x730 +[2158499.700847] ? dns_resolver_read+0x20/0x20 [dns_resolver] +[2158499.700873] ? key_default_cmp+0x20/0x20 +[2158499.700898] request_key_tag+0x43/0xa0 +[2158499.700926] dns_query+0x114/0x2ca [dns_resolver] +[2158499.701127] dns_resolve_server_name_to_ip+0x194/0x310 [cifs] +[2158499.701164] ? scnprintf+0x49/0x90 +[2158499.701190] ? __switch_to_asm+0x40/0x70 +[2158499.701211] ? __switch_to_asm+0x34/0x70 +[2158499.701405] reconn_set_ipaddr_from_hostname+0x81/0x2a0 [cifs] +[2158499.701603] cifs_resolve_server+0x4b/0xd0 [cifs] +[2158499.701632] process_one_work+0x1f8/0x3e0 +[2158499.701658] worker_thread+0x2d/0x3f0 +[2158499.701682] ? process_one_work+0x3e0/0x3e0 +[2158499.701703] kthread+0x10d/0x130 +[2158499.701723] ? kthread_park+0xb0/0xb0 +[2158499.701746] ret_from_fork+0x1f/0x40 + +The situation occurs as follows: +* Some kernel facility invokes dns_query() to resolve a hostname, for + example, "abcdef". The function registers its global DNS resolver + cache as current->cred.thread_keyring and passes the query to + request_key_net() -> request_key_tag() -> request_key_and_link(). +* Function request_key_and_link() creates a keyring_search_context + object. Its match_data.cmp method gets set via a call to + type->match_preparse() (resolves to dns_resolver_match_preparse()) to + dns_resolver_cmp(). +* Function request_key_and_link() continues and invokes + search_process_keyrings_rcu() which returns that a given key was not + found. The control is then passed to request_key_and_link() -> + construct_alloc_key(). +* Concurrently to that, a second task similarly makes a DNS query for + "abcdef." and its result gets inserted into the DNS resolver cache. +* Back on the first task, function construct_alloc_key() first runs + __key_link_begin() to determine an assoc_array_edit operation to + insert a new key. Index keys in the array are compared exactly as-is, + using keyring_compare_object(). The operation finds that "abcdef" is + not yet present in the destination keyring. +* Function construct_alloc_key() continues and checks if a given key is + already present on some keyring by again calling + search_process_keyrings_rcu(). This search is done using + dns_resolver_cmp() and "abcdef" gets matched with now present key + "abcdef.". +* The found key is linked on the destination keyring by calling + __key_link() and using the previously calculated assoc_array_edit + operation. This inserts the "abcdef." key in the array but creates + a duplicity because the same index key is already present. + +Fix the problem by postponing __key_link_begin() in +construct_alloc_key() until an actual key which should be linked into +the destination keyring is determined. + +[jarkko@kernel.org: added a fixes tag and cc to stable] +Cc: stable@vger.kernel.org # v5.3+ +Fixes: df593ee23e05 ("keys: Hoist locking out of __key_link_begin()") +Signed-off-by: Petr Pavlu +Reviewed-by: Joey Lee +Reviewed-by: Jarkko Sakkinen +Signed-off-by: Jarkko Sakkinen +Signed-off-by: Greg Kroah-Hartman +--- + security/keys/request_key.c | 35 ++++++++++++++++++++++++----------- + 1 file changed, 24 insertions(+), 11 deletions(-) + +--- a/security/keys/request_key.c ++++ b/security/keys/request_key.c +@@ -401,17 +401,21 @@ static int construct_alloc_key(struct ke + set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); + + if (dest_keyring) { +- ret = __key_link_lock(dest_keyring, &ctx->index_key); ++ ret = __key_link_lock(dest_keyring, &key->index_key); + if (ret < 0) + goto link_lock_failed; +- ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); +- if (ret < 0) +- goto link_prealloc_failed; + } + +- /* attach the key to the destination keyring under lock, but we do need ++ /* ++ * Attach the key to the destination keyring under lock, but we do need + * to do another check just in case someone beat us to it whilst we +- * waited for locks */ ++ * waited for locks. ++ * ++ * The caller might specify a comparison function which looks for keys ++ * that do not exactly match but are still equivalent from the caller's ++ * perspective. The __key_link_begin() operation must be done only after ++ * an actual key is determined. ++ */ + mutex_lock(&key_construction_mutex); + + rcu_read_lock(); +@@ -420,12 +424,16 @@ static int construct_alloc_key(struct ke + if (!IS_ERR(key_ref)) + goto key_already_present; + +- if (dest_keyring) ++ if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed; + __key_link(dest_keyring, key, &edit); ++ } + + mutex_unlock(&key_construction_mutex); + if (dest_keyring) +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + mutex_unlock(&user->cons_lock); + *_key = key; + kleave(" = 0 [%d]", key_serial(key)); +@@ -438,10 +446,13 @@ key_already_present: + mutex_unlock(&key_construction_mutex); + key = key_ref_to_ptr(key_ref); + if (dest_keyring) { ++ ret = __key_link_begin(dest_keyring, &key->index_key, &edit); ++ if (ret < 0) ++ goto link_alloc_failed_unlocked; + ret = __key_link_check_live_key(dest_keyring, key); + if (ret == 0) + __key_link(dest_keyring, key, &edit); +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++ __key_link_end(dest_keyring, &key->index_key, edit); + if (ret < 0) + goto link_check_failed; + } +@@ -456,8 +467,10 @@ link_check_failed: + kleave(" = %d [linkcheck]", ret); + return ret; + +-link_prealloc_failed: +- __key_link_end(dest_keyring, &ctx->index_key, edit); ++link_alloc_failed: ++ mutex_unlock(&key_construction_mutex); ++link_alloc_failed_unlocked: ++ __key_link_end(dest_keyring, &key->index_key, edit); + link_lock_failed: + mutex_unlock(&user->cons_lock); + key_put(key); diff --git a/queue-5.10/perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch b/queue-5.10/perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch new file mode 100644 index 00000000000..ac282bd2634 --- /dev/null +++ b/queue-5.10/perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch @@ -0,0 +1,115 @@ +From 56cbeacf143530576905623ac72ae0964f3293a6 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Georg=20M=C3=BCller?= +Date: Wed, 28 Jun 2023 10:45:50 +0200 +Subject: perf probe: Add test for regression introduced by switch to die_get_decl_file() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Georg Müller + +commit 56cbeacf143530576905623ac72ae0964f3293a6 upstream. + +This patch adds a test to validate that 'perf probe' works for binaries +where DWARF info is split into multiple CUs + +Signed-off-by: Georg Müller +Acked-by: Masami Hiramatsu (Google) +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: Ian Rogers +Cc: Ingo Molnar +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: regressions@lists.linux.dev +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20230628084551.1860532-5-georgmueller@gmx.net +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Greg Kroah-Hartman +--- + tools/perf/tests/shell/test_uprobe_from_different_cu.sh | 77 ++++++++++++++++ + 1 file changed, 77 insertions(+) + create mode 100755 tools/perf/tests/shell/test_uprobe_from_different_cu.sh + +--- /dev/null ++++ b/tools/perf/tests/shell/test_uprobe_from_different_cu.sh +@@ -0,0 +1,77 @@ ++#!/bin/bash ++# test perf probe of function from different CU ++# SPDX-License-Identifier: GPL-2.0 ++ ++set -e ++ ++temp_dir=$(mktemp -d /tmp/perf-uprobe-different-cu-sh.XXXXXXXXXX) ++ ++cleanup() ++{ ++ trap - EXIT TERM INT ++ if [[ "${temp_dir}" =~ ^/tmp/perf-uprobe-different-cu-sh.*$ ]]; then ++ echo "--- Cleaning up ---" ++ perf probe -x ${temp_dir}/testfile -d foo ++ rm -f "${temp_dir}/"* ++ rmdir "${temp_dir}" ++ fi ++} ++ ++trap_cleanup() ++{ ++ cleanup ++ exit 1 ++} ++ ++trap trap_cleanup EXIT TERM INT ++ ++cat > ${temp_dir}/testfile-foo.h << EOF ++struct t ++{ ++ int *p; ++ int c; ++}; ++ ++extern int foo (int i, struct t *t); ++EOF ++ ++cat > ${temp_dir}/testfile-foo.c << EOF ++#include "testfile-foo.h" ++ ++int ++foo (int i, struct t *t) ++{ ++ int j, res = 0; ++ for (j = 0; j < i && j < t->c; j++) ++ res += t->p[j]; ++ ++ return res; ++} ++EOF ++ ++cat > ${temp_dir}/testfile-main.c << EOF ++#include "testfile-foo.h" ++ ++static struct t g; ++ ++int ++main (int argc, char **argv) ++{ ++ int i; ++ int j[argc]; ++ g.c = argc; ++ g.p = j; ++ for (i = 0; i < argc; i++) ++ j[i] = (int) argv[i][0]; ++ return foo (3, &g); ++} ++EOF ++ ++gcc -g -Og -flto -c ${temp_dir}/testfile-foo.c -o ${temp_dir}/testfile-foo.o ++gcc -g -Og -c ${temp_dir}/testfile-main.c -o ${temp_dir}/testfile-main.o ++gcc -g -Og -o ${temp_dir}/testfile ${temp_dir}/testfile-foo.o ${temp_dir}/testfile-main.o ++ ++perf probe -x ${temp_dir}/testfile --funcs foo ++perf probe -x ${temp_dir}/testfile foo ++ ++cleanup diff --git a/queue-5.10/regmap-account-for-register-length-in-smbus-i-o-limits.patch b/queue-5.10/regmap-account-for-register-length-in-smbus-i-o-limits.patch new file mode 100644 index 00000000000..b920fc52b6d --- /dev/null +++ b/queue-5.10/regmap-account-for-register-length-in-smbus-i-o-limits.patch @@ -0,0 +1,54 @@ +From 0c9d2eb5e94792fe64019008a04d4df5e57625af Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Wed, 12 Jul 2023 12:16:40 +0100 +Subject: regmap: Account for register length in SMBus I/O limits + +From: Mark Brown + +commit 0c9d2eb5e94792fe64019008a04d4df5e57625af upstream. + +The SMBus I2C buses have limits on the size of transfers they can do but +do not factor in the register length meaning we may try to do a transfer +longer than our length limit, the core will not take care of this. +Future changes will factor this out into the core but there are a number +of users that assume current behaviour so let's just do something +conservative here. + +This does not take account padding bits but practically speaking these +are very rarely if ever used on I2C buses given that they generally run +slowly enough to mean there's no issue. + +Cc: stable@kernel.org +Signed-off-by: Mark Brown +Reviewed-by: Xu Yilun +Link: https://lore.kernel.org/r/20230712-regmap-max-transfer-v1-2-80e2aed22e83@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/regmap/regmap-i2c.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/base/regmap/regmap-i2c.c ++++ b/drivers/base/regmap/regmap-i2c.c +@@ -242,8 +242,8 @@ static int regmap_i2c_smbus_i2c_read(voi + static const struct regmap_bus regmap_i2c_smbus_i2c_block = { + .write = regmap_i2c_smbus_i2c_write, + .read = regmap_i2c_smbus_i2c_read, +- .max_raw_read = I2C_SMBUS_BLOCK_MAX, +- .max_raw_write = I2C_SMBUS_BLOCK_MAX, ++ .max_raw_read = I2C_SMBUS_BLOCK_MAX - 1, ++ .max_raw_write = I2C_SMBUS_BLOCK_MAX - 1, + }; + + static int regmap_i2c_smbus_i2c_write_reg16(void *context, const void *data, +@@ -299,8 +299,8 @@ static int regmap_i2c_smbus_i2c_read_reg + static const struct regmap_bus regmap_i2c_smbus_i2c_block_reg16 = { + .write = regmap_i2c_smbus_i2c_write_reg16, + .read = regmap_i2c_smbus_i2c_read_reg16, +- .max_raw_read = I2C_SMBUS_BLOCK_MAX, +- .max_raw_write = I2C_SMBUS_BLOCK_MAX, ++ .max_raw_read = I2C_SMBUS_BLOCK_MAX - 2, ++ .max_raw_write = I2C_SMBUS_BLOCK_MAX - 2, + }; + + static const struct regmap_bus *regmap_get_i2c_bus(struct i2c_client *i2c, diff --git a/queue-5.10/regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch b/queue-5.10/regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch new file mode 100644 index 00000000000..c2b21d326fc --- /dev/null +++ b/queue-5.10/regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch @@ -0,0 +1,64 @@ +From bc64734825c59e18a27ac266b07e14944c111fd8 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Wed, 12 Jul 2023 12:16:39 +0100 +Subject: regmap: Drop initial version of maximum transfer length fixes + +From: Mark Brown + +commit bc64734825c59e18a27ac266b07e14944c111fd8 upstream. + +When problems were noticed with the register address not being taken +into account when limiting raw transfers with I2C devices we fixed this +in the core. Unfortunately it has subsequently been realised that a lot +of buses were relying on the prior behaviour, partly due to unclear +documentation not making it obvious what was intended in the core. This +is all more involved to fix than is sensible for a fix commit so let's +just drop the original fixes, a separate commit will fix the originally +observed problem in an I2C specific way + +Fixes: 3981514180c9 ("regmap: Account for register length when chunking") +Fixes: c8e796895e23 ("regmap: spi-avmm: Fix regmap_bus max_raw_write") +Signed-off-by: Mark Brown +Reviewed-by: Xu Yilun +Cc: stable@kernel.org +Link: https://lore.kernel.org/r/20230712-regmap-max-transfer-v1-1-80e2aed22e83@kernel.org +Signed-off-by: Mark Brown +Signed-off-by: Greg Kroah-Hartman +--- + drivers/base/regmap/regmap-spi-avmm.c | 2 +- + drivers/base/regmap/regmap.c | 6 ++---- + 2 files changed, 3 insertions(+), 5 deletions(-) + +--- a/drivers/base/regmap/regmap-spi-avmm.c ++++ b/drivers/base/regmap/regmap-spi-avmm.c +@@ -666,7 +666,7 @@ static const struct regmap_bus regmap_sp + .reg_format_endian_default = REGMAP_ENDIAN_NATIVE, + .val_format_endian_default = REGMAP_ENDIAN_NATIVE, + .max_raw_read = SPI_AVMM_VAL_SIZE * MAX_READ_CNT, +- .max_raw_write = SPI_AVMM_REG_SIZE + SPI_AVMM_VAL_SIZE * MAX_WRITE_CNT, ++ .max_raw_write = SPI_AVMM_VAL_SIZE * MAX_WRITE_CNT, + .free_context = spi_avmm_bridge_ctx_free, + }; + +--- a/drivers/base/regmap/regmap.c ++++ b/drivers/base/regmap/regmap.c +@@ -1998,8 +1998,6 @@ int _regmap_raw_write(struct regmap *map + size_t val_count = val_len / val_bytes; + size_t chunk_count, chunk_bytes; + size_t chunk_regs = val_count; +- size_t max_data = map->max_raw_write - map->format.reg_bytes - +- map->format.pad_bytes; + int ret, i; + + if (!val_count) +@@ -2007,8 +2005,8 @@ int _regmap_raw_write(struct regmap *map + + if (map->use_single_write) + chunk_regs = 1; +- else if (map->max_raw_write && val_len > max_data) +- chunk_regs = max_data / val_bytes; ++ else if (map->max_raw_write && val_len > map->max_raw_write) ++ chunk_regs = map->max_raw_write / val_bytes; + + chunk_count = val_count / chunk_regs; + chunk_bytes = chunk_regs * val_bytes; diff --git a/queue-5.10/selftests-tc-add-ct-action-kconfig-dep.patch b/queue-5.10/selftests-tc-add-ct-action-kconfig-dep.patch new file mode 100644 index 00000000000..7fda7e0d332 --- /dev/null +++ b/queue-5.10/selftests-tc-add-ct-action-kconfig-dep.patch @@ -0,0 +1,43 @@ +From 719b4774a8cb1a501e2d22a5a4a3a0a870e427d5 Mon Sep 17 00:00:00 2001 +From: Matthieu Baerts +Date: Thu, 13 Jul 2023 23:16:45 +0200 +Subject: selftests: tc: add 'ct' action kconfig dep + +From: Matthieu Baerts + +commit 719b4774a8cb1a501e2d22a5a4a3a0a870e427d5 upstream. + +When looking for something else in LKFT reports [1], I noticed most of +the tests were skipped because the "teardown stage" did not complete +successfully. + +Pedro found out this is due to the fact CONFIG_NF_FLOW_TABLE is required +but not listed in the 'config' file. Adding it to the list fixes the +issues on LKFT side. CONFIG_NET_ACT_CT is now set to 'm' in the final +kconfig. + +Fixes: c34b961a2492 ("net/sched: act_ct: Create nf flow table per zone") +Cc: stable@vger.kernel.org +Link: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230711/testrun/18267241/suite/kselftest-tc-testing/test/tc-testing_tdc_sh/log [1] +Link: https://lore.kernel.org/netdev/0e061d4a-9a23-9f58-3b35-d8919de332d7@tessares.net/T/ [2] +Suggested-by: Pedro Tammela +Signed-off-by: Matthieu Baerts +Tested-by: Zhengchao Shao +Link: https://lore.kernel.org/r/20230713-tc-selftests-lkft-v1-2-1eb4fd3a96e7@tessares.net +Acked-by: Jamal Hadi Salim +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/tc-testing/config | 1 + + 1 file changed, 1 insertion(+) + +--- a/tools/testing/selftests/tc-testing/config ++++ b/tools/testing/selftests/tc-testing/config +@@ -5,6 +5,7 @@ CONFIG_NF_CONNTRACK=m + CONFIG_NF_CONNTRACK_MARK=y + CONFIG_NF_CONNTRACK_ZONES=y + CONFIG_NF_CONNTRACK_LABELS=y ++CONFIG_NF_FLOW_TABLE=m + CONFIG_NF_NAT=m + + CONFIG_NET_SCHED=y diff --git a/queue-5.10/selftests-tc-set-timeout-to-15-minutes.patch b/queue-5.10/selftests-tc-set-timeout-to-15-minutes.patch new file mode 100644 index 00000000000..ea00bbfff7d --- /dev/null +++ b/queue-5.10/selftests-tc-set-timeout-to-15-minutes.patch @@ -0,0 +1,43 @@ +From fda05798c22a354efde09a76bdfc276b2d591829 Mon Sep 17 00:00:00 2001 +From: Matthieu Baerts +Date: Thu, 13 Jul 2023 23:16:44 +0200 +Subject: selftests: tc: set timeout to 15 minutes + +From: Matthieu Baerts + +commit fda05798c22a354efde09a76bdfc276b2d591829 upstream. + +When looking for something else in LKFT reports [1], I noticed that the +TC selftest ended with a timeout error: + + not ok 1 selftests: tc-testing: tdc.sh # TIMEOUT 45 seconds + +The timeout had been introduced 3 years ago, see the Fixes commit below. + +This timeout is only in place when executing the selftests via the +kselftests runner scripts. I guess this is not what most TC devs are +using and nobody noticed the issue before. + +The new timeout is set to 15 minutes as suggested by Pedro [2]. It looks +like it is plenty more time than what it takes in "normal" conditions. + +Fixes: 852c8cbf34d3 ("selftests/kselftest/runner.sh: Add 45 second timeout per test") +Cc: stable@vger.kernel.org +Link: https://qa-reports.linaro.org/lkft/linux-next-master/build/next-20230711/testrun/18267241/suite/kselftest-tc-testing/test/tc-testing_tdc_sh/log [1] +Link: https://lore.kernel.org/netdev/0e061d4a-9a23-9f58-3b35-d8919de332d7@tessares.net/T/ [2] +Suggested-by: Pedro Tammela +Signed-off-by: Matthieu Baerts +Reviewed-by: Zhengchao Shao +Link: https://lore.kernel.org/r/20230713-tc-selftests-lkft-v1-1-1eb4fd3a96e7@tessares.net +Acked-by: Jamal Hadi Salim +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + tools/testing/selftests/tc-testing/settings | 1 + + 1 file changed, 1 insertion(+) + create mode 100644 tools/testing/selftests/tc-testing/settings + +--- /dev/null ++++ b/tools/testing/selftests/tc-testing/settings +@@ -0,0 +1 @@ ++timeout=900 diff --git a/queue-5.10/series b/queue-5.10/series index 05c13e32a9e..b7c4d6b94e5 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -440,3 +440,15 @@ rdma-cma-ensure-rdma_addr_cancel-happens-before-issuing-more-requests.patch drm-atomic-fix-potential-use-after-free-in-nonblocking-commits.patch alsa-hda-realtek-remove-3k-pull-low-procedure.patch alsa-hda-realtek-enable-mute-led-on-hp-laptop-15s-eq2xxx.patch +keys-fix-linking-a-duplicate-key-to-a-keyring-s-assoc_array.patch +perf-probe-add-test-for-regression-introduced-by-switch-to-die_get_decl_file.patch +btrfs-fix-warning-when-putting-transaction-with-qgroups-enabled-after-abort.patch +fuse-revalidate-don-t-invalidate-if-interrupted.patch +selftests-tc-set-timeout-to-15-minutes.patch +selftests-tc-add-ct-action-kconfig-dep.patch +regmap-drop-initial-version-of-maximum-transfer-length-fixes.patch +regmap-account-for-register-length-in-smbus-i-o-limits.patch +can-bcm-fix-uaf-in-bcm_proc_show.patch +drm-client-fix-memory-leak-in-drm_client_target_cloned.patch +drm-client-fix-memory-leak-in-drm_client_modeset_probe.patch +asoc-fsl_sai-disable-bit-clock-with-transmitter.patch -- 2.47.3