diff --git a/blacklist.conf b/blacklist.conf index 895c050..158e06b 100644 --- a/blacklist.conf +++ b/blacklist.conf @@ -1537,3 +1537,35 @@ fec356a61aa3d3a66416b4321f1279e09e0f256f # Depends on 6d65aeab7bf6 ("nvmet: remo f122d103b564e5fb7c82de902c6f8f6cbdf50ec9 # Prior patches not ported b1adc42d440df3233255e313a45ab7e9b2b74096 # would need ab58f3bb6aaaf98ba81d5c627ac25c08ff4ed4f1, which lengthens virt_ep, which is used in an array bd78980be1a68d14524c51c4b4170782fada622b # misattributed. Bug introduced in 9fb137aef34e4eedaa23307d309b0ebe8358fea1, which we don't have +ef02684c4e67d8c35ac83083564135bc7b1d3445 # blocks a driver from building +9ef165406308515dcf2e3f6e97b39a1c56d86db5 # build fix that does not matter on a released kernel +83810f84ecf11dfc5a9414a8b762c3501b328185 # may cause regression for charging from switched off laptops +ddaefa209c4ac791c1262e97c9b2d0440c8ef1d5 # hwmon: cause a regression (bsc#1201206) +b4e00444cab4c3f3fec876dc0cccc8cbb0d1a948 # improbable bug, sensitive path, bsc#1182693 +6a2d90ba027adba528509ffa27097cffd3879257 # rectifies behavior of a deprecated operation +c92cbaea3cc0a80807e386922f801eb6d3652c81 # no such function +36d18b5664ef617ccf4da266291d2f2342fab89d # no such code +c95c34f01bbda4421c25fdc9b04a4a4aab10d36c # xsk: Remove dangling function declaration from header file +83810f84ecf11dfc5a9414a8b762c3501b328185 # may cause regression for charging from switched off laptops and bsc#1201691 +703f7066f40599c290babdb79dd61319264987e9 # breaks kABI for a cleanup +60552253e29c8860ee5bf1e6064591b0917c0394 # allready there +0b9f932edc1a461933bfde08e620362e2190e0dd # stmmac selftest +345a957fcc95630bf5535d7668a59ed983eb49a7 # caused unexplained issue +2cfb7a1b031b0e816af7a6ee0c6ab83b0acdf05a # Has a number of high risk dependencies +ff11a7ce1f0f8c1e7870de26860024b4ddbf5755 # Fixes pointing to misleading commit +f276031b4e2f4c961ed6d8a42f0f0124ccac2e09 # Comment fix only +1463f74f492eea7191f0178e01f3d38371a48210 # Build fix that assumes bash does not exist +ea79e5168be644fdaf7d4e6a73eceaf07b3da76a # Build time micro-optimisation +0e11773e76098729552b750ccff79374d1e62002 # Build time micro-optimisation +9a066357184485784f782719093ff804d05b85db # Build time micro-optimisation +6ffbb45826f5d9ae09aa60cd88594b7816c96190 # Has a number of high risk dependencies +cf10bd4c4aff8dd64d1aa7f2a529d0c672bc16af # KASAN not configured +27fe73394a1c6d0b07fa4d95f1bca116d1cc66e9 # KASAN not configured +1139aeb1c521eb4a050920ce6c64c36c4f2a3ab7 # Clang not used for build +37462a920392cb86541650a6f4121155f11f1199 # GCC-12 not used +5aff4dfdb4ae2741cfff759d917f597f2c7f70aa # Cosmetic patch +c200e4bb44e80b343c09841e7caaaca0aac5e5fa # UML not used +4a3d2717d140401df7501a95e454180831a0c5af # xtensa not used +63b903dfebdea92aa92ad337d8451a6fbfeabf9d # m68k specific +734f3719d3438f9cc181d674c33ca9762e9148a1 # m68k specific +7c8c0291f84027558bd5fca5729cbcf288c510f4 #drivers/net/ethernet: clean up unused assignments diff --git a/config/x86_64/rt b/config/x86_64/rt index 15e2e8b..1774fef 100644 --- a/config/x86_64/rt +++ b/config/x86_64/rt @@ -9596,7 +9596,10 @@ CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_REDUCED is not set # CONFIG_DEBUG_INFO_SPLIT is not set CONFIG_DEBUG_INFO_DWARF4=y -# CONFIG_DEBUG_INFO_BTF is not set +CONFIG_DEBUG_INFO_BTF=y +CONFIG_PAHOLE_HAS_SPLIT_BTF=y +CONFIG_DEBUG_INFO_BTF_MODULES=y +CONFIG_MODULE_ALLOW_BTF_MISMATCH=y # CONFIG_GDB_SCRIPTS is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 diff --git a/config/x86_64/rt_debug b/config/x86_64/rt_debug index c42e645..de49a84 100644 --- a/config/x86_64/rt_debug +++ b/config/x86_64/rt_debug @@ -8825,6 +8825,7 @@ CONFIG_DEBUG_INFO=y # CONFIG_DEBUG_INFO_SPLIT is not set CONFIG_DEBUG_INFO_DWARF4=y # CONFIG_DEBUG_INFO_BTF is not set +CONFIG_PAHOLE_HAS_SPLIT_BTF=y # CONFIG_GDB_SCRIPTS is not set CONFIG_ENABLE_MUST_CHECK=y CONFIG_FRAME_WARN=2048 diff --git a/kabi/severities b/kabi/severities index ae16672..67ef9e9 100644 --- a/kabi/severities +++ b/kabi/severities @@ -45,6 +45,8 @@ drivers/nvme/target/* PASS drivers/scsi/qla2xxx/* PASS # mscc/ocelot only has local symbols drivers/net/ethernet/mscc/* PASS +# stmmac local symbols +drivers/net/ethernet/stmicro/stmmac/* PASS # local symbols in iwlwifi drivers/net/wireless/intel/iwlwifi/* PASS # ath9k local symbols diff --git a/patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch b/patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch new file mode 100644 index 0000000..ccb1107 --- /dev/null +++ b/patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch @@ -0,0 +1,172 @@ +From: Jeff Mahoney +Subject: kabi: create module private struct to hold btf size/data +Patch-mainline: Never, kabi only +References: jsc#SLE-24559 + +Upstream commit 5f9ae91f7c0d (kbuild: Build kernel module BTFs if BTF +is enabled and pahole supports it) added fields to the middle of struct +module, which would change the kABI. This patch adds a new opaque struct +to hold new module fields and keep them out of the kABI definition. + +Signed-off-by: Jeff Mahoney +--- + include/linux/module.h | 17 +++++++++++++---- + kernel/bpf/btf.c | 5 +++-- + kernel/module.c | 47 +++++++++++++++++++++++++++++++++++++++++++---- + 3 files changed, 59 insertions(+), 10 deletions(-) + +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -458,10 +458,6 @@ struct module { + unsigned int num_bpf_raw_events; + struct bpf_raw_event_map *bpf_raw_events; + #endif +-#ifdef CONFIG_DEBUG_INFO_BTF_MODULES +- unsigned int btf_data_size; +- void *btf_data; +-#endif + #ifdef CONFIG_JUMP_LABEL + struct jump_entry *jump_entries; + unsigned int num_jump_entries; +@@ -511,12 +507,25 @@ struct module { + struct error_injection_entry *ei_funcs; + unsigned int num_ei_funcs; + #endif ++#ifdef __GENKSYMS__ + void *suse_kabi_padding; ++#else ++ /* Opaque to anything outside of the module code */ ++ struct module_kabi_data *kabi_data; ++#endif + } ____cacheline_aligned __randomize_layout; + #ifndef MODULE_ARCH_INIT + #define MODULE_ARCH_INIT {} + #endif + ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++struct module_btf_info { ++ unsigned int btf_data_size; ++ void *btf_data; ++}; ++struct module_btf_info *get_module_btf_info(struct module *mod); ++#endif ++ + #ifndef HAVE_ARCH_KALLSYMS_SYMBOL_VALUE + static inline unsigned long kallsyms_symbol_value(const Elf_Sym *sym) + { +--- a/kernel/bpf/btf.c ++++ b/kernel/bpf/btf.c +@@ -4759,10 +4759,11 @@ static int btf_module_notify(struct noti + { + struct btf_module *btf_mod, *tmp; + struct module *mod = module; ++ struct module_btf_info *mbtfi = get_module_btf_info(mod); + struct btf *btf; + int err = 0; + +- if (mod->btf_data_size == 0 || ++ if (mbtfi->btf_data_size == 0 || + (op != MODULE_STATE_COMING && op != MODULE_STATE_GOING)) + goto out; + +@@ -4773,7 +4774,7 @@ static int btf_module_notify(struct noti + err = -ENOMEM; + goto out; + } +- btf = btf_parse_module(mod->name, mod->btf_data, mod->btf_data_size); ++ btf = btf_parse_module(mod->name, mbtfi->btf_data, mbtfi->btf_data_size); + if (IS_ERR(btf)) { + pr_warn("failed to validate module [%s] BTF: %ld\n", + mod->name, PTR_ERR(btf)); +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -108,6 +108,36 @@ static void do_free_init(struct work_str + static DECLARE_WORK(init_free_wq, do_free_init); + static LLIST_HEAD(init_free_list); + ++struct module_kabi_data { ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++ struct module_btf_info btf_info; ++#endif ++}; ++ ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++struct module_btf_info *get_module_btf_info(struct module *mod) ++{ ++ return &mod->kabi_data->btf_info; ++} ++#endif ++ ++static int alloc_module_kabi(struct module *mod) ++{ ++ if (sizeof(*mod->kabi_data)) { ++ mod->kabi_data = kzalloc(sizeof(*mod->kabi_data), GFP_KERNEL); ++ if (!mod->kabi_data) ++ return -ENOMEM; ++ ++ } ++ return 0; ++} ++ ++static void free_module_kabi(struct module *mod) ++{ ++ kfree(mod->kabi_data); ++ mod->kabi_data = NULL; ++} ++ + #ifdef CONFIG_MODULES_TREE_LOOKUP + + /* +@@ -2355,6 +2385,8 @@ static void free_module(struct module *m + kfree(mod->args); + percpu_modfree(mod); + ++ free_module_kabi(mod); ++ + /* Free lock-classes; relies on the preceding sync_rcu(). */ + lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size); + +@@ -3335,7 +3367,8 @@ static int find_module_sections(struct m + &mod->num_bpf_raw_events); + #endif + #ifdef CONFIG_DEBUG_INFO_BTF_MODULES +- mod->btf_data = any_section_objs(info, ".BTF", 1, &mod->btf_data_size); ++ mod->kabi_data->btf_info.btf_data = any_section_objs(info, ".BTF", 1, ++ &mod->kabi_data->btf_info.btf_data_size); + #endif + #ifdef CONFIG_JUMP_LABEL + mod->jump_entries = section_objs(info, "__jump_table", +@@ -3745,7 +3778,7 @@ static noinline int do_init_module(struc + mod->init_layout.text_size = 0; + #ifdef CONFIG_DEBUG_INFO_BTF_MODULES + /* .BTF is not SHF_ALLOC and will get removed, so sanitize pointer */ +- mod->btf_data = NULL; ++ mod->kabi_data->btf_info.btf_data = NULL; + #endif + /* + * We want to free module_init, but be aware that kallsyms may be +@@ -3939,10 +3972,14 @@ static int load_module(struct load_info + + audit_log_kern_module(mod->name); + ++ err = alloc_module_kabi(mod); ++ if (err) ++ goto free_module; ++ + /* Reserve our place in the list. */ + err = add_unformed_module(mod); + if (err) +- goto free_module; ++ goto free_kabi; + + #ifdef CONFIG_MODULE_SIG + mod->sig_ok = info->sig_ok; +@@ -4080,6 +4117,8 @@ static int load_module(struct load_info + /* Wait for RCU-sched synchronizing before releasing mod->list. */ + synchronize_rcu(); + mutex_unlock(&module_mutex); ++ free_kabi: ++ free_module_kabi(mod); + free_module: + /* Free lock-classes; relies on the preceding sync_rcu() */ + lockdep_free_key_range(mod->core_layout.base, mod->core_layout.size); diff --git a/patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch b/patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch index 6977c5b..6b96677 100644 --- a/patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch +++ b/patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch @@ -7,31 +7,27 @@ References: git-fixes Signed-off-by: Oliver Neukum --- - include/linux/spi/spi.h | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) + include/linux/spi/spi.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) -diff --git a/include/linux/spi/spi.h b/include/linux/spi/spi.h -index e68b27a17..490a5f3fa 100644 --- a/include/linux/spi/spi.h +++ b/include/linux/spi/spi.h -@@ -500,7 +500,6 @@ struct spi_controller { +@@ -501,7 +501,6 @@ struct spi_controller { #define SPI_MASTER_GPIO_SS BIT(5) /* GPIO CS must select slave */ - /* flag indicating this is a non-devres managed controller */ + /* flag indicating if the allocation of this struct is devres-managed */ - bool devm_allocated; /* flag indicating this is an SPI slave controller */ bool slave; -@@ -655,6 +654,9 @@ struct spi_controller { +@@ -656,6 +655,10 @@ struct spi_controller { /* Interrupt enable state during PTP system timestamping */ unsigned long irq_flags; +#ifndef __GENKSYMS__ ++ /* flag indicating if the allocation of this struct is devres-managed */ + bool devm_allocated; +#endif }; static inline void *spi_controller_get_devdata(struct spi_controller *ctlr) --- -2.35.3 - diff --git a/patches.kabi/net-tun-fixup-kabi.patch b/patches.kabi/net-tun-fixup-kabi.patch new file mode 100644 index 0000000..c2e8ae0 --- /dev/null +++ b/patches.kabi/net-tun-fixup-kabi.patch @@ -0,0 +1,26 @@ +From: Denis Kirjanov +Subject: [PATCH] drivers/net: Fix kABI in tun.c +Patch-mainline: Never, kABI fixup +References: git-fixes + +Avoid defining new structures for exports from tun.c + +Signed-off-by: Denis Kirjanov + +--- + drivers/net/tun.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -76,8 +76,9 @@ + #include + #include + #include ++#ifndef __GENKSYMS__ + #include +- ++#endif + #include + #include + diff --git a/patches.kabi/rtsx_usb-kABI-workaround.patch b/patches.kabi/rtsx_usb-kABI-workaround.patch new file mode 100644 index 0000000..820cbfd --- /dev/null +++ b/patches.kabi/rtsx_usb-kABI-workaround.patch @@ -0,0 +1,25 @@ +From: Takashi Iwai +Subject: kABI workaround for rtsx_usb +Patch-mainline: Never, kABI workaround +References: git-fixes + +The recent fixes for rtsx-usb dropped a couple of fields in struct +rtsx_ucr that is exported. Revive them just for kABI compatibility. + +Signed-off-by: Takashi Iwai + +--- + include/linux/rtsx_usb.h | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/include/linux/rtsx_usb.h ++++ b/include/linux/rtsx_usb.h +@@ -54,6 +54,8 @@ struct rtsx_ucr { + struct usb_device *pusb_dev; + struct usb_interface *pusb_intf; + struct usb_sg_request current_sg; ++ unsigned char *iobuf; /* FIXME: SLE15-SP4 kABI placeholder */ ++ dma_addr_t iobuf_dma; /* FIXME: SLE15-SP4 kABI placeholder */ + + struct timer_list sg_timer; + struct mutex dev_mutex; diff --git a/patches.kabi/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-kabi-workaround.patch b/patches.kabi/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-kabi-workaround.patch new file mode 100644 index 0000000..3c918f9 --- /dev/null +++ b/patches.kabi/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-kabi-workaround.patch @@ -0,0 +1,26 @@ +From: Petr Mladek +Subject: kABI workaround for including mm.h in fs/sysfs/file.c +Patch-mainline: Never, kABI workaround for linux-5.3 based SUSE kernels +References: bsc#1200598 cve-2022-20166 + +Including the header changes kABI of sysfs API that is implemented +in fs/sysfs/file.c. + +Signed-off-by: Petr Mladek + +--- + fs/sysfs/file.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/sysfs/file.c ++++ b/fs/sysfs/file.c +@@ -15,7 +15,9 @@ + #include + #include + #include ++#ifndef __GENKSYMS__ + #include ++#endif + + #include "sysfs.h" + diff --git a/patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch b/patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch new file mode 100644 index 0000000..604d0b6 --- /dev/null +++ b/patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch @@ -0,0 +1,148 @@ +From 233087ca063686964a53c829d547c7571e3f67bf Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Tue, 26 Apr 2022 23:41:05 +0300 +Subject: [PATCH] floppy: disable FDRAWCMD by default +Git-commit: 233087ca063686964a53c829d547c7571e3f67bf +Patch-mainline: v5.18-rc5 +References: bsc#1198866 CVE-2022-1836 + +Minh Yuan reported a concurrency use-after-free issue in the floppy code +between raw_cmd_ioctl and seek_interrupt. + +[ It turns out this has been around, and that others have reported the + KASAN splats over the years, but Minh Yuan had a reproducer for it and + so gets primary credit for reporting it for this fix - Linus ] + +The problem is, this driver tends to break very easily and nowadays, +nobody is expected to use FDRAWCMD anyway since it was used to +manipulate non-standard formats. The risk of breaking the driver is +higher than the risk presented by this race, and accessing the device +requires privileges anyway. + +Let's just add a config option to completely disable this ioctl and +leave it disabled by default. Distros shouldn't use it, and only those +running on antique hardware might need to enable it. + +Link: https://lore.kernel.org/all/000000000000b71cdd05d703f6bf@google.com/ +Link: https://lore.kernel.org/lkml/CAKcFiNC=MfYVW-Jt9A3=FPJpTwCD2PL_ULNCpsCVE5s8ZeBQgQ@mail.gmail.com +Link: https://lore.kernel.org/all/CAEAjamu1FRhz6StCe_55XY5s389ZP_xmCF69k987En+1z53=eg@mail.gmail.com +Reported-by: Minh Yuan +Reported-by: syzbot+8e8958586909d62b6840@syzkaller.appspotmail.com +Reported-by: cruise k +Reported-by: Kyungtae Kim +Suggested-by: Linus Torvalds +Tested-by: Denis Efremov +Signed-off-by: Willy Tarreau +Signed-off-by: Linus Torvalds +Acked-by: Vasant Karasulli + +--- + drivers/block/Kconfig | 16 ++++++++++++++++ + drivers/block/floppy.c | 43 +++++++++++++++++++++++++++++++----------- + 2 files changed, 48 insertions(+), 11 deletions(-) + +diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig +index 519b6d38d4df..fdb81f2794cd 100644 +--- a/drivers/block/Kconfig ++++ b/drivers/block/Kconfig +@@ -33,6 +33,22 @@ config BLK_DEV_FD + To compile this driver as a module, choose M here: the + module will be called floppy. + ++config BLK_DEV_FD_RAWCMD ++ bool "Support for raw floppy disk commands (DEPRECATED)" ++ depends on BLK_DEV_FD ++ help ++ If you want to use actual physical floppies and expect to do ++ special low-level hardware accesses to them (access and use ++ non-standard formats, for example), then enable this. ++ ++ Note that the code enabled by this option is rarely used and ++ might be unstable or insecure, and distros should not enable it. ++ ++ Note: FDRAWCMD is deprecated and will be removed from the kernel ++ in the near future. ++ ++ If unsure, say N. ++ + config AMIGA_FLOPPY + tristate "Amiga floppy support" + depends on AMIGA +diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c +index 8c647532e3ce..d5b9ff9bcbb2 100644 +--- a/drivers/block/floppy.c ++++ b/drivers/block/floppy.c +@@ -2982,6 +2982,8 @@ static const char *drive_name(int type, int drive) + return "(null)"; + } + ++#ifdef CONFIG_BLK_DEV_FD_RAWCMD ++ + /* raw commands */ + static void raw_cmd_done(int flag) + { +@@ -3181,6 +3183,35 @@ static int raw_cmd_ioctl(int cmd, void __user *param) + return ret; + } + ++static int floppy_raw_cmd_ioctl(int type, int drive, int cmd, ++ void __user *param) ++{ ++ int ret; ++ ++ pr_warn_once("Note: FDRAWCMD is deprecated and will be removed from the kernel in the near future.\n"); ++ ++ if (type) ++ return -EINVAL; ++ if (lock_fdc(drive)) ++ return -EINTR; ++ set_floppy(drive); ++ ret = raw_cmd_ioctl(cmd, param); ++ if (ret == -EINTR) ++ return -EINTR; ++ process_fd_request(); ++ return ret; ++} ++ ++#else /* CONFIG_BLK_DEV_FD_RAWCMD */ ++ ++static int floppy_raw_cmd_ioctl(int type, int drive, int cmd, ++ void __user *param) ++{ ++ return -EOPNOTSUPP; ++} ++ ++#endif ++ + static int invalidate_drive(struct block_device *bdev) + { + /* invalidate the buffer track to force a reread */ +@@ -3369,7 +3400,6 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int + { + int drive = (long)bdev->bd_disk->private_data; + int type = ITYPE(UDRS->fd_device); +- int i; + int ret; + int size; + union inparam { +@@ -3520,16 +3550,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int + outparam = UDRWE; + break; + case FDRAWCMD: +- if (type) +- return -EINVAL; +- if (lock_fdc(drive)) +- return -EINTR; +- set_floppy(drive); +- i = raw_cmd_ioctl(cmd, (void __user *)param); +- if (i == -EINTR) +- return -EINTR; +- process_fd_request(); +- return i; ++ return floppy_raw_cmd_ioctl(type, drive, cmd, (void __user *)param); + case FDTWADDLE: + if (lock_fdc(drive)) + return -EINTR; +-- +2.32.0 + diff --git a/patches.suse/0001-lib-string.c-implement-stpcpy.patch b/patches.suse/0001-lib-string.c-implement-stpcpy.patch new file mode 100644 index 0000000..3635c31 --- /dev/null +++ b/patches.suse/0001-lib-string.c-implement-stpcpy.patch @@ -0,0 +1,127 @@ +From 1e1b6d63d6340764e00356873e5794225a2a03ea Mon Sep 17 00:00:00 2001 +From: Nick Desaulniers +Date: Fri, 25 Sep 2020 21:19:18 -0700 +Subject: [PATCH] lib/string.c: implement stpcpy +Git-commit: 1e1b6d63d6340764e00356873e5794225a2a03ea +Patch-mainline: v5.9-rc7 +References: git-fixes + +LLVM implemented a recent "libcall optimization" that lowers calls to +`sprintf(dest, "%s", str)` where the return value is used to +`stpcpy(dest, str) - dest`. + +This generally avoids the machinery involved in parsing format strings. +`stpcpy` is just like `strcpy` except it returns the pointer to the new +tail of `dest`. This optimization was introduced into clang-12. + +Implement this so that we don't observe linkage failures due to missing +symbol definitions for `stpcpy`. + +Similar to last year's fire drill with: commit 5f074f3e192f +("lib/string.c: implement a basic bcmp") + +The kernel is somewhere between a "freestanding" environment (no full +libc) and "hosted" environment (many symbols from libc exist with the +same type, function signature, and semantics). + +As Peter Anvin notes, there's not really a great way to inform the +compiler that you're targeting a freestanding environment but would like +to opt-in to some libcall optimizations (see pr/47280 below), rather +than opt-out. + +Arvind notes, -fno-builtin-* behaves slightly differently between GCC +and Clang, and Clang is missing many __builtin_* definitions, which I +consider a bug in Clang and am working on fixing. + +Masahiro summarizes the subtle distinction between compilers justly: + To prevent transformation from foo() into bar(), there are two ways in + Clang to do that; -fno-builtin-foo, and -fno-builtin-bar. There is + only one in GCC; -fno-buitin-foo. + +(Any difference in that behavior in Clang is likely a bug from a missing +__builtin_* definition.) + +Masahiro also notes: + We want to disable optimization from foo() to bar(), + but we may still benefit from the optimization from + foo() into something else. If GCC implements the same transform, we + would run into a problem because it is not -fno-builtin-bar, but + -fno-builtin-foo that disables that optimization. + + In this regard, -fno-builtin-foo would be more future-proof than + -fno-built-bar, but -fno-builtin-foo is still potentially overkill. We + may want to prevent calls from foo() being optimized into calls to + bar(), but we still may want other optimization on calls to foo(). + +It seems that compilers today don't quite provide the fine grain control +over which libcall optimizations pseudo-freestanding environments would +prefer. + +Finally, Kees notes that this interface is unsafe, so we should not +encourage its use. As such, I've removed the declaration from any +header, but it still needs to be exported to avoid linkage errors in +modules. + +Reported-by: Sami Tolvanen +Suggested-by: Andy Lavr +Suggested-by: Arvind Sankar +Suggested-by: Joe Perches +Suggested-by: Kees Cook +Suggested-by: Masahiro Yamada +Suggested-by: Rasmus Villemoes +Signed-off-by: Nick Desaulniers +Signed-off-by: Andrew Morton +Tested-by: Nathan Chancellor +Cc: +Link: https://lkml.kernel.org/r/20200914161643.938408-1-ndesaulniers@google.com +Link: https://bugs.llvm.org/show_bug.cgi?id=47162 +Link: https://bugs.llvm.org/show_bug.cgi?id=47280 +Link: https://github.com/ClangBuiltLinux/linux/issues/1126 +Link: https://man7.org/linux/man-pages/man3/stpcpy.3.html +Link: https://pubs.opengroup.org/onlinepubs/9699919799/functions/stpcpy.html +Link: https://reviews.llvm.org/D85963 +Signed-off-by: Linus Torvalds +Signed-off-by: Coly Li + +--- + lib/string.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/lib/string.c b/lib/string.c +index 6012c385fb31..4288e0158d47 100644 +--- a/lib/string.c ++++ b/lib/string.c +@@ -272,6 +272,30 @@ ssize_t strscpy_pad(char *dest, const char *src, size_t count) + } + EXPORT_SYMBOL(strscpy_pad); + ++/** ++ * stpcpy - copy a string from src to dest returning a pointer to the new end ++ * of dest, including src's %NUL-terminator. May overrun dest. ++ * @dest: pointer to end of string being copied into. Must be large enough ++ * to receive copy. ++ * @src: pointer to the beginning of string being copied from. Must not overlap ++ * dest. ++ * ++ * stpcpy differs from strcpy in a key way: the return value is a pointer ++ * to the new %NUL-terminating character in @dest. (For strcpy, the return ++ * value is a pointer to the start of @dest). This interface is considered ++ * unsafe as it doesn't perform bounds checking of the inputs. As such it's ++ * not recommended for usage. Instead, its definition is provided in case ++ * the compiler lowers other libcalls to stpcpy. ++ */ ++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src); ++char *stpcpy(char *__restrict__ dest, const char *__restrict__ src) ++{ ++ while ((*dest++ = *src++) != '\0') ++ /* nothing */; ++ return --dest; ++} ++EXPORT_SYMBOL(stpcpy); ++ + #ifndef __HAVE_ARCH_STRCAT + /** + * strcat - Append one %NUL-terminated string to another +-- +2.35.3 + diff --git a/patches.suse/0002-dm-snapshot-flush-merged-data-before-committing-meta.patch b/patches.suse/0002-dm-snapshot-flush-merged-data-before-committing-meta.patch new file mode 100644 index 0000000..302be0c --- /dev/null +++ b/patches.suse/0002-dm-snapshot-flush-merged-data-before-committing-meta.patch @@ -0,0 +1,100 @@ +From fcc42338375a1e67b8568dbb558f8b784d0f3b01 Mon Sep 17 00:00:00 2001 +From: Akilesh Kailash +Date: Mon, 28 Dec 2020 07:14:07 +0000 +Subject: [PATCH] dm snapshot: flush merged data before committing metadata +Git-commit: fcc42338375a1e67b8568dbb558f8b784d0f3b01 +Patch-mainline: v5.11-rc4 +References: git-fixes + +If the origin device has a volatile write-back cache and the following +events occur: + +1: After finishing merge operation of one set of exceptions, + merge_callback() is invoked. +2: Update the metadata in COW device tracking the merge completion. + This update to COW device is flushed cleanly. +3: System crashes and the origin device's cache where the recent + merge was completed has not been flushed. + +During the next cycle when we read the metadata from the COW device, +we will skip reading those metadata whose merge was completed in +step (1). This will lead to data loss/corruption. + +To address this, flush the origin device post merge IO before +updating the metadata. + +Cc: stable@vger.kernel.org +Signed-off-by: Akilesh Kailash +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-snap.c | 24 ++++++++++++++++++++++++ + 1 file changed, 24 insertions(+) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index 4668b2cd98f4..11890db71f3f 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -141,6 +141,11 @@ struct dm_snapshot { + * for them to be committed. + */ + struct bio_list bios_queued_during_merge; ++ ++ /* ++ * Flush data after merge. ++ */ ++ struct bio flush_bio; + }; + + /* +@@ -1121,6 +1126,17 @@ static void snapshot_merge_next_chunks(struct dm_snapshot *s) + + static void error_bios(struct bio *bio); + ++static int flush_data(struct dm_snapshot *s) ++{ ++ struct bio *flush_bio = &s->flush_bio; ++ ++ bio_reset(flush_bio); ++ bio_set_dev(flush_bio, s->origin->bdev); ++ flush_bio->bi_opf = REQ_OP_WRITE | REQ_PREFLUSH; ++ ++ return submit_bio_wait(flush_bio); ++} ++ + static void merge_callback(int read_err, unsigned long write_err, void *context) + { + struct dm_snapshot *s = context; +@@ -1134,6 +1150,11 @@ static void merge_callback(int read_err, unsigned long write_err, void *context) + goto shut; + } + ++ if (flush_data(s) < 0) { ++ DMERR("Flush after merge failed: shutting down merge"); ++ goto shut; ++ } ++ + if (s->store->type->commit_merge(s->store, + s->num_merging_chunks) < 0) { + DMERR("Write error in exception store: shutting down merge"); +@@ -1318,6 +1339,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + s->first_merging_chunk = 0; + s->num_merging_chunks = 0; + bio_list_init(&s->bios_queued_during_merge); ++ bio_init(&s->flush_bio, NULL, 0); + + /* Allocate hash table for COW data */ + if (init_hash_tables(s)) { +@@ -1504,6 +1526,8 @@ static void snapshot_dtr(struct dm_target *ti) + + dm_exception_store_destroy(s->store); + ++ bio_uninit(&s->flush_bio); ++ + dm_put_device(ti, s->cow); + + dm_put_device(ti, s->origin); +-- +2.35.3 + diff --git a/patches.suse/0003-dm-integrity-fix-the-maximum-number-of-arguments.patch b/patches.suse/0003-dm-integrity-fix-the-maximum-number-of-arguments.patch new file mode 100644 index 0000000..67b6d62 --- /dev/null +++ b/patches.suse/0003-dm-integrity-fix-the-maximum-number-of-arguments.patch @@ -0,0 +1,49 @@ +From 17ffc193cdc6dc7a613d00d8ad47fc1f801b9bf0 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 12 Jan 2021 14:54:47 -0500 +Subject: [PATCH] dm integrity: fix the maximum number of arguments +Git-commit: 17ffc193cdc6dc7a613d00d8ad47fc1f801b9bf0 +Patch-mainline: v5.11-rc4 +References: git-fixes + +Advance the maximum number of arguments from 9 to 15 to account for +all potential feature flags that may be supplied. + +Linux 4.19 added "meta_device" +(356d9d52e1221ba0c9f10b8b38652f78a5298329) and "recalculate" +(a3fcf7253139609bf9ff901fbf955fba047e75dd) flags. + +Commit 468dfca38b1a6fbdccd195d875599cb7c8875cd9 added +"sectors_per_bit" and "bitmap_flush_interval". + +Commit 84597a44a9d86ac949900441cea7da0af0f2f473 added +"allow_discards". + +And the commit d537858ac8aaf4311b51240893add2fc62003b97 added +"fix_padding". + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index 11c7c538f7a9..81df019ab284 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -3792,7 +3792,7 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) + unsigned extra_args; + struct dm_arg_set as; + static const struct dm_arg _args[] = { +- {0, 9, "Invalid number of feature args"}, ++ {0, 15, "Invalid number of feature args"}, + }; + unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec; + bool should_write_sb; +-- +2.35.3 + diff --git a/patches.suse/0004-dm-integrity-fix-a-crash-if-recalculate-used-without.patch b/patches.suse/0004-dm-integrity-fix-a-crash-if-recalculate-used-without.patch new file mode 100644 index 0000000..bb815ee --- /dev/null +++ b/patches.suse/0004-dm-integrity-fix-a-crash-if-recalculate-used-without.patch @@ -0,0 +1,40 @@ +From 2d06dfecb132a1cc2e374a44eae83b5c4356b8b4 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 20 Jan 2021 06:02:31 -0500 +Subject: [PATCH] dm integrity: fix a crash if "recalculate" used without + "internal_hash" +Git-commit: 2d06dfecb132a1cc2e374a44eae83b5c4356b8b4 +Patch-mainline: v5.11-rc5 +References: git-fixes + +Recalculate can only be specified with internal_hash. + +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index 81df019ab284..cce203adcf77 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4235,6 +4235,12 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) + r = -ENOMEM; + goto bad; + } ++ } else { ++ if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING)) { ++ ti->error = "Recalculate can only be specified with internal_hash"; ++ r = -EINVAL; ++ goto bad; ++ } + } + + ic->bufio = dm_bufio_client_create(ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev, +-- +2.35.3 + diff --git a/patches.suse/0005-dm-integrity-conditionally-disable-recalculate-featu.patch b/patches.suse/0005-dm-integrity-conditionally-disable-recalculate-featu.patch new file mode 100644 index 0000000..ad30fbd --- /dev/null +++ b/patches.suse/0005-dm-integrity-conditionally-disable-recalculate-featu.patch @@ -0,0 +1,136 @@ +From 5c02406428d5219c367c5f53457698c58bc5f917 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Wed, 20 Jan 2021 13:59:11 -0500 +Subject: [PATCH] dm integrity: conditionally disable "recalculate" feature +Git-commit: 5c02406428d5219c367c5f53457698c58bc5f917 +Patch-mainline: v5.11-rc5 +References: git-fixes + +Otherwise a malicious user could (ab)use the "recalculate" feature +that makes dm-integrity calculate the checksums in the background +while the device is already usable. When the system restarts before all +checksums have been calculated, the calculation continues where it was +interrupted even if the recalculate feature is not requested the next +time the dm device is set up. + +Disable recalculating if we use internal_hash or journal_hash with a +key (e.g. HMAC) and we don't have the "legacy_recalculate" flag. + +This may break activation of a volume, created by an older kernel, +that is not yet fully recalculated -- if this happens, the user should +add the "legacy_recalculate" flag to constructor parameters. + +(Coly Li: rebased document part for Linux 5.3 based SUSE kernel) + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Reported-by: Daniel Glockner +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + Documentation/admin-guide/device-mapper/dm-integrity.rst | 9 +++++ + drivers/md/dm-integrity.c | 26 +++++++++++++-- + 2 files changed, 33 insertions(+), 2 deletions(-) + +--- a/Documentation/admin-guide/device-mapper/dm-integrity.rst ++++ b/Documentation/admin-guide/device-mapper/dm-integrity.rst +@@ -177,11 +177,20 @@ bitmap_flush_interval:number + The bitmap flush interval in milliseconds. The metadata buffers + are synchronized when this interval expires. + ++allow_discards ++ Allow block discard requests (a.k.a. TRIM) for the integrity device. ++ Discards are only allowed to devices using internal hash. ++ + fix_padding + Use a smaller padding of the tag area that is more + space-efficient. If this option is not present, large padding is + used - that is for compatibility with older kernels. + ++legacy_recalculate ++ Allow recalculating of volumes with HMAC keys. This is disabled by ++ default for security reasons - an attacker could modify the volume, ++ set recalc_sector to zero, and the kernel would not detect the ++ modification. + + The journal mode (D/J), buffer_sectors, journal_watermark, commit_time can + be changed when reloading the target (load an inactive table and swap the +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -257,8 +257,9 @@ struct dm_integrity_c { + bool journal_uptodate; + bool just_formatted; + bool recalculate_flag; +- bool fix_padding; + bool discard; ++ bool fix_padding; ++ bool legacy_recalculate; + + struct alg_spec internal_hash_alg; + struct alg_spec journal_crypt_alg; +@@ -386,6 +387,14 @@ static int dm_integrity_failed(struct dm + return READ_ONCE(ic->failed); + } + ++static bool dm_integrity_disable_recalculate(struct dm_integrity_c *ic) ++{ ++ if ((ic->internal_hash_alg.key || ic->journal_mac_alg.key) && ++ !ic->legacy_recalculate) ++ return true; ++ return false; ++} ++ + static commit_id_t dm_integrity_commit_id(struct dm_integrity_c *ic, unsigned i, + unsigned j, unsigned char seq) + { +@@ -3102,6 +3111,7 @@ static void dm_integrity_status(struct d + arg_count += !!ic->journal_crypt_alg.alg_string; + arg_count += !!ic->journal_mac_alg.alg_string; + arg_count += (ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0; ++ arg_count += ic->legacy_recalculate; + DMEMIT("%s %llu %u %c %u", ic->dev->name, ic->start, + ic->tag_size, ic->mode, arg_count); + if (ic->meta_dev) +@@ -3125,6 +3135,8 @@ static void dm_integrity_status(struct d + } + if ((ic->sb->flags & cpu_to_le32(SB_FLAG_FIXED_PADDING)) != 0) + DMEMIT(" fix_padding"); ++ if (ic->legacy_recalculate) ++ DMEMIT(" legacy_recalculate"); + + #define EMIT_ALG(a, n) \ + do { \ +@@ -3754,7 +3766,7 @@ static int dm_integrity_ctr(struct dm_ta + unsigned extra_args; + struct dm_arg_set as; + static const struct dm_arg _args[] = { +- {0, 15, "Invalid number of feature args"}, ++ {0, 16, "Invalid number of feature args"}, + }; + unsigned journal_sectors, interleave_sectors, buffer_sectors, journal_watermark, sync_msec; + bool should_write_sb; +@@ -3902,6 +3914,8 @@ static int dm_integrity_ctr(struct dm_ta + ic->discard = true; + } else if (!strcmp(opt_string, "fix_padding")) { + ic->fix_padding = true; ++ } else if (!strcmp(opt_string, "legacy_recalculate")) { ++ ic->legacy_recalculate = true; + } else { + r = -EINVAL; + ti->error = "Invalid argument"; +@@ -4205,6 +4219,14 @@ try_smaller_buffer: + } + } + ++ if (ic->sb->flags & cpu_to_le32(SB_FLAG_RECALCULATING) && ++ le64_to_cpu(ic->sb->recalc_sector) < ic->provided_data_sectors && ++ dm_integrity_disable_recalculate(ic)) { ++ ti->error = "Recalculating with HMAC is disabled for security reasons - if you really need it, use the argument \"legacy_recalculate\""; ++ r = -EOPNOTSUPP; ++ goto bad; ++ } ++ + ic->bufio = dm_bufio_client_create(ic->meta_dev ? ic->meta_dev->bdev : ic->dev->bdev, + 1U << (SECTOR_SHIFT + ic->log2_buffer_sectors), 1, 0, NULL, NULL); + if (IS_ERR(ic->bufio)) { diff --git a/patches.suse/0006-md-Set-prev_flush_start-and-flush_bio-in-an-atomic-w.patch b/patches.suse/0006-md-Set-prev_flush_start-and-flush_bio-in-an-atomic-w.patch new file mode 100644 index 0000000..3a356cf --- /dev/null +++ b/patches.suse/0006-md-Set-prev_flush_start-and-flush_bio-in-an-atomic-w.patch @@ -0,0 +1,66 @@ +From dc5d17a3c39b06aef866afca19245a9cfb533a79 Mon Sep 17 00:00:00 2001 +From: Xiao Ni +Date: Thu, 10 Dec 2020 14:33:32 +0800 +Subject: [PATCH] md: Set prev_flush_start and flush_bio in an atomic way +Git-commit: dc5d17a3c39b06aef866afca19245a9cfb533a79 +Patch-mainline: v5.11-rc5 +References: git-fixes + +One customer reports a crash problem which causes by flush request. It +triggers a warning before crash. + + /* new request after previous flush is completed */ + if (ktime_after(req_start, mddev->prev_flush_start)) { + WARN_ON(mddev->flush_bio); + mddev->flush_bio = bio; + bio = NULL; + } + +The WARN_ON is triggered. We use spin lock to protect prev_flush_start and +flush_bio in md_flush_request. But there is no lock protection in +md_submit_flush_data. It can set flush_bio to NULL first because of +compiler reordering write instructions. + +For example, flush bio1 sets flush bio to NULL first in +md_submit_flush_data. An interrupt or vmware causing an extended stall +happen between updating flush_bio and prev_flush_start. Because flush_bio +is NULL, flush bio2 can get the lock and submit to underlayer disks. Then +flush bio1 updates prev_flush_start after the interrupt or extended stall. + +Then flush bio3 enters in md_flush_request. The start time req_start is +behind prev_flush_start. The flush_bio is not NULL(flush bio2 hasn't +finished). So it can trigger the WARN_ON now. Then it calls INIT_WORK +again. INIT_WORK() will re-initialize the list pointers in the +work_struct, which then can result in a corrupted work list and the +work_struct queued a second time. With the work list corrupted, it can +lead in invalid work items being used and cause a crash in +process_one_work. + +We need to make sure only one flush bio can be handled at one same time. +So add spin lock in md_submit_flush_data to protect prev_flush_start and +flush_bio in an atomic way. + +(Coly Li: rebased for Linux 5.3 based SUSE kernel) + +Reviewed-by: David Jeffery +Signed-off-by: Xiao Ni +Signed-off-by: Song Liu +Signed-off-by: Coly Li + +--- + drivers/md/md.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -641,8 +641,10 @@ static void md_submit_flush_data(struct + * could wait for this and below md_handle_request could wait for those + * bios because of suspend check + */ ++ spin_lock_irq(&mddev->lock); + mddev->last_flush = mddev->start_flush; + mddev->flush_bio = NULL; ++ spin_unlock_irq(&mddev->lock); + wake_up(&mddev->sb_wait); + + if (bio->bi_iter.bi_size == 0) { diff --git a/patches.suse/0007-dm-bufio-subtract-the-number-of-initial-sectors-in-d.patch b/patches.suse/0007-dm-bufio-subtract-the-number-of-initial-sectors-in-d.patch new file mode 100644 index 0000000..74850db --- /dev/null +++ b/patches.suse/0007-dm-bufio-subtract-the-number-of-initial-sectors-in-d.patch @@ -0,0 +1,46 @@ +From a14e5ec66a7a66e57b24e2469f9212a78460207e Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 23 Feb 2021 21:21:20 +0100 +Subject: [PATCH] dm bufio: subtract the number of initial sectors in + dm_bufio_get_device_size +Git-commit: a14e5ec66a7a66e57b24e2469f9212a78460207e +Patch-mainline: v5.12-rc2 +References: git-fixes + +dm_bufio_get_device_size returns the device size in blocks. Before +returning the value, we must subtract the nubmer of starting +sectors. The number of starting sectors may not be divisible by block +size. + +Note that currently, no target is using dm_bufio_set_sector_offset and +dm_bufio_get_device_size simultaneously, so this change has no effect. +However, an upcoming dm-verity-fec fix needs this change. + +Signed-off-by: Mikulas Patocka +Reviewed-by: Milan Broz +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-bufio.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c +index fce4cbf9529d..50f3e673729c 100644 +--- a/drivers/md/dm-bufio.c ++++ b/drivers/md/dm-bufio.c +@@ -1526,6 +1526,10 @@ EXPORT_SYMBOL_GPL(dm_bufio_get_block_size); + sector_t dm_bufio_get_device_size(struct dm_bufio_client *c) + { + sector_t s = i_size_read(c->bdev->bd_inode) >> SECTOR_SHIFT; ++ if (s >= c->start) ++ s -= c->start; ++ else ++ s = 0; + if (likely(c->sectors_per_block_bits >= 0)) + s >>= c->sectors_per_block_bits; + else +-- +2.35.3 + diff --git a/patches.suse/0008-dm-verity-fix-FEC-for-RS-roots-unaligned-to-block-si.patch b/patches.suse/0008-dm-verity-fix-FEC-for-RS-roots-unaligned-to-block-si.patch new file mode 100644 index 0000000..5fea06c --- /dev/null +++ b/patches.suse/0008-dm-verity-fix-FEC-for-RS-roots-unaligned-to-block-si.patch @@ -0,0 +1,144 @@ +From df7b59ba9245c4a3115ebaa905e3e5719a3810da Mon Sep 17 00:00:00 2001 +From: Milan Broz +Date: Tue, 23 Feb 2021 21:21:21 +0100 +Subject: [PATCH] dm verity: fix FEC for RS roots unaligned to block size +Git-commit: df7b59ba9245c4a3115ebaa905e3e5719a3810da +Patch-mainline: v5.12-rc2 +References: git-fixes + +Optional Forward Error Correction (FEC) code in dm-verity uses +Reed-Solomon code and should support roots from 2 to 24. + +The error correction parity bytes (of roots lengths per RS block) are +stored on a separate device in sequence without any padding. + +Currently, to access FEC device, the dm-verity-fec code uses dm-bufio +client with block size set to verity data block (usually 4096 or 512 +bytes). + +Because this block size is not divisible by some (most!) of the roots +supported lengths, data repair cannot work for partially stored parity +bytes. + +This fix changes FEC device dm-bufio block size to "roots << SECTOR_SHIFT" +where we can be sure that the full parity data is always available. +(There cannot be partial FEC blocks because parity must cover whole +sectors.) + +Because the optional FEC starting offset could be unaligned to this +new block size, we have to use dm_bufio_set_sector_offset() to +configure it. + +The problem is easily reproduced using veritysetup, e.g. for roots=13: + + # create verity device with RS FEC + dd if=/dev/urandom of=data.img bs=4096 count=8 status=none + veritysetup format data.img hash.img --fec-device=fec.img --fec-roots=13 | awk '/^Root hash/{ print $3 }' >roothash + + # create an erasure that should be always repairable with this roots setting + dd if=/dev/zero of=data.img conv=notrunc bs=1 count=8 seek=4088 status=none + + # try to read it through dm-verity + veritysetup open data.img test hash.img --fec-device=fec.img --fec-roots=13 $(cat roothash) + dd if=/dev/mapper/test of=/dev/null bs=4096 status=noxfer + # wait for possible recursive recovery in kernel + udevadm settle + veritysetup close test + +With this fix, errors are properly repaired. + device-mapper: verity-fec: 7:1: FEC 0: corrected 8 errors + ... + +Without it, FEC code usually ends on unrecoverable failure in RS decoder: + device-mapper: verity-fec: 7:1: FEC 0: failed to correct: -74 + ... + +This problem is present in all kernels since the FEC code's +introduction (kernel 4.5). + +It is thought that this problem is not visible in Android ecosystem +because it always uses a default RS roots=2. + +Depends-on: a14e5ec66a7a ("dm bufio: subtract the number of initial sectors in dm_bufio_get_device_size") +Signed-off-by: Milan Broz +Tested-by: Jérôme Carretero +Reviewed-by: Sami Tolvanen +Cc: stable@vger.kernel.org # 4.5+ +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-verity-fec.c | 23 ++++++++++++----------- + 1 file changed, 12 insertions(+), 11 deletions(-) + +diff --git a/drivers/md/dm-verity-fec.c b/drivers/md/dm-verity-fec.c +index fb41b4f23c48..66f4c6398f67 100644 +--- a/drivers/md/dm-verity-fec.c ++++ b/drivers/md/dm-verity-fec.c +@@ -61,19 +61,18 @@ static int fec_decode_rs8(struct dm_verity *v, struct dm_verity_fec_io *fio, + static u8 *fec_read_parity(struct dm_verity *v, u64 rsb, int index, + unsigned *offset, struct dm_buffer **buf) + { +- u64 position, block; ++ u64 position, block, rem; + u8 *res; + + position = (index + rsb) * v->fec->roots; +- block = position >> v->data_dev_block_bits; +- *offset = (unsigned)(position - (block << v->data_dev_block_bits)); ++ block = div64_u64_rem(position, v->fec->roots << SECTOR_SHIFT, &rem); ++ *offset = (unsigned)rem; + +- res = dm_bufio_read(v->fec->bufio, v->fec->start + block, buf); ++ res = dm_bufio_read(v->fec->bufio, block, buf); + if (IS_ERR(res)) { + DMERR("%s: FEC %llu: parity read failed (block %llu): %ld", + v->data_dev->name, (unsigned long long)rsb, +- (unsigned long long)(v->fec->start + block), +- PTR_ERR(res)); ++ (unsigned long long)block, PTR_ERR(res)); + *buf = NULL; + } + +@@ -155,7 +154,7 @@ static int fec_decode_bufs(struct dm_verity *v, struct dm_verity_fec_io *fio, + + /* read the next block when we run out of parity bytes */ + offset += v->fec->roots; +- if (offset >= 1 << v->data_dev_block_bits) { ++ if (offset >= v->fec->roots << SECTOR_SHIFT) { + dm_bufio_release(buf); + + par = fec_read_parity(v, rsb, block_offset, &offset, &buf); +@@ -674,7 +673,7 @@ int verity_fec_ctr(struct dm_verity *v) + { + struct dm_verity_fec *f = v->fec; + struct dm_target *ti = v->ti; +- u64 hash_blocks; ++ u64 hash_blocks, fec_blocks; + int ret; + + if (!verity_fec_is_enabled(v)) { +@@ -744,15 +743,17 @@ int verity_fec_ctr(struct dm_verity *v) + } + + f->bufio = dm_bufio_client_create(f->dev->bdev, +- 1 << v->data_dev_block_bits, ++ f->roots << SECTOR_SHIFT, + 1, 0, NULL, NULL); + if (IS_ERR(f->bufio)) { + ti->error = "Cannot initialize FEC bufio client"; + return PTR_ERR(f->bufio); + } + +- if (dm_bufio_get_device_size(f->bufio) < +- ((f->start + f->rounds * f->roots) >> v->data_dev_block_bits)) { ++ dm_bufio_set_sector_offset(f->bufio, f->start << (v->data_dev_block_bits - SECTOR_SHIFT)); ++ ++ fec_blocks = div64_u64(f->rounds * f->roots, v->fec->roots << SECTOR_SHIFT); ++ if (dm_bufio_get_device_size(f->bufio) < fec_blocks) { + ti->error = "FEC device is too small"; + return -E2BIG; + } +-- +2.35.3 + diff --git a/patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch b/patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch index bb0844b..627b035 100644 --- a/patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch +++ b/patches.suse/0008-scripts-Coccinelle-script-for-namespace-dependencies.patch @@ -92,14 +92,15 @@ Acked-by: Jessica Yu ifdef MODPOST_VMLINUX -@@ -134,6 +135,7 @@ $(modules): %.ko :%.o %.mod.o FORCE - - targets += $(modules) +@@ -134,6 +135,8 @@ $(modules): %.ko :%.o %.mod.o FORCE + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modfinal + endif +nsdeps: __modpost ++ + endif - # Add FORCE to the prequisites of a target to force it to be always rebuilt. - # --------------------------------------------------------------------------- + .PHONY: $(PHONY) --- /dev/null +++ b/scripts/coccinelle/misc/add_namespace.cocci @@ -0,0 +1,23 @@ diff --git a/patches.suse/0009-md-bitmap-wait-for-external-bitmap-writes-to-complet.patch b/patches.suse/0009-md-bitmap-wait-for-external-bitmap-writes-to-complet.patch new file mode 100644 index 0000000..c6e943b --- /dev/null +++ b/patches.suse/0009-md-bitmap-wait-for-external-bitmap-writes-to-complet.patch @@ -0,0 +1,111 @@ +From 404a8ef512587b2460107d3272c17a89aef75edf Mon Sep 17 00:00:00 2001 +From: Sudhakar Panneerselvam +Date: Tue, 13 Apr 2021 04:08:29 +0000 +Subject: [PATCH] md/bitmap: wait for external bitmap writes to complete during + tear down +Git-commit: 404a8ef512587b2460107d3272c17a89aef75edf +Patch-mainline: v5.13-rc1 +References: git-fixes + +NULL pointer dereference was observed in super_written() when it tries +to access the mddev structure. + +[The below stack trace is from an older kernel, but the problem described +in this patch applies to the mainline kernel.] + +[ 1194.474861] task: ffff8fdd20858000 task.stack: ffffb99d40790000 +[ 1194.488000] RIP: 0010:super_written+0x29/0xe1 +[ 1194.499688] RSP: 0018:ffff8ffb7fcc3c78 EFLAGS: 00010046 +[ 1194.512477] RAX: 0000000000000000 RBX: ffff8ffb7bf4a000 RCX: ffff8ffb78991048 +[ 1194.527325] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff8ffb56b8a200 +[ 1194.542576] RBP: ffff8ffb7fcc3c90 R08: 000000000000000b R09: 0000000000000000 +[ 1194.558001] R10: ffff8ffb56b8a298 R11: 0000000000000000 R12: ffff8ffb56b8a200 +[ 1194.573070] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 +[ 1194.588117] FS: 0000000000000000(0000) GS:ffff8ffb7fcc0000(0000) knlGS:0000000000000000 +[ 1194.604264] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 1194.617375] CR2: 00000000000002b8 CR3: 00000021e040a002 CR4: 00000000007606e0 +[ 1194.632327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +[ 1194.647865] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +[ 1194.663316] PKRU: 55555554 +[ 1194.674090] Call Trace: +[ 1194.683735] +[ 1194.692948] bio_endio+0xae/0x135 +[ 1194.703580] blk_update_request+0xad/0x2fa +[ 1194.714990] blk_update_bidi_request+0x20/0x72 +[ 1194.726578] __blk_end_bidi_request+0x2c/0x4d +[ 1194.738373] __blk_end_request_all+0x31/0x49 +[ 1194.749344] blk_flush_complete_seq+0x377/0x383 +[ 1194.761550] flush_end_io+0x1dd/0x2a7 +[ 1194.772910] blk_finish_request+0x9f/0x13c +[ 1194.784544] scsi_end_request+0x180/0x25c +[ 1194.796149] scsi_io_completion+0xc8/0x610 +[ 1194.807503] scsi_finish_command+0xdc/0x125 +[ 1194.818897] scsi_softirq_done+0x81/0xde +[ 1194.830062] blk_done_softirq+0xa4/0xcc +[ 1194.841008] __do_softirq+0xd9/0x29f +[ 1194.851257] irq_exit+0xe6/0xeb +[ 1194.861290] do_IRQ+0x59/0xe3 +[ 1194.871060] common_interrupt+0x1c6/0x382 +[ 1194.881988] +[ 1194.890646] RIP: 0010:cpuidle_enter_state+0xdd/0x2a5 +[ 1194.902532] RSP: 0018:ffffb99d40793e68 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff43 +[ 1194.917317] RAX: ffff8ffb7fce27c0 RBX: ffff8ffb7fced800 RCX: 000000000000001f +[ 1194.932056] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000 +[ 1194.946428] RBP: ffffb99d40793ea0 R08: 0000000000000004 R09: 0000000000002ed2 +[ 1194.960508] R10: 0000000000002664 R11: 0000000000000018 R12: 0000000000000003 +[ 1194.974454] R13: 000000000000000b R14: ffffffff925715a0 R15: 0000011610120d5a +[ 1194.988607] ? cpuidle_enter_state+0xcc/0x2a5 +[ 1194.999077] cpuidle_enter+0x17/0x19 +[ 1195.008395] call_cpuidle+0x23/0x3a +[ 1195.017718] do_idle+0x172/0x1d5 +[ 1195.026358] cpu_startup_entry+0x73/0x75 +[ 1195.035769] start_secondary+0x1b9/0x20b +[ 1195.044894] secondary_startup_64+0xa5/0xa5 +[ 1195.084921] RIP: super_written+0x29/0xe1 RSP: ffff8ffb7fcc3c78 +[ 1195.096354] CR2: 00000000000002b8 + +bio in the above stack is a bitmap write whose completion is invoked after +the tear down sequence sets the mddev structure to NULL in rdev. + +During tear down, there is an attempt to flush the bitmap writes, but for +external bitmaps, there is no explicit wait for all the bitmap writes to +complete. For instance, md_bitmap_flush() is called to flush the bitmap +writes, but the last call to md_bitmap_daemon_work() in md_bitmap_flush() +could generate new bitmap writes for which there is no explicit wait to +complete those writes. The call to md_bitmap_update_sb() will return +simply for external bitmaps and the follow-up call to md_update_sb() is +conditional and may not get called for external bitmaps. This results in a +kernel panic when the completion routine, super_written() is called which +tries to reference mddev in the rdev that has been set to +NULL(in unbind_rdev_from_array() by tear down sequence). + +The solution is to call md_super_wait() for external bitmaps after the +last call to md_bitmap_daemon_work() in md_bitmap_flush() to ensure there +are no pending bitmap writes before proceeding with the tear down. + +Cc: stable@vger.kernel.org +Signed-off-by: Sudhakar Panneerselvam +Reviewed-by: Zhao Heming +Signed-off-by: Song Liu +Signed-off-by: Coly Li + +--- + drivers/md/md-bitmap.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/md-bitmap.c b/drivers/md/md-bitmap.c +index 200c5d0f08bf..ea3130e11680 100644 +--- a/drivers/md/md-bitmap.c ++++ b/drivers/md/md-bitmap.c +@@ -1722,6 +1722,8 @@ void md_bitmap_flush(struct mddev *mddev) + md_bitmap_daemon_work(mddev); + bitmap->daemon_lastrun -= sleep; + md_bitmap_daemon_work(mddev); ++ if (mddev->bitmap_info.external) ++ md_super_wait(mddev); + md_bitmap_update_sb(bitmap); + } + +-- +2.35.3 + diff --git a/patches.suse/0010-dm-persistent-data-packed-struct-should-have-an-alig.patch b/patches.suse/0010-dm-persistent-data-packed-struct-should-have-an-alig.patch new file mode 100644 index 0000000..579a368 --- /dev/null +++ b/patches.suse/0010-dm-persistent-data-packed-struct-should-have-an-alig.patch @@ -0,0 +1,84 @@ +From a88b2358f1da2c9f9fcc432f2e0a79617fea397c Mon Sep 17 00:00:00 2001 +From: Joe Thornber +Date: Mon, 29 Mar 2021 16:34:57 +0100 +Subject: [PATCH] dm persistent data: packed struct should have an aligned() + attribute too +Git-commit: a88b2358f1da2c9f9fcc432f2e0a79617fea397c +Patch-mainline: v5.13-rc1 +References: git-fixes + +Otherwise most non-x86 architectures (e.g. riscv, arm) will resort to +byte-by-byte access. + +Cc: stable@vger.kernel.org +Signed-off-by: Joe Thornber +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/persistent-data/dm-btree-internal.h | 4 ++-- + drivers/md/persistent-data/dm-space-map-common.h | 8 ++++---- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h +index d0c55916daa9..b1788853a355 100644 +--- a/drivers/md/persistent-data/dm-btree-internal.h ++++ b/drivers/md/persistent-data/dm-btree-internal.h +@@ -34,12 +34,12 @@ struct node_header { + __le32 max_entries; + __le32 value_size; + __le32 padding; +-} __packed; ++} __attribute__((packed, aligned(8))); + + struct btree_node { + struct node_header header; + __le64 keys[]; +-} __packed; ++} __attribute__((packed, aligned(8))); + + + /* +diff --git a/drivers/md/persistent-data/dm-space-map-common.h b/drivers/md/persistent-data/dm-space-map-common.h +index 8de63ce39bdd..87e17909ef52 100644 +--- a/drivers/md/persistent-data/dm-space-map-common.h ++++ b/drivers/md/persistent-data/dm-space-map-common.h +@@ -33,7 +33,7 @@ struct disk_index_entry { + __le64 blocknr; + __le32 nr_free; + __le32 none_free_before; +-} __packed; ++} __attribute__ ((packed, aligned(8))); + + + #define MAX_METADATA_BITMAPS 255 +@@ -43,7 +43,7 @@ struct disk_metadata_index { + __le64 blocknr; + + struct disk_index_entry index[MAX_METADATA_BITMAPS]; +-} __packed; ++} __attribute__ ((packed, aligned(8))); + + struct ll_disk; + +@@ -86,7 +86,7 @@ struct disk_sm_root { + __le64 nr_allocated; + __le64 bitmap_root; + __le64 ref_count_root; +-} __packed; ++} __attribute__ ((packed, aligned(8))); + + #define ENTRIES_PER_BYTE 4 + +@@ -94,7 +94,7 @@ struct disk_bitmap_header { + __le32 csum; + __le32 not_used; + __le64 blocknr; +-} __packed; ++} __attribute__ ((packed, aligned(8))); + + enum allocation_event { + SM_NONE, +-- +2.35.3 + diff --git a/patches.suse/0011-dm-space-map-common-fix-division-bug-in-sm_ll_find_f.patch b/patches.suse/0011-dm-space-map-common-fix-division-bug-in-sm_ll_find_f.patch new file mode 100644 index 0000000..5ec76de --- /dev/null +++ b/patches.suse/0011-dm-space-map-common-fix-division-bug-in-sm_ll_find_f.patch @@ -0,0 +1,39 @@ +From 5208692e80a1f3c8ce2063a22b675dd5589d1d80 Mon Sep 17 00:00:00 2001 +From: Joe Thornber +Date: Tue, 13 Apr 2021 09:11:53 +0100 +Subject: [PATCH] dm space map common: fix division bug in + sm_ll_find_free_block() +Git-commit: 5208692e80a1f3c8ce2063a22b675dd5589d1d80 +Patch-mainline: v5.13-rc1 +References: git-fixes + +This division bug meant the search for free metadata space could skip +the final allocation bitmap's worth of entries. Fix affects DM thinp, +cache and era targets. + +Cc: stable@vger.kernel.org +Signed-off-by: Joe Thornber +Tested-by: Ming-Hung Tsai +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/persistent-data/dm-space-map-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/md/persistent-data/dm-space-map-common.c b/drivers/md/persistent-data/dm-space-map-common.c +index d8b4125e338c..a213bf11738f 100644 +--- a/drivers/md/persistent-data/dm-space-map-common.c ++++ b/drivers/md/persistent-data/dm-space-map-common.c +@@ -339,6 +339,8 @@ int sm_ll_find_free_block(struct ll_disk *ll, dm_block_t begin, + */ + begin = do_div(index_begin, ll->entries_per_block); + end = do_div(end, ll->entries_per_block); ++ if (end == 0) ++ end = ll->entries_per_block; + + for (i = index_begin; i < index_end; i++, begin = 0) { + struct dm_block *blk; +-- +2.35.3 + diff --git a/patches.suse/0012-dm-raid-fix-inconclusive-reshape-layout-on-fast-raid.patch b/patches.suse/0012-dm-raid-fix-inconclusive-reshape-layout-on-fast-raid.patch new file mode 100644 index 0000000..5d53707 --- /dev/null +++ b/patches.suse/0012-dm-raid-fix-inconclusive-reshape-layout-on-fast-raid.patch @@ -0,0 +1,140 @@ +From f99a8e4373eeacb279bc9696937a55adbff7a28a Mon Sep 17 00:00:00 2001 +From: Heinz Mauelshagen +Date: Wed, 21 Apr 2021 23:32:36 +0200 +Subject: [PATCH] dm raid: fix inconclusive reshape layout on fast raid4/5/6 + table reload sequences +Git-commit: f99a8e4373eeacb279bc9696937a55adbff7a28a +Patch-mainline: v5.13-rc1 +References: git-fixes + +If fast table reloads occur during an ongoing reshape of raid4/5/6 +devices the target may race reading a superblock vs the the MD resync +thread; causing an inconclusive reshape state to be read in its +constructor. + +lvm2 test lvconvert-raid-reshape-stripes-load-reload.sh can cause +BUG_ON() to trigger in md_run(), e.g.: +"kernel BUG at drivers/md/raid5.c:7567!". + +Scenario triggering the bug: + +1. the MD sync thread calls end_reshape() from raid5_sync_request() + when done reshaping. However end_reshape() _only_ updates the + reshape position to MaxSector keeping the changed layout + configuration though (i.e. any delta disks, chunk sector or RAID + algorithm changes). That inconclusive configuration is stored in + the superblock. + +2. dm-raid constructs a mapping, loading named inconsistent superblock + as of step 1 before step 3 is able to finish resetting the reshape + state completely, and calls md_run() which leads to mentioned bug + in raid5.c. + +3. the MD RAID personality's finish_reshape() is called; which resets + the reshape information on chunk sectors, delta disks, etc. This + explains why the bug is rarely seen on multi-core machines, as MD's + finish_reshape() superblock update races with the dm-raid + constructor's superblock load in step 2. + +Fix identifies inconclusive superblock content in the dm-raid +constructor and resets it before calling md_run(), factoring out +identifying checks into rs_is_layout_change() to share in existing +rs_reshape_requested() and new rs_reset_inclonclusive_reshape(). Also +enhance a comment and remove an empty line. + +Cc: stable@vger.kernel.org +Signed-off-by: Heinz Mauelshagen +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-raid.c | 34 ++++++++++++++++++++++++++++------ + 1 file changed, 28 insertions(+), 6 deletions(-) + +diff --git a/drivers/md/dm-raid.c b/drivers/md/dm-raid.c +index 59d2150e130d..67372e1a167d 100644 +--- a/drivers/md/dm-raid.c ++++ b/drivers/md/dm-raid.c +@@ -1869,6 +1869,14 @@ static bool rs_takeover_requested(struct raid_set *rs) + return rs->md.new_level != rs->md.level; + } + ++/* True if layout is set to reshape. */ ++static bool rs_is_layout_change(struct raid_set *rs, bool use_mddev) ++{ ++ return (use_mddev ? rs->md.delta_disks : rs->delta_disks) || ++ rs->md.new_layout != rs->md.layout || ++ rs->md.new_chunk_sectors != rs->md.chunk_sectors; ++} ++ + /* True if @rs is requested to reshape by ctr */ + static bool rs_reshape_requested(struct raid_set *rs) + { +@@ -1881,9 +1889,7 @@ static bool rs_reshape_requested(struct raid_set *rs) + if (rs_is_raid0(rs)) + return false; + +- change = mddev->new_layout != mddev->layout || +- mddev->new_chunk_sectors != mddev->chunk_sectors || +- rs->delta_disks; ++ change = rs_is_layout_change(rs, false); + + /* Historical case to support raid1 reshape without delta disks */ + if (rs_is_raid1(rs)) { +@@ -2818,7 +2824,7 @@ static sector_t _get_reshape_sectors(struct raid_set *rs) + } + + /* +- * ++ * Reshape: + * - change raid layout + * - change chunk size + * - add disks +@@ -2927,6 +2933,20 @@ static int rs_setup_reshape(struct raid_set *rs) + return r; + } + ++/* ++ * If the md resync thread has updated superblock with max reshape position ++ * at the end of a reshape but not (yet) reset the layout configuration ++ * changes -> reset the latter. ++ */ ++static void rs_reset_inconclusive_reshape(struct raid_set *rs) ++{ ++ if (!rs_is_reshaping(rs) && rs_is_layout_change(rs, true)) { ++ rs_set_cur(rs); ++ rs->md.delta_disks = 0; ++ rs->md.reshape_backwards = 0; ++ } ++} ++ + /* + * Enable/disable discard support on RAID set depending on + * RAID level and discard properties of underlying RAID members. +@@ -3213,11 +3233,14 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + if (r) + goto bad; + ++ /* Catch any inconclusive reshape superblock content. */ ++ rs_reset_inconclusive_reshape(rs); ++ + /* Start raid set read-only and assumed clean to change in raid_resume() */ + rs->md.ro = 1; + rs->md.in_sync = 1; + +- /* Keep array frozen */ ++ /* Keep array frozen until resume. */ + set_bit(MD_RECOVERY_FROZEN, &rs->md.recovery); + + /* Has to be held on running the array */ +@@ -3231,7 +3254,6 @@ static int raid_ctr(struct dm_target *ti, unsigned int argc, char **argv) + } + + r = md_start(&rs->md); +- + if (r) { + ti->error = "Failed to start raid array"; + mddev_unlock(&rs->md); +-- +2.35.3 + diff --git a/patches.suse/0013-dm-snapshot-fix-crash-with-transient-storage-and-zer.patch b/patches.suse/0013-dm-snapshot-fix-crash-with-transient-storage-and-zer.patch new file mode 100644 index 0000000..4a917e3 --- /dev/null +++ b/patches.suse/0013-dm-snapshot-fix-crash-with-transient-storage-and-zer.patch @@ -0,0 +1,47 @@ +From c699a0db2d62e3bbb7f0bf35c87edbc8d23e3062 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 10 May 2021 14:49:05 -0400 +Subject: [PATCH] dm snapshot: fix crash with transient storage and zero chunk + size +Git-commit: c699a0db2d62e3bbb7f0bf35c87edbc8d23e3062 +Patch-mainline: v5.13-rc3 +References: git-fixes + +The following commands will crash the kernel: + +modprobe brd rd_size=1048576 +dmsetup create o --table "0 `blockdev --getsize /dev/ram0` snapshot-origin /dev/ram0" +dmsetup create s --table "0 `blockdev --getsize /dev/ram0` snapshot /dev/ram0 /dev/ram1 N 0" + +The reason is that when we test for zero chunk size, we jump to the label +bad_read_metadata without setting the "r" variable. The function +snapshot_ctr destroys all the structures and then exits with "r == 0". The +kernel then crashes because it falsely believes that snapshot_ctr +succeeded. + +In order to fix the bug, we set the variable "r" to -EINVAL. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-snap.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index 2a51ddd840b4..b8e4d31124ea 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -1408,6 +1408,7 @@ static int snapshot_ctr(struct dm_target *ti, unsigned int argc, char **argv) + + if (!s->store->chunk_size) { + ti->error = "Chunk size not set"; ++ r = -EINVAL; + goto bad_read_metadata; + } + +-- +2.35.3 + diff --git a/patches.suse/0014-dm-snapshot-properly-fix-a-crash-when-an-origin-has-.patch b/patches.suse/0014-dm-snapshot-properly-fix-a-crash-when-an-origin-has-.patch new file mode 100644 index 0000000..0609312 --- /dev/null +++ b/patches.suse/0014-dm-snapshot-properly-fix-a-crash-when-an-origin-has-.patch @@ -0,0 +1,41 @@ +From 7e768532b2396bcb7fbf6f82384b85c0f1d2f197 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Tue, 25 May 2021 13:17:19 -0400 +Subject: [PATCH] dm snapshot: properly fix a crash when an origin has no + snapshots +Git-commit: 7e768532b2396bcb7fbf6f82384b85c0f1d2f197 +Patch-mainline: v5.13-rc4 +References: git-fixes + +If an origin target has no snapshots, o->split_boundary is set to 0. +This causes BUG_ON(sectors <= 0) in block/bio.c:bio_split(). + +Fix this by initializing chunk_size, and in turn split_boundary, to +rounddown_pow_of_two(UINT_MAX) -- the largest power of two that fits +into "unsigned" type. + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-snap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-snap.c b/drivers/md/dm-snap.c +index 75e59294ef77..751ec5ea1dbb 100644 +--- a/drivers/md/dm-snap.c ++++ b/drivers/md/dm-snap.c +@@ -855,7 +855,7 @@ static int dm_add_exception(void *context, chunk_t old, chunk_t new) + static uint32_t __minimum_chunk_size(struct origin *o) + { + struct dm_snapshot *snap; +- unsigned chunk_size = 0; ++ unsigned chunk_size = rounddown_pow_of_two(UINT_MAX); + + if (o) + list_for_each_entry(snap, &o->snapshots, list) +-- +2.35.3 + diff --git a/patches.suse/0015-dm-btree-remove-assign-new_root-only-when-removal-su.patch b/patches.suse/0015-dm-btree-remove-assign-new_root-only-when-removal-su.patch new file mode 100644 index 0000000..ae4080f --- /dev/null +++ b/patches.suse/0015-dm-btree-remove-assign-new_root-only-when-removal-su.patch @@ -0,0 +1,65 @@ +From b6e58b5466b2959f83034bead2e2e1395cca8aeb Mon Sep 17 00:00:00 2001 +From: Hou Tao +Date: Thu, 17 Jun 2021 15:45:47 +0800 +Subject: [PATCH] dm btree remove: assign new_root only when removal succeeds +Git-commit: b6e58b5466b2959f83034bead2e2e1395cca8aeb +Patch-mainline: v5.14-rc1 +References: git-fixes + +remove_raw() in dm_btree_remove() may fail due to IO read error +(e.g. read the content of origin block fails during shadowing), +and the value of shadow_spine::root is uninitialized, but +the uninitialized value is still assign to new_root in the +end of dm_btree_remove(). + +For dm-thin, the value of pmd->details_root or pmd->root will become +an uninitialized value, so if trying to read details_info tree again +out-of-bound memory may occur as showed below: + + general protection fault, probably for non-canonical address 0x3fdcb14c8d7520 + CPU: 4 PID: 515 Comm: dmsetup Not tainted 5.13.0-rc6 + Hardware name: QEMU Standard PC + RIP: 0010:metadata_ll_load_ie+0x14/0x30 + Call Trace: + sm_metadata_count_is_more_than_one+0xb9/0xe0 + dm_tm_shadow_block+0x52/0x1c0 + shadow_step+0x59/0xf0 + remove_raw+0xb2/0x170 + dm_btree_remove+0xf4/0x1c0 + dm_pool_delete_thin_device+0xc3/0x140 + pool_message+0x218/0x2b0 + target_message+0x251/0x290 + ctl_ioctl+0x1c4/0x4d0 + dm_ctl_ioctl+0xe/0x20 + __x64_sys_ioctl+0x7b/0xb0 + do_syscall_64+0x40/0xb0 + entry_SYSCALL_64_after_hwframe+0x44/0xae + +Fixing it by only assign new_root when removal succeeds + +Signed-off-by: Hou Tao +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/persistent-data/dm-btree-remove.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c +index b34af195bf2a..70532335c7c7 100644 +--- a/drivers/md/persistent-data/dm-btree-remove.c ++++ b/drivers/md/persistent-data/dm-btree-remove.c +@@ -549,7 +549,8 @@ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root, + delete_at(n, index); + } + +- *new_root = shadow_root(&spine); ++ if (!r) ++ *new_root = shadow_root(&spine); + exit_shadow_spine(&spine); + + return r; +-- +2.35.3 + diff --git a/patches.suse/0016-blk-zoned-allow-zone-management-send-operations-with.patch b/patches.suse/0016-blk-zoned-allow-zone-management-send-operations-with.patch new file mode 100644 index 0000000..b5d70ec --- /dev/null +++ b/patches.suse/0016-blk-zoned-allow-zone-management-send-operations-with.patch @@ -0,0 +1,57 @@ +From ead3b768bb51259e3a5f2287ff5fc9041eb6f450 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Wed, 11 Aug 2021 11:05:18 +0000 +Subject: [PATCH] blk-zoned: allow zone management send operations without + CAP_SYS_ADMIN +Git-commit: ead3b768bb51259e3a5f2287ff5fc9041eb6f450 +Patch-mainline: v5.15-rc1 +References: git-fixes + +Zone management send operations (BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE +and BLKFINISHZONE) should be allowed under the same permissions as write(). +(write() does not require CAP_SYS_ADMIN). + +Additionally, other ioctls like BLKSECDISCARD and BLKZEROOUT only check if +the fd was successfully opened with FMODE_WRITE. +(They do not require CAP_SYS_ADMIN). + +Currently, zone management send operations require both CAP_SYS_ADMIN +and that the fd was successfully opened with FMODE_WRITE. + +Remove the CAP_SYS_ADMIN requirement, so that zone management send +operations match the access control requirement of write(), BLKSECDISCARD +and BLKZEROOUT. + +Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") +Signed-off-by: Niklas Cassel +Reviewed-by: Damien Le Moal +Reviewed-by: Aravind Ramesh +Reviewed-by: Adam Manzanares +Reviewed-by: Himanshu Madhani +Reviewed-by: Johannes Thumshirn +Cc: stable@vger.kernel.org # v4.10+ +Link: https://lore.kernel.org/r/20210811110505.29649-2-Niklas.Cassel@wdc.com +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/blk-zoned.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/block/blk-zoned.c b/block/blk-zoned.c +index 86fce751bb17..8a60dbeb44be 100644 +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -421,9 +421,6 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, fmode_t mode, + if (!blk_queue_is_zoned(q)) + return -ENOTTY; + +- if (!capable(CAP_SYS_ADMIN)) +- return -EACCES; +- + if (!(mode & FMODE_WRITE)) + return -EBADF; + +-- +2.35.3 + diff --git a/patches.suse/0017-blk-zoned-allow-BLKREPORTZONE-without-CAP_SYS_ADMIN.patch b/patches.suse/0017-blk-zoned-allow-BLKREPORTZONE-without-CAP_SYS_ADMIN.patch new file mode 100644 index 0000000..f61c834 --- /dev/null +++ b/patches.suse/0017-blk-zoned-allow-BLKREPORTZONE-without-CAP_SYS_ADMIN.patch @@ -0,0 +1,50 @@ +From 4d643b66089591b4769bcdb6fd1bfeff2fe301b8 Mon Sep 17 00:00:00 2001 +From: Niklas Cassel +Date: Wed, 11 Aug 2021 11:05:19 +0000 +Subject: [PATCH] blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN +Git-commit: 4d643b66089591b4769bcdb6fd1bfeff2fe301b8 +Patch-mainline: v5.15-rc1 +References: git-fixes + +A user space process should not need the CAP_SYS_ADMIN capability set +in order to perform a BLKREPORTZONE ioctl. + +Getting the zone report is required in order to get the write pointer. +Neither read() nor write() requires CAP_SYS_ADMIN, so it is reasonable +that a user space process that can read/write from/to the device, also +can get the write pointer. (Since e.g. writes have to be at the write +pointer.) + +Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls") +Signed-off-by: Niklas Cassel +Reviewed-by: Damien Le Moal +Reviewed-by: Aravind Ramesh +Reviewed-by: Adam Manzanares +Reviewed-by: Himanshu Madhani +Reviewed-by: Johannes Thumshirn +Cc: stable@vger.kernel.org # v4.10+ +Link: https://lore.kernel.org/r/20210811110505.29649-3-Niklas.Cassel@wdc.com +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/blk-zoned.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/block/blk-zoned.c b/block/blk-zoned.c +index 8a60dbeb44be..1d0c76c18fc5 100644 +--- a/block/blk-zoned.c ++++ b/block/blk-zoned.c +@@ -360,9 +360,6 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode, + if (!blk_queue_is_zoned(q)) + return -ENOTTY; + +- if (!capable(CAP_SYS_ADMIN)) +- return -EACCES; +- + if (copy_from_user(&rep, argp, sizeof(struct blk_zone_report))) + return -EFAULT; + +-- +2.35.3 + diff --git a/patches.suse/0018-dm-crypt-Avoid-percpu_counter-spinlock-contention-in.patch b/patches.suse/0018-dm-crypt-Avoid-percpu_counter-spinlock-contention-in.patch new file mode 100644 index 0000000..0b996e2 --- /dev/null +++ b/patches.suse/0018-dm-crypt-Avoid-percpu_counter-spinlock-contention-in.patch @@ -0,0 +1,134 @@ +From 528b16bfc3ae5f11638e71b3b63a81f9999df727 Mon Sep 17 00:00:00 2001 +From: Arne Welzel +Date: Sat, 14 Aug 2021 00:40:38 +0200 +Subject: [PATCH] dm crypt: Avoid percpu_counter spinlock contention in + crypt_page_alloc() +Git-commit: 528b16bfc3ae5f11638e71b3b63a81f9999df727 +Patch-mainline: v5.15-rc1 +References: git-fixes + +On systems with many cores using dm-crypt, heavy spinlock contention in +percpu_counter_compare() can be observed when the page allocation limit +for a given device is reached or close to be reached. This is due +to percpu_counter_compare() taking a spinlock to compute an exact +result on potentially many CPUs at the same time. + +Switch to non-exact comparison of allocated and allowed pages by using +the value returned by percpu_counter_read_positive() to avoid taking +the percpu_counter spinlock. + +This may over/under estimate the actual number of allocated pages by at +most (batch-1) * num_online_cpus(). + +Currently, batch is bounded by 32. The system on which this issue was +first observed has 256 CPUs and 512GB of RAM. With a 4k page size, this +change may over/under estimate by 31MB. With ~10G (2%) allowed dm-crypt +allocations, this seems an acceptable error. Certainly preferred over +running into the spinlock contention. + +This behavior was reproduced on an EC2 c5.24xlarge instance with 96 CPUs +and 192GB RAM as follows, but can be provoked on systems with less CPUs +as well. + + * Disable swap + * Tune vm settings to promote regular writeback + $ echo 50 > /proc/sys/vm/dirty_expire_centisecs + $ echo 25 > /proc/sys/vm/dirty_writeback_centisecs + $ echo $((128 * 1024 * 1024)) > /proc/sys/vm/dirty_background_bytes + + * Create 8 dmcrypt devices based on files on a tmpfs + * Create and mount an ext4 filesystem on each crypt devices + * Run stress-ng --hdd 8 within one of above filesystems + +Total %system usage collected from sysstat goes to ~35%. Write throughput +on the underlying loop device is ~2GB/s. perf profiling an individual +kworker kcryptd thread shows the following profile, indicating spinlock +contention in percpu_counter_compare(): + + 99.98% 0.00% kworker/u193:46 [kernel.kallsyms] [k] ret_from_fork + | + --ret_from_fork + kthread + worker_thread + | + --99.92%--process_one_work + | + |--80.52%--kcryptd_crypt + | | + | |--62.58%--mempool_alloc + | | | + | | --62.24%--crypt_page_alloc + | | | + | | --61.51%--__percpu_counter_compare + | | | + | | --61.34%--__percpu_counter_sum + | | | + | | |--58.68%--_raw_spin_lock_irqsave + | | | | + | | | --58.30%--native_queued_spin_lock_slowpath + | | | + | | --0.69%--cpumask_next + | | | + | | --0.51%--_find_next_bit + | | + | |--10.61%--crypt_convert + | | | + | | |--6.05%--xts_crypt + ... + +After applying this patch and running the same test, %system usage is +lowered to ~7% and write throughput on the loop device increases +to ~2.7GB/s. perf report shows mempool_alloc() as ~8% rather than ~62% +in the profile and not hitting the percpu_counter() spinlock anymore. + + |--8.15%--mempool_alloc + | | + | |--3.93%--crypt_page_alloc + | | | + | | --3.75%--__alloc_pages + | | | + | | --3.62%--get_page_from_freelist + | | | + | | --3.22%--rmqueue_bulk + | | | + | | --2.59%--_raw_spin_lock + | | | + | | --2.57%--native_queued_spin_lock_slowpath + | | + | --3.05%--_raw_spin_lock_irqsave + | | + | --2.49%--native_queued_spin_lock_slowpath + +Suggested-by: DJ Gregor +Reviewed-by: Mikulas Patocka +Signed-off-by: Arne Welzel +Fixes: 5059353df86e ("dm crypt: limit the number of allocated pages") +Cc: stable@vger.kernel.org +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index 80fdc42ce3c8..9d15872dbe40 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2661,7 +2661,12 @@ static void *crypt_page_alloc(gfp_t gfp_mask, void *pool_data) + struct crypt_config *cc = pool_data; + struct page *page; + +- if (unlikely(percpu_counter_compare(&cc->n_allocated_pages, dm_crypt_pages_per_client) >= 0) && ++ /* ++ * Note, percpu_counter_read_positive() may over (and under) estimate ++ * the current usage by at most (batch - 1) * num_online_cpus() pages, ++ * but avoids potential spinlock contention of an exact result. ++ */ ++ if (unlikely(percpu_counter_read_positive(&cc->n_allocated_pages) >= dm_crypt_pages_per_client) && + likely(gfp_mask & __GFP_NORETRY)) + return NULL; + +-- +2.35.3 + diff --git a/patches.suse/0019-dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch b/patches.suse/0019-dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch new file mode 100644 index 0000000..3e56a9c --- /dev/null +++ b/patches.suse/0019-dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch @@ -0,0 +1,141 @@ +From d208b89401e073de986dc891037c5a668f5d5d95 Mon Sep 17 00:00:00 2001 +From: Jiazi Li +Date: Wed, 29 Sep 2021 19:59:28 +0800 +Subject: [PATCH] dm: fix mempool NULL pointer race when completing IO +Git-commit: d208b89401e073de986dc891037c5a668f5d5d95 +Patch-mainline: v5.15-rc6 +References: git-fixes + +dm_io_dec_pending() calls end_io_acct() first and will then dec md +in-flight pending count. But if a task is swapping DM table at same +time this can result in a crash due to mempool->elements being NULL: + +task1 task2 +do_resume + ->do_suspend + ->dm_wait_for_completion + bio_endio + ->clone_endio + ->dm_io_dec_pending + ->end_io_acct + ->wakeup task1 + ->dm_swap_table + ->__bind + ->__bind_mempools + ->bioset_exit + ->mempool_exit + ->free_io + +[ 67.330330] Unable to handle kernel NULL pointer dereference at +virtual address 0000000000000000 +...... +[ 67.330494] pstate: 80400085 (Nzcv daIf +PAN -UAO) +[ 67.330510] pc : mempool_free+0x70/0xa0 +[ 67.330515] lr : mempool_free+0x4c/0xa0 +[ 67.330520] sp : ffffff8008013b20 +[ 67.330524] x29: ffffff8008013b20 x28: 0000000000000004 +[ 67.330530] x27: ffffffa8c2ff40a0 x26: 00000000ffff1cc8 +[ 67.330535] x25: 0000000000000000 x24: ffffffdada34c800 +[ 67.330541] x23: 0000000000000000 x22: ffffffdada34c800 +[ 67.330547] x21: 00000000ffff1cc8 x20: ffffffd9a1304d80 +[ 67.330552] x19: ffffffdada34c970 x18: 000000b312625d9c +[ 67.330558] x17: 00000000002dcfbf x16: 00000000000006dd +[ 67.330563] x15: 000000000093b41e x14: 0000000000000010 +[ 67.330569] x13: 0000000000007f7a x12: 0000000034155555 +[ 67.330574] x11: 0000000000000001 x10: 0000000000000001 +[ 67.330579] x9 : 0000000000000000 x8 : 0000000000000000 +[ 67.330585] x7 : 0000000000000000 x6 : ffffff80148b5c1a +[ 67.330590] x5 : ffffff8008013ae0 x4 : 0000000000000001 +[ 67.330596] x3 : ffffff80080139c8 x2 : ffffff801083bab8 +[ 67.330601] x1 : 0000000000000000 x0 : ffffffdada34c970 +[ 67.330609] Call trace: +[ 67.330616] mempool_free+0x70/0xa0 +[ 67.330627] bio_put+0xf8/0x110 +[ 67.330638] dec_pending+0x13c/0x230 +[ 67.330644] clone_endio+0x90/0x180 +[ 67.330649] bio_endio+0x198/0x1b8 +[ 67.330655] dec_pending+0x190/0x230 +[ 67.330660] clone_endio+0x90/0x180 +[ 67.330665] bio_endio+0x198/0x1b8 +[ 67.330673] blk_update_request+0x214/0x428 +[ 67.330683] scsi_end_request+0x2c/0x300 +[ 67.330688] scsi_io_completion+0xa0/0x710 +[ 67.330695] scsi_finish_command+0xd8/0x110 +[ 67.330700] scsi_softirq_done+0x114/0x148 +[ 67.330708] blk_done_softirq+0x74/0xd0 +[ 67.330716] __do_softirq+0x18c/0x374 +[ 67.330724] irq_exit+0xb4/0xb8 +[ 67.330732] __handle_domain_irq+0x84/0xc0 +[ 67.330737] gic_handle_irq+0x148/0x1b0 +[ 67.330744] el1_irq+0xe8/0x190 +[ 67.330753] lpm_cpuidle_enter+0x4f8/0x538 +[ 67.330759] cpuidle_enter_state+0x1fc/0x398 +[ 67.330764] cpuidle_enter+0x18/0x20 +[ 67.330772] do_idle+0x1b4/0x290 +[ 67.330778] cpu_startup_entry+0x20/0x28 +[ 67.330786] secondary_start_kernel+0x160/0x170 + +Fix this by: +1) Establishing pointers to 'struct dm_io' members in +dm_io_dec_pending() so that they may be passed into end_io_acct() +_after_ free_io() is called. +2) Moving end_io_acct() after free_io(). + +(Coly Li: rebased for Linux v5.3 based SUSE kernel) + +Cc: stable@vger.kernel.org +Signed-off-by: Jiazi Li +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm.c | 17 ++++++++++------- + 1 file changed, 10 insertions(+), 7 deletions(-) + +--- a/drivers/md/dm.c ++++ b/drivers/md/dm.c +@@ -688,18 +688,17 @@ static void start_io_acct(struct dm_io * + false, 0, &io->stats_aux); + } + +-static void end_io_acct(struct dm_io *io) ++static void end_io_acct(struct mapped_device *md, struct bio *bio, ++ unsigned long start_time, struct dm_stats_aux *stats_aux) + { +- struct mapped_device *md = io->md; +- struct bio *bio = io->orig_bio; +- unsigned long duration = jiffies - io->start_time; ++ unsigned long duration = jiffies - start_time; + +- bio_end_io_acct(bio, io->start_time); ++ bio_end_io_acct(bio, start_time); + + if (unlikely(dm_stats_used(&md->stats))) + dm_stats_account_io(&md->stats, bio_data_dir(bio), + bio->bi_iter.bi_sector, bio_sectors(bio), +- true, duration, &io->stats_aux); ++ true, duration, stats_aux); + + /* nudge anyone waiting on suspend queue */ + if (unlikely(wq_has_sleeper(&md->wait))) +@@ -920,6 +919,8 @@ static void dec_pending(struct dm_io *io + blk_status_t io_error; + struct bio *bio; + struct mapped_device *md = io->md; ++ unsigned long start_time = 0; ++ struct dm_stats_aux stats_aux; + + /* Push-back supersedes any I/O errors */ + if (unlikely(error)) { +@@ -946,8 +947,10 @@ static void dec_pending(struct dm_io *io + + io_error = io->status; + bio = io->orig_bio; +- end_io_acct(io); ++ start_time = io->start_time; ++ stats_aux = io->stats_aux; + free_io(md, io); ++ end_io_acct(md, bio, start_time, &stats_aux); + + if (io_error == BLK_STS_DM_REQUEUE) + return; diff --git a/patches.suse/0020-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch b/patches.suse/0020-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch new file mode 100644 index 0000000..7cd3cf7 --- /dev/null +++ b/patches.suse/0020-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch @@ -0,0 +1,37 @@ +From 1b8d2789dad0005fd5e7d35dab26a8e1203fb6da Mon Sep 17 00:00:00 2001 +From: Joe Thornber +Date: Wed, 24 Nov 2021 12:07:39 -0500 +Subject: [PATCH] dm btree remove: fix use after free in rebalance_children() +Git-commit: 1b8d2789dad0005fd5e7d35dab26a8e1203fb6da +Patch-mainline: v5.16-rc6 +References: git-fixes + +Move dm_tm_unlock() after dm_tm_dec(). + +Cc: stable@vger.kernel.org +Signed-off-by: Joe Thornber +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/persistent-data/dm-btree-remove.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c +index 70532335c7c7..cb670f16e98e 100644 +--- a/drivers/md/persistent-data/dm-btree-remove.c ++++ b/drivers/md/persistent-data/dm-btree-remove.c +@@ -423,9 +423,9 @@ static int rebalance_children(struct shadow_spine *s, + + memcpy(n, dm_block_data(child), + dm_bm_block_size(dm_tm_get_bm(info->tm))); +- dm_tm_unlock(info->tm, child); + + dm_tm_dec(info->tm, dm_block_location(child)); ++ dm_tm_unlock(info->tm, child); + return 0; + } + +-- +2.35.3 + diff --git a/patches.suse/0021-block-Fix-fsync-always-failed-if-once-failed.patch b/patches.suse/0021-block-Fix-fsync-always-failed-if-once-failed.patch new file mode 100644 index 0000000..7497a40 --- /dev/null +++ b/patches.suse/0021-block-Fix-fsync-always-failed-if-once-failed.patch @@ -0,0 +1,67 @@ +From 8a7518931baa8ea023700987f3db31cb0a80610b Mon Sep 17 00:00:00 2001 +From: Ye Bin +Date: Mon, 29 Nov 2021 09:26:59 +0800 +Subject: [PATCH] block: Fix fsync always failed if once failed +Git-commit: 8a7518931baa8ea023700987f3db31cb0a80610b +Patch-mainline: v5.17-rc1 +References: git-fixes + +We do test with inject error fault base on v4.19, after test some time we found +sync /dev/sda always failed. +[root@localhost] sync /dev/sda +Sync: error syncing '/dev/sda': Input/output error + +scsi log as follows: +[19069.812296] sd 0:0:0:0: [sda] tag#64 Send: scmd 0x00000000d03a0b6b +[19069.812302] sd 0:0:0:0: [sda] tag#64 CDB: Synchronize Cache(10) 35 00 00 00 00 00 00 00 00 00 +[19069.812533] sd 0:0:0:0: [sda] tag#64 Done: SUCCESS Result: hostbyte=DID_OK driverbyte=DRIVER_OK +[19069.812536] sd 0:0:0:0: [sda] tag#64 CDB: Synchronize Cache(10) 35 00 00 00 00 00 00 00 00 00 +[19069.812539] sd 0:0:0:0: [sda] tag#64 scsi host busy 1 failed 0 +[19069.812542] sd 0:0:0:0: Notifying upper driver of completion (result 0) +[19069.812546] sd 0:0:0:0: [sda] tag#64 sd_done: completed 0 of 0 bytes +[19069.812549] sd 0:0:0:0: [sda] tag#64 0 sectors total, 0 bytes done. +[19069.812564] print_req_error: I/O error, dev sda, sector 0 + +ftrace log as follows: + rep-306069 [007] .... 19654.923315: block_bio_queue: 8,0 FWS 0 + 0 [rep] + rep-306069 [007] .... 19654.923333: block_getrq: 8,0 FWS 0 + 0 [rep] + kworker/7:1H-250 [007] .... 19654.923352: block_rq_issue: 8,0 FF 0 () 0 + 0 [kworker/7:1H] + -0 [007] ..s. 19654.923562: block_rq_complete: 8,0 FF () 18446744073709551615 + 0 [0] + -0 [007] d.s. 19654.923576: block_rq_complete: 8,0 WS () 0 + 0 [-5] + +As 8d6996630c03 introduce 'fq->rq_status', this data only update when 'flush_rq' +reference count isn't zero. If flush request once failed and record error code +in 'fq->rq_status'. If there is no chance to update 'fq->rq_status',then do fsync +will always failed. +To address this issue reset 'fq->rq_status' after return error code to upper layer. + +Fixes: 8d6996630c03("block: fix null pointer dereference in blk_mq_rq_timed_out()") +Signed-off-by: Ye Bin +Reviewed-by: Ming Lei +Link: https://lore.kernel.org/r/20211129012659.1553733-1-yebin10@huawei.com +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/blk-flush.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/block/blk-flush.c b/block/blk-flush.c +index fd5187a0898d..f78bb39e589e 100644 +--- a/block/blk-flush.c ++++ b/block/blk-flush.c +@@ -242,8 +242,10 @@ static void flush_end_io(struct request *flush_rq, blk_status_t error) + * avoiding use-after-free. + */ + WRITE_ONCE(flush_rq->state, MQ_RQ_IDLE); +- if (fq->rq_status != BLK_STS_OK) ++ if (fq->rq_status != BLK_STS_OK) { + error = fq->rq_status; ++ fq->rq_status = BLK_STS_OK; ++ } + + if (!q->elevator) { + flush_rq->tag = BLK_MQ_NO_TAG; +-- +2.35.3 + diff --git a/patches.suse/0022-block-Fix-wrong-offset-in-bio_truncate.patch b/patches.suse/0022-block-Fix-wrong-offset-in-bio_truncate.patch new file mode 100644 index 0000000..ae10eb5 --- /dev/null +++ b/patches.suse/0022-block-Fix-wrong-offset-in-bio_truncate.patch @@ -0,0 +1,43 @@ +From 3ee859e384d453d6ac68bfd5971f630d9fa46ad3 Mon Sep 17 00:00:00 2001 +From: OGAWA Hirofumi +Date: Sun, 9 Jan 2022 18:36:43 +0900 +Subject: [PATCH] block: Fix wrong offset in bio_truncate() +Git-commit: 3ee859e384d453d6ac68bfd5971f630d9fa46ad3 +Patch-mainline: v5.17-rc1 +References: git-fixes + +bio_truncate() clears the buffer outside of last block of bdev, however +current bio_truncate() is using the wrong offset of page. So it can +return the uninitialized data. + +This happened when both of truncated/corrupted FS and userspace (via +bdev) are trying to read the last of bdev. + +Reported-by: syzbot+ac94ae5f68b84197f41c@syzkaller.appspotmail.com +Signed-off-by: OGAWA Hirofumi +Reviewed-by: Ming Lei +Link: https://lore.kernel.org/r/875yqt1c9g.fsf@mail.parknet.co.jp +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/bio.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/block/bio.c b/block/bio.c +index 0d400ba2dbd1..4312a8085396 100644 +--- a/block/bio.c ++++ b/block/bio.c +@@ -569,7 +569,8 @@ static void bio_truncate(struct bio *bio, unsigned new_size) + offset = new_size - done; + else + offset = 0; +- zero_user(bv.bv_page, offset, bv.bv_len - offset); ++ zero_user(bv.bv_page, bv.bv_offset + offset, ++ bv.bv_len - offset); + truncated = true; + } + done += bv.bv_len; +-- +2.35.3 + diff --git a/patches.suse/0023-block-bio-integrity-Advance-seed-correctly-for-large.patch b/patches.suse/0023-block-bio-integrity-Advance-seed-correctly-for-large.patch new file mode 100644 index 0000000..6748ced --- /dev/null +++ b/patches.suse/0023-block-bio-integrity-Advance-seed-correctly-for-large.patch @@ -0,0 +1,44 @@ +From b13e0c71856817fca67159b11abac350e41289f5 Mon Sep 17 00:00:00 2001 +From: "Martin K. Petersen" +Date: Thu, 3 Feb 2022 22:42:09 -0500 +Subject: [PATCH] block: bio-integrity: Advance seed correctly for larger + interval sizes +Git-commit: b13e0c71856817fca67159b11abac350e41289f5 +Patch-mainline: v5.17-rc3 +References: git-fixes + +Commit 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update +integrity seed") added code to update the integrity seed value when +advancing a bio. However, it failed to take into account that the +integrity interval might be larger than the 512-byte block layer +sector size. This broke bio splitting on PI devices with 4KB logical +blocks. + +The seed value should be advanced by bio_integrity_intervals() and not +the number of sectors. + +Cc: Dmitry Monakhov +Cc: stable@vger.kernel.org +Fixes: 309a62fa3a9e ("bio-integrity: bio_integrity_advance must update integrity seed") +Tested-by: Dmitry Ivanov +Reported-by: Alexey Lyashkov +Signed-off-by: Martin K. Petersen +Link: https://lore.kernel.org/r/20220204034209.4193-1-martin.petersen@oracle.com +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/bio-integrity.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/block/bio-integrity.c ++++ b/block/bio-integrity.c +@@ -384,7 +384,7 @@ void bio_integrity_advance(struct bio *b + struct blk_integrity *bi = blk_get_integrity(bio->bi_disk); + unsigned bytes = bio_integrity_bytes(bi, bytes_done >> 9); + +- bip->bip_iter.bi_sector += bytes_done >> 9; ++ bip->bip_iter.bi_sector += bio_integrity_intervals(bi, bytes_done >> 9); + bvec_iter_advance(bip->bip_vec, &bip->bip_iter, bytes); + } + diff --git a/patches.suse/0024-block-don-t-delete-queue-kobject-before-its-children.patch b/patches.suse/0024-block-don-t-delete-queue-kobject-before-its-children.patch new file mode 100644 index 0000000..65b4dfc --- /dev/null +++ b/patches.suse/0024-block-don-t-delete-queue-kobject-before-its-children.patch @@ -0,0 +1,68 @@ +From 0f69288253e9fc7c495047720e523b9f1aba5712 Mon Sep 17 00:00:00 2001 +From: Eric Biggers +Date: Mon, 24 Jan 2022 13:59:37 -0800 +Subject: [PATCH] block: don't delete queue kobject before its children +Git-commit: 0f69288253e9fc7c495047720e523b9f1aba5712 +Patch-mainline: v5.18-rc1 +References: git-fixes + +kobjects aren't supposed to be deleted before their child kobjects are +deleted. Apparently this is usually benign; however, a WARN will be +triggered if one of the child kobjects has a named attribute group: + + sysfs group 'modes' not found for kobject 'crypto' + WARNING: CPU: 0 PID: 1 at fs/sysfs/group.c:278 sysfs_remove_group+0x72/0x80 + ... + Call Trace: + sysfs_remove_groups+0x29/0x40 fs/sysfs/group.c:312 + __kobject_del+0x20/0x80 lib/kobject.c:611 + kobject_cleanup+0xa4/0x140 lib/kobject.c:696 + kobject_release lib/kobject.c:736 [inline] + kref_put include/linux/kref.h:65 [inline] + kobject_put+0x53/0x70 lib/kobject.c:753 + blk_crypto_sysfs_unregister+0x10/0x20 block/blk-crypto-sysfs.c:159 + blk_unregister_queue+0xb0/0x110 block/blk-sysfs.c:962 + del_gendisk+0x117/0x250 block/genhd.c:610 + +Fix this by moving the kobject_del() and the corresponding +kobject_uevent() to the correct place. + +(Coly Li: rebased for Linux v5.3 based SUSE kernel) + +Fixes: 2c2086afc2b8 ("block: Protect less code with sysfs_lock in blk_{un,}register_queue()") +Reviewed-by: Hannes Reinecke +Reviewed-by: Greg Kroah-Hartman +Reviewed-by: Bart Van Assche +Signed-off-by: Eric Biggers +Reviewed-by: Christoph Hellwig +Link: https://lore.kernel.org/r/20220124215938.2769-3-ebiggers@kernel.org +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/blk-sysfs.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +--- a/block/blk-sysfs.c ++++ b/block/blk-sysfs.c +@@ -1066,15 +1066,17 @@ void blk_unregister_queue(struct gendisk + */ + if (queue_is_mq(q)) + blk_mq_unregister_dev(disk_to_dev(disk), q); +- +- kobject_uevent(&q->kobj, KOBJ_REMOVE); +- kobject_del(&q->kobj); + blk_trace_remove_sysfs(disk_to_dev(disk)); + + mutex_lock(&q->sysfs_lock); + if (q->elevator) + elv_unregister_queue(q); + mutex_unlock(&q->sysfs_lock); ++ ++ /* Now that we've deleted all child objects, we can delete the queue. */ ++ kobject_uevent(&q->kobj, KOBJ_REMOVE); ++ kobject_del(&q->kobj); ++ + mutex_unlock(&q->sysfs_dir_lock); + + kobject_put(&disk_to_dev(disk)->kobj); diff --git a/patches.suse/0025-dm-crypt-fix-get_key_size-compiler-warning-if-CONFIG.patch b/patches.suse/0025-dm-crypt-fix-get_key_size-compiler-warning-if-CONFIG.patch new file mode 100644 index 0000000..cd39fdf --- /dev/null +++ b/patches.suse/0025-dm-crypt-fix-get_key_size-compiler-warning-if-CONFIG.patch @@ -0,0 +1,40 @@ +From 6fc51504388c1a1a53db8faafe9fff78fccc7c87 Mon Sep 17 00:00:00 2001 +From: Aashish Sharma +Date: Fri, 11 Feb 2022 12:15:38 +0000 +Subject: [PATCH] dm crypt: fix get_key_size compiler warning if !CONFIG_KEYS +Git-commit: 6fc51504388c1a1a53db8faafe9fff78fccc7c87 +Patch-mainline: v5.18-rc1 +References: git-fixes + +Explicitly convert unsigned int in the right of the conditional +expression to int to match the left side operand and the return type, +fixing the following compiler warning: + +drivers/md/dm-crypt.c:2593:43: warning: signed and unsigned +type in conditional expression [-Wsign-compare] + +Fixes: c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service") +Signed-off-by: Aashish Sharma +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index f310f2ba8bad..ec746cc4b1f8 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -2582,7 +2582,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string + + static int get_key_size(char **key_string) + { +- return (*key_string[0] == ':') ? -EINVAL : strlen(*key_string) >> 1; ++ return (*key_string[0] == ':') ? -EINVAL : (int)(strlen(*key_string) >> 1); + } + + #endif /* CONFIG_KEYS */ +-- +2.35.3 + diff --git a/patches.suse/0026-block-compat_ioctl-fix-range-check-in-BLKGETSIZE.patch b/patches.suse/0026-block-compat_ioctl-fix-range-check-in-BLKGETSIZE.patch new file mode 100644 index 0000000..4620589 --- /dev/null +++ b/patches.suse/0026-block-compat_ioctl-fix-range-check-in-BLKGETSIZE.patch @@ -0,0 +1,38 @@ +From ccf16413e520164eb718cf8b22a30438da80ff23 Mon Sep 17 00:00:00 2001 +From: Khazhismel Kumykov +Date: Thu, 14 Apr 2022 15:40:56 -0700 +Subject: [PATCH] block/compat_ioctl: fix range check in BLKGETSIZE +Git-commit: ccf16413e520164eb718cf8b22a30438da80ff23 +Patch-mainline: v5.18-rc3 +References: git-fixes + +kernel ulong and compat_ulong_t may not be same width. Use type directly +to eliminate mismatches. + +This would result in truncation rather than EFBIG for 32bit mode for +large disks. + +(Coly Li: rebased for Linux 5.3 based SUSE kernel) + +Reviewed-by: Bart Van Assche +Signed-off-by: Khazhismel Kumykov +Reviewed-by: Chaitanya Kulkarni +Link: https://lore.kernel.org/r/20220414224056.2875681-1-khazhy@google.com +Signed-off-by: Jens Axboe +Signed-off-by: Coly Li + +--- + block/ioctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/block/ioctl.c ++++ b/block/ioctl.c +@@ -667,7 +667,7 @@ long compat_blkdev_ioctl(struct file *fi + (bdev->bd_bdi->ra_pages * PAGE_SIZE) / 512); + case BLKGETSIZE: + size = i_size_read(bdev->bd_inode); +- if ((size >> 9) > ~0UL) ++ if ((size >> 9) > ~(compat_ulong_t)0) + return -EFBIG; + return compat_put_ulong(argp, size >> 9); + diff --git a/patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch b/patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch index 0617e9b..c15dd1c 100644 --- a/patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch +++ b/patches.suse/0026-modpost-do-not-invoke-extra-modpost-for-nsdeps.patch @@ -51,23 +51,24 @@ Acked-by: Jessica Yu ifdef MODPOST_VMLINUX @@ -93,7 +92,8 @@ modules := $(sort $(shell cat $(MODORDER - __modpost: $(if $(KBUILD_MODPOST_NOFINAL), $(modules:.ko:.o),$(modules)) - @: + $(KBUILD_EXTMOD)/Kbuild, $(KBUILD_EXTMOD)/Makefile) + endif -MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - $(wildcard vmlinux) +MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - \ + $(if $(KBUILD_NSDEPS),-d) $(wildcard vmlinux) - # We can go over command line length here, so be careful. - quiet_cmd_modpost = MODPOST $(words $(modules)) modules -@@ -135,8 +135,6 @@ $(modules): %.ko :%.o %.mod.o FORCE - - targets += $(modules) + # find all modules listed in modules.order + modules := $(sort $(shell cat $(MODORDER))) +@@ -134,8 +135,6 @@ $(modules): %.ko :%.o %.mod.o FORCE + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modfinal + endif -nsdeps: __modpost - - # Add FORCE to the prequisites of a target to force it to be always rebuilt. - # --------------------------------------------------------------------------- + endif + + .PHONY: $(PHONY) --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c diff --git a/patches.suse/0027-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch b/patches.suse/0027-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch new file mode 100644 index 0000000..ac9d961 --- /dev/null +++ b/patches.suse/0027-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch @@ -0,0 +1,59 @@ +From 08c1af8f1c13bbf210f1760132f4df24d0ed46d6 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 3 Apr 2022 14:38:22 -0400 +Subject: [PATCH] dm integrity: fix memory corruption when tag_size is less + than digest size +Git-commit: 08c1af8f1c13bbf210f1760132f4df24d0ed46d6 +Patch-mainline: v5.18-rc3 +References: git-fixes + +It is possible to set up dm-integrity in such a way that the +"tag_size" parameter is less than the actual digest size. In this +situation, a part of the digest beyond tag_size is ignored. + +In this case, dm-integrity would write beyond the end of the +ic->recalc_tags array and corrupt memory. The corruption happened in +integrity_recalc->integrity_sector_checksum->crypto_shash_final. + +Fix this corruption by increasing the tags array so that it has enough +padding at the end to accomodate the loop in integrity_recalc() being +able to write a full digest size for the last member of the tags +array. + +Cc: stable@vger.kernel.org # v4.19+ +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index ad2d5faa2ebb..36ae30b73a6e 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4399,6 +4399,7 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) + } + + if (ic->internal_hash) { ++ size_t recalc_tags_size; + ic->recalc_wq = alloc_workqueue("dm-integrity-recalc", WQ_MEM_RECLAIM, 1); + if (!ic->recalc_wq ) { + ti->error = "Cannot allocate workqueue"; +@@ -4412,8 +4413,10 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) + r = -ENOMEM; + goto bad; + } +- ic->recalc_tags = kvmalloc_array(RECALC_SECTORS >> ic->sb->log2_sectors_per_block, +- ic->tag_size, GFP_KERNEL); ++ recalc_tags_size = (RECALC_SECTORS >> ic->sb->log2_sectors_per_block) * ic->tag_size; ++ if (crypto_shash_digestsize(ic->internal_hash) > ic->tag_size) ++ recalc_tags_size += crypto_shash_digestsize(ic->internal_hash) - ic->tag_size; ++ ic->recalc_tags = kvmalloc(recalc_tags_size, GFP_KERNEL); + if (!ic->recalc_tags) { + ti->error = "Cannot allocate tags for recalculating"; + r = -ENOMEM; +-- +2.35.3 + diff --git a/patches.suse/0028-hex2bin-make-the-function-hex_to_bin-constant-time.patch b/patches.suse/0028-hex2bin-make-the-function-hex_to_bin-constant-time.patch new file mode 100644 index 0000000..1fd17d1 --- /dev/null +++ b/patches.suse/0028-hex2bin-make-the-function-hex_to_bin-constant-time.patch @@ -0,0 +1,86 @@ +From d2a2757cc38adeedec829b7d88d13b57b839ed6a Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 25 Apr 2022 08:07:48 -0400 +Subject: [PATCH] hex2bin: make the function hex_to_bin constant-time +Git-commit: e5be15767e7e284351853cbaba80cde8620341fb +Patch-mainline: v5.18-rc5 +References: git-fixes + +The function hex2bin is used to load cryptographic keys into device +mapper targets dm-crypt and dm-integrity. It should take constant time +independent on the processed data, so that concurrently running +unprivileged code can't infer any information about the keys via +microarchitectural convert channels. + +This patch changes the function hex_to_bin so that it contains no +branches and no memory accesses. + +Note that this shouldn't cause performance degradation because the size +of the new function is the same as the size of the old function (on +x86-64) - and the new function causes no branch misprediction penalties. + +I compile-tested this function with gcc on aarch64 alpha arm hppa hppa64 +i386 ia64 m68k mips32 mips64 powerpc powerpc64 riscv sh4 s390x sparc32 +sparc64 x86_64 and with clang on aarch64 arm hexagon i386 mips32 mips64 +powerpc powerpc64 s390x sparc32 sparc64 x86_64 to verify that there are +no branches in the generated code. + +(Coly Li: rebased for 4.12 based SUSE kernel) + +Signed-off-by: Mikulas Patocka +Cc: stable@vger.kernel.org +Signed-off-by: Linus Torvalds +Signed-off-by: Coly Li +--- + lib/hexdump.c | 33 ++++++++++++++++++++++++++------- + 1 file changed, 26 insertions(+), 7 deletions(-) + +diff --git a/lib/hexdump.c b/lib/hexdump.c +index 992457b1284c..cb0bac4f9c01 100644 +--- a/lib/hexdump.c ++++ b/lib/hexdump.c +@@ -24,15 +24,34 @@ EXPORT_SYMBOL(hex_asc_upper); + * + * hex_to_bin() converts one hex digit to its actual value or -1 in case of bad + * input. ++ * ++ * This function is used to load cryptographic keys, so it is coded in such a ++ * way that there are no conditions or memory accesses that depend on data. ++ * ++ * Explanation of the logic: ++ * (ch - '9' - 1) is negative if ch <= '9' ++ * ('0' - 1 - ch) is negative if ch >= '0' ++ * we "and" these two values, so the result is negative if ch is in the range ++ * '0' ... '9' ++ * we are only interested in the sign, so we do a shift ">> 8"; note that right ++ * shift of a negative value is implementation-defined, so we cast the ++ * value to (unsigned) before the shift --- we have 0xffffff if ch is in ++ * the range '0' ... '9', 0 otherwise ++ * we "and" this value with (ch - '0' + 1) --- we have a value 1 ... 10 if ch is ++ * in the range '0' ... '9', 0 otherwise ++ * we add this value to -1 --- we have a value 0 ... 9 if ch is in the range '0' ++ * ... '9', -1 otherwise ++ * the next line is similar to the previous one, but we need to decode both ++ * uppercase and lowercase letters, so we use (ch & 0xdf), which converts ++ * lowercase to uppercase + */ +-int hex_to_bin(char ch) ++int hex_to_bin(char _ch) + { +- if ((ch >= '0') && (ch <= '9')) +- return ch - '0'; +- ch = tolower(ch); +- if ((ch >= 'a') && (ch <= 'f')) +- return ch - 'a' + 10; +- return -1; ++ unsigned char ch = (unsigned char)_ch; ++ unsigned char cu = ch & 0xdf; ++ return -1 + ++ ((ch - '0' + 1) & (unsigned)((ch - '9' - 1) & ('0' - 1 - ch)) >> 8) + ++ ((cu - 'A' + 11) & (unsigned)((cu - 'F' - 1) & ('A' - 1 - cu)) >> 8); + } + EXPORT_SYMBOL(hex_to_bin); + +-- +2.35.3 + diff --git a/patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch b/patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch index c8f0dc2..751d1d9 100644 --- a/patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch +++ b/patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch @@ -99,14 +99,14 @@ Acked-by: Jessica Yu --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -93,7 +93,7 @@ __modpost: $(if $(KBUILD_MODPOST_NOFINAL - @: + endif MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - \ - $(if $(KBUILD_NSDEPS),-d) $(wildcard vmlinux) + $(if $(KBUILD_NSDEPS),-d modules.nsdeps) $(wildcard vmlinux) - # We can go over command line length here, so be careful. - quiet_cmd_modpost = MODPOST $(words $(modules)) modules + # find all modules listed in modules.order + modules := $(sort $(shell cat $(MODORDER))) --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -38,8 +38,6 @@ static int sec_mismatch_count = 0; diff --git a/patches.suse/0029-md-raid0-Ignore-RAID0-layout-if-the-second-zone-has-.patch b/patches.suse/0029-md-raid0-Ignore-RAID0-layout-if-the-second-zone-has-.patch new file mode 100644 index 0000000..20d0da3 --- /dev/null +++ b/patches.suse/0029-md-raid0-Ignore-RAID0-layout-if-the-second-zone-has-.patch @@ -0,0 +1,78 @@ +From ea23994edc4169bd90d7a9b5908c6ccefd82fa40 Mon Sep 17 00:00:00 2001 +From: Pascal Hambourg +Date: Wed, 13 Apr 2022 08:53:56 +0200 +Subject: [PATCH] md/raid0: Ignore RAID0 layout if the second zone has only one + device +Git-commit: ea23994edc4169bd90d7a9b5908c6ccefd82fa40 +Patch-mainline: v5.19-rc1 +References: git-fixes + +The RAID0 layout is irrelevant if all members have the same size so the +array has only one zone. It is *also* irrelevant if the array has two +zones and the second zone has only one device, for example if the array +has two members of different sizes. + +So in that case it makes sense to allow assembly even when the layout is +undefined, like what is done when the array has only one zone. + +Reviewed-by: NeilBrown +Signed-off-by: Pascal Hambourg +Signed-off-by: Song Liu +Signed-off-by: Coly Li + +--- + drivers/md/raid0.c | 31 ++++++++++++++++--------------- + 1 file changed, 16 insertions(+), 15 deletions(-) + +diff --git a/drivers/md/raid0.c b/drivers/md/raid0.c +index 7231f5e1eaa7..e11701e394ca 100644 +--- a/drivers/md/raid0.c ++++ b/drivers/md/raid0.c +@@ -128,21 +128,6 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) + pr_debug("md/raid0:%s: FINAL %d zones\n", + mdname(mddev), conf->nr_strip_zones); + +- if (conf->nr_strip_zones == 1) { +- conf->layout = RAID0_ORIG_LAYOUT; +- } else if (mddev->layout == RAID0_ORIG_LAYOUT || +- mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) { +- conf->layout = mddev->layout; +- } else if (default_layout == RAID0_ORIG_LAYOUT || +- default_layout == RAID0_ALT_MULTIZONE_LAYOUT) { +- conf->layout = default_layout; +- } else { +- pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n", +- mdname(mddev)); +- pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n"); +- err = -ENOTSUPP; +- goto abort; +- } + /* + * now since we have the hard sector sizes, we can make sure + * chunk size is a multiple of that sector size +@@ -273,6 +258,22 @@ static int create_strip_zones(struct mddev *mddev, struct r0conf **private_conf) + (unsigned long long)smallest->sectors); + } + ++ if (conf->nr_strip_zones == 1 || conf->strip_zone[1].nb_dev == 1) { ++ conf->layout = RAID0_ORIG_LAYOUT; ++ } else if (mddev->layout == RAID0_ORIG_LAYOUT || ++ mddev->layout == RAID0_ALT_MULTIZONE_LAYOUT) { ++ conf->layout = mddev->layout; ++ } else if (default_layout == RAID0_ORIG_LAYOUT || ++ default_layout == RAID0_ALT_MULTIZONE_LAYOUT) { ++ conf->layout = default_layout; ++ } else { ++ pr_err("md/raid0:%s: cannot assemble multi-zone RAID0 with default_layout setting\n", ++ mdname(mddev)); ++ pr_err("md/raid0: please set raid0.default_layout to 1 or 2\n"); ++ err = -EOPNOTSUPP; ++ goto abort; ++ } ++ + pr_debug("md/raid0:%s: done.\n", mdname(mddev)); + *private_conf = conf; + +-- +2.35.3 + diff --git a/patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch b/patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch index 1c825e3..8334ff7 100644 --- a/patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch +++ b/patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch @@ -59,14 +59,14 @@ Acked-by: Jessica Yu --- a/scripts/Makefile.modpost +++ b/scripts/Makefile.modpost @@ -93,7 +93,7 @@ __modpost: $(if $(KBUILD_MODPOST_NOFINAL - @: + endif MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - \ - $(if $(KBUILD_NSDEPS),-d modules.nsdeps) $(wildcard vmlinux) + $(if $(KBUILD_NSDEPS),-d $(MODULES_NSDEPS)) $(wildcard vmlinux) - # We can go over command line length here, so be careful. - quiet_cmd_modpost = MODPOST $(words $(modules)) modules + # find all modules listed in modules.order + modules := $(sort $(shell cat $(MODORDER))) --- a/scripts/nsdeps +++ b/scripts/nsdeps @@ -21,6 +21,12 @@ if [ "$SPATCH_VERSION_NUM" -lt "$SPATCH_ diff --git a/patches.suse/0030-dm-stats-add-cond_resched-when-looping-over-entries.patch b/patches.suse/0030-dm-stats-add-cond_resched-when-looping-over-entries.patch new file mode 100644 index 0000000..29123d3 --- /dev/null +++ b/patches.suse/0030-dm-stats-add-cond_resched-when-looping-over-entries.patch @@ -0,0 +1,85 @@ +From bfe2b0146c4d0230b68f5c71a64380ff8d361f8b Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Sun, 24 Apr 2022 16:43:00 -0400 +Subject: [PATCH] dm stats: add cond_resched when looping over entries +Git-commit: bfe2b0146c4d0230b68f5c71a64380ff8d361f8b +Patch-mainline: v5.19-rc1 +References: git-fixes + +dm-stats can be used with a very large number of entries (it is only +limited by 1/4 of total system memory), so add rescheduling points to +the loops that iterate over the entries. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-stats.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c +index 86e0697330e8..8326f9fe0e91 100644 +--- a/drivers/md/dm-stats.c ++++ b/drivers/md/dm-stats.c +@@ -225,6 +225,7 @@ void dm_stats_cleanup(struct dm_stats *stats) + atomic_read(&shared->in_flight[READ]), + atomic_read(&shared->in_flight[WRITE])); + } ++ cond_resched(); + } + dm_stat_free(&s->rcu_head); + } +@@ -330,6 +331,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, + for (ni = 0; ni < n_entries; ni++) { + atomic_set(&s->stat_shared[ni].in_flight[READ], 0); + atomic_set(&s->stat_shared[ni].in_flight[WRITE], 0); ++ cond_resched(); + } + + if (s->n_histogram_entries) { +@@ -342,6 +344,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, + for (ni = 0; ni < n_entries; ni++) { + s->stat_shared[ni].tmp.histogram = hi; + hi += s->n_histogram_entries + 1; ++ cond_resched(); + } + } + +@@ -362,6 +365,7 @@ static int dm_stats_create(struct dm_stats *stats, sector_t start, sector_t end, + for (ni = 0; ni < n_entries; ni++) { + p[ni].histogram = hi; + hi += s->n_histogram_entries + 1; ++ cond_resched(); + } + } + } +@@ -500,6 +504,7 @@ static int dm_stats_list(struct dm_stats *stats, const char *program, + } + DMEMIT("\n"); + } ++ cond_resched(); + } + mutex_unlock(&stats->mutex); + +@@ -777,6 +782,7 @@ static void __dm_stat_clear(struct dm_stat *s, size_t idx_start, size_t idx_end, + local_irq_enable(); + } + } ++ cond_resched(); + } + } + +@@ -892,6 +898,8 @@ static int dm_stats_print(struct dm_stats *stats, int id, + + if (unlikely(sz + 1 >= maxlen)) + goto buffer_overflow; ++ ++ cond_resched(); + } + + if (clear) +-- +2.35.3 + diff --git a/patches.suse/0031-dm-integrity-fix-error-code-in-dm_integrity_ctr.patch b/patches.suse/0031-dm-integrity-fix-error-code-in-dm_integrity_ctr.patch new file mode 100644 index 0000000..d94d16d --- /dev/null +++ b/patches.suse/0031-dm-integrity-fix-error-code-in-dm_integrity_ctr.patch @@ -0,0 +1,42 @@ +From d3f2a14b8906df913cb04a706367b012db94a6e8 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Mon, 25 Apr 2022 14:56:48 +0300 +Subject: [PATCH] dm integrity: fix error code in dm_integrity_ctr() +Git-commit: d3f2a14b8906df913cb04a706367b012db94a6e8 +Patch-mainline: v5.19-rc1 +References: git-fixes + +The "r" variable shadows an earlier "r" that has function scope. It +means that we accidentally return success instead of an error code. +Smatch has a warning for this: + + drivers/md/dm-integrity.c:4503 dm_integrity_ctr() + warn: missing error code 'r' + +Fixes: 7eada909bfd7 ("dm: add integrity target") +Cc: stable@vger.kernel.org +Signed-off-by: Dan Carpenter +Reviewed-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-integrity.c | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c +index 36ae30b73a6e..3d5a0ce123c9 100644 +--- a/drivers/md/dm-integrity.c ++++ b/drivers/md/dm-integrity.c +@@ -4494,8 +4494,6 @@ static int dm_integrity_ctr(struct dm_target *ti, unsigned argc, char **argv) + } + + if (should_write_sb) { +- int r; +- + init_journal(ic, 0, ic->journal_sections, 0); + r = dm_integrity_failed(ic); + if (unlikely(r)) { +-- +2.35.3 + diff --git a/patches.suse/0032-dm-crypt-make-printing-of-the-key-constant-time.patch b/patches.suse/0032-dm-crypt-make-printing-of-the-key-constant-time.patch new file mode 100644 index 0000000..4e07a09 --- /dev/null +++ b/patches.suse/0032-dm-crypt-make-printing-of-the-key-constant-time.patch @@ -0,0 +1,63 @@ +From 567dd8f34560fa221a6343729474536aa7ede4fd Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Mon, 25 Apr 2022 08:53:29 -0400 +Subject: [PATCH] dm crypt: make printing of the key constant-time +Git-commit: 567dd8f34560fa221a6343729474536aa7ede4fd +Patch-mainline: v5.19-rc1 +References: git-fixes + +The device mapper dm-crypt target is using scnprintf("%02x", cc->key[i]) to +report the current key to userspace. However, this is not a constant-time +operation and it may leak information about the key via timing, via cache +access patterns or via the branch predictor. + +Change dm-crypt's key printing to use "%c" instead of "%02x". Also +introduce hex2asc() that carefully avoids any branching or memory +accesses when converting a number in the range 0 ... 15 to an ascii +character. + +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Tested-by: Milan Broz +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-crypt.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c +index fb80539865d7..159c6806c19b 100644 +--- a/drivers/md/dm-crypt.c ++++ b/drivers/md/dm-crypt.c +@@ -3439,6 +3439,11 @@ static int crypt_map(struct dm_target *ti, struct bio *bio) + return DM_MAPIO_SUBMITTED; + } + ++static char hex2asc(unsigned char c) ++{ ++ return c + '0' + ((unsigned)(9 - c) >> 4 & 0x27); ++} ++ + static void crypt_status(struct dm_target *ti, status_type_t type, + unsigned status_flags, char *result, unsigned maxlen) + { +@@ -3457,9 +3462,12 @@ static void crypt_status(struct dm_target *ti, status_type_t type, + if (cc->key_size > 0) { + if (cc->key_string) + DMEMIT(":%u:%s", cc->key_size, cc->key_string); +- else +- for (i = 0; i < cc->key_size; i++) +- DMEMIT("%02x", cc->key[i]); ++ else { ++ for (i = 0; i < cc->key_size; i++) { ++ DMEMIT("%c%c", hex2asc(cc->key[i] >> 4), ++ hex2asc(cc->key[i] & 0xf)); ++ } ++ } + } else + DMEMIT("-"); + +-- +2.35.3 + diff --git a/patches.suse/0033-md-bcache-check-the-return-value-of-kzalloc-in-detac.patch b/patches.suse/0033-md-bcache-check-the-return-value-of-kzalloc-in-detac.patch new file mode 100644 index 0000000..790d9e8 --- /dev/null +++ b/patches.suse/0033-md-bcache-check-the-return-value-of-kzalloc-in-detac.patch @@ -0,0 +1,38 @@ +From 40f567bbb3b0639d2ec7d1c6ad4b1b018f80cf19 Mon Sep 17 00:00:00 2001 +From: Jia-Ju Bai +Date: Fri, 27 May 2022 23:28:18 +0800 +Subject: [PATCH] md: bcache: check the return value of kzalloc() in + detached_dev_do_request() +Git-commit: 40f567bbb3b0639d2ec7d1c6ad4b1b018f80cf19 +Patch-mainline: v5.19-rc1 +References: git-fixes + +The function kzalloc() in detached_dev_do_request() can fail, so its +return value should be checked. + +Fixes: bc082a55d25c ("bcache: fix inaccurate io state for detached bcache devices") +Reported-by: TOTE Robot +Signed-off-by: Jia-Ju Bai +Signed-off-by: Coly Li +Link: https://lore.kernel.org/r/20220527152818.27545-4-colyli@suse.de +Signed-off-by: Jens Axboe + +--- + drivers/md/bcache/request.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/drivers/md/bcache/request.c ++++ b/drivers/md/bcache/request.c +@@ -1102,6 +1102,12 @@ static void detached_dev_do_request(stru + * which would call closure_get(&dc->disk.cl) + */ + ddip = kzalloc(sizeof(struct detached_dev_io_private), GFP_NOIO); ++ if (!ddip) { ++ bio->bi_status = BLK_STS_RESOURCE; ++ bio->bi_end_io(bio); ++ return; ++ } ++ + ddip->d = d; + /* Count on the bcache device */ + ddip->start_time = disk_start_io_acct(d->disk, bio_sectors(bio), bio_op(bio)); diff --git a/patches.suse/0034-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch b/patches.suse/0034-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch new file mode 100644 index 0000000..8f6d2cb --- /dev/null +++ b/patches.suse/0034-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch @@ -0,0 +1,44 @@ +From 85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0 Mon Sep 17 00:00:00 2001 +From: Mikulas Patocka +Date: Thu, 16 Jun 2022 13:28:57 -0400 +Subject: [PATCH] dm mirror log: round up region bitmap size to BITS_PER_LONG +Git-commit: 85e123c27d5cbc22cfdc01de1e2ca1d9003a02d0 +Patch-mainline: v5.19-rc3 +References: git-fixes + +The code in dm-log rounds up bitset_size to 32 bits. It then uses +find_next_zero_bit_le on the allocated region. find_next_zero_bit_le +accesses the bitmap using unsigned long pointers. So, on 64-bit +architectures, it may access 4 bytes beyond the allocated size. + +Fix this bug by rounding up bitset_size to BITS_PER_LONG. + +This bug was found by running the lvm2 testsuite with kasan. + +Fixes: 29121bd0b00e ("[PATCH] dm mirror log: bitset_size fix") +Cc: stable@vger.kernel.org +Signed-off-by: Mikulas Patocka +Signed-off-by: Mike Snitzer +Signed-off-by: Coly Li + +--- + drivers/md/dm-log.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/md/dm-log.c b/drivers/md/dm-log.c +index 06f328928a7f..2dda05aada23 100644 +--- a/drivers/md/dm-log.c ++++ b/drivers/md/dm-log.c +@@ -415,8 +415,7 @@ static int create_log_context(struct dm_dirty_log *log, struct dm_target *ti, + /* + * Work out how many "unsigned long"s we need to hold the bitset. + */ +- bitset_size = dm_round_up(region_count, +- sizeof(*lc->clean_bits) << BYTE_SHIFT); ++ bitset_size = dm_round_up(region_count, BITS_PER_LONG); + bitset_size >>= BYTE_SHIFT; + + lc->bitset_uint32_count = bitset_size / sizeof(*lc->clean_bits); +-- +2.35.3 + diff --git a/patches.suse/ACPI-APEI-Better-fix-to-avoid-spamming-the-console-w.patch b/patches.suse/ACPI-APEI-Better-fix-to-avoid-spamming-the-console-w.patch new file mode 100644 index 0000000..df5929d --- /dev/null +++ b/patches.suse/ACPI-APEI-Better-fix-to-avoid-spamming-the-console-w.patch @@ -0,0 +1,110 @@ +From c3481b6b75b4797657838f44028fd28226ab48e0 Mon Sep 17 00:00:00 2001 +From: Tony Luck +Date: Wed, 22 Jun 2022 10:09:06 -0700 +Subject: [PATCH] ACPI: APEI: Better fix to avoid spamming the console with old error logs +Git-commit: c3481b6b75b4797657838f44028fd28226ab48e0 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The fix in commit 3f8dec116210 ("ACPI/APEI: Limit printable size of BERT +table data") does not work as intended on systems where the BIOS has a +fixed size block of memory for the BERT table, relying on s/w to quit +when it finds a record with estatus->block_status == 0. On these systems +all errors are suppressed because the check: + + if (region_len < ACPI_BERT_PRINT_MAX_LEN) + +always fails. + +New scheme skips individual CPER records that are too large, and also +limits the total number of records that will be printed to 5. + +Fixes: 3f8dec116210 ("ACPI/APEI: Limit printable size of BERT table data") +Cc: All applicable +Signed-off-by: Tony Luck +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/acpi/apei/bert.c | 31 +++++++++++++++++++++++-------- + 1 file changed, 23 insertions(+), 8 deletions(-) + +diff --git a/drivers/acpi/apei/bert.c b/drivers/acpi/apei/bert.c +index 598fd19b65fa..45973aa6e06d 100644 +--- a/drivers/acpi/apei/bert.c ++++ b/drivers/acpi/apei/bert.c +@@ -29,16 +29,26 @@ + + #undef pr_fmt + #define pr_fmt(fmt) "BERT: " fmt ++ ++#define ACPI_BERT_PRINT_MAX_RECORDS 5 + #define ACPI_BERT_PRINT_MAX_LEN 1024 + + static int bert_disable; + ++/* ++ * Print "all" the error records in the BERT table, but avoid huge spam to ++ * the console if the BIOS included oversize records, or too many records. ++ * Skipping some records here does not lose anything because the full ++ * data is available to user tools in: ++ * /sys/firmware/acpi/tables/data/BERT ++ */ + static void __init bert_print_all(struct acpi_bert_region *region, + unsigned int region_len) + { + struct acpi_hest_generic_status *estatus = + (struct acpi_hest_generic_status *)region; + int remain = region_len; ++ int printed = 0, skipped = 0; + u32 estatus_len; + + while (remain >= sizeof(struct acpi_bert_region)) { +@@ -46,24 +56,26 @@ static void __init bert_print_all(struct acpi_bert_region *region, + if (remain < estatus_len) { + pr_err(FW_BUG "Truncated status block (length: %u).\n", + estatus_len); +- return; ++ break; + } + + /* No more error records. */ + if (!estatus->block_status) +- return; ++ break; + + if (cper_estatus_check(estatus)) { + pr_err(FW_BUG "Invalid error record.\n"); +- return; ++ break; + } + +- pr_info_once("Error records from previous boot:\n"); +- if (region_len < ACPI_BERT_PRINT_MAX_LEN) ++ if (estatus_len < ACPI_BERT_PRINT_MAX_LEN && ++ printed < ACPI_BERT_PRINT_MAX_RECORDS) { ++ pr_info_once("Error records from previous boot:\n"); + cper_estatus_print(KERN_INFO HW_ERR, estatus); +- else +- pr_info_once("Max print length exceeded, table data is available at:\n" +- "/sys/firmware/acpi/tables/data/BERT"); ++ printed++; ++ } else { ++ skipped++; ++ } + + /* + * Because the boot error source is "one-time polled" type, +@@ -75,6 +87,9 @@ static void __init bert_print_all(struct acpi_bert_region *region, + estatus = (void *)estatus + estatus_len; + remain -= estatus_len; + } ++ ++ if (skipped) ++ pr_info(HW_ERR "Skipped %d error records\n", skipped); + } + + static int __init setup_bert_disable(char *str) +-- +2.35.3 + diff --git a/patches.suse/ACPI-CPPC-Do-not-prevent-CPPC-from-working-in-the-fu.patch b/patches.suse/ACPI-CPPC-Do-not-prevent-CPPC-from-working-in-the-fu.patch new file mode 100644 index 0000000..9f395c7 --- /dev/null +++ b/patches.suse/ACPI-CPPC-Do-not-prevent-CPPC-from-working-in-the-fu.patch @@ -0,0 +1,124 @@ +From 4f4179fcf420873002035cf1941d844c9e0e7cb3 Mon Sep 17 00:00:00 2001 +From: "Rafael J. Wysocki" +Date: Thu, 21 Jul 2022 19:41:10 +0200 +Subject: [PATCH] ACPI: CPPC: Do not prevent CPPC from working in the future +Git-commit: 4f4179fcf420873002035cf1941d844c9e0e7cb3 +Patch-mainline: v6.0-rc1 +References: git-fixes + +There is a problem with the current revision checks in +is_cppc_supported() that they essentially prevent the CPPC support +from working if a new _CPC package format revision being a proper +superset of the v3 and only causing _CPC to return a package with more +entries (while retaining the types and meaning of the entries defined by +the v3) is introduced in the future and used by the platform firmware. + +In that case, as long as the number of entries in the _CPC return +package is at least CPPC_V3_NUM_ENT, it should be perfectly fine to +use the v3 support code and disregard the additional package entries +added by the new package format revision. + +For this reason, drop is_cppc_supported() altogether, put the revision +checks directly into acpi_cppc_processor_probe() so they are easier to +follow and rework them to take the case mentioned above into account. + +Fixes: 4773e77cdc9b ("ACPI / CPPC: Add support for CPPC v3") +Cc: 4.18+ # 4.18+ +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/acpi/cppc_acpi.c | 54 ++++++++++++++++++++--------------------------- + include/acpi/cppc_acpi.h | 2 - + 2 files changed, 25 insertions(+), 31 deletions(-) + +--- a/drivers/acpi/cppc_acpi.c ++++ b/drivers/acpi/cppc_acpi.c +@@ -607,33 +607,6 @@ static int pcc_data_alloc(int pcc_ss_id) + return 0; + } + +-/* Check if CPPC revision + num_ent combination is supported */ +-static bool is_cppc_supported(int revision, int num_ent) +-{ +- int expected_num_ent; +- +- switch (revision) { +- case CPPC_V2_REV: +- expected_num_ent = CPPC_V2_NUM_ENT; +- break; +- case CPPC_V3_REV: +- expected_num_ent = CPPC_V3_NUM_ENT; +- break; +- default: +- pr_debug("Firmware exports unsupported CPPC revision: %d\n", +- revision); +- return false; +- } +- +- if (expected_num_ent != num_ent) { +- pr_debug("Firmware exports %d entries. Expected: %d for CPPC rev:%d\n", +- num_ent, expected_num_ent, revision); +- return false; +- } +- +- return true; +-} +- + /* + * An example CPC table looks like the following. + * +@@ -729,7 +702,6 @@ int acpi_cppc_processor_probe(struct acp + cpc_obj->type); + goto out_free; + } +- cpc_ptr->num_entries = num_ent; + + /* Second entry should be revision. */ + cpc_obj = &out_obj->package.elements[1]; +@@ -740,10 +712,32 @@ int acpi_cppc_processor_probe(struct acp + cpc_obj->type); + goto out_free; + } +- cpc_ptr->version = cpc_rev; + +- if (!is_cppc_supported(cpc_rev, num_ent)) ++ if (cpc_rev < CPPC_V2_REV) { ++ pr_debug("Unsupported _CPC Revision (%d) for CPU:%d\n", cpc_rev, ++ pr->id); + goto out_free; ++ } ++ ++ /* ++ * Disregard _CPC if the number of entries in the return pachage is not ++ * as expected, but support future revisions being proper supersets of ++ * the v3 and only causing more entries to be returned by _CPC. ++ */ ++ if ((cpc_rev == CPPC_V2_REV && num_ent != CPPC_V2_NUM_ENT) || ++ (cpc_rev == CPPC_V3_REV && num_ent != CPPC_V3_NUM_ENT) || ++ (cpc_rev > CPPC_V3_REV && num_ent <= CPPC_V3_NUM_ENT)) { ++ pr_debug("Unexpected number of _CPC return package entries (%d) for CPU:%d\n", ++ num_ent, pr->id); ++ goto out_free; ++ } ++ if (cpc_rev > CPPC_V3_REV) { ++ num_ent = CPPC_V3_NUM_ENT; ++ cpc_rev = CPPC_V3_REV; ++ } ++ ++ cpc_ptr->num_entries = num_ent; ++ cpc_ptr->version = cpc_rev; + + /* Iterate through remaining entries in _CPC */ + for (i = 2; i < num_ent; i++) { +--- a/include/acpi/cppc_acpi.h ++++ b/include/acpi/cppc_acpi.h +@@ -16,7 +16,7 @@ + #include + #include + +-/* Support CPPCv2 and CPPCv3 */ ++/* CPPCv2 and CPPCv3 support */ + #define CPPC_V2_REV 2 + #define CPPC_V3_REV 3 + #define CPPC_V2_NUM_ENT 21 diff --git a/patches.suse/ACPI-video-Shortening-quirk-list-by-identifying-Clev.patch b/patches.suse/ACPI-video-Shortening-quirk-list-by-identifying-Clev.patch new file mode 100644 index 0000000..cf99a9a --- /dev/null +++ b/patches.suse/ACPI-video-Shortening-quirk-list-by-identifying-Clev.patch @@ -0,0 +1,80 @@ +From f0341e67b3782603737f7788e71bd3530012a4f4 Mon Sep 17 00:00:00 2001 +From: Werner Sembach +Date: Thu, 7 Jul 2022 20:09:53 +0200 +Subject: [PATCH] ACPI: video: Shortening quirk list by identifying Clevo by board_name only +Git-commit: f0341e67b3782603737f7788e71bd3530012a4f4 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Taking a recent change in the i8042 quirklist to this one: Clevo +board_names are somewhat unique, and if not: The generic Board_-/Sys_Vendor +string "Notebook" doesn't help much anyway. So identifying the devices just +by the board_name helps keeping the list significantly shorter and might +even hit more devices requiring the fix. + +Signed-off-by: Werner Sembach +Fixes: c844d22fe0c0 ("ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU") +Cc: All applicable +Reviewed-by: Hans de Goede +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/acpi/video_detect.c | 34 ---------------------------------- + 1 file changed, 34 deletions(-) + +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c +index cdde2e069d63..6615f59ab7fd 100644 +--- a/drivers/acpi/video_detect.c ++++ b/drivers/acpi/video_detect.c +@@ -430,23 +430,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { + .callback = video_detect_force_native, + .ident = "Clevo NL5xRU", + .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), +- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), +- }, +- }, +- { +- .callback = video_detect_force_native, +- .ident = "Clevo NL5xRU", +- .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), +- DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), +- }, +- }, +- { +- .callback = video_detect_force_native, +- .ident = "Clevo NL5xRU", +- .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), + DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"), + }, + }, +@@ -470,23 +453,6 @@ static const struct dmi_system_id video_detect_dmi_table[] = { + .callback = video_detect_force_native, + .ident = "Clevo NL5xNU", + .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"), +- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), +- }, +- }, +- { +- .callback = video_detect_force_native, +- .ident = "Clevo NL5xNU", +- .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"), +- DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), +- }, +- }, +- { +- .callback = video_detect_force_native, +- .ident = "Clevo NL5xNU", +- .matches = { +- DMI_MATCH(DMI_SYS_VENDOR, "Notebook"), + DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"), + }, + }, +-- +2.35.3 + diff --git a/patches.suse/ALSA-hda-Add-fixup-for-Dell-Latitidue-E5430.patch b/patches.suse/ALSA-hda-Add-fixup-for-Dell-Latitidue-E5430.patch new file mode 100644 index 0000000..2813921 --- /dev/null +++ b/patches.suse/ALSA-hda-Add-fixup-for-Dell-Latitidue-E5430.patch @@ -0,0 +1,35 @@ +From 841bdf85c226803a78a9319af9b2caa9bf3e2eda Mon Sep 17 00:00:00 2001 +From: Meng Tang +Date: Tue, 12 Jul 2022 14:00:05 +0800 +Subject: [PATCH] ALSA: hda - Add fixup for Dell Latitidue E5430 +Git-commit: 841bdf85c226803a78a9319af9b2caa9bf3e2eda +Patch-mainline: v5.19-rc7 +References: git-fixes + +Another Dell model, another fixup entry: Latitude E5430 needs the same +fixup as other Latitude E series as workaround for noise problems. + +Signed-off-by: Meng Tang +Cc: +Link: https://lore.kernel.org/r/20220712060005.20176-1-tangmeng@uniontech.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index fe7c1194d052..ecc737342fcc 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -8896,6 +8896,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x1025, 0x1430, "Acer TravelMate B311R-31", ALC256_FIXUP_ACER_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1025, 0x1466, "Acer Aspire A515-56", ALC255_FIXUP_ACER_HEADPHONE_AND_MIC), + SND_PCI_QUIRK(0x1028, 0x0470, "Dell M101z", ALC269_FIXUP_DELL_M101Z), ++ SND_PCI_QUIRK(0x1028, 0x053c, "Dell Latitude E5430", ALC292_FIXUP_DELL_E7X), + SND_PCI_QUIRK(0x1028, 0x054b, "Dell XPS one 2710", ALC275_FIXUP_DELL_XPS), + SND_PCI_QUIRK(0x1028, 0x05bd, "Dell Latitude E6440", ALC292_FIXUP_DELL_E7X), + SND_PCI_QUIRK(0x1028, 0x05be, "Dell Latitude E6540", ALC292_FIXUP_DELL_E7X), +-- +2.35.3 + diff --git a/patches.suse/ALSA-hda-conexant-Apply-quirk-for-another-HP-ProDesk.patch b/patches.suse/ALSA-hda-conexant-Apply-quirk-for-another-HP-ProDesk.patch new file mode 100644 index 0000000..f14943a --- /dev/null +++ b/patches.suse/ALSA-hda-conexant-Apply-quirk-for-another-HP-ProDesk.patch @@ -0,0 +1,36 @@ +From d16d69bf5a25d91c6d8f3e29711be12551bf56cd Mon Sep 17 00:00:00 2001 +From: Meng Tang +Date: Mon, 11 Jul 2022 18:17:44 +0800 +Subject: [PATCH] ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model +Git-commit: d16d69bf5a25d91c6d8f3e29711be12551bf56cd +Patch-mainline: v5.19-rc7 +References: git-fixes + +There is another HP ProDesk 600 G3 model with the PCI SSID 103c:82b4 +that requires the quirk HP_MIC_NO_PRESENCE. Add the corresponding +entry to the quirk table. + +Signed-off-by: Meng Tang +Cc: +Link: https://lore.kernel.org/r/20220711101744.25189-1-tangmeng@uniontech.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_conexant.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_conexant.c b/sound/pci/hda/patch_conexant.c +index 3e541a4c0423..83ae21a01bbf 100644 +--- a/sound/pci/hda/patch_conexant.c ++++ b/sound/pci/hda/patch_conexant.c +@@ -944,6 +944,7 @@ static const struct snd_pci_quirk cxt5066_fixups[] = { + SND_PCI_QUIRK(0x103c, 0x828c, "HP EliteBook 840 G4", CXT_FIXUP_HP_DOCK), + SND_PCI_QUIRK(0x103c, 0x8299, "HP 800 G3 SFF", CXT_FIXUP_HP_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x829a, "HP 800 G3 DM", CXT_FIXUP_HP_MIC_NO_PRESENCE), ++ SND_PCI_QUIRK(0x103c, 0x82b4, "HP ProDesk 600 G3", CXT_FIXUP_HP_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x836e, "HP ProBook 455 G5", CXT_FIXUP_MUTE_LED_GPIO), + SND_PCI_QUIRK(0x103c, 0x837f, "HP ProBook 470 G5", CXT_FIXUP_MUTE_LED_GPIO), + SND_PCI_QUIRK(0x103c, 0x83b2, "HP EliteBook 840 G5", CXT_FIXUP_HP_DOCK), +-- +2.35.3 + diff --git a/patches.suse/ALSA-hda-realtek-Enable-the-headset-mic-on-a-Xiaomi--9b043a8f3864.patch b/patches.suse/ALSA-hda-realtek-Enable-the-headset-mic-on-a-Xiaomi--9b043a8f3864.patch new file mode 100644 index 0000000..5476f72 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-Enable-the-headset-mic-on-a-Xiaomi--9b043a8f3864.patch @@ -0,0 +1,35 @@ +From 9b043a8f386485c74c0f8eea2c287d5bdbdf3279 Mon Sep 17 00:00:00 2001 +From: Meng Tang +Date: Wed, 13 Jul 2022 17:41:33 +0800 +Subject: [PATCH] ALSA: hda/realtek - Enable the headset-mic on a Xiaomi's laptop +Git-commit: 9b043a8f386485c74c0f8eea2c287d5bdbdf3279 +Patch-mainline: v5.19-rc7 +References: git-fixes + +The headset on this machine is not defined, after applying the quirk +ALC256_FIXUP_ASUS_HEADSET_MIC, the headset-mic works well + +Signed-off-by: Meng Tang +Cc: +Link: https://lore.kernel.org/r/20220713094133.9894-1-tangmeng@uniontech.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 888547a2f1bc..2f55bc43bfa9 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9373,6 +9373,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x1d72, 0x1602, "RedmiBook", ALC255_FIXUP_XIAOMI_HEADSET_MIC), + SND_PCI_QUIRK(0x1d72, 0x1701, "XiaomiNotebook Pro", ALC298_FIXUP_DELL1_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x1d72, 0x1901, "RedmiBook 14", ALC256_FIXUP_ASUS_HEADSET_MIC), ++ SND_PCI_QUIRK(0x1d72, 0x1945, "Redmi G", ALC256_FIXUP_ASUS_HEADSET_MIC), + SND_PCI_QUIRK(0x1d72, 0x1947, "RedmiBook Air", ALC255_FIXUP_XIAOMI_HEADSET_MIC), + SND_PCI_QUIRK(0x8086, 0x2074, "Intel NUC 8", ALC233_FIXUP_INTEL_NUC8_DMIC), + SND_PCI_QUIRK(0x8086, 0x2080, "Intel NUC 8 Rugged", ALC256_FIXUP_INTEL_NUC8_RUGGED), +-- +2.35.3 + diff --git a/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-4ba5c853d794.patch b/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-4ba5c853d794.patch new file mode 100644 index 0000000..fc57025 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-4ba5c853d794.patch @@ -0,0 +1,62 @@ +From 4ba5c853d7945b3855c3dcb293f7f9f019db641e Mon Sep 17 00:00:00 2001 +From: Meng Tang +Date: Wed, 13 Jul 2022 14:33:32 +0800 +Subject: [PATCH] ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc221 +Git-commit: 4ba5c853d7945b3855c3dcb293f7f9f019db641e +Patch-mainline: v5.19-rc7 +References: git-fixes + +On a HP 288 Pro G2 MT (X9W02AV), the front mic could not be detected. +In order to get it working, the pin configuration needs to be set +correctly, and the ALC221_FIXUP_HP_288PRO_MIC_NO_PRESENCE fixup needs +to be applied. + +Signed-off-by: Meng Tang +Cc: +Link: https://lore.kernel.org/r/20220713063332.30095-1-tangmeng@uniontech.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 30aada1c73bf..888547a2f1bc 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -6901,6 +6901,7 @@ enum { + ALC298_FIXUP_LENOVO_SPK_VOLUME, + ALC256_FIXUP_DELL_INSPIRON_7559_SUBWOOFER, + ALC269_FIXUP_ATIV_BOOK_8, ++ ALC221_FIXUP_HP_288PRO_MIC_NO_PRESENCE, + ALC221_FIXUP_HP_MIC_NO_PRESENCE, + ALC256_FIXUP_ASUS_HEADSET_MODE, + ALC256_FIXUP_ASUS_MIC, +@@ -7837,6 +7838,16 @@ static const struct hda_fixup alc269_fixups[] = { + .chained = true, + .chain_id = ALC269_FIXUP_NO_SHUTUP + }, ++ [ALC221_FIXUP_HP_288PRO_MIC_NO_PRESENCE] = { ++ .type = HDA_FIXUP_PINS, ++ .v.pins = (const struct hda_pintbl[]) { ++ { 0x19, 0x01a1913c }, /* use as headset mic, without its own jack detect */ ++ { 0x1a, 0x01813030 }, /* use as headphone mic, without its own jack detect */ ++ { } ++ }, ++ .chained = true, ++ .chain_id = ALC269_FIXUP_HEADSET_MODE ++ }, + [ALC221_FIXUP_HP_MIC_NO_PRESENCE] = { + .type = HDA_FIXUP_PINS, + .v.pins = (const struct hda_pintbl[]) { +@@ -9012,6 +9023,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x2335, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), + SND_PCI_QUIRK(0x103c, 0x2336, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), + SND_PCI_QUIRK(0x103c, 0x2337, "HP", ALC269_FIXUP_HP_MUTE_LED_MIC1), ++ SND_PCI_QUIRK(0x103c, 0x2b5e, "HP 288 Pro G2 MT", ALC221_FIXUP_HP_288PRO_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x802e, "HP Z240 SFF", ALC221_FIXUP_HP_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x802f, "HP Z240", ALC221_FIXUP_HP_MIC_NO_PRESENCE), + SND_PCI_QUIRK(0x103c, 0x8077, "HP", ALC256_FIXUP_HP_HEADSET_MIC), +-- +2.35.3 + diff --git a/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-dbe75d314748.patch b/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-dbe75d314748.patch new file mode 100644 index 0000000..3d73a60 --- /dev/null +++ b/patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-dbe75d314748.patch @@ -0,0 +1,36 @@ +From dbe75d314748e08fc6e4576d153d8a69621ee5ca Mon Sep 17 00:00:00 2001 +From: Meng Tang +Date: Tue, 12 Jul 2022 17:22:22 +0800 +Subject: [PATCH] ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 +Git-commit: dbe75d314748e08fc6e4576d153d8a69621ee5ca +Patch-mainline: v5.19-rc7 +References: git-fixes + +On a HP 288 Pro G6, the front mic could not be detected.In order to +get it working, the pin configuration needs to be set correctly, and +the ALC671_FIXUP_HP_HEADSET_MIC2 fixup needs to be applied. + +Signed-off-by: Meng Tang +Cc: +Link: https://lore.kernel.org/r/20220712092222.21738-1-tangmeng@uniontech.com +Signed-off-by: Takashi Iwai + +--- + sound/pci/hda/patch_realtek.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index ecc737342fcc..34139c26795f 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -11219,6 +11219,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = { + SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800), + SND_PCI_QUIRK(0x103c, 0x8719, "HP", ALC897_FIXUP_HP_HSMIC_VERB), + SND_PCI_QUIRK(0x103c, 0x873e, "HP", ALC671_FIXUP_HP_HEADSET_MIC2), ++ SND_PCI_QUIRK(0x103c, 0x877e, "HP 288 Pro G6", ALC671_FIXUP_HP_HEADSET_MIC2), + SND_PCI_QUIRK(0x103c, 0x885f, "HP 288 Pro G8", ALC671_FIXUP_HP_HEADSET_MIC2), + SND_PCI_QUIRK(0x1043, 0x1080, "Asus UX501VW", ALC668_FIXUP_HEADSET_MODE), + SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50), +-- +2.35.3 + diff --git a/patches.suse/ASoC-Intel-Skylake-Correct-the-handling-of-fmt_confi.patch b/patches.suse/ASoC-Intel-Skylake-Correct-the-handling-of-fmt_confi.patch new file mode 100644 index 0000000..dc5d7d2 --- /dev/null +++ b/patches.suse/ASoC-Intel-Skylake-Correct-the-handling-of-fmt_confi.patch @@ -0,0 +1,132 @@ +From fc976f5629afb4160ee77798b14a693eac903ffd Mon Sep 17 00:00:00 2001 +From: Peter Ujfalusi +Date: Thu, 30 Jun 2022 09:56:38 +0300 +Subject: [PATCH] ASoC: Intel: Skylake: Correct the handling of fmt_config flexible array +Git-commit: fc976f5629afb4160ee77798b14a693eac903ffd +Patch-mainline: v5.19-rc7 +References: git-fixes + +The struct nhlt_format's fmt_config is a flexible array, it must not be +used as normal array. +When moving to the next nhlt_fmt_cfg we need to take into account the data +behind the ->config.caps (indicated by ->config.size). + +The logic of the code also changed: it is no longer saves the _last_ +fmt_cfg for all found rates. + +Fixes: bc2bd45b1f7f3 ("ASoC: Intel: Skylake: Parse nhlt and register clock device") +Signed-off-by: Peter Ujfalusi +Reviewed-by: Cezary Rojewski +Link: https://lore.kernel.org/r/20220630065638.11183-3-peter.ujfalusi@linux.intel.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/intel/skylake/skl-nhlt.c | 37 ++++++++++++++++++++---------- + 1 file changed, 25 insertions(+), 12 deletions(-) + +diff --git a/sound/soc/intel/skylake/skl-nhlt.c b/sound/soc/intel/skylake/skl-nhlt.c +index 366f7bd9bc02..deb7b820325e 100644 +--- a/sound/soc/intel/skylake/skl-nhlt.c ++++ b/sound/soc/intel/skylake/skl-nhlt.c +@@ -111,11 +111,12 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + if (fmt->fmt_count == 0) + return; + ++ fmt_cfg = (struct nhlt_fmt_cfg *)fmt->fmt_config; + for (i = 0; i < fmt->fmt_count; i++) { ++ struct nhlt_fmt_cfg *saved_fmt_cfg = fmt_cfg; + bool present = false; + +- fmt_cfg = &fmt->fmt_config[i]; +- wav_fmt = &fmt_cfg->fmt_ext; ++ wav_fmt = &saved_fmt_cfg->fmt_ext; + + channels = wav_fmt->fmt.channels; + bps = wav_fmt->fmt.bits_per_sample; +@@ -133,12 +134,18 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + * derive the rate. + */ + for (j = i; j < fmt->fmt_count; j++) { +- fmt_cfg = &fmt->fmt_config[j]; +- wav_fmt = &fmt_cfg->fmt_ext; ++ struct nhlt_fmt_cfg *tmp_fmt_cfg = fmt_cfg; ++ ++ wav_fmt = &tmp_fmt_cfg->fmt_ext; + if ((fs == wav_fmt->fmt.samples_per_sec) && +- (bps == wav_fmt->fmt.bits_per_sample)) ++ (bps == wav_fmt->fmt.bits_per_sample)) { + channels = max_t(u16, channels, + wav_fmt->fmt.channels); ++ saved_fmt_cfg = tmp_fmt_cfg; ++ } ++ /* Move to the next nhlt_fmt_cfg */ ++ tmp_fmt_cfg = (struct nhlt_fmt_cfg *)(tmp_fmt_cfg->config.caps + ++ tmp_fmt_cfg->config.size); + } + + rate = channels * bps * fs; +@@ -154,8 +161,11 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + + /* Fill rate and parent for sclk/sclkfs */ + if (!present) { ++ struct nhlt_fmt_cfg *first_fmt_cfg; ++ ++ first_fmt_cfg = (struct nhlt_fmt_cfg *)fmt->fmt_config; + i2s_config_ext = (struct skl_i2s_config_blob_ext *) +- fmt->fmt_config[0].config.caps; ++ first_fmt_cfg->config.caps; + + /* MCLK Divider Source Select */ + if (is_legacy_blob(i2s_config_ext->hdr.sig)) { +@@ -169,6 +179,9 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + + parent = skl_get_parent_clk(clk_src); + ++ /* Move to the next nhlt_fmt_cfg */ ++ fmt_cfg = (struct nhlt_fmt_cfg *)(fmt_cfg->config.caps + ++ fmt_cfg->config.size); + /* + * Do not copy the config data if there is no parent + * clock available for this clock source select +@@ -177,9 +190,9 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + continue; + + sclk[id].rate_cfg[rate_index].rate = rate; +- sclk[id].rate_cfg[rate_index].config = fmt_cfg; ++ sclk[id].rate_cfg[rate_index].config = saved_fmt_cfg; + sclkfs[id].rate_cfg[rate_index].rate = rate; +- sclkfs[id].rate_cfg[rate_index].config = fmt_cfg; ++ sclkfs[id].rate_cfg[rate_index].config = saved_fmt_cfg; + sclk[id].parent_name = parent->name; + sclkfs[id].parent_name = parent->name; + +@@ -193,13 +206,13 @@ static void skl_get_mclk(struct skl_dev *skl, struct skl_ssp_clk *mclk, + { + struct skl_i2s_config_blob_ext *i2s_config_ext; + struct skl_i2s_config_blob_legacy *i2s_config; +- struct nhlt_specific_cfg *fmt_cfg; ++ struct nhlt_fmt_cfg *fmt_cfg; + struct skl_clk_parent_src *parent; + u32 clkdiv, div_ratio; + u8 clk_src; + +- fmt_cfg = &fmt->fmt_config[0].config; +- i2s_config_ext = (struct skl_i2s_config_blob_ext *)fmt_cfg->caps; ++ fmt_cfg = (struct nhlt_fmt_cfg *)fmt->fmt_config; ++ i2s_config_ext = (struct skl_i2s_config_blob_ext *)fmt_cfg->config.caps; + + /* MCLK Divider Source Select and divider */ + if (is_legacy_blob(i2s_config_ext->hdr.sig)) { +@@ -228,7 +241,7 @@ static void skl_get_mclk(struct skl_dev *skl, struct skl_ssp_clk *mclk, + return; + + mclk[id].rate_cfg[0].rate = parent->rate/div_ratio; +- mclk[id].rate_cfg[0].config = &fmt->fmt_config[0]; ++ mclk[id].rate_cfg[0].config = fmt_cfg; + mclk[id].parent_name = parent->name; + } + +-- +2.35.3 + diff --git a/patches.suse/ASoC-Intel-Skylake-Correct-the-ssp-rate-discovery-in.patch b/patches.suse/ASoC-Intel-Skylake-Correct-the-ssp-rate-discovery-in.patch new file mode 100644 index 0000000..e847151 --- /dev/null +++ b/patches.suse/ASoC-Intel-Skylake-Correct-the-ssp-rate-discovery-in.patch @@ -0,0 +1,47 @@ +From 219af251bd1694bce1f627d238347d2eaf13de61 Mon Sep 17 00:00:00 2001 +From: Peter Ujfalusi +Date: Thu, 30 Jun 2022 09:56:37 +0300 +Subject: [PATCH] ASoC: Intel: Skylake: Correct the ssp rate discovery in skl_get_ssp_clks() +Git-commit: 219af251bd1694bce1f627d238347d2eaf13de61 +Patch-mainline: v5.19-rc7 +References: git-fixes + +The present flag is only set once when one rate has been found to be saved. +This will effectively going to ignore any rate discovered at later time and +based on the code, this is not the intention. + +Fixes: bc2bd45b1f7f3 ("ASoC: Intel: Skylake: Parse nhlt and register clock device") +Signed-off-by: Peter Ujfalusi +Reviewed-by: Cezary Rojewski +Link: https://lore.kernel.org/r/20220630065638.11183-2-peter.ujfalusi@linux.intel.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/intel/skylake/skl-nhlt.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/intel/skylake/skl-nhlt.c b/sound/soc/intel/skylake/skl-nhlt.c +index 2439a574ac2f..366f7bd9bc02 100644 +--- a/sound/soc/intel/skylake/skl-nhlt.c ++++ b/sound/soc/intel/skylake/skl-nhlt.c +@@ -99,7 +99,6 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + struct nhlt_fmt_cfg *fmt_cfg; + struct wav_fmt_ext *wav_fmt; + unsigned long rate; +- bool present = false; + int rate_index = 0; + u16 channels, bps; + u8 clk_src; +@@ -113,6 +112,8 @@ static void skl_get_ssp_clks(struct skl_dev *skl, struct skl_ssp_clk *ssp_clks, + return; + + for (i = 0; i < fmt->fmt_count; i++) { ++ bool present = false; ++ + fmt_cfg = &fmt->fmt_config[i]; + wav_fmt = &fmt_cfg->fmt_ext; + +-- +2.35.3 + diff --git a/patches.suse/ASoC-Remove-unused-hw_write_t-type.patch b/patches.suse/ASoC-Remove-unused-hw_write_t-type.patch new file mode 100644 index 0000000..87e162d --- /dev/null +++ b/patches.suse/ASoC-Remove-unused-hw_write_t-type.patch @@ -0,0 +1,42 @@ +From 12abc4d10d5502e4f3d8f1c6f9e8245747a44708 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Amadeusz=20S=C5=82awi=C5=84ski?= +Date: Fri, 10 Jun 2022 14:44:20 +0200 +Subject: [PATCH] ASoC: Remove unused hw_write_t type +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 12abc4d10d5502e4f3d8f1c6f9e8245747a44708 +Patch-mainline: v5.19-rc6 +References: git-fixes + +Commit 81da8a0b7975 ("ASoC: remove codec hw_write/control_data") removed +use of hw_write_t in struct snd_soc_codec, but it left type definition. +Fully clean it up. + +Fixes: 81da8a0b7975 ("ASoC: remove codec hw_write/control_data") +Signed-off-by: Amadeusz Sławiński +Reviewed-by: Cezary Rojewski +Link: https://lore.kernel.org/r/20220610124420.4160986-1-amadeuszx.slawinski@linux.intel.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + include/sound/soc.h | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/include/sound/soc.h b/include/sound/soc.h +index f20f5f890794..b276dcb5d4e8 100644 +--- a/include/sound/soc.h ++++ b/include/sound/soc.h +@@ -408,8 +408,6 @@ struct snd_soc_jack_pin; + + struct snd_soc_jack_gpio; + +-typedef int (*hw_write_t)(void *,const char* ,int); +- + enum snd_soc_pcm_subclass { + SND_SOC_PCM_CLASS_PCM = 0, + SND_SOC_PCM_CLASS_BE = 1, +-- +2.35.3 + diff --git a/patches.suse/ASoC-cs47l15-Fix-event-generation-for-low-power-mux-.patch b/patches.suse/ASoC-cs47l15-Fix-event-generation-for-low-power-mux-.patch new file mode 100644 index 0000000..b9e924c --- /dev/null +++ b/patches.suse/ASoC-cs47l15-Fix-event-generation-for-low-power-mux-.patch @@ -0,0 +1,48 @@ +From 7f103af4a10f375b9b346b4d0b730f6a66b8c451 Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Thu, 23 Jun 2022 11:51:17 +0100 +Subject: [PATCH] ASoC: cs47l15: Fix event generation for low power mux control +Git-commit: 7f103af4a10f375b9b346b4d0b730f6a66b8c451 +Patch-mainline: v5.19-rc6 +References: git-fixes + +cs47l15_in1_adc_put always returns zero regardless of if the control +value was updated. This results in missing notifications to user-space +of the control change. Update the handling to return 1 when the value is +changed. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220623105120.1981154-3-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/cs47l15.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/cs47l15.c b/sound/soc/codecs/cs47l15.c +index 391fd7da331f..1c7d52bef893 100644 +--- a/sound/soc/codecs/cs47l15.c ++++ b/sound/soc/codecs/cs47l15.c +@@ -122,6 +122,9 @@ static int cs47l15_in1_adc_put(struct snd_kcontrol *kcontrol, + snd_soc_kcontrol_component(kcontrol); + struct cs47l15 *cs47l15 = snd_soc_component_get_drvdata(component); + ++ if (!!ucontrol->value.integer.value[0] == cs47l15->in1_lp_mode) ++ return 0; ++ + switch (ucontrol->value.integer.value[0]) { + case 0: + /* Set IN1 to normal mode */ +@@ -150,7 +153,7 @@ static int cs47l15_in1_adc_put(struct snd_kcontrol *kcontrol, + break; + } + +- return 0; ++ return 1; + } + + static const struct snd_kcontrol_new cs47l15_snd_controls[] = { +-- +2.35.3 + diff --git a/patches.suse/ASoC-madera-Fix-event-generation-for-OUT1-demux.patch b/patches.suse/ASoC-madera-Fix-event-generation-for-OUT1-demux.patch new file mode 100644 index 0000000..3a747dd --- /dev/null +++ b/patches.suse/ASoC-madera-Fix-event-generation-for-OUT1-demux.patch @@ -0,0 +1,46 @@ +From e3cabbef3db8269207a6b8808f510137669f8deb Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Thu, 23 Jun 2022 11:51:18 +0100 +Subject: [PATCH] ASoC: madera: Fix event generation for OUT1 demux +Git-commit: e3cabbef3db8269207a6b8808f510137669f8deb +Patch-mainline: v5.19-rc6 +References: git-fixes + +madera_out1_demux_put returns the value of +snd_soc_dapm_mux_update_power, which returns a 1 if a path was found for +the kcontrol. This is obviously different to the expected return a 1 if +the control was updated value. This results in spurious notifications to +user-space. Update the handling to only return a 1 when the value is +changed. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220623105120.1981154-4-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/madera.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/sound/soc/codecs/madera.c b/sound/soc/codecs/madera.c +index 272041c6236a..8095a87117cf 100644 +--- a/sound/soc/codecs/madera.c ++++ b/sound/soc/codecs/madera.c +@@ -618,7 +618,13 @@ int madera_out1_demux_put(struct snd_kcontrol *kcontrol, + end: + snd_soc_dapm_mutex_unlock(dapm); + +- return snd_soc_dapm_mux_update_power(dapm, kcontrol, mux, e, NULL); ++ ret = snd_soc_dapm_mux_update_power(dapm, kcontrol, mux, e, NULL); ++ if (ret < 0) { ++ dev_err(madera->dev, "Failed to update demux power state: %d\n", ret); ++ return ret; ++ } ++ ++ return change; + } + EXPORT_SYMBOL_GPL(madera_out1_demux_put); + +-- +2.35.3 + diff --git a/patches.suse/ASoC-madera-Fix-event-generation-for-rate-controls.patch b/patches.suse/ASoC-madera-Fix-event-generation-for-rate-controls.patch new file mode 100644 index 0000000..ce802b2 --- /dev/null +++ b/patches.suse/ASoC-madera-Fix-event-generation-for-rate-controls.patch @@ -0,0 +1,51 @@ +From 980555e95f7cabdc9c80a07107622b097ba23703 Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Thu, 23 Jun 2022 11:51:19 +0100 +Subject: [PATCH] ASoC: madera: Fix event generation for rate controls +Git-commit: 980555e95f7cabdc9c80a07107622b097ba23703 +Patch-mainline: v5.19-rc6 +References: git-fixes + +madera_adsp_rate_put always returns zero regardless of if the control +value was updated. This results in missing notifications to user-space +of the control change. Update the handling to return 1 when the +value is changed. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220623105120.1981154-5-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/madera.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sound/soc/codecs/madera.c b/sound/soc/codecs/madera.c +index 8095a87117cf..b9f19fbd2911 100644 +--- a/sound/soc/codecs/madera.c ++++ b/sound/soc/codecs/madera.c +@@ -899,7 +899,7 @@ static int madera_adsp_rate_put(struct snd_kcontrol *kcontrol, + struct soc_enum *e = (struct soc_enum *)kcontrol->private_value; + const int adsp_num = e->shift_l; + const unsigned int item = ucontrol->value.enumerated.item[0]; +- int ret; ++ int ret = 0; + + if (item >= e->items) + return -EINVAL; +@@ -916,10 +916,10 @@ static int madera_adsp_rate_put(struct snd_kcontrol *kcontrol, + "Cannot change '%s' while in use by active audio paths\n", + kcontrol->id.name); + ret = -EBUSY; +- } else { ++ } else if (priv->adsp_rate_cache[adsp_num] != e->values[item]) { + /* Volatile register so defer until the codec is powered up */ + priv->adsp_rate_cache[adsp_num] = e->values[item]; +- ret = 0; ++ ret = 1; + } + + mutex_unlock(&priv->rate_lock); +-- +2.35.3 + diff --git a/patches.suse/ASoC-ops-Fix-off-by-one-in-range-control-validation.patch b/patches.suse/ASoC-ops-Fix-off-by-one-in-range-control-validation.patch new file mode 100644 index 0000000..9576490 --- /dev/null +++ b/patches.suse/ASoC-ops-Fix-off-by-one-in-range-control-validation.patch @@ -0,0 +1,44 @@ +From 5871321fb4558c55bf9567052b618ff0be6b975e Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Sat, 4 Jun 2022 11:52:46 +0100 +Subject: [PATCH] ASoC: ops: Fix off by one in range control validation +Git-commit: 5871321fb4558c55bf9567052b618ff0be6b975e +Patch-mainline: v5.19-rc6 +References: git-fixes + +We currently report that range controls accept a range of 0..(max-min) but +accept writes in the range 0..(max-min+1). Remove that extra +1. + +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20220604105246.4055214-1-broonie@kernel.org +Acked-by: Takashi Iwai + +--- + sound/soc/soc-ops.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/soc-ops.c b/sound/soc/soc-ops.c +index e693070f51fe..d867f449d82d 100644 +--- a/sound/soc/soc-ops.c ++++ b/sound/soc/soc-ops.c +@@ -526,7 +526,7 @@ int snd_soc_put_volsw_range(struct snd_kcontrol *kcontrol, + return -EINVAL; + if (mc->platform_max && tmp > mc->platform_max) + return -EINVAL; +- if (tmp > mc->max - mc->min + 1) ++ if (tmp > mc->max - mc->min) + return -EINVAL; + + if (invert) +@@ -547,7 +547,7 @@ int snd_soc_put_volsw_range(struct snd_kcontrol *kcontrol, + return -EINVAL; + if (mc->platform_max && tmp > mc->platform_max) + return -EINVAL; +- if (tmp > mc->max - mc->min + 1) ++ if (tmp > mc->max - mc->min) + return -EINVAL; + + if (invert) +-- +2.35.3 + diff --git a/patches.suse/ASoC-sgtl5000-Fix-noise-on-shutdown-remove.patch b/patches.suse/ASoC-sgtl5000-Fix-noise-on-shutdown-remove.patch new file mode 100644 index 0000000..90466b3 --- /dev/null +++ b/patches.suse/ASoC-sgtl5000-Fix-noise-on-shutdown-remove.patch @@ -0,0 +1,72 @@ +From 040e3360af3736348112d29425bf5d0be5b93115 Mon Sep 17 00:00:00 2001 +From: Francesco Dolcini +Date: Fri, 24 Jun 2022 12:13:01 +0200 +Subject: [PATCH] ASoC: sgtl5000: Fix noise on shutdown/remove +Git-commit: 040e3360af3736348112d29425bf5d0be5b93115 +Patch-mainline: v5.19-rc7 +References: git-fixes + +Put the SGTL5000 in a silent/safe state on shutdown/remove, this is +required since the SGTL5000 produces a constant noise on its output +after it is configured and its clock is removed. Without this change +this is happening every time the module is unbound/removed or from +reboot till the clock is enabled again. + +The issue was experienced on both a Toradex Colibri/Apalis iMX6, but can +be easily reproduced everywhere just playing something on the codec and +after that removing/unbinding the driver. + +Fixes: 9b34e6cc3bc2 ("ASoC: Add Freescale SGTL5000 codec support") +Signed-off-by: Francesco Dolcini +Reviewed-by: Fabio Estevam +Link: https://lore.kernel.org/r/20220624101301.441314-1-francesco.dolcini@toradex.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/sgtl5000.c | 9 +++++++++ + sound/soc/codecs/sgtl5000.h | 1 + + 2 files changed, 10 insertions(+) + +--- a/sound/soc/codecs/sgtl5000.c ++++ b/sound/soc/codecs/sgtl5000.c +@@ -1797,6 +1797,9 @@ static int sgtl5000_i2c_remove(struct i2 + { + struct sgtl5000_priv *sgtl5000 = i2c_get_clientdata(client); + ++ regmap_write(sgtl5000->regmap, SGTL5000_CHIP_DIG_POWER, SGTL5000_DIG_POWER_DEFAULT); ++ regmap_write(sgtl5000->regmap, SGTL5000_CHIP_ANA_POWER, SGTL5000_ANA_POWER_DEFAULT); ++ + clk_disable_unprepare(sgtl5000->mclk); + regulator_bulk_disable(sgtl5000->num_supplies, sgtl5000->supplies); + regulator_bulk_free(sgtl5000->num_supplies, sgtl5000->supplies); +@@ -1804,6 +1807,11 @@ static int sgtl5000_i2c_remove(struct i2 + return 0; + } + ++static void sgtl5000_i2c_shutdown(struct i2c_client *client) ++{ ++ sgtl5000_i2c_remove(client); ++} ++ + static const struct i2c_device_id sgtl5000_id[] = { + {"sgtl5000", 0}, + {}, +@@ -1824,6 +1832,7 @@ static struct i2c_driver sgtl5000_i2c_dr + }, + .probe = sgtl5000_i2c_probe, + .remove = sgtl5000_i2c_remove, ++ .shutdown = sgtl5000_i2c_shutdown, + .id_table = sgtl5000_id, + }; + +--- a/sound/soc/codecs/sgtl5000.h ++++ b/sound/soc/codecs/sgtl5000.h +@@ -80,6 +80,7 @@ + /* + * SGTL5000_CHIP_DIG_POWER + */ ++#define SGTL5000_DIG_POWER_DEFAULT 0x0000 + #define SGTL5000_ADC_EN 0x0040 + #define SGTL5000_DAC_EN 0x0020 + #define SGTL5000_DAP_POWERUP 0x0010 diff --git a/patches.suse/ASoC-wm5110-Fix-DRE-control.patch b/patches.suse/ASoC-wm5110-Fix-DRE-control.patch new file mode 100644 index 0000000..a870f98 --- /dev/null +++ b/patches.suse/ASoC-wm5110-Fix-DRE-control.patch @@ -0,0 +1,56 @@ +From 0bc0ae9a5938d512fd5d44f11c9c04892dcf4961 Mon Sep 17 00:00:00 2001 +From: Charles Keepax +Date: Tue, 21 Jun 2022 11:20:39 +0100 +Subject: [PATCH] ASoC: wm5110: Fix DRE control +Git-commit: 0bc0ae9a5938d512fd5d44f11c9c04892dcf4961 +Patch-mainline: v5.19-rc6 +References: git-fixes + +The DRE controls on wm5110 should return a value of 1 if the DRE state +is actually changed, update to fix this. + +Signed-off-by: Charles Keepax +Link: https://lore.kernel.org/r/20220621102041.1713504-2-ckeepax@opensource.cirrus.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + sound/soc/codecs/wm5110.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/sound/soc/codecs/wm5110.c b/sound/soc/codecs/wm5110.c +index 4973ba1ed779..4ab7a672f8de 100644 +--- a/sound/soc/codecs/wm5110.c ++++ b/sound/soc/codecs/wm5110.c +@@ -413,6 +413,7 @@ static int wm5110_put_dre(struct snd_kcontrol *kcontrol, + unsigned int rnew = (!!ucontrol->value.integer.value[1]) << mc->rshift; + unsigned int lold, rold; + unsigned int lena, rena; ++ bool change = false; + int ret; + + snd_soc_dapm_mutex_lock(dapm); +@@ -440,8 +441,8 @@ static int wm5110_put_dre(struct snd_kcontrol *kcontrol, + goto err; + } + +- ret = regmap_update_bits(arizona->regmap, ARIZONA_DRE_ENABLE, +- mask, lnew | rnew); ++ ret = regmap_update_bits_check(arizona->regmap, ARIZONA_DRE_ENABLE, ++ mask, lnew | rnew, &change); + if (ret) { + dev_err(arizona->dev, "Failed to set DRE: %d\n", ret); + goto err; +@@ -454,6 +455,9 @@ static int wm5110_put_dre(struct snd_kcontrol *kcontrol, + if (!rnew && rold) + wm5110_clear_pga_volume(arizona, mc->rshift); + ++ if (change) ++ ret = 1; ++ + err: + snd_soc_dapm_mutex_unlock(dapm); + +-- +2.35.3 + diff --git a/patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_c.patch b/patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_c.patch new file mode 100644 index 0000000..2049d97 --- /dev/null +++ b/patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_c.patch @@ -0,0 +1,263 @@ +From d0be8347c623e0ac4202a1d4e0373882821f56b0 Mon Sep 17 00:00:00 2001 +From: Luiz Augusto von Dentz +Date: Thu, 21 Jul 2022 09:10:50 -0700 +Subject: [PATCH] Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put +Git-commit: d0be8347c623e0ac4202a1d4e0373882821f56b0 +Patch-mainline: v5.19 +References: git-fixes + +This fixes the following trace which is caused by hci_rx_work starting up +*after* the final channel reference has been put() during sock_close() but +*before* the references to the channel have been destroyed, so instead +the code now rely on kref_get_unless_zero/l2cap_chan_hold_unless_zero to +prevent referencing a channel that is about to be destroyed. + + refcount_t: increment on 0; use-after-free. + BUG: KASAN: use-after-free in refcount_dec_and_test+0x20/0xd0 + Read of size 4 at addr ffffffc114f5bf18 by task kworker/u17:14/705 + + CPU: 4 PID: 705 Comm: kworker/u17:14 Tainted: G S W + 4.14.234-00003-g1fb6d0bd49a4-dirty #28 + Hardware name: Qualcomm Technologies, Inc. SM8150 V2 PM8150 + Google Inc. MSM sm8150 Flame DVT (DT) + Workqueue: hci0 hci_rx_work + Call trace: + dump_backtrace+0x0/0x378 + show_stack+0x20/0x2c + dump_stack+0x124/0x148 + print_address_description+0x80/0x2e8 + __kasan_report+0x168/0x188 + kasan_report+0x10/0x18 + __asan_load4+0x84/0x8c + refcount_dec_and_test+0x20/0xd0 + l2cap_chan_put+0x48/0x12c + l2cap_recv_frame+0x4770/0x6550 + l2cap_recv_acldata+0x44c/0x7a4 + hci_acldata_packet+0x100/0x188 + hci_rx_work+0x178/0x23c + process_one_work+0x35c/0x95c + worker_thread+0x4cc/0x960 + kthread+0x1a8/0x1c4 + ret_from_fork+0x10/0x18 + +Cc: stable@kernel.org +Reported-by: Lee Jones +Signed-off-by: Luiz Augusto von Dentz +Tested-by: Lee Jones +Acked-by: Takashi Iwai + +--- + include/net/bluetooth/l2cap.h | 1 + net/bluetooth/l2cap_core.c | 61 +++++++++++++++++++++++++++++++++--------- + 2 files changed, 49 insertions(+), 13 deletions(-) + +--- a/include/net/bluetooth/l2cap.h ++++ b/include/net/bluetooth/l2cap.h +@@ -845,6 +845,7 @@ enum { + }; + + void l2cap_chan_hold(struct l2cap_chan *c); ++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c); + void l2cap_chan_put(struct l2cap_chan *c); + + static inline void l2cap_chan_lock(struct l2cap_chan *chan) +--- a/net/bluetooth/l2cap_core.c ++++ b/net/bluetooth/l2cap_core.c +@@ -111,7 +111,8 @@ static struct l2cap_chan *__l2cap_get_ch + } + + /* Find channel with given SCID. +- * Returns locked channel. */ ++ * Returns a reference locked channel. ++ */ + static struct l2cap_chan *l2cap_get_chan_by_scid(struct l2cap_conn *conn, + u16 cid) + { +@@ -119,15 +120,19 @@ static struct l2cap_chan *l2cap_get_chan + + mutex_lock(&conn->chan_lock); + c = __l2cap_get_chan_by_scid(conn, cid); +- if (c) +- l2cap_chan_lock(c); ++ if (c) { ++ /* Only lock if chan reference is not 0 */ ++ c = l2cap_chan_hold_unless_zero(c); ++ if (c) ++ l2cap_chan_lock(c); ++ } + mutex_unlock(&conn->chan_lock); + + return c; + } + + /* Find channel with given DCID. +- * Returns locked channel. ++ * Returns a reference locked channel. + */ + static struct l2cap_chan *l2cap_get_chan_by_dcid(struct l2cap_conn *conn, + u16 cid) +@@ -136,8 +141,12 @@ static struct l2cap_chan *l2cap_get_chan + + mutex_lock(&conn->chan_lock); + c = __l2cap_get_chan_by_dcid(conn, cid); +- if (c) +- l2cap_chan_lock(c); ++ if (c) { ++ /* Only lock if chan reference is not 0 */ ++ c = l2cap_chan_hold_unless_zero(c); ++ if (c) ++ l2cap_chan_lock(c); ++ } + mutex_unlock(&conn->chan_lock); + + return c; +@@ -162,8 +171,12 @@ static struct l2cap_chan *l2cap_get_chan + + mutex_lock(&conn->chan_lock); + c = __l2cap_get_chan_by_ident(conn, ident); +- if (c) +- l2cap_chan_lock(c); ++ if (c) { ++ /* Only lock if chan reference is not 0 */ ++ c = l2cap_chan_hold_unless_zero(c); ++ if (c) ++ l2cap_chan_lock(c); ++ } + mutex_unlock(&conn->chan_lock); + + return c; +@@ -497,6 +510,16 @@ void l2cap_chan_hold(struct l2cap_chan * + kref_get(&c->kref); + } + ++struct l2cap_chan *l2cap_chan_hold_unless_zero(struct l2cap_chan *c) ++{ ++ BT_DBG("chan %p orig refcnt %u", c, kref_read(&c->kref)); ++ ++ if (!kref_get_unless_zero(&c->kref)) ++ return NULL; ++ ++ return c; ++} ++ + void l2cap_chan_put(struct l2cap_chan *c) + { + BT_DBG("chan %p orig refcnt %d", c, kref_read(&c->kref)); +@@ -1964,7 +1987,10 @@ static struct l2cap_chan *l2cap_global_c + src_match = !bacmp(&c->src, src); + dst_match = !bacmp(&c->dst, dst); + if (src_match && dst_match) { +- l2cap_chan_hold(c); ++ c = l2cap_chan_hold_unless_zero(c); ++ if (!c) ++ continue; ++ + read_unlock(&chan_list_lock); + return c; + } +@@ -1979,7 +2005,7 @@ static struct l2cap_chan *l2cap_global_c + } + + if (c1) +- l2cap_chan_hold(c1); ++ c1 = l2cap_chan_hold_unless_zero(c1); + + read_unlock(&chan_list_lock); + +@@ -4459,6 +4485,7 @@ static inline int l2cap_config_req(struc + + unlock: + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + return err; + } + +@@ -4572,6 +4599,7 @@ static inline int l2cap_config_rsp(struc + + done: + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + return err; + } + +@@ -5299,6 +5327,7 @@ send_move_response: + l2cap_send_move_chan_rsp(chan, result); + + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + + return 0; + } +@@ -5391,6 +5420,7 @@ static void l2cap_move_continue(struct l + } + + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + } + + static void l2cap_move_fail(struct l2cap_conn *conn, u8 ident, u16 icid, +@@ -5420,6 +5450,7 @@ static void l2cap_move_fail(struct l2cap + l2cap_send_move_chan_cfm(chan, L2CAP_MC_UNCONFIRMED); + + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + } + + static int l2cap_move_channel_rsp(struct l2cap_conn *conn, +@@ -5483,6 +5514,7 @@ static int l2cap_move_channel_confirm(st + l2cap_send_move_chan_cfm_rsp(conn, cmd->ident, icid); + + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + + return 0; + } +@@ -5518,6 +5550,7 @@ static inline int l2cap_move_channel_con + } + + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + + return 0; + } +@@ -5890,12 +5923,11 @@ static inline int l2cap_le_credits(struc + if (credits > max_credits) { + BT_ERR("LE credits overflow"); + l2cap_send_disconn_req(chan, ECONNRESET); +- l2cap_chan_unlock(chan); + + /* Return 0 so that we don't trigger an unnecessary + * command reject packet. + */ +- return 0; ++ goto unlock; + } + + chan->tx_credits += credits; +@@ -5906,7 +5938,9 @@ static inline int l2cap_le_credits(struc + if (chan->tx_credits) + chan->ops->resume(chan); + ++unlock: + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + + return 0; + } +@@ -7586,6 +7620,7 @@ drop: + + done: + l2cap_chan_unlock(chan); ++ l2cap_chan_put(chan); + } + + static void l2cap_conless_channel(struct l2cap_conn *conn, __le16 psm, +@@ -8073,7 +8108,7 @@ static struct l2cap_chan *l2cap_global_f + if (src_type != c->src_type) + continue; + +- l2cap_chan_hold(c); ++ c = l2cap_chan_hold_unless_zero(c); + read_unlock(&chan_list_lock); + return c; + } diff --git a/patches.suse/Bluetooth-hci_intel-Add-check-for-platform_driver_re.patch b/patches.suse/Bluetooth-hci_intel-Add-check-for-platform_driver_re.patch new file mode 100644 index 0000000..ea6ea96 --- /dev/null +++ b/patches.suse/Bluetooth-hci_intel-Add-check-for-platform_driver_re.patch @@ -0,0 +1,41 @@ +From ab2d2a982ff721f4b029282d9a40602ea46a745e Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Fri, 3 Jun 2022 09:24:36 +0800 +Subject: [PATCH] Bluetooth: hci_intel: Add check for platform_driver_register +Git-commit: ab2d2a982ff721f4b029282d9a40602ea46a745e +Patch-mainline: v6.0-rc1 +References: git-fixes + +As platform_driver_register() could fail, it should be better +to deal with the return value in order to maintain the code +consisitency. + +Fixes: 1ab1f239bf17 ("Bluetooth: hci_intel: Add support for platform driver") +Signed-off-by: Jiasheng Jiang +Signed-off-by: Marcel Holtmann +Acked-by: Takashi Iwai + +--- + drivers/bluetooth/hci_intel.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c +index 7249b91d9b91..78afb9a348e7 100644 +--- a/drivers/bluetooth/hci_intel.c ++++ b/drivers/bluetooth/hci_intel.c +@@ -1217,7 +1217,11 @@ static struct platform_driver intel_driver = { + + int __init intel_init(void) + { +- platform_driver_register(&intel_driver); ++ int err; ++ ++ err = platform_driver_register(&intel_driver); ++ if (err) ++ return err; + + return hci_uart_register_proto(&intel_proto); + } +-- +2.35.3 + diff --git a/patches.suse/FDDI-defxx-Bail-out-gracefully-with-unassigned-PCI-r.patch b/patches.suse/FDDI-defxx-Bail-out-gracefully-with-unassigned-PCI-r.patch new file mode 100644 index 0000000..93d9f0c --- /dev/null +++ b/patches.suse/FDDI-defxx-Bail-out-gracefully-with-unassigned-PCI-r.patch @@ -0,0 +1,193 @@ +From 7bc60a07a1093b80626a738133848986bd481d7a Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Wed, 10 Mar 2021 13:03:09 +0100 +Subject: [PATCH 16/17] FDDI: defxx: Bail out gracefully with unassigned PCI + resource for CSR +Git-commit: f626ca682912fab55dff15469ce893ae16b65c7e +References: git-fixes +Patch-mainline: v5.13-rc1 + +Recent versions of the PCI Express specification have deprecated support +for I/O transactions and actually some PCIe host bridges, such as Power +Systems Host Bridge 4 (PHB4), do not implement them. + +For those systems the PCI BARs that request a mapping in the I/O space +have the length recorded in the corresponding PCI resource set to zero, +which makes it unassigned: + +0031:02:04.0 FDDI network controller: Digital Equipment Corporation PCI-to-PDQ Interface Chip [PFI] FDDI (DEFPA) (rev 02) + Subsystem: Digital Equipment Corporation FDDIcontroller/PCI (DEFPA) + Flags: bus master, medium devsel, latency 136, IRQ 57, NUMA node 8 + Memory at 620c080020000 (32-bit, non-prefetchable) [size=128] + I/O ports at [disabled] + Memory at 620c080030000 (32-bit, non-prefetchable) [size=64K] + Capabilities: [50] Power Management version 2 + Kernel driver in use: defxx + Kernel modules: defxx + +Regardless the driver goes ahead and requests it (here observed with a +Raptor Talos II POWER9 system), resulting in an odd /proc/ioport entry: + +00000000-ffffffffffffffff : 0031:02:04.0 + +Furthermore, the system gets confused as the driver actually continues +and pokes at those locations, causing a flood of messages being output +to the system console by the underlying system firmware, like: + +defxx: v1.11 2014/07/01 Lawrence V. Stefani and others +defxx 0031:02:04.0: enabling device (0140 -> 0142) +LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010000 +IPMI: dropping non severe PEL event +LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010014 +IPMI: dropping non severe PEL event +LPC[000]: Got SYNC no-response error. Error address reg: 0xd0010014 +IPMI: dropping non severe PEL event + +and so on and so on (possibly intermixed actually, as there's no locking +between the kernel and the firmware in console port access with this +particular system, but cleaned up above for clarity), and once some 10k +of such pairs of the latter two messages have been produced an interace +eventually shows up in a useless state: + +0031:02:04.0: DEFPA at I/O addr = 0x0, IRQ = 57, Hardware addr = 00-00-00-00-00-00 + +This was not expected to happen as resource handling was added to the +driver a while ago, because it was not known at that time that a PCI +system would be possible that cannot assign port I/O resources, and +oddly enough `request_region' does not fail, which would have caught it. + +Correct the problem then by checking for the length of zero for the CSR +resource and bail out gracefully refusing to register an interface if +that turns out to be the case, producing messages like: + +defxx: v1.11 2014/07/01 Lawrence V. Stefani and others +0031:02:04.0: Cannot use I/O, no address set, aborting +0031:02:04.0: Recompile driver with "CONFIG_DEFXX_MMIO=y" + +Keep the original check for the EISA MMIO resource as implemented, +because in that case the length is hardwired to 0x400 as a consequence +of how the compare/mask address decoding works in the ESIC chip and it +is only the base address that is set to zero if MMIO has been disabled +for the adapter in EISA configuration, which in turn could be a valid +bus address in a legacy-free system implementing PCI, especially for +port I/O. + +Where the EISA MMIO resource has been disabled for the adapter in EISA +configuration this arrangement keeps producing messages like: + +eisa 00:05: EISA: slot 5: DEC3002 detected +defxx: v1.11 2014/07/01 Lawrence V. Stefani and others +00:05: Cannot use MMIO, no address set, aborting +00:05: Recompile driver with "CONFIG_DEFXX_MMIO=n" +00:05: Or run ECU and set adapter's MMIO location + +with the last two lines now swapped for easier handling in the driver. + +There is no need to check for and catch the case of a port I/O resource +not having been assigned for EISA as the adapter uses the slot-specific +I/O space, which gets assigned by how EISA has been specified and maps +directly to the particular slot an option card has been placed in. And +the EISA variant of the adapter has additional registers that are only +accessible via the port I/O space anyway. + +While at it factor out the error message calls into helpers and fix an +argument order bug with the `pr_err' call now in `dfx_register_res_err'. + +Signed-off-by: Maciej W. Rozycki +Fixes: 4d0438e56a8f ("defxx: Clean up DEFEA resource management") +Cc: stable@vger.kernel.org # v3.19+ +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/fddi/defxx.c | 47 ++++++++++++++++++++++++++++++----------------- + 1 file changed, 30 insertions(+), 17 deletions(-) + +diff --git a/drivers/net/fddi/defxx.c b/drivers/net/fddi/defxx.c +index 56b7791911bf..c866f58dab70 100644 +--- a/drivers/net/fddi/defxx.c ++++ b/drivers/net/fddi/defxx.c +@@ -495,6 +495,25 @@ static const struct net_device_ops dfx_netdev_ops = { + .ndo_set_mac_address = dfx_ctl_set_mac_address, + }; + ++static void dfx_register_res_alloc_err(const char *print_name, bool mmio, ++ bool eisa) ++{ ++ pr_err("%s: Cannot use %s, no address set, aborting\n", ++ print_name, mmio ? "MMIO" : "I/O"); ++ pr_err("%s: Recompile driver with \"CONFIG_DEFXX_MMIO=%c\"\n", ++ print_name, mmio ? 'n' : 'y'); ++ if (eisa && mmio) ++ pr_err("%s: Or run ECU and set adapter's MMIO location\n", ++ print_name); ++} ++ ++static void dfx_register_res_err(const char *print_name, bool mmio, ++ unsigned long start, unsigned long len) ++{ ++ pr_err("%s: Cannot reserve %s resource 0x%lx @ 0x%lx, aborting\n", ++ print_name, mmio ? "MMIO" : "I/O", len, start); ++} ++ + /* + * ================ + * = dfx_register = +@@ -568,15 +587,12 @@ static int dfx_register(struct device *bdev) + dev_set_drvdata(bdev, dev); + + dfx_get_bars(bdev, bar_start, bar_len); +- if (dfx_bus_eisa && dfx_use_mmio && bar_start[0] == 0) { +- pr_err("%s: Cannot use MMIO, no address set, aborting\n", +- print_name); +- pr_err("%s: Run ECU and set adapter's MMIO location\n", +- print_name); +- pr_err("%s: Or recompile driver with \"CONFIG_DEFXX_MMIO=n\"" +- "\n", print_name); ++ if (bar_len[0] == 0 || ++ (dfx_bus_eisa && dfx_use_mmio && bar_start[0] == 0)) { ++ dfx_register_res_alloc_err(print_name, dfx_use_mmio, ++ dfx_bus_eisa); + err = -ENXIO; +- goto err_out; ++ goto err_out_disable; + } + + if (dfx_use_mmio) +@@ -585,18 +601,16 @@ static int dfx_register(struct device *bdev) + else + region = request_region(bar_start[0], bar_len[0], print_name); + if (!region) { +- pr_err("%s: Cannot reserve %s resource 0x%lx @ 0x%lx, " +- "aborting\n", dfx_use_mmio ? "MMIO" : "I/O", print_name, +- (long)bar_len[0], (long)bar_start[0]); ++ dfx_register_res_err(print_name, dfx_use_mmio, ++ bar_start[0], bar_len[0]); + err = -EBUSY; + goto err_out_disable; + } + if (bar_start[1] != 0) { + region = request_region(bar_start[1], bar_len[1], print_name); + if (!region) { +- pr_err("%s: Cannot reserve I/O resource " +- "0x%lx @ 0x%lx, aborting\n", print_name, +- (long)bar_len[1], (long)bar_start[1]); ++ dfx_register_res_err(print_name, 0, ++ bar_start[1], bar_len[1]); + err = -EBUSY; + goto err_out_csr_region; + } +@@ -604,9 +618,8 @@ static int dfx_register(struct device *bdev) + if (bar_start[2] != 0) { + region = request_region(bar_start[2], bar_len[2], print_name); + if (!region) { +- pr_err("%s: Cannot reserve I/O resource " +- "0x%lx @ 0x%lx, aborting\n", print_name, +- (long)bar_len[2], (long)bar_start[2]); ++ dfx_register_res_err(print_name, 0, ++ bar_start[2], bar_len[2]); + err = -EBUSY; + goto err_out_bh_region; + } +-- +2.16.4 + diff --git a/patches.suse/FDDI-defxx-Make-MMIO-the-configuration-default-excep.patch b/patches.suse/FDDI-defxx-Make-MMIO-the-configuration-default-excep.patch new file mode 100644 index 0000000..8676fc9 --- /dev/null +++ b/patches.suse/FDDI-defxx-Make-MMIO-the-configuration-default-excep.patch @@ -0,0 +1,81 @@ +From 1a325b0c5d8fb77ba5e3808e12aea92b10bf97fe Mon Sep 17 00:00:00 2001 +From: "Maciej W. Rozycki" +Date: Wed, 10 Mar 2021 13:03:14 +0100 +Subject: [PATCH 17/17] FDDI: defxx: Make MMIO the configuration default except + for EISA +Git-commit: 193ced4a79599352d63cb8c9e2f0c6043106eb6a +References: git-fixes +Patch-mainline: v5.13-rc1 + +Recent versions of the PCI Express specification have deprecated support +for I/O transactions and actually some PCIe host bridges, such as Power +Systems Host Bridge 4 (PHB4), do not implement them. + +The default kernel configuration choice for the defxx driver is the use +of I/O ports rather than MMIO for PCI and EISA systems. It may have +made sense as a conservative backwards compatible choice back when MMIO +operation support was added to the driver as a part of TURBOchannel bus +support. However nowadays this configuration choice makes the driver +unusable with systems that do not implement I/O transactions for PCIe. + +Make DEFXX_MMIO the configuration default then, except where configured +for EISA. This exception is because an EISA adapter can have its MMIO +decoding disabled with ECU (EISA Configuration Utility) and therefore +not available with the resource allocation infrastructure we implement, +while port I/O is always readily available as it uses slot-specific +addressing, directly mapped to the slot an option card has been placed +in and handled with our EISA bus support core. Conversely a kernel that +supports modern systems which may not have I/O transactions implemented +for PCIe will usually not be expected to handle legacy EISA systems. + +The change of the default will make it easier for people, including but +not limited to distribution packagers, to make a working choice for the +driver. + +Update the option description accordingly and while at it replace the +potentially ambiguous PIO acronym with IOP for "port I/O" vs "I/O ports" +according to our nomenclature used elsewhere. + +Signed-off-by: Maciej W. Rozycki +Fixes: e89a2cfb7d7b ("[TC] defxx: TURBOchannel support") +Cc: stable@vger.kernel.org # v2.6.21+ +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/fddi/Kconfig | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/fddi/Kconfig b/drivers/net/fddi/Kconfig +index 3b412a56f2cb..b807134ce90c 100644 +--- a/drivers/net/fddi/Kconfig ++++ b/drivers/net/fddi/Kconfig +@@ -40,17 +40,20 @@ config DEFXX + + config DEFXX_MMIO + bool +- prompt "Use MMIO instead of PIO" if PCI || EISA ++ prompt "Use MMIO instead of IOP" if PCI || EISA + depends on DEFXX +- default n if PCI || EISA ++ default n if EISA + default y + ---help--- + This instructs the driver to use EISA or PCI memory-mapped I/O +- (MMIO) as appropriate instead of programmed I/O ports (PIO). ++ (MMIO) as appropriate instead of programmed I/O ports (IOP). + Enabling this gives an improvement in processing time in parts +- of the driver, but it may cause problems with EISA (DEFEA) +- adapters. TURBOchannel does not have the concept of I/O ports, +- so MMIO is always used for these (DEFTA) adapters. ++ of the driver, but it requires a memory window to be configured ++ for EISA (DEFEA) adapters that may not always be available. ++ Conversely some PCIe host bridges do not support IOP, so MMIO ++ may be required to access PCI (DEFPA) adapters on downstream PCI ++ buses with some systems. TURBOchannel does not have the concept ++ of I/O ports, so MMIO is always used for these (DEFTA) adapters. + + If unsure, say N. + +-- +2.16.4 + diff --git a/patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch b/patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch new file mode 100644 index 0000000..0f2293b --- /dev/null +++ b/patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch @@ -0,0 +1,47 @@ +From 381583845d19cb4bd21c8193449385f3fefa9caf Mon Sep 17 00:00:00 2001 +From: Harshit Mogalapalli +Date: Wed, 8 Jun 2022 05:26:09 -0700 +Subject: [PATCH] HID: cp2112: prevent a buffer overflow in cp2112_xfer() +Git-commit: 381583845d19cb4bd21c8193449385f3fefa9caf +Patch-mainline: v6.0-rc1 +References: git-fixes + +Smatch warnings: +drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() +'data->block[1]' too small (33 vs 255) +drivers/hid/hid-cp2112.c:793 cp2112_xfer() error: __memcpy() 'buf' too +small (64 vs 255) + +The 'read_length' variable is provided by 'data->block[0]' which comes +from user and it(read_length) can take a value between 0-255. Add an +upper bound to 'read_length' variable to prevent a buffer overflow in +memcpy(). + +Fixes: 542134c0375b ("HID: cp2112: Fix I2C_BLOCK_DATA transactions") +Signed-off-by: Harshit Mogalapalli +Signed-off-by: Jiri Kosina +Acked-by: Takashi Iwai + +--- + drivers/hid/hid-cp2112.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/hid/hid-cp2112.c b/drivers/hid/hid-cp2112.c +index ece147d1a278..1e16b0fa310d 100644 +--- a/drivers/hid/hid-cp2112.c ++++ b/drivers/hid/hid-cp2112.c +@@ -790,6 +790,11 @@ static int cp2112_xfer(struct i2c_adapter *adap, u16 addr, + data->word = le16_to_cpup((__le16 *)buf); + break; + case I2C_SMBUS_I2C_BLOCK_DATA: ++ if (read_length > I2C_SMBUS_BLOCK_MAX) { ++ ret = -EINVAL; ++ goto power_normal; ++ } ++ + memcpy(data->block + 1, buf, read_length); + break; + case I2C_SMBUS_BLOCK_DATA: +-- +2.35.3 + diff --git a/patches.suse/KVM-VMX-Add-non-canonical-check-on-writes-to-RTIT-ad.patch b/patches.suse/KVM-VMX-Add-non-canonical-check-on-writes-to-RTIT-ad.patch new file mode 100644 index 0000000..1a749fc --- /dev/null +++ b/patches.suse/KVM-VMX-Add-non-canonical-check-on-writes-to-RTIT-ad.patch @@ -0,0 +1,37 @@ +Patch-mainline: v5.6-rc1 +Git-commit: fe6ed369fca98e99df55c932b85782a5687526b5 +References: git-fixes +From: Sean Christopherson +Date: Tue, 10 Dec 2019 15:24:32 -0800 +Subject: [PATCH] KVM: VMX: Add non-canonical check on writes to RTIT address + MSRs + +Reject writes to RTIT address MSRs if the data being written is a +non-canonical address as the MSRs are subject to canonical checks, e.g. +KVM will trigger an unchecked #GP when loading the values to hardware +during pt_guest_enter(). + +Cc: stable@vger.kernel.org +Signed-off-by: Sean Christopherson +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index c2ced79aee3e..aea4fa957fd2 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -2144,6 +2144,8 @@ static int vmx_set_msr(struct kvm_vcpu *vcpu, struct msr_data *msr_info) + (index >= 2 * intel_pt_validate_cap(vmx->pt_desc.caps, + PT_CAP_num_address_ranges))) + return 1; ++ if (is_noncanonical_address(data, vcpu)) ++ return 1; + if (index % 2) + vmx->pt_desc.guest.addr_b[index / 2] = data; + else +-- +2.35.3 + diff --git a/patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch b/patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch index c5cf495..076ff8c 100644 --- a/patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch +++ b/patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:12 +0200 Subject: KVM: VMX: Convert launched argument to flags Git-commit: bb06650634d3552c0f8557e9d16aa1a408040e28 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Convert __vmx_vcpu_run()'s 'launched' argument to 'flags', in diff --git a/patches.suse/KVM-VMX-Don-t-freeze-guest-when-event-delivery-cause.patch b/patches.suse/KVM-VMX-Don-t-freeze-guest-when-event-delivery-cause.patch new file mode 100644 index 0000000..840b1af --- /dev/null +++ b/patches.suse/KVM-VMX-Don-t-freeze-guest-when-event-delivery-cause.patch @@ -0,0 +1,37 @@ +Patch-mainline: v5.9-rc5 +Git-commit: 99b82a1437cb31340dbb2c437a2923b9814a7b15 +References: git-fixes +From: Wanpeng Li +Date: Wed, 19 Aug 2020 16:55:27 +0800 +Subject: [PATCH] KVM: VMX: Don't freeze guest when event delivery causes an + APIC-access exit + +According to SDM 27.2.4, Event delivery causes an APIC-access VM exit. +Don't report internal error and freeze guest when event delivery causes +an APIC-access exit, it is handleable and the event will be re-injected +during the next vmentry. + +Signed-off-by: Wanpeng Li +Message-Id: <1597827327-25055-2-git-send-email-wanpengli@tencent.com> +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/vmx/vmx.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/arch/x86/kvm/vmx/vmx.c b/arch/x86/kvm/vmx/vmx.c +index 19a599bebd5c..75cd720c9e8c 100644 +--- a/arch/x86/kvm/vmx/vmx.c ++++ b/arch/x86/kvm/vmx/vmx.c +@@ -6054,6 +6054,7 @@ static int vmx_handle_exit(struct kvm_vcpu *vcpu, fastpath_t exit_fastpath) + (exit_reason != EXIT_REASON_EXCEPTION_NMI && + exit_reason != EXIT_REASON_EPT_VIOLATION && + exit_reason != EXIT_REASON_PML_FULL && ++ exit_reason != EXIT_REASON_APIC_ACCESS && + exit_reason != EXIT_REASON_TASK_SWITCH)) { + vcpu->run->exit_reason = KVM_EXIT_INTERNAL_ERROR; + vcpu->run->internal.suberror = KVM_INTERNAL_ERROR_DELIVERY_EV; +-- +2.35.3 + diff --git a/patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch b/patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch index 151a692..fbc9e77 100644 --- a/patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch +++ b/patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:14 +0200 Subject: KVM: VMX: Fix IBRS handling after vmexit Git-commit: bea7e31a5caccb6fe8ed989c065072354f0ecb52 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 For legacy IBRS to work, the IBRS bit needs to be always re-written diff --git a/patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch b/patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch index ff392db..2574e3c 100644 --- a/patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch +++ b/patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:11 +0200 Subject: KVM: VMX: Flatten __vmx_vcpu_run() Git-commit: 8bd200d23ec42d66ccd517a72dd0b9cc6132d2fd -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Move the vmx_vm{enter,exit}() functionality into __vmx_vcpu_run(). This diff --git a/patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch b/patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch index 5e3775b..25cddd3 100644 --- a/patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch +++ b/patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:16 +0200 Subject: KVM: VMX: Prevent RSB underflow before vmenter Git-commit: 07853adc29a058c5fd143c14e5ac528448a72ed9 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 On VMX, there are some balanced returns between the time the guest's diff --git a/patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch b/patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch index b8d2065..7dbfed7 100644 --- a/patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch +++ b/patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:13 +0200 Subject: KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS Git-commit: fc02735b14fff8c6678b521d324ade27b1a3d4cf -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 On eIBRS systems, the returns in the vmexit return path from diff --git a/patches.suse/KVM-arm64-Avoid-setting-the-upper-32-bits-of-TCR_EL2-and-CPTR_EL2-to-1.patch b/patches.suse/KVM-arm64-Avoid-setting-the-upper-32-bits-of-TCR_EL2-and-CPTR_EL2-to-1.patch new file mode 100644 index 0000000..9b970d3 --- /dev/null +++ b/patches.suse/KVM-arm64-Avoid-setting-the-upper-32-bits-of-TCR_EL2-and-CPTR_EL2-to-1.patch @@ -0,0 +1,54 @@ +From: Catalin Marinas +Date: Thu, 25 Nov 2021 15:20:14 +0000 +Subject: KVM: arm64: Avoid setting the upper 32 bits of TCR_EL2 and CPTR_EL2 + to 1 +Git-commit: 1f80d15020d7f130194821feb1432b67648c632d +Patch-mainline: v5.16-rc4 +References: bsc#1201442 + +Having a signed (1 << 31) constant for TCR_EL2_RES1 and CPTR_EL2_TCPAC +causes the upper 32-bit to be set to 1 when assigning them to a 64-bit +variable. Bit 32 in TCR_EL2 is no longer RES0 in ARMv8.7: with FEAT_LPA2 +it changes the meaning of bits 49:48 and 9:8 in the stage 1 EL2 page +table entries. As a result of the sign-extension, a non-VHE kernel can +no longer boot on a model with ARMv8.7 enabled. + +CPTR_EL2 still has the top 32 bits RES0 but we should preempt any future +problems + +Make these top bit constants unsigned as per commit df655b75c43f +("arm64: KVM: Avoid setting the upper 32 bits of VTCR_EL2 to 1"). + +Signed-off-by: Catalin Marinas +Reported-by: Chris January +Cc: +Cc: Will Deacon +Cc: Marc Zyngier +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20211125152014.2806582-1-catalin.marinas@arm.com + +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/kvm_arm.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/include/asm/kvm_arm.h ++++ b/arch/arm64/include/asm/kvm_arm.h +@@ -82,7 +82,7 @@ + #define HCR_HOST_VHE_FLAGS (HCR_RW | HCR_TGE | HCR_E2H) + + /* TCR_EL2 Registers bits */ +-#define TCR_EL2_RES1 ((1 << 31) | (1 << 23)) ++#define TCR_EL2_RES1 ((1U << 31) | (1 << 23)) + #define TCR_EL2_TBI (1 << 20) + #define TCR_EL2_PS_SHIFT 16 + #define TCR_EL2_PS_MASK (7 << TCR_EL2_PS_SHIFT) +@@ -267,7 +267,7 @@ + #define CPTR_EL2_TFP_SHIFT 10 + + /* Hyp Coprocessor Trap Register */ +-#define CPTR_EL2_TCPAC (1 << 31) ++#define CPTR_EL2_TCPAC (1U << 31) + #define CPTR_EL2_TAM (1 << 30) + #define CPTR_EL2_TTA (1 << 20) + #define CPTR_EL2_TFP (1 << CPTR_EL2_TFP_SHIFT) diff --git a/patches.suse/KVM-arm64-Fix-definition-of-PAGE_HYP_DEVICE.patch b/patches.suse/KVM-arm64-Fix-definition-of-PAGE_HYP_DEVICE.patch new file mode 100644 index 0000000..81b7f99 --- /dev/null +++ b/patches.suse/KVM-arm64-Fix-definition-of-PAGE_HYP_DEVICE.patch @@ -0,0 +1,38 @@ +From: Will Deacon +Date: Wed, 8 Jul 2020 17:25:46 +0100 +Subject: KVM: arm64: Fix definition of PAGE_HYP_DEVICE +Git-commit: 68cf617309b5f6f3a651165f49f20af1494753ae +Patch-mainline: v5.8-rc5 +References: git-fixes + +PAGE_HYP_DEVICE is intended to encode attribute bits for an EL2 stage-1 +pte mapping a device. Unfortunately, it includes PROT_DEVICE_nGnRE which +encodes attributes for EL1 stage-1 mappings such as UXN and nG, which are +RES0 for EL2, and DBM which is meaningless as TCR_EL2.HD is not set. + +Fix the definition of PAGE_HYP_DEVICE so that it doesn't set RES0 bits +at EL2. + +Acked-by: Marc Zyngier +Cc: Marc Zyngier +Cc: Catalin Marinas +Cc: James Morse +Cc: +Link: https://lore.kernel.org/r/20200708162546.26176-1-will@kernel.org +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/pgtable-prot.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/pgtable-prot.h ++++ b/arch/arm64/include/asm/pgtable-prot.h +@@ -54,7 +54,7 @@ + #define PAGE_HYP __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_HYP_XN) + #define PAGE_HYP_EXEC __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY) + #define PAGE_HYP_RO __pgprot(_HYP_PAGE_DEFAULT | PTE_HYP | PTE_RDONLY | PTE_HYP_XN) +-#define PAGE_HYP_DEVICE __pgprot(PROT_DEVICE_nGnRE | PTE_HYP) ++#define PAGE_HYP_DEVICE __pgprot(_PROT_DEFAULT | PTE_ATTRINDX(MT_DEVICE_nGnRE) | PTE_HYP | PTE_HYP_XN) + + #define PAGE_S2_MEMATTR(attr) \ + ({ \ diff --git a/patches.suse/KVM-x86-Fix-split-irqchip-vs-interrupt-injection-win.patch b/patches.suse/KVM-x86-Fix-split-irqchip-vs-interrupt-injection-win.patch new file mode 100644 index 0000000..489cc91 --- /dev/null +++ b/patches.suse/KVM-x86-Fix-split-irqchip-vs-interrupt-injection-win.patch @@ -0,0 +1,146 @@ +Patch-mainline: v5.10-rc6 +Git-commit: 71cc849b7093bb83af966c0e60cb11b7f35cd746 +References: git-fixes +From: Paolo Bonzini +Date: Fri, 27 Nov 2020 09:18:20 +0100 +Subject: [PATCH] KVM: x86: Fix split-irqchip vs interrupt injection window + request + +kvm_cpu_accept_dm_intr and kvm_vcpu_ready_for_interrupt_injection are +a hodge-podge of conditions, hacked together to get something that +more or less works. But what is actually needed is much simpler; +in both cases the fundamental question is, do we have a place to stash +an interrupt if userspace does KVM_INTERRUPT? + +In userspace irqchip mode, that is !vcpu->arch.interrupt.injected. +Currently kvm_event_needs_reinjection(vcpu) covers it, but it is +unnecessarily restrictive. + +In split irqchip mode it's a bit more complicated, we need to check +kvm_apic_accept_pic_intr(vcpu) (the IRQ window exit is basically an INTACK +cycle and thus requires ExtINTs not to be masked) as well as +!pending_userspace_extint(vcpu). However, there is no need to +check kvm_event_needs_reinjection(vcpu), since split irqchip keeps +pending ExtINT state separate from event injection state, and checking +kvm_cpu_has_interrupt(vcpu) is wrong too since ExtINT has higher +priority than APIC interrupts. In fact the latter fixes a bug: +when userspace requests an IRQ window vmexit, an interrupt in the +local APIC can cause kvm_cpu_has_interrupt() to be true and thus +kvm_vcpu_ready_for_interrupt_injection() to return false. When this +happens, vcpu_run does not exit to userspace but the interrupt window +vmexits keep occurring. The VM loops without any hope of making progress. + +Once we try to fix these with something like + + return kvm_arch_interrupt_allowed(vcpu) && +- !kvm_cpu_has_interrupt(vcpu) && +- !kvm_event_needs_reinjection(vcpu) && +- kvm_cpu_accept_dm_intr(vcpu); ++ (!lapic_in_kernel(vcpu) ++ ? !vcpu->arch.interrupt.injected ++ : (kvm_apic_accept_pic_intr(vcpu) ++ && !pending_userspace_extint(v))); + +we realize two things. First, thanks to the previous patch the complex +conditional can reuse !kvm_cpu_has_extint(vcpu). Second, the interrupt +window request in vcpu_enter_guest() + + bool req_int_win = + dm_request_for_irq_injection(vcpu) && + kvm_cpu_accept_dm_intr(vcpu); + +should be kept in sync with kvm_vcpu_ready_for_interrupt_injection(): +it is unnecessary to ask the processor for an interrupt window +if we would not be able to return to userspace. Therefore, +kvm_cpu_accept_dm_intr(vcpu) is basically !kvm_cpu_has_extint(vcpu) +ANDed with the existing check for masked ExtINT. It all makes sense: + +- we can accept an interrupt from userspace if there is a place + to stash it (and, for irqchip split, ExtINTs are not masked). + Interrupts from userspace _can_ be accepted even if right now + EFLAGS.IF=0. + +- in order to tell userspace we will inject its interrupt ("IRQ + window open" i.e. kvm_vcpu_ready_for_interrupt_injection), both + KVM and the vCPU need to be ready to accept the interrupt. + +... and this is what the patch implements. + +Reported-by: David Woodhouse +Analyzed-by: David Woodhouse +Cc: stable@vger.kernel.org +Signed-off-by: Paolo Bonzini +Reviewed-by: Nikos Tsironis +Reviewed-by: David Woodhouse +Tested-by: David Woodhouse +Signed-off-by: Juergen Gross +--- + arch/x86/include/asm/kvm_host.h | 1 + + arch/x86/kvm/irq.c | 2 +- + arch/x86/kvm/x86.c | 18 ++++++++++-------- + 3 files changed, 12 insertions(+), 9 deletions(-) + +diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h +index 324ddd7fd0aa..7e5f33a0d0e2 100644 +--- a/arch/x86/include/asm/kvm_host.h ++++ b/arch/x86/include/asm/kvm_host.h +@@ -1656,6 +1656,7 @@ int kvm_test_age_hva(struct kvm *kvm, unsigned long hva); + int kvm_set_spte_hva(struct kvm *kvm, unsigned long hva, pte_t pte); + int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v); + int kvm_cpu_has_interrupt(struct kvm_vcpu *vcpu); ++int kvm_cpu_has_extint(struct kvm_vcpu *v); + int kvm_arch_interrupt_allowed(struct kvm_vcpu *vcpu); + int kvm_cpu_get_interrupt(struct kvm_vcpu *v); + void kvm_vcpu_reset(struct kvm_vcpu *vcpu, bool init_event); +diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c +index ee94671272e3..814698e5b152 100644 +--- a/arch/x86/kvm/irq.c ++++ b/arch/x86/kvm/irq.c +@@ -40,7 +40,7 @@ static int pending_userspace_extint(struct kvm_vcpu *v) + * check if there is pending interrupt from + * non-APIC source without intack. + */ +-static int kvm_cpu_has_extint(struct kvm_vcpu *v) ++int kvm_cpu_has_extint(struct kvm_vcpu *v) + { + /* + * FIXME: interrupt.injected represents an interrupt whose +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 078a39d489fe..e545a8a613b1 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -4051,21 +4051,23 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, + + static int kvm_cpu_accept_dm_intr(struct kvm_vcpu *vcpu) + { ++ /* ++ * We can accept userspace's request for interrupt injection ++ * as long as we have a place to store the interrupt number. ++ * The actual injection will happen when the CPU is able to ++ * deliver the interrupt. ++ */ ++ if (kvm_cpu_has_extint(vcpu)) ++ return false; ++ ++ /* Acknowledging ExtINT does not happen if LINT0 is masked. */ + return (!lapic_in_kernel(vcpu) || + kvm_apic_accept_pic_intr(vcpu)); + } + +-/* +- * if userspace requested an interrupt window, check that the +- * interrupt window is open. +- * +- * No need to exit to userspace if we already have an interrupt queued. +- */ + static int kvm_vcpu_ready_for_interrupt_injection(struct kvm_vcpu *vcpu) + { + return kvm_arch_interrupt_allowed(vcpu) && +- !kvm_cpu_has_interrupt(vcpu) && +- !kvm_event_needs_reinjection(vcpu) && + kvm_cpu_accept_dm_intr(vcpu); + } + +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-Update-vCPU-s-hv_clock-before-back-to-guest-.patch b/patches.suse/KVM-x86-Update-vCPU-s-hv_clock-before-back-to-guest-.patch new file mode 100644 index 0000000..2d83e1e --- /dev/null +++ b/patches.suse/KVM-x86-Update-vCPU-s-hv_clock-before-back-to-guest-.patch @@ -0,0 +1,44 @@ +Patch-mainline: v5.15-rc1 +Git-commit: d9130a2dfdd4b21736c91b818f87dbc0ccd1e757 +References: git-fixes +From: Zelin Deng +Date: Wed, 28 Apr 2021 10:22:01 +0800 +Subject: [PATCH] KVM: x86: Update vCPU's hv_clock before back to guest when + tsc_offset is adjusted + +When MSR_IA32_TSC_ADJUST is written by guest due to TSC ADJUST feature +especially there's a big tsc warp (like a new vCPU is hot-added into VM +which has been up for a long time), tsc_offset is added by a large value +then go back to guest. This causes system time jump as tsc_timestamp is +not adjusted in the meantime and pvclock monotonic character. +To fix this, just notify kvm to update vCPU's guest time before back to +guest. + +Cc: stable@vger.kernel.org +Signed-off-by: Zelin Deng +Signed-off-by: Paolo Bonzini +Message-Id: <1619576521-81399-2-git-send-email-zelin.deng@linux.alibaba.com> +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/x86.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c +index 1a00af1b076b..28ef14155726 100644 +--- a/arch/x86/kvm/x86.c ++++ b/arch/x86/kvm/x86.c +@@ -3321,6 +3321,10 @@ int kvm_set_msr_common(struct kvm_vcpu *vcpu, struct msr_data *msr_info) + if (!msr_info->host_initiated) { + s64 adj = data - vcpu->arch.ia32_tsc_adjust_msr; + adjust_tsc_offset_guest(vcpu, adj); ++ /* Before back to guest, tsc_timestamp must be adjusted ++ * as well, otherwise guest's percpu pvclock time could jump. ++ */ ++ kvm_make_request(KVM_REQ_CLOCK_UPDATE, vcpu); + } + vcpu->arch.ia32_tsc_adjust_msr = data; + } +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-handle-lapic_in_kernel-case-in-kvm_cpu_-_ext.patch b/patches.suse/KVM-x86-handle-lapic_in_kernel-case-in-kvm_cpu_-_ext.patch new file mode 100644 index 0000000..c8f56dd --- /dev/null +++ b/patches.suse/KVM-x86-handle-lapic_in_kernel-case-in-kvm_cpu_-_ext.patch @@ -0,0 +1,168 @@ +Patch-mainline: v5.10-rc6 +Git-commit: 72c3bcdcda494cbd600712a32e67702cdee60c07 +References: git-fixes +From: Paolo Bonzini +Date: Fri, 27 Nov 2020 08:53:52 +0100 +Subject: [PATCH] KVM: x86: handle !lapic_in_kernel case in kvm_cpu_*_extint + +Centralize handling of interrupts from the userspace APIC +in kvm_cpu_has_extint and kvm_cpu_get_extint, since +userspace APIC interrupts are handled more or less the +same as ExtINTs are with split irqchip. This removes +duplicated code from kvm_cpu_has_injectable_intr and +kvm_cpu_has_interrupt, and makes the code more similar +between kvm_cpu_has_{extint,interrupt} on one side +and kvm_cpu_get_{extint,interrupt} on the other. + +Cc: stable@vger.kernel.org +Reviewed-by: Filippo Sironi +Reviewed-by: David Woodhouse +Tested-by: David Woodhouse +Signed-off-by: Paolo Bonzini +Signed-off-by: Juergen Gross +--- + arch/x86/kvm/irq.c | 83 ++++++++++++++++++-------------------------- + arch/x86/kvm/lapic.c | 2 +- + 2 files changed, 34 insertions(+), 51 deletions(-) + +diff --git a/arch/x86/kvm/irq.c b/arch/x86/kvm/irq.c +index 99d118ffc67d..ee94671272e3 100644 +--- a/arch/x86/kvm/irq.c ++++ b/arch/x86/kvm/irq.c +@@ -41,28 +41,9 @@ static int pending_userspace_extint(struct kvm_vcpu *v) + * non-APIC source without intack. + */ + static int kvm_cpu_has_extint(struct kvm_vcpu *v) +-{ +- u8 accept = kvm_apic_accept_pic_intr(v); +- +- if (accept) { +- if (irqchip_split(v->kvm)) +- return pending_userspace_extint(v); +- else +- return v->kvm->arch.vpic->output; +- } else +- return 0; +-} +- +-/* +- * check if there is injectable interrupt: +- * when virtual interrupt delivery enabled, +- * interrupt from apic will handled by hardware, +- * we don't need to check it here. +- */ +-int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v) + { + /* +- * FIXME: interrupt.injected represents an interrupt that it's ++ * FIXME: interrupt.injected represents an interrupt whose + * side-effects have already been applied (e.g. bit from IRR + * already moved to ISR). Therefore, it is incorrect to rely + * on interrupt.injected to know if there is a pending +@@ -75,6 +56,23 @@ int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v) + if (!lapic_in_kernel(v)) + return v->arch.interrupt.injected; + ++ if (!kvm_apic_accept_pic_intr(v)) ++ return 0; ++ ++ if (irqchip_split(v->kvm)) ++ return pending_userspace_extint(v); ++ else ++ return v->kvm->arch.vpic->output; ++} ++ ++/* ++ * check if there is injectable interrupt: ++ * when virtual interrupt delivery enabled, ++ * interrupt from apic will handled by hardware, ++ * we don't need to check it here. ++ */ ++int kvm_cpu_has_injectable_intr(struct kvm_vcpu *v) ++{ + if (kvm_cpu_has_extint(v)) + return 1; + +@@ -91,20 +89,6 @@ EXPORT_SYMBOL_GPL(kvm_cpu_has_injectable_intr); + */ + int kvm_cpu_has_interrupt(struct kvm_vcpu *v) + { +- /* +- * FIXME: interrupt.injected represents an interrupt that it's +- * side-effects have already been applied (e.g. bit from IRR +- * already moved to ISR). Therefore, it is incorrect to rely +- * on interrupt.injected to know if there is a pending +- * interrupt in the user-mode LAPIC. +- * This leads to nVMX/nSVM not be able to distinguish +- * if it should exit from L2 to L1 on EXTERNAL_INTERRUPT on +- * pending interrupt or should re-inject an injected +- * interrupt. +- */ +- if (!lapic_in_kernel(v)) +- return v->arch.interrupt.injected; +- + if (kvm_cpu_has_extint(v)) + return 1; + +@@ -118,16 +102,21 @@ EXPORT_SYMBOL_GPL(kvm_cpu_has_interrupt); + */ + static int kvm_cpu_get_extint(struct kvm_vcpu *v) + { +- if (kvm_cpu_has_extint(v)) { +- if (irqchip_split(v->kvm)) { +- int vector = v->arch.pending_external_vector; +- +- v->arch.pending_external_vector = -1; +- return vector; +- } else +- return kvm_pic_read_irq(v->kvm); /* PIC */ +- } else ++ if (!kvm_cpu_has_extint(v)) { ++ WARN_ON(!lapic_in_kernel(v)); + return -1; ++ } ++ ++ if (!lapic_in_kernel(v)) ++ return v->arch.interrupt.nr; ++ ++ if (irqchip_split(v->kvm)) { ++ int vector = v->arch.pending_external_vector; ++ ++ v->arch.pending_external_vector = -1; ++ return vector; ++ } else ++ return kvm_pic_read_irq(v->kvm); /* PIC */ + } + + /* +@@ -135,13 +124,7 @@ static int kvm_cpu_get_extint(struct kvm_vcpu *v) + */ + int kvm_cpu_get_interrupt(struct kvm_vcpu *v) + { +- int vector; +- +- if (!lapic_in_kernel(v)) +- return v->arch.interrupt.nr; +- +- vector = kvm_cpu_get_extint(v); +- ++ int vector = kvm_cpu_get_extint(v); + if (vector != -1) + return vector; /* PIC */ + +diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c +index 105e7859d1f2..86c33d53c90a 100644 +--- a/arch/x86/kvm/lapic.c ++++ b/arch/x86/kvm/lapic.c +@@ -2465,7 +2465,7 @@ int kvm_apic_has_interrupt(struct kvm_vcpu *vcpu) + struct kvm_lapic *apic = vcpu->arch.apic; + u32 ppr; + +- if (!kvm_apic_hw_enabled(apic)) ++ if (!kvm_apic_present(vcpu)) + return -1; + + __apic_update_ppr(apic, &ppr); +-- +2.35.3 + diff --git a/patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch b/patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch index ba44e16..10016d7 100644 --- a/patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch +++ b/patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:35:15 -0700 Subject: KVM: x86/speculation: Disable Fill buffer clear within guests Git-commit: 027bbb884be006b05d9c577d6401686053aa789e -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 The enumeration of MD_CLEAR in CPUID(EAX=7,ECX=0).EDX{bit 10} is not an diff --git a/patches.suse/NFC-nxp-nci-don-t-print-header-length-mismatch-on-i2.patch b/patches.suse/NFC-nxp-nci-don-t-print-header-length-mismatch-on-i2.patch new file mode 100644 index 0000000..c11b64b --- /dev/null +++ b/patches.suse/NFC-nxp-nci-don-t-print-header-length-mismatch-on-i2.patch @@ -0,0 +1,50 @@ +From 9577fc5fdc8b07b891709af6453545db405e24ad Mon Sep 17 00:00:00 2001 +From: Michael Walle +Date: Mon, 27 Jun 2022 19:06:43 +0200 +Subject: [PATCH] NFC: nxp-nci: don't print header length mismatch on i2c error +Git-commit: 9577fc5fdc8b07b891709af6453545db405e24ad +Patch-mainline: v5.19-rc5 +References: git-fixes + +Don't print a misleading header length mismatch error if the i2c call +returns an error. Instead just return the error code without any error +message. + +Signed-off-by: Michael Walle +Reviewed-by: Krzysztof Kozlowski +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/nfc/nxp-nci/i2c.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/nfc/nxp-nci/i2c.c b/drivers/nfc/nxp-nci/i2c.c +index e8f3b35afbee..ae2ba08d8ac3 100644 +--- a/drivers/nfc/nxp-nci/i2c.c ++++ b/drivers/nfc/nxp-nci/i2c.c +@@ -122,7 +122,9 @@ static int nxp_nci_i2c_fw_read(struct nxp_nci_i2c_phy *phy, + skb_put_data(*skb, &header, NXP_NCI_FW_HDR_LEN); + + r = i2c_master_recv(client, skb_put(*skb, frame_len), frame_len); +- if (r != frame_len) { ++ if (r < 0) { ++ goto fw_read_exit_free_skb; ++ } else if (r != frame_len) { + nfc_err(&client->dev, + "Invalid frame length: %u (expected %zu)\n", + r, frame_len); +@@ -166,7 +168,9 @@ static int nxp_nci_i2c_nci_read(struct nxp_nci_i2c_phy *phy, + return 0; + + r = i2c_master_recv(client, skb_put(*skb, header.plen), header.plen); +- if (r != header.plen) { ++ if (r < 0) { ++ goto nci_read_exit_free_skb; ++ } else if (r != header.plen) { + nfc_err(&client->dev, + "Invalid frame payload length: %u (expected %u)\n", + r, header.plen); +-- +2.35.3 + diff --git a/patches.suse/PCI-dwc-Add-unroll-iATU-space-support-to-dw_pcie_dis.patch b/patches.suse/PCI-dwc-Add-unroll-iATU-space-support-to-dw_pcie_dis.patch new file mode 100644 index 0000000..407f248 --- /dev/null +++ b/patches.suse/PCI-dwc-Add-unroll-iATU-space-support-to-dw_pcie_dis.patch @@ -0,0 +1,71 @@ +From d1cf738f2b65a5640234e1da90a68d3523fbed83 Mon Sep 17 00:00:00 2001 +From: Serge Semin +Date: Fri, 24 Jun 2022 17:34:12 +0300 +Subject: [PATCH] PCI: dwc: Add unroll iATU space support to dw_pcie_disable_atu() +Git-commit: d1cf738f2b65a5640234e1da90a68d3523fbed83 +Patch-mainline: v6.0-rc1 +References: git-fixes + +dw_pcie_disable_atu() was introduced by f8aed6ec624f ("PCI: dwc: +Designware: Add EP mode support") and supported only the viewport version +of the iATU CSRs. + +DW PCIe IP cores v4.80a and newer also support unrolled iATU/eDMA space. +Callers of dw_pcie_disable_atu(), including pci_epc_ops.clear_bar(), +pci_epc_ops.unmap_addr(), and dw_pcie_setup_rc(), don't work correctly when +it is enabled. + +Add dw_pcie_disable_atu() support for controllers with unrolled iATU CSRs +enabled. + +[bhelgaas: commit log] +Fixes: f8aed6ec624f ("PCI: dwc: designware: Add EP mode support") +Link: https://lore.kernel.org/r/20220624143428.8334-3-Sergey.Semin@baikalelectronics.ru +Tested-by: Manivannan Sadhasivam +Signed-off-by: Serge Semin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Manivannan Sadhasivam +Reviewed-by: Rob Herring +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-designware.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-designware.c b/drivers/pci/controller/dwc/pcie-designware.c +index d92c8a25094f..84fef21efdbc 100644 +--- a/drivers/pci/controller/dwc/pcie-designware.c ++++ b/drivers/pci/controller/dwc/pcie-designware.c +@@ -491,7 +491,7 @@ int dw_pcie_prog_inbound_atu(struct dw_pcie *pci, u8 func_no, int index, + void dw_pcie_disable_atu(struct dw_pcie *pci, int index, + enum dw_pcie_region_type type) + { +- int region; ++ u32 region; + + switch (type) { + case DW_PCIE_REGION_INBOUND: +@@ -504,8 +504,18 @@ void dw_pcie_disable_atu(struct dw_pcie *pci, int index, + return; + } + +- dw_pcie_writel_dbi(pci, PCIE_ATU_VIEWPORT, region | index); +- dw_pcie_writel_dbi(pci, PCIE_ATU_CR2, ~(u32)PCIE_ATU_ENABLE); ++ if (pci->iatu_unroll_enabled) { ++ if (region == PCIE_ATU_REGION_INBOUND) { ++ dw_pcie_writel_ib_unroll(pci, index, PCIE_ATU_UNR_REGION_CTRL2, ++ ~(u32)PCIE_ATU_ENABLE); ++ } else { ++ dw_pcie_writel_ob_unroll(pci, index, PCIE_ATU_UNR_REGION_CTRL2, ++ ~(u32)PCIE_ATU_ENABLE); ++ } ++ } else { ++ dw_pcie_writel_dbi(pci, PCIE_ATU_VIEWPORT, region | index); ++ dw_pcie_writel_dbi(pci, PCIE_ATU_CR2, ~(u32)PCIE_ATU_ENABLE); ++ } + } + + int dw_pcie_wait_for_link(struct dw_pcie *pci) +-- +2.35.3 + diff --git a/patches.suse/PCI-dwc-Always-enable-CDM-check-if-snps-enable-cdm-c.patch b/patches.suse/PCI-dwc-Always-enable-CDM-check-if-snps-enable-cdm-c.patch new file mode 100644 index 0000000..d6b1c7b --- /dev/null +++ b/patches.suse/PCI-dwc-Always-enable-CDM-check-if-snps-enable-cdm-c.patch @@ -0,0 +1,62 @@ +From ec7b952f453ce7eabe7e1bea584626934d44f668 Mon Sep 17 00:00:00 2001 +From: Serge Semin +Date: Fri, 24 Jun 2022 17:34:16 +0300 +Subject: [PATCH] PCI: dwc: Always enable CDM check if "snps,enable-cdm-check" exists +Git-commit: ec7b952f453ce7eabe7e1bea584626934d44f668 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If the "snps,enable-cdm-check" property exists, we should enable the CDM +check. But previously dw_pcie_setup() could exit before doing so if the +"num-lanes" property was absent or invalid. + +Move the CDM enable earlier so we do it regardless of whether "num-lanes" +is present. + +[bhelgaas: commit log] +Fixes: 07f123def73e ("PCI: dwc: Add support to enable CDM register check") +Link: https://lore.kernel.org/r/20220624143428.8334-7-Sergey.Semin@baikalelectronics.ru +Signed-off-by: Serge Semin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Vidya Sagar +Reviewed-by: Rob Herring +Reviewed-by: Manivannan Sadhasivam +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-designware.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-designware.c b/drivers/pci/controller/dwc/pcie-designware.c +index 347251bf87d0..5848cc520b52 100644 +--- a/drivers/pci/controller/dwc/pcie-designware.c ++++ b/drivers/pci/controller/dwc/pcie-designware.c +@@ -740,6 +740,13 @@ void dw_pcie_setup(struct dw_pcie *pci) + val |= PORT_LINK_DLL_LINK_EN; + dw_pcie_writel_dbi(pci, PCIE_PORT_LINK_CONTROL, val); + ++ if (of_property_read_bool(np, "snps,enable-cdm-check")) { ++ val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS); ++ val |= PCIE_PL_CHK_REG_CHK_REG_CONTINUOUS | ++ PCIE_PL_CHK_REG_CHK_REG_START; ++ dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, val); ++ } ++ + of_property_read_u32(np, "num-lanes", &pci->num_lanes); + if (!pci->num_lanes) { + dev_dbg(pci->dev, "Using h/w default number of lanes\n"); +@@ -786,11 +793,4 @@ void dw_pcie_setup(struct dw_pcie *pci) + break; + } + dw_pcie_writel_dbi(pci, PCIE_LINK_WIDTH_SPEED_CONTROL, val); +- +- if (of_property_read_bool(np, "snps,enable-cdm-check")) { +- val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS); +- val |= PCIE_PL_CHK_REG_CHK_REG_CONTINUOUS | +- PCIE_PL_CHK_REG_CHK_REG_START; +- dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, val); +- } + } +-- +2.35.3 + diff --git a/patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch b/patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch new file mode 100644 index 0000000..978c07e --- /dev/null +++ b/patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch @@ -0,0 +1,66 @@ +From 8161e9626b50892eaedbd8070ecb1586ecedb109 Mon Sep 17 00:00:00 2001 +From: Serge Semin +Date: Fri, 24 Jun 2022 17:34:15 +0300 +Subject: [PATCH] PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors +Git-commit: 8161e9626b50892eaedbd8070ecb1586ecedb109 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If dw_pcie_ep_init() fails to perform any action after the EPC memory is +initialized and the MSI memory region is allocated, the latter parts won't +be undone thus causing a memory leak. Add a cleanup-on-error path to fix +these leaks. + +[bhelgaas: commit log] +Fixes: 2fd0c9d966cc ("PCI: designware-ep: Pre-allocate memory for MSI in dw_pcie_ep_init") +Link: https://lore.kernel.org/r/20220624143428.8334-6-Sergey.Semin@baikalelectronics.ru +Tested-by: Manivannan Sadhasivam +Signed-off-by: Serge Semin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Rob Herring +Reviewed-by: Manivannan Sadhasivam +Acked-by: Takashi Iwai + +--- + .../pci/controller/dwc/pcie-designware-ep.c | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-designware-ep.c b/drivers/pci/controller/dwc/pcie-designware-ep.c +index 0eda8236c125..13c2e73f0eaf 100644 +--- a/drivers/pci/controller/dwc/pcie-designware-ep.c ++++ b/drivers/pci/controller/dwc/pcie-designware-ep.c +@@ -780,8 +780,9 @@ int dw_pcie_ep_init(struct dw_pcie_ep *ep) + ep->msi_mem = pci_epc_mem_alloc_addr(epc, &ep->msi_mem_phys, + epc->mem->window.page_size); + if (!ep->msi_mem) { ++ ret = -ENOMEM; + dev_err(dev, "Failed to reserve memory for MSI/MSI-X\n"); +- return -ENOMEM; ++ goto err_exit_epc_mem; + } + + if (ep->ops->get_features) { +@@ -790,6 +791,19 @@ int dw_pcie_ep_init(struct dw_pcie_ep *ep) + return 0; + } + +- return dw_pcie_ep_init_complete(ep); ++ ret = dw_pcie_ep_init_complete(ep); ++ if (ret) ++ goto err_free_epc_mem; ++ ++ return 0; ++ ++err_free_epc_mem: ++ pci_epc_mem_free_addr(epc, ep->msi_mem_phys, ep->msi_mem, ++ epc->mem->window.page_size); ++ ++err_exit_epc_mem: ++ pci_epc_mem_exit(epc); ++ ++ return ret; + } + EXPORT_SYMBOL_GPL(dw_pcie_ep_init); +-- +2.35.3 + diff --git a/patches.suse/PCI-dwc-Disable-outbound-windows-only-for-controller.patch b/patches.suse/PCI-dwc-Disable-outbound-windows-only-for-controller.patch new file mode 100644 index 0000000..0e0b6f1 --- /dev/null +++ b/patches.suse/PCI-dwc-Disable-outbound-windows-only-for-controller.patch @@ -0,0 +1,70 @@ +From d60a2e281e9de2b2f67343b2e39417ca0f4fd54e Mon Sep 17 00:00:00 2001 +From: Serge Semin +Date: Fri, 24 Jun 2022 17:34:13 +0300 +Subject: [PATCH] PCI: dwc: Disable outbound windows only for controllers using iATU +Git-commit: d60a2e281e9de2b2f67343b2e39417ca0f4fd54e +Patch-mainline: v6.0-rc1 +References: git-fixes + +Some DWC-based controllers (e.g., pcie-al.c and pci-keystone.c, identified +by the fact that they override the default dw_child_pcie_ops) use their own +address translation approach instead of the DWC internal ATU (iATU). For +those controllers, skip disabling the iATU outbound windows. + +[bhelgaas: commit log, update multiple window comment] +Fixes: 458ad06c4cdd ("PCI: dwc: Ensure all outbound ATU windows are reset") +Link: https://lore.kernel.org/r/20220624143428.8334-4-Sergey.Semin@baikalelectronics.ru +Tested-by: Manivannan Sadhasivam +Signed-off-by: Serge Semin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Manivannan Sadhasivam +Reviewed-by: Rob Herring +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-designware-host.c | 14 ++++++++------ + 1 file changed, 8 insertions(+), 6 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c +index bc9a7df130ef..d0d768f22ac3 100644 +--- a/drivers/pci/controller/dwc/pcie-designware-host.c ++++ b/drivers/pci/controller/dwc/pcie-designware-host.c +@@ -543,7 +543,6 @@ static struct pci_ops dw_pcie_ops = { + + void dw_pcie_setup_rc(struct pcie_port *pp) + { +- int i; + u32 val, ctrl, num_ctrls; + struct dw_pcie *pci = to_dw_pcie_from_pp(pp); + +@@ -594,19 +593,22 @@ void dw_pcie_setup_rc(struct pcie_port *pp) + PCI_COMMAND_MASTER | PCI_COMMAND_SERR; + dw_pcie_writel_dbi(pci, PCI_COMMAND, val); + +- /* Ensure all outbound windows are disabled so there are multiple matches */ +- for (i = 0; i < pci->num_ob_windows; i++) +- dw_pcie_disable_atu(pci, i, DW_PCIE_REGION_OUTBOUND); +- + /* + * If the platform provides its own child bus config accesses, it means + * the platform uses its own address translation component rather than + * ATU, so we should not program the ATU here. + */ + if (pp->bridge->child_ops == &dw_child_pcie_ops) { +- int atu_idx = 0; ++ int i, atu_idx = 0; + struct resource_entry *entry; + ++ /* ++ * Disable all outbound windows to make sure a transaction ++ * can't match multiple windows. ++ */ ++ for (i = 0; i < pci->num_ob_windows; i++) ++ dw_pcie_disable_atu(pci, i, DW_PCIE_REGION_OUTBOUND); ++ + /* Get last memory resource entry */ + resource_list_for_each_entry(entry, &pp->bridge->windows) { + if (resource_type(entry->res) != IORESOURCE_MEM) +-- +2.35.3 + diff --git a/patches.suse/PCI-dwc-Stop-link-on-host_init-errors-and-de-initial.patch b/patches.suse/PCI-dwc-Stop-link-on-host_init-errors-and-de-initial.patch new file mode 100644 index 0000000..8e57037 --- /dev/null +++ b/patches.suse/PCI-dwc-Stop-link-on-host_init-errors-and-de-initial.patch @@ -0,0 +1,68 @@ +From 113fa857b74c947137d845e7e635afcf6a59c43a Mon Sep 17 00:00:00 2001 +From: Serge Semin +Date: Fri, 24 Jun 2022 17:34:11 +0300 +Subject: [PATCH] PCI: dwc: Stop link on host_init errors and de-initialization +Git-commit: 113fa857b74c947137d845e7e635afcf6a59c43a +Patch-mainline: v6.0-rc1 +References: git-fixes + +It's logically correct to undo everything that was done when an error is +discovered or in the corresponding cleanup counterpart. Otherwise the host +controller will be left in an undetermined state. Since the link is set up +in the host_init method, deactivate it there in the cleanup-on-error block +and stop the link in the antagonistic routine - dw_pcie_host_deinit(). Link +deactivation is platform-specific and should be implemented in +dw_pcie_ops.stop_link(). + +Fixes: 886a9c134755 ("PCI: dwc: Move link handling into common code") +Link: https://lore.kernel.org/r/20220624143428.8334-2-Sergey.Semin@baikalelectronics.ru +Tested-by: Manivannan Sadhasivam +Signed-off-by: Serge Semin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Manivannan Sadhasivam +Reviewed-by: Rob Herring +Acked-by: Takashi Iwai + +--- + .../pci/controller/dwc/pcie-designware-host.c | 16 ++++++++++++++-- + 1 file changed, 14 insertions(+), 2 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-designware-host.c b/drivers/pci/controller/dwc/pcie-designware-host.c +index 9979302532b7..bc9a7df130ef 100644 +--- a/drivers/pci/controller/dwc/pcie-designware-host.c ++++ b/drivers/pci/controller/dwc/pcie-designware-host.c +@@ -421,8 +421,14 @@ int dw_pcie_host_init(struct pcie_port *pp) + bridge->sysdata = pp; + + ret = pci_host_probe(bridge); +- if (!ret) +- return 0; ++ if (ret) ++ goto err_stop_link; ++ ++ return 0; ++ ++err_stop_link: ++ if (pci->ops && pci->ops->stop_link) ++ pci->ops->stop_link(pci); + + err_free_msi: + if (pp->has_msi_ctrl) +@@ -433,8 +439,14 @@ EXPORT_SYMBOL_GPL(dw_pcie_host_init); + + void dw_pcie_host_deinit(struct pcie_port *pp) + { ++ struct dw_pcie *pci = to_dw_pcie_from_pp(pp); ++ + pci_stop_root_bus(pp->bridge->bus); + pci_remove_root_bus(pp->bridge->bus); ++ ++ if (pci->ops && pci->ops->stop_link) ++ pci->ops->stop_link(pci); ++ + if (pp->has_msi_ctrl) + dw_pcie_free_msi(pp); + } +-- +2.35.3 + diff --git a/patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch b/patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch new file mode 100644 index 0000000..54f254b --- /dev/null +++ b/patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch @@ -0,0 +1,105 @@ +From 8795e182b02dc87e343c79e73af6b8b7f9c5e635 Mon Sep 17 00:00:00 2001 +From: Stefan Roese +Date: Tue, 25 Jan 2022 08:18:19 +0100 +Subject: [PATCH] PCI/portdrv: Don't disable AER reporting in get_port_device_capability() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 8795e182b02dc87e343c79e73af6b8b7f9c5e635 +Patch-mainline: v6.0-rc1 +References: git-fixes + +AER reporting is currently disabled in the DevCtl registers of all non Root +Port PCIe devices on systems using pcie_ports_native || host->native_aer, +disabling AER completely in such systems. This is because 2bd50dd800b5 +("pci: PCIe: Disable PCIe port services during port initialization"), added +a call to pci_disable_pcie_error_reporting() *after* the AER setup was +completed for the PCIe device tree. + +Here a longer analysis about the current status of AER enabling / +disabling upon bootup provided by Bjorn: + + pcie_portdrv_probe + pcie_port_device_register + get_port_device_capability + pci_disable_pcie_error_reporting + clear CERE NFERE FERE URRE # <-- disable for RP USP DSP + pcie_device_init + device_register # new AER service device + aer_probe + aer_enable_rootport # RP only + set_downstream_devices_error_reporting + set_device_error_reporting # self (RP) + if (RP || USP || DSP) + pci_enable_pcie_error_reporting + set CERE NFERE FERE URRE # <-- enable for RP + pci_walk_bus + set_device_error_reporting + if (RP || USP || DSP) + pci_enable_pcie_error_reporting + set CERE NFERE FERE URRE # <-- enable for USP DSP + +In a typical Root Port -> Endpoint hierarchy, the above: + - Disables Error Reporting for the Root Port, + - Enables Error Reporting for the Root Port, + - Does NOT enable Error Reporting for the Endpoint because it is not a + Root Port or Switch Port. + +In a deeper Root Port -> Upstream Switch Port -> Downstream Switch +Port -> Endpoint hierarchy: + - Disables Error Reporting for the Root Port, + - Enables Error Reporting for the Root Port, + - Enables Error Reporting for both Switch Ports, + - Does NOT enable Error Reporting for the Endpoint because it is not a + Root Port or Switch Port, + - Disables Error Reporting for the Switch Ports when pcie_portdrv_probe() + claims them. AER does not re-enable it because these are not Root + Ports. + +Remove this call to pci_disable_pcie_error_reporting() from +get_port_device_capability(), leaving the already enabled AER configuration +intact. With this change, AER is enabled in the Root Port and the PCIe +switch upstream and downstream ports. Only the PCIe Endpoints don't have +AER enabled yet. A follow-up patch will take care of this Endpoint +enabling. + +Fixes: 2bd50dd800b5 ("PCI: PCIe: Disable PCIe port services during port initialization") +Link: https://lore.kernel.org/r/20220125071820.2247260-3-sr@denx.de +Signed-off-by: Stefan Roese +Signed-off-by: Bjorn Helgaas +Reviewed-by: Pali Rohár +Cc: Rafael J. Wysocki +Cc: Bharat Kumar Gogada +Cc: Michal Simek +Cc: Yao Hongbo +Cc: Naveen Naidu +Acked-by: Takashi Iwai + +--- + drivers/pci/pcie/portdrv_core.c | 9 +-------- + 1 file changed, 1 insertion(+), 8 deletions(-) + +diff --git a/drivers/pci/pcie/portdrv_core.c b/drivers/pci/pcie/portdrv_core.c +index 604feeb84ee4..1ac7fec47d6f 100644 +--- a/drivers/pci/pcie/portdrv_core.c ++++ b/drivers/pci/pcie/portdrv_core.c +@@ -222,15 +222,8 @@ static int get_port_device_capability(struct pci_dev *dev) + + #ifdef CONFIG_PCIEAER + if (dev->aer_cap && pci_aer_available() && +- (pcie_ports_native || host->native_aer)) { ++ (pcie_ports_native || host->native_aer)) + services |= PCIE_PORT_SERVICE_AER; +- +- /* +- * Disable AER on this port in case it's been enabled by the +- * BIOS (the AER service driver will enable it when necessary). +- */ +- pci_disable_pcie_error_reporting(dev); +- } + #endif + + /* Root Ports and Root Complex Event Collectors may generate PMEs */ +-- +2.35.3 + diff --git a/patches.suse/PCI-qcom-Power-on-PHY-before-IPQ8074-DBI-register-ac.patch b/patches.suse/PCI-qcom-Power-on-PHY-before-IPQ8074-DBI-register-ac.patch new file mode 100644 index 0000000..1cea9ca --- /dev/null +++ b/patches.suse/PCI-qcom-Power-on-PHY-before-IPQ8074-DBI-register-ac.patch @@ -0,0 +1,111 @@ +From a0e43bb9973b06ce5c666f0901e104e2037c1b34 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Thu, 23 Jun 2022 17:50:03 +0200 +Subject: [PATCH] PCI: qcom: Power on PHY before IPQ8074 DBI register accesses +Git-commit: a0e43bb9973b06ce5c666f0901e104e2037c1b34 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Currently the Gen2 port in IPQ8074 will cause the system to hang as it +accesses DBI registers in qcom_pcie_init_2_3_3(), and those are only +accesible after phy_power_on(). + +Move the DBI read/writes to a new qcom_pcie_post_init_2_3_3(), which is +executed after phy_power_on(). + +Link: https://lore.kernel.org/r/20220623155004.688090-1-robimarko@gmail.com +Fixes: a0fd361db8e5 ("PCI: dwc: Move "dbi", "dbi2", and "addr_space" resource setup into common code") +Signed-off-by: Robert Marko +Signed-off-by: Bjorn Helgaas +Reviewed-by: Dmitry Baryshkov +Cc: stable@vger.kernel.org # v5.11+ +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-qcom.c | 48 +++++++++++++++----------- + 1 file changed, 28 insertions(+), 20 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c +index da13a66ced14..7c0877068347 100644 +--- a/drivers/pci/controller/dwc/pcie-qcom.c ++++ b/drivers/pci/controller/dwc/pcie-qcom.c +@@ -1036,9 +1036,7 @@ static int qcom_pcie_init_2_3_3(struct qcom_pcie *pcie) + struct qcom_pcie_resources_2_3_3 *res = &pcie->res.v2_3_3; + struct dw_pcie *pci = pcie->pci; + struct device *dev = pci->dev; +- u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); + int i, ret; +- u32 val; + + for (i = 0; i < ARRAY_SIZE(res->rst); i++) { + ret = reset_control_assert(res->rst[i]); +@@ -1095,6 +1093,33 @@ static int qcom_pcie_init_2_3_3(struct qcom_pcie *pcie) + goto err_clk_aux; + } + ++ return 0; ++ ++err_clk_aux: ++ clk_disable_unprepare(res->ahb_clk); ++err_clk_ahb: ++ clk_disable_unprepare(res->axi_s_clk); ++err_clk_axi_s: ++ clk_disable_unprepare(res->axi_m_clk); ++err_clk_axi_m: ++ clk_disable_unprepare(res->iface); ++err_clk_iface: ++ /* ++ * Not checking for failure, will anyway return ++ * the original failure in 'ret'. ++ */ ++ for (i = 0; i < ARRAY_SIZE(res->rst); i++) ++ reset_control_assert(res->rst[i]); ++ ++ return ret; ++} ++ ++static int qcom_pcie_post_init_2_3_3(struct qcom_pcie *pcie) ++{ ++ struct dw_pcie *pci = pcie->pci; ++ u16 offset = dw_pcie_find_capability(pci, PCI_CAP_ID_EXP); ++ u32 val; ++ + writel(SLV_ADDR_SPACE_SZ, + pcie->parf + PCIE20_v3_PARF_SLV_ADDR_SPACE_SIZE); + +@@ -1122,24 +1147,6 @@ static int qcom_pcie_init_2_3_3(struct qcom_pcie *pcie) + PCI_EXP_DEVCTL2); + + return 0; +- +-err_clk_aux: +- clk_disable_unprepare(res->ahb_clk); +-err_clk_ahb: +- clk_disable_unprepare(res->axi_s_clk); +-err_clk_axi_s: +- clk_disable_unprepare(res->axi_m_clk); +-err_clk_axi_m: +- clk_disable_unprepare(res->iface); +-err_clk_iface: +- /* +- * Not checking for failure, will anyway return +- * the original failure in 'ret'. +- */ +- for (i = 0; i < ARRAY_SIZE(res->rst); i++) +- reset_control_assert(res->rst[i]); +- +- return ret; + } + + static int qcom_pcie_get_resources_2_7_0(struct qcom_pcie *pcie) +@@ -1465,6 +1472,7 @@ static const struct qcom_pcie_ops ops_2_4_0 = { + static const struct qcom_pcie_ops ops_2_3_3 = { + .get_resources = qcom_pcie_get_resources_2_3_3, + .init = qcom_pcie_init_2_3_3, ++ .post_init = qcom_pcie_post_init_2_3_3, + .deinit = qcom_pcie_deinit_2_3_3, + .ltssm_enable = qcom_pcie_2_3_2_ltssm_enable, + }; +-- +2.35.3 + diff --git a/patches.suse/PCI-qcom-Set-up-rev-2.1.0-PARF_PHY-before-enabling-c.patch b/patches.suse/PCI-qcom-Set-up-rev-2.1.0-PARF_PHY-before-enabling-c.patch new file mode 100644 index 0000000..aaf8fe9 --- /dev/null +++ b/patches.suse/PCI-qcom-Set-up-rev-2.1.0-PARF_PHY-before-enabling-c.patch @@ -0,0 +1,68 @@ +From 38f897ae3d44900f627cad708a15db498ce2ca31 Mon Sep 17 00:00:00 2001 +From: Christian Marangi +Date: Sat, 9 Jul 2022 00:27:43 +0200 +Subject: [PATCH] PCI: qcom: Set up rev 2.1.0 PARF_PHY before enabling clocks +Git-commit: 38f897ae3d44900f627cad708a15db498ce2ca31 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We currently enable clocks BEFORE we write to PARF_PHY_CTRL reg to enable +clocks and resets. This causes the driver to never set to a ready state +with the error 'Phy link never came up'. + +This is caused by the PHY clock getting enabled before setting the required +bits in the PARF regs. + +A workaround for this was set but with this new discovery we can drop +the workaround and use a proper solution to the problem by just enabling +the clock only AFTER the PARF_PHY_CTRL bit is set. + +This correctly sets up the PCIe link and makes it usable even when a +bootloader leaves the PCIe link in an undefined state. + +Fixes: 82a823833f4e ("PCI: qcom: Add Qualcomm PCIe controller driver") +Link: https://lore.kernel.org/r/20220708222743.27019-1-ansuelsmth@gmail.com +Signed-off-by: Christian Marangi +Signed-off-by: Bjorn Helgaas +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-qcom.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-qcom.c b/drivers/pci/controller/dwc/pcie-qcom.c +index 2ea13750b492..da13a66ced14 100644 +--- a/drivers/pci/controller/dwc/pcie-qcom.c ++++ b/drivers/pci/controller/dwc/pcie-qcom.c +@@ -337,8 +337,6 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) + reset_control_assert(res->ext_reset); + reset_control_assert(res->phy_reset); + +- writel(1, pcie->parf + PCIE20_PARF_PHY_CTRL); +- + ret = regulator_bulk_enable(ARRAY_SIZE(res->supplies), res->supplies); + if (ret < 0) { + dev_err(dev, "cannot enable regulators\n"); +@@ -381,15 +379,15 @@ static int qcom_pcie_init_2_1_0(struct qcom_pcie *pcie) + goto err_deassert_axi; + } + +- ret = clk_bulk_prepare_enable(ARRAY_SIZE(res->clks), res->clks); +- if (ret) +- goto err_clks; +- + /* enable PCIe clocks and resets */ + val = readl(pcie->parf + PCIE20_PARF_PHY_CTRL); + val &= ~BIT(0); + writel(val, pcie->parf + PCIE20_PARF_PHY_CTRL); + ++ ret = clk_bulk_prepare_enable(ARRAY_SIZE(res->clks), res->clks); ++ if (ret) ++ goto err_clks; ++ + if (of_device_is_compatible(node, "qcom,pcie-ipq8064") || + of_device_is_compatible(node, "qcom,pcie-ipq8064-v2")) { + writel(PCS_DEEMPH_TX_DEEMPH_GEN1(24) | +-- +2.35.3 + diff --git a/patches.suse/PCI-tegra194-Fix-PM-error-handling-in-tegra_pcie_con.patch b/patches.suse/PCI-tegra194-Fix-PM-error-handling-in-tegra_pcie_con.patch new file mode 100644 index 0000000..be33c61 --- /dev/null +++ b/patches.suse/PCI-tegra194-Fix-PM-error-handling-in-tegra_pcie_con.patch @@ -0,0 +1,40 @@ +From e8fbd344a5ea62663554b8546b6bf9f88b93785a Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Thu, 2 Jun 2022 07:19:08 +0400 +Subject: [PATCH] PCI: tegra194: Fix PM error handling in tegra_pcie_config_ep() +Git-commit: e8fbd344a5ea62663554b8546b6bf9f88b93785a +Patch-mainline: v6.0-rc1 +References: git-fixes + +pm_runtime_enable() will increase power disable depth. If +dw_pcie_ep_init() fails, we should use pm_runtime_disable() to balance it +with pm_runtime_enable(). + +Add missing pm_runtime_disable() for tegra_pcie_config_ep(). + +Fixes: c57247f940e8 ("PCI: tegra: Add support for PCIe endpoint mode in Tegra194") +Link: https://lore.kernel.org/r/20220602031910.55859-1-linmq006@gmail.com +Signed-off-by: Miaoqian Lin +Signed-off-by: Bjorn Helgaas +Reviewed-by: Vidya Sagar +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-tegra194.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c +index cc2678490162..d992371a36e6 100644 +--- a/drivers/pci/controller/dwc/pcie-tegra194.c ++++ b/drivers/pci/controller/dwc/pcie-tegra194.c +@@ -1949,6 +1949,7 @@ static int tegra_pcie_config_ep(struct tegra194_pcie *pcie, + if (ret) { + dev_err(dev, "Failed to initialize DWC Endpoint subsystem: %d\n", + ret); ++ pm_runtime_disable(dev); + return ret; + } + +-- +2.35.3 + diff --git a/patches.suse/PCI-tegra194-Fix-Root-Port-interrupt-handling.patch b/patches.suse/PCI-tegra194-Fix-Root-Port-interrupt-handling.patch new file mode 100644 index 0000000..46c00e6 --- /dev/null +++ b/patches.suse/PCI-tegra194-Fix-Root-Port-interrupt-handling.patch @@ -0,0 +1,115 @@ +From 6646e99bcec627e866bc84365af37942c72b4b76 Mon Sep 17 00:00:00 2001 +From: Vidya Sagar +Date: Thu, 21 Jul 2022 19:50:46 +0530 +Subject: [PATCH] PCI: tegra194: Fix Root Port interrupt handling +Git-commit: 6646e99bcec627e866bc84365af37942c72b4b76 +Patch-mainline: v6.0-rc1 +References: git-fixes + +As part of Root Port interrupt handling, level-0 register is read first and +based on the bits set in that, corresponding level-1 registers are read for +further interrupt processing. Since both these values are currently read +into the same 'val' variable, checking level-0 bits the second time around +is happening on the 'val' variable value of level-1 register contents +instead of freshly reading the level-0 value again. + +Fix by using different variables to store level-0 and level-1 registers +contents. + +Link: https://lore.kernel.org/r/20220721142052.25971-11-vidyas@nvidia.com +Fixes: 56e15a238d92 ("PCI: tegra: Add Tegra194 PCIe support") +Signed-off-by: Vidya Sagar +Signed-off-by: Bjorn Helgaas +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-tegra194.c | 46 +++++++++++----------- + 1 file changed, 22 insertions(+), 24 deletions(-) + +diff --git a/drivers/pci/controller/dwc/pcie-tegra194.c b/drivers/pci/controller/dwc/pcie-tegra194.c +index 6f890453021d..23377425952a 100644 +--- a/drivers/pci/controller/dwc/pcie-tegra194.c ++++ b/drivers/pci/controller/dwc/pcie-tegra194.c +@@ -338,15 +338,14 @@ static irqreturn_t tegra_pcie_rp_irq_handler(int irq, void *arg) + struct tegra_pcie_dw *pcie = arg; + struct dw_pcie *pci = &pcie->pci; + struct pcie_port *pp = &pci->pp; +- u32 val, tmp; ++ u32 val, status_l0, status_l1; + u16 val_w; + +- val = appl_readl(pcie, APPL_INTR_STATUS_L0); +- if (val & APPL_INTR_STATUS_L0_LINK_STATE_INT) { +- val = appl_readl(pcie, APPL_INTR_STATUS_L1_0_0); +- if (val & APPL_INTR_STATUS_L1_0_0_LINK_REQ_RST_NOT_CHGED) { +- appl_writel(pcie, val, APPL_INTR_STATUS_L1_0_0); +- ++ status_l0 = appl_readl(pcie, APPL_INTR_STATUS_L0); ++ if (status_l0 & APPL_INTR_STATUS_L0_LINK_STATE_INT) { ++ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_0_0); ++ appl_writel(pcie, status_l1, APPL_INTR_STATUS_L1_0_0); ++ if (status_l1 & APPL_INTR_STATUS_L1_0_0_LINK_REQ_RST_NOT_CHGED) { + /* SBR & Surprise Link Down WAR */ + val = appl_readl(pcie, APPL_CAR_RESET_OVRD); + val &= ~APPL_CAR_RESET_OVRD_CYA_OVERRIDE_CORE_RST_N; +@@ -362,15 +361,15 @@ static irqreturn_t tegra_pcie_rp_irq_handler(int irq, void *arg) + } + } + +- if (val & APPL_INTR_STATUS_L0_INT_INT) { +- val = appl_readl(pcie, APPL_INTR_STATUS_L1_8_0); +- if (val & APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS) { ++ if (status_l0 & APPL_INTR_STATUS_L0_INT_INT) { ++ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_8_0); ++ if (status_l1 & APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS) { + appl_writel(pcie, + APPL_INTR_STATUS_L1_8_0_AUTO_BW_INT_STS, + APPL_INTR_STATUS_L1_8_0); + apply_bad_link_workaround(pp); + } +- if (val & APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS) { ++ if (status_l1 & APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS) { + appl_writel(pcie, + APPL_INTR_STATUS_L1_8_0_BW_MGT_INT_STS, + APPL_INTR_STATUS_L1_8_0); +@@ -382,25 +381,24 @@ static irqreturn_t tegra_pcie_rp_irq_handler(int irq, void *arg) + } + } + +- val = appl_readl(pcie, APPL_INTR_STATUS_L0); +- if (val & APPL_INTR_STATUS_L0_CDM_REG_CHK_INT) { +- val = appl_readl(pcie, APPL_INTR_STATUS_L1_18); +- tmp = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS); +- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMPLT) { ++ if (status_l0 & APPL_INTR_STATUS_L0_CDM_REG_CHK_INT) { ++ status_l1 = appl_readl(pcie, APPL_INTR_STATUS_L1_18); ++ val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS); ++ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMPLT) { + dev_info(pci->dev, "CDM check complete\n"); +- tmp |= PCIE_PL_CHK_REG_CHK_REG_COMPLETE; ++ val |= PCIE_PL_CHK_REG_CHK_REG_COMPLETE; + } +- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMP_ERR) { ++ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_CMP_ERR) { + dev_err(pci->dev, "CDM comparison mismatch\n"); +- tmp |= PCIE_PL_CHK_REG_CHK_REG_COMPARISON_ERROR; ++ val |= PCIE_PL_CHK_REG_CHK_REG_COMPARISON_ERROR; + } +- if (val & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_LOGIC_ERR) { ++ if (status_l1 & APPL_INTR_STATUS_L1_18_CDM_REG_CHK_LOGIC_ERR) { + dev_err(pci->dev, "CDM Logic error\n"); +- tmp |= PCIE_PL_CHK_REG_CHK_REG_LOGIC_ERROR; ++ val |= PCIE_PL_CHK_REG_CHK_REG_LOGIC_ERROR; + } +- dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, tmp); +- tmp = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_ERR_ADDR); +- dev_err(pci->dev, "CDM Error Address Offset = 0x%08X\n", tmp); ++ dw_pcie_writel_dbi(pci, PCIE_PL_CHK_REG_CONTROL_STATUS, val); ++ val = dw_pcie_readl_dbi(pci, PCIE_PL_CHK_REG_ERR_ADDR); ++ dev_err(pci->dev, "CDM Error Address Offset = 0x%08X\n", val); + } + + return IRQ_HANDLED; +-- +2.35.3 + diff --git a/patches.suse/PCI-tegra194-Fix-link-up-retry-sequence.patch b/patches.suse/PCI-tegra194-Fix-link-up-retry-sequence.patch new file mode 100644 index 0000000..aa2c894 --- /dev/null +++ b/patches.suse/PCI-tegra194-Fix-link-up-retry-sequence.patch @@ -0,0 +1,32 @@ +From e05fd6ae77c3e2cc0dba283005d24b6d56d2b1fa Mon Sep 17 00:00:00 2001 +From: Vidya Sagar +Date: Thu, 21 Jul 2022 19:50:50 +0530 +Subject: [PATCH] PCI: tegra194: Fix link up retry sequence +Git-commit: e05fd6ae77c3e2cc0dba283005d24b6d56d2b1fa +Patch-mainline: v6.0-rc1 +References: git-fixes + +Add the missing DLF capability offset while clearing DL_FEATURE_EXCHANGE_EN +bit during link up retry. + +Link: https://lore.kernel.org/r/20220721142052.25971-15-vidyas@nvidia.com +Fixes: 56e15a238d92 ("PCI: tegra: Add Tegra194 PCIe support") +Signed-off-by: Vidya Sagar +Signed-off-by: Bjorn Helgaas +Acked-by: Takashi Iwai + +--- + drivers/pci/controller/dwc/pcie-tegra194.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/pci/controller/dwc/pcie-tegra194.c ++++ b/drivers/pci/controller/dwc/pcie-tegra194.c +@@ -971,7 +971,7 @@ static int tegra_pcie_dw_host_init(struc + offset = dw_pcie_find_ext_capability(pci, PCI_EXT_CAP_ID_DLF); + val = dw_pcie_readl_dbi(pci, offset + PCI_DLF_CAP); + val &= ~PCI_DLF_EXCHANGE_ENABLE; +- dw_pcie_writel_dbi(pci, offset, val); ++ dw_pcie_writel_dbi(pci, offset + PCI_DLF_CAP, val); + + tegra_pcie_prepare_host(pp); + diff --git a/patches.suse/PM-runtime-Remove-link-state-checks-in-rpm_get-put_s.patch b/patches.suse/PM-runtime-Remove-link-state-checks-in-rpm_get-put_s.patch new file mode 100644 index 0000000..cd97530 --- /dev/null +++ b/patches.suse/PM-runtime-Remove-link-state-checks-in-rpm_get-put_s.patch @@ -0,0 +1,74 @@ +From d12544fb2aa9944b180c35914031a8384ab082c1 Mon Sep 17 00:00:00 2001 +From: Xiang Chen +Date: Tue, 22 Sep 2020 21:11:06 +0800 +Subject: [PATCH] PM: runtime: Remove link state checks in + rpm_get/put_supplier() +Git-commit: d12544fb2aa9944b180c35914031a8384ab082c1 +References: git-fixes +Patch-mainline: v5.10-rc1 + +To support runtime PM for hisi SAS driver (the driver is in directory +drivers/scsi/hisi_sas), we add device link between scsi_device->sdev_gendev +(consumer device) and hisi_hba->dev(supplier device) with flags +DL_FLAG_PM_RUNTIME | DL_FLAG_RPM_ACTIVE. + +After runtime suspended consumers and supplier, unload the dirver which +causes a hung. + +We found that it called function device_release_driver_internal() to +release the supplier device (hisi_hba->dev), as the device link was +busy, it set the device link state to DL_STATE_SUPPLIER_UNBIND, and +then it called device_release_driver_internal() to release the consumer +device (scsi_device->sdev_gendev). + +Then it would try to call pm_runtime_get_sync() to resume the consumer +device, but because consumer-supplier relation existed, it would try +to resume the supplier first, but as the link state was already +DL_STATE_SUPPLIER_UNBIND, so it skipped resuming the supplier and only +resumed the consumer which hanged (it sends IOs to resume scsi_device +while the SAS controller is suspended). + +Simple flow is as follows: + +device_release_driver_internal -> (supplier device) + if device_links_busy -> + device_links_unbind_consumers -> + ... + WRITE_ONCE(link->status, DL_STATE_SUPPLIER_UNBIND) + device_release_driver_internal (consumer device) + pm_runtime_get_sync -> (consumer device) + ... + __rpm_callback -> + rpm_get_suppliers -> + if link->state == DL_STATE_SUPPLIER_UNBIND -> skip the action of resuming the supplier + ... + pm_runtime_clean_up_links + ... + +Correct suspend/resume ordering between a supplier device and its consumer +devices (resume the supplier device before resuming consumer devices, and +suspend consumer devices before suspending the supplier device) should be +guaranteed by runtime PM, but the state checks in rpm_get_supplier() and +rpm_put_supplier() break this rule, so remove them. + +Signed-off-by: Xiang Chen +[ rjw: Subject and changelog edits ] +Cc: All applicable +Signed-off-by: Rafael J. Wysocki +Signed-off-by: Oliver Neukum +--- + drivers/base/power/runtime.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +--- a/drivers/base/power/runtime.c ++++ b/drivers/base/power/runtime.c +@@ -291,8 +291,7 @@ static int rpm_get_suppliers(struct devi + device_links_read_lock_held()) { + int retval; + +- if (!(link->flags & DL_FLAG_PM_RUNTIME) || +- READ_ONCE(link->status) == DL_STATE_SUPPLIER_UNBIND) ++ if (!(link->flags & DL_FLAG_PM_RUNTIME)) + continue; + + retval = pm_runtime_get_sync(link->supplier); diff --git a/patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch b/patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch index 220d221..da35069 100644 --- a/patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch +++ b/patches.suse/Revert-usb-dwc3-gadget-Use-list_replace_init-before-.patch @@ -21,24 +21,28 @@ Cc: Wesley Cheng Signed-off-by: Greg Kroah-Hartman Signed-off-by: Oliver Neukum --- - drivers/usb/dwc3/gadget.c | 18 ++---------------- - 1 file changed, 2 insertions(+), 16 deletions(-) + drivers/usb/dwc3/gadget.c | 17 ++--------------- + 1 file changed, 2 insertions(+), 15 deletions(-) --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c -@@ -1623,18 +1623,11 @@ static void dwc3_gadget_ep_cleanup_cance +@@ -1623,12 +1623,9 @@ static void dwc3_gadget_ep_cleanup_cance { struct dwc3_request *req; struct dwc3_request *tmp; - struct list_head local; + struct dwc3 *dwc = dep->dwc; - list_replace_init(&dep->cancelled_list, &local); -- -restart: - list_for_each_entry_safe(req, tmp, &local, list) { + list_for_each_entry_safe(req, tmp, &dep->cancelled_list, list) { dwc3_gadget_ep_skip_trbs(dep, req); - dwc3_gadget_giveback(dep, req, -ECONNRESET); + switch (req->status) { + case DWC3_REQUEST_STATUS_DISCONNECTED: +@@ -1646,9 +1643,6 @@ restart: + break; + } } - - if (!list_empty(&dep->cancelled_list)) @@ -46,21 +50,21 @@ Signed-off-by: Oliver Neukum } static int dwc3_gadget_ep_dequeue(struct usb_ep *ep, -@@ -2748,12 +2741,8 @@ static void dwc3_gadget_ep_cleanup_compl +@@ -2763,12 +2757,8 @@ static void dwc3_gadget_ep_cleanup_compl { struct dwc3_request *req; struct dwc3_request *tmp; - struct list_head local; - +- -restart: - list_replace_init(&dep->started_list, &local); -- + - list_for_each_entry_safe(req, tmp, &local, list) { + list_for_each_entry_safe(req, tmp, &dep->started_list, list) { int ret; ret = dwc3_gadget_ep_cleanup_completed_request(dep, event, -@@ -2761,9 +2750,6 @@ restart: +@@ -2776,9 +2766,6 @@ restart: if (ret) break; } diff --git a/patches.suse/USB-Follow-up-to-SPDX-identifiers-addition-remove-no.patch b/patches.suse/USB-Follow-up-to-SPDX-identifiers-addition-remove-no.patch new file mode 100644 index 0000000..a22068e --- /dev/null +++ b/patches.suse/USB-Follow-up-to-SPDX-identifiers-addition-remove-no.patch @@ -0,0 +1,293 @@ +From e3fa404a261bb8b7795b62be1b9af7b7dc1030f6 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 28 May 2022 16:59:17 +0200 +Subject: [PATCH] USB: Follow-up to SPDX identifiers addition - remove now useless comments +Git-commit: e3fa404a261bb8b7795b62be1b9af7b7dc1030f6 +Patch-mainline: v6.0-rc1 +References: git-fixes + +All these files have been updated in the commit given in the Fixes: tag +below. + +When the SPDX-License-Identifier: has been added, the corresponding text at +the beginning of the files has not been deleted. +All these texts are about GPL-2.0, with different variation in the wording. + +Remove these now useless lines to save some LoC. + +Fixes: 5fd54ace4721 ("USB: add SPDX identifiers to all remaining files in drivers/usb/") +Signed-off-by: Christophe JAILLET +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + include/linux/usb/audio-v2.h | 3 --- + include/linux/usb/audio.h | 3 --- + include/linux/usb/cdc-wdm.h | 4 ---- + include/linux/usb/cdc.h | 4 ---- + include/linux/usb/gadget.h | 2 -- + include/linux/usb/input.h | 4 ---- + include/linux/usb/isp1301.h | 10 ---------- + include/linux/usb/m66592.h | 14 -------------- + include/linux/usb/of.h | 2 -- + include/linux/usb/r8a66597.h | 14 -------------- + include/linux/usb/serial.h | 5 ----- + include/linux/usb/storage.h | 2 -- + include/linux/usb/tegra_usb_phy.h | 10 ---------- + include/linux/usb/ulpi.h | 4 ---- + include/linux/usb/xhci-dbgp.h | 4 ---- + 15 files changed, 85 deletions(-) + +diff --git a/include/linux/usb/audio-v2.h b/include/linux/usb/audio-v2.h +index 8fc2abd7aecb..ca796dc1a984 100644 +--- a/include/linux/usb/audio-v2.h ++++ b/include/linux/usb/audio-v2.h +@@ -2,9 +2,6 @@ + /* + * Copyright (c) 2010 Daniel Mack + * +- * This software is distributed under the terms of the GNU General Public +- * License ("GPL") version 2, as published by the Free Software Foundation. +- * + * This file holds USB constants and structures defined + * by the USB Device Class Definition for Audio Devices in version 2.0. + * Comments below reference relevant sections of the documents contained +diff --git a/include/linux/usb/audio.h b/include/linux/usb/audio.h +index 170acd500ea1..0747b24a1a7c 100644 +--- a/include/linux/usb/audio.h ++++ b/include/linux/usb/audio.h +@@ -6,9 +6,6 @@ + * Developed for Thumtronics by Grey Innovation + * Ben Williamson + * +- * This software is distributed under the terms of the GNU General Public +- * License ("GPL") version 2, as published by the Free Software Foundation. +- * + * This file holds USB constants and structures defined + * by the USB Device Class Definition for Audio Devices. + * Comments below reference relevant sections of that document: +diff --git a/include/linux/usb/cdc-wdm.h b/include/linux/usb/cdc-wdm.h +index 9f5a51f79ba5..85417f00a89a 100644 +--- a/include/linux/usb/cdc-wdm.h ++++ b/include/linux/usb/cdc-wdm.h +@@ -3,10 +3,6 @@ + * USB CDC Device Management subdriver + * + * Copyright (c) 2012 Bjørn Mork +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * version 2 as published by the Free Software Foundation. + */ + + #ifndef __LINUX_USB_CDC_WDM_H +diff --git a/include/linux/usb/cdc.h b/include/linux/usb/cdc.h +index 35d784cf32a4..0af0db51bc89 100644 +--- a/include/linux/usb/cdc.h ++++ b/include/linux/usb/cdc.h +@@ -3,10 +3,6 @@ + * USB CDC common helpers + * + * Copyright (c) 2015 Oliver Neukum +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * version 2 as published by the Free Software Foundation. + */ + #ifndef __LINUX_USB_CDC_H + #define __LINUX_USB_CDC_H +diff --git a/include/linux/usb/gadget.h b/include/linux/usb/gadget.h +index 3ad58b7a0824..dc3092cea99e 100644 +--- a/include/linux/usb/gadget.h ++++ b/include/linux/usb/gadget.h +@@ -10,8 +10,6 @@ + * + * (C) Copyright 2002-2004 by David Brownell + * All Rights Reserved. +- * +- * This software is licensed under the GNU GPL version 2. + */ + + #ifndef __LINUX_USB_GADGET_H +diff --git a/include/linux/usb/input.h b/include/linux/usb/input.h +index 974befa72ac0..5e759b2cf551 100644 +--- a/include/linux/usb/input.h ++++ b/include/linux/usb/input.h +@@ -1,10 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + /* + * Copyright (C) 2005 Dmitry Torokhov +- * +- * This program is free software; you can redistribute it and/or modify it +- * under the terms of the GNU General Public License version 2 as published by +- * the Free Software Foundation. + */ + + #ifndef __LINUX_USB_INPUT_H +diff --git a/include/linux/usb/isp1301.h b/include/linux/usb/isp1301.h +index dedb3b2473e8..fa986b926a12 100644 +--- a/include/linux/usb/isp1301.h ++++ b/include/linux/usb/isp1301.h +@@ -3,16 +3,6 @@ + * NXP ISP1301 USB transceiver driver + * + * Copyright (C) 2012 Roland Stigge +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; version 2 of the License. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * + */ + + #ifndef __LINUX_USB_ISP1301_H +diff --git a/include/linux/usb/m66592.h b/include/linux/usb/m66592.h +index 2dfe68183495..5f04de2b47fd 100644 +--- a/include/linux/usb/m66592.h ++++ b/include/linux/usb/m66592.h +@@ -3,20 +3,6 @@ + * M66592 driver platform data + * + * Copyright (C) 2009 Renesas Solutions Corp. +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; version 2 of the License. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; if not, write to the Free Software +- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +- * + */ + + #ifndef __LINUX_USB_M66592_H +diff --git a/include/linux/usb/of.h b/include/linux/usb/of.h +index dba55ccb9b53..98487fd7ab11 100644 +--- a/include/linux/usb/of.h ++++ b/include/linux/usb/of.h +@@ -1,8 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + /* + * OF helpers for usb devices. +- * +- * This file is released under the GPLv2 + */ + + #ifndef __LINUX_USB_OF_H +diff --git a/include/linux/usb/r8a66597.h b/include/linux/usb/r8a66597.h +index c0753d026bbf..f0fa7ddadbaa 100644 +--- a/include/linux/usb/r8a66597.h ++++ b/include/linux/usb/r8a66597.h +@@ -5,20 +5,6 @@ + * Copyright (C) 2009 Renesas Solutions Corp. + * + * Author : Yoshihiro Shimoda +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; version 2 of the License. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * +- * You should have received a copy of the GNU General Public License +- * along with this program; if not, write to the Free Software +- * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA +- * + */ + + #ifndef __LINUX_USB_R8A66597_H +diff --git a/include/linux/usb/serial.h b/include/linux/usb/serial.h +index 16ea5a4cc586..8ea319f89e1f 100644 +--- a/include/linux/usb/serial.h ++++ b/include/linux/usb/serial.h +@@ -4,11 +4,6 @@ + * + * Copyright (C) 1999 - 2012 + * Greg Kroah-Hartman (greg@kroah.com) +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License as published by +- * the Free Software Foundation; version 2 of the License. +- * + */ + + #ifndef __LINUX_USB_SERIAL_H +diff --git a/include/linux/usb/storage.h b/include/linux/usb/storage.h +index e0240f864548..2827ce72e502 100644 +--- a/include/linux/usb/storage.h ++++ b/include/linux/usb/storage.h +@@ -9,8 +9,6 @@ + * + * This file contains definitions taken from the + * USB Mass Storage Class Specification Overview +- * +- * Distributed under the terms of the GNU GPL, version two. + */ + + /* Storage subclass codes */ +diff --git a/include/linux/usb/tegra_usb_phy.h b/include/linux/usb/tegra_usb_phy.h +index d3e65eb9e16f..46e73584b6e6 100644 +--- a/include/linux/usb/tegra_usb_phy.h ++++ b/include/linux/usb/tegra_usb_phy.h +@@ -1,16 +1,6 @@ + // SPDX-License-Identifier: GPL-2.0 + /* + * Copyright (C) 2010 Google, Inc. +- * +- * This software is licensed under the terms of the GNU General Public +- * License version 2, as published by the Free Software Foundation, and +- * may be copied, distributed, and modified under those terms. +- * +- * This program is distributed in the hope that it will be useful, +- * but WITHOUT ANY WARRANTY; without even the implied warranty of +- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- * GNU General Public License for more details. +- * + */ + + #ifndef __TEGRA_USB_PHY_H +diff --git a/include/linux/usb/ulpi.h b/include/linux/usb/ulpi.h +index 36c2982780ad..5050f502c1ed 100644 +--- a/include/linux/usb/ulpi.h ++++ b/include/linux/usb/ulpi.h +@@ -3,10 +3,6 @@ + * ulpi.h -- ULPI defines and function prorotypes + * + * Copyright (C) 2010 Nokia Corporation +- * +- * This software is distributed under the terms of the GNU General +- * Public License ("GPL") as published by the Free Software Foundation, +- * version 2 of that License. + */ + + #ifndef __LINUX_USB_ULPI_H +diff --git a/include/linux/usb/xhci-dbgp.h b/include/linux/usb/xhci-dbgp.h +index 01fe768873f9..171fd74b1cfc 100644 +--- a/include/linux/usb/xhci-dbgp.h ++++ b/include/linux/usb/xhci-dbgp.h +@@ -5,10 +5,6 @@ + * Copyright (C) 2016 Intel Corporation + * + * Author: Lu Baolu +- * +- * This program is free software; you can redistribute it and/or modify +- * it under the terms of the GNU General Public License version 2 as +- * published by the Free Software Foundation. + */ + + #ifndef __LINUX_XHCI_DBGP_H +-- +2.35.3 + diff --git a/patches.suse/USB-serial-fix-tty-port-initialized-comments.patch b/patches.suse/USB-serial-fix-tty-port-initialized-comments.patch new file mode 100644 index 0000000..df9c70a --- /dev/null +++ b/patches.suse/USB-serial-fix-tty-port-initialized-comments.patch @@ -0,0 +1,66 @@ +From 688ee1d1785c1359f9040f615dd8e6054962bce2 Mon Sep 17 00:00:00 2001 +From: Johan Hovold +Date: Mon, 25 Jul 2022 10:44:57 +0200 +Subject: [PATCH] USB: serial: fix tty-port initialized comments +Git-commit: 688ee1d1785c1359f9040f615dd8e6054962bce2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Fix up the tty-port initialized comments which got truncated and +obfuscated when replacing the old ASYNCB_INITIALIZED flag. + +Fixes: d41861ca19c9 ("tty: Replace ASYNC_INITIALIZED bit and update atomically") +Reviewed-by: Greg Kroah-Hartman +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/sierra.c | 3 ++- + drivers/usb/serial/usb-serial.c | 2 +- + drivers/usb/serial/usb_wwan.c | 3 ++- + 3 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/drivers/usb/serial/sierra.c b/drivers/usb/serial/sierra.c +index 525c7f888c90..353b2549eaa8 100644 +--- a/drivers/usb/serial/sierra.c ++++ b/drivers/usb/serial/sierra.c +@@ -735,7 +735,8 @@ static void sierra_close(struct usb_serial_port *port) + + /* + * Need to take susp_lock to make sure port is not already being +- * resumed, but no need to hold it due to initialized ++ * resumed, but no need to hold it due to the tty-port initialized ++ * flag. + */ + spin_lock_irq(&intfdata->susp_lock); + if (--intfdata->open_ports == 0) +diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c +index 24101bd7fcad..e35bea2235c1 100644 +--- a/drivers/usb/serial/usb-serial.c ++++ b/drivers/usb/serial/usb-serial.c +@@ -295,7 +295,7 @@ static int serial_open(struct tty_struct *tty, struct file *filp) + * + * Shut down a USB serial port. Serialized against activate by the + * tport mutex and kept to matching open/close pairs +- * of calls by the initialized flag. ++ * of calls by the tty-port initialized flag. + * + * Not called if tty is console. + */ +diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c +index dab38b63eaf7..cc81ab7ef4da 100644 +--- a/drivers/usb/serial/usb_wwan.c ++++ b/drivers/usb/serial/usb_wwan.c +@@ -388,7 +388,8 @@ void usb_wwan_close(struct usb_serial_port *port) + + /* + * Need to take susp_lock to make sure port is not already being +- * resumed, but no need to hold it due to initialized ++ * resumed, but no need to hold it due to the tty-port initialized ++ * flag. + */ + spin_lock_irq(&intfdata->susp_lock); + if (--intfdata->open_ports == 0) +-- +2.35.3 + diff --git a/patches.suse/USB-serial-ftdi_sio-add-Belimo-device-ids.patch b/patches.suse/USB-serial-ftdi_sio-add-Belimo-device-ids.patch new file mode 100644 index 0000000..04e286c --- /dev/null +++ b/patches.suse/USB-serial-ftdi_sio-add-Belimo-device-ids.patch @@ -0,0 +1,54 @@ +From 7c239a071d1f04b7137789810807b4108d475c72 Mon Sep 17 00:00:00 2001 +From: Lucien Buchmann +Date: Sat, 25 Jun 2022 02:17:44 +0200 +Subject: [PATCH] USB: serial: ftdi_sio: add Belimo device ids +Git-commit: 7c239a071d1f04b7137789810807b4108d475c72 +Patch-mainline: v5.19-rc7 +References: git-fixes + +Those two product ids are known. + +Signed-off-by: Lucien Buchmann +Cc: stable@vger.kernel.org +Signed-off-by: Johan Hovold +Acked-by: Takashi Iwai + +--- + drivers/usb/serial/ftdi_sio.c | 3 +++ + drivers/usb/serial/ftdi_sio_ids.h | 6 ++++++ + 2 files changed, 9 insertions(+) + +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index b440d338a895..d5a3986dfee7 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -1023,6 +1023,9 @@ static const struct usb_device_id id_table_combined[] = { + { USB_DEVICE(FTDI_VID, CHETCO_SEASMART_DISPLAY_PID) }, + { USB_DEVICE(FTDI_VID, CHETCO_SEASMART_LITE_PID) }, + { USB_DEVICE(FTDI_VID, CHETCO_SEASMART_ANALOG_PID) }, ++ /* Belimo Automation devices */ ++ { USB_DEVICE(FTDI_VID, BELIMO_ZTH_PID) }, ++ { USB_DEVICE(FTDI_VID, BELIMO_ZIP_PID) }, + /* ICP DAS I-756xU devices */ + { USB_DEVICE(ICPDAS_VID, ICPDAS_I7560U_PID) }, + { USB_DEVICE(ICPDAS_VID, ICPDAS_I7561U_PID) }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index d1a9564697a4..4e92c165c86b 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -1568,6 +1568,12 @@ + #define CHETCO_SEASMART_LITE_PID 0xA5AE /* SeaSmart Lite USB Adapter */ + #define CHETCO_SEASMART_ANALOG_PID 0xA5AF /* SeaSmart Analog Adapter */ + ++/* ++ * Belimo Automation ++ */ ++#define BELIMO_ZTH_PID 0x8050 ++#define BELIMO_ZIP_PID 0xC811 ++ + /* + * Unjo AB + */ +-- +2.35.3 + diff --git a/patches.suse/amd-xgbe-Update-DMA-coherency-values.patch b/patches.suse/amd-xgbe-Update-DMA-coherency-values.patch new file mode 100644 index 0000000..b9918d7 --- /dev/null +++ b/patches.suse/amd-xgbe-Update-DMA-coherency-values.patch @@ -0,0 +1,41 @@ +From e33dcd2ffe8bd819e792411296700a395e98e7c1 Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Thu, 25 Mar 2021 08:39:12 +0530 +Subject: [PATCH 11/17] amd-xgbe: Update DMA coherency values +Git-commit: d75135082698140a26a56defe1bbc1b06f26a41f +References: git-fixes +Patch-mainline: v5.12-rc7 + +Based on the IOMMU configuration, the current cache control settings can +result in possible coherency issues. The hardware team has recommended +new settings for the PCI device path to eliminate the issue. + +Fixes: 6f595959c095 ("amd-xgbe: Adjust register settings to improve performance") +Signed-off-by: Shyam Sundar S K +Acked-by: Tom Lendacky +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/amd/xgbe/xgbe.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe.h b/drivers/net/ethernet/amd/xgbe/xgbe.h +index 47bcbcf58048..0c93a552b921 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe.h ++++ b/drivers/net/ethernet/amd/xgbe/xgbe.h +@@ -181,9 +181,9 @@ + #define XGBE_DMA_SYS_AWCR 0x30303030 + + /* DMA cache settings - PCI device */ +-#define XGBE_DMA_PCI_ARCR 0x00000003 +-#define XGBE_DMA_PCI_AWCR 0x13131313 +-#define XGBE_DMA_PCI_AWARCR 0x00000313 ++#define XGBE_DMA_PCI_ARCR 0x000f0f0f ++#define XGBE_DMA_PCI_AWCR 0x0f0f0f0f ++#define XGBE_DMA_PCI_AWARCR 0x00000f0f + + /* DMA channel interrupt modes */ + #define XGBE_IRQ_MODE_EDGE 0 +-- +2.16.4 + diff --git a/patches.suse/arm64-Extend-workaround-for-erratum-1024718-to-all-versions-of-Cortex-A55.patch b/patches.suse/arm64-Extend-workaround-for-erratum-1024718-to-all-versions-of-Cortex-A55.patch new file mode 100644 index 0000000..4fb450d --- /dev/null +++ b/patches.suse/arm64-Extend-workaround-for-erratum-1024718-to-all-versions-of-Cortex-A55.patch @@ -0,0 +1,51 @@ +From: Suzuki K Poulose +Date: Wed, 3 Feb 2021 23:00:57 +0000 +Subject: arm64: Extend workaround for erratum 1024718 to all versions of + Cortex-A55 +Git-commit: c0b15c25d25171db4b70cc0b7dbc1130ee94017d +Patch-mainline: v5.12-rc1 +References: git-fixes + +The erratum 1024718 affects Cortex-A55 r0p0 to r2p0. However +we apply the work around for r0p0 - r1p0. Unfortunately this +won't be fixed for the future revisions for the CPU. Thus +extend the work around for all versions of A55, to cover +for r2p0 and any future revisions. + +Cc: stable@vger.kernel.org +Cc: Catalin Marinas +Cc: Will Deacon +Cc: James Morse +Cc: Kunihiko Hayashi +Signed-off-by: Suzuki K Poulose +Link: https://lore.kernel.org/r/20210203230057.3961239-1-suzuki.poulose@arm.com +[will: Update Kconfig help text] +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/Kconfig | 2 +- + arch/arm64/kernel/cpufeature.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/arm64/Kconfig ++++ b/arch/arm64/Kconfig +@@ -494,7 +494,7 @@ config ARM64_ERRATUM_1024718 + help + This option adds a workaround for ARM Cortex-A55 Erratum 1024718. + +- Affected Cortex-A55 cores (r0p0, r0p1, r1p0) could cause incorrect ++ Affected Cortex-A55 cores (all revisions) could cause incorrect + update of the hardware dirty bit when the DBM/AP bits are updated + without a break-before-make. The workaround is to disable the usage + of hardware DBM locally on the affected cores. CPUs not affected by +--- a/arch/arm64/kernel/cpufeature.c ++++ b/arch/arm64/kernel/cpufeature.c +@@ -1131,7 +1131,7 @@ static bool cpu_has_broken_dbm(void) + /* List of CPUs which have broken DBM support. */ + static const struct midr_range cpus[] = { + #ifdef CONFIG_ARM64_ERRATUM_1024718 +- MIDR_RANGE(MIDR_CORTEX_A55, 0, 0, 1, 0), // A55 r0p0 -r1p0 ++ MIDR_ALL_VERSIONS(MIDR_CORTEX_A55), + #endif + {}, + }; diff --git a/patches.suse/arm64-asm-Add-new-style-position-independent-function-annotations.patch b/patches.suse/arm64-asm-Add-new-style-position-independent-function-annotations.patch new file mode 100644 index 0000000..24bdb70 --- /dev/null +++ b/patches.suse/arm64-asm-Add-new-style-position-independent-function-annotations.patch @@ -0,0 +1,61 @@ +From: Mark Brown +Date: Mon, 6 Jan 2020 19:58:16 +0000 +Subject: arm64: asm: Add new-style position independent function annotations +Git-commit: 35e61c77ef386555f3df1bc2057098c6997ca10b +Patch-mainline: v5.6-rc1 +References: git-fixes + +As part of an effort to make the annotations in assembly code clearer and +more consistent new macros have been introduced, including replacements +for ENTRY() and ENDPROC(). + +On arm64 we have ENDPIPROC(), a custom version of ENDPROC() which is +used for code that will need to run in position independent environments +like EFI, it creates an alias for the function with the prefix __pi_ and +then emits the standard ENDPROC. Add new-style macros to replace this +which expand to the standard SYM_FUNC_*() and SYM_FUNC_ALIAS_*(), +resulting in the same object code. These are added in linkage.h for +consistency with where the generic assembler code has its macros. + +Signed-off-by: Mark Brown +[will: Rename 'WEAK' macro, use ';' instead of ASM_NL, deprecate ENDPIPROC] +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/assembler.h | 1 + + arch/arm64/include/asm/linkage.h | 16 ++++++++++++++++ + 2 files changed, 17 insertions(+) + +--- a/arch/arm64/include/asm/assembler.h ++++ b/arch/arm64/include/asm/assembler.h +@@ -473,6 +473,7 @@ USER(\label, ic ivau, \tmp2) // invali + .endm + + /* ++ * Deprecated! Use SYM_FUNC_{START,START_WEAK,END}_PI instead. + * Annotate a function as position independent, i.e., safe to be called before + * the kernel virtual mapping is activated. + */ +--- a/arch/arm64/include/asm/linkage.h ++++ b/arch/arm64/include/asm/linkage.h +@@ -4,4 +4,20 @@ + #define __ALIGN .align 2 + #define __ALIGN_STR ".align 2" + ++/* ++ * Annotate a function as position independent, i.e., safe to be called before ++ * the kernel virtual mapping is activated. ++ */ ++#define SYM_FUNC_START_PI(x) \ ++ SYM_FUNC_START_ALIAS(__pi_##x); \ ++ SYM_FUNC_START(x) ++ ++#define SYM_FUNC_START_WEAK_PI(x) \ ++ SYM_FUNC_START_ALIAS(__pi_##x); \ ++ SYM_FUNC_START_WEAK(x) ++ ++#define SYM_FUNC_END_PI(x) \ ++ SYM_FUNC_END(x); \ ++ SYM_FUNC_END_ALIAS(__pi_##x) ++ + #endif diff --git a/patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch b/patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch index 5622e24..d25cb06 100644 --- a/patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch +++ b/patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch @@ -24,13 +24,13 @@ Acked-by: Ivan T. Ivanov +++ b/arch/arm64/lib/clear_page.S @@ -16,6 +16,7 @@ */ - ENTRY(clear_page) + SYM_FUNC_START(clear_page) mrs x1, dczid_el0 + tbnz x1, #4, 2f /* Branch if DC ZVA is prohibited */ and w1, w1, #0xf mov x2, #4 lsl x1, x2, x1 -@@ -25,5 +26,14 @@ ENTRY(clear_page) +@@ -25,5 +26,14 @@ SYM_FUNC_START(clear_page) tst x0, #(PAGE_SIZE - 1) b.ne 1b ret @@ -43,5 +43,5 @@ Acked-by: Ivan T. Ivanov + tst x0, #(PAGE_SIZE - 1) + b.ne 2b + ret - ENDPROC(clear_page) + SYM_FUNC_END(clear_page) EXPORT_SYMBOL(clear_page) diff --git a/patches.suse/arm64-compat-Ensure-upper-32-bits-of-x0-are-zero-on-syscall-return.patch b/patches.suse/arm64-compat-Ensure-upper-32-bits-of-x0-are-zero-on-syscall-return.patch new file mode 100644 index 0000000..5c81899 --- /dev/null +++ b/patches.suse/arm64-compat-Ensure-upper-32-bits-of-x0-are-zero-on-syscall-return.patch @@ -0,0 +1,67 @@ +From: Will Deacon +Date: Fri, 3 Jul 2020 12:08:42 +0100 +Subject: arm64: compat: Ensure upper 32 bits of x0 are zero on syscall return +Git-commit: 15956689a0e60aa0c795174f3c310b60d8794235 +Patch-mainline: v5.8-rc6 +References: git-fixes + +Although we zero the upper bits of x0 on entry to the kernel from an +AArch32 task, we do not clear them on the exception return path and can +therefore expose 64-bit sign extended syscall return values to userspace +via interfaces such as the 'perf_regs' ABI, which deal exclusively with +64-bit registers. + +Explicitly clear the upper 32 bits of x0 on return from a compat system +call. + +Cc: +Cc: Mark Rutland +Cc: Keno Fischer +Cc: Luis Machado +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/syscall.h | 12 +++++++++++- + arch/arm64/kernel/syscall.c | 3 +++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +--- a/arch/arm64/include/asm/syscall.h ++++ b/arch/arm64/include/asm/syscall.h +@@ -34,6 +34,10 @@ static inline long syscall_get_error(str + struct pt_regs *regs) + { + unsigned long error = regs->regs[0]; ++ ++ if (is_compat_thread(task_thread_info(task))) ++ error = sign_extend64(error, 31); ++ + return IS_ERR_VALUE(error) ? error : 0; + } + +@@ -47,7 +51,13 @@ static inline void syscall_set_return_va + struct pt_regs *regs, + int error, long val) + { +- regs->regs[0] = (long) error ? error : val; ++ if (error) ++ val = error; ++ ++ if (is_compat_thread(task_thread_info(task))) ++ val = lower_32_bits(val); ++ ++ regs->regs[0] = val; + } + + #define SYSCALL_MAX_ARGS 6 +--- a/arch/arm64/kernel/syscall.c ++++ b/arch/arm64/kernel/syscall.c +@@ -50,6 +50,9 @@ static void invoke_syscall(struct pt_reg + ret = do_ni_syscall(regs, scno); + } + ++ if (is_compat_task()) ++ ret = lower_32_bits(ret); ++ + regs->regs[0] = ret; + } + diff --git a/patches.suse/arm64-dts-marvell-armada-37xx-Set-pcie_reset_pin-to-gpio-function.patch b/patches.suse/arm64-dts-marvell-armada-37xx-Set-pcie_reset_pin-to-gpio-function.patch new file mode 100644 index 0000000..4500645 --- /dev/null +++ b/patches.suse/arm64-dts-marvell-armada-37xx-Set-pcie_reset_pin-to-gpio-function.patch @@ -0,0 +1,81 @@ +From: =?utf-8?b?TWFyZWsgQmVow7puIDxtYXJlay5iZWh1bkBuaWMuY3o+?= +Date: Thu, 30 Apr 2020 10:06:23 +0200 +Subject: arm64: dts: marvell: armada-37xx: Set pcie_reset_pin to gpio function +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 715878016984b2617f6c1f177c50039e12e7bd5b +Patch-mainline: v5.8-rc1 +References: git-fixes + +We found out that we are unable to control the PERST# signal via the +default pin dedicated to be PERST# pin (GPIO2[3] pin) on A3700 SOC when +this pin is in EP_PCIE1_Resetn mode. There is a register in the PCIe +register space called PERSTN_GPIO_EN (D0088004[3]), but changing the +value of this register does not change the pin output when measuring +with voltmeter. + +We do not know if this is a bug in the SOC, or if it works only when +PCIe controller is in a certain state. + +Commit f4c7d053d7f7 ("PCI: aardvark: Wait for endpoint to be ready +before training link") says that when this pin changes pinctrl mode +from EP_PCIE1_Resetn to GPIO, the PERST# signal is asserted for a brief +moment. + +So currently the situation is that on A3700 boards the PERST# signal is +asserted in U-Boot (because the code in U-Boot issues reset via this pin +via GPIO mode), and then in Linux by the obscure and undocumented +mechanism described by the above mentioned commit. + +We want to issue PERST# signal in a known way, therefore this patch +changes the pcie_reset_pin function from "pcie" to "gpio" and adds the +reset-gpios property to the PCIe node in device tree files of +EspressoBin and Armada 3720 Dev Board (Turris Mox device tree already +has this property and uDPU does not have a PCIe port). + +Signed-off-by: Marek Behún +Cc: Remi Pommarel +Tested-by: Tomasz Maciej Nowak +Acked-by: Thomas Petazzoni +Signed-off-by: Gregory CLEMENT +Acked-by: Ivan T. Ivanov +--- + arch/arm64/boot/dts/marvell/armada-3720-db.dts | 3 +++ + arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts | 1 + + arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 2 +- + 3 files changed, 5 insertions(+), 1 deletion(-) + +--- a/arch/arm64/boot/dts/marvell/armada-3720-db.dts ++++ b/arch/arm64/boot/dts/marvell/armada-3720-db.dts +@@ -128,6 +128,9 @@ + + /* CON15(V2.0)/CON17(V1.4) : PCIe / CON15(V2.0)/CON12(V1.4) :mini-PCIe */ + &pcie0 { ++ pinctrl-names = "default"; ++ pinctrl-0 = <&pcie_reset_pins &pcie_clkreq_pins>; ++ reset-gpios = <&gpiosb 3 GPIO_ACTIVE_LOW>; + status = "okay"; + }; + +--- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts ++++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts +@@ -55,6 +55,7 @@ + phys = <&comphy1 0>; + pinctrl-names = "default"; + pinctrl-0 = <&pcie_reset_pins &pcie_clkreq_pins>; ++ reset-gpios = <&gpiosb 3 GPIO_ACTIVE_LOW>; + }; + + /* J6 */ +--- a/arch/arm64/boot/dts/marvell/armada-37xx.dtsi ++++ b/arch/arm64/boot/dts/marvell/armada-37xx.dtsi +@@ -312,7 +312,7 @@ + + pcie_reset_pins: pcie-reset-pins { + groups = "pcie1"; +- function = "pcie"; ++ function = "gpio"; + }; + + pcie_clkreq_pins: pcie-clkreq-pins { diff --git a/patches.suse/arm64-dts-marvell-espressobin-Add-ethernet-switch-aliases.patch b/patches.suse/arm64-dts-marvell-espressobin-Add-ethernet-switch-aliases.patch new file mode 100644 index 0000000..a5adebe --- /dev/null +++ b/patches.suse/arm64-dts-marvell-espressobin-Add-ethernet-switch-aliases.patch @@ -0,0 +1,81 @@ +From: =?utf-8?b?UGFsaSBSb2jDoXIgPHBhbGlAa2VybmVsLm9yZz4=?= +Date: Mon, 7 Sep 2020 13:27:17 +0200 +Subject: arm64: dts: marvell: espressobin: Add ethernet switch aliases +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: b64d814257b027e29a474bcd660f6372490138c7 +Patch-mainline: v5.10-rc2 +References: git-fixes + +Espressobin boards have 3 ethernet ports and some of them got assigned more +then one MAC address. MAC addresses are stored in U-Boot environment. + +Since commit a2c7023f7075c ("net: dsa: read mac address from DT for slave +device") kernel can use MAC addresses from DT for particular DSA port. + +Currently Espressobin DTS file contains alias just for ethernet0. + +This patch defines additional ethernet aliases in Espressobin DTS files, so +bootloader can fill correct MAC address for DSA switch ports if more MAC +addresses were specified. + +DT alias ethernet1 is used for wan port, DT aliases ethernet2 and ethernet3 +are used for lan ports for both Espressobin revisions (V5 and V7). + +Fixes: 5253cb8c00a6f ("arm64: dts: marvell: espressobin: add ethernet alias") +Cc: # a2c7023f7075c: dsa: read mac address +Signed-off-by: Pali Rohár +Reviewed-by: Andrew Lunn +Reviewed-by: Andre Heider +Signed-off-by: Gregory CLEMENT +Acked-by: Ivan T. Ivanov +--- + arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts ++++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts +@@ -21,6 +21,10 @@ + + aliases { + ethernet0 = ð0; ++ /* for dsa slave device */ ++ ethernet1 = &switch0port1; ++ ethernet2 = &switch0port2; ++ ethernet3 = &switch0port3; + serial0 = &uart0; + serial1 = &uart1; + }; +@@ -148,7 +152,7 @@ + #address-cells = <1>; + #size-cells = <0>; + +- port@0 { ++ switch0port0: port@0 { + reg = <0>; + label = "cpu"; + ethernet = <ð0>; +@@ -159,19 +163,19 @@ + }; + }; + +- port@1 { ++ switch0port1: port@1 { + reg = <1>; + label = "wan"; + phy-handle = <&switch0phy0>; + }; + +- port@2 { ++ switch0port2: port@2 { + reg = <2>; + label = "lan0"; + phy-handle = <&switch0phy1>; + }; + +- port@3 { ++ switch0port3: port@3 { + reg = <3>; + label = "lan1"; + phy-handle = <&switch0phy2>; diff --git a/patches.suse/arm64-dts-marvell-espressobin-add-ethernet-alias.patch b/patches.suse/arm64-dts-marvell-espressobin-add-ethernet-alias.patch new file mode 100644 index 0000000..8b20014 --- /dev/null +++ b/patches.suse/arm64-dts-marvell-espressobin-add-ethernet-alias.patch @@ -0,0 +1,33 @@ +From: Tomasz Maciej Nowak +Date: Thu, 27 Feb 2020 17:52:32 +0100 +Subject: arm64: dts: marvell: espressobin: add ethernet alias +Git-commit: 5253cb8c00a6f4356760efb38bca0e0393aa06de +Patch-mainline: v5.7-rc1 +References: git-fixes + +The maker of this board and its variants, stores MAC address in U-Boot +environment. Add alias for bootloader to recognise, to which ethernet +node inject the factory MAC address. + +Signed-off-by: Tomasz Maciej Nowak +Signed-off-by: Gregory CLEMENT +Acked-by: Ivan T. Ivanov +--- + arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts | 6 ++++++ + 1 file changed, 6 insertions(+) + +--- a/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts ++++ b/arch/arm64/boot/dts/marvell/armada-3720-espressobin.dts +@@ -19,6 +19,12 @@ + model = "Globalscale Marvell ESPRESSOBin Board"; + compatible = "globalscale,espressobin", "marvell,armada3720", "marvell,armada3710"; + ++ aliases { ++ ethernet0 = ð0; ++ serial0 = &uart0; ++ serial1 = &uart1; ++ }; ++ + chosen { + stdout-path = "serial0:115200n8"; + }; diff --git a/patches.suse/arm64-dts-mcbin-support-2W-SFP-modules.patch b/patches.suse/arm64-dts-mcbin-support-2W-SFP-modules.patch new file mode 100644 index 0000000..d55d401 --- /dev/null +++ b/patches.suse/arm64-dts-mcbin-support-2W-SFP-modules.patch @@ -0,0 +1,43 @@ +From: Russell King +Date: Thu, 27 Feb 2020 12:08:58 +0000 +Subject: arm64: dts: mcbin: support 2W SFP modules +Git-commit: 05abc6a5dec2a8c123a50235ecd1ad8d75ffa7b4 +Patch-mainline: v5.7-rc1 +References: git-fixes + +Allow the SFP cages to be used with 2W SFP modules. + +Signed-off-by: Russell King +Reviewed-by: Andrew Lunn +Signed-off-by: Gregory CLEMENT +Acked-by: Ivan T. Ivanov +--- + arch/arm64/boot/dts/marvell/armada-8040-mcbin.dtsi | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/arch/arm64/boot/dts/marvell/armada-8040-mcbin.dtsi ++++ b/arch/arm64/boot/dts/marvell/armada-8040-mcbin.dtsi +@@ -76,6 +76,7 @@ + tx-fault-gpio = <&cp1_gpio1 26 GPIO_ACTIVE_HIGH>; + pinctrl-names = "default"; + pinctrl-0 = <&cp1_sfpp0_pins>; ++ maximum-power-milliwatt = <2000>; + }; + + sfp_eth1: sfp-eth1 { +@@ -88,6 +89,7 @@ + tx-fault-gpio = <&cp0_gpio2 30 GPIO_ACTIVE_HIGH>; + pinctrl-names = "default"; + pinctrl-0 = <&cp1_sfpp1_pins &cp0_sfpp1_pins>; ++ maximum-power-milliwatt = <2000>; + }; + + sfp_eth3: sfp-eth3 { +@@ -100,6 +102,7 @@ + tx-fault-gpio = <&cp0_gpio2 19 GPIO_ACTIVE_HIGH>; + pinctrl-names = "default"; + pinctrl-0 = <&cp0_sfp_1g_pins &cp1_sfp_1g_pins>; ++ maximum-power-milliwatt = <2000>; + }; + }; + diff --git a/patches.suse/arm64-fix-compat-syscall-return-truncation.patch b/patches.suse/arm64-fix-compat-syscall-return-truncation.patch new file mode 100644 index 0000000..d368ded --- /dev/null +++ b/patches.suse/arm64-fix-compat-syscall-return-truncation.patch @@ -0,0 +1,171 @@ +From: Mark Rutland +Date: Mon, 2 Aug 2021 11:42:00 +0100 +Subject: arm64: fix compat syscall return truncation +Git-commit: e30e8d46cf605d216a799a28c77b8a41c328613a +Patch-mainline: v5.14-rc5 +References: git-fixes + +Due to inconsistencies in the way we manipulate compat GPRs, we have a +few issues today: + +* For audit and tracing, where error codes are handled as a (native) + long, negative error codes are expected to be sign-extended to the + native 64-bits, or they may fail to be matched correctly. Thus a + syscall which fails with an error may erroneously be identified as + failing. + +* For ptrace, *all* compat return values should be sign-extended for + consistency with 32-bit arm, but we currently only do this for + negative return codes. + +* As we may transiently set the upper 32 bits of some compat GPRs while + in the kernel, these can be sampled by perf, which is somewhat + confusing. This means that where a syscall returns a pointer above 2G, + this will be sign-extended, but will not be mistaken for an error as + error codes are constrained to the inclusive range [-4096, -1] where + no user pointer can exist. + +To fix all of these, we must consistently use helpers to get/set the +compat GPRs, ensuring that we never write the upper 32 bits of the +return code, and always sign-extend when reading the return code. This +patch does so, with the following changes: + +* We re-organise syscall_get_return_value() to always sign-extend for + compat tasks, and reimplement syscall_get_error() atop. We update + syscall_trace_exit() to use syscall_get_return_value(). + +* We consistently use syscall_set_return_value() to set the return + value, ensureing the upper 32 bits are never set unexpectedly. + +* As the core audit code currently uses regs_return_value() rather than + syscall_get_return_value(), we special-case this for + compat_user_mode(regs) such that this will do the right thing. Going + forward, we should try to move the core audit code over to + syscall_get_return_value(). + +Cc: +Reported-by: He Zhe +Reported-by: weiyuchen +Cc: Catalin Marinas +Cc: Will Deacon +Reviewed-by: Catalin Marinas +Link: https://lore.kernel.org/r/20210802104200.21390-1-mark.rutland@arm.com +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/ptrace.h | 12 +++++++++++- + arch/arm64/include/asm/syscall.h | 19 ++++++++++--------- + arch/arm64/kernel/ptrace.c | 2 +- + arch/arm64/kernel/signal.c | 3 ++- + arch/arm64/kernel/syscall.c | 7 ++----- + 5 files changed, 26 insertions(+), 17 deletions(-) + +--- a/arch/arm64/include/asm/ptrace.h ++++ b/arch/arm64/include/asm/ptrace.h +@@ -299,7 +299,17 @@ static inline unsigned long kernel_stack + + static inline unsigned long regs_return_value(struct pt_regs *regs) + { +- return regs->regs[0]; ++ unsigned long val = regs->regs[0]; ++ ++ /* ++ * Audit currently uses regs_return_value() instead of ++ * syscall_get_return_value(). Apply the same sign-extension here until ++ * audit is updated to use syscall_get_return_value(). ++ */ ++ if (compat_user_mode(regs)) ++ val = sign_extend64(val, 31); ++ ++ return val; + } + + /** +--- a/arch/arm64/include/asm/syscall.h ++++ b/arch/arm64/include/asm/syscall.h +@@ -29,22 +29,23 @@ static inline void syscall_rollback(stru + regs->regs[0] = regs->orig_x0; + } + +- +-static inline long syscall_get_error(struct task_struct *task, +- struct pt_regs *regs) ++static inline long syscall_get_return_value(struct task_struct *task, ++ struct pt_regs *regs) + { +- unsigned long error = regs->regs[0]; ++ unsigned long val = regs->regs[0]; + + if (is_compat_thread(task_thread_info(task))) +- error = sign_extend64(error, 31); ++ val = sign_extend64(val, 31); + +- return IS_ERR_VALUE(error) ? error : 0; ++ return val; + } + +-static inline long syscall_get_return_value(struct task_struct *task, +- struct pt_regs *regs) ++static inline long syscall_get_error(struct task_struct *task, ++ struct pt_regs *regs) + { +- return regs->regs[0]; ++ unsigned long error = syscall_get_return_value(task, regs); ++ ++ return IS_ERR_VALUE(error) ? error : 0; + } + + static inline void syscall_set_return_value(struct task_struct *task, +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1868,7 +1868,7 @@ void syscall_trace_exit(struct pt_regs * + audit_syscall_exit(regs); + + if (flags & _TIF_SYSCALL_TRACEPOINT) +- trace_sys_exit(regs, regs_return_value(regs)); ++ trace_sys_exit(regs, syscall_get_return_value(current, regs)); + + if (flags & (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP)) + tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT); +--- a/arch/arm64/kernel/signal.c ++++ b/arch/arm64/kernel/signal.c +@@ -29,6 +29,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -870,7 +871,7 @@ static void do_signal(struct pt_regs *re + retval == -ERESTART_RESTARTBLOCK || + (retval == -ERESTARTSYS && + !(ksig.ka.sa.sa_flags & SA_RESTART)))) { +- regs->regs[0] = -EINTR; ++ syscall_set_return_value(current, regs, -EINTR, 0); + regs->pc = continue_addr; + } + +--- a/arch/arm64/kernel/syscall.c ++++ b/arch/arm64/kernel/syscall.c +@@ -50,10 +50,7 @@ static void invoke_syscall(struct pt_reg + ret = do_ni_syscall(regs, scno); + } + +- if (is_compat_task()) +- ret = lower_32_bits(ret); +- +- regs->regs[0] = ret; ++ syscall_set_return_value(current, regs, 0, ret); + } + + static inline bool has_syscall_work(unsigned long flags) +@@ -108,7 +105,7 @@ static void el0_svc_common(struct pt_reg + if (has_syscall_work(flags)) { + /* set default errno for user-issued syscall(-1) */ + if (scno == NO_SYSCALL) +- regs->regs[0] = -ENOSYS; ++ syscall_set_return_value(current, regs, -ENOSYS, 0); + scno = syscall_trace_enter(regs); + if (scno == NO_SYSCALL) + goto trace_exit; diff --git a/patches.suse/arm64-fix-inline-asm-in-load_unaligned_zeropad.patch b/patches.suse/arm64-fix-inline-asm-in-load_unaligned_zeropad.patch new file mode 100644 index 0000000..daa6dfb --- /dev/null +++ b/patches.suse/arm64-fix-inline-asm-in-load_unaligned_zeropad.patch @@ -0,0 +1,55 @@ +From: Peter Collingbourne +Date: Thu, 1 Apr 2021 09:51:10 -0700 +Subject: arm64: fix inline asm in load_unaligned_zeropad() +Git-commit: 185f2e5f51c2029efd9dd26cceb968a44fe053c6 +Patch-mainline: v5.12-rc8 +References: git-fixes + +The inline asm's addr operand is marked as input-only, however in +the case where an exception is taken it may be modified by the BIC +instruction on the exception path. Fix the problem by using a temporary +register as the destination register for the BIC instruction. + +Signed-off-by: Peter Collingbourne +Cc: stable@vger.kernel.org +Link: https://linux-review.googlesource.com/id/I84538c8a2307d567b4f45bb20b715451005f9617 +Link: https://lore.kernel.org/r/20210401165110.3952103-1-pcc@google.com +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/word-at-a-time.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +--- a/arch/arm64/include/asm/word-at-a-time.h ++++ b/arch/arm64/include/asm/word-at-a-time.h +@@ -53,7 +53,7 @@ static inline unsigned long find_zero(un + */ + static inline unsigned long load_unaligned_zeropad(const void *addr) + { +- unsigned long ret, offset; ++ unsigned long ret, tmp; + + /* Load word from unaligned pointer addr */ + asm( +@@ -61,9 +61,9 @@ static inline unsigned long load_unalign + "2:\n" + " .pushsection .fixup,\"ax\"\n" + " .align 2\n" +- "3: and %1, %2, #0x7\n" +- " bic %2, %2, #0x7\n" +- " ldr %0, [%2]\n" ++ "3: bic %1, %2, #0x7\n" ++ " ldr %0, [%1]\n" ++ " and %1, %2, #0x7\n" + " lsl %1, %1, #0x3\n" + #ifndef __AARCH64EB__ + " lsr %0, %0, %1\n" +@@ -73,7 +73,7 @@ static inline unsigned long load_unalign + " b 2b\n" + " .popsection\n" + _ASM_EXTABLE(1b, 3b) +- : "=&r" (ret), "=&r" (offset) ++ : "=&r" (ret), "=&r" (tmp) + : "r" (addr), "Q" (*(unsigned long *)addr)); + + return ret; diff --git a/patches.suse/arm64-lib-Use-modern-annotations-for-assembly-functions.patch b/patches.suse/arm64-lib-Use-modern-annotations-for-assembly-functions.patch new file mode 100644 index 0000000..7d7a843 --- /dev/null +++ b/patches.suse/arm64-lib-Use-modern-annotations-for-assembly-functions.patch @@ -0,0 +1,428 @@ +From: Mark Brown +Date: Mon, 6 Jan 2020 19:58:17 +0000 +Subject: arm64: lib: Use modern annotations for assembly functions +Git-commit: 3ac0f4526dfb80625f5c2365bccd85be68db93ef +Patch-mainline: v5.6-rc1 +References: git-fixes + +In an effort to clarify and simplify the annotation of assembly functions +in the kernel new macros have been introduced. These replace ENTRY and +ENDPROC and also add a new annotation for static functions which previously +had no ENTRY equivalent. Update the annotations in the library code to the +new macros. + +Signed-off-by: Mark Brown +[will: Use SYM_FUNC_START_WEAK_PI] +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/lib/clear_page.S | 4 ++-- + arch/arm64/lib/clear_user.S | 4 ++-- + arch/arm64/lib/copy_from_user.S | 4 ++-- + arch/arm64/lib/copy_in_user.S | 4 ++-- + arch/arm64/lib/copy_page.S | 4 ++-- + arch/arm64/lib/copy_to_user.S | 4 ++-- + arch/arm64/lib/crc32.S | 8 ++++---- + arch/arm64/lib/memchr.S | 4 ++-- + arch/arm64/lib/memcmp.S | 4 ++-- + arch/arm64/lib/memcpy.S | 8 ++++---- + arch/arm64/lib/memmove.S | 8 ++++---- + arch/arm64/lib/memset.S | 8 ++++---- + arch/arm64/lib/strchr.S | 4 ++-- + arch/arm64/lib/strcmp.S | 4 ++-- + arch/arm64/lib/strlen.S | 4 ++-- + arch/arm64/lib/strncmp.S | 4 ++-- + arch/arm64/lib/strnlen.S | 4 ++-- + arch/arm64/lib/strrchr.S | 4 ++-- + arch/arm64/lib/tishift.S | 12 ++++++------ + 19 files changed, 50 insertions(+), 50 deletions(-) + +--- a/arch/arm64/lib/clear_page.S ++++ b/arch/arm64/lib/clear_page.S +@@ -14,7 +14,7 @@ + * Parameters: + * x0 - dest + */ +-ENTRY(clear_page) ++SYM_FUNC_START(clear_page) + mrs x1, dczid_el0 + and w1, w1, #0xf + mov x2, #4 +@@ -25,5 +25,5 @@ ENTRY(clear_page) + tst x0, #(PAGE_SIZE - 1) + b.ne 1b + ret +-ENDPROC(clear_page) ++SYM_FUNC_END(clear_page) + EXPORT_SYMBOL(clear_page) +--- a/arch/arm64/lib/clear_user.S ++++ b/arch/arm64/lib/clear_user.S +@@ -19,7 +19,7 @@ + * + * Alignment fixed up by hardware. + */ +-ENTRY(__arch_clear_user) ++SYM_FUNC_START(__arch_clear_user) + uaccess_enable_not_uao x2, x3, x4 + mov x2, x1 // save the size for fixup return + subs x1, x1, #8 +@@ -42,7 +42,7 @@ uao_user_alternative 9f, strb, sttrb, wz + 5: mov x0, #0 + uaccess_disable_not_uao x2, x3 + ret +-ENDPROC(__arch_clear_user) ++SYM_FUNC_END(__arch_clear_user) + EXPORT_SYMBOL(__arch_clear_user) + + .section .fixup,"ax" +--- a/arch/arm64/lib/copy_from_user.S ++++ b/arch/arm64/lib/copy_from_user.S +@@ -53,14 +53,14 @@ + .endm + + end .req x5 +-ENTRY(__arch_copy_from_user) ++SYM_FUNC_START(__arch_copy_from_user) + uaccess_enable_not_uao x3, x4, x5 + add end, x0, x2 + #include "copy_template.S" + uaccess_disable_not_uao x3, x4 + mov x0, #0 // Nothing to copy + ret +-ENDPROC(__arch_copy_from_user) ++SYM_FUNC_END(__arch_copy_from_user) + EXPORT_SYMBOL(__arch_copy_from_user) + + .section .fixup,"ax" +--- a/arch/arm64/lib/copy_in_user.S ++++ b/arch/arm64/lib/copy_in_user.S +@@ -55,14 +55,14 @@ + + end .req x5 + +-ENTRY(__arch_copy_in_user) ++SYM_FUNC_START(__arch_copy_in_user) + uaccess_enable_not_uao x3, x4, x5 + add end, x0, x2 + #include "copy_template.S" + uaccess_disable_not_uao x3, x4 + mov x0, #0 + ret +-ENDPROC(__arch_copy_in_user) ++SYM_FUNC_END(__arch_copy_in_user) + EXPORT_SYMBOL(__arch_copy_in_user) + + .section .fixup,"ax" +--- a/arch/arm64/lib/copy_page.S ++++ b/arch/arm64/lib/copy_page.S +@@ -17,7 +17,7 @@ + * x0 - dest + * x1 - src + */ +-ENTRY(copy_page) ++SYM_FUNC_START(copy_page) + alternative_if ARM64_HAS_NO_HW_PREFETCH + // Prefetch three cache lines ahead. + prfm pldl1strm, [x1, #128] +@@ -75,5 +75,5 @@ alternative_else_nop_endif + stnp x16, x17, [x0, #112] + + ret +-ENDPROC(copy_page) ++SYM_FUNC_END(copy_page) + EXPORT_SYMBOL(copy_page) +--- a/arch/arm64/lib/copy_to_user.S ++++ b/arch/arm64/lib/copy_to_user.S +@@ -52,14 +52,14 @@ + .endm + + end .req x5 +-ENTRY(__arch_copy_to_user) ++SYM_FUNC_START(__arch_copy_to_user) + uaccess_enable_not_uao x3, x4, x5 + add end, x0, x2 + #include "copy_template.S" + uaccess_disable_not_uao x3, x4 + mov x0, #0 + ret +-ENDPROC(__arch_copy_to_user) ++SYM_FUNC_END(__arch_copy_to_user) + EXPORT_SYMBOL(__arch_copy_to_user) + + .section .fixup,"ax" +--- a/arch/arm64/lib/crc32.S ++++ b/arch/arm64/lib/crc32.S +@@ -85,17 +85,17 @@ CPU_BE( rev16 w3, w3 ) + .endm + + .align 5 +-ENTRY(crc32_le) ++SYM_FUNC_START(crc32_le) + alternative_if_not ARM64_HAS_CRC32 + b crc32_le_base + alternative_else_nop_endif + __crc32 +-ENDPROC(crc32_le) ++SYM_FUNC_END(crc32_le) + + .align 5 +-ENTRY(__crc32c_le) ++SYM_FUNC_START(__crc32c_le) + alternative_if_not ARM64_HAS_CRC32 + b __crc32c_le_base + alternative_else_nop_endif + __crc32 c +-ENDPROC(__crc32c_le) ++SYM_FUNC_END(__crc32c_le) +--- a/arch/arm64/lib/memchr.S ++++ b/arch/arm64/lib/memchr.S +@@ -19,7 +19,7 @@ + * Returns: + * x0 - address of first occurrence of 'c' or 0 + */ +-WEAK(memchr) ++SYM_FUNC_START_WEAK_PI(memchr) + and w1, w1, #0xff + 1: subs x2, x2, #1 + b.mi 2f +@@ -30,5 +30,5 @@ WEAK(memchr) + ret + 2: mov x0, #0 + ret +-ENDPIPROC(memchr) ++SYM_FUNC_END_PI(memchr) + EXPORT_SYMBOL_NOKASAN(memchr) +--- a/arch/arm64/lib/memcmp.S ++++ b/arch/arm64/lib/memcmp.S +@@ -46,7 +46,7 @@ pos .req x11 + limit_wd .req x12 + mask .req x13 + +-WEAK(memcmp) ++SYM_FUNC_START_WEAK_PI(memcmp) + cbz limit, .Lret0 + eor tmp1, src1, src2 + tst tmp1, #7 +@@ -243,5 +243,5 @@ CPU_LE( rev data2, data2 ) + .Lret0: + mov result, #0 + ret +-ENDPIPROC(memcmp) ++SYM_FUNC_END_PI(memcmp) + EXPORT_SYMBOL_NOKASAN(memcmp) +--- a/arch/arm64/lib/memcpy.S ++++ b/arch/arm64/lib/memcpy.S +@@ -57,11 +57,11 @@ + .endm + + .weak memcpy +-ENTRY(__memcpy) +-ENTRY(memcpy) ++SYM_FUNC_START_ALIAS(__memcpy) ++SYM_FUNC_START_PI(memcpy) + #include "copy_template.S" + ret +-ENDPIPROC(memcpy) ++SYM_FUNC_END_PI(memcpy) + EXPORT_SYMBOL(memcpy) +-ENDPROC(__memcpy) ++SYM_FUNC_END_ALIAS(__memcpy) + EXPORT_SYMBOL(__memcpy) +--- a/arch/arm64/lib/memmove.S ++++ b/arch/arm64/lib/memmove.S +@@ -46,8 +46,8 @@ D_l .req x13 + D_h .req x14 + + .weak memmove +-ENTRY(__memmove) +-ENTRY(memmove) ++SYM_FUNC_START_ALIAS(__memmove) ++SYM_FUNC_START_PI(memmove) + cmp dstin, src + b.lo __memcpy + add tmp1, src, count +@@ -184,7 +184,7 @@ ENTRY(memmove) + tst count, #0x3f + b.ne .Ltail63 + ret +-ENDPIPROC(memmove) ++SYM_FUNC_END_PI(memmove) + EXPORT_SYMBOL(memmove) +-ENDPROC(__memmove) ++SYM_FUNC_END_ALIAS(__memmove) + EXPORT_SYMBOL(__memmove) +--- a/arch/arm64/lib/memset.S ++++ b/arch/arm64/lib/memset.S +@@ -43,8 +43,8 @@ tmp3w .req w9 + tmp3 .req x9 + + .weak memset +-ENTRY(__memset) +-ENTRY(memset) ++SYM_FUNC_START_ALIAS(__memset) ++SYM_FUNC_START_PI(memset) + mov dst, dstin /* Preserve return value. */ + and A_lw, val, #255 + orr A_lw, A_lw, A_lw, lsl #8 +@@ -203,7 +203,7 @@ ENTRY(memset) + ands count, count, zva_bits_x + b.ne .Ltail_maybe_long + ret +-ENDPIPROC(memset) ++SYM_FUNC_END_PI(memset) + EXPORT_SYMBOL(memset) +-ENDPROC(__memset) ++SYM_FUNC_END_ALIAS(__memset) + EXPORT_SYMBOL(__memset) +--- a/arch/arm64/lib/strchr.S ++++ b/arch/arm64/lib/strchr.S +@@ -18,7 +18,7 @@ + * Returns: + * x0 - address of first occurrence of 'c' or 0 + */ +-WEAK(strchr) ++SYM_FUNC_START_WEAK(strchr) + and w1, w1, #0xff + 1: ldrb w2, [x0], #1 + cmp w2, w1 +@@ -28,5 +28,5 @@ WEAK(strchr) + cmp w2, w1 + csel x0, x0, xzr, eq + ret +-ENDPROC(strchr) ++SYM_FUNC_END(strchr) + EXPORT_SYMBOL_NOKASAN(strchr) +--- a/arch/arm64/lib/strcmp.S ++++ b/arch/arm64/lib/strcmp.S +@@ -48,7 +48,7 @@ tmp3 .req x9 + zeroones .req x10 + pos .req x11 + +-WEAK(strcmp) ++SYM_FUNC_START_WEAK_PI(strcmp) + eor tmp1, src1, src2 + mov zeroones, #REP8_01 + tst tmp1, #7 +@@ -219,5 +219,5 @@ CPU_BE( orr syndrome, diff, has_nul ) + lsr data1, data1, #56 + sub result, data1, data2, lsr #56 + ret +-ENDPIPROC(strcmp) ++SYM_FUNC_END_PI(strcmp) + EXPORT_SYMBOL_NOKASAN(strcmp) +--- a/arch/arm64/lib/strlen.S ++++ b/arch/arm64/lib/strlen.S +@@ -44,7 +44,7 @@ pos .req x12 + #define REP8_7f 0x7f7f7f7f7f7f7f7f + #define REP8_80 0x8080808080808080 + +-WEAK(strlen) ++SYM_FUNC_START_WEAK_PI(strlen) + mov zeroones, #REP8_01 + bic src, srcin, #15 + ands tmp1, srcin, #15 +@@ -111,5 +111,5 @@ CPU_LE( lsr tmp2, tmp2, tmp1 ) /* Shift + csinv data1, data1, xzr, le + csel data2, data2, data2a, le + b .Lrealigned +-ENDPIPROC(strlen) ++SYM_FUNC_END_PI(strlen) + EXPORT_SYMBOL_NOKASAN(strlen) +--- a/arch/arm64/lib/strncmp.S ++++ b/arch/arm64/lib/strncmp.S +@@ -52,7 +52,7 @@ limit_wd .req x13 + mask .req x14 + endloop .req x15 + +-WEAK(strncmp) ++SYM_FUNC_START_WEAK_PI(strncmp) + cbz limit, .Lret0 + eor tmp1, src1, src2 + mov zeroones, #REP8_01 +@@ -295,5 +295,5 @@ CPU_BE( orr syndrome, diff, has_nul ) + .Lret0: + mov result, #0 + ret +-ENDPIPROC(strncmp) ++SYM_FUNC_END_PI(strncmp) + EXPORT_SYMBOL_NOKASAN(strncmp) +--- a/arch/arm64/lib/strnlen.S ++++ b/arch/arm64/lib/strnlen.S +@@ -47,7 +47,7 @@ limit_wd .req x14 + #define REP8_7f 0x7f7f7f7f7f7f7f7f + #define REP8_80 0x8080808080808080 + +-WEAK(strnlen) ++SYM_FUNC_START_WEAK_PI(strnlen) + cbz limit, .Lhit_limit + mov zeroones, #REP8_01 + bic src, srcin, #15 +@@ -156,5 +156,5 @@ CPU_LE( lsr tmp2, tmp2, tmp4 ) /* Shift + .Lhit_limit: + mov len, limit + ret +-ENDPIPROC(strnlen) ++SYM_FUNC_END_PI(strnlen) + EXPORT_SYMBOL_NOKASAN(strnlen) +--- a/arch/arm64/lib/strrchr.S ++++ b/arch/arm64/lib/strrchr.S +@@ -18,7 +18,7 @@ + * Returns: + * x0 - address of last occurrence of 'c' or 0 + */ +-WEAK(strrchr) ++SYM_FUNC_START_WEAK_PI(strrchr) + mov x3, #0 + and w1, w1, #0xff + 1: ldrb w2, [x0], #1 +@@ -29,5 +29,5 @@ WEAK(strrchr) + b 1b + 2: mov x0, x3 + ret +-ENDPIPROC(strrchr) ++SYM_FUNC_END_PI(strrchr) + EXPORT_SYMBOL_NOKASAN(strrchr) +--- a/arch/arm64/lib/tishift.S ++++ b/arch/arm64/lib/tishift.S +@@ -7,7 +7,7 @@ + + #include + +-ENTRY(__ashlti3) ++SYM_FUNC_START(__ashlti3) + cbz x2, 1f + mov x3, #64 + sub x3, x3, x2 +@@ -26,10 +26,10 @@ ENTRY(__ashlti3) + lsl x1, x0, x1 + mov x0, x2 + ret +-ENDPROC(__ashlti3) ++SYM_FUNC_END(__ashlti3) + EXPORT_SYMBOL(__ashlti3) + +-ENTRY(__ashrti3) ++SYM_FUNC_START(__ashrti3) + cbz x2, 1f + mov x3, #64 + sub x3, x3, x2 +@@ -48,10 +48,10 @@ ENTRY(__ashrti3) + asr x0, x1, x0 + mov x1, x2 + ret +-ENDPROC(__ashrti3) ++SYM_FUNC_END(__ashrti3) + EXPORT_SYMBOL(__ashrti3) + +-ENTRY(__lshrti3) ++SYM_FUNC_START(__lshrti3) + cbz x2, 1f + mov x3, #64 + sub x3, x3, x2 +@@ -70,5 +70,5 @@ ENTRY(__lshrti3) + lsr x0, x1, x0 + mov x1, x2 + ret +-ENDPROC(__lshrti3) ++SYM_FUNC_END(__lshrti3) + EXPORT_SYMBOL(__lshrti3) diff --git a/patches.suse/arm64-mm-Don-t-invalidate-FROM_DEVICE-buffers-at-start-of-DMA-transfer.patch b/patches.suse/arm64-mm-Don-t-invalidate-FROM_DEVICE-buffers-at-start-of-DMA-transfer.patch new file mode 100644 index 0000000..cd38937 --- /dev/null +++ b/patches.suse/arm64-mm-Don-t-invalidate-FROM_DEVICE-buffers-at-start-of-DMA-transfer.patch @@ -0,0 +1,55 @@ +From: Will Deacon +Date: Fri, 10 Jun 2022 16:12:27 +0100 +Subject: arm64: mm: Don't invalidate FROM_DEVICE buffers at start of DMA + transfer +Git-commit: c50f11c6196f45c92ca48b16a5071615d4ae0572 +Patch-mainline: v5.19-rc3 +References: git-fixes + +Invalidating the buffer memory in arch_sync_dma_for_device() for +FROM_DEVICE transfers + +When using the streaming DMA API to map a buffer prior to inbound +non-coherent DMA (i.e. DMA_FROM_DEVICE), we invalidate any dirty CPU +cachelines so that they will not be written back during the transfer and +corrupt the buffer contents written by the DMA. This, however, poses two +potential problems: + + (1) If the DMA transfer does not write to every byte in the buffer, + then the unwritten bytes will contain stale data once the transfer + has completed. + + (2) If the buffer has a virtual alias in userspace, then stale data + may be visible via this alias during the period between performing + the cache invalidation and the DMA writes landing in memory. + +Address both of these issues by cleaning (aka writing-back) the dirty +lines in arch_sync_dma_for_device(DMA_FROM_DEVICE) instead of discarding +them using invalidation. + +Cc: Ard Biesheuvel +Cc: Christoph Hellwig +Cc: Robin Murphy +Cc: Russell King +Cc: +Link: https://lore.kernel.org/r/20220606152150.GA31568@willie-the-truck +Signed-off-by: Will Deacon +Reviewed-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220610151228.4562-2-will@kernel.org +Signed-off-by: Catalin Marinas +Acked-by: Ivan T. Ivanov +--- + arch/arm64/mm/cache.S | 2 -- + 1 file changed, 2 deletions(-) + +--- a/arch/arm64/mm/cache.S ++++ b/arch/arm64/mm/cache.S +@@ -228,8 +228,6 @@ ENDPIPROC(__dma_flush_area) + * - dir - DMA direction + */ + ENTRY(__dma_map_area) +- cmp w2, #DMA_FROM_DEVICE +- b.eq __dma_inv_area + b __dma_clean_area + ENDPIPROC(__dma_map_area) + diff --git a/patches.suse/arm64-module-remove-NOLOAD-from-linker-script.patch b/patches.suse/arm64-module-remove-NOLOAD-from-linker-script.patch new file mode 100644 index 0000000..a127d87 --- /dev/null +++ b/patches.suse/arm64-module-remove-NOLOAD-from-linker-script.patch @@ -0,0 +1,44 @@ +From: Fangrui Song +Date: Fri, 18 Feb 2022 00:12:09 -0800 +Subject: arm64: module: remove (NOLOAD) from linker script +Git-commit: 4013e26670c590944abdab56c4fa797527b74325 +Patch-mainline: v5.18-rc1 +References: git-fixes + +On ELF, (NOLOAD) sets the section type to SHT_NOBITS[1]. It is conceptually +inappropriate for .plt and .text.* sections which are always +SHT_PROGBITS. + +In GNU ld, if PLT entries are needed, .plt will be SHT_PROGBITS anyway +and (NOLOAD) will be essentially ignored. In ld.lld, since +https://reviews.llvm.org/D118840 ("[ELF] Support (TYPE=) to +customize the output section type"), ld.lld will report a `section type +mismatch` error. Just remove (NOLOAD) to fix the error. + +[1] https://lld.llvm.org/ELF/linker_script.html As of today, "The +section should be marked as not loadable" on +https://sourceware.org/binutils/docs/ld/Output-Section-Type.html is +outdated for ELF. + +Tested-by: Nathan Chancellor +Reported-by: Nathan Chancellor +Signed-off-by: Fangrui Song +Acked-by: Ard Biesheuvel +Link: https://lore.kernel.org/r/20220218081209.354383-1-maskray@google.com +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/module.lds | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/arm64/kernel/module.lds ++++ b/arch/arm64/kernel/module.lds +@@ -1,5 +1,5 @@ + SECTIONS { +- .plt 0 (NOLOAD) : { BYTE(0) } +- .init.plt 0 (NOLOAD) : { BYTE(0) } +- .text.ftrace_trampoline 0 (NOLOAD) : { BYTE(0) } ++ .plt 0 : { BYTE(0) } ++ .init.plt 0 : { BYTE(0) } ++ .text.ftrace_trampoline 0 : { BYTE(0) } + } diff --git a/patches.suse/arm64-module-rework-special-section-handling.patch b/patches.suse/arm64-module-rework-special-section-handling.patch new file mode 100644 index 0000000..fb99c38 --- /dev/null +++ b/patches.suse/arm64-module-rework-special-section-handling.patch @@ -0,0 +1,89 @@ +From: Mark Rutland +Date: Thu, 17 Oct 2019 14:03:26 +0100 +Subject: arm64: module: rework special section handling +Git-commit: bd8b21d3dd661658addc1cd4cc869bab11d28596 +Patch-mainline: v5.5-rc1 +References: git-fixes + +When we load a module, we have to perform some special work for a couple +of named sections. To do this, we iterate over all of the module's +sections, and perform work for each section we recognize. + +To make it easier to handle the unexpected absence of a section, and to +make the section-specific logic easer to read, let's factor the section +search into a helper. Similar is already done in the core module loader, +and other architectures (and ideally we'd unify these in future). + +If we expect a module to have an ftrace trampoline section, but it +doesn't have one, we'll now reject loading the module. When +ARM64_MODULE_PLTS is selected, any correctly built module should have +one (and this is assumed by arm64's ftrace PLT code) and the absence of +such a section implies something has gone wrong at build time. + +Subsequent patches will make use of the new helper. + +Signed-off-by: Mark Rutland +Reviewed-by: Ard Biesheuvel +Reviewed-by: Torsten Duwe +Tested-by: Amit Daniel Kachhap +Tested-by: Torsten Duwe +Cc: Catalin Marinas +Cc: James Morse +Cc: Will Deacon + +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/module.c | 35 ++++++++++++++++++++++++++--------- + 1 file changed, 26 insertions(+), 9 deletions(-) + +--- a/arch/arm64/kernel/module.c ++++ b/arch/arm64/kernel/module.c +@@ -470,22 +470,39 @@ overflow: + return -ENOEXEC; + } + +-int module_finalize(const Elf_Ehdr *hdr, +- const Elf_Shdr *sechdrs, +- struct module *me) ++static const Elf_Shdr *find_section(const Elf_Ehdr *hdr, ++ const Elf_Shdr *sechdrs, ++ const char *name) + { + const Elf_Shdr *s, *se; + const char *secstrs = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset; + + for (s = sechdrs, se = sechdrs + hdr->e_shnum; s < se; s++) { +- if (strcmp(".altinstructions", secstrs + s->sh_name) == 0) +- apply_alternatives_module((void *)s->sh_addr, s->sh_size); ++ if (strcmp(name, secstrs + s->sh_name) == 0) ++ return s; ++ } ++ ++ return NULL; ++} ++ ++int module_finalize(const Elf_Ehdr *hdr, ++ const Elf_Shdr *sechdrs, ++ struct module *me) ++{ ++ const Elf_Shdr *s; ++ ++ s = find_section(hdr, sechdrs, ".altinstructions"); ++ if (s) ++ apply_alternatives_module((void *)s->sh_addr, s->sh_size); ++ + #ifdef CONFIG_ARM64_MODULE_PLTS +- if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE) && +- !strcmp(".text.ftrace_trampoline", secstrs + s->sh_name)) +- me->arch.ftrace_trampoline = (void *)s->sh_addr; +-#endif ++ if (IS_ENABLED(CONFIG_DYNAMIC_FTRACE)) { ++ s = find_section(hdr, sechdrs, ".text.ftrace_trampoline"); ++ if (!s) ++ return -ENOEXEC; ++ me->arch.ftrace_trampoline = (void *)s->sh_addr; + } ++#endif + + return 0; + } diff --git a/patches.suse/arm64-module-set-plt-section-addresses-to-0x0.patch b/patches.suse/arm64-module-set-plt-section-addresses-to-0x0.patch new file mode 100644 index 0000000..776ddec --- /dev/null +++ b/patches.suse/arm64-module-set-plt-section-addresses-to-0x0.patch @@ -0,0 +1,35 @@ +From: Shaoying Xu +Date: Tue, 16 Feb 2021 18:32:34 +0000 +Subject: arm64 module: set plt* section addresses to 0x0 +Git-commit: f5c6d0fcf90ce07ee0d686d465b19b247ebd5ed7 +Patch-mainline: v5.12-rc1 +References: git-fixes + +These plt* and .text.ftrace_trampoline sections specified for arm64 have +non-zero addressses. Non-zero section addresses in a relocatable ELF would +confuse GDB when it tries to compute the section offsets and it ends up +printing wrong symbol addresses. Therefore, set them to zero, which mirrors +the change in commit 5d8591bc0fba ("module: set ksymtab/kcrctab* section +addresses to 0x0"). + +Reported-by: Frank van der Linden +Signed-off-by: Shaoying Xu +Cc: +Link: https://lore.kernel.org/r/20210216183234.GA23876@amazon.com +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/module.lds | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/arm64/kernel/module.lds ++++ b/arch/arm64/kernel/module.lds +@@ -1,5 +1,5 @@ + SECTIONS { +- .plt (NOLOAD) : { BYTE(0) } +- .init.plt (NOLOAD) : { BYTE(0) } +- .text.ftrace_trampoline (NOLOAD) : { BYTE(0) } ++ .plt 0 (NOLOAD) : { BYTE(0) } ++ .init.plt 0 (NOLOAD) : { BYTE(0) } ++ .text.ftrace_trampoline 0 (NOLOAD) : { BYTE(0) } + } diff --git a/patches.suse/arm64-perf-Report-the-PC-value-in-REGS_ABI_32-mode.patch b/patches.suse/arm64-perf-Report-the-PC-value-in-REGS_ABI_32-mode.patch new file mode 100644 index 0000000..e0a8442 --- /dev/null +++ b/patches.suse/arm64-perf-Report-the-PC-value-in-REGS_ABI_32-mode.patch @@ -0,0 +1,64 @@ +From: Jiping Ma +Date: Mon, 11 May 2020 10:52:07 +0800 +Subject: arm64: perf: Report the PC value in REGS_ABI_32 mode +Git-commit: 8dfe804a4031ca6ba3a3efb2048534249b64f3a5 +Patch-mainline: v5.8-rc3 +References: git-fixes + +A 32-bit perf querying the registers of a compat task using REGS_ABI_32 +will receive zeroes from w15, when it expects to find the PC. + +Return the PC value for register dwarf register 15 when returning register +values for a compat task to perf. + +Cc: +Acked-by: Mark Rutland +Signed-off-by: Jiping Ma +Link: https://lore.kernel.org/r/1589165527-188401-1-git-send-email-jiping.ma2@windriver.com +[will: Shuffled code and added a comment] +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/perf_regs.c | 25 ++++++++++++++++++++++--- + 1 file changed, 22 insertions(+), 3 deletions(-) + +--- a/arch/arm64/kernel/perf_regs.c ++++ b/arch/arm64/kernel/perf_regs.c +@@ -15,15 +15,34 @@ u64 perf_reg_value(struct pt_regs *regs, + return 0; + + /* +- * Compat (i.e. 32 bit) mode: +- * - PC has been set in the pt_regs struct in kernel_entry, +- * - Handle SP and LR here. ++ * Our handling of compat tasks (PERF_SAMPLE_REGS_ABI_32) is weird, but ++ * we're stuck with it for ABI compatability reasons. ++ * ++ * For a 32-bit consumer inspecting a 32-bit task, then it will look at ++ * the first 16 registers (see arch/arm/include/uapi/asm/perf_regs.h). ++ * These correspond directly to a prefix of the registers saved in our ++ * 'struct pt_regs', with the exception of the PC, so we copy that down ++ * (x15 corresponds to SP_hyp in the architecture). ++ * ++ * So far, so good. ++ * ++ * The oddity arises when a 64-bit consumer looks at a 32-bit task and ++ * asks for registers beyond PERF_REG_ARM_MAX. In this case, we return ++ * SP_usr, LR_usr and PC in the positions where the AArch64 SP, LR and ++ * PC registers would normally live. The initial idea was to allow a ++ * 64-bit unwinder to unwind a 32-bit task and, although it's not clear ++ * how well that works in practice, somebody might be relying on it. ++ * ++ * At the time we make a sample, we don't know whether the consumer is ++ * 32-bit or 64-bit, so we have to cater for both possibilities. + */ + if (compat_user_mode(regs)) { + if ((u32)idx == PERF_REG_ARM64_SP) + return regs->compat_sp; + if ((u32)idx == PERF_REG_ARM64_LR) + return regs->compat_lr; ++ if (idx == 15) ++ return regs->pc; + } + + if ((u32)idx == PERF_REG_ARM64_SP) diff --git a/patches.suse/arm64-ptrace-Consistently-use-pseudo-singlestep-exceptions.patch b/patches.suse/arm64-ptrace-Consistently-use-pseudo-singlestep-exceptions.patch new file mode 100644 index 0000000..20f3262 --- /dev/null +++ b/patches.suse/arm64-ptrace-Consistently-use-pseudo-singlestep-exceptions.patch @@ -0,0 +1,136 @@ +From: Will Deacon +Date: Thu, 2 Jul 2020 21:16:20 +0100 +Subject: arm64: ptrace: Consistently use pseudo-singlestep exceptions +Git-commit: ac2081cdc4d99c57f219c1a6171526e0fa0a6fff +Patch-mainline: v5.8-rc6 +References: git-fixes + +Although the arm64 single-step state machine can be fast-forwarded in +cases where we wish to generate a SIGTRAP without actually executing an +instruction, this has two major limitations outside of simply skipping +an instruction due to emulation. + +1. Stepping out of a ptrace signal stop into a signal handler where + SIGTRAP is blocked. Fast-forwarding the stepping state machine in + this case will result in a forced SIGTRAP, with the handler reset to + SIG_DFL. + +2. The hardware implicitly fast-forwards the state machine when executing + an SVC instruction for issuing a system call. This can interact badly + with subsequent ptrace stops signalled during the execution of the + system call (e.g. SYSCALL_EXIT or seccomp traps), as they may corrupt + the stepping state by updating the PSTATE for the tracee. + +Resolve both of these issues by injecting a pseudo-singlestep exception +on entry to a signal handler and also on return to userspace following a +system call. + +Cc: +Cc: Mark Rutland +Tested-by: Luis Machado +Reported-by: Keno Fischer +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/thread_info.h | 1 + + arch/arm64/kernel/ptrace.c | 27 ++++++++++++++++++++------- + arch/arm64/kernel/signal.c | 11 ++--------- + arch/arm64/kernel/syscall.c | 2 +- + 4 files changed, 24 insertions(+), 17 deletions(-) + +--- a/arch/arm64/include/asm/thread_info.h ++++ b/arch/arm64/include/asm/thread_info.h +@@ -103,6 +103,7 @@ void arch_release_task_struct(struct tas + #define _TIF_SYSCALL_EMU (1 << TIF_SYSCALL_EMU) + #define _TIF_UPROBE (1 << TIF_UPROBE) + #define _TIF_FSCHECK (1 << TIF_FSCHECK) ++#define _TIF_SINGLESTEP (1 << TIF_SINGLESTEP) + #define _TIF_32BIT (1 << TIF_32BIT) + #define _TIF_SVE (1 << TIF_SVE) + +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1819,12 +1819,23 @@ static void tracehook_report_syscall(str + saved_reg = regs->regs[regno]; + regs->regs[regno] = dir; + +- if (dir == PTRACE_SYSCALL_EXIT) ++ if (dir == PTRACE_SYSCALL_ENTER) { ++ if (tracehook_report_syscall_entry(regs)) ++ forget_syscall(regs); ++ regs->regs[regno] = saved_reg; ++ } else if (!test_thread_flag(TIF_SINGLESTEP)) { + tracehook_report_syscall_exit(regs, 0); +- else if (tracehook_report_syscall_entry(regs)) +- forget_syscall(regs); +- +- regs->regs[regno] = saved_reg; ++ regs->regs[regno] = saved_reg; ++ } else { ++ regs->regs[regno] = saved_reg; ++ ++ /* ++ * Signal a pseudo-step exception since we are stepping but ++ * tracer modifications to the registers may have rewound the ++ * state machine. ++ */ ++ tracehook_report_syscall_exit(regs, 1); ++ } + } + + int syscall_trace_enter(struct pt_regs *regs) +@@ -1852,12 +1863,14 @@ int syscall_trace_enter(struct pt_regs * + + void syscall_trace_exit(struct pt_regs *regs) + { ++ unsigned long flags = READ_ONCE(current_thread_info()->flags); ++ + audit_syscall_exit(regs); + +- if (test_thread_flag(TIF_SYSCALL_TRACEPOINT)) ++ if (flags & _TIF_SYSCALL_TRACEPOINT) + trace_sys_exit(regs, regs_return_value(regs)); + +- if (test_thread_flag(TIF_SYSCALL_TRACE)) ++ if (flags & (_TIF_SYSCALL_TRACE | _TIF_SINGLESTEP)) + tracehook_report_syscall(regs, PTRACE_SYSCALL_EXIT); + + rseq_syscall(regs); +--- a/arch/arm64/kernel/signal.c ++++ b/arch/arm64/kernel/signal.c +@@ -784,7 +784,6 @@ static void setup_restart_syscall(struct + */ + static void handle_signal(struct ksignal *ksig, struct pt_regs *regs) + { +- struct task_struct *tsk = current; + sigset_t *oldset = sigmask_to_save(); + int usig = ksig->sig; + int ret; +@@ -808,14 +807,8 @@ static void handle_signal(struct ksignal + */ + ret |= !valid_user_regs(®s->user_regs, current); + +- /* +- * Fast forward the stepping logic so we step into the signal +- * handler. +- */ +- if (!ret) +- user_fastforward_single_step(tsk); +- +- signal_setup_done(ret, ksig, 0); ++ /* Step into the signal handler if we are stepping */ ++ signal_setup_done(ret, ksig, test_thread_flag(TIF_SINGLESTEP)); + } + + /* +--- a/arch/arm64/kernel/syscall.c ++++ b/arch/arm64/kernel/syscall.c +@@ -121,7 +121,7 @@ static void el0_svc_common(struct pt_reg + if (!has_syscall_work(flags) && !IS_ENABLED(CONFIG_DEBUG_RSEQ)) { + local_daif_mask(); + flags = current_thread_info()->flags; +- if (!has_syscall_work(flags)) { ++ if (!has_syscall_work(flags) && !(flags & _TIF_SINGLESTEP)) { + /* + * We're off to userspace, where interrupts are + * always enabled after we restore the flags from diff --git a/patches.suse/arm64-ptrace-Override-SPSR.SS-when-single-stepping-is-enabled.patch b/patches.suse/arm64-ptrace-Override-SPSR.SS-when-single-stepping-is-enabled.patch new file mode 100644 index 0000000..6b15489 --- /dev/null +++ b/patches.suse/arm64-ptrace-Override-SPSR.SS-when-single-stepping-is-enabled.patch @@ -0,0 +1,107 @@ +From: Will Deacon +Date: Thu, 13 Feb 2020 12:06:26 +0000 +Subject: arm64: ptrace: Override SPSR.SS when single-stepping is enabled +Git-commit: 3a5a4366cecc25daa300b9a9174f7fdd352b9068 +Patch-mainline: v5.8-rc6 +References: git-fixes + +Luis reports that, when reverse debugging with GDB, single-step does not +function as expected on arm64: + + | I've noticed, under very specific conditions, that a PTRACE_SINGLESTEP + | request by GDB won't execute the underlying instruction. As a consequence, + | the PC doesn't move, but we return a SIGTRAP just like we would for a + | regular successful PTRACE_SINGLESTEP request. + +The underlying problem is that when the CPU register state is restored +as part of a reverse step, the SPSR.SS bit is cleared and so the hardware +single-step state can transition to the "active-pending" state, causing +an unexpected step exception to be taken immediately if a step operation +is attempted. + +In hindsight, we probably shouldn't have exposed SPSR.SS in the pstate +accessible by the GPR regset, but it's a bit late for that now. Instead, +simply prevent userspace from configuring the bit to a value which is +inconsistent with the TIF_SINGLESTEP state for the task being traced. + +Cc: +Cc: Mark Rutland +Cc: Keno Fischer +Link: https://lore.kernel.org/r/1eed6d69-d53d-9657-1fc9-c089be07f98c@linaro.org +Reported-by: Luis Machado +Tested-by: Luis Machado +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/debug-monitors.h | 2 ++ + arch/arm64/kernel/debug-monitors.c | 20 ++++++++++++++++---- + arch/arm64/kernel/ptrace.c | 4 ++-- + 3 files changed, 20 insertions(+), 6 deletions(-) + +--- a/arch/arm64/include/asm/debug-monitors.h ++++ b/arch/arm64/include/asm/debug-monitors.h +@@ -111,6 +111,8 @@ void disable_debug_monitors(enum dbg_act + + void user_rewind_single_step(struct task_struct *task); + void user_fastforward_single_step(struct task_struct *task); ++void user_regs_reset_single_step(struct user_pt_regs *regs, ++ struct task_struct *task); + + void kernel_enable_single_step(struct pt_regs *regs); + void kernel_disable_single_step(void); +--- a/arch/arm64/kernel/debug-monitors.c ++++ b/arch/arm64/kernel/debug-monitors.c +@@ -141,17 +141,20 @@ postcore_initcall(debug_monitors_init); + /* + * Single step API and exception handling. + */ +-static void set_regs_spsr_ss(struct pt_regs *regs) ++static void set_user_regs_spsr_ss(struct user_pt_regs *regs) + { + regs->pstate |= DBG_SPSR_SS; + } +-NOKPROBE_SYMBOL(set_regs_spsr_ss); ++NOKPROBE_SYMBOL(set_user_regs_spsr_ss); + +-static void clear_regs_spsr_ss(struct pt_regs *regs) ++static void clear_user_regs_spsr_ss(struct user_pt_regs *regs) + { + regs->pstate &= ~DBG_SPSR_SS; + } +-NOKPROBE_SYMBOL(clear_regs_spsr_ss); ++NOKPROBE_SYMBOL(clear_user_regs_spsr_ss); ++ ++#define set_regs_spsr_ss(r) set_user_regs_spsr_ss(&(r)->user_regs) ++#define clear_regs_spsr_ss(r) clear_user_regs_spsr_ss(&(r)->user_regs) + + static DEFINE_SPINLOCK(debug_hook_lock); + static LIST_HEAD(user_step_hook); +@@ -404,6 +407,15 @@ void user_fastforward_single_step(struct + clear_regs_spsr_ss(task_pt_regs(task)); + } + ++void user_regs_reset_single_step(struct user_pt_regs *regs, ++ struct task_struct *task) ++{ ++ if (test_tsk_thread_flag(task, TIF_SINGLESTEP)) ++ set_user_regs_spsr_ss(regs); ++ else ++ clear_user_regs_spsr_ss(regs); ++} ++ + /* Kernel API */ + void kernel_enable_single_step(struct pt_regs *regs) + { +--- a/arch/arm64/kernel/ptrace.c ++++ b/arch/arm64/kernel/ptrace.c +@@ -1948,8 +1948,8 @@ static int valid_native_regs(struct user + */ + int valid_user_regs(struct user_pt_regs *regs, struct task_struct *task) + { +- if (!test_tsk_thread_flag(task, TIF_SINGLESTEP)) +- regs->pstate &= ~DBG_SPSR_SS; ++ /* https://lore.kernel.org/lkml/20191118131525.GA4180@willie-the-truck */ ++ user_regs_reset_single_step(regs, task); + + if (is_compat_thread(task_thread_info(task))) + return valid_compat_regs(regs); diff --git a/patches.suse/arm64-stackleak-fix-current_top_of_stack.patch b/patches.suse/arm64-stackleak-fix-current_top_of_stack.patch new file mode 100644 index 0000000..841f5f4 --- /dev/null +++ b/patches.suse/arm64-stackleak-fix-current_top_of_stack.patch @@ -0,0 +1,100 @@ +From: Mark Rutland +Date: Wed, 27 Apr 2022 18:31:16 +0100 +Subject: arm64: stackleak: fix current_top_of_stack() +Git-commit: e85094c31ddb794ac41c299a5a7a68243148f829 +Patch-mainline: v5.19-rc1 +References: git-fixes + +Due to some historical confusion, arm64's current_top_of_stack() isn't +what the stackleak code expects. This could in theory result in a number +of problems, and practically results in an unnecessary performance hit. +We can avoid this by aligning the arm64 implementation with the x86 +implementation. + +The arm64 implementation of current_top_of_stack() was added +specifically for stackleak in commit: + + 0b3e336601b82c6a ("arm64: Add support for STACKLEAK gcc plugin") + +This was intended to be equivalent to the x86 implementation, but the +implementation, semantics, and performance characteristics differ +wildly: + +* On x86, current_top_of_stack() returns the top of the current task's + task stack, regardless of which stack is in active use. + + The implementation accesses a percpu variable which the x86 entry code + maintains, and returns the location immediately above the pt_regs on + the task stack (above which x86 has some padding). + +* On arm64 current_top_of_stack() returns the top of the stack in active + use (i.e. the one which is currently being used). + + The implementation checks the SP against a number of + potentially-accessible stacks, and will BUG() if no stack is found. + +The core stackleak_erase() code determines the upper bound of stack to +erase with: + +| if (on_thread_stack()) +| boundary = current_stack_pointer; +| else +| boundary = current_top_of_stack(); + +On arm64 stackleak_erase() is always called on a task stack, and +on_thread_stack() should always be true. On x86, stackleak_erase() is +mostly called on a trampoline stack, and is sometimes called on a task +stack. + +Currently, this results in a lot of unnecessary code being generated for +arm64 for the impossible !on_thread_stack() case. Some of this is +inlined, bloating stackleak_erase(), while portions of this are left +out-of-line and permitted to be instrumented (which would be a +functional problem if that code were reachable). + +As a first step towards improving this, this patch aligns arm64's +implementation of current_top_of_stack() with x86's, always returning +the top of the current task's stack. With GCC 11.1.0 this results in the +bulk of the unnecessary code being removed, including all of the +out-of-line instrumentable code. + +While I don't believe there's a functional problem in practice I've +marked this as a fix since the semantic was clearly wrong, the fix +itself is simple, and other code might rely upon this in future. + +Fixes: 0b3e336601b82c6a ("arm64: Add support for STACKLEAK gcc plugin") +Signed-off-by: Mark Rutland +Cc: Alexander Popov +Cc: Andrew Morton +Cc: Andy Lutomirski +Cc: Catalin Marinas +Cc: Kees Cook +Cc: Will Deacon +Acked-by: Catalin Marinas +Signed-off-by: Kees Cook +Link: https://lore.kernel.org/r/20220427173128.2603085-2-mark.rutland@arm.com + +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/processor.h | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +--- a/arch/arm64/include/asm/processor.h ++++ b/arch/arm64/include/asm/processor.h +@@ -313,12 +313,10 @@ extern void __init minsigstksz_setup(voi + * of header definitions for the use of task_stack_page. + */ + +-#define current_top_of_stack() \ +-({ \ +- struct stack_info _info; \ +- BUG_ON(!on_accessible_stack(current, current_stack_pointer, &_info)); \ +- _info.high; \ +-}) ++/* ++ * The top of the current task's task stack ++ */ ++#define current_top_of_stack() ((unsigned long)current->stack + THREAD_SIZE) + #define on_thread_stack() (on_task_stack(current, current_stack_pointer, NULL)) + + #endif /* __ASSEMBLY__ */ diff --git a/patches.suse/arm64-uprobe-Return-EOPNOTSUPP-for-AARCH32-instruction-probing.patch b/patches.suse/arm64-uprobe-Return-EOPNOTSUPP-for-AARCH32-instruction-probing.patch new file mode 100644 index 0000000..94af755 --- /dev/null +++ b/patches.suse/arm64-uprobe-Return-EOPNOTSUPP-for-AARCH32-instruction-probing.patch @@ -0,0 +1,36 @@ +From: He Zhe +Date: Tue, 23 Feb 2021 16:25:34 +0800 +Subject: arm64: uprobe: Return EOPNOTSUPP for AARCH32 instruction probing +Git-commit: d47422d953e258ad587b5edf2274eb95d08bdc7d +Patch-mainline: v5.12-rc1 +References: git-fixes + +As stated in linux/errno.h, ENOTSUPP should never be seen by user programs. +When we set up uprobe with 32-bit perf and arm64 kernel, we would see the +following vague error without useful hint. + +The sys_perf_event_open() syscall returned with 524 (INTERNAL ERROR: +strerror_r(524, [buf], 128)=22) + +Use EOPNOTSUPP instead to indicate such cases. + +Signed-off-by: He Zhe +Link: https://lore.kernel.org/r/20210223082535.48730-1-zhe.he@windriver.com +Cc: +Signed-off-by: Will Deacon +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/probes/uprobes.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm64/kernel/probes/uprobes.c ++++ b/arch/arm64/kernel/probes/uprobes.c +@@ -38,7 +38,7 @@ int arch_uprobe_analyze_insn(struct arch + + /* TODO: Currently we do not support AARCH32 instruction probing */ + if (mm->context.flags & MMCF_AARCH32) +- return -ENOTSUPP; ++ return -EOPNOTSUPP; + else if (!IS_ALIGNED(addr, AARCH64_INSN_SIZE)) + return -EINVAL; + diff --git a/patches.suse/arm64-vdso-Avoid-ISB-after-reading-from-cntvct_el0.patch b/patches.suse/arm64-vdso-Avoid-ISB-after-reading-from-cntvct_el0.patch new file mode 100644 index 0000000..f33a999 --- /dev/null +++ b/patches.suse/arm64-vdso-Avoid-ISB-after-reading-from-cntvct_el0.patch @@ -0,0 +1,102 @@ +From: Will Deacon +Date: Thu, 18 Mar 2021 17:07:37 +0000 +Subject: arm64: vdso: Avoid ISB after reading from cntvct_el0 +Git-commit: 77ec462536a13d4b428a1eead725c4818a49f0b1 +Patch-mainline: v5.13-rc1 +References: git-fixes + +We can avoid the expensive ISB instruction after reading the counter in +the vDSO gettime functions by creating a fake address hazard against a +dummy stack read, just like we do inside the kernel. + +Signed-off-by: Will Deacon +Reviewed-by: Vincenzo Frascino +Link: https://lore.kernel.org/r/20210318170738.7756-5-will@kernel.org +Signed-off-by: Catalin Marinas +Acked-by: Ivan T. Ivanov +--- + arch/arm64/include/asm/arch_timer.h | 21 --------------------- + arch/arm64/include/asm/barrier.h | 19 +++++++++++++++++++ + arch/arm64/include/asm/vdso/gettimeofday.h | 6 +----- + 3 files changed, 20 insertions(+), 26 deletions(-) + +--- a/arch/arm64/include/asm/arch_timer.h ++++ b/arch/arm64/include/asm/arch_timer.h +@@ -164,25 +164,6 @@ static inline void arch_timer_set_cntkct + isb(); + } + +-/* +- * Ensure that reads of the counter are treated the same as memory reads +- * for the purposes of ordering by subsequent memory barriers. +- * +- * This insanity brought to you by speculative system register reads, +- * out-of-order memory accesses, sequence locks and Thomas Gleixner. +- * +- * http://lists.infradead.org/pipermail/linux-arm-kernel/2019-February/631195.html +- */ +-#define arch_counter_enforce_ordering(val) do { \ +- u64 tmp, _val = (val); \ +- \ +- asm volatile( \ +- " eor %0, %1, %1\n" \ +- " add %0, sp, %0\n" \ +- " ldr xzr, [%0]" \ +- : "=r" (tmp) : "r" (_val)); \ +-} while (0) +- + static __always_inline u64 __arch_counter_get_cntpct_stable(void) + { + u64 cnt; +@@ -223,8 +204,6 @@ static __always_inline u64 __arch_counte + return cnt; + } + +-#undef arch_counter_enforce_ordering +- + static inline int arch_timer_arch_init(void) + { + return 0; +--- a/arch/arm64/include/asm/barrier.h ++++ b/arch/arm64/include/asm/barrier.h +@@ -69,6 +69,25 @@ static inline unsigned long array_index_ + return mask; + } + ++/* ++ * Ensure that reads of the counter are treated the same as memory reads ++ * for the purposes of ordering by subsequent memory barriers. ++ * ++ * This insanity brought to you by speculative system register reads, ++ * out-of-order memory accesses, sequence locks and Thomas Gleixner. ++ * ++ * http://lists.infradead.org/pipermail/linux-arm-kernel/2019-February/631195.html ++ */ ++#define arch_counter_enforce_ordering(val) do { \ ++ u64 tmp, _val = (val); \ ++ \ ++ asm volatile( \ ++ " eor %0, %1, %1\n" \ ++ " add %0, sp, %0\n" \ ++ " ldr xzr, [%0]" \ ++ : "=r" (tmp) : "r" (_val)); \ ++} while (0) ++ + #define __smp_mb() dmb(ish) + #define __smp_rmb() dmb(ishld) + #define __smp_wmb() dmb(ishst) +--- a/arch/arm64/include/asm/vdso/gettimeofday.h ++++ b/arch/arm64/include/asm/vdso/gettimeofday.h +@@ -83,11 +83,7 @@ static __always_inline u64 __arch_get_hw + */ + isb(); + asm volatile("mrs %0, cntvct_el0" : "=r" (res) :: "memory"); +- /* +- * This isb() is required to prevent that the seq lock is +- * speculated.# +- */ +- isb(); ++ arch_counter_enforce_ordering(res); + + return res; + } diff --git a/patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch b/patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch new file mode 100644 index 0000000..2d8ec3a --- /dev/null +++ b/patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch @@ -0,0 +1,45 @@ +From 9747a78d5f758a5284751a10aee13c30d02bd5f1 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Tue, 8 Mar 2022 07:02:38 +0000 +Subject: [PATCH] ath10k: Fix error handling in ath10k_setup_msa_resources +Git-commit: 9747a78d5f758a5284751a10aee13c30d02bd5f1 +Patch-mainline: v5.18-rc1 +References: git-fixes + +The device_node pointer is returned by of_parse_phandle() with refcount +incremented. We should use of_node_put() on it when done. + +This function only calls of_node_put() in the regular path. +And it will cause refcount leak in error path. + +Fixes: 727fec790ead ("ath10k: Setup the msa resources before qmi init") +Signed-off-by: Miaoqian Lin +Reviewed-by: Jeff Johnson +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220308070238.19295-1-linmq006@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/ath/ath10k/snoc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c +index 681e1abe7440..8328966a0471 100644 +--- a/drivers/net/wireless/ath/ath10k/snoc.c ++++ b/drivers/net/wireless/ath/ath10k/snoc.c +@@ -1551,11 +1551,11 @@ static int ath10k_setup_msa_resources(struct ath10k *ar, u32 msa_size) + node = of_parse_phandle(dev->of_node, "memory-region", 0); + if (node) { + ret = of_address_to_resource(node, 0, &r); ++ of_node_put(node); + if (ret) { + dev_err(dev, "failed to resolve msa fixed region\n"); + return ret; + } +- of_node_put(node); + + ar->msa.paddr = r.start; + ar->msa.mem_size = resource_size(&r); +-- +2.35.3 + diff --git a/patches.suse/ath10k-do-not-enforce-interrupt-trigger-type.patch b/patches.suse/ath10k-do-not-enforce-interrupt-trigger-type.patch new file mode 100644 index 0000000..e8782aa --- /dev/null +++ b/patches.suse/ath10k-do-not-enforce-interrupt-trigger-type.patch @@ -0,0 +1,58 @@ +From 1ee6c5abebd3cacf2ac4378d0ed4f57fd4850421 Mon Sep 17 00:00:00 2001 +From: Krzysztof Kozlowski +Date: Wed, 18 May 2022 10:27:26 +0300 +Subject: [PATCH] ath10k: do not enforce interrupt trigger type +Git-commit: 1ee6c5abebd3cacf2ac4378d0ed4f57fd4850421 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Interrupt line can be configured on different hardware in different way, +even inverted. Therefore driver should not enforce specific trigger +type - edge rising - but instead rely on Devicetree to configure it. + +All Qualcomm DTSI with WCN3990 define the interrupt type as level high, +so the mismatch between DTSI and driver causes rebind issues: + + $ echo 18800000.wifi > /sys/bus/platform/drivers/ath10k_snoc/unbind + $ echo 18800000.wifi > /sys/bus/platform/drivers/ath10k_snoc/bind + [ 44.763114] irq: type mismatch, failed to map hwirq-446 for interrupt-controller@17a00000! + [ 44.763130] ath10k_snoc 18800000.wifi: error -ENXIO: IRQ index 0 not found + [ 44.763140] ath10k_snoc 18800000.wifi: failed to initialize resource: -6 + +Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.3.2.0.c8-00009-QCAHLSWSC8180XMTPLZ-1 +Tested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1 + +Fixes: c963a683e701 ("ath10k: add resource init and deinit for WCN3990") +Signed-off-by: Krzysztof Kozlowski +Tested-by: Steev Klimaszewski +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220513151516.357549-1-krzysztof.kozlowski@linaro.org +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/ath/ath10k/snoc.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/wireless/ath/ath10k/snoc.c b/drivers/net/wireless/ath/ath10k/snoc.c +index 607e8164bf98..5576ad9fd116 100644 +--- a/drivers/net/wireless/ath/ath10k/snoc.c ++++ b/drivers/net/wireless/ath/ath10k/snoc.c +@@ -1249,13 +1249,12 @@ static void ath10k_snoc_init_napi(struct ath10k *ar) + static int ath10k_snoc_request_irq(struct ath10k *ar) + { + struct ath10k_snoc *ar_snoc = ath10k_snoc_priv(ar); +- int irqflags = IRQF_TRIGGER_RISING; + int ret, id; + + for (id = 0; id < CE_COUNT_MAX; id++) { + ret = request_irq(ar_snoc->ce_irqs[id].irq_line, +- ath10k_snoc_per_engine_handler, +- irqflags, ce_name[id], ar); ++ ath10k_snoc_per_engine_handler, 0, ++ ce_name[id], ar); + if (ret) { + ath10k_err(ar, + "failed to register IRQ handler for CE %d: %d\n", +-- +2.35.3 + diff --git a/patches.suse/ax88179_178a-add-ethtool_op_get_ts_info.patch b/patches.suse/ax88179_178a-add-ethtool_op_get_ts_info.patch new file mode 100644 index 0000000..c8db4c2 --- /dev/null +++ b/patches.suse/ax88179_178a-add-ethtool_op_get_ts_info.patch @@ -0,0 +1,37 @@ +From dc83ef22cdb483027f1bf0892e466433ec5299bf Mon Sep 17 00:00:00 2001 +From: "Andreas K. Besslein" +Date: Sat, 23 Nov 2019 22:04:47 +0100 +Subject: [PATCH] ax88179_178a: add ethtool_op_get_ts_info() +Git-commit: dc83ef22cdb483027f1bf0892e466433ec5299bf +References: git-fixes +Patch-mainline:v5.5-rc1 + +This enables the use of SW timestamping. + +ax88179_178a uses the usbnet transmit function usbnet_start_xmit() which +implements software timestamping. ax88179_178a overrides ethtool_ops but +missed to set .get_ts_info. This caused SOF_TIMESTAMPING_TX_SOFTWARE +capability to be not available. + +Signed-off-by: Andreas K. Besslein +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index c5a6e75c24e3..93044cf1417a 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -827,6 +827,7 @@ static const struct ethtool_ops ax88179_ethtool_ops = { + .nway_reset = usbnet_nway_reset, + .get_link_ksettings = ax88179_get_link_ksettings, + .set_link_ksettings = ax88179_set_link_ksettings, ++ .get_ts_info = ethtool_op_get_ts_info, + }; + + static void ax88179_set_multicast(struct net_device *net) +-- +2.35.3 + diff --git a/patches.suse/block-drbd-drbd_nl-Make-conversion-to-enum-drbd_ret_code-explicit.patch b/patches.suse/block-drbd-drbd_nl-Make-conversion-to-enum-drbd_ret_code-explicit.patch new file mode 100644 index 0000000..f5cce68 --- /dev/null +++ b/patches.suse/block-drbd-drbd_nl-Make-conversion-to-enum-drbd_ret_code-explicit.patch @@ -0,0 +1,84 @@ +From: Lee Jones +Date: Fri, 12 Mar 2021 10:55:26 +0000 +Subject: block: drbd: drbd_nl: Make conversion to 'enum drbd_ret_code' + explicit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 1f1e87b4dc4598eac57a69868534b92d65e47e82 +Patch-mainline: v5.13-rc1 +References: git-fixes + +Fixes the following W=1 kernel build warning(s): + + from drivers/block/drbd/drbd_nl.c:24: + drivers/block/drbd/drbd_nl.c: In function ‘drbd_adm_set_role’: + drivers/block/drbd/drbd_nl.c:793:11: warning: implicit conversion from ‘enum drbd_state_rv’ to ‘enum drbd_ret_code’ [-Wenum-conversion] + drivers/block/drbd/drbd_nl.c:795:11: warning: implicit conversion from ‘enum drbd_state_rv’ to ‘enum drbd_ret_code’ [-Wenum-conversion] + drivers/block/drbd/drbd_nl.c: In function ‘drbd_adm_attach’: + drivers/block/drbd/drbd_nl.c:1965:10: warning: implicit conversion from ‘enum drbd_state_rv’ to ‘enum drbd_ret_code’ [-Wenum-conversion] + drivers/block/drbd/drbd_nl.c: In function ‘drbd_adm_connect’: + drivers/block/drbd/drbd_nl.c:2690:10: warning: implicit conversion from ‘enum drbd_state_rv’ to ‘enum drbd_ret_code’ [-Wenum-conversion] + drivers/block/drbd/drbd_nl.c: In function ‘drbd_adm_disconnect’: + drivers/block/drbd/drbd_nl.c:2803:11: warning: implicit conversion from ‘enum drbd_state_rv’ to ‘enum drbd_ret_code’ [-Wenum-conversion] + +Cc: Philipp Reisner +Cc: Lars Ellenberg +Cc: Jens Axboe +Cc: drbd-dev@lists.linbit.com +Cc: linux-block@vger.kernel.org +Signed-off-by: Lee Jones +Link: https://lore.kernel.org/r/20210312105530.2219008-8-lee.jones@linaro.org +Signed-off-by: Jens Axboe +Acked-by: Lee Duncan +--- + drivers/block/drbd/drbd_nl.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c +index bf7de4c7b96c..31902304ddac 100644 +--- a/drivers/block/drbd/drbd_nl.c ++++ b/drivers/block/drbd/drbd_nl.c +@@ -790,9 +790,11 @@ int drbd_adm_set_role(struct sk_buff *skb, struct genl_info *info) + mutex_lock(&adm_ctx.resource->adm_mutex); + + if (info->genlhdr->cmd == DRBD_ADM_PRIMARY) +- retcode = drbd_set_role(adm_ctx.device, R_PRIMARY, parms.assume_uptodate); ++ retcode = (enum drbd_ret_code)drbd_set_role(adm_ctx.device, ++ R_PRIMARY, parms.assume_uptodate); + else +- retcode = drbd_set_role(adm_ctx.device, R_SECONDARY, 0); ++ retcode = (enum drbd_ret_code)drbd_set_role(adm_ctx.device, ++ R_SECONDARY, 0); + + mutex_unlock(&adm_ctx.resource->adm_mutex); + genl_lock(); +@@ -1962,7 +1964,7 @@ int drbd_adm_attach(struct sk_buff *skb, struct genl_info *info) + drbd_flush_workqueue(&connection->sender_work); + + rv = _drbd_request_state(device, NS(disk, D_ATTACHING), CS_VERBOSE); +- retcode = rv; /* FIXME: Type mismatch. */ ++ retcode = (enum drbd_ret_code)rv; + drbd_resume_io(device); + if (rv < SS_SUCCESS) + goto fail; +@@ -2687,7 +2689,8 @@ int drbd_adm_connect(struct sk_buff *skb, struct genl_info *info) + } + rcu_read_unlock(); + +- retcode = conn_request_state(connection, NS(conn, C_UNCONNECTED), CS_VERBOSE); ++ retcode = (enum drbd_ret_code)conn_request_state(connection, ++ NS(conn, C_UNCONNECTED), CS_VERBOSE); + + conn_reconfig_done(connection); + mutex_unlock(&adm_ctx.resource->adm_mutex); +@@ -2800,7 +2803,7 @@ int drbd_adm_disconnect(struct sk_buff *skb, struct genl_info *info) + mutex_lock(&adm_ctx.resource->adm_mutex); + rv = conn_try_disconnect(connection, parms.force_disconnect); + if (rv < SS_SUCCESS) +- retcode = rv; /* FIXME: Type mismatch. */ ++ retcode = (enum drbd_ret_code)rv; + else + retcode = NO_ERROR; + mutex_unlock(&adm_ctx.resource->adm_mutex); + diff --git a/patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch b/patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch index 1c62a65..9348646 100644 --- a/patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch +++ b/patches.suse/bpf-Add-bpf_patch_call_args-prototype-to-include-lin.patch @@ -31,5 +31,5 @@ Acked-by: Gary Lin void bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth); +#endif - /* Map specifics */ - struct xdp_buff; + struct btf *bpf_get_btf_vmlinux(void); + diff --git a/patches.suse/bpf-Add-config-to-allow-loading-modules-with-BTF-mismatche.patch b/patches.suse/bpf-Add-config-to-allow-loading-modules-with-BTF-mismatche.patch new file mode 100644 index 0000000..214fdb9 --- /dev/null +++ b/patches.suse/bpf-Add-config-to-allow-loading-modules-with-BTF-mismatche.patch @@ -0,0 +1,69 @@ +From: Connor O'Brien +Date: Wed, 23 Feb 2022 01:28:14 +0000 +Subject: bpf: Add config to allow loading modules with BTF mismatches +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 5e214f2e43e453d862ebbbd2a4f7ee3fe650f209 +Patch-mainline: v5.18-rc1 +References: jsc#SLE-24559 + +BTF mismatch can occur for a separately-built module even when the ABI is +otherwise compatible and nothing else would prevent successfully loading. + +Add a new Kconfig to control how mismatches are handled. By default, preserve +the current behavior of refusing to load the module. If MODULE_ALLOW_BTF_MISMATCH +is enabled, load the module but ignore its BTF information. + +Suggested-by: Yonghong Song +Suggested-by: Michal Suchánek +Signed-off-by: Connor O'Brien +Signed-off-by: Daniel Borkmann +Acked-by: Shung-Hsi Yu +Acked-by: Song Liu +Link: https://lore.kernel.org/bpf/CAADnVQJ+OVPnBz8z3vNu8gKXX42jCUqfuvhWAyCQDu8N_yqqwQ@mail.gmail.com +Link: https://lore.kernel.org/bpf/20220223012814.1898677-1-connoro@google.com + +Acked-by: Jeff Mahoney +--- + kernel/bpf/btf.c | 3 ++- + lib/Kconfig.debug | 10 ++++++++++ + 2 files changed, 12 insertions(+), 1 deletion(-) + +diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c +index 0890e56e8b08..b472cf0c8fdb 100644 +--- a/kernel/bpf/btf.c ++++ b/kernel/bpf/btf.c +@@ -6398,7 +6398,8 @@ static int btf_module_notify(struct notifier_block *nb, unsigned long op, + pr_warn("failed to validate module [%s] BTF: %ld\n", + mod->name, PTR_ERR(btf)); + kfree(btf_mod); +- err = PTR_ERR(btf); ++ if (!IS_ENABLED(CONFIG_MODULE_ALLOW_BTF_MISMATCH)) ++ err = PTR_ERR(btf); + goto out; + } + err = btf_alloc_id(btf); +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 1555da672275..72ca4684beda 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -339,6 +339,16 @@ config DEBUG_INFO_BTF_MODULES + help + Generate compact split BTF type information for kernel modules. + ++config MODULE_ALLOW_BTF_MISMATCH ++ bool "Allow loading modules with non-matching BTF type info" ++ depends on DEBUG_INFO_BTF_MODULES ++ help ++ For modules whose split BTF does not match vmlinux, load without ++ BTF rather than refusing to load. The default behavior with ++ module BTF enabled is to reject modules with such mismatches; ++ this option will still load module BTF where possible but ignore ++ it when a mismatch is found. ++ + config GDB_SCRIPTS + bool "Provide GDB scripts for kernel debugging" + depends on DEBUG_INFO + + diff --git a/patches.suse/bpf-Add-in-kernel-split-BTF-support.patch b/patches.suse/bpf-Add-in-kernel-split-BTF-support.patch new file mode 100644 index 0000000..1afeeb2 --- /dev/null +++ b/patches.suse/bpf-Add-in-kernel-split-BTF-support.patch @@ -0,0 +1,426 @@ +From: Andrii Nakryiko +Date: Mon, 9 Nov 2020 17:19:28 -0800 +Subject: bpf: Add in-kernel split BTF support +Git-commit: 951bb64621b8139c0cd99dcadc13e6510c08aa73 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Adjust in-kernel BTF implementation to support a split BTF mode of operation. +Changes are mostly mirroring libbpf split BTF changes, with the exception of +start_id being 0 for in-kernel implementation due to simpler read-only mode. + +Otherwise, for split BTF logic, most of the logic of jumping to base BTF, +where necessary, is encapsulated in few helper functions. Type numbering and +string offset in a split BTF are logically continuing where base BTF ends, so +most of the high-level logic is kept without changes. + +Type verification and size resolution is only doing an added resolution of new +split BTF types and relies on already cached size and type resolution results +in the base BTF. + +Signed-off-by: Andrii Nakryiko +Signed-off-by: Alexei Starovoitov +Acked-by: Song Liu +Link: https://lore.kernel.org/bpf/20201110011932.3201430-2-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + kernel/bpf/btf.c | 171 ++++++++++++++++++++++++++++++++++++++----------------- + 1 file changed, 119 insertions(+), 52 deletions(-) + +diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c +index 6324de8c59f7..727c1c27053f 100644 +--- a/kernel/bpf/btf.c ++++ b/kernel/bpf/btf.c +@@ -203,12 +203,17 @@ struct btf { + const char *strings; + void *nohdr_data; + struct btf_header hdr; +- u32 nr_types; ++ u32 nr_types; /* includes VOID for base BTF */ + u32 types_size; + u32 data_size; + refcount_t refcnt; + u32 id; + struct rcu_head rcu; ++ ++ /* split BTF support */ ++ struct btf *base_btf; ++ u32 start_id; /* first type ID in this BTF (0 for base BTF) */ ++ u32 start_str_off; /* first string offset (0 for base BTF) */ + }; + + enum verifier_phase { +@@ -449,14 +454,27 @@ static bool btf_type_is_datasec(const struct btf_type *t) + return BTF_INFO_KIND(t->info) == BTF_KIND_DATASEC; + } + ++static u32 btf_nr_types_total(const struct btf *btf) ++{ ++ u32 total = 0; ++ ++ while (btf) { ++ total += btf->nr_types; ++ btf = btf->base_btf; ++ } ++ ++ return total; ++} ++ + s32 btf_find_by_name_kind(const struct btf *btf, const char *name, u8 kind) + { + const struct btf_type *t; + const char *tname; +- u32 i; ++ u32 i, total; + +- for (i = 1; i <= btf->nr_types; i++) { +- t = btf->types[i]; ++ total = btf_nr_types_total(btf); ++ for (i = 1; i < total; i++) { ++ t = btf_type_by_id(btf, i); + if (BTF_INFO_KIND(t->info) != kind) + continue; + +@@ -599,8 +617,14 @@ static const struct btf_kind_operations *btf_type_ops(const struct btf_type *t) + + static bool btf_name_offset_valid(const struct btf *btf, u32 offset) + { +- return BTF_STR_OFFSET_VALID(offset) && +- offset < btf->hdr.str_len; ++ if (!BTF_STR_OFFSET_VALID(offset)) ++ return false; ++ ++ while (offset < btf->start_str_off) ++ btf = btf->base_btf; ++ ++ offset -= btf->start_str_off; ++ return offset < btf->hdr.str_len; + } + + static bool __btf_name_char_ok(char c, bool first, bool dot_ok) +@@ -614,10 +638,22 @@ static bool __btf_name_char_ok(char c, bool first, bool dot_ok) + return true; + } + ++static const char *btf_str_by_offset(const struct btf *btf, u32 offset) ++{ ++ while (offset < btf->start_str_off) ++ btf = btf->base_btf; ++ ++ offset -= btf->start_str_off; ++ if (offset < btf->hdr.str_len) ++ return &btf->strings[offset]; ++ ++ return NULL; ++} ++ + static bool __btf_name_valid(const struct btf *btf, u32 offset, bool dot_ok) + { + /* offset must be valid */ +- const char *src = &btf->strings[offset]; ++ const char *src = btf_str_by_offset(btf, offset); + const char *src_limit; + + if (!__btf_name_char_ok(*src, true, dot_ok)) +@@ -650,27 +686,28 @@ static bool btf_name_valid_section(const struct btf *btf, u32 offset) + + static const char *__btf_name_by_offset(const struct btf *btf, u32 offset) + { ++ const char *name; ++ + if (!offset) + return "(anon)"; +- else if (offset < btf->hdr.str_len) +- return &btf->strings[offset]; +- else +- return "(invalid-name-offset)"; ++ ++ name = btf_str_by_offset(btf, offset); ++ return name ?: "(invalid-name-offset)"; + } + + const char *btf_name_by_offset(const struct btf *btf, u32 offset) + { +- if (offset < btf->hdr.str_len) +- return &btf->strings[offset]; +- +- return NULL; ++ return btf_str_by_offset(btf, offset); + } + + const struct btf_type *btf_type_by_id(const struct btf *btf, u32 type_id) + { +- if (type_id > btf->nr_types) +- return NULL; ++ while (type_id < btf->start_id) ++ btf = btf->base_btf; + ++ type_id -= btf->start_id; ++ if (type_id >= btf->nr_types) ++ return NULL; + return btf->types[type_id]; + } + +@@ -1390,17 +1427,13 @@ static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t) + { + struct btf *btf = env->btf; + +- /* < 2 because +1 for btf_void which is always in btf->types[0]. +- * btf_void is not accounted in btf->nr_types because btf_void +- * does not come from the BTF file. +- */ +- if (btf->types_size - btf->nr_types < 2) { ++ if (btf->types_size == btf->nr_types) { + /* Expand 'types' array */ + + struct btf_type **new_types; + u32 expand_by, new_size; + +- if (btf->types_size == BTF_MAX_TYPE) { ++ if (btf->start_id + btf->types_size == BTF_MAX_TYPE) { + btf_verifier_log(env, "Exceeded max num of types"); + return -E2BIG; + } +@@ -1414,18 +1447,23 @@ static int btf_add_type(struct btf_verifier_env *env, struct btf_type *t) + if (!new_types) + return -ENOMEM; + +- if (btf->nr_types == 0) +- new_types[0] = &btf_void; +- else ++ if (btf->nr_types == 0) { ++ if (!btf->base_btf) { ++ /* lazily init VOID type */ ++ new_types[0] = &btf_void; ++ btf->nr_types++; ++ } ++ } else { + memcpy(new_types, btf->types, +- sizeof(*btf->types) * (btf->nr_types + 1)); ++ sizeof(*btf->types) * btf->nr_types); ++ } + + kvfree(btf->types); + btf->types = new_types; + btf->types_size = new_size; + } + +- btf->types[++(btf->nr_types)] = t; ++ btf->types[btf->nr_types++] = t; + + return 0; + } +@@ -1498,18 +1536,17 @@ static int env_resolve_init(struct btf_verifier_env *env) + u32 *resolved_ids = NULL; + u8 *visit_states = NULL; + +- /* +1 for btf_void */ +- resolved_sizes = kvcalloc(nr_types + 1, sizeof(*resolved_sizes), ++ resolved_sizes = kvcalloc(nr_types, sizeof(*resolved_sizes), + GFP_KERNEL | __GFP_NOWARN); + if (!resolved_sizes) + goto nomem; + +- resolved_ids = kvcalloc(nr_types + 1, sizeof(*resolved_ids), ++ resolved_ids = kvcalloc(nr_types, sizeof(*resolved_ids), + GFP_KERNEL | __GFP_NOWARN); + if (!resolved_ids) + goto nomem; + +- visit_states = kvcalloc(nr_types + 1, sizeof(*visit_states), ++ visit_states = kvcalloc(nr_types, sizeof(*visit_states), + GFP_KERNEL | __GFP_NOWARN); + if (!visit_states) + goto nomem; +@@ -1561,21 +1598,27 @@ static bool env_type_is_resolve_sink(const struct btf_verifier_env *env, + static bool env_type_is_resolved(const struct btf_verifier_env *env, + u32 type_id) + { +- return env->visit_states[type_id] == RESOLVED; ++ /* base BTF types should be resolved by now */ ++ if (type_id < env->btf->start_id) ++ return true; ++ ++ return env->visit_states[type_id - env->btf->start_id] == RESOLVED; + } + + static int env_stack_push(struct btf_verifier_env *env, + const struct btf_type *t, u32 type_id) + { ++ const struct btf *btf = env->btf; + struct resolve_vertex *v; + + if (env->top_stack == MAX_RESOLVE_DEPTH) + return -E2BIG; + +- if (env->visit_states[type_id] != NOT_VISITED) ++ if (type_id < btf->start_id ++ || env->visit_states[type_id - btf->start_id] != NOT_VISITED) + return -EEXIST; + +- env->visit_states[type_id] = VISITED; ++ env->visit_states[type_id - btf->start_id] = VISITED; + + v = &env->stack[env->top_stack++]; + v->t = t; +@@ -1605,6 +1648,7 @@ static void env_stack_pop_resolved(struct btf_verifier_env *env, + u32 type_id = env->stack[--(env->top_stack)].type_id; + struct btf *btf = env->btf; + ++ type_id -= btf->start_id; /* adjust to local type id */ + btf->resolved_sizes[type_id] = resolved_size; + btf->resolved_ids[type_id] = resolved_type_id; + env->visit_states[type_id] = RESOLVED; +@@ -1709,14 +1753,30 @@ btf_resolve_size(const struct btf *btf, const struct btf_type *type, + return array_type ? : type; + } + ++static u32 btf_resolved_type_id(const struct btf *btf, u32 type_id) ++{ ++ while (type_id < btf->start_id) ++ btf = btf->base_btf; ++ ++ return btf->resolved_ids[type_id - btf->start_id]; ++} ++ + /* The input param "type_id" must point to a needs_resolve type */ + static const struct btf_type *btf_type_id_resolve(const struct btf *btf, + u32 *type_id) + { +- *type_id = btf->resolved_ids[*type_id]; ++ *type_id = btf_resolved_type_id(btf, *type_id); + return btf_type_by_id(btf, *type_id); + } + ++static u32 btf_resolved_type_size(const struct btf *btf, u32 type_id) ++{ ++ while (type_id < btf->start_id) ++ btf = btf->base_btf; ++ ++ return btf->resolved_sizes[type_id - btf->start_id]; ++} ++ + const struct btf_type *btf_type_id_size(const struct btf *btf, + u32 *type_id, u32 *ret_size) + { +@@ -1731,7 +1791,7 @@ const struct btf_type *btf_type_id_size(const struct btf *btf, + if (btf_type_has_size(size_type)) { + size = size_type->size; + } else if (btf_type_is_array(size_type)) { +- size = btf->resolved_sizes[size_type_id]; ++ size = btf_resolved_type_size(btf, size_type_id); + } else if (btf_type_is_ptr(size_type)) { + size = sizeof(void *); + } else { +@@ -1739,14 +1799,14 @@ const struct btf_type *btf_type_id_size(const struct btf *btf, + !btf_type_is_var(size_type))) + return NULL; + +- size_type_id = btf->resolved_ids[size_type_id]; ++ size_type_id = btf_resolved_type_id(btf, size_type_id); + size_type = btf_type_by_id(btf, size_type_id); + if (btf_type_nosize_or_null(size_type)) + return NULL; + else if (btf_type_has_size(size_type)) + size = size_type->size; + else if (btf_type_is_array(size_type)) +- size = btf->resolved_sizes[size_type_id]; ++ size = btf_resolved_type_size(btf, size_type_id); + else if (btf_type_is_ptr(size_type)) + size = sizeof(void *); + else +@@ -3798,7 +3858,7 @@ static int btf_check_all_metas(struct btf_verifier_env *env) + cur = btf->nohdr_data + hdr->type_off; + end = cur + hdr->type_len; + +- env->log_type_id = 1; ++ env->log_type_id = btf->base_btf ? btf->start_id : 1; + while (cur < end) { + struct btf_type *t = cur; + s32 meta_size; +@@ -3825,8 +3885,8 @@ static bool btf_resolve_valid(struct btf_verifier_env *env, + return false; + + if (btf_type_is_struct(t) || btf_type_is_datasec(t)) +- return !btf->resolved_ids[type_id] && +- !btf->resolved_sizes[type_id]; ++ return !btf_resolved_type_id(btf, type_id) && ++ !btf_resolved_type_size(btf, type_id); + + if (btf_type_is_modifier(t) || btf_type_is_ptr(t) || + btf_type_is_var(t)) { +@@ -3846,7 +3906,7 @@ static bool btf_resolve_valid(struct btf_verifier_env *env, + elem_type = btf_type_id_size(btf, &elem_type_id, &elem_size); + return elem_type && !btf_type_is_modifier(elem_type) && + (array->nelems * elem_size == +- btf->resolved_sizes[type_id]); ++ btf_resolved_type_size(btf, type_id)); + } + + return false; +@@ -3888,7 +3948,8 @@ static int btf_resolve(struct btf_verifier_env *env, + static int btf_check_all_types(struct btf_verifier_env *env) + { + struct btf *btf = env->btf; +- u32 type_id; ++ const struct btf_type *t; ++ u32 type_id, i; + int err; + + err = env_resolve_init(env); +@@ -3896,8 +3957,9 @@ static int btf_check_all_types(struct btf_verifier_env *env) + return err; + + env->phase++; +- for (type_id = 1; type_id <= btf->nr_types; type_id++) { +- const struct btf_type *t = btf_type_by_id(btf, type_id); ++ for (i = btf->base_btf ? 0 : 1; i < btf->nr_types; i++) { ++ type_id = btf->start_id + i; ++ t = btf_type_by_id(btf, type_id); + + env->log_type_id = type_id; + if (btf_type_needs_resolve(t) && +@@ -3934,7 +3996,7 @@ static int btf_parse_type_sec(struct btf_verifier_env *env) + return -EINVAL; + } + +- if (!hdr->type_len) { ++ if (!env->btf->base_btf && !hdr->type_len) { + btf_verifier_log(env, "No type found"); + return -EINVAL; + } +@@ -3961,13 +4023,18 @@ static int btf_parse_str_sec(struct btf_verifier_env *env) + return -EINVAL; + } + +- if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET || +- start[0] || end[-1]) { ++ btf->strings = start; ++ ++ if (btf->base_btf && !hdr->str_len) ++ return 0; ++ if (!hdr->str_len || hdr->str_len - 1 > BTF_MAX_NAME_OFFSET || end[-1]) { ++ btf_verifier_log(env, "Invalid string section"); ++ return -EINVAL; ++ } ++ if (!btf->base_btf && start[0]) { + btf_verifier_log(env, "Invalid string section"); + return -EINVAL; + } +- +- btf->strings = start; + + return 0; + } +@@ -4908,7 +4975,7 @@ static int __get_type_size(struct btf *btf, u32 btf_id, + while (t && btf_type_is_modifier(t)) + t = btf_type_by_id(btf, t->type); + if (!t) { +- *bad_type = btf->types[0]; ++ *bad_type = btf_type_by_id(btf, 0); + return -EINVAL; + } + if (btf_type_is_ptr(t)) + + diff --git a/patches.suse/bpf-Assign-ID-to-vmlinux-BTF-and-return-extra-info-for-BTF.patch b/patches.suse/bpf-Assign-ID-to-vmlinux-BTF-and-return-extra-info-for-BTF.patch new file mode 100644 index 0000000..f842ddd --- /dev/null +++ b/patches.suse/bpf-Assign-ID-to-vmlinux-BTF-and-return-extra-info-for-BTF.patch @@ -0,0 +1,149 @@ +From: Andrii Nakryiko +Date: Mon, 9 Nov 2020 17:19:29 -0800 +Subject: bpf: Assign ID to vmlinux BTF and return extra info for BTF in + GET_OBJ_INFO +Git-commit: 5329722057d41aebc31e391907a501feaa42f7d9 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Allocate ID for vmlinux BTF. This makes it visible when iterating over all BTF +objects in the system. To allow distinguishing vmlinux BTF (and later kernel +module BTF) from user-provided BTFs, expose extra kernel_btf flag, as well as +BTF name ("vmlinux" for vmlinux BTF, will equal to module's name for module +BTF). We might want to later allow specifying BTF name for user-provided BTFs +as well, if that makes sense. But currently this is reserved only for +in-kernel BTFs. + +Having in-kernel BTFs exposed IDs will allow to extend BPF APIs that require +in-kernel BTF type with ability to specify BTF types from kernel modules, not +just vmlinux BTF. This will be implemented in a follow up patch set for +fentry/fexit/fmod_ret/lsm/etc. + +Signed-off-by: Andrii Nakryiko +Signed-off-by: Alexei Starovoitov +Acked-by: Song Liu +Link: https://lore.kernel.org/bpf/20201110011932.3201430-3-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + include/uapi/linux/bpf.h | 3 +++ + kernel/bpf/btf.c | 43 +++++++++++++++++++++++++++++++++++++++--- + tools/include/uapi/linux/bpf.h | 3 +++ + 3 files changed, 46 insertions(+), 3 deletions(-) + +diff --git a/include/uapi/linux/bpf.h b/include/uapi/linux/bpf.h +index 9879d6793e90..162999b12790 100644 +--- a/include/uapi/linux/bpf.h ++++ b/include/uapi/linux/bpf.h +@@ -4466,6 +4466,9 @@ struct bpf_btf_info { + __aligned_u64 btf; + __u32 btf_size; + __u32 id; ++ __aligned_u64 name; ++ __u32 name_len; ++ __u32 kernel_btf; + } __attribute__((aligned(8))); + + struct bpf_link_info { +diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c +index 727c1c27053f..856585db7aa7 100644 +--- a/kernel/bpf/btf.c ++++ b/kernel/bpf/btf.c +@@ -214,6 +214,8 @@ struct btf { + struct btf *base_btf; + u32 start_id; /* first type ID in this BTF (0 for base BTF) */ + u32 start_str_off; /* first string offset (0 for base BTF) */ ++ char name[MODULE_NAME_LEN]; ++ bool kernel_btf; + }; + + enum verifier_phase { +@@ -4429,6 +4431,8 @@ struct btf *btf_parse_vmlinux(void) + + btf->data = __start_BTF; + btf->data_size = __stop_BTF - __start_BTF; ++ btf->kernel_btf = true; ++ snprintf(btf->name, sizeof(btf->name), "vmlinux"); + + err = btf_parse_hdr(env); + if (err) +@@ -4454,8 +4458,13 @@ struct btf *btf_parse_vmlinux(void) + + bpf_struct_ops_init(btf, log); + +- btf_verifier_env_free(env); + refcount_set(&btf->refcnt, 1); ++ ++ err = btf_alloc_id(btf); ++ if (err) ++ goto errout; ++ ++ btf_verifier_env_free(env); + return btf; + + errout: +@@ -5553,7 +5562,9 @@ int btf_get_info_by_fd(const struct btf *btf, + struct bpf_btf_info info; + u32 info_copy, btf_copy; + void __user *ubtf; +- u32 uinfo_len; ++ char __user *uname; ++ u32 uinfo_len, uname_len, name_len; ++ int ret = 0; + + uinfo = u64_to_user_ptr(attr->info.info); + uinfo_len = attr->info.info_len; +@@ -5570,11 +5581,37 @@ int btf_get_info_by_fd(const struct btf *btf, + return -EFAULT; + info.btf_size = btf->data_size; + ++ info.kernel_btf = btf->kernel_btf; ++ ++ uname = u64_to_user_ptr(info.name); ++ uname_len = info.name_len; ++ if (!uname ^ !uname_len) ++ return -EINVAL; ++ ++ name_len = strlen(btf->name); ++ info.name_len = name_len; ++ ++ if (uname) { ++ if (uname_len >= name_len + 1) { ++ if (copy_to_user(uname, btf->name, name_len + 1)) ++ return -EFAULT; ++ } else { ++ char zero = '\0'; ++ ++ if (copy_to_user(uname, btf->name, uname_len - 1)) ++ return -EFAULT; ++ if (put_user(zero, uname + uname_len - 1)) ++ return -EFAULT; ++ /* let user-space know about too short buffer */ ++ ret = -ENOSPC; ++ } ++ } ++ + if (copy_to_user(uinfo, &info, info_copy) || + put_user(info_copy, &uattr->info.info_len)) + return -EFAULT; + +- return 0; ++ return ret; + } + + int btf_get_fd_by_id(u32 id) +diff --git a/tools/include/uapi/linux/bpf.h b/tools/include/uapi/linux/bpf.h +index 9879d6793e90..162999b12790 100644 +--- a/tools/include/uapi/linux/bpf.h ++++ b/tools/include/uapi/linux/bpf.h +@@ -4466,6 +4466,9 @@ struct bpf_btf_info { + __aligned_u64 btf; + __u32 btf_size; + __u32 id; ++ __aligned_u64 name; ++ __u32 name_len; ++ __u32 kernel_btf; + } __attribute__((aligned(8))); + + struct bpf_link_info { + diff --git a/patches.suse/bpf-Keep-module-s-btf_data_size-intact-after-load.patch b/patches.suse/bpf-Keep-module-s-btf_data_size-intact-after-load.patch new file mode 100644 index 0000000..6d1b592 --- /dev/null +++ b/patches.suse/bpf-Keep-module-s-btf_data_size-intact-after-load.patch @@ -0,0 +1,34 @@ +From: Andrii Nakryiko +Date: Thu, 3 Dec 2020 12:46:22 -0800 +Subject: bpf: Keep module's btf_data_size intact after load +Git-commit: 2fe8890848c799515a881502339a0a7b2b555988 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Having real btf_data_size stored in struct module is benefitial to quickly +determine which kernel modules have associated BTF object and which don't. +There is no harm in keeping this info, as opposed to keeping invalid pointer. + +Fixes: 607c543f939d ("bpf: Sanitize BTF data pointer after module is loaded") +Signed-off-by: Andrii Nakryiko +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20201203204634.1325171-3-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + kernel/module.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/kernel/module.c b/kernel/module.c +index 18f259d61d14..c3a9e972d3b2 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3712,7 +3712,6 @@ static noinline int do_init_module(struct module *mod) + #ifdef CONFIG_DEBUG_INFO_BTF_MODULES + /* .BTF is not SHF_ALLOC and will get removed, so sanitize pointer */ + mod->btf_data = NULL; +- mod->btf_data_size = 0; + #endif + /* + * We want to free module_init, but be aware that kallsyms may be + diff --git a/patches.suse/bpf-Load-and-verify-kernel-module-BTFs.patch b/patches.suse/bpf-Load-and-verify-kernel-module-BTFs.patch new file mode 100644 index 0000000..309f5a8 --- /dev/null +++ b/patches.suse/bpf-Load-and-verify-kernel-module-BTFs.patch @@ -0,0 +1,374 @@ +From: Andrii Nakryiko +Date: Mon, 9 Nov 2020 17:19:31 -0800 +Subject: bpf: Load and verify kernel module BTFs +Git-commit: 36e68442d1afd4f720704ee1ea8486331507e834 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Add kernel module listener that will load/validate and unload module BTF. +Module BTFs gets ID generated for them, which makes it possible to iterate +them with existing BTF iteration API. They are given their respective module's +names, which will get reported through GET_OBJ_INFO API. They are also marked +as in-kernel BTFs for tooling to distinguish them from user-provided BTFs. + +Also, similarly to vmlinux BTF, kernel module BTFs are exposed through +sysfs as /sys/kernel/btf/. This is convenient for user-space +tools to inspect module BTF contents and dump their types with existing tools: + +[vmuser@archvm bpf]$ ls -la /sys/kernel/btf +total 0 +drwxr-xr-x 2 root root 0 Nov 4 19:46 . +drwxr-xr-x 13 root root 0 Nov 4 19:46 .. + +... + +-r--r--r-- 1 root root 888 Nov 4 19:46 irqbypass +-r--r--r-- 1 root root 100225 Nov 4 19:46 kvm +-r--r--r-- 1 root root 35401 Nov 4 19:46 kvm_intel +-r--r--r-- 1 root root 120 Nov 4 19:46 pcspkr +-r--r--r-- 1 root root 399 Nov 4 19:46 serio_raw +-r--r--r-- 1 root root 4094095 Nov 4 19:46 vmlinux + +Signed-off-by: Andrii Nakryiko +Signed-off-by: Alexei Starovoitov +Reviewed-by: Greg Kroah-Hartman +Link: https://lore.kernel.org/bpf/20201110011932.3201430-5-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + Documentation/ABI/testing/sysfs-kernel-btf | 8 ++ + include/linux/bpf.h | 2 + + include/linux/module.h | 4 + + kernel/bpf/btf.c | 194 +++++++++++++++++++++++++++++ + kernel/bpf/sysfs_btf.c | 2 +- + kernel/module.c | 32 +++++ + 6 files changed, 241 insertions(+), 1 deletion(-) + +diff --git a/Documentation/ABI/testing/sysfs-kernel-btf b/Documentation/ABI/testing/sysfs-kernel-btf +index 2c9744b2cd59..fe96efdc9b6c 100644 +--- a/Documentation/ABI/testing/sysfs-kernel-btf ++++ b/Documentation/ABI/testing/sysfs-kernel-btf +@@ -15,3 +15,11 @@ Description: + information with description of all internal kernel types. See + Documentation/bpf/btf.rst for detailed description of format + itself. ++ ++What: /sys/kernel/btf/ ++Date: Nov 2020 ++KernelVersion: 5.11 ++Contact: bpf@vger.kernel.org ++Description: ++ Read-only binary attribute exposing kernel module's BTF type ++ information as an add-on to the kernel's BTF (/sys/kernel/btf/vmlinux). +diff --git a/include/linux/bpf.h b/include/linux/bpf.h +index 73d5381a5d5c..581b2a2e78eb 100644 +--- a/include/linux/bpf.h ++++ b/include/linux/bpf.h +@@ -36,9 +36,11 @@ struct seq_operations; + struct exception_table_entry; + struct seq_operations; + struct bpf_iter_aux_info; ++struct kobject; + + extern struct idr btf_idr; + extern spinlock_t btf_idr_lock; ++extern struct kobject *btf_kobj; + + typedef int (*bpf_iter_init_seq_priv_t)(void *private_data, + struct bpf_iter_aux_info *aux); +diff --git a/include/linux/module.h b/include/linux/module.h +index a29187f7c360..20fce258ffba 100644 +--- a/include/linux/module.h ++++ b/include/linux/module.h +@@ -475,6 +475,10 @@ struct module { + unsigned int num_bpf_raw_events; + struct bpf_raw_event_map *bpf_raw_events; + #endif ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++ unsigned int btf_data_size; ++ void *btf_data; ++#endif + #ifdef CONFIG_JUMP_LABEL + struct jump_entry *jump_entries; + unsigned int num_jump_entries; +diff --git a/kernel/bpf/btf.c b/kernel/bpf/btf.c +index 856585db7aa7..0f1fd2669d69 100644 +--- a/kernel/bpf/btf.c ++++ b/kernel/bpf/btf.c +@@ -22,6 +22,8 @@ + #include + #include + #include ++#include ++#include + #include + + /* BTF (BPF Type Format) is the meta data format which describes +@@ -4476,6 +4478,75 @@ struct btf *btf_parse_vmlinux(void) + return ERR_PTR(err); + } + ++static struct btf *btf_parse_module(const char *module_name, const void *data, unsigned int data_size) ++{ ++ struct btf_verifier_env *env = NULL; ++ struct bpf_verifier_log *log; ++ struct btf *btf = NULL, *base_btf; ++ int err; ++ ++ base_btf = bpf_get_btf_vmlinux(); ++ if (IS_ERR(base_btf)) ++ return base_btf; ++ if (!base_btf) ++ return ERR_PTR(-EINVAL); ++ ++ env = kzalloc(sizeof(*env), GFP_KERNEL | __GFP_NOWARN); ++ if (!env) ++ return ERR_PTR(-ENOMEM); ++ ++ log = &env->log; ++ log->level = BPF_LOG_KERNEL; ++ ++ btf = kzalloc(sizeof(*btf), GFP_KERNEL | __GFP_NOWARN); ++ if (!btf) { ++ err = -ENOMEM; ++ goto errout; ++ } ++ env->btf = btf; ++ ++ btf->base_btf = base_btf; ++ btf->start_id = base_btf->nr_types; ++ btf->start_str_off = base_btf->hdr.str_len; ++ btf->kernel_btf = true; ++ snprintf(btf->name, sizeof(btf->name), "%s", module_name); ++ ++ btf->data = kvmalloc(data_size, GFP_KERNEL | __GFP_NOWARN); ++ if (!btf->data) { ++ err = -ENOMEM; ++ goto errout; ++ } ++ memcpy(btf->data, data, data_size); ++ btf->data_size = data_size; ++ ++ err = btf_parse_hdr(env); ++ if (err) ++ goto errout; ++ ++ btf->nohdr_data = btf->data + btf->hdr.hdr_len; ++ ++ err = btf_parse_str_sec(env); ++ if (err) ++ goto errout; ++ ++ err = btf_check_all_metas(env); ++ if (err) ++ goto errout; ++ ++ btf_verifier_env_free(env); ++ refcount_set(&btf->refcnt, 1); ++ return btf; ++ ++errout: ++ btf_verifier_env_free(env); ++ if (btf) { ++ kvfree(btf->data); ++ kvfree(btf->types); ++ kfree(btf); ++ } ++ return ERR_PTR(err); ++} ++ + struct btf *bpf_prog_get_target_btf(const struct bpf_prog *prog) + { + struct bpf_prog *tgt_prog = prog->aux->linked_prog; +@@ -5651,3 +5722,126 @@ bool btf_id_set_contains(const struct btf_id_set *set, u32 id) + { + return btf->id; + } ++ ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++struct btf_module { ++ struct list_head list; ++ struct module *module; ++ struct btf *btf; ++ struct bin_attribute *sysfs_attr; ++}; ++ ++static LIST_HEAD(btf_modules); ++static DEFINE_MUTEX(btf_module_mutex); ++ ++static ssize_t ++btf_module_read(struct file *file, struct kobject *kobj, ++ struct bin_attribute *bin_attr, ++ char *buf, loff_t off, size_t len) ++{ ++ const struct btf *btf = bin_attr->private; ++ ++ memcpy(buf, btf->data + off, len); ++ return len; ++} ++ ++static int btf_module_notify(struct notifier_block *nb, unsigned long op, ++ void *module) ++{ ++ struct btf_module *btf_mod, *tmp; ++ struct module *mod = module; ++ struct btf *btf; ++ int err = 0; ++ ++ if (mod->btf_data_size == 0 || ++ (op != MODULE_STATE_COMING && op != MODULE_STATE_GOING)) ++ goto out; ++ ++ switch (op) { ++ case MODULE_STATE_COMING: ++ btf_mod = kzalloc(sizeof(*btf_mod), GFP_KERNEL); ++ if (!btf_mod) { ++ err = -ENOMEM; ++ goto out; ++ } ++ btf = btf_parse_module(mod->name, mod->btf_data, mod->btf_data_size); ++ if (IS_ERR(btf)) { ++ pr_warn("failed to validate module [%s] BTF: %ld\n", ++ mod->name, PTR_ERR(btf)); ++ kfree(btf_mod); ++ err = PTR_ERR(btf); ++ goto out; ++ } ++ err = btf_alloc_id(btf); ++ if (err) { ++ btf_free(btf); ++ kfree(btf_mod); ++ goto out; ++ } ++ ++ mutex_lock(&btf_module_mutex); ++ btf_mod->module = module; ++ btf_mod->btf = btf; ++ list_add(&btf_mod->list, &btf_modules); ++ mutex_unlock(&btf_module_mutex); ++ ++ if (IS_ENABLED(CONFIG_SYSFS)) { ++ struct bin_attribute *attr; ++ ++ attr = kzalloc(sizeof(*attr), GFP_KERNEL); ++ if (!attr) ++ goto out; ++ ++ sysfs_bin_attr_init(attr); ++ attr->attr.name = btf->name; ++ attr->attr.mode = 0444; ++ attr->size = btf->data_size; ++ attr->private = btf; ++ attr->read = btf_module_read; ++ ++ err = sysfs_create_bin_file(btf_kobj, attr); ++ if (err) { ++ pr_warn("failed to register module [%s] BTF in sysfs: %d\n", ++ mod->name, err); ++ kfree(attr); ++ err = 0; ++ goto out; ++ } ++ ++ btf_mod->sysfs_attr = attr; ++ } ++ ++ break; ++ case MODULE_STATE_GOING: ++ mutex_lock(&btf_module_mutex); ++ list_for_each_entry_safe(btf_mod, tmp, &btf_modules, list) { ++ if (btf_mod->module != module) ++ continue; ++ ++ list_del(&btf_mod->list); ++ if (btf_mod->sysfs_attr) ++ sysfs_remove_bin_file(btf_kobj, btf_mod->sysfs_attr); ++ btf_put(btf_mod->btf); ++ kfree(btf_mod->sysfs_attr); ++ kfree(btf_mod); ++ break; ++ } ++ mutex_unlock(&btf_module_mutex); ++ break; ++ } ++out: ++ return notifier_from_errno(err); ++} ++ ++static struct notifier_block btf_module_nb = { ++ .notifier_call = btf_module_notify, ++}; ++ ++static int __init btf_module_init(void) ++{ ++ register_module_notifier(&btf_module_nb); ++ return 0; ++} ++ ++fs_initcall(btf_module_init); ++#endif /* CONFIG_DEBUG_INFO_BTF_MODULES */ +diff --git a/kernel/bpf/sysfs_btf.c b/kernel/bpf/sysfs_btf.c +index 11b3380887fa..ef6911aee3bb 100644 +--- a/kernel/bpf/sysfs_btf.c ++++ b/kernel/bpf/sysfs_btf.c +@@ -26,7 +26,7 @@ static struct bin_attribute bin_attr_btf_vmlinux __ro_after_init = { + .read = btf_vmlinux_read, + }; + +-static struct kobject *btf_kobj; ++struct kobject *btf_kobj; + + static int __init btf_vmlinux_init(void) + { +diff --git a/kernel/module.c b/kernel/module.c +index a4fa44a652a7..f2996b02ab2e 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -380,6 +380,35 @@ static void *section_objs(const struct load_info *info, + return (void *)info->sechdrs[sec].sh_addr; + } + ++/* Find a module section: 0 means not found. Ignores SHF_ALLOC flag. */ ++static unsigned int find_any_sec(const struct load_info *info, const char *name) ++{ ++ unsigned int i; ++ ++ for (i = 1; i < info->hdr->e_shnum; i++) { ++ Elf_Shdr *shdr = &info->sechdrs[i]; ++ if (strcmp(info->secstrings + shdr->sh_name, name) == 0) ++ return i; ++ } ++ return 0; ++} ++ ++/* ++ * Find a module section, or NULL. Fill in number of "objects" in section. ++ * Ignores SHF_ALLOC flag. ++ */ ++static __maybe_unused void *any_section_objs(const struct load_info *info, ++ const char *name, ++ size_t object_size, ++ unsigned int *num) ++{ ++ unsigned int sec = find_any_sec(info, name); ++ ++ /* Section 0 has sh_addr 0 and sh_size 0. */ ++ *num = info->sechdrs[sec].sh_size / object_size; ++ return (void *)info->sechdrs[sec].sh_addr; ++} ++ + /* Provided by the linker */ + extern const struct kernel_symbol __start___ksymtab[]; + extern const struct kernel_symbol __stop___ksymtab[]; +@@ -3250,6 +3279,9 @@ static int find_module_sections(struct module *mod, struct load_info *info) + sizeof(*mod->bpf_raw_events), + &mod->num_bpf_raw_events); + #endif ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++ mod->btf_data = any_section_objs(info, ".BTF", 1, &mod->btf_data_size); ++#endif + #ifdef CONFIG_JUMP_LABEL + mod->jump_entries = section_objs(info, "__jump_table", + sizeof(*mod->jump_entries), + + diff --git a/patches.suse/bpf-Provide-function-to-get-vmlinux-BTF-information.patch b/patches.suse/bpf-Provide-function-to-get-vmlinux-BTF-information.patch new file mode 100644 index 0000000..eb6ca88 --- /dev/null +++ b/patches.suse/bpf-Provide-function-to-get-vmlinux-BTF-information.patch @@ -0,0 +1,70 @@ +From: Alan Maguire +Date: Mon, 28 Sep 2020 12:31:03 +0100 +Subject: bpf: Provide function to get vmlinux BTF information +Git-commit: 76654e67f3a01c50dc13dd6dea75e58943413956 +Patch-mainline: v5.10-rc1 +References: jsc#SLE-24559 + +It will be used later for BPF structure display support + +Signed-off-by: Alan Maguire +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/1601292670-1616-2-git-send-email-alan.maguire@oracle.com + +Acked-by: Jeff Mahoney +--- + include/linux/bpf.h | 2 ++ + kernel/bpf/verifier.c | 18 ++++++++++++------ + 2 files changed, 14 insertions(+), 6 deletions(-) + +diff --git a/include/linux/bpf.h b/include/linux/bpf.h +index b89a30764069..e620a4b1290f 100644 +--- a/include/linux/bpf.h ++++ b/include/linux/bpf.h +@@ -1364,6 +1364,8 @@ int bpf_check(struct bpf_prog **fp, union bpf_attr *attr, + union bpf_attr __user *uattr); + void bpf_patch_call_args(struct bpf_insn *insn, u32 stack_depth); + ++struct btf *bpf_get_btf_vmlinux(void); ++ + /* Map specifics */ + struct xdp_buff; + struct sk_buff; +diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c +index 7ff05a79984a..2ee343dda73a 100644 +--- a/kernel/bpf/verifier.c ++++ b/kernel/bpf/verifier.c +@@ -11533,6 +11533,17 @@ static int check_attach_btf_id(struct bpf_verifier_env *env) + } + } + ++struct btf *bpf_get_btf_vmlinux(void) ++{ ++ if (!btf_vmlinux && IS_ENABLED(CONFIG_DEBUG_INFO_BTF)) { ++ mutex_lock(&bpf_verifier_lock); ++ if (!btf_vmlinux) ++ btf_vmlinux = btf_parse_vmlinux(); ++ mutex_unlock(&bpf_verifier_lock); ++ } ++ return btf_vmlinux; ++} ++ + int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, + union bpf_attr __user *uattr) + { +@@ -11566,12 +11577,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr, + env->ops = bpf_verifier_ops[env->prog->type]; + is_priv = bpf_capable(); + +- if (!btf_vmlinux && IS_ENABLED(CONFIG_DEBUG_INFO_BTF)) { +- mutex_lock(&bpf_verifier_lock); +- if (!btf_vmlinux) +- btf_vmlinux = btf_parse_vmlinux(); +- mutex_unlock(&bpf_verifier_lock); +- } ++ bpf_get_btf_vmlinux(); + + /* grab the mutex to protect few globals used by verifier */ + if (!is_priv) + + diff --git a/patches.suse/bpf-Sanitize-BTF-data-pointer-after-module-is-loaded.patch b/patches.suse/bpf-Sanitize-BTF-data-pointer-after-module-is-loaded.patch new file mode 100644 index 0000000..7c8d3fd --- /dev/null +++ b/patches.suse/bpf-Sanitize-BTF-data-pointer-after-module-is-loaded.patch @@ -0,0 +1,41 @@ +From: Andrii Nakryiko +Date: Fri, 20 Nov 2020 23:08:29 -0800 +Subject: bpf: Sanitize BTF data pointer after module is loaded +Git-commit: 607c543f939d8ca6fed7afe90b3a8d6f6684dd17 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Given .BTF section is not allocatable, it will get trimmed after module is +loaded. BPF system handles that properly by creating an independent copy of +data. But prevent any accidental misused by resetting the pointer to BTF data. + +Fixes: 36e68442d1af ("bpf: Load and verify kernel module BTFs") +Suggested-by: Jessica Yu +Signed-off-by: Andrii Nakryiko +Signed-off-by: Daniel Borkmann +Acked-by: Jessica Yu +Cc: Greg Kroah-Hartman +Link: https://lore.kernel.org/bpf/20201121070829.2612884-2-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + kernel/module.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/kernel/module.c b/kernel/module.c +index f2996b02ab2e..18f259d61d14 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -3709,6 +3709,11 @@ static noinline int do_init_module(struct module *mod) + mod->init_layout.ro_size = 0; + mod->init_layout.ro_after_init_size = 0; + mod->init_layout.text_size = 0; ++#ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++ /* .BTF is not SHF_ALLOC and will get removed, so sanitize pointer */ ++ mod->btf_data = NULL; ++ mod->btf_data_size = 0; ++#endif + /* + * We want to free module_init, but be aware that kallsyms may be + * walking this with preempt disabled. In all the failure paths, we + diff --git a/patches.suse/bpf-cpumap-Remove-rcpu-pointer-from-cpu_map_build_sk.patch b/patches.suse/bpf-cpumap-Remove-rcpu-pointer-from-cpu_map_build_sk.patch new file mode 100644 index 0000000..05b0493 --- /dev/null +++ b/patches.suse/bpf-cpumap-Remove-rcpu-pointer-from-cpu_map_build_sk.patch @@ -0,0 +1,40 @@ +From: Lorenzo Bianconi +Date: Mon, 28 Sep 2020 13:24:57 +0200 +Patch-mainline: v5.10-rc1 +Subject: bpf, cpumap: Remove rcpu pointer from cpu_map_build_skb signature +Git-commit: efa90b50934c93647e41da23d87e5d8b670014d4 +References: bsc#1199364 + +Get rid of bpf_cpu_map_entry pointer in cpu_map_build_skb routine +signature since it is no longer needed. + +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Daniel Borkmann +Link: https://lore.kernel.org/bpf/33cb9b7dc447de3ea6fd6ce713ac41bca8794423.1601292015.git.lorenzo@kernel.org +Acked-by: Olaf Hering +--- + kernel/bpf/cpumap.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/kernel/bpf/cpumap.c b/kernel/bpf/cpumap.c +--- a/kernel/bpf/cpumap.c ++++ b/kernel/bpf/cpumap.c +@@ -155,8 +155,7 @@ static void cpu_map_kthread_stop(struct work_struct *work) + kthread_stop(rcpu->kthread); + } + +-static struct sk_buff *cpu_map_build_skb(struct bpf_cpu_map_entry *rcpu, +- struct xdp_frame *xdpf, ++static struct sk_buff *cpu_map_build_skb(struct xdp_frame *xdpf, + struct sk_buff *skb) + { + unsigned int hard_start_headroom; +@@ -365,7 +364,7 @@ static int cpu_map_kthread_run(void *data) + struct sk_buff *skb = skbs[i]; + int ret; + +- skb = cpu_map_build_skb(rcpu, xdpf, skb); ++ skb = cpu_map_build_skb(xdpf, skb); + if (!skb) { + xdp_return_frame(xdpf); + continue; diff --git a/patches.suse/bsc1175543-intel_idle-Customize-IceLake-server-support.patch b/patches.suse/bsc1175543-intel_idle-Customize-IceLake-server-support.patch deleted file mode 100644 index 556e014..0000000 --- a/patches.suse/bsc1175543-intel_idle-Customize-IceLake-server-support.patch +++ /dev/null @@ -1,99 +0,0 @@ -From a472ad2bcea479ba068880125d7273fc95c14b70 Mon Sep 17 00:00:00 2001 -From: Chen Yu -Date: Fri, 10 Jul 2020 12:12:01 +0800 -Subject: [PATCH] intel_idle: Customize IceLake server support -Git-commit: a472ad2bcea479ba068880125d7273fc95c14b70 -Patch-mainline: v5.9-rc1 -References: jsc#SLE-12679 - -On ICX platform, the C1E auto-promotion is enabled by default. -As a result, the CPU might fall into C1E more offen than previous -platforms. Besides, the C1E is not exposed to sysfs on ICX, which -is inconsistent with previous server platforms. - -So disable C1E auto-promotion and expose C1E as a separate idle -state, so the C1E and C6 can be disabled via sysfs when necessary. - -Beside C1 and C1E, the exit latency of C6 was measured -by a dedicated tool. However the exit latency(41us) exposed -by _CST is much smaller than the one we measured(128us). This -is probably due to the _CST uses the exit latency when woken -up from PC0+C6, rather than PC6+C6 when C6 was measured. Choose -the latter as we need the longest latency in theory. - -Reported-by: kernel test robot -Tested-by: Artem Bityutskiy -Acked-by: Artem Bityutskiy -Reviewed-by: Zhang Rui -Signed-off-by: Chen Yu -Signed-off-by: Rafael J. Wysocki -Acked-by: Takashi Iwai - ---- - drivers/idle/intel_idle.c | 36 ++++++++++++++++++++++++++++++++++++ - 1 file changed, 36 insertions(+) - -diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c -index 3f86f36dab2b..fd0fa9e7900b 100644 ---- a/drivers/idle/intel_idle.c -+++ b/drivers/idle/intel_idle.c -@@ -752,6 +752,35 @@ static struct cpuidle_state skx_cstates[] __initdata = { - .enter = NULL } - }; - -+static struct cpuidle_state icx_cstates[] __initdata = { -+ { -+ .name = "C1", -+ .desc = "MWAIT 0x00", -+ .flags = MWAIT2flg(0x00), -+ .exit_latency = 1, -+ .target_residency = 1, -+ .enter = &intel_idle, -+ .enter_s2idle = intel_idle_s2idle, }, -+ { -+ .name = "C1E", -+ .desc = "MWAIT 0x01", -+ .flags = MWAIT2flg(0x01) | CPUIDLE_FLAG_ALWAYS_ENABLE, -+ .exit_latency = 4, -+ .target_residency = 4, -+ .enter = &intel_idle, -+ .enter_s2idle = intel_idle_s2idle, }, -+ { -+ .name = "C6", -+ .desc = "MWAIT 0x20", -+ .flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED, -+ .exit_latency = 128, -+ .target_residency = 384, -+ .enter = &intel_idle, -+ .enter_s2idle = intel_idle_s2idle, }, -+ { -+ .enter = NULL } -+}; -+ - static struct cpuidle_state atom_cstates[] __initdata = { - { - .name = "C1E", -@@ -1056,6 +1085,12 @@ static const struct idle_cpu idle_cpu_skx __initconst = { - .use_acpi = true, - }; - -+static const struct idle_cpu idle_cpu_icx __initconst = { -+ .state_table = icx_cstates, -+ .disable_promotion_to_c1e = true, -+ .use_acpi = true, -+}; -+ - static const struct idle_cpu idle_cpu_avn __initconst = { - .state_table = avn_cstates, - .disable_promotion_to_c1e = true, -@@ -1110,6 +1145,7 @@ static const struct x86_cpu_id intel_idle_ids[] __initconst = { - X86_MATCH_INTEL_FAM6_MODEL(KABYLAKE_L, &idle_cpu_skl), - X86_MATCH_INTEL_FAM6_MODEL(KABYLAKE, &idle_cpu_skl), - X86_MATCH_INTEL_FAM6_MODEL(SKYLAKE_X, &idle_cpu_skx), -+ X86_MATCH_INTEL_FAM6_MODEL(ICELAKE_X, &idle_cpu_icx), - X86_MATCH_INTEL_FAM6_MODEL(XEON_PHI_KNL, &idle_cpu_knl), - X86_MATCH_INTEL_FAM6_MODEL(XEON_PHI_KNM, &idle_cpu_knl), - X86_MATCH_INTEL_FAM6_MODEL(ATOM_GOLDMONT, &idle_cpu_bxt), --- -2.16.4 - diff --git a/patches.suse/bus-hisi_lpc-fix-missing-platform_device_put-in-hisi.patch b/patches.suse/bus-hisi_lpc-fix-missing-platform_device_put-in-hisi.patch new file mode 100644 index 0000000..b04f470 --- /dev/null +++ b/patches.suse/bus-hisi_lpc-fix-missing-platform_device_put-in-hisi.patch @@ -0,0 +1,74 @@ +From 54872fea6a5ac967ec2272aea525d1438ac6735a Mon Sep 17 00:00:00 2001 +From: Yang Yingliang +Date: Fri, 1 Jul 2022 17:43:52 +0800 +Subject: [PATCH] bus: hisi_lpc: fix missing platform_device_put() in hisi_lpc_acpi_probe() +Git-commit: 54872fea6a5ac967ec2272aea525d1438ac6735a +Patch-mainline: v6.0-rc1 +References: git-fixes + +In error case in hisi_lpc_acpi_probe() after calling platform_device_add(), +hisi_lpc_acpi_remove() can't release the failed 'pdev', so it will be leak, +call platform_device_put() to fix this problem. +I'v constructed this error case and tested this patch on D05 board. + +Fixes: 99c0228d6ff1 ("HISI LPC: Re-Add ACPI child enumeration support") +Reported-by: Hulk Robot +Signed-off-by: Yang Yingliang +Acked-by: John Garry +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/bus/hisi_lpc.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/drivers/bus/hisi_lpc.c b/drivers/bus/hisi_lpc.c +index 378f5d62a991..e7eaa8784fee 100644 +--- a/drivers/bus/hisi_lpc.c ++++ b/drivers/bus/hisi_lpc.c +@@ -503,13 +503,13 @@ static int hisi_lpc_acpi_probe(struct device *hostdev) + { + struct acpi_device *adev = ACPI_COMPANION(hostdev); + struct acpi_device *child; ++ struct platform_device *pdev; + int ret; + + /* Only consider the children of the host */ + list_for_each_entry(child, &adev->children, node) { + const char *hid = acpi_device_hid(child); + const struct hisi_lpc_acpi_cell *cell; +- struct platform_device *pdev; + const struct resource *res; + bool found = false; + int num_res; +@@ -571,22 +571,24 @@ static int hisi_lpc_acpi_probe(struct device *hostdev) + + ret = platform_device_add_resources(pdev, res, num_res); + if (ret) +- goto fail; ++ goto fail_put_device; + + ret = platform_device_add_data(pdev, cell->pdata, + cell->pdata_size); + if (ret) +- goto fail; ++ goto fail_put_device; + + ret = platform_device_add(pdev); + if (ret) +- goto fail; ++ goto fail_put_device; + + acpi_device_set_enumerated(child); + } + + return 0; + ++fail_put_device: ++ platform_device_put(pdev); + fail: + hisi_lpc_acpi_remove(hostdev); + return ret; +-- +2.35.3 + diff --git a/patches.suse/can-Break-loopback-loop-on-loopback-documentation.patch b/patches.suse/can-Break-loopback-loop-on-loopback-documentation.patch new file mode 100644 index 0000000..103822e --- /dev/null +++ b/patches.suse/can-Break-loopback-loop-on-loopback-documentation.patch @@ -0,0 +1,37 @@ +From a9cf02c6a671bc84a348cd5934627ff68d8d8d35 Mon Sep 17 00:00:00 2001 +From: Max Staudt +Date: Sat, 11 Jun 2022 19:11:55 +0200 +Subject: [PATCH] can: Break loopback loop on loopback documentation +Git-commit: a9cf02c6a671bc84a348cd5934627ff68d8d8d35 +Patch-mainline: v6.0-rc1 +References: git-fixes + +There are two sections called "Local Loopback of Sent Frames". One was +meant to link to the other, but pointed at itself instead. + +Link: https://lore.kernel.org/all/20220611171155.9090-1-max@enpas.org +Fixes: 7d5977394515 ("can: migrate documentation to restructured text") +Signed-off-by: Max Staudt +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + Documentation/networking/can.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Documentation/networking/can.rst b/Documentation/networking/can.rst +index f34cb0e4460e..ebc822e605f5 100644 +--- a/Documentation/networking/can.rst ++++ b/Documentation/networking/can.rst +@@ -168,7 +168,7 @@ reflect the correct [#f1]_ traffic on the node the loopback of the sent + data has to be performed right after a successful transmission. If + the CAN network interface is not capable of performing the loopback for + some reason the SocketCAN core can do this task as a fallback solution. +-See :ref:`socketcan-local-loopback1` for details (recommended). ++See :ref:`socketcan-local-loopback2` for details (recommended). + + The loopback functionality is enabled by default to reflect standard + networking behaviour for CAN applications. Due to some requests from +-- +2.35.3 + diff --git a/patches.suse/can-error-specify-the-values-of-data-5.7-of-CAN-erro.patch b/patches.suse/can-error-specify-the-values-of-data-5.7-of-CAN-erro.patch new file mode 100644 index 0000000..56e6c55 --- /dev/null +++ b/patches.suse/can-error-specify-the-values-of-data-5.7-of-CAN-erro.patch @@ -0,0 +1,49 @@ +From e70a3263a7eed768d5f947b8f2aff8d2a79c9d97 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:48 +0900 +Subject: [PATCH] can: error: specify the values of data[5..7] of CAN error frames +Git-commit: e70a3263a7eed768d5f947b8f2aff8d2a79c9d97 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Currently, data[5..7] of struct can_frame, when used as a CAN error +frame, are defined as being "controller specific". Device specific +behaviours are problematic because it prevents someone from writing +code which is portable between devices. + +As a matter of fact, data[5] is never used, data[6] is always used to +report TX error counter and data[7] is always used to report RX error +counter. can-utils also relies on this. + +This patch updates the comment in the uapi header to specify that +data[5] is reserved (and thus should not be used) and that data[6..7] +are used for error counters. + +Fixes: 0d66548a10cb ("[CAN]: Add PF_CAN core module") +Link: https://lore.kernel.org/all/20220719143550.3681-11-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + include/uapi/linux/can/error.h | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/include/uapi/linux/can/error.h b/include/uapi/linux/can/error.h +index 34633283de64..a1000cb63063 100644 +--- a/include/uapi/linux/can/error.h ++++ b/include/uapi/linux/can/error.h +@@ -120,6 +120,9 @@ + #define CAN_ERR_TRX_CANL_SHORT_TO_GND 0x70 /* 0111 0000 */ + #define CAN_ERR_TRX_CANL_SHORT_TO_CANH 0x80 /* 1000 0000 */ + +-/* controller specific additional information / data[5..7] */ ++/* data[5] is reserved (do not use) */ ++ ++/* TX error counter / data[6] */ ++/* RX error counter / data[7] */ + + #endif /* _UAPI_CAN_ERROR_H */ +-- +2.35.3 + diff --git a/patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch b/patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch new file mode 100644 index 0000000..a96991e --- /dev/null +++ b/patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch @@ -0,0 +1,113 @@ +From 2bda24ef95c0311ab93bda00db40486acf30bd0a Mon Sep 17 00:00:00 2001 +From: Rhett Aultman +Date: Sun, 3 Jul 2022 19:33:06 +0200 +Subject: [PATCH] can: gs_usb: gs_usb_open/close(): fix memory leak +Git-commit: 2bda24ef95c0311ab93bda00db40486acf30bd0a +Patch-mainline: v5.19-rc6 +References: git-fixes + +The gs_usb driver appears to suffer from a malady common to many USB +CAN adapter drivers in that it performs usb_alloc_coherent() to +allocate a number of USB request blocks (URBs) for RX, and then later +relies on usb_kill_anchored_urbs() to free them, but this doesn't +actually free them. As a result, this may be leaking DMA memory that's +been used by the driver. + +This commit is an adaptation of the techniques found in the esd_usb2 +driver where a similar design pattern led to a memory leak. It +explicitly frees the RX URBs and their DMA memory via a call to +usb_free_coherent(). Since the RX URBs were allocated in the +gs_can_open(), we remove them in gs_can_close() rather than in the +disconnect function as was done in esd_usb2. + +For more information, see the 928150fad41b ("can: esd_usb2: fix memory +leak"). + +Link: https://lore.kernel.org/all/alpine.DEB.2.22.394.2206031547001.1630869@thelappy +Fixes: d08e973a77d1 ("can: gs_usb: Added support for the GS_USB CAN devices") +Cc: stable@vger.kernel.org +Signed-off-by: Rhett Aultman +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/usb/gs_usb.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +--- a/drivers/net/can/usb/gs_usb.c ++++ b/drivers/net/can/usb/gs_usb.c +@@ -184,6 +184,8 @@ struct gs_can { + + struct usb_anchor tx_submitted; + atomic_t active_tx_urbs; ++ void *rxbuf[GS_MAX_RX_URBS]; ++ dma_addr_t rxbuf_dma[GS_MAX_RX_URBS]; + }; + + /* usb interface struct */ +@@ -592,6 +594,7 @@ static int gs_can_open(struct net_device + for (i = 0; i < GS_MAX_RX_URBS; i++) { + struct urb *urb; + u8 *buf; ++ dma_addr_t buf_dma; + + /* alloc rx urb */ + urb = usb_alloc_urb(0, GFP_KERNEL); +@@ -602,7 +605,7 @@ static int gs_can_open(struct net_device + buf = usb_alloc_coherent(dev->udev, + sizeof(struct gs_host_frame), + GFP_KERNEL, +- &urb->transfer_dma); ++ &buf_dma); + if (!buf) { + netdev_err(netdev, + "No memory left for USB buffer\n"); +@@ -610,6 +613,8 @@ static int gs_can_open(struct net_device + return -ENOMEM; + } + ++ urb->transfer_dma = buf_dma; ++ + /* fill, anchor, and submit rx urb */ + usb_fill_bulk_urb(urb, + dev->udev, +@@ -633,10 +638,17 @@ static int gs_can_open(struct net_device + rc); + + usb_unanchor_urb(urb); ++ usb_free_coherent(dev->udev, ++ sizeof(struct gs_host_frame), ++ buf, ++ buf_dma); + usb_free_urb(urb); + break; + } + ++ dev->rxbuf[i] = buf; ++ dev->rxbuf_dma[i] = buf_dma; ++ + /* Drop reference, + * USB core will take care of freeing it + */ +@@ -701,13 +713,20 @@ static int gs_can_close(struct net_devic + int rc; + struct gs_can *dev = netdev_priv(netdev); + struct gs_usb *parent = dev->parent; ++ unsigned int i; + + netif_stop_queue(netdev); + + /* Stop polling */ + parent->active_channels--; +- if (!parent->active_channels) ++ if (!parent->active_channels) { + usb_kill_anchored_urbs(&parent->rx_submitted); ++ for (i = 0; i < GS_MAX_RX_URBS; i++) ++ usb_free_coherent(dev->udev, ++ sizeof(struct gs_host_frame), ++ dev->rxbuf[i], ++ dev->rxbuf_dma[i]); ++ } + + /* Stop sending URBs */ + usb_kill_anchored_urbs(&dev->tx_submitted); diff --git a/patches.suse/can-hi311x-do-not-report-txerr-and-rxerr-during-bus-.patch b/patches.suse/can-hi311x-do-not-report-txerr-and-rxerr-during-bus-.patch new file mode 100644 index 0000000..3f7b224 --- /dev/null +++ b/patches.suse/can-hi311x-do-not-report-txerr-and-rxerr-during-bus-.patch @@ -0,0 +1,47 @@ +From a22bd630cfff496b270211745536e50e98eb3a45 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:43 +0900 +Subject: [PATCH] can: hi311x: do not report txerr and rxerr during bus-off +Git-commit: a22bd630cfff496b270211745536e50e98eb3a45 +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 57e83fb9b746 ("can: hi311x: Add Holt HI-311x CAN driver") +Link: https://lore.kernel.org/all/20220719143550.3681-6-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/spi/hi311x.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/can/spi/hi311x.c b/drivers/net/can/spi/hi311x.c +index ebc4ebb44c98..bfb7c4bb5bc3 100644 +--- a/drivers/net/can/spi/hi311x.c ++++ b/drivers/net/can/spi/hi311x.c +@@ -667,8 +667,6 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id) + + txerr = hi3110_read(spi, HI3110_READ_TEC); + rxerr = hi3110_read(spi, HI3110_READ_REC); +- cf->data[6] = txerr; +- cf->data[7] = rxerr; + tx_state = txerr >= rxerr ? new_state : 0; + rx_state = txerr <= rxerr ? new_state : 0; + can_change_state(net, cf, tx_state, rx_state); +@@ -681,6 +679,9 @@ static irqreturn_t hi3110_can_ist(int irq, void *dev_id) + hi3110_hw_sleep(spi); + break; + } ++ } else { ++ cf->data[6] = txerr; ++ cf->data[7] = rxerr; + } + } + +-- +2.35.3 + diff --git a/patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch b/patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch new file mode 100644 index 0000000..e92ccc4 --- /dev/null +++ b/patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch @@ -0,0 +1,50 @@ +From 936e90595376e64b6247c72d3ea8b8b164b7ac96 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:45 +0900 +Subject: [PATCH] can: kvaser_usb_hydra: do not report txerr and rxerr during bus-off +Git-commit: 936e90595376e64b6247c72d3ea8b8b164b7ac96 +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: aec5fb2268b7 ("can: kvaser_usb: Add support for Kvaser USB hydra family") +Link: https://lore.kernel.org/all/20220719143550.3681-8-mailhol.vincent@wanadoo.fr +Cc: Jimmy Assarsson +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c ++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_hydra.c +@@ -890,8 +890,10 @@ static void kvaser_usb_hydra_update_stat + new_state < CAN_STATE_BUS_OFF) + priv->can.can_stats.restarts++; + +- cf->data[6] = bec->txerr; +- cf->data[7] = bec->rxerr; ++ if (new_state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = bec->txerr; ++ cf->data[7] = bec->rxerr; ++ } + + stats = &netdev->stats; + stats->rx_packets++; +@@ -1045,8 +1047,10 @@ kvaser_usb_hydra_error_frame(struct kvas + shhwtstamps->hwtstamp = hwtstamp; + + cf->can_id |= CAN_ERR_BUSERROR; +- cf->data[6] = bec.txerr; +- cf->data[7] = bec.rxerr; ++ if (new_state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = bec.txerr; ++ cf->data[7] = bec.rxerr; ++ } + + stats->rx_packets++; + stats->rx_bytes += cf->can_dlc; diff --git a/patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch b/patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch new file mode 100644 index 0000000..b8033e1 --- /dev/null +++ b/patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch @@ -0,0 +1,37 @@ +From a57732084e06791d37ea1ea447cca46220737abd Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:46 +0900 +Subject: [PATCH] can: kvaser_usb_leaf: do not report txerr and rxerr during bus-off +Git-commit: a57732084e06791d37ea1ea447cca46220737abd +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 7259124eac7d1 ("can: kvaser_usb: Split driver into kvaser_usb_core.c and kvaser_usb_leaf.c") +Link: https://lore.kernel.org/all/20220719143550.3681-9-mailhol.vincent@wanadoo.fr +Cc: Jimmy Assarsson +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c ++++ b/drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c +@@ -840,8 +840,10 @@ static void kvaser_usb_leaf_rx_error(con + break; + } + +- cf->data[6] = es->txerr; +- cf->data[7] = es->rxerr; ++ if (new_state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = es->txerr; ++ cf->data[7] = es->rxerr; ++ } + + stats->rx_packets++; + stats->rx_bytes += cf->can_dlc; diff --git a/patches.suse/can-m_can-process-interrupt-only-when-not-runtime-su.patch b/patches.suse/can-m_can-process-interrupt-only-when-not-runtime-su.patch new file mode 100644 index 0000000..e102ef7 --- /dev/null +++ b/patches.suse/can-m_can-process-interrupt-only-when-not-runtime-su.patch @@ -0,0 +1,40 @@ +From 9897967515ffc46dfeefdf537420d1c644f6fdfc Mon Sep 17 00:00:00 2001 +From: Jarkko Nikula +Date: Tue, 15 Sep 2020 16:47:15 +0300 +Subject: [PATCH 1/7] can: m_can: process interrupt only when not runtime + suspended +Git-commit: a1f634463aaf2c94dfa13001dbdea011303124cc +Patch-mainline: v5.10-rc5 +References: git-fixes + +Avoid processing bogus interrupt statuses when the HW is runtime suspended and +the M_CAN_IR register read may get all bits 1's. Handler can be called if the +interrupt request is shared with other peripherals or at the end of free_irq(). + +Therefore check the runtime suspended status before processing. + +Fixes: cdf8259d6573 ("can: m_can: Add PM Support") +Signed-off-by: Jarkko Nikula +Link: https://lore.kernel.org/r/20200915134715.696303-1-jarkko.nikula@linux.intel.com +Signed-off-by: Marc Kleine-Budde +Signed-off-by: Denis Kirjanov +--- + drivers/net/can/m_can/m_can.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/can/m_can/m_can.c b/drivers/net/can/m_can/m_can.c +index a78ab2424261..7059b51a2a8b 100644 +--- a/drivers/net/can/m_can/m_can.c ++++ b/drivers/net/can/m_can/m_can.c +@@ -904,6 +904,8 @@ static irqreturn_t m_can_isr(int irq, void *dev_id) + struct net_device_stats *stats = &dev->stats; + u32 ir; + ++ if (pm_runtime_suspended(priv->device)) ++ return IRQ_NONE; + ir = m_can_read(priv, M_CAN_IR); + if (!ir) + return IRQ_NONE; +-- +2.16.4 + diff --git a/patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch b/patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch new file mode 100644 index 0000000..61761a4 --- /dev/null +++ b/patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch @@ -0,0 +1,43 @@ +From 3a5c7e4611ddcf0ef37a3a17296b964d986161a6 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:39 +0900 +Subject: [PATCH] can: pch_can: do not report txerr and rxerr during bus-off +Git-commit: 3a5c7e4611ddcf0ef37a3a17296b964d986161a6 +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 0c78ab76a05c ("pch_can: Add setting TEC/REC statistics processing") +Link: https://lore.kernel.org/all/20220719143550.3681-2-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/pch_can.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/can/pch_can.c ++++ b/drivers/net/can/pch_can.c +@@ -496,6 +496,9 @@ static void pch_can_error(struct net_dev + cf->can_id |= CAN_ERR_BUSOFF; + priv->can.can_stats.bus_off++; + can_bus_off(ndev); ++ } else { ++ cf->data[6] = errc & PCH_TEC; ++ cf->data[7] = (errc & PCH_REC) >> 8; + } + + errc = ioread32(&priv->regs->errc); +@@ -556,9 +559,6 @@ static void pch_can_error(struct net_dev + break; + } + +- cf->data[6] = errc & PCH_TEC; +- cf->data[7] = (errc & PCH_REC) >> 8; +- + priv->can.state = state; + netif_receive_skb(skb); + diff --git a/patches.suse/can-pch_can-pch_can_error-initialize-errc-before-usi.patch b/patches.suse/can-pch_can-pch_can_error-initialize-errc-before-usi.patch new file mode 100644 index 0000000..485da07 --- /dev/null +++ b/patches.suse/can-pch_can-pch_can_error-initialize-errc-before-usi.patch @@ -0,0 +1,58 @@ +From 9950f11211331180269867aef848c7cf56861742 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Fri, 22 Jul 2022 01:00:32 +0900 +Subject: [PATCH] can: pch_can: pch_can_error(): initialize errc before using it +Git-commit: 9950f11211331180269867aef848c7cf56861742 +Patch-mainline: v6.0-rc1 +References: git-fixes + +After commit 3a5c7e4611dd, the variable errc is accessed before being +initialized, c.f. below W=2 warning: + +| In function 'pch_can_error', +| inlined from 'pch_can_poll' at drivers/net/can/pch_can.c:739:4: +| drivers/net/can/pch_can.c:501:29: warning: 'errc' may be used uninitialized [-Wmaybe-uninitialized] +| 501 | cf->data[6] = errc & PCH_TEC; +| | ^ +| drivers/net/can/pch_can.c: In function 'pch_can_poll': +| drivers/net/can/pch_can.c:484:13: note: 'errc' was declared here +| 484 | u32 errc, lec; +| | ^~~~ + +Moving errc initialization up solves this issue. + +Fixes: 3a5c7e4611dd ("can: pch_can: do not report txerr and rxerr during bus-off") +Reported-by: Nathan Chancellor +Signed-off-by: Vincent Mailhol +Reviewed-by: Nathan Chancellor +Link: https://lore.kernel.org/all/20220721160032.9348-1-mailhol.vincent@wanadoo.fr +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/pch_can.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/can/pch_can.c b/drivers/net/can/pch_can.c +index 50f6719b3aa4..32804fed116c 100644 +--- a/drivers/net/can/pch_can.c ++++ b/drivers/net/can/pch_can.c +@@ -489,6 +489,7 @@ static void pch_can_error(struct net_device *ndev, u32 status) + if (!skb) + return; + ++ errc = ioread32(&priv->regs->errc); + if (status & PCH_BUS_OFF) { + pch_can_set_tx_all(priv, 0); + pch_can_set_rx_all(priv, 0); +@@ -502,7 +503,6 @@ static void pch_can_error(struct net_device *ndev, u32 status) + cf->data[7] = (errc & PCH_REC) >> 8; + } + +- errc = ioread32(&priv->regs->errc); + /* Warning interrupt. */ + if (status & PCH_EWARN) { + state = CAN_STATE_ERROR_WARNING; +-- +2.35.3 + diff --git a/patches.suse/can-rcar_can-do-not-report-txerr-and-rxerr-during-bu.patch b/patches.suse/can-rcar_can-do-not-report-txerr-and-rxerr-during-bu.patch new file mode 100644 index 0000000..d515d43 --- /dev/null +++ b/patches.suse/can-rcar_can-do-not-report-txerr-and-rxerr-during-bu.patch @@ -0,0 +1,51 @@ +From a37b7245e831a641df360ca41db6a71c023d3746 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:40 +0900 +Subject: [PATCH] can: rcar_can: do not report txerr and rxerr during bus-off +Git-commit: a37b7245e831a641df360ca41db6a71c023d3746 +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: fd1159318e55 ("can: add Renesas R-Car CAN driver") +Link: https://lore.kernel.org/all/20220719143550.3681-3-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/rcar/rcar_can.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/can/rcar/rcar_can.c b/drivers/net/can/rcar/rcar_can.c +index d45762f1cf6b..24d7a71def6a 100644 +--- a/drivers/net/can/rcar/rcar_can.c ++++ b/drivers/net/can/rcar/rcar_can.c +@@ -232,11 +232,8 @@ static void rcar_can_error(struct net_device *ndev) + if (eifr & (RCAR_CAN_EIFR_EWIF | RCAR_CAN_EIFR_EPIF)) { + txerr = readb(&priv->regs->tecr); + rxerr = readb(&priv->regs->recr); +- if (skb) { ++ if (skb) + cf->can_id |= CAN_ERR_CRTL; +- cf->data[6] = txerr; +- cf->data[7] = rxerr; +- } + } + if (eifr & RCAR_CAN_EIFR_BEIF) { + int rx_errors = 0, tx_errors = 0; +@@ -336,6 +333,9 @@ static void rcar_can_error(struct net_device *ndev) + can_bus_off(ndev); + if (skb) + cf->can_id |= CAN_ERR_BUSOFF; ++ } else if (skb) { ++ cf->data[6] = txerr; ++ cf->data[7] = rxerr; + } + if (eifr & RCAR_CAN_EIFR_ORIF) { + netdev_dbg(priv->ndev, "Receive overrun error interrupt\n"); +-- +2.35.3 + diff --git a/patches.suse/can-sja1000-do-not-report-txerr-and-rxerr-during-bus.patch b/patches.suse/can-sja1000-do-not-report-txerr-and-rxerr-during-bus.patch new file mode 100644 index 0000000..73a3f69 --- /dev/null +++ b/patches.suse/can-sja1000-do-not-report-txerr-and-rxerr-during-bus.patch @@ -0,0 +1,49 @@ +From 164d7cb2d5a30f1b3a5ab4fab1a27731fb1494a8 Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:41 +0900 +Subject: [PATCH] can: sja1000: do not report txerr and rxerr during bus-off +Git-commit: 164d7cb2d5a30f1b3a5ab4fab1a27731fb1494a8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 215db1856e83 ("can: sja1000: Consolidate and unify state change handling") +Link: https://lore.kernel.org/all/20220719143550.3681-4-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/sja1000/sja1000.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/can/sja1000/sja1000.c b/drivers/net/can/sja1000/sja1000.c +index d9da471f1bb9..74bff5092b47 100644 +--- a/drivers/net/can/sja1000/sja1000.c ++++ b/drivers/net/can/sja1000/sja1000.c +@@ -404,9 +404,6 @@ static int sja1000_err(struct net_device *dev, uint8_t isrc, uint8_t status) + txerr = priv->read_reg(priv, SJA1000_TXERR); + rxerr = priv->read_reg(priv, SJA1000_RXERR); + +- cf->data[6] = txerr; +- cf->data[7] = rxerr; +- + if (isrc & IRQ_DOI) { + /* data overrun interrupt */ + netdev_dbg(dev, "data overrun interrupt\n"); +@@ -428,6 +425,10 @@ static int sja1000_err(struct net_device *dev, uint8_t isrc, uint8_t status) + else + state = CAN_STATE_ERROR_ACTIVE; + } ++ if (state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = txerr; ++ cf->data[7] = rxerr; ++ } + if (isrc & IRQ_BEI) { + /* bus error interrupt */ + priv->can.can_stats.bus_error++; +-- +2.35.3 + diff --git a/patches.suse/can-sun4i_can-do-not-report-txerr-and-rxerr-during-b.patch b/patches.suse/can-sun4i_can-do-not-report-txerr-and-rxerr-during-b.patch new file mode 100644 index 0000000..392b24b --- /dev/null +++ b/patches.suse/can-sun4i_can-do-not-report-txerr-and-rxerr-during-b.patch @@ -0,0 +1,52 @@ +From 0ac15a8f661b941519379831d09bfb12271b23ee Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:44 +0900 +Subject: [PATCH] can: sun4i_can: do not report txerr and rxerr during bus-off +Git-commit: 0ac15a8f661b941519379831d09bfb12271b23ee +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 0738eff14d81 ("can: Allwinner A10/A20 CAN Controller support - Kernel module") +Link: https://lore.kernel.org/all/20220719143550.3681-7-mailhol.vincent@wanadoo.fr +Cc: Chen-Yu Tsai +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/sun4i_can.c | 9 ++++----- + 1 file changed, 4 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/can/sun4i_can.c b/drivers/net/can/sun4i_can.c +index 155b90f6c767..afe9b541f037 100644 +--- a/drivers/net/can/sun4i_can.c ++++ b/drivers/net/can/sun4i_can.c +@@ -535,11 +535,6 @@ static int sun4i_can_err(struct net_device *dev, u8 isrc, u8 status) + rxerr = (errc >> 16) & 0xFF; + txerr = errc & 0xFF; + +- if (skb) { +- cf->data[6] = txerr; +- cf->data[7] = rxerr; +- } +- + if (isrc & SUN4I_INT_DATA_OR) { + /* data overrun interrupt */ + netdev_dbg(dev, "data overrun interrupt\n"); +@@ -570,6 +565,10 @@ static int sun4i_can_err(struct net_device *dev, u8 isrc, u8 status) + else + state = CAN_STATE_ERROR_ACTIVE; + } ++ if (skb && state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = txerr; ++ cf->data[7] = rxerr; ++ } + if (isrc & SUN4I_INT_BUS_ERR) { + /* bus error interrupt */ + netdev_dbg(dev, "bus error interrupt\n"); +-- +2.35.3 + diff --git a/patches.suse/can-usb_8dev-do-not-report-txerr-and-rxerr-during-bu.patch b/patches.suse/can-usb_8dev-do-not-report-txerr-and-rxerr-during-bu.patch new file mode 100644 index 0000000..cb6404a --- /dev/null +++ b/patches.suse/can-usb_8dev-do-not-report-txerr-and-rxerr-during-bu.patch @@ -0,0 +1,42 @@ +From aebe8a2433cd090ccdc222861f44bddb75eb01de Mon Sep 17 00:00:00 2001 +From: Vincent Mailhol +Date: Tue, 19 Jul 2022 23:35:47 +0900 +Subject: [PATCH] can: usb_8dev: do not report txerr and rxerr during bus-off +Git-commit: aebe8a2433cd090ccdc222861f44bddb75eb01de +Patch-mainline: v6.0-rc1 +References: git-fixes + +During bus off, the error count is greater than 255 and can not fit in +a u8. + +Fixes: 0024d8ad1639 ("can: usb_8dev: Add support for USB2CAN interface from 8 devices") +Link: https://lore.kernel.org/all/20220719143550.3681-10-mailhol.vincent@wanadoo.fr +Signed-off-by: Vincent Mailhol +Signed-off-by: Marc Kleine-Budde +Acked-by: Takashi Iwai + +--- + drivers/net/can/usb/usb_8dev.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/can/usb/usb_8dev.c b/drivers/net/can/usb/usb_8dev.c +index f3363575bf32..4d38dc90472a 100644 +--- a/drivers/net/can/usb/usb_8dev.c ++++ b/drivers/net/can/usb/usb_8dev.c +@@ -438,9 +438,10 @@ static void usb_8dev_rx_err_msg(struct usb_8dev_priv *priv, + + if (rx_errors) + stats->rx_errors++; +- +- cf->data[6] = txerr; +- cf->data[7] = rxerr; ++ if (priv->can.state != CAN_STATE_BUS_OFF) { ++ cf->data[6] = txerr; ++ cf->data[7] = rxerr; ++ } + + priv->bec.txerr = txerr; + priv->bec.rxerr = rxerr; +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-camcc-sdm845-Fix-topology-around-titan_top-.patch b/patches.suse/clk-qcom-camcc-sdm845-Fix-topology-around-titan_top-.patch new file mode 100644 index 0000000..595e299 --- /dev/null +++ b/patches.suse/clk-qcom-camcc-sdm845-Fix-topology-around-titan_top-.patch @@ -0,0 +1,55 @@ +From 103dd2338bbff567bce7acd00fc5a09c806b38ec Mon Sep 17 00:00:00 2001 +From: Vladimir Zapolskiy +Date: Fri, 20 May 2022 00:41:32 +0300 +Subject: [PATCH] clk: qcom: camcc-sdm845: Fix topology around titan_top power domain +Git-commit: 103dd2338bbff567bce7acd00fc5a09c806b38ec +Patch-mainline: v6.0-rc1 +References: git-fixes + +On SDM845 two found VFE GDSC power domains shall not be operated, if +titan top is turned off, thus the former power domains will be set as +subdomains by a GDSC registration routine. + +Fixes: 78412c262004 ("clk: qcom: Add camera clock controller driver for SDM845") +Signed-off-by: Vladimir Zapolskiy +Reviewed-by: Robert Foss +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220519214133.1728979-2-vladimir.zapolskiy@linaro.org +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/camcc-sdm845.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/clk/qcom/camcc-sdm845.c b/drivers/clk/qcom/camcc-sdm845.c +index be3f95326965..27d44188a7ab 100644 +--- a/drivers/clk/qcom/camcc-sdm845.c ++++ b/drivers/clk/qcom/camcc-sdm845.c +@@ -1534,6 +1534,8 @@ static struct clk_branch cam_cc_sys_tmr_clk = { + }, + }; + ++static struct gdsc titan_top_gdsc; ++ + static struct gdsc bps_gdsc = { + .gdscr = 0x6004, + .pd = { +@@ -1567,6 +1569,7 @@ static struct gdsc ife_0_gdsc = { + .name = "ife_0_gdsc", + }, + .flags = POLL_CFG_GDSCR, ++ .parent = &titan_top_gdsc.pd, + .pwrsts = PWRSTS_OFF_ON, + }; + +@@ -1576,6 +1579,7 @@ static struct gdsc ife_1_gdsc = { + .name = "ife_1_gdsc", + }, + .flags = POLL_CFG_GDSCR, ++ .parent = &titan_top_gdsc.pd, + .pwrsts = PWRSTS_OFF_ON, + }; + +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-clk-krait-unlock-spin-after-mux-completion.patch b/patches.suse/clk-qcom-clk-krait-unlock-spin-after-mux-completion.patch new file mode 100644 index 0000000..03f1fdd --- /dev/null +++ b/patches.suse/clk-qcom-clk-krait-unlock-spin-after-mux-completion.patch @@ -0,0 +1,47 @@ +From df83d2c9e72910416f650ade1e07cc314ff02731 Mon Sep 17 00:00:00 2001 +From: Ansuel Smith +Date: Sat, 30 Apr 2022 07:44:57 +0200 +Subject: [PATCH] clk: qcom: clk-krait: unlock spin after mux completion +Git-commit: df83d2c9e72910416f650ade1e07cc314ff02731 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Unlock spinlock after the mux switch is completed to prevent any corner +case of mux request while the switch still needs to be done. + +Fixes: 4d7dc77babfe ("clk: qcom: Add support for Krait clocks") +Signed-off-by: Ansuel Smith +Reviewed-by: Dmitry Baryshkov +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220430054458.31321-3-ansuelsmth@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/clk-krait.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/drivers/clk/qcom/clk-krait.c b/drivers/clk/qcom/clk-krait.c +index 59f1af415b58..90046428693c 100644 +--- a/drivers/clk/qcom/clk-krait.c ++++ b/drivers/clk/qcom/clk-krait.c +@@ -32,11 +32,16 @@ static void __krait_mux_set_sel(struct krait_mux_clk *mux, int sel) + regval |= (sel & mux->mask) << (mux->shift + LPL_SHIFT); + } + krait_set_l2_indirect_reg(mux->offset, regval); +- spin_unlock_irqrestore(&krait_clock_reg_lock, flags); + + /* Wait for switch to complete. */ + mb(); + udelay(1); ++ ++ /* ++ * Unlock now to make sure the mux register is not ++ * modified while switching to the new parent. ++ */ ++ spin_unlock_irqrestore(&krait_clock_reg_lock, flags); + } + + static int krait_mux_set_parent(struct clk_hw *hw, u8 index) +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-ipq8074-SW-workaround-for-UBI32-PLL-lock.patch b/patches.suse/clk-qcom-ipq8074-SW-workaround-for-UBI32-PLL-lock.patch new file mode 100644 index 0000000..3250b36 --- /dev/null +++ b/patches.suse/clk-qcom-ipq8074-SW-workaround-for-UBI32-PLL-lock.patch @@ -0,0 +1,47 @@ +From 3401ea2856ef84f39b75f0dc5ebcaeda81cb90ec Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 15 May 2022 23:00:39 +0200 +Subject: [PATCH] clk: qcom: ipq8074: SW workaround for UBI32 PLL lock +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 3401ea2856ef84f39b75f0dc5ebcaeda81cb90ec +Patch-mainline: v6.0-rc1 +References: git-fixes + +UBI32 Huayra PLL fails to lock in 5 us in some SoC silicon and thus it +will cause the wait_for_pll() to timeout and thus return the error +indicating that the PLL failed to lock. + +This is bug in Huayra PLL HW for which SW workaround +is to set bit 26 of TEST_CTL register. + +This is ported from the QCA 5.4 based downstream kernel. + +Fixes: b8e7e519625f ("clk: qcom: ipq8074: add remaining PLL’s") +Signed-off-by: Robert Marko +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220515210048.483898-2-robimarko@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/gcc-ipq8074.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c +index 1a5141da7e23..b4291ba53c78 100644 +--- a/drivers/clk/qcom/gcc-ipq8074.c ++++ b/drivers/clk/qcom/gcc-ipq8074.c +@@ -4805,6 +4805,9 @@ static int gcc_ipq8074_probe(struct platform_device *pdev) + if (IS_ERR(regmap)) + return PTR_ERR(regmap); + ++ /* SW Workaround for UBI32 Huayra PLL */ ++ regmap_update_bits(regmap, 0x2501c, BIT(26), BIT(26)); ++ + clk_alpha_pll_configure(&ubi32_pll_main, regmap, &ubi32_pll_config); + clk_alpha_pll_configure(&nss_crypto_pll_main, regmap, + &nss_crypto_pll_config); +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-ipq8074-fix-NSS-core-PLL-s.patch b/patches.suse/clk-qcom-ipq8074-fix-NSS-core-PLL-s.patch new file mode 100644 index 0000000..3523bf4 --- /dev/null +++ b/patches.suse/clk-qcom-ipq8074-fix-NSS-core-PLL-s.patch @@ -0,0 +1,92 @@ +From ca41ec1b30434636c56c5600b24a8d964d359d9c Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 15 May 2022 23:00:38 +0200 +Subject: [PATCH] clk: qcom: ipq8074: fix NSS core PLL-s +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: ca41ec1b30434636c56c5600b24a8d964d359d9c +Patch-mainline: v6.0-rc1 +References: git-fixes + +Like in IPQ6018 the NSS related Alpha PLL-s require initial configuration +to work. + +So, obtain the regmap that is required for the Alpha PLL configuration +and thus utilize the qcom_cc_really_probe() as we already have the regmap. +Then utilize the Alpha PLL configs from the downstream QCA 5.4 based +kernel to configure them. + +This fixes the UBI32 and NSS crypto PLL-s failing to get enabled by the +kernel. + +Fixes: b8e7e519625f ("clk: qcom: ipq8074: add remaining PLL’s") +Signed-off-by: Robert Marko +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220515210048.483898-1-robimarko@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/gcc-ipq8074.c | 39 +++++++++++++++++++++++++++++++++- + 1 file changed, 38 insertions(+), 1 deletion(-) + +diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c +index 541016db3c4b..1a5141da7e23 100644 +--- a/drivers/clk/qcom/gcc-ipq8074.c ++++ b/drivers/clk/qcom/gcc-ipq8074.c +@@ -4371,6 +4371,33 @@ static struct clk_branch gcc_pcie0_axi_s_bridge_clk = { + }, + }; + ++static const struct alpha_pll_config ubi32_pll_config = { ++ .l = 0x4e, ++ .config_ctl_val = 0x200d4aa8, ++ .config_ctl_hi_val = 0x3c2, ++ .main_output_mask = BIT(0), ++ .aux_output_mask = BIT(1), ++ .pre_div_val = 0x0, ++ .pre_div_mask = BIT(12), ++ .post_div_val = 0x0, ++ .post_div_mask = GENMASK(9, 8), ++}; ++ ++static const struct alpha_pll_config nss_crypto_pll_config = { ++ .l = 0x3e, ++ .alpha = 0x0, ++ .alpha_hi = 0x80, ++ .config_ctl_val = 0x4001055b, ++ .main_output_mask = BIT(0), ++ .pre_div_val = 0x0, ++ .pre_div_mask = GENMASK(14, 12), ++ .post_div_val = 0x1 << 8, ++ .post_div_mask = GENMASK(11, 8), ++ .vco_mask = GENMASK(21, 20), ++ .vco_val = 0x0, ++ .alpha_en_mask = BIT(24), ++}; ++ + static struct clk_hw *gcc_ipq8074_hws[] = { + &gpll0_out_main_div2.hw, + &gpll6_out_main_div2.hw, +@@ -4772,7 +4799,17 @@ static const struct qcom_cc_desc gcc_ipq8074_desc = { + + static int gcc_ipq8074_probe(struct platform_device *pdev) + { +- return qcom_cc_probe(pdev, &gcc_ipq8074_desc); ++ struct regmap *regmap; ++ ++ regmap = qcom_cc_map(pdev, &gcc_ipq8074_desc); ++ if (IS_ERR(regmap)) ++ return PTR_ERR(regmap); ++ ++ clk_alpha_pll_configure(&ubi32_pll_main, regmap, &ubi32_pll_config); ++ clk_alpha_pll_configure(&nss_crypto_pll_main, regmap, ++ &nss_crypto_pll_config); ++ ++ return qcom_cc_really_probe(pdev, &gcc_ipq8074_desc, regmap); + } + + static struct platform_driver gcc_ipq8074_driver = { +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-ipq8074-fix-NSS-port-frequency-tables.patch b/patches.suse/clk-qcom-ipq8074-fix-NSS-port-frequency-tables.patch new file mode 100644 index 0000000..ba8a812 --- /dev/null +++ b/patches.suse/clk-qcom-ipq8074-fix-NSS-port-frequency-tables.patch @@ -0,0 +1,76 @@ +From 0e9e61a2815b5cd34f1b495b2d72e8127ce9b794 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 15 May 2022 23:00:40 +0200 +Subject: [PATCH] clk: qcom: ipq8074: fix NSS port frequency tables +Git-commit: 0e9e61a2815b5cd34f1b495b2d72e8127ce9b794 +Patch-mainline: v6.0-rc1 +References: git-fixes + +NSS port 5 and 6 frequency tables are currently broken and are causing a +wide ranges of issue like 1G not working at all on port 6 or port 5 being +clocked with 312 instead of 125 MHz as UNIPHY1 gets selected. + +So, update the frequency tables with the ones from the downstream QCA 5.4 +based kernel which has already fixed this. + +Fixes: 7117a51ed303 ("clk: qcom: ipq8074: add NSS ethernet port clocks") +Signed-off-by: Robert Marko +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220515210048.483898-3-robimarko@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/gcc-ipq8074.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c +index b4291ba53c78..f1017f2e61bd 100644 +--- a/drivers/clk/qcom/gcc-ipq8074.c ++++ b/drivers/clk/qcom/gcc-ipq8074.c +@@ -1788,8 +1788,10 @@ static struct clk_regmap_div nss_port4_tx_div_clk_src = { + static const struct freq_tbl ftbl_nss_port5_rx_clk_src[] = { + F(19200000, P_XO, 1, 0, 0), + F(25000000, P_UNIPHY1_RX, 12.5, 0, 0), ++ F(25000000, P_UNIPHY0_RX, 5, 0, 0), + F(78125000, P_UNIPHY1_RX, 4, 0, 0), + F(125000000, P_UNIPHY1_RX, 2.5, 0, 0), ++ F(125000000, P_UNIPHY0_RX, 1, 0, 0), + F(156250000, P_UNIPHY1_RX, 2, 0, 0), + F(312500000, P_UNIPHY1_RX, 1, 0, 0), + { } +@@ -1828,8 +1830,10 @@ static struct clk_regmap_div nss_port5_rx_div_clk_src = { + static const struct freq_tbl ftbl_nss_port5_tx_clk_src[] = { + F(19200000, P_XO, 1, 0, 0), + F(25000000, P_UNIPHY1_TX, 12.5, 0, 0), ++ F(25000000, P_UNIPHY0_TX, 5, 0, 0), + F(78125000, P_UNIPHY1_TX, 4, 0, 0), + F(125000000, P_UNIPHY1_TX, 2.5, 0, 0), ++ F(125000000, P_UNIPHY0_TX, 1, 0, 0), + F(156250000, P_UNIPHY1_TX, 2, 0, 0), + F(312500000, P_UNIPHY1_TX, 1, 0, 0), + { } +@@ -1867,8 +1871,10 @@ static struct clk_regmap_div nss_port5_tx_div_clk_src = { + + static const struct freq_tbl ftbl_nss_port6_rx_clk_src[] = { + F(19200000, P_XO, 1, 0, 0), ++ F(25000000, P_UNIPHY2_RX, 5, 0, 0), + F(25000000, P_UNIPHY2_RX, 12.5, 0, 0), + F(78125000, P_UNIPHY2_RX, 4, 0, 0), ++ F(125000000, P_UNIPHY2_RX, 1, 0, 0), + F(125000000, P_UNIPHY2_RX, 2.5, 0, 0), + F(156250000, P_UNIPHY2_RX, 2, 0, 0), + F(312500000, P_UNIPHY2_RX, 1, 0, 0), +@@ -1907,8 +1913,10 @@ static struct clk_regmap_div nss_port6_rx_div_clk_src = { + + static const struct freq_tbl ftbl_nss_port6_tx_clk_src[] = { + F(19200000, P_XO, 1, 0, 0), ++ F(25000000, P_UNIPHY2_TX, 5, 0, 0), + F(25000000, P_UNIPHY2_TX, 12.5, 0, 0), + F(78125000, P_UNIPHY2_TX, 4, 0, 0), ++ F(125000000, P_UNIPHY2_TX, 1, 0, 0), + F(125000000, P_UNIPHY2_TX, 2.5, 0, 0), + F(156250000, P_UNIPHY2_TX, 2, 0, 0), + F(312500000, P_UNIPHY2_TX, 1, 0, 0), +-- +2.35.3 + diff --git a/patches.suse/clk-qcom-ipq8074-set-BRANCH_HALT_DELAY-flag-for-UBI-.patch b/patches.suse/clk-qcom-ipq8074-set-BRANCH_HALT_DELAY-flag-for-UBI-.patch new file mode 100644 index 0000000..536525d --- /dev/null +++ b/patches.suse/clk-qcom-ipq8074-set-BRANCH_HALT_DELAY-flag-for-UBI-.patch @@ -0,0 +1,113 @@ +From 2bd357e698207e2e65db03007e4be65bf9d6a7b3 Mon Sep 17 00:00:00 2001 +From: Robert Marko +Date: Sun, 15 May 2022 23:00:43 +0200 +Subject: [PATCH] clk: qcom: ipq8074: set BRANCH_HALT_DELAY flag for UBI clocks +Git-commit: 2bd357e698207e2e65db03007e4be65bf9d6a7b3 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Currently, attempting to enable the UBI clocks will cause the stuck at +off warning to be printed and clk_enable will fail. + +[ 14.936694] gcc_ubi1_ahb_clk status stuck at 'off' + +Downstream 5.4 QCA kernel has fixed this by seting the BRANCH_HALT_DELAY +flag on UBI clocks, so lets do the same. + +Fixes: 5736294aef83 ("clk: qcom: ipq8074: add NSS clocks") +Signed-off-by: Robert Marko +Signed-off-by: Bjorn Andersson +Link: https://lore.kernel.org/r/20220515210048.483898-6-robimarko@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/clk/qcom/gcc-ipq8074.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/clk/qcom/gcc-ipq8074.c b/drivers/clk/qcom/gcc-ipq8074.c +index c964e43ba68a..85076c1383c7 100644 +--- a/drivers/clk/qcom/gcc-ipq8074.c ++++ b/drivers/clk/qcom/gcc-ipq8074.c +@@ -3372,6 +3372,7 @@ static struct clk_branch gcc_nssnoc_ubi1_ahb_clk = { + + static struct clk_branch gcc_ubi0_ahb_clk = { + .halt_reg = 0x6820c, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x6820c, + .enable_mask = BIT(0), +@@ -3389,6 +3390,7 @@ static struct clk_branch gcc_ubi0_ahb_clk = { + + static struct clk_branch gcc_ubi0_axi_clk = { + .halt_reg = 0x68200, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68200, + .enable_mask = BIT(0), +@@ -3406,6 +3408,7 @@ static struct clk_branch gcc_ubi0_axi_clk = { + + static struct clk_branch gcc_ubi0_nc_axi_clk = { + .halt_reg = 0x68204, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68204, + .enable_mask = BIT(0), +@@ -3423,6 +3426,7 @@ static struct clk_branch gcc_ubi0_nc_axi_clk = { + + static struct clk_branch gcc_ubi0_core_clk = { + .halt_reg = 0x68210, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68210, + .enable_mask = BIT(0), +@@ -3440,6 +3444,7 @@ static struct clk_branch gcc_ubi0_core_clk = { + + static struct clk_branch gcc_ubi0_mpt_clk = { + .halt_reg = 0x68208, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68208, + .enable_mask = BIT(0), +@@ -3457,6 +3462,7 @@ static struct clk_branch gcc_ubi0_mpt_clk = { + + static struct clk_branch gcc_ubi1_ahb_clk = { + .halt_reg = 0x6822c, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x6822c, + .enable_mask = BIT(0), +@@ -3474,6 +3480,7 @@ static struct clk_branch gcc_ubi1_ahb_clk = { + + static struct clk_branch gcc_ubi1_axi_clk = { + .halt_reg = 0x68220, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68220, + .enable_mask = BIT(0), +@@ -3491,6 +3498,7 @@ static struct clk_branch gcc_ubi1_axi_clk = { + + static struct clk_branch gcc_ubi1_nc_axi_clk = { + .halt_reg = 0x68224, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68224, + .enable_mask = BIT(0), +@@ -3508,6 +3516,7 @@ static struct clk_branch gcc_ubi1_nc_axi_clk = { + + static struct clk_branch gcc_ubi1_core_clk = { + .halt_reg = 0x68230, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68230, + .enable_mask = BIT(0), +@@ -3525,6 +3534,7 @@ static struct clk_branch gcc_ubi1_core_clk = { + + static struct clk_branch gcc_ubi1_mpt_clk = { + .halt_reg = 0x68228, ++ .halt_check = BRANCH_HALT_DELAY, + .clkr = { + .enable_reg = 0x68228, + .enable_mask = BIT(0), +-- +2.35.3 + diff --git a/patches.suse/clk-renesas-r9a06g032-Fix-UART-clkgrp-bitsel.patch b/patches.suse/clk-renesas-r9a06g032-Fix-UART-clkgrp-bitsel.patch new file mode 100644 index 0000000..799f961 --- /dev/null +++ b/patches.suse/clk-renesas-r9a06g032-Fix-UART-clkgrp-bitsel.patch @@ -0,0 +1,49 @@ +From 2dee50ab9e72a3cae75b65e5934c8dd3e9bf01bc Mon Sep 17 00:00:00 2001 +From: Ralph Siemsen +Date: Wed, 18 May 2022 14:25:27 -0400 +Subject: [PATCH] clk: renesas: r9a06g032: Fix UART clkgrp bitsel +Git-commit: 2dee50ab9e72a3cae75b65e5934c8dd3e9bf01bc +Patch-mainline: v6.0-rc1 +References: git-fixes + +There are two UART clock groups, each having a mux to select its +upstream clock source. The register/bit definitions for accessing these +two muxes appear to have been reversed since introduction. Correct them +so as to match the hardware manual. + +Fixes: 4c3d88526eba ("clk: renesas: Renesas R9A06G032 clock driver") + +Signed-off-by: Ralph Siemsen +Reviewed-by: Phil Edworthy +Link: https://lore.kernel.org/r/20220518182527.1693156-1-ralph.siemsen@linaro.org +Signed-off-by: Geert Uytterhoeven +Acked-by: Takashi Iwai + +--- + drivers/clk/renesas/r9a06g032-clocks.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/clk/renesas/r9a06g032-clocks.c ++++ b/drivers/clk/renesas/r9a06g032-clocks.c +@@ -286,8 +286,8 @@ static const struct r9a06g032_clkdesc r9 + .name = "uart_group_012", + .type = K_BITSEL, + .source = 1 + R9A06G032_DIV_UART, +- /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG1_PR2 */ +- .dual.sel = ((0xec / 4) << 5) | 24, ++ /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG0_0 */ ++ .dual.sel = ((0x34 / 4) << 5) | 30, + .dual.group = 0, + }, + { +@@ -295,8 +295,8 @@ static const struct r9a06g032_clkdesc r9 + .name = "uart_group_34567", + .type = K_BITSEL, + .source = 1 + R9A06G032_DIV_P2_PG, +- /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG0_0 */ +- .dual.sel = ((0x34 / 4) << 5) | 30, ++ /* R9A06G032_SYSCTRL_REG_PWRCTRL_PG1_PR2 */ ++ .dual.sel = ((0xec / 4) << 5) | 24, + .dual.group = 1, + }, + D_UGATE(CLK_UART0, "clk_uart0", UART_GROUP_012, 0, 0, 0x1b2, 0x1b3, 0x1b4, 0x1b5), diff --git a/patches.suse/cpuidle-PSCI-Move-the-has_lpi-check-to-the-beginning-of-the-function.patch b/patches.suse/cpuidle-PSCI-Move-the-has_lpi-check-to-the-beginning-of-the-function.patch new file mode 100644 index 0000000..777ccc2 --- /dev/null +++ b/patches.suse/cpuidle-PSCI-Move-the-has_lpi-check-to-the-beginning-of-the-function.patch @@ -0,0 +1,45 @@ +From: Mario Limonciello +Date: Fri, 25 Feb 2022 13:06:45 -0600 +Subject: cpuidle: PSCI: Move the `has_lpi` check to the beginning of the + function +Git-commit: 01f6c7338ce267959975da65d86ba34f44d54220 +Patch-mainline: v5.18-rc1 +References: git-fixes + +Currently the first thing checked is whether the PCSI cpu_suspend function +has been initialized. + +Another change will be overloading `acpi_processor_ffh_lpi_probe` and +calling it sooner. So make the `has_lpi` check the first thing checked +to prepare for that change. + +Reviewed-by: Sudeep Holla +Signed-off-by: Mario Limonciello +Signed-off-by: Rafael J. Wysocki +Acked-by: Ivan T. Ivanov +--- + arch/arm64/kernel/cpuidle.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/arch/arm64/kernel/cpuidle.c ++++ b/arch/arm64/kernel/cpuidle.c +@@ -53,6 +53,9 @@ static int psci_acpi_cpu_init_idle(unsig + struct acpi_lpi_state *lpi; + struct acpi_processor *pr = per_cpu(processors, cpu); + ++ if (unlikely(!pr || !pr->flags.has_lpi)) ++ return -EINVAL; ++ + /* + * If the PSCI cpu_suspend function hook has not been initialized + * idle states must not be enabled, so bail out +@@ -60,9 +63,6 @@ static int psci_acpi_cpu_init_idle(unsig + if (!psci_ops.cpu_suspend) + return -EOPNOTSUPP; + +- if (unlikely(!pr || !pr->flags.has_lpi)) +- return -EINVAL; +- + count = pr->power.count - 1; + if (count <= 0) + return -ENODEV; diff --git a/patches.suse/crypto-qat-disable-registration-of-algorithms.patch b/patches.suse/crypto-qat-disable-registration-of-algorithms.patch new file mode 100644 index 0000000..293466d --- /dev/null +++ b/patches.suse/crypto-qat-disable-registration-of-algorithms.patch @@ -0,0 +1,61 @@ +From 8893d27ffcaf6ec6267038a177cb87bcde4dd3de Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Fri, 4 Mar 2022 17:54:47 +0000 +Subject: [PATCH] crypto: qat - disable registration of algorithms +Git-commit: 8893d27ffcaf6ec6267038a177cb87bcde4dd3de +Patch-mainline: v5.18-rc1 +References: git-fixes + +The implementations of aead and skcipher in the QAT driver do not +support properly requests with the CRYPTO_TFM_REQ_MAY_BACKLOG flag set. +If the HW queue is full, the driver returns -EBUSY but does not enqueue +the request. +This can result in applications like dm-crypt waiting indefinitely for a +completion of a request that was never submitted to the hardware. + +To avoid this problem, disable the registration of all crypto algorithms +in the QAT driver by setting the number of crypto instances to 0 at +configuration time. + +Cc: stable@vger.kernel.org +Signed-off-by: Giovanni Cabiddu +Signed-off-by: Herbert Xu +Signed-off-by: Torsten Duwe + +--- + drivers/crypto/qat/qat_4xxx/adf_drv.c | 7 +++++++ + drivers/crypto/qat/qat_common/qat_crypto.c | 7 +++++++ + 2 files changed, 14 insertions(+) + +--- a/drivers/crypto/qat/qat_4xxx/adf_drv.c ++++ b/drivers/crypto/qat/qat_4xxx/adf_drv.c +@@ -52,6 +52,13 @@ static int adf_crypto_dev_config(struct + if (ret) + goto err; + ++ /* Temporarily set the number of crypto instances to zero to avoid ++ * registering the crypto algorithms. ++ * This will be removed when the algorithms will support the ++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag ++ */ ++ instances = 0; ++ + for (i = 0; i < instances; i++) { + val = i; + bank = i * 2; +--- a/drivers/crypto/qat/qat_common/qat_crypto.c ++++ b/drivers/crypto/qat/qat_common/qat_crypto.c +@@ -136,6 +136,13 @@ int qat_crypto_dev_config(struct adf_acc + if (ret) + goto err; + ++ /* Temporarily set the number of crypto instances to zero to avoid ++ * registering the crypto algorithms. ++ * This will be removed when the algorithms will support the ++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag ++ */ ++ instances = 0; ++ + for (i = 0; i < instances; i++) { + val = i; + snprintf(key, sizeof(key), ADF_CY "%d" ADF_RING_ASYM_BANK_NUM, i); diff --git a/patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch b/patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch new file mode 100644 index 0000000..7f57ce8 --- /dev/null +++ b/patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch @@ -0,0 +1,49 @@ +From 80a52e1ee7757b742f96bfb0d58f0c14eb6583d0 Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Mon, 9 May 2022 14:34:11 +0100 +Subject: [PATCH] crypto: qat - fix memory leak in RSA +Git-commit: 80a52e1ee7757b742f96bfb0d58f0c14eb6583d0 +Patch-mainline: v5.19-rc1 +References: git-fixes + +When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is +used, some components of the private key persist even after the TFM is +released. +Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() +with a call to qat_rsa_clear_ctx() which frees all buffers referenced in +the TFM context. + +Cc: stable@vger.kernel.org +Fixes: 879f77e9071f ("crypto: qat - Add RSA CRT mode") +Signed-off-by: Giovanni Cabiddu +Reviewed-by: Adam Guerin +Reviewed-by: Wojciech Ziemba +Signed-off-by: Herbert Xu +Signed-off-by: Torsten Duwe + +--- + drivers/crypto/qat/qat_common/qat_asym_algs.c | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c ++++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c +@@ -1236,18 +1236,8 @@ static void qat_rsa_exit_tfm(struct cryp + struct qat_rsa_ctx *ctx = akcipher_tfm_ctx(tfm); + struct device *dev = &GET_DEV(ctx->inst->accel_dev); + +- if (ctx->n) +- dma_free_coherent(dev, ctx->key_sz, ctx->n, ctx->dma_n); +- if (ctx->e) +- dma_free_coherent(dev, ctx->key_sz, ctx->e, ctx->dma_e); +- if (ctx->d) { +- memset(ctx->d, '\0', ctx->key_sz); +- dma_free_coherent(dev, ctx->key_sz, ctx->d, ctx->dma_d); +- } ++ qat_rsa_clear_ctx(dev, ctx); + qat_crypto_put_instance(ctx->inst); +- ctx->n = NULL; +- ctx->e = NULL; +- ctx->d = NULL; + } + + static struct akcipher_alg rsa = { diff --git a/patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch b/patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch new file mode 100644 index 0000000..6beaae7 --- /dev/null +++ b/patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch @@ -0,0 +1,176 @@ +From 029aa4624a7fe35233bdd3d1354dc7be260380bf Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Mon, 9 May 2022 14:34:13 +0100 +Subject: [PATCH] crypto: qat - remove dma_free_coherent() for DH +Git-commit: 029aa4624a7fe35233bdd3d1354dc7be260380bf +Patch-mainline: v5.19-rc1 +References: git-fixes + +The functions qat_dh_compute_value() allocates memory with +dma_alloc_coherent() if the source or the destination buffers are made +of multiple flat buffers or of a size that is not compatible with the +hardware. +This memory is then freed with dma_free_coherent() in the context of a +tasklet invoked to handle the response for the corresponding request. + +According to Documentation/core-api/dma-api-howto.rst, the function +dma_free_coherent() cannot be called in an interrupt context. + +Replace allocations with dma_alloc_coherent() in the function +qat_dh_compute_value() with kmalloc() + dma_map_single(). + +Cc: stable@vger.kernel.org +Fixes: c9839143ebbf ("crypto: qat - Add DH support") +Signed-off-by: Giovanni Cabiddu +Reviewed-by: Adam Guerin +Reviewed-by: Wojciech Ziemba +Signed-off-by: Herbert Xu +Signed-off-by: Torsten Duwe + +--- + drivers/crypto/qat/qat_common/qat_asym_algs.c | 83 ++++++++----------- + 1 file changed, 34 insertions(+), 49 deletions(-) + +--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c ++++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c +@@ -148,26 +148,21 @@ static void qat_dh_cb(struct icp_qat_fw_ + err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL; + + if (areq->src) { +- if (req->src_align) +- dma_free_coherent(dev, req->ctx.dh->p_size, +- req->src_align, req->in.dh.in.b); +- else +- dma_unmap_single(dev, req->in.dh.in.b, +- req->ctx.dh->p_size, DMA_TO_DEVICE); ++ dma_unmap_single(dev, req->in.dh.in.b, req->ctx.dh->p_size, ++ DMA_TO_DEVICE); ++ kzfree(req->src_align); + } + + areq->dst_len = req->ctx.dh->p_size; + if (req->dst_align) { + scatterwalk_map_and_copy(req->dst_align, areq->dst, 0, + areq->dst_len, 1); +- +- dma_free_coherent(dev, req->ctx.dh->p_size, req->dst_align, +- req->out.dh.r); +- } else { +- dma_unmap_single(dev, req->out.dh.r, req->ctx.dh->p_size, +- DMA_FROM_DEVICE); ++ kzfree(req->dst_align); + } + ++ dma_unmap_single(dev, req->out.dh.r, req->ctx.dh->p_size, ++ DMA_FROM_DEVICE); ++ + dma_unmap_single(dev, req->phy_in, sizeof(struct qat_dh_input_params), + DMA_TO_DEVICE); + dma_unmap_single(dev, req->phy_out, +@@ -215,6 +210,7 @@ static int qat_dh_compute_value(struct k + struct icp_qat_fw_pke_request *msg = &qat_req->req; + int ret, ctr = 0; + int n_input_params = 0; ++ u8 *vaddr; + + if (unlikely(!ctx->xa)) + return -EINVAL; +@@ -271,27 +267,24 @@ static int qat_dh_compute_value(struct k + */ + if (sg_is_last(req->src) && req->src_len == ctx->p_size) { + qat_req->src_align = NULL; +- qat_req->in.dh.in.b = dma_map_single(dev, +- sg_virt(req->src), +- req->src_len, +- DMA_TO_DEVICE); +- if (unlikely(dma_mapping_error(dev, +- qat_req->in.dh.in.b))) +- return ret; +- ++ vaddr = sg_virt(req->src); + } else { + int shift = ctx->p_size - req->src_len; + +- qat_req->src_align = dma_alloc_coherent(dev, +- ctx->p_size, +- &qat_req->in.dh.in.b, +- GFP_KERNEL); ++ qat_req->src_align = kzalloc(ctx->p_size, GFP_KERNEL); + if (unlikely(!qat_req->src_align)) + return ret; + + scatterwalk_map_and_copy(qat_req->src_align + shift, + req->src, 0, req->src_len, 0); ++ ++ vaddr = qat_req->src_align; + } ++ ++ qat_req->in.dh.in.b = dma_map_single(dev, vaddr, ctx->p_size, ++ DMA_TO_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->in.dh.in.b))) ++ goto unmap_src; + } + /* + * dst can be of any size in valid range, but HW expects it to be the +@@ -302,20 +295,18 @@ static int qat_dh_compute_value(struct k + */ + if (sg_is_last(req->dst) && req->dst_len == ctx->p_size) { + qat_req->dst_align = NULL; +- qat_req->out.dh.r = dma_map_single(dev, sg_virt(req->dst), +- req->dst_len, +- DMA_FROM_DEVICE); +- +- if (unlikely(dma_mapping_error(dev, qat_req->out.dh.r))) +- goto unmap_src; +- ++ vaddr = sg_virt(req->dst); + } else { +- qat_req->dst_align = dma_alloc_coherent(dev, ctx->p_size, +- &qat_req->out.dh.r, +- GFP_KERNEL); ++ qat_req->dst_align = kzalloc(ctx->p_size, GFP_KERNEL); + if (unlikely(!qat_req->dst_align)) + goto unmap_src; ++ ++ vaddr = qat_req->dst_align; + } ++ qat_req->out.dh.r = dma_map_single(dev, vaddr, ctx->p_size, ++ DMA_FROM_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->out.dh.r))) ++ goto unmap_dst; + + qat_req->in.dh.in_tab[n_input_params] = 0; + qat_req->out.dh.out_tab[1] = 0; +@@ -355,23 +346,17 @@ unmap_in_params: + sizeof(struct qat_dh_input_params), + DMA_TO_DEVICE); + unmap_dst: +- if (qat_req->dst_align) +- dma_free_coherent(dev, ctx->p_size, qat_req->dst_align, +- qat_req->out.dh.r); +- else +- if (!dma_mapping_error(dev, qat_req->out.dh.r)) +- dma_unmap_single(dev, qat_req->out.dh.r, ctx->p_size, +- DMA_FROM_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->out.dh.r)) ++ dma_unmap_single(dev, qat_req->out.dh.r, ctx->p_size, ++ DMA_FROM_DEVICE); ++ kzfree(qat_req->dst_align); + unmap_src: + if (req->src) { +- if (qat_req->src_align) +- dma_free_coherent(dev, ctx->p_size, qat_req->src_align, +- qat_req->in.dh.in.b); +- else +- if (!dma_mapping_error(dev, qat_req->in.dh.in.b)) +- dma_unmap_single(dev, qat_req->in.dh.in.b, +- ctx->p_size, +- DMA_TO_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->in.dh.in.b)) ++ dma_unmap_single(dev, qat_req->in.dh.in.b, ++ ctx->p_size, ++ DMA_TO_DEVICE); ++ kzfree(qat_req->src_align); + } + return ret; + } diff --git a/patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch b/patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch new file mode 100644 index 0000000..0730fb8 --- /dev/null +++ b/patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch @@ -0,0 +1,264 @@ +From 3dfaf0071ed74d7a9c6b3c9ea4df7a6f8e423c2a Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Mon, 9 May 2022 14:34:12 +0100 +Subject: [PATCH] crypto: qat - remove dma_free_coherent() for RSA +Git-commit: 3dfaf0071ed74d7a9c6b3c9ea4df7a6f8e423c2a +Patch-mainline: v5.19-rc1 +References: git-fixes + +After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP"), if +the algorithms are enabled, the driver crashes with a BUG_ON while +executing vunmap() in the context of a tasklet. This is due to the fact +that the function dma_free_coherent() cannot be called in an interrupt +context (see Documentation/core-api/dma-api-howto.rst). + +The functions qat_rsa_enc() and qat_rsa_dec() allocate memory with +dma_alloc_coherent() if the source or the destination buffers are made +of multiple flat buffers or of a size that is not compatible with the +hardware. +This memory is then freed with dma_free_coherent() in the context of a +tasklet invoked to handle the response for the corresponding request. + +Replace allocations with dma_alloc_coherent() in the functions +qat_rsa_enc() and qat_rsa_dec() with kmalloc() + dma_map_single(). + +Cc: stable@vger.kernel.org +Fixes: a990532023b9 ("crypto: qat - Add support for RSA algorithm") +Signed-off-by: Giovanni Cabiddu +Reviewed-by: Adam Guerin +Reviewed-by: Wojciech Ziemba +Signed-off-by: Herbert Xu +Signed-off-by: Torsten Duwe + +--- + drivers/crypto/qat/qat_common/qat_asym_algs.c | 137 ++++++++---------- + 1 file changed, 60 insertions(+), 77 deletions(-) + +--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c ++++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c +@@ -513,25 +513,22 @@ static void qat_rsa_cb(struct icp_qat_fw + + err = (err == ICP_QAT_FW_COMN_STATUS_FLAG_OK) ? 0 : -EINVAL; + +- if (req->src_align) +- dma_free_coherent(dev, req->ctx.rsa->key_sz, req->src_align, +- req->in.rsa.enc.m); +- else +- dma_unmap_single(dev, req->in.rsa.enc.m, req->ctx.rsa->key_sz, +- DMA_TO_DEVICE); ++ kzfree(req->src_align); ++ ++ dma_unmap_single(dev, req->in.rsa.enc.m, req->ctx.rsa->key_sz, ++ DMA_TO_DEVICE); + + areq->dst_len = req->ctx.rsa->key_sz; + if (req->dst_align) { + scatterwalk_map_and_copy(req->dst_align, areq->dst, 0, + areq->dst_len, 1); + +- dma_free_coherent(dev, req->ctx.rsa->key_sz, req->dst_align, +- req->out.rsa.enc.c); +- } else { +- dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz, +- DMA_FROM_DEVICE); ++ kzfree(req->dst_align); + } + ++ dma_unmap_single(dev, req->out.rsa.enc.c, req->ctx.rsa->key_sz, ++ DMA_FROM_DEVICE); ++ + dma_unmap_single(dev, req->phy_in, sizeof(struct qat_rsa_input_params), + DMA_TO_DEVICE); + dma_unmap_single(dev, req->phy_out, +@@ -645,6 +642,7 @@ static int qat_rsa_enc(struct akcipher_r + struct qat_asym_request *qat_req = + PTR_ALIGN(akcipher_request_ctx(req), 64); + struct icp_qat_fw_pke_request *msg = &qat_req->req; ++ u8 *vaddr; + int ret, ctr = 0; + + if (unlikely(!ctx->n || !ctx->e)) +@@ -682,40 +680,39 @@ static int qat_rsa_enc(struct akcipher_r + */ + if (sg_is_last(req->src) && req->src_len == ctx->key_sz) { + qat_req->src_align = NULL; +- qat_req->in.rsa.enc.m = dma_map_single(dev, sg_virt(req->src), +- req->src_len, DMA_TO_DEVICE); +- if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.enc.m))) +- return ret; +- ++ vaddr = sg_virt(req->src); + } else { + int shift = ctx->key_sz - req->src_len; + +- qat_req->src_align = dma_alloc_coherent(dev, ctx->key_sz, +- &qat_req->in.rsa.enc.m, +- GFP_KERNEL); ++ qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL); + if (unlikely(!qat_req->src_align)) + return ret; + + scatterwalk_map_and_copy(qat_req->src_align + shift, req->src, + 0, req->src_len, 0); ++ vaddr = qat_req->src_align; + } +- if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) { +- qat_req->dst_align = NULL; +- qat_req->out.rsa.enc.c = dma_map_single(dev, sg_virt(req->dst), +- req->dst_len, +- DMA_FROM_DEVICE); + +- if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.enc.c))) +- goto unmap_src; ++ qat_req->in.rsa.enc.m = dma_map_single(dev, vaddr, ctx->key_sz, ++ DMA_TO_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.enc.m))) ++ goto unmap_src; + ++ if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) { ++ qat_req->dst_align = NULL; ++ vaddr = sg_virt(req->dst); + } else { +- qat_req->dst_align = dma_alloc_coherent(dev, ctx->key_sz, +- &qat_req->out.rsa.enc.c, +- GFP_KERNEL); ++ qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL); + if (unlikely(!qat_req->dst_align)) + goto unmap_src; +- ++ vaddr = qat_req->dst_align; + } ++ ++ qat_req->out.rsa.enc.c = dma_map_single(dev, vaddr, ctx->key_sz, ++ DMA_FROM_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.enc.c))) ++ goto unmap_dst; ++ + qat_req->in.rsa.in_tab[3] = 0; + qat_req->out.rsa.out_tab[1] = 0; + qat_req->phy_in = dma_map_single(dev, &qat_req->in.rsa.enc.m, +@@ -752,21 +749,15 @@ unmap_in_params: + sizeof(struct qat_rsa_input_params), + DMA_TO_DEVICE); + unmap_dst: +- if (qat_req->dst_align) +- dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align, +- qat_req->out.rsa.enc.c); +- else +- if (!dma_mapping_error(dev, qat_req->out.rsa.enc.c)) +- dma_unmap_single(dev, qat_req->out.rsa.enc.c, +- ctx->key_sz, DMA_FROM_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->out.rsa.enc.c)) ++ dma_unmap_single(dev, qat_req->out.rsa.enc.c, ++ ctx->key_sz, DMA_FROM_DEVICE); ++ kzfree(qat_req->dst_align); + unmap_src: +- if (qat_req->src_align) +- dma_free_coherent(dev, ctx->key_sz, qat_req->src_align, +- qat_req->in.rsa.enc.m); +- else +- if (!dma_mapping_error(dev, qat_req->in.rsa.enc.m)) +- dma_unmap_single(dev, qat_req->in.rsa.enc.m, +- ctx->key_sz, DMA_TO_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->in.rsa.enc.m)) ++ dma_unmap_single(dev, qat_req->in.rsa.enc.m, ctx->key_sz, ++ DMA_TO_DEVICE); ++ kzfree(qat_req->src_align); + return ret; + } + +@@ -779,6 +770,7 @@ static int qat_rsa_dec(struct akcipher_r + struct qat_asym_request *qat_req = + PTR_ALIGN(akcipher_request_ctx(req), 64); + struct icp_qat_fw_pke_request *msg = &qat_req->req; ++ u8 *vaddr; + int ret, ctr = 0; + + if (unlikely(!ctx->n || !ctx->d)) +@@ -826,40 +818,37 @@ static int qat_rsa_dec(struct akcipher_r + */ + if (sg_is_last(req->src) && req->src_len == ctx->key_sz) { + qat_req->src_align = NULL; +- qat_req->in.rsa.dec.c = dma_map_single(dev, sg_virt(req->src), +- req->dst_len, DMA_TO_DEVICE); +- if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.dec.c))) +- return ret; +- ++ vaddr = sg_virt(req->src); + } else { + int shift = ctx->key_sz - req->src_len; + +- qat_req->src_align = dma_alloc_coherent(dev, ctx->key_sz, +- &qat_req->in.rsa.dec.c, +- GFP_KERNEL); ++ qat_req->src_align = kzalloc(ctx->key_sz, GFP_KERNEL); + if (unlikely(!qat_req->src_align)) + return ret; + + scatterwalk_map_and_copy(qat_req->src_align + shift, req->src, + 0, req->src_len, 0); ++ vaddr = qat_req->src_align; + } +- if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) { +- qat_req->dst_align = NULL; +- qat_req->out.rsa.dec.m = dma_map_single(dev, sg_virt(req->dst), +- req->dst_len, +- DMA_FROM_DEVICE); + +- if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.dec.m))) +- goto unmap_src; ++ qat_req->in.rsa.dec.c = dma_map_single(dev, vaddr, ctx->key_sz, ++ DMA_TO_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->in.rsa.dec.c))) ++ goto unmap_src; + ++ if (sg_is_last(req->dst) && req->dst_len == ctx->key_sz) { ++ qat_req->dst_align = NULL; ++ vaddr = sg_virt(req->dst); + } else { +- qat_req->dst_align = dma_alloc_coherent(dev, ctx->key_sz, +- &qat_req->out.rsa.dec.m, +- GFP_KERNEL); ++ qat_req->dst_align = kzalloc(ctx->key_sz, GFP_KERNEL); + if (unlikely(!qat_req->dst_align)) + goto unmap_src; +- ++ vaddr = qat_req->dst_align; + } ++ qat_req->out.rsa.dec.m = dma_map_single(dev, vaddr, ctx->key_sz, ++ DMA_FROM_DEVICE); ++ if (unlikely(dma_mapping_error(dev, qat_req->out.rsa.dec.m))) ++ goto unmap_dst; + + if (ctx->crt_mode) + qat_req->in.rsa.in_tab[6] = 0; +@@ -904,21 +893,15 @@ unmap_in_params: + sizeof(struct qat_rsa_input_params), + DMA_TO_DEVICE); + unmap_dst: +- if (qat_req->dst_align) +- dma_free_coherent(dev, ctx->key_sz, qat_req->dst_align, +- qat_req->out.rsa.dec.m); +- else +- if (!dma_mapping_error(dev, qat_req->out.rsa.dec.m)) +- dma_unmap_single(dev, qat_req->out.rsa.dec.m, +- ctx->key_sz, DMA_FROM_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->out.rsa.dec.m)) ++ dma_unmap_single(dev, qat_req->out.rsa.dec.m, ++ ctx->key_sz, DMA_FROM_DEVICE); ++ kzfree(qat_req->dst_align); + unmap_src: +- if (qat_req->src_align) +- dma_free_coherent(dev, ctx->key_sz, qat_req->src_align, +- qat_req->in.rsa.dec.c); +- else +- if (!dma_mapping_error(dev, qat_req->in.rsa.dec.c)) +- dma_unmap_single(dev, qat_req->in.rsa.dec.c, +- ctx->key_sz, DMA_TO_DEVICE); ++ if (!dma_mapping_error(dev, qat_req->in.rsa.dec.c)) ++ dma_unmap_single(dev, qat_req->in.rsa.dec.c, ctx->key_sz, ++ DMA_TO_DEVICE); ++ kzfree(qat_req->src_align); + return ret; + } + diff --git a/patches.suse/crypto-qat-set-to-zero-DH-parameters-before-free.patch b/patches.suse/crypto-qat-set-to-zero-DH-parameters-before-free.patch new file mode 100644 index 0000000..f2597de --- /dev/null +++ b/patches.suse/crypto-qat-set-to-zero-DH-parameters-before-free.patch @@ -0,0 +1,51 @@ +From 1731160ff7c7bbb11bb1aacb14dd25e18d522779 Mon Sep 17 00:00:00 2001 +From: Giovanni Cabiddu +Date: Mon, 9 May 2022 14:19:27 +0100 +Subject: [PATCH] crypto: qat - set to zero DH parameters before free +Git-commit: 1731160ff7c7bbb11bb1aacb14dd25e18d522779 +Patch-mainline: v5.19-rc1 +References: git-fixes + +Set to zero the context buffers containing the DH key before they are +freed. +This is a defense in depth measure that avoids keys to be recovered from +memory in case the system is compromised between the free of the buffer +and when that area of memory (containing keys) gets overwritten. + +Cc: stable@vger.kernel.org +Fixes: c9839143ebbf ("crypto: qat - Add DH support") +Signed-off-by: Giovanni Cabiddu +Reviewed-by: Adam Guerin +Reviewed-by: Wojciech Ziemba +Signed-off-by: Herbert Xu +Signed-off-by: Torsten Duwe + +--- + drivers/crypto/qat/qat_common/qat_asym_algs.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c +index b0b78445418b..5633f9df3b6f 100644 +--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c ++++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c +@@ -420,14 +420,17 @@ static int qat_dh_set_params(struct qat_dh_ctx *ctx, struct dh *params) + static void qat_dh_clear_ctx(struct device *dev, struct qat_dh_ctx *ctx) + { + if (ctx->g) { ++ memset(ctx->g, 0, ctx->p_size); + dma_free_coherent(dev, ctx->p_size, ctx->g, ctx->dma_g); + ctx->g = NULL; + } + if (ctx->xa) { ++ memset(ctx->xa, 0, ctx->p_size); + dma_free_coherent(dev, ctx->p_size, ctx->xa, ctx->dma_xa); + ctx->xa = NULL; + } + if (ctx->p) { ++ memset(ctx->p, 0, ctx->p_size); + dma_free_coherent(dev, ctx->p_size, ctx->p, ctx->dma_p); + ctx->p = NULL; + } +-- +2.35.3 + diff --git a/patches.suse/cxgb4-Fix-the-Wmisleading-indentation-warning.patch b/patches.suse/cxgb4-Fix-the-Wmisleading-indentation-warning.patch new file mode 100644 index 0000000..f382879 --- /dev/null +++ b/patches.suse/cxgb4-Fix-the-Wmisleading-indentation-warning.patch @@ -0,0 +1,38 @@ +From 123f4c523c0b3c83fbd54ab8b1052e7ac238f811 Mon Sep 17 00:00:00 2001 +From: Kaixu Xia +Date: Wed, 4 Nov 2020 13:24:04 +0800 +Subject: [PATCH 7/9] cxgb4: Fix the -Wmisleading-indentation warning +Git-commit: ea8146c6845799142aa4ee2660741c215e340cdf +Patch-mainline: v5.11-rc1 +References: git-fixes + +Fix the gcc warning: + +drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c:2673:9: warning: this 'for' clause does not guard... [-Wmisleading-indentation] + 2673 | for (i = 0; i < n; ++i) \ + +Reported-by: Tosk Robot +Signed-off-by: Kaixu Xia +Link: https://lore.kernel.org/r/1604467444-23043-1-git-send-email-kaixuxia@tencent.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c +index 17410fe86626..7d49fd4edc9e 100644 +--- a/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c ++++ b/drivers/net/ethernet/chelsio/cxgb4/cxgb4_debugfs.c +@@ -2671,7 +2671,7 @@ do { \ + seq_printf(seq, "%-12s", s); \ + for (i = 0; i < n; ++i) \ + seq_printf(seq, " %16" fmt_spec, v); \ +- seq_putc(seq, '\n'); \ ++ seq_putc(seq, '\n'); \ + } while (0) + #define S(s, v) S3("s", s, v) + #define T3(fmt_spec, s, v) S3(fmt_spec, s, tx[i].v) +-- +2.16.4 + diff --git a/patches.suse/dmaengine-at_xdma-handle-errors-of-at_xdmac_alloc_de.patch b/patches.suse/dmaengine-at_xdma-handle-errors-of-at_xdmac_alloc_de.patch new file mode 100644 index 0000000..9d1f26c --- /dev/null +++ b/patches.suse/dmaengine-at_xdma-handle-errors-of-at_xdmac_alloc_de.patch @@ -0,0 +1,36 @@ +From 3770d92bd5237d686e49da7b2fb86f53ee6ed259 Mon Sep 17 00:00:00 2001 +From: Michael Walle +Date: Thu, 26 May 2022 15:51:11 +0200 +Subject: [PATCH] dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly +Git-commit: 3770d92bd5237d686e49da7b2fb86f53ee6ed259 +Patch-mainline: v5.19-rc6 +References: git-fixes + +It seems that it is valid to have less than the requested number of +descriptors. But what is not valid and leads to subsequent errors is to +have zero descriptors. In that case, abort the probing. + +Fixes: e1f7c9eee707 ("dmaengine: at_xdmac: creation of the atmel eXtended DMA Controller driver") +Signed-off-by: Michael Walle +Link: https://lore.kernel.org/r/20220526135111.1470926-1-michael@walle.cc +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/at_xdmac.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/drivers/dma/at_xdmac.c ++++ b/drivers/dma/at_xdmac.c +@@ -1846,6 +1846,11 @@ static int at_xdmac_alloc_chan_resources + for (i = 0; i < init_nr_desc_per_channel; i++) { + desc = at_xdmac_alloc_desc(chan, GFP_ATOMIC); + if (!desc) { ++ if (i == 0) { ++ dev_warn(chan2dev(chan), ++ "can't allocate any descriptors\n"); ++ return -EIO; ++ } + dev_warn(chan2dev(chan), + "only %d descriptors have been allocated\n", i); + break; diff --git a/patches.suse/dmaengine-imx-sdma-Allow-imx8m-for-imx7-FW-revs.patch b/patches.suse/dmaengine-imx-sdma-Allow-imx8m-for-imx7-FW-revs.patch new file mode 100644 index 0000000..98581c6 --- /dev/null +++ b/patches.suse/dmaengine-imx-sdma-Allow-imx8m-for-imx7-FW-revs.patch @@ -0,0 +1,48 @@ +From a7cd3cf0b2e5aaacfe5e02c472bd28e98e640be7 Mon Sep 17 00:00:00 2001 +From: Peter Robinson +Date: Mon, 6 Jun 2022 17:10:34 +0100 +Subject: [PATCH] dmaengine: imx-sdma: Allow imx8m for imx7 FW revs +Git-commit: a7cd3cf0b2e5aaacfe5e02c472bd28e98e640be7 +Patch-mainline: v5.19-rc6 +References: git-fixes + +The revision of the imx-sdma IP that is in the i.MX8M series is the +same is that as that in the i.MX7 series but the imx7d MODULE_FIRMWARE +directive is wrapped in a condiditional which means it's not defined +when built for aarch64 SOC_IMX8M platforms and hence you get the +following errors when the driver loads on imx8m devices: + +imx-sdma 302c0000.dma-controller: Direct firmware load for imx/sdma/sdma-imx7d.bin failed with error -2 +imx-sdma 302c0000.dma-controller: external firmware not found, using ROM firmware + +Add the SOC_IMX8M into the check so the firmware can load on i.MX8. + +Fixes: 1474d48bd639 ("arm64: dts: imx8mq: Add SDMA nodes") +Fixes: 941acd566b18 ("dmaengine: imx-sdma: Only check ratio on parts that support 1:1") +Signed-off-by: Peter Robinson +Cc: stable@vger.kernel.org # v5.2+ +Reviewed-by: Fabio Estevam +Link: https://lore.kernel.org/r/20220606161034.3544803-1-pbrobinson@gmail.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/imx-sdma.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/imx-sdma.c b/drivers/dma/imx-sdma.c +index 8535018ee7a2..900cafdaf359 100644 +--- a/drivers/dma/imx-sdma.c ++++ b/drivers/dma/imx-sdma.c +@@ -2346,7 +2346,7 @@ MODULE_DESCRIPTION("i.MX SDMA driver"); + #if IS_ENABLED(CONFIG_SOC_IMX6Q) + MODULE_FIRMWARE("imx/sdma/sdma-imx6q.bin"); + #endif +-#if IS_ENABLED(CONFIG_SOC_IMX7D) ++#if IS_ENABLED(CONFIG_SOC_IMX7D) || IS_ENABLED(CONFIG_SOC_IMX8M) + MODULE_FIRMWARE("imx/sdma/sdma-imx7d.bin"); + #endif + MODULE_LICENSE("GPL"); +-- +2.35.3 + diff --git a/patches.suse/dmaengine-pl330-Fix-lockdep-warning-about-non-static.patch b/patches.suse/dmaengine-pl330-Fix-lockdep-warning-about-non-static.patch new file mode 100644 index 0000000..7f4cc02 --- /dev/null +++ b/patches.suse/dmaengine-pl330-Fix-lockdep-warning-about-non-static.patch @@ -0,0 +1,60 @@ +From b64b3b2f1d81f83519582e1feee87d77f51f5f17 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Fri, 20 May 2022 21:14:32 +0300 +Subject: [PATCH] dmaengine: pl330: Fix lockdep warning about non-static key +Git-commit: b64b3b2f1d81f83519582e1feee87d77f51f5f17 +Patch-mainline: v5.19-rc6 +References: git-fixes + +The DEFINE_SPINLOCK() macro shouldn't be used for dynamically allocated +spinlocks. The lockdep warns about this and disables locking validator. +Fix the warning by making lock static. + + INFO: trying to register non-static key. + The code is fine but needs lockdep annotation, or maybe + you didn't initialize this object before use? + turning off the locking correctness validator. + Hardware name: Radxa ROCK Pi 4C (DT) + Call trace: + dump_backtrace.part.0+0xcc/0xe0 + show_stack+0x18/0x6c + dump_stack_lvl+0x8c/0xb8 + dump_stack+0x18/0x34 + register_lock_class+0x4a8/0x4cc + __lock_acquire+0x78/0x20cc + lock_acquire.part.0+0xe0/0x230 + lock_acquire+0x68/0x84 + _raw_spin_lock_irqsave+0x84/0xc4 + add_desc+0x44/0xc0 + pl330_get_desc+0x15c/0x1d0 + pl330_prep_dma_cyclic+0x100/0x270 + snd_dmaengine_pcm_trigger+0xec/0x1c0 + dmaengine_pcm_trigger+0x18/0x24 + ... + +Fixes: e588710311ee ("dmaengine: pl330: fix descriptor allocation fail") +Signed-off-by: Dmitry Osipenko +Link: https://lore.kernel.org/r/20220520181432.149904-1-dmitry.osipenko@collabora.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/pl330.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/dma/pl330.c b/drivers/dma/pl330.c +index 858400e42ec0..09915a5cba3e 100644 +--- a/drivers/dma/pl330.c ++++ b/drivers/dma/pl330.c +@@ -2589,7 +2589,7 @@ static struct dma_pl330_desc *pl330_get_desc(struct dma_pl330_chan *pch) + + /* If the DMAC pool is empty, alloc new */ + if (!desc) { +- DEFINE_SPINLOCK(lock); ++ static DEFINE_SPINLOCK(lock); + LIST_HEAD(pool); + + if (!add_desc(&pool, &lock, GFP_ATOMIC, 1)) +-- +2.35.3 + diff --git a/patches.suse/dmaengine-ti-Add-missing-put_device-in-ti_dra7_xbar_.patch b/patches.suse/dmaengine-ti-Add-missing-put_device-in-ti_dra7_xbar_.patch new file mode 100644 index 0000000..e28ae34 --- /dev/null +++ b/patches.suse/dmaengine-ti-Add-missing-put_device-in-ti_dra7_xbar_.patch @@ -0,0 +1,60 @@ +From 615a4bfc426e11dba05c2cf343f9ac752fb381d2 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Sun, 5 Jun 2022 08:27:22 +0400 +Subject: [PATCH] dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate +Git-commit: 615a4bfc426e11dba05c2cf343f9ac752fb381d2 +Patch-mainline: v5.19-rc6 +References: git-fixes + +of_find_device_by_node() takes reference, we should use put_device() +to release it when not need anymore. + +Fixes: a074ae38f859 ("dmaengine: Add driver for TI DMA crossbar on DRA7x") +Signed-off-by: Miaoqian Lin +Acked-by: Peter Ujfalusi +Link: https://lore.kernel.org/r/20220605042723.17668-1-linmq006@gmail.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/ti/dma-crossbar.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/dma/ti/dma-crossbar.c b/drivers/dma/ti/dma-crossbar.c +index e34cfb50d241..f744ddbbbad7 100644 +--- a/drivers/dma/ti/dma-crossbar.c ++++ b/drivers/dma/ti/dma-crossbar.c +@@ -245,6 +245,7 @@ static void *ti_dra7_xbar_route_allocate(struct of_phandle_args *dma_spec, + if (dma_spec->args[0] >= xbar->xbar_requests) { + dev_err(&pdev->dev, "Invalid XBAR request number: %d\n", + dma_spec->args[0]); ++ put_device(&pdev->dev); + return ERR_PTR(-EINVAL); + } + +@@ -252,12 +253,14 @@ static void *ti_dra7_xbar_route_allocate(struct of_phandle_args *dma_spec, + dma_spec->np = of_parse_phandle(ofdma->of_node, "dma-masters", 0); + if (!dma_spec->np) { + dev_err(&pdev->dev, "Can't get DMA master\n"); ++ put_device(&pdev->dev); + return ERR_PTR(-EINVAL); + } + + map = kzalloc(sizeof(*map), GFP_KERNEL); + if (!map) { + of_node_put(dma_spec->np); ++ put_device(&pdev->dev); + return ERR_PTR(-ENOMEM); + } + +@@ -269,6 +272,7 @@ static void *ti_dra7_xbar_route_allocate(struct of_phandle_args *dma_spec, + dev_err(&pdev->dev, "Run out of free DMA requests\n"); + kfree(map); + of_node_put(dma_spec->np); ++ put_device(&pdev->dev); + return ERR_PTR(-ENOMEM); + } + set_bit(map->xbar_out, xbar->dma_inuse); +-- +2.35.3 + diff --git a/patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch b/patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch new file mode 100644 index 0000000..d5dd917 --- /dev/null +++ b/patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch @@ -0,0 +1,38 @@ +From c132fe78ad7b4ce8b5d49a501a15c29d08eeb23a Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Sun, 5 Jun 2022 08:27:23 +0400 +Subject: [PATCH] dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate +Git-commit: c132fe78ad7b4ce8b5d49a501a15c29d08eeb23a +Patch-mainline: v5.19-rc6 +References: git-fixes + +of_parse_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not needed anymore. + +Add missing of_node_put() in to fix this. + +Fixes: ec9bfa1e1a79 ("dmaengine: ti-dma-crossbar: dra7: Use bitops instead of idr") +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220605042723.17668-2-linmq006@gmail.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/dma/ti/dma-crossbar.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/dma/ti/dma-crossbar.c b/drivers/dma/ti/dma-crossbar.c +index 71d24fc07c00..e34cfb50d241 100644 +--- a/drivers/dma/ti/dma-crossbar.c ++++ b/drivers/dma/ti/dma-crossbar.c +@@ -268,6 +268,7 @@ static void *ti_dra7_xbar_route_allocate(struct of_phandle_args *dma_spec, + mutex_unlock(&xbar->mutex); + dev_err(&pdev->dev, "Run out of free DMA requests\n"); + kfree(map); ++ of_node_put(dma_spec->np); + return ERR_PTR(-ENOMEM); + } + set_bit(map->xbar_out, xbar->dma_inuse); +-- +2.35.3 + diff --git a/patches.suse/drbd-fix-potential-silent-data-corruption.patch b/patches.suse/drbd-fix-potential-silent-data-corruption.patch new file mode 100644 index 0000000..78f5c07 --- /dev/null +++ b/patches.suse/drbd-fix-potential-silent-data-corruption.patch @@ -0,0 +1,68 @@ +From: Lars Ellenberg +Date: Wed, 30 Mar 2022 20:55:51 +0200 +Subject: drbd: fix potential silent data corruption +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: f4329d1f848ac35757d9cc5487669d19dfc5979c +Patch-mainline: v5.18-rc1 +References: git-fixes + +Scenario: +--------- + +bio chain generated by blk_queue_split(). +Some split bio fails and propagates its error status to the "parent" bio. +But then the (last part of the) parent bio itself completes without error. + +We would clobber the already recorded error status with BLK_STS_OK, +causing silent data corruption. + +Reproducer: +----------- + +How to trigger this in the real world within seconds: + +DRBD on top of degraded parity raid, +small stripe_cache_size, large read_ahead setting. +Drop page cache (sysctl vm.drop_caches=1, fadvise "DONTNEED", +umount and mount again, "reboot"). + +Cause significant read ahead. + +Large read ahead request is split by blk_queue_split(). +Parts of the read ahead that are already in the stripe cache, +or find an available stripe cache to use, can be serviced. +Parts of the read ahead that would need "too much work", +would need to wait for a "stripe_head" to become available, +are rejected immediately. + +For larger read ahead requests that are split in many pieces, it is very +likely that some "splits" will be serviced, but then the stripe cache is +exhausted/busy, and the remaining ones will be rejected. + +Signed-off-by: Lars Ellenberg +Signed-off-by: Christoph Böhmwalder +Cc: # 4.13.x +Link: https://lore.kernel.org/r/20220330185551.3553196-1-christoph.boehmwalder@linbit.com +Signed-off-by: Jens Axboe +Acked-by: Lee Duncan +--- + drivers/block/drbd/drbd_req.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c +index c00ae8619519..ebe0e5c8d0ac 100644 +--- a/drivers/block/drbd/drbd_req.c ++++ b/drivers/block/drbd/drbd_req.c +@@ -181,7 +181,8 @@ void start_new_tl_epoch(struct drbd_connection *connection) + void complete_master_bio(struct drbd_device *device, + struct bio_and_error *m) + { +- m->bio->bi_status = errno_to_blk_status(m->error); ++ if (unlikely(m->error)) ++ m->bio->bi_status = errno_to_blk_status(m->error); + bio_endio(m->bio); + dec_ap_bio(device); + } + diff --git a/patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch b/patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch new file mode 100644 index 0000000..fdd150c --- /dev/null +++ b/patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch @@ -0,0 +1,115 @@ +From 70fe758352cafdee72a7b13bf9db065f9613ced8 Mon Sep 17 00:00:00 2001 +From: Zhang Wensheng +Date: Wed, 22 Jun 2022 15:43:27 +0800 +Subject: [PATCH] driver core: fix potential deadlock in __driver_attach +Git-commit: 70fe758352cafdee72a7b13bf9db065f9613ced8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +In __driver_attach function, There are also AA deadlock problem, +like the commit b232b02bf3c2 ("driver core: fix deadlock in +__device_attach"). + +stack like commit b232b02bf3c2 ("driver core: fix deadlock in +__device_attach"). +list below: + In __driver_attach function, The lock holding logic is as follows: + ... + __driver_attach + if (driver_allows_async_probing(drv)) + device_lock(dev) // get lock dev + async_schedule_dev(__driver_attach_async_helper, dev); // func + async_schedule_node + async_schedule_node_domain(func) + entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); + /* when fail or work limit, sync to execute func, but + __driver_attach_async_helper will get lock dev as + will, which will lead to A-A deadlock. */ + if (!entry || atomic_read(&entry_count) > MAX_WORK) { + func; + else + queue_work_node(node, system_unbound_wq, &entry->work) + device_unlock(dev) + + As above show, when it is allowed to do async probes, because of + out of memory or work limit, async work is not be allowed, to do + sync execute instead. it will lead to A-A deadlock because of + __driver_attach_async_helper getting lock dev. + +Reproduce: +and it can be reproduce by make the condition +(if (!entry || atomic_read(&entry_count) > MAX_WORK)) untenable, like +Below: + +[ 370.785650] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables +this message. +[ 370.787154] task:swapper/0 state:D stack: 0 pid: 1 ppid: +0 flags:0x00004000 +[ 370.788865] Call Trace: +[ 370.789374] +[ 370.789841] __schedule+0x482/0x1050 +[ 370.790613] schedule+0x92/0x1a0 +[ 370.791290] schedule_preempt_disabled+0x2c/0x50 +[ 370.792256] __mutex_lock.isra.0+0x757/0xec0 +[ 370.793158] __mutex_lock_slowpath+0x1f/0x30 +[ 370.794079] mutex_lock+0x50/0x60 +[ 370.794795] __device_driver_lock+0x2f/0x70 +[ 370.795677] ? driver_probe_device+0xd0/0xd0 +[ 370.796576] __driver_attach_async_helper+0x1d/0xd0 +[ 370.797318] ? driver_probe_device+0xd0/0xd0 +[ 370.797957] async_schedule_node_domain+0xa5/0xc0 +[ 370.798652] async_schedule_node+0x19/0x30 +[ 370.799243] __driver_attach+0x246/0x290 +[ 370.799828] ? driver_allows_async_probing+0xa0/0xa0 +[ 370.800548] bus_for_each_dev+0x9d/0x130 +[ 370.801132] driver_attach+0x22/0x30 +[ 370.801666] bus_add_driver+0x290/0x340 +[ 370.802246] driver_register+0x88/0x140 +[ 370.802817] ? virtio_scsi_init+0x116/0x116 +[ 370.803425] scsi_register_driver+0x1a/0x30 +[ 370.804057] init_sd+0x184/0x226 +[ 370.804533] do_one_initcall+0x71/0x3a0 +[ 370.805107] kernel_init_freeable+0x39a/0x43a +[ 370.805759] ? rest_init+0x150/0x150 +[ 370.806283] kernel_init+0x26/0x230 +[ 370.806799] ret_from_fork+0x1f/0x30 + +To fix the deadlock, move the async_schedule_dev outside device_lock, +as we can see, in async_schedule_node_domain, the parameter of +queue_work_node is system_unbound_wq, so it can accept concurrent +operations. which will also not change the code logic, and will +not lead to deadlock. + +Fixes: ef0ff68351be ("driver core: Probe devices asynchronously instead of the driver") +Signed-off-by: Zhang Wensheng +Link: https://lore.kernel.org/r/20220622074327.497102-1-zhangwensheng5@huawei.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/base/dd.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/base/dd.c ++++ b/drivers/base/dd.c +@@ -1037,6 +1037,7 @@ static void __driver_attach_async_helper + static int __driver_attach(struct device *dev, void *data) + { + struct device_driver *drv = data; ++ bool async = false; + int ret; + + /* +@@ -1075,9 +1076,11 @@ static int __driver_attach(struct device + if (!dev->driver) { + get_device(dev); + dev->p->async_driver = drv; +- async_schedule_dev(__driver_attach_async_helper, dev); ++ async = true; + } + device_unlock(dev); ++ if (async) ++ async_schedule_dev(__driver_attach_async_helper, dev); + return 0; + } + diff --git a/patches.suse/drivers-core-Miscellaneous-changes-for-sysfs_emit.patch b/patches.suse/drivers-core-Miscellaneous-changes-for-sysfs_emit.patch new file mode 100644 index 0000000..47e5901 --- /dev/null +++ b/patches.suse/drivers-core-Miscellaneous-changes-for-sysfs_emit.patch @@ -0,0 +1,342 @@ +From 948b3edba8988306b635578a72b0dab6091a5eb0 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Wed, 16 Sep 2020 13:40:42 -0700 +Subject: [PATCH] drivers core: Miscellaneous changes for sysfs_emit +Git-commit: 948b3edba8988306b635578a72b0dab6091a5eb0 +Patch-mainline: v5.10-rc1 +References: bsc#1200598 cve-2022-20166 + +Change additional instances that could use sysfs_emit and sysfs_emit_at +that the coccinelle script could not convert. + +o macros creating show functions with ## concatenation +o unbound sprintf uses with buf+len for start of output to sysfs_emit_at +o returns with ?: tests and sprintf to sysfs_emit +o sysfs output with struct class * not struct device * arguments + +Miscellanea: + +o remove unnecessary initializations around these changes +o consistently use int len for return length of show functions +o use octal permissions and not S_ +o rename a few show function names so DEVICE_ATTR_ can be used +o use DEVICE_ATTR_ADMIN_RO where appropriate +o consistently use const char *output for strings +o checkpatch/style neatening + +Signed-off-by: Joe Perches +Link: https://lore.kernel.org/r/8bc24444fe2049a9b2de6127389b57edfdfe324d.1600285923.git.joe@perches.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Petr Mladek + +[ pmladek@suse.com: Removed changes when the buffer could never overflow. + Also removed cosmetic changes. +] + + +--- + drivers/base/class.c | 2 - + drivers/base/core.c | 6 ++--- + drivers/base/cpu.c | 41 ++++++++++++++++++------------------ + drivers/base/node.c | 54 +++++++++++++++++++++--------------------------- + drivers/base/platform.c | 4 --- + 5 files changed, 50 insertions(+), 57 deletions(-) + +--- a/drivers/base/class.c ++++ b/drivers/base/class.c +@@ -477,7 +477,7 @@ ssize_t show_class_attr_string(struct cl + struct class_attribute_string *cs; + + cs = container_of(attr, struct class_attribute_string, attr); +- return snprintf(buf, PAGE_SIZE, "%s\n", cs->str); ++ return sysfs_emit(buf, "%s\n", cs->str); + } + + EXPORT_SYMBOL_GPL(show_class_attr_string); +--- a/drivers/base/core.c ++++ b/drivers/base/core.c +@@ -1201,7 +1201,7 @@ static ssize_t uevent_show(struct device + struct kset *kset; + struct kobj_uevent_env *env = NULL; + int i; +- size_t count = 0; ++ int len = 0; + int retval; + + /* search the kset, the device belongs to */ +@@ -1231,10 +1231,10 @@ static ssize_t uevent_show(struct device + + /* copy keys to file */ + for (i = 0; i < env->envp_idx; i++) +- count += sprintf(&buf[count], "%s\n", env->envp[i]); ++ len += sysfs_emit_at(buf, len, "%s\n", env->envp[i]); + out: + kfree(env); +- return count; ++ return len; + } + + static ssize_t uevent_store(struct device *dev, struct device_attribute *attr, +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -241,37 +241,37 @@ unsigned int total_cpus; + static ssize_t print_cpus_offline(struct device *dev, + struct device_attribute *attr, char *buf) + { +- int n = 0, len = PAGE_SIZE-2; ++ int len = 0; + cpumask_var_t offline; + + /* display offline cpus < nr_cpu_ids */ + if (!alloc_cpumask_var(&offline, GFP_KERNEL)) + return -ENOMEM; + cpumask_andnot(offline, cpu_possible_mask, cpu_online_mask); +- n = scnprintf(buf, len, "%*pbl", cpumask_pr_args(offline)); ++ len += sysfs_emit_at(buf, len, "%*pbl", cpumask_pr_args(offline)); + free_cpumask_var(offline); + + /* display offline cpus >= nr_cpu_ids */ + if (total_cpus && nr_cpu_ids < total_cpus) { +- if (n && n < len) +- buf[n++] = ','; ++ len += sysfs_emit_at(buf, len, ","); + + if (nr_cpu_ids == total_cpus-1) +- n += snprintf(&buf[n], len - n, "%u", nr_cpu_ids); ++ len += sysfs_emit_at(buf, len, "%u", nr_cpu_ids); + else +- n += snprintf(&buf[n], len - n, "%u-%d", +- nr_cpu_ids, total_cpus-1); ++ len += sysfs_emit_at(buf, len, "%u-%d", ++ nr_cpu_ids, total_cpus - 1); + } + +- n += snprintf(&buf[n], len - n, "\n"); +- return n; ++ len += sysfs_emit_at(buf, len, "\n"); ++ ++ return len; + } + static DEVICE_ATTR(offline, 0444, print_cpus_offline, NULL); + + static ssize_t print_cpus_isolated(struct device *dev, + struct device_attribute *attr, char *buf) + { +- int n = 0; ++ int len = 0; + cpumask_var_t isolated; + + if (!alloc_cpumask_var(&isolated, GFP_KERNEL)) +@@ -279,17 +279,17 @@ static ssize_t print_cpus_isolated(struc + + cpumask_andnot(isolated, cpu_possible_mask, + housekeeping_cpumask(HK_FLAG_DOMAIN)); +- n = sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(isolated)); ++ len = sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(isolated)); + + free_cpumask_var(isolated); + +- return n; ++ return len; + } + static DEVICE_ATTR(isolated, 0444, print_cpus_isolated, NULL); + + #ifdef CONFIG_NO_HZ_FULL + static ssize_t print_cpus_nohz_full(struct device *dev, +- struct device_attribute *attr, char *buf) ++ struct device_attribute *attr, char *buf) + { + return sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(tick_nohz_full_mask)); + } +@@ -320,22 +320,23 @@ static ssize_t print_cpu_modalias(struct + struct device_attribute *attr, + char *buf) + { +- ssize_t n; ++ int len = 0; + u32 i; + +- n = sysfs_emit(buf, "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:", +- CPU_FEATURE_TYPEVAL); ++ len += sysfs_emit_at(buf, len, ++ "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:", ++ CPU_FEATURE_TYPEVAL); + + for (i = 0; i < MAX_CPU_FEATURES; i++) + if (cpu_have_feature(i)) { +- if (PAGE_SIZE < n + sizeof(",XXXX\n")) { ++ if (len + sizeof(",XXXX\n") >= PAGE_SIZE) { + WARN(1, "CPU features overflow page\n"); + break; + } +- n += sprintf(&buf[n], ",%04X", i); ++ len += sysfs_emit_at(buf, len, ",%04X", i); + } +- buf[n++] = '\n'; +- return n; ++ len += sysfs_emit_at(buf, len, "\n"); ++ return len; + } + + static int cpu_uevent(struct device *dev, struct kobj_uevent_env *env) +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -225,7 +225,8 @@ static ssize_t name##_show(struct device + struct device_attribute *attr, \ + char *buf) \ + { \ +- return sprintf(buf, fmt "\n", to_cache_info(dev)->cache_attrs.name);\ ++ return sysfs_emit(buf, fmt "\n", \ ++ to_cache_info(dev)->cache_attrs.name); \ + } \ + DEVICE_ATTR_RO(name); + +@@ -361,7 +362,7 @@ static void node_remove_caches(struct no + static ssize_t node_read_meminfo(struct device *dev, + struct device_attribute *attr, char *buf) + { +- int n; ++ int len = 0; + int nid = dev->id; + struct pglist_data *pgdat = NODE_DATA(nid); + struct sysinfo i; +@@ -370,7 +371,7 @@ static ssize_t node_read_meminfo(struct + si_meminfo_node(&i, nid); + sreclaimable = node_page_state(pgdat, NR_SLAB_RECLAIMABLE); + sunreclaimable = node_page_state(pgdat, NR_SLAB_UNRECLAIMABLE); +- n = sysfs_emit(buf, ++ len = sysfs_emit(buf, + "Node %d MemTotal: %8lu kB\n" + "Node %d MemFree: %8lu kB\n" + "Node %d MemUsed: %8lu kB\n" +@@ -397,7 +398,7 @@ static ssize_t node_read_meminfo(struct + nid, K(sum_zone_node_page_state(nid, NR_MLOCK))); + + #ifdef CONFIG_HIGHMEM +- n += sprintf(buf + n, ++ len += sysfs_emit_at(buf, len, + "Node %d HighTotal: %8lu kB\n" + "Node %d HighFree: %8lu kB\n" + "Node %d LowTotal: %8lu kB\n" +@@ -407,7 +408,7 @@ static ssize_t node_read_meminfo(struct + nid, K(i.totalram - i.totalhigh), + nid, K(i.freeram - i.freehigh)); + #endif +- n += sprintf(buf + n, ++ len += sysfs_emit_at(buf, len, + "Node %d Dirty: %8lu kB\n" + "Node %d Writeback: %8lu kB\n" + "Node %d FilePages: %8lu kB\n" +@@ -455,12 +456,12 @@ static ssize_t node_read_meminfo(struct + HPAGE_PMD_NR) + #endif + ); +- n += hugetlb_report_node_meminfo(nid, buf + n); +- return n; ++ len += hugetlb_report_node_meminfo(nid, buf + len); ++ return len; + } + + #undef K +-static DEVICE_ATTR(meminfo, S_IRUGO, node_read_meminfo, NULL); ++static DEVICE_ATTR(meminfo, 0444, node_read_meminfo, NULL); + + static ssize_t node_read_numastat(struct device *dev, + struct device_attribute *attr, char *buf) +@@ -487,28 +488,28 @@ static ssize_t node_read_vmstat(struct d + int nid = dev->id; + struct pglist_data *pgdat = NODE_DATA(nid); + int i; +- int n = 0; ++ int len = 0; + + for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++) +- n += sprintf(buf+n, "%s %lu\n", vmstat_text[i], ++ len += sysfs_emit_at(buf, len, "%s %lu\n", vmstat_text[i], + sum_zone_node_page_state(nid, i)); + + #ifdef CONFIG_NUMA + for (i = 0; i < NR_VM_NUMA_STAT_ITEMS; i++) +- n += sprintf(buf+n, "%s %lu\n", ++ len += sysfs_emit_at(buf, len, "%s %lu\n", + vmstat_text[i + NR_VM_ZONE_STAT_ITEMS], + sum_zone_numa_state(nid, i)); + #endif + + for (i = 0; i < NR_VM_NODE_STAT_ITEMS; i++) +- n += sprintf(buf+n, "%s %lu\n", ++ len += sysfs_emit_at(buf, len, "%s %lu\n", + vmstat_text[i + NR_VM_ZONE_STAT_ITEMS + + NR_VM_NUMA_STAT_ITEMS], + node_page_state(pgdat, i)); + +- return n; ++ return len; + } +-static DEVICE_ATTR(vmstat, S_IRUGO, node_read_vmstat, NULL); ++static DEVICE_ATTR(vmstat, 0444, node_read_vmstat, NULL); + + static ssize_t node_read_distance(struct device *dev, + struct device_attribute *attr, char *buf) +@@ -523,13 +524,15 @@ static ssize_t node_read_distance(struct + */ + BUILD_BUG_ON(MAX_NUMNODES * 4 > PAGE_SIZE); + +- for_each_online_node(i) +- len += sprintf(buf + len, "%s%d", i ? " " : "", node_distance(nid, i)); ++ for_each_online_node(i) { ++ len += sysfs_emit_at(buf, len, "%s%d", ++ i ? " " : "", node_distance(nid, i)); ++ } + +- len += sprintf(buf + len, "\n"); ++ len += sysfs_emit_at(buf, len, "\n"); + return len; + } +-static DEVICE_ATTR(distance, S_IRUGO, node_read_distance, NULL); ++static DEVICE_ATTR(distance, 0444, node_read_distance, NULL); + + static struct attribute *node_dev_attrs[] = { + &dev_attr_cpumap.attr, +@@ -976,17 +979,6 @@ void unregister_one_node(int nid) + * node states attributes + */ + +-static ssize_t print_nodes_state(enum node_states state, char *buf) +-{ +- int n; +- +- n = scnprintf(buf, PAGE_SIZE - 1, "%*pbl", +- nodemask_pr_args(&node_states[state])); +- buf[n++] = '\n'; +- buf[n] = '\0'; +- return n; +-} +- + struct node_attr { + struct device_attribute attr; + enum node_states state; +@@ -996,7 +988,9 @@ static ssize_t show_node_state(struct de + struct device_attribute *attr, char *buf) + { + struct node_attr *na = container_of(attr, struct node_attr, attr); +- return print_nodes_state(na->state, buf); ++ ++ return sysfs_emit(buf, "%*pbl\n", ++ nodemask_pr_args(&node_states[na->state])); + } + + #define _NODE_ATTR(name, state) \ +--- a/drivers/base/platform.c ++++ b/drivers/base/platform.c +@@ -975,9 +975,7 @@ static ssize_t modalias_show(struct devi + if (len != -ENODEV) + return len; + +- len = snprintf(buf, PAGE_SIZE, "platform:%s\n", pdev->name); +- +- return (len >= PAGE_SIZE) ? (PAGE_SIZE - 1) : len; ++ return sysfs_emit(buf, "platform:%s\n", pdev->name); + } + static DEVICE_ATTR_RO(modalias); + diff --git a/patches.suse/drivers-core-Remove-strcat-uses-around-sysfs_emit-an.patch b/patches.suse/drivers-core-Remove-strcat-uses-around-sysfs_emit-an.patch new file mode 100644 index 0000000..7f40ab8 --- /dev/null +++ b/patches.suse/drivers-core-Remove-strcat-uses-around-sysfs_emit-an.patch @@ -0,0 +1,91 @@ +From 973c39115cb308b6b1fe64b4f342996f3eef06d0 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Wed, 16 Sep 2020 13:40:40 -0700 +Subject: [PATCH] drivers core: Remove strcat uses around sysfs_emit and neaten +Git-commit: 973c39115cb308b6b1fe64b4f342996f3eef06d0 +Patch-mainline: v5.10-rc1 +References: bsc#1200598 cve-2022-20166 + +strcat is no longer necessary for sysfs_emit and sysfs_emit_at uses. + +Convert the strcat uses to sysfs_emit calls and neaten other block +uses of direct returns to use an intermediate const char *. + +Signed-off-by: Joe Perches +Link: https://lore.kernel.org/r/5d606519698ce4c8f1203a2b35797d8254c6050a.1600285923.git.joe@perches.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Petr Mladek + +[ pmladek@suse.com: Removed changes where the buffer could never overflow. ] +--- + drivers/base/memory.c | 33 ++++++++++++++++----------------- + 1 file changed, 16 insertions(+), 17 deletions(-) + +--- a/drivers/base/memory.c ++++ b/drivers/base/memory.c +@@ -379,17 +379,16 @@ static ssize_t phys_device_show(struct d + } + + #ifdef CONFIG_MEMORY_HOTREMOVE +-static void print_allowed_zone(char *buf, int nid, unsigned long start_pfn, +- unsigned long nr_pages, int online_type, +- struct zone *default_zone) ++static int print_allowed_zone(char *buf, int len, int nid, ++ unsigned long start_pfn, unsigned long nr_pages, ++ int online_type, struct zone *default_zone) + { + struct zone *zone; + + zone = zone_for_pfn_range(online_type, nid, start_pfn, nr_pages); +- if (zone != default_zone) { +- strcat(buf, " "); +- strcat(buf, zone->name); +- } ++ if (zone == default_zone) ++ return 0; ++ return sysfs_emit_at(buf, len, " %s", zone->name); + } + + static ssize_t valid_zones_show(struct device *dev, +@@ -400,6 +399,7 @@ static ssize_t valid_zones_show(struct d + unsigned long nr_pages = PAGES_PER_SECTION * sections_per_block; + unsigned long valid_start_pfn, valid_end_pfn; + struct zone *default_zone; ++ int len = 0; + int nid; + + /* +@@ -413,24 +413,23 @@ static ssize_t valid_zones_show(struct d + */ + if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, + &valid_start_pfn, &valid_end_pfn)) +- return sysfs_emit(buf, "none\n"); ++ return sysfs_emit(buf, "%s\n", "none"); + start_pfn = valid_start_pfn; +- strcat(buf, page_zone(pfn_to_page(start_pfn))->name); ++ len += sysfs_emit_at(buf, len, "%s", page_zone(pfn_to_page(start_pfn))->name); + goto out; + } + + nid = mem->nid; + default_zone = zone_for_pfn_range(MMOP_ONLINE_KEEP, nid, start_pfn, nr_pages); +- strcat(buf, default_zone->name); + +- print_allowed_zone(buf, nid, start_pfn, nr_pages, MMOP_ONLINE_KERNEL, +- default_zone); +- print_allowed_zone(buf, nid, start_pfn, nr_pages, MMOP_ONLINE_MOVABLE, +- default_zone); ++ len += sysfs_emit_at(buf, len, "%s", default_zone->name); ++ len += print_allowed_zone(buf, len, nid, start_pfn, nr_pages, MMOP_ONLINE_KERNEL, ++ default_zone); ++ len += print_allowed_zone(buf, len, nid, start_pfn, nr_pages, MMOP_ONLINE_MOVABLE, ++ default_zone); + out: +- strcat(buf, "\n"); +- +- return strlen(buf); ++ len += sysfs_emit_at(buf, len, "%s", "\n"); ++ return len; + } + static DEVICE_ATTR_RO(valid_zones); + #endif diff --git a/patches.suse/drivers-core-Use-sysfs_emit-and-sysfs_emit_at-for-sh.patch b/patches.suse/drivers-core-Use-sysfs_emit-and-sysfs_emit_at-for-sh.patch new file mode 100644 index 0000000..558bcf3 --- /dev/null +++ b/patches.suse/drivers-core-Use-sysfs_emit-and-sysfs_emit_at-for-sh.patch @@ -0,0 +1,332 @@ +From aa838896d87af561a33ecefea1caa4c15a68bc47 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Wed, 16 Sep 2020 13:40:39 -0700 +Subject: [PATCH] drivers core: Use sysfs_emit and sysfs_emit_at for + show(device *...) functions +Git-commit: aa838896d87af561a33ecefea1caa4c15a68bc47 +Patch-mainline: v5.10-rc1 +References: bsc#1200598 cve-2022-20166 + +Convert the various sprintf fmaily calls in sysfs device show functions +to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety. + +Done with: + +$ spatch -sp-file sysfs_emit_dev.cocci --in-place --max-width=80 . + +And cocci script: + +$ cat sysfs_emit_dev.cocci +@@ +identifier d_show; +identifier dev, attr, buf; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + return +- sprintf(buf, ++ sysfs_emit(buf, + ...); + ...> +} + +@@ +identifier d_show; +identifier dev, attr, buf; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + return +- snprintf(buf, PAGE_SIZE, ++ sysfs_emit(buf, + ...); + ...> +} + +@@ +identifier d_show; +identifier dev, attr, buf; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + return +- scnprintf(buf, PAGE_SIZE, ++ sysfs_emit(buf, + ...); + ...> +} + +@@ +identifier d_show; +identifier dev, attr, buf; +expression chr; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + return +- strcpy(buf, chr); ++ sysfs_emit(buf, chr); + ...> +} + +@@ +identifier d_show; +identifier dev, attr, buf; +identifier len; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + len = +- sprintf(buf, ++ sysfs_emit(buf, + ...); + ...> + return len; +} + +@@ +identifier d_show; +identifier dev, attr, buf; +identifier len; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + len = +- snprintf(buf, PAGE_SIZE, ++ sysfs_emit(buf, + ...); + ...> + return len; +} + +@@ +identifier d_show; +identifier dev, attr, buf; +identifier len; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... + len = +- scnprintf(buf, PAGE_SIZE, ++ sysfs_emit(buf, + ...); + ...> + return len; +} + +@@ +identifier d_show; +identifier dev, attr, buf; +identifier len; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + <... +- len += scnprintf(buf + len, PAGE_SIZE - len, ++ len += sysfs_emit_at(buf, len, + ...); + ...> + return len; +} + +@@ +identifier d_show; +identifier dev, attr, buf; +expression chr; +@@ + +ssize_t d_show(struct device *dev, struct device_attribute *attr, char *buf) +{ + ... +- strcpy(buf, chr); +- return strlen(buf); ++ return sysfs_emit(buf, chr); +} + +Signed-off-by: Joe Perches +Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@perches.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Petr Mladek + +[ pmladek@suse.com: Removed changes whe the buffer could never overflow. ] + +--- + drivers/base/cpu.c | 14 +++++--------- + drivers/base/memory.c | 2 +- + drivers/base/node.c | 28 ++++++++++++++-------------- + drivers/base/platform.c | 2 +- + drivers/base/power/sysfs.c | 2 +- + drivers/base/power/wakeup_stats.c | 2 +- + drivers/base/soc.c | 10 +++++----- + 7 files changed, 28 insertions(+), 32 deletions(-) + +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -272,7 +272,7 @@ static DEVICE_ATTR(offline, 0444, print_ + static ssize_t print_cpus_isolated(struct device *dev, + struct device_attribute *attr, char *buf) + { +- int n = 0, len = PAGE_SIZE-2; ++ int n = 0; + cpumask_var_t isolated; + + if (!alloc_cpumask_var(&isolated, GFP_KERNEL)) +@@ -280,7 +280,7 @@ static ssize_t print_cpus_isolated(struc + + cpumask_andnot(isolated, cpu_possible_mask, + housekeeping_cpumask(HK_FLAG_DOMAIN)); +- n = scnprintf(buf, len, "%*pbl\n", cpumask_pr_args(isolated)); ++ n = sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(isolated)); + + free_cpumask_var(isolated); + +@@ -292,11 +292,7 @@ static DEVICE_ATTR(isolated, 0444, print + static ssize_t print_cpus_nohz_full(struct device *dev, + struct device_attribute *attr, char *buf) + { +- int n = 0, len = PAGE_SIZE-2; +- +- n = scnprintf(buf, len, "%*pbl\n", cpumask_pr_args(tick_nohz_full_mask)); +- +- return n; ++ return sysfs_emit(buf, "%*pbl\n", cpumask_pr_args(tick_nohz_full_mask)); + } + static DEVICE_ATTR(nohz_full, 0444, print_cpus_nohz_full, NULL); + #endif +@@ -328,8 +324,8 @@ static ssize_t print_cpu_modalias(struct + ssize_t n; + u32 i; + +- n = sprintf(buf, "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:", +- CPU_FEATURE_TYPEVAL); ++ n = sysfs_emit(buf, "cpu:type:" CPU_FEATURE_TYPEFMT ":feature:", ++ CPU_FEATURE_TYPEVAL); + + for (i = 0; i < MAX_CPU_FEATURES; i++) + if (cpu_have_feature(i)) { +--- a/drivers/base/memory.c ++++ b/drivers/base/memory.c +@@ -421,7 +421,7 @@ static ssize_t valid_zones_show(struct d + */ + if (!test_pages_in_a_zone(start_pfn, start_pfn + nr_pages, + &valid_start_pfn, &valid_end_pfn)) +- return sprintf(buf, "none\n"); ++ return sysfs_emit(buf, "none\n"); + start_pfn = valid_start_pfn; + strcat(buf, page_zone(pfn_to_page(start_pfn))->name); + goto out; +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -370,7 +370,7 @@ static ssize_t node_read_meminfo(struct + si_meminfo_node(&i, nid); + sreclaimable = node_page_state(pgdat, NR_SLAB_RECLAIMABLE); + sunreclaimable = node_page_state(pgdat, NR_SLAB_UNRECLAIMABLE); +- n = sprintf(buf, ++ n = sysfs_emit(buf, + "Node %d MemTotal: %8lu kB\n" + "Node %d MemFree: %8lu kB\n" + "Node %d MemUsed: %8lu kB\n" +@@ -465,19 +465,19 @@ static DEVICE_ATTR(meminfo, S_IRUGO, nod + static ssize_t node_read_numastat(struct device *dev, + struct device_attribute *attr, char *buf) + { +- return sprintf(buf, +- "numa_hit %lu\n" +- "numa_miss %lu\n" +- "numa_foreign %lu\n" +- "interleave_hit %lu\n" +- "local_node %lu\n" +- "other_node %lu\n", +- sum_zone_numa_state(dev->id, NUMA_HIT), +- sum_zone_numa_state(dev->id, NUMA_MISS), +- sum_zone_numa_state(dev->id, NUMA_FOREIGN), +- sum_zone_numa_state(dev->id, NUMA_INTERLEAVE_HIT), +- sum_zone_numa_state(dev->id, NUMA_LOCAL), +- sum_zone_numa_state(dev->id, NUMA_OTHER)); ++ return sysfs_emit(buf, ++ "numa_hit %lu\n" ++ "numa_miss %lu\n" ++ "numa_foreign %lu\n" ++ "interleave_hit %lu\n" ++ "local_node %lu\n" ++ "other_node %lu\n", ++ sum_zone_numa_state(dev->id, NUMA_HIT), ++ sum_zone_numa_state(dev->id, NUMA_MISS), ++ sum_zone_numa_state(dev->id, NUMA_FOREIGN), ++ sum_zone_numa_state(dev->id, NUMA_INTERLEAVE_HIT), ++ sum_zone_numa_state(dev->id, NUMA_LOCAL), ++ sum_zone_numa_state(dev->id, NUMA_OTHER)); + } + static DEVICE_ATTR(numastat, S_IRUGO, node_read_numastat, NULL); + +--- a/drivers/base/platform.c ++++ b/drivers/base/platform.c +@@ -1081,7 +1081,7 @@ static ssize_t driver_override_show(stru + ssize_t len; + + device_lock(dev); +- len = sprintf(buf, "%s\n", pdev->driver_override); ++ len = sysfs_emit(buf, "%s\n", pdev->driver_override); + device_unlock(dev); + return len; + } +--- a/drivers/base/power/sysfs.c ++++ b/drivers/base/power/sysfs.c +@@ -100,7 +100,7 @@ static const char ctrl_on[] = "on"; + static ssize_t control_show(struct device *dev, struct device_attribute *attr, + char *buf) + { +- return sprintf(buf, "%s\n", ++ return sysfs_emit(buf, "%s\n", + dev->power.runtime_auto ? ctrl_auto : ctrl_on); + } + +--- a/drivers/base/power/wakeup_stats.c ++++ b/drivers/base/power/wakeup_stats.c +@@ -91,7 +91,7 @@ static ssize_t name_show(struct device * + { + struct wakeup_source *ws = dev_get_drvdata(dev); + +- return sprintf(buf, "%s\n", ws->name); ++ return sysfs_emit(buf, "%s\n", ws->name); + } + static DEVICE_ATTR_RO(name); + +--- a/drivers/base/soc.c ++++ b/drivers/base/soc.c +@@ -76,15 +76,15 @@ static ssize_t soc_info_get(struct devic + struct soc_device *soc_dev = container_of(dev, struct soc_device, dev); + + if (attr == &dev_attr_machine) +- return sprintf(buf, "%s\n", soc_dev->attr->machine); ++ return sysfs_emit(buf, "%s\n", soc_dev->attr->machine); + if (attr == &dev_attr_family) +- return sprintf(buf, "%s\n", soc_dev->attr->family); ++ return sysfs_emit(buf, "%s\n", soc_dev->attr->family); + if (attr == &dev_attr_revision) +- return sprintf(buf, "%s\n", soc_dev->attr->revision); ++ return sysfs_emit(buf, "%s\n", soc_dev->attr->revision); + if (attr == &dev_attr_serial_number) +- return sprintf(buf, "%s\n", soc_dev->attr->serial_number); ++ return sysfs_emit(buf, "%s\n", soc_dev->attr->serial_number); + if (attr == &dev_attr_soc_id) +- return sprintf(buf, "%s\n", soc_dev->attr->soc_id); ++ return sysfs_emit(buf, "%s\n", soc_dev->attr->soc_id); + + return -EINVAL; + diff --git a/patches.suse/drivers-net-fix-memory-leak-in-atusb_probe.patch b/patches.suse/drivers-net-fix-memory-leak-in-atusb_probe.patch new file mode 100644 index 0000000..7b4e5f8 --- /dev/null +++ b/patches.suse/drivers-net-fix-memory-leak-in-atusb_probe.patch @@ -0,0 +1,42 @@ +From 4926175f428337fbc1452f6c0dc8b5da9e3e5437 Mon Sep 17 00:00:00 2001 +From: Pavel Skripkin +Date: Thu, 1 Apr 2021 07:46:24 +0300 +Subject: [PATCH 12/17] drivers: net: fix memory leak in atusb_probe +Git-commit: 6b9fbe16955152626557ec6f439f3407b7769941 +References: git-fixes +Patch-mainline: v5.12-rc7 + +syzbot reported memory leak in atusb_probe()[1]. +The problem was in atusb_alloc_urbs(). +Since urb is anchored, we need to release the reference +to correctly free the urb + +backtrace: + [] kmalloc include/linux/slab.h:559 [inline] + [] usb_alloc_urb+0x66/0xe0 drivers/usb/core/urb.c:74 + [] atusb_alloc_urbs drivers/net/ieee802154/atusb.c:362 [inline][2] + [] atusb_probe+0x158/0x820 drivers/net/ieee802154/atusb.c:1038 [1] + +Reported-by: syzbot+28a246747e0a465127f3@syzkaller.appspotmail.com +Signed-off-by: Pavel Skripkin +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ieee802154/atusb.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ieee802154/atusb.c b/drivers/net/ieee802154/atusb.c +index 06c026e20dc2..2f5e7b31032a 100644 +--- a/drivers/net/ieee802154/atusb.c ++++ b/drivers/net/ieee802154/atusb.c +@@ -367,6 +367,7 @@ static int atusb_alloc_urbs(struct atusb *atusb, int n) + return -ENOMEM; + } + usb_anchor_urb(urb, &atusb->idle_urbs); ++ usb_free_urb(urb); + n--; + } + return 0; +-- +2.16.4 + diff --git a/patches.suse/drivers-net-fix-memory-leak-in-peak_usb_create_dev.patch b/patches.suse/drivers-net-fix-memory-leak-in-peak_usb_create_dev.patch new file mode 100644 index 0000000..b5de4a7 --- /dev/null +++ b/patches.suse/drivers-net-fix-memory-leak-in-peak_usb_create_dev.patch @@ -0,0 +1,56 @@ +From 14c0837190d865d276c5e0d8eeeab707037ffb19 Mon Sep 17 00:00:00 2001 +From: Pavel Skripkin +Date: Thu, 1 Apr 2021 16:27:52 +0300 +Subject: [PATCH 13/17] drivers: net: fix memory leak in peak_usb_create_dev +Git-commit: a0b96b4a62745397aee662670cfc2157bac03f55 +References: git-fixes +Patch-mainline: v5.12-rc7 + +syzbot reported memory leak in peak_usb. +The problem was in case of failure after calling +->dev_init()[2] in peak_usb_create_dev()[1]. The data +allocated int dev_init() wasn't freed, so simple +->dev_free() call fix this problem. + +backtrace: + [<0000000079d6542a>] kmalloc include/linux/slab.h:552 [inline] + [<0000000079d6542a>] kzalloc include/linux/slab.h:682 [inline] + [<0000000079d6542a>] pcan_usb_fd_init+0x156/0x210 drivers/net/can/usb/peak_usb/pcan_usb_fd.c:868 [2] + [<00000000c09f9057>] peak_usb_create_dev drivers/net/can/usb/peak_usb/pcan_usb_core.c:851 [inline] [1] + [<00000000c09f9057>] peak_usb_probe+0x389/0x490 drivers/net/can/usb/peak_usb/pcan_usb_core.c:949 + +Reported-by: syzbot+91adee8d9ebb9193d22d@syzkaller.appspotmail.com +Signed-off-by: Pavel Skripkin +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/can/usb/peak_usb/pcan_usb_core.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/can/usb/peak_usb/pcan_usb_core.c b/drivers/net/can/usb/peak_usb/pcan_usb_core.c +index f22089101cdd..4b18f37beb4c 100644 +--- a/drivers/net/can/usb/peak_usb/pcan_usb_core.c ++++ b/drivers/net/can/usb/peak_usb/pcan_usb_core.c +@@ -856,7 +856,7 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, + if (dev->adapter->dev_set_bus) { + err = dev->adapter->dev_set_bus(dev, 0); + if (err) +- goto lbl_unregister_candev; ++ goto adap_dev_free; + } + + /* get device number early */ +@@ -868,6 +868,10 @@ static int peak_usb_create_dev(const struct peak_usb_adapter *peak_usb_adapter, + + return 0; + ++adap_dev_free: ++ if (dev->adapter->dev_free) ++ dev->adapter->dev_free(dev); ++ + lbl_unregister_candev: + unregister_candev(netdev); + +-- +2.16.4 + diff --git a/patches.suse/drm-adv7511-override-i2c-address-of-cec-before-acces.patch b/patches.suse/drm-adv7511-override-i2c-address-of-cec-before-acces.patch new file mode 100644 index 0000000..49fc440 --- /dev/null +++ b/patches.suse/drm-adv7511-override-i2c-address-of-cec-before-acces.patch @@ -0,0 +1,63 @@ +From 9cc4853e4781bf0dd0f35355dc92d97c9da02f5d Mon Sep 17 00:00:00 2001 +From: Antonio Borneo +Date: Tue, 7 Jun 2022 23:31:44 +0200 +Subject: [PATCH] drm: adv7511: override i2c address of cec before accessing it +Git-commit: 9cc4853e4781bf0dd0f35355dc92d97c9da02f5d +Patch-mainline: v6.0-rc1 +References: git-fixes + +Commit 680532c50bca ("drm: adv7511: Add support for +i2c_new_secondary_device") allows a device tree node to override +the default addresses of the secondary i2c devices. This is useful +for solving address conflicts on the i2c bus. + +In adv7511_init_cec_regmap() the new i2c address of cec device is +read from device tree and immediately accessed, well before it is +written in the proper register to override the default address. +This can cause an i2c error during probe and a consequent probe +failure. + +Once the new i2c address is read from the device tree, override +the default address before any attempt to access the cec. + +Tested with adv7533 and stm32mp157f. + +Signed-off-by: Antonio Borneo +Fixes: 680532c50bca ("drm: adv7511: Add support for i2c_new_secondary_device") +Reviewed-by: Kieran Bingham +Signed-off-by: Robert Foss +Link: https://patchwork.freedesktop.org/patch/msgid/20220607213144.427177-1-antonio.borneo@foss.st.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c +index 5bb9300040dd..074c2e650cae 100644 +--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c ++++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c +@@ -1065,6 +1065,10 @@ static int adv7511_init_cec_regmap(struct adv7511 *adv) + ADV7511_CEC_I2C_ADDR_DEFAULT); + if (IS_ERR(adv->i2c_cec)) + return PTR_ERR(adv->i2c_cec); ++ ++ regmap_write(adv->regmap, ADV7511_REG_CEC_I2C_ADDR, ++ adv->i2c_cec->addr << 1); ++ + i2c_set_clientdata(adv->i2c_cec, adv); + + adv->regmap_cec = devm_regmap_init_i2c(adv->i2c_cec, +@@ -1271,9 +1275,6 @@ static int adv7511_probe(struct i2c_client *i2c, const struct i2c_device_id *id) + if (ret) + goto err_i2c_unregister_packet; + +- regmap_write(adv7511->regmap, ADV7511_REG_CEC_I2C_ADDR, +- adv7511->i2c_cec->addr << 1); +- + INIT_WORK(&adv7511->hpd_work, adv7511_hpd_work); + + if (i2c->irq) { +-- +2.35.3 + diff --git a/patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch b/patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch new file mode 100644 index 0000000..71622e1 --- /dev/null +++ b/patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch @@ -0,0 +1,53 @@ +From 3876a8b5e241081b2a519f848a65c00d8e6cd124 Mon Sep 17 00:00:00 2001 +From: Guenter Roeck +Date: Tue, 12 Jul 2022 15:42:47 -0700 +Subject: [PATCH] drm/amd/display: Enable building new display engine with KCOV enabled +Git-commit: 3876a8b5e241081b2a519f848a65c00d8e6cd124 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The new display engine uses floating point math, which is not supported +by KCOV. Commit 9d1d02ff3678 ("drm/amd/display: Don't build DCN1 when kcov +is enabled") tried to work around the problem by disabling +CONFIG_DRM_AMD_DC_DCN if KCOV_INSTRUMENT_ALL and KCOV_ENABLE_COMPARISONS +are enabled. The result is that KCOV can not be enabled on systems which +require this display engine. A much simpler and less invasive solution is +to disable KCOV selectively when compiling the display enagine while +keeping it enabled for the rest of the kernel. + +Fixes: 9d1d02ff3678 ("drm/amd/display: Don't build DCN1 when kcov is enabled") +Cc: Arnd Bergmann +Cc: Leo Li +Reviewed-by: Harry Wentland +Signed-off-by: Guenter Roeck +Signed-off-by: Alex Deucher +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/amd/display/Kconfig | 2 +- + drivers/gpu/drm/amd/display/dc/Makefile | 3 +++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/drivers/gpu/drm/amd/display/Kconfig ++++ b/drivers/gpu/drm/amd/display/Kconfig +@@ -6,7 +6,7 @@ config DRM_AMD_DC + bool "AMD DC - Enable new display engine" + default y + select SND_HDA_COMPONENT if SND_HDA_CORE +- select DRM_AMD_DC_DCN if (X86 || PPC64) && !(KCOV_INSTRUMENT_ALL && KCOV_ENABLE_COMPARISONS) ++ select DRM_AMD_DC_DCN if (X86 || PPC64) + help + Choose this option if you want to use the new display engine + support for AMDGPU. This adds required support for Vega and +--- a/drivers/gpu/drm/amd/display/dc/Makefile ++++ b/drivers/gpu/drm/amd/display/dc/Makefile +@@ -26,6 +26,9 @@ + DC_LIBS = basics bios calcs clk_mgr dce gpio irq virtual + + ifdef CONFIG_DRM_AMD_DC_DCN ++ ++KCOV_INSTRUMENT := n ++ + DC_LIBS += dcn20 + DC_LIBS += dsc + DC_LIBS += dcn10 dml diff --git a/patches.suse/drm-bridge-adv7511-Add-check-for-mipi_dsi_driver_reg.patch b/patches.suse/drm-bridge-adv7511-Add-check-for-mipi_dsi_driver_reg.patch new file mode 100644 index 0000000..5a131e0 --- /dev/null +++ b/patches.suse/drm-bridge-adv7511-Add-check-for-mipi_dsi_driver_reg.patch @@ -0,0 +1,57 @@ +From 831463667b5f4f1e5bce9c3b94e9e794d2bc8923 Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Thu, 2 Jun 2022 18:34:01 +0800 +Subject: [PATCH] drm: bridge: adv7511: Add check for mipi_dsi_driver_register +Git-commit: 831463667b5f4f1e5bce9c3b94e9e794d2bc8923 +Patch-mainline: v6.0-rc1 +References: git-fixes + +As mipi_dsi_driver_register could return error if fails, +it should be better to check the return value and return error +if fails. +Moreover, if i2c_add_driver fails, mipi_dsi_driver_register +should be reverted. + +Fixes: 1e4d58cd7f88 ("drm/bridge: adv7533: Create a MIPI DSI device") +Signed-off-by: Jiasheng Jiang +Reviewed-by: Laurent Pinchart +Signed-off-by: Sam Ravnborg +Link: https://patchwork.freedesktop.org/patch/msgid/20220602103401.2980938-1-jiasheng@iscas.ac.cn +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/bridge/adv7511/adv7511_drv.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c +index 074c2e650cae..38bf28720f3a 100644 +--- a/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c ++++ b/drivers/gpu/drm/bridge/adv7511/adv7511_drv.c +@@ -1393,10 +1393,21 @@ static struct i2c_driver adv7511_driver = { + + static int __init adv7511_init(void) + { +- if (IS_ENABLED(CONFIG_DRM_MIPI_DSI)) +- mipi_dsi_driver_register(&adv7533_dsi_driver); ++ int ret; ++ ++ if (IS_ENABLED(CONFIG_DRM_MIPI_DSI)) { ++ ret = mipi_dsi_driver_register(&adv7533_dsi_driver); ++ if (ret) ++ return ret; ++ } + +- return i2c_add_driver(&adv7511_driver); ++ ret = i2c_add_driver(&adv7511_driver); ++ if (ret) { ++ if (IS_ENABLED(CONFIG_DRM_MIPI_DSI)) ++ mipi_dsi_driver_unregister(&adv7533_dsi_driver); ++ } ++ ++ return ret; + } + module_init(adv7511_init); + +-- +2.35.3 + diff --git a/patches.suse/drm-bridge-sii8620-fix-possible-off-by-one.patch b/patches.suse/drm-bridge-sii8620-fix-possible-off-by-one.patch new file mode 100644 index 0000000..055f067 --- /dev/null +++ b/patches.suse/drm-bridge-sii8620-fix-possible-off-by-one.patch @@ -0,0 +1,52 @@ +From 21779cc21c732c5eff8ea1624be6590450baa30f Mon Sep 17 00:00:00 2001 +From: Hangyu Hua +Date: Wed, 18 May 2022 14:58:56 +0800 +Subject: [PATCH] drm: bridge: sii8620: fix possible off-by-one +Git-commit: 21779cc21c732c5eff8ea1624be6590450baa30f +Patch-mainline: v6.0-rc1 +References: git-fixes + +The next call to sii8620_burst_get_tx_buf will result in off-by-one +When ctx->burst.tx_count + size == ARRAY_SIZE(ctx->burst.tx_buf). The same +thing happens in sii8620_burst_get_rx_buf. + +This patch also change tx_count and tx_buf to rx_count and rx_buf in +sii8620_burst_get_rx_buf. It is unreasonable to check tx_buf's size and +use rx_buf. + +Fixes: e19e9c692f81 ("drm/bridge/sii8620: add support for burst eMSC transmissions") +Signed-off-by: Hangyu Hua +Reviewed-by: Andrzej Hajda +Signed-off-by: Robert Foss +Link: https://patchwork.freedesktop.org/patch/msgid/20220518065856.18936-1-hbh25y@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/bridge/sil-sii8620.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/bridge/sil-sii8620.c b/drivers/gpu/drm/bridge/sil-sii8620.c +index ec7745c31da0..ab0bce4a988c 100644 +--- a/drivers/gpu/drm/bridge/sil-sii8620.c ++++ b/drivers/gpu/drm/bridge/sil-sii8620.c +@@ -605,7 +605,7 @@ static void *sii8620_burst_get_tx_buf(struct sii8620 *ctx, int len) + u8 *buf = &ctx->burst.tx_buf[ctx->burst.tx_count]; + int size = len + 2; + +- if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) { ++ if (ctx->burst.tx_count + size >= ARRAY_SIZE(ctx->burst.tx_buf)) { + dev_err(ctx->dev, "TX-BLK buffer exhausted\n"); + ctx->error = -EINVAL; + return NULL; +@@ -622,7 +622,7 @@ static u8 *sii8620_burst_get_rx_buf(struct sii8620 *ctx, int len) + u8 *buf = &ctx->burst.rx_buf[ctx->burst.rx_count]; + int size = len + 1; + +- if (ctx->burst.tx_count + size > ARRAY_SIZE(ctx->burst.tx_buf)) { ++ if (ctx->burst.rx_count + size >= ARRAY_SIZE(ctx->burst.rx_buf)) { + dev_err(ctx->dev, "RX-BLK buffer exhausted\n"); + ctx->error = -EINVAL; + return NULL; +-- +2.35.3 + diff --git a/patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch b/patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch new file mode 100644 index 0000000..3aa66e5 --- /dev/null +++ b/patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch @@ -0,0 +1,87 @@ +From 0b4c48f3e315d172e4cc06e10f2c8ba180788baf Mon Sep 17 00:00:00 2001 +From: Marek Vasut +Date: Fri, 20 May 2022 14:15:43 +0200 +Subject: [PATCH] drm/bridge: tc358767: Make sure Refclk clock are enabled +Git-commit: 0b4c48f3e315d172e4cc06e10f2c8ba180788baf +Patch-mainline: v6.0-rc1 +References: git-fixes + +The Refclk may be supplied by SoC clock output instead of crystal +oscillator, make sure the clock are enabled before any other action +is performed with the bridge chip, otherwise it may either fail to +operate at all, or miss reset GPIO toggle. + +Reviewed-by: Lucas Stach +Fixes: 7caff0fc4296e ("drm/bridge: tc358767: Add DPI to eDP bridge driver") +Signed-off-by: Marek Vasut +Cc: Jonas Karlman +Cc: Laurent Pinchart +Cc: Lucas Stach +Cc: Marek Vasut +Cc: Maxime Ripard +Cc: Neil Armstrong +Cc: Robert Foss +Cc: Sam Ravnborg +Reviewed-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220520121543.11550-1-marex@denx.de +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/bridge/tc358767.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +--- a/drivers/gpu/drm/bridge/tc358767.c ++++ b/drivers/gpu/drm/bridge/tc358767.c +@@ -1544,6 +1544,13 @@ static irqreturn_t tc_irq_handler(int ir + return IRQ_HANDLED; + } + ++static void tc_clk_disable(void *data) ++{ ++ struct clk *refclk = data; ++ ++ clk_disable_unprepare(refclk); ++} ++ + static int tc_probe(struct i2c_client *client, const struct i2c_device_id *id) + { + struct device *dev = &client->dev; +@@ -1561,6 +1568,24 @@ static int tc_probe(struct i2c_client *c + if (ret && ret != -ENODEV) + return ret; + ++ tc->refclk = devm_clk_get(dev, "ref"); ++ if (IS_ERR(tc->refclk)) { ++ ret = PTR_ERR(tc->refclk); ++ dev_err(dev, "Failed to get refclk: %d\n", ret); ++ return ret; ++ } ++ ++ ret = clk_prepare_enable(tc->refclk); ++ if (ret) ++ return ret; ++ ++ ret = devm_add_action_or_reset(dev, tc_clk_disable, tc->refclk); ++ if (ret) ++ return ret; ++ ++ /* tRSTW = 100 cycles , at 13 MHz that is ~7.69 us */ ++ usleep_range(10, 15); ++ + /* Shut down GPIO is optional */ + tc->sd_gpio = devm_gpiod_get_optional(dev, "shutdown", GPIOD_OUT_HIGH); + if (IS_ERR(tc->sd_gpio)) +@@ -1581,13 +1606,6 @@ static int tc_probe(struct i2c_client *c + usleep_range(5000, 10000); + } + +- tc->refclk = devm_clk_get(dev, "ref"); +- if (IS_ERR(tc->refclk)) { +- ret = PTR_ERR(tc->refclk); +- dev_err(dev, "Failed to get refclk: %d\n", ret); +- return ret; +- } +- + tc->regmap = devm_regmap_init_i2c(client, &tc_regmap_config); + if (IS_ERR(tc->regmap)) { + ret = PTR_ERR(tc->regmap); diff --git a/patches.suse/drm-doc-Fix-comment-typo.patch b/patches.suse/drm-doc-Fix-comment-typo.patch new file mode 100644 index 0000000..db40319 --- /dev/null +++ b/patches.suse/drm-doc-Fix-comment-typo.patch @@ -0,0 +1,47 @@ +From c83375699fc648f94787d00bc615e370cf8f5fa2 Mon Sep 17 00:00:00 2001 +From: Marek Vasut +Date: Tue, 28 Jun 2022 02:34:07 +0200 +Subject: [PATCH] drm/doc: Fix comment typo +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: c83375699fc648f94787d00bc615e370cf8f5fa2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Replace apprpriately with appropriately. + +Fixes: 1e4d84c6589e9 ("drm/doc: Polish plane composition property docs") +Signed-off-by: Marek Vasut +Cc: Benjamin Gaignard +Cc: Daniel Vetter +Cc: Dmitry Baryshkov +Cc: Maxime Ripard +Cc: Sean Paul +Cc: Simon Ser +Cc: Ville Syrjälä +Signed-off-by: Simon Ser +Reviewed-by: Simon Ser +Link: https://patchwork.freedesktop.org/patch/msgid/20220628003407.77765-1-marex@denx.de +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/drm_blend.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/drm_blend.c b/drivers/gpu/drm/drm_blend.c +index 46ee5d5df6b4..b4c8cab7158c 100644 +--- a/drivers/gpu/drm/drm_blend.c ++++ b/drivers/gpu/drm/drm_blend.c +@@ -80,7 +80,7 @@ + * + * Note that the source rectangle must fully lie within the bounds of the + * &drm_framebuffer. The destination rectangle can lie outside of the visible +- * area of the current mode of the CRTC. It must be apprpriately clipped by the ++ * area of the current mode of the CRTC. It must be appropriately clipped by the + * driver, which can be done by calling drm_plane_helper_check_update(). Drivers + * are also allowed to round the subpixel sampling positions appropriately, but + * only to the next full pixel. No pixel outside of the source rectangle may +-- +2.35.3 + diff --git a/patches.suse/drm-exynos-exynos7_drm_decon-free-resources-when-clk.patch b/patches.suse/drm-exynos-exynos7_drm_decon-free-resources-when-clk.patch new file mode 100644 index 0000000..c9fa763 --- /dev/null +++ b/patches.suse/drm-exynos-exynos7_drm_decon-free-resources-when-clk.patch @@ -0,0 +1,75 @@ +From 48b927770f8ad3f8cf4a024a552abf272af9f592 Mon Sep 17 00:00:00 2001 +From: Jian Zhang +Date: Tue, 12 Jul 2022 13:56:11 +0900 +Subject: [PATCH] drm/exynos/exynos7_drm_decon: free resources when clk_set_parent() failed. +Git-commit: 48b927770f8ad3f8cf4a024a552abf272af9f592 +Patch-mainline: v6.0-rc1 +References: git-fixes + +In exynos7_decon_resume, When it fails, we must use clk_disable_unprepare() +to free resource that have been used. + +Fixes: 6f83d20838c09 ("drm/exynos: use DRM_DEV_ERROR to print out error +message") + +Reported-by: Hulk Robot +Signed-off-by: Jian Zhang +Signed-off-by: Inki Dae +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/exynos/exynos7_drm_decon.c | 17 +++++++++++++---- + 1 file changed, 13 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/exynos/exynos7_drm_decon.c b/drivers/gpu/drm/exynos/exynos7_drm_decon.c +index 3047edf355b5..7080cf7952ec 100644 +--- a/drivers/gpu/drm/exynos/exynos7_drm_decon.c ++++ b/drivers/gpu/drm/exynos/exynos7_drm_decon.c +@@ -801,31 +801,40 @@ static int exynos7_decon_resume(struct device *dev) + if (ret < 0) { + DRM_DEV_ERROR(dev, "Failed to prepare_enable the pclk [%d]\n", + ret); +- return ret; ++ goto err_pclk_enable; + } + + ret = clk_prepare_enable(ctx->aclk); + if (ret < 0) { + DRM_DEV_ERROR(dev, "Failed to prepare_enable the aclk [%d]\n", + ret); +- return ret; ++ goto err_aclk_enable; + } + + ret = clk_prepare_enable(ctx->eclk); + if (ret < 0) { + DRM_DEV_ERROR(dev, "Failed to prepare_enable the eclk [%d]\n", + ret); +- return ret; ++ goto err_eclk_enable; + } + + ret = clk_prepare_enable(ctx->vclk); + if (ret < 0) { + DRM_DEV_ERROR(dev, "Failed to prepare_enable the vclk [%d]\n", + ret); +- return ret; ++ goto err_vclk_enable; + } + + return 0; ++ ++err_vclk_enable: ++ clk_disable_unprepare(ctx->eclk); ++err_eclk_enable: ++ clk_disable_unprepare(ctx->aclk); ++err_aclk_enable: ++ clk_disable_unprepare(ctx->pclk); ++err_pclk_enable: ++ return ret; + } + #endif + +-- +2.35.3 + diff --git a/patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch b/patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch new file mode 100644 index 0000000..18f6dcd --- /dev/null +++ b/patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch @@ -0,0 +1,45 @@ +From 85144df9ff4652816448369de76897c57cbb1b93 Mon Sep 17 00:00:00 2001 +From: Hangyu Hua +Date: Fri, 24 Jun 2022 06:04:06 -0700 +Subject: [PATCH] drm/i915: fix a possible refcount leak in intel_dp_add_mst_connector() +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 85144df9ff4652816448369de76897c57cbb1b93 +Patch-mainline: v5.19-rc7 +Alt-commit: cea9ed611e85d36a05db52b6457bf584b7d969e2 +References: git-fixes + +If drm_connector_init fails, intel_connector_free will be called to take +care of proper free. So it is necessary to drop the refcount of port +before intel_connector_free. + +Fixes: 091a4f91942a ("drm/i915: Handle drm-layer errors in intel_dp_add_mst_connector") +Signed-off-by: Hangyu Hua +Reviewed-by: José Roberto de Souza +Link: https://patchwork.freedesktop.org/patch/msgid/20220624130406.17996-1-jose.souza@intel.com +Signed-off-by: José Roberto de Souza +(cherry picked from commit cea9ed611e85d36a05db52b6457bf584b7d969e2) + +Signed-off-by: Rodrigo Vivi +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/i915/display/intel_dp_mst.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/i915/display/intel_dp_mst.c b/drivers/gpu/drm/i915/display/intel_dp_mst.c +index 061b277e5ce7..14d2a64193b2 100644 +--- a/drivers/gpu/drm/i915/display/intel_dp_mst.c ++++ b/drivers/gpu/drm/i915/display/intel_dp_mst.c +@@ -839,6 +839,7 @@ static struct drm_connector *intel_dp_add_mst_connector(struct drm_dp_mst_topolo + ret = drm_connector_init(dev, connector, &intel_dp_mst_connector_funcs, + DRM_MODE_CONNECTOR_DisplayPort); + if (ret) { ++ drm_dp_mst_put_port_malloc(port); + intel_connector_free(intel_connector); + return NULL; + } +-- +2.35.3 + diff --git a/patches.suse/drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch b/patches.suse/drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch new file mode 100644 index 0000000..577a6c9 --- /dev/null +++ b/patches.suse/drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch @@ -0,0 +1,77 @@ +From a1c5a7bf79c1faa5633b918b5c0666545e84c4d1 Mon Sep 17 00:00:00 2001 +From: Chris Wilson +Date: Tue, 12 Jul 2022 16:21:33 +0100 +Subject: [PATCH] drm/i915/gt: Serialize TLB invalidates with GT resets +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: a1c5a7bf79c1faa5633b918b5c0666545e84c4d1 +Patch-mainline: v5.19-rc7 +Alt-commit: 33da97894758737895e90c909f16786052680ef4 +References: git-fixes + +Avoid trying to invalidate the TLB in the middle of performing an +engine reset, as this may result in the reset timing out. Currently, +the TLB invalidate is only serialised by its own mutex, forgoing the +uncore lock, but we can take the uncore->lock as well to serialise +the mmio access, thereby serialising with the GDRST. + +Tested on a NUC5i7RYB, BIOS RYBDWi35.86A.0380.2019.0517.1530 with +i915 selftest/hangcheck. + +Cc: stable@vger.kernel.org # v4.4 and upper +Fixes: 7938d61591d3 ("drm/i915: Flush TLBs before releasing backing store") +Reported-by: Mauro Carvalho Chehab +Tested-by: Mauro Carvalho Chehab +Reviewed-by: Mauro Carvalho Chehab +Signed-off-by: Chris Wilson +Cc: Tvrtko Ursulin +Reviewed-by: Andi Shyti +Acked-by: Thomas Hellström +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Rodrigo Vivi +Link: https://patchwork.freedesktop.org/patch/msgid/1e59a7c45dd919a530256b9ac721ac6ea86c0677.1657639152.git.mchehab@kernel.org +(cherry picked from commit 33da97894758737895e90c909f16786052680ef4) + +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/i915/gt/intel_gt.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/i915/gt/intel_gt.c b/drivers/gpu/drm/i915/gt/intel_gt.c +index 51a0fe60c050..531af6ad7007 100644 +--- a/drivers/gpu/drm/i915/gt/intel_gt.c ++++ b/drivers/gpu/drm/i915/gt/intel_gt.c +@@ -1209,6 +1209,20 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt) + mutex_lock(>->tlb_invalidate_lock); + intel_uncore_forcewake_get(uncore, FORCEWAKE_ALL); + ++ spin_lock_irq(&uncore->lock); /* serialise invalidate with GT reset */ ++ ++ for_each_engine(engine, gt, id) { ++ struct reg_and_bit rb; ++ ++ rb = get_reg_and_bit(engine, regs == gen8_regs, regs, num); ++ if (!i915_mmio_reg_offset(rb.reg)) ++ continue; ++ ++ intel_uncore_write_fw(uncore, rb.reg, rb.bit); ++ } ++ ++ spin_unlock_irq(&uncore->lock); ++ + for_each_engine(engine, gt, id) { + /* + * HW architecture suggest typical invalidation time at 40us, +@@ -1223,7 +1237,6 @@ void intel_gt_invalidate_tlbs(struct intel_gt *gt) + if (!i915_mmio_reg_offset(rb.reg)) + continue; + +- intel_uncore_write_fw(uncore, rb.reg, rb.bit); + if (__intel_wait_for_register_fw(uncore, + rb.reg, rb.bit, 0, + timeout_us, timeout_ms, +-- +2.35.3 + diff --git a/patches.suse/drm-i915-selftests-fix-a-couple-IS_ERR-vs-NULL-tests.patch b/patches.suse/drm-i915-selftests-fix-a-couple-IS_ERR-vs-NULL-tests.patch new file mode 100644 index 0000000..790e89e --- /dev/null +++ b/patches.suse/drm-i915-selftests-fix-a-couple-IS_ERR-vs-NULL-tests.patch @@ -0,0 +1,55 @@ +From 896dcabd1f8f613c533d948df17408c41f8929f5 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 8 Jul 2022 12:41:04 +0300 +Subject: [PATCH] drm/i915/selftests: fix a couple IS_ERR() vs NULL tests +Git-commit: 896dcabd1f8f613c533d948df17408c41f8929f5 +Patch-mainline: v5.19-rc7 +Alt-commit: d50f5a109cf4ed50c5b575c1bb5fc3bd17b23308 +References: git-fixes + +The shmem_pin_map() function doesn't return error pointers, it returns +NULL. + +Fixes: be1cb55a07bf ("drm/i915/gt: Keep a no-frills swappable copy of the default context state") +Signed-off-by: Dan Carpenter +Reviewed-by: Matthew Auld +Signed-off-by: Matthew Auld +Link: https://patchwork.freedesktop.org/patch/msgid/20220708094104.GL2316@kadam +(cherry picked from commit d50f5a109cf4ed50c5b575c1bb5fc3bd17b23308) + +Signed-off-by: Rodrigo Vivi +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/i915/gt/selftest_lrc.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/i915/gt/selftest_lrc.c b/drivers/gpu/drm/i915/gt/selftest_lrc.c +index 8b2c11dbe354..1109088fe8f6 100644 +--- a/drivers/gpu/drm/i915/gt/selftest_lrc.c ++++ b/drivers/gpu/drm/i915/gt/selftest_lrc.c +@@ -176,8 +176,8 @@ static int live_lrc_layout(void *arg) + continue; + + hw = shmem_pin_map(engine->default_state); +- if (IS_ERR(hw)) { +- err = PTR_ERR(hw); ++ if (!hw) { ++ err = -ENOMEM; + break; + } + hw += LRC_STATE_OFFSET / sizeof(*hw); +@@ -365,8 +365,8 @@ static int live_lrc_fixed(void *arg) + continue; + + hw = shmem_pin_map(engine->default_state); +- if (IS_ERR(hw)) { +- err = PTR_ERR(hw); ++ if (!hw) { ++ err = -ENOMEM; + break; + } + hw += LRC_STATE_OFFSET / sizeof(*hw); +-- +2.35.3 + diff --git a/patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch b/patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch new file mode 100644 index 0000000..649a67d --- /dev/null +++ b/patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch @@ -0,0 +1,38 @@ +From 3a149169e4a2f9127022fec6ef5d71b4e804b3b9 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Wed, 25 May 2022 15:54:11 +0400 +Subject: [PATCH] drm/mcde: Fix refcount leak in mcde_dsi_bind +Git-commit: 3a149169e4a2f9127022fec6ef5d71b4e804b3b9 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Every iteration of for_each_available_child_of_node() decrements +the reference counter of the previous node. There is no decrement +when break out from the loop and results in refcount leak. +Add missing of_node_put() to fix this. + +Fixes: 5fc537bfd000 ("drm/mcde: Add new driver for ST-Ericsson MCDE") +Signed-off-by: Miaoqian Lin +Signed-off-by: Linus Walleij +Link: https://patchwork.freedesktop.org/patch/msgid/20220525115411.65455-1-linmq006@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/mcde/mcde_dsi.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/mcde/mcde_dsi.c b/drivers/gpu/drm/mcde/mcde_dsi.c +index 5651734ce977..9f9ac8699310 100644 +--- a/drivers/gpu/drm/mcde/mcde_dsi.c ++++ b/drivers/gpu/drm/mcde/mcde_dsi.c +@@ -1111,6 +1111,7 @@ static int mcde_dsi_bind(struct device *dev, struct device *master, + bridge = of_drm_find_bridge(child); + if (!bridge) { + dev_err(dev, "failed to find bridge\n"); ++ of_node_put(child); + return -EINVAL; + } + } +-- +2.35.3 + diff --git a/patches.suse/drm-mediatek-Add-pull-down-MIPI-operation-in-mtk_dsi.patch b/patches.suse/drm-mediatek-Add-pull-down-MIPI-operation-in-mtk_dsi.patch new file mode 100644 index 0000000..1afdc88 --- /dev/null +++ b/patches.suse/drm-mediatek-Add-pull-down-MIPI-operation-in-mtk_dsi.patch @@ -0,0 +1,48 @@ +From fa5d0a0205c34734c5b8daa77e39ac2817f63a10 Mon Sep 17 00:00:00 2001 +From: Xinlei Lee +Date: Fri, 20 May 2022 10:00:07 +0800 +Subject: [PATCH] drm/mediatek: Add pull-down MIPI operation in mtk_dsi_poweroff function +Git-commit: fa5d0a0205c34734c5b8daa77e39ac2817f63a10 +Patch-mainline: v6.0-rc1 +References: git-fixes + +In the dsi_enable function, mtk_dsi_rxtx_control is to +pull up the MIPI signal operation. Before dsi_disable, +MIPI should also be pulled down by writing a register +instead of disabling dsi. + +If disable dsi without pulling the mipi signal low, the value of +the register will still maintain the setting of the mipi signal being +pulled high. +After resume, even if the mipi signal is not pulled high, it will still +be in the high state. + +Fixes: 2e54c14e310f ("drm/mediatek: Add DSI sub driver") + +Link: https://patchwork.kernel.org/project/linux-mediatek/patch/1653012007-11854-5-git-send-email-xinlei.lee@mediatek.com/ +Signed-off-by: Jitao Shi +Signed-off-by: Xinlei Lee +Reviewed-by: Rex-BC Chen +Signed-off-by: Chun-Kuang Hu +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/mediatek/mtk_dsi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/gpu/drm/mediatek/mtk_dsi.c b/drivers/gpu/drm/mediatek/mtk_dsi.c +index 907d07eda000..af2f123e9a9a 100644 +--- a/drivers/gpu/drm/mediatek/mtk_dsi.c ++++ b/drivers/gpu/drm/mediatek/mtk_dsi.c +@@ -688,6 +688,8 @@ static void mtk_dsi_poweroff(struct mtk_dsi *dsi) + mtk_dsi_reset_engine(dsi); + mtk_dsi_lane0_ulp_mode_enter(dsi); + mtk_dsi_clk_ulp_mode_enter(dsi); ++ /* set the lane number as 0 to pull down mipi */ ++ writel(0, dsi->regs + DSI_TXRX_CTRL); + + mtk_dsi_disable(dsi); + +-- +2.35.3 + diff --git a/patches.suse/drm-mediatek-dpi-Only-enable-dpi-after-the-bridge-is.patch b/patches.suse/drm-mediatek-dpi-Only-enable-dpi-after-the-bridge-is.patch new file mode 100644 index 0000000..0c34eb1 --- /dev/null +++ b/patches.suse/drm-mediatek-dpi-Only-enable-dpi-after-the-bridge-is.patch @@ -0,0 +1,43 @@ +From aed61ef6beb911cc043af0f2f291167663995065 Mon Sep 17 00:00:00 2001 +From: Guillaume Ranquet +Date: Fri, 1 Jul 2022 11:58:44 +0800 +Subject: [PATCH] drm/mediatek: dpi: Only enable dpi after the bridge is enabled +Git-commit: aed61ef6beb911cc043af0f2f291167663995065 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Enabling the dpi too early causes glitches on screen. + +Move the call to mtk_dpi_enable() at the end of the bridge_enable +callback to ensure everything is setup properly before enabling dpi. + +Fixes: 9e629c17aa8d ("drm/mediatek: Add DPI sub driver") +Signed-off-by: Guillaume Ranquet +Signed-off-by: Bo-Chen Chen +Tested-by: AngeloGioacchino Del Regno +Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220701035845.16458-16-rex-bc.chen@mediatek.com/ +Signed-off-by: Chun-Kuang Hu +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/mediatek/mtk_dpi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/gpu/drm/mediatek/mtk_dpi.c ++++ b/drivers/gpu/drm/mediatek/mtk_dpi.c +@@ -396,7 +396,6 @@ static int mtk_dpi_power_on(struct mtk_d + if (dpi->pinctrl && dpi->pins_dpi) + pinctrl_select_state(dpi->pinctrl, dpi->pins_dpi); + +- mtk_dpi_enable(dpi); + return 0; + + err_pixel: +@@ -531,6 +530,7 @@ static void mtk_dpi_encoder_enable(struc + + mtk_dpi_power_on(dpi); + mtk_dpi_set_display_mode(dpi, &dpi->mode); ++ mtk_dpi_enable(dpi); + } + + static int mtk_dpi_atomic_check(struct drm_encoder *encoder, diff --git a/patches.suse/drm-mediatek-dpi-Remove-output-format-of-YUV.patch b/patches.suse/drm-mediatek-dpi-Remove-output-format-of-YUV.patch new file mode 100644 index 0000000..440c587 --- /dev/null +++ b/patches.suse/drm-mediatek-dpi-Remove-output-format-of-YUV.patch @@ -0,0 +1,68 @@ +From c9ed0713b3c35fc45677707ba47f432cad95da56 Mon Sep 17 00:00:00 2001 +From: Bo-Chen Chen +Date: Fri, 1 Jul 2022 11:58:33 +0800 +Subject: [PATCH] drm/mediatek: dpi: Remove output format of YUV +Git-commit: c9ed0713b3c35fc45677707ba47f432cad95da56 +Patch-mainline: v6.0-rc1 +References: git-fixes + +DPI is not support output format as YUV, but there is the setting of +configuring output YUV. Therefore, remove them in this patch. + +Fixes: 9e629c17aa8d ("drm/mediatek: Add DPI sub driver") +Signed-off-by: Bo-Chen Chen +Link: https://patchwork.kernel.org/project/linux-mediatek/patch/20220701035845.16458-5-rex-bc.chen@mediatek.com/ +Signed-off-by: Chun-Kuang Hu +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/mediatek/mtk_dpi.c | 31 ++++++------------------------- + 1 file changed, 6 insertions(+), 25 deletions(-) + +--- a/drivers/gpu/drm/mediatek/mtk_dpi.c ++++ b/drivers/gpu/drm/mediatek/mtk_dpi.c +@@ -52,13 +52,7 @@ enum mtk_dpi_out_channel_swap { + }; + + enum mtk_dpi_out_color_format { +- MTK_DPI_COLOR_FORMAT_RGB, +- MTK_DPI_COLOR_FORMAT_RGB_FULL, +- MTK_DPI_COLOR_FORMAT_YCBCR_444, +- MTK_DPI_COLOR_FORMAT_YCBCR_422, +- MTK_DPI_COLOR_FORMAT_XV_YCC, +- MTK_DPI_COLOR_FORMAT_YCBCR_444_FULL, +- MTK_DPI_COLOR_FORMAT_YCBCR_422_FULL ++ MTK_DPI_COLOR_FORMAT_RGB + }; + + struct mtk_dpi { +@@ -357,24 +351,11 @@ static void mtk_dpi_config_disable_edge( + static void mtk_dpi_config_color_format(struct mtk_dpi *dpi, + enum mtk_dpi_out_color_format format) + { +- if ((format == MTK_DPI_COLOR_FORMAT_YCBCR_444) || +- (format == MTK_DPI_COLOR_FORMAT_YCBCR_444_FULL)) { +- mtk_dpi_config_yuv422_enable(dpi, false); +- mtk_dpi_config_csc_enable(dpi, true); +- mtk_dpi_config_swap_input(dpi, false); +- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_BGR); +- } else if ((format == MTK_DPI_COLOR_FORMAT_YCBCR_422) || +- (format == MTK_DPI_COLOR_FORMAT_YCBCR_422_FULL)) { +- mtk_dpi_config_yuv422_enable(dpi, true); +- mtk_dpi_config_csc_enable(dpi, true); +- mtk_dpi_config_swap_input(dpi, true); +- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB); +- } else { +- mtk_dpi_config_yuv422_enable(dpi, false); +- mtk_dpi_config_csc_enable(dpi, false); +- mtk_dpi_config_swap_input(dpi, false); +- mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB); +- } ++ /* only support RGB888 */ ++ mtk_dpi_config_yuv422_enable(dpi, false); ++ mtk_dpi_config_csc_enable(dpi, false); ++ mtk_dpi_config_swap_input(dpi, false); ++ mtk_dpi_config_channel_swap(dpi, MTK_DPI_OUT_CHANNEL_SWAP_RGB); + } + + static void mtk_dpi_power_off(struct mtk_dpi *dpi) diff --git a/patches.suse/drm-mipi-dbi-align-max_chunk-to-2-in-spi_transfer.patch b/patches.suse/drm-mipi-dbi-align-max_chunk-to-2-in-spi_transfer.patch new file mode 100644 index 0000000..20e4ea2 --- /dev/null +++ b/patches.suse/drm-mipi-dbi-align-max_chunk-to-2-in-spi_transfer.patch @@ -0,0 +1,51 @@ +From 435c249008cba04ed6a7975e9411f3b934620204 Mon Sep 17 00:00:00 2001 +From: Yunhao Tian +Date: Tue, 10 May 2022 11:02:19 +0800 +Subject: [PATCH] drm/mipi-dbi: align max_chunk to 2 in spi_transfer +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 435c249008cba04ed6a7975e9411f3b934620204 +Patch-mainline: v6.0-rc1 +References: git-fixes + +In __spi_validate, there's a validation that no partial transfers +are accepted (xfer->len % w_size must be zero). When +max_chunk is not a multiple of bpw (e.g. max_chunk = 65535, +bpw = 16), the transfer will be rejected. + +This patch aligns max_chunk to 2 bytes (the maximum value of bpw is 16), +so that no partial transfer will occur. + +Fixes: d23d4d4dac01 ("drm/tinydrm: Move tinydrm_spi_transfer()") + +Signed-off-by: Yunhao Tian +Signed-off-by: Noralf Trønnes +Link: https://patchwork.freedesktop.org/patch/msgid/20220510030219.2486687-1-t123yh.xyz@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/drm_mipi_dbi.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/gpu/drm/drm_mipi_dbi.c b/drivers/gpu/drm/drm_mipi_dbi.c +index 9314f2ead79f..09e4edb5a992 100644 +--- a/drivers/gpu/drm/drm_mipi_dbi.c ++++ b/drivers/gpu/drm/drm_mipi_dbi.c +@@ -1199,6 +1199,13 @@ int mipi_dbi_spi_transfer(struct spi_device *spi, u32 speed_hz, + size_t chunk; + int ret; + ++ /* In __spi_validate, there's a validation that no partial transfers ++ * are accepted (xfer->len % w_size must be zero). ++ * Here we align max_chunk to multiple of 2 (16bits), ++ * to prevent transfers from being rejected. ++ */ ++ max_chunk = ALIGN_DOWN(max_chunk, 2); ++ + spi_message_init_with_transfers(&m, &tr, 1); + + while (len) { +-- +2.35.3 + diff --git a/patches.suse/drm-msm-hdmi-enable-core-vcc-core-vdda-supply-for-89.patch b/patches.suse/drm-msm-hdmi-enable-core-vcc-core-vdda-supply-for-89.patch new file mode 100644 index 0000000..8c09f95 --- /dev/null +++ b/patches.suse/drm-msm-hdmi-enable-core-vcc-core-vdda-supply-for-89.patch @@ -0,0 +1,39 @@ +From 1f88301794595ff4c28a1f1befe690e8dbac72a2 Mon Sep 17 00:00:00 2001 +From: Dmitry Baryshkov +Date: Thu, 9 Jun 2022 15:23:43 +0300 +Subject: [PATCH] drm/msm/hdmi: enable core-vcc/core-vdda-supply for 8996 platform +Git-commit: 1f88301794595ff4c28a1f1befe690e8dbac72a2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +DB820c makes use of core-vcc-supply and core-vdda-supply, however the +driver code doesn't support these regulators. Enable them for HDMI on +8996 platform. + +Fixes: 0afbe59edd3f ("drm/msm/hdmi: Add basic HDMI support for msm8996") +Signed-off-by: Dmitry Baryshkov +Reviewed-by: Stephen Boyd +Patchwork: https://patchwork.freedesktop.org/patch/488857/ +Link: https://lore.kernel.org/r/20220609122350.3157529-8-dmitry.baryshkov@linaro.org +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/msm/hdmi/hdmi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/hdmi/hdmi.c b/drivers/gpu/drm/msm/hdmi/hdmi.c +index 6d79f1b910a5..4ec55616a2e5 100644 +--- a/drivers/gpu/drm/msm/hdmi/hdmi.c ++++ b/drivers/gpu/drm/msm/hdmi/hdmi.c +@@ -416,7 +416,7 @@ static struct hdmi_platform_config hdmi_tx_8994_config = { + }; + + static struct hdmi_platform_config hdmi_tx_8996_config = { +- HDMI_CFG(pwr_reg, none), ++ HDMI_CFG(pwr_reg, 8x74), + HDMI_CFG(hpd_reg, none), + HDMI_CFG(pwr_clk, 8x74), + HDMI_CFG(hpd_clk, 8x74), +-- +2.35.3 + diff --git a/patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch b/patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch new file mode 100644 index 0000000..446d5b4 --- /dev/null +++ b/patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch @@ -0,0 +1,85 @@ +From 92ef86ab513593c6329d04146e61f9a670e72fc5 Mon Sep 17 00:00:00 2001 +From: Rob Clark +Date: Thu, 7 Jul 2022 09:20:37 -0700 +Subject: [PATCH] drm/msm/mdp5: Fix global state lock backoff +Git-commit: 92ef86ab513593c6329d04146e61f9a670e72fc5 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We need to grab the lock after the early return for !hwpipe case. +Otherwise, we could have hit contention yet still returned 0. + +Fixes an issue that the new CONFIG_DRM_DEBUG_MODESET_LOCK stuff flagged +in CI: + + WARNING: CPU: 0 PID: 282 at drivers/gpu/drm/drm_modeset_lock.c:296 drm_modeset_lock+0xf8/0x154 + Modules linked in: + CPU: 0 PID: 282 Comm: kms_cursor_lega Tainted: G W 5.19.0-rc2-15930-g875cc8bc536a #1 + Hardware name: Qualcomm Technologies, Inc. DB820c (DT) + pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) + pc : drm_modeset_lock+0xf8/0x154 + lr : drm_atomic_get_private_obj_state+0x84/0x170 + sp : ffff80000cfab6a0 + x29: ffff80000cfab6a0 x28: 0000000000000000 x27: ffff000083bc4d00 + x26: 0000000000000038 x25: 0000000000000000 x24: ffff80000957ca58 + x23: 0000000000000000 x22: ffff000081ace080 x21: 0000000000000001 + x20: ffff000081acec18 x19: ffff80000cfabb80 x18: 0000000000000038 + x17: 0000000000000000 x16: 0000000000000000 x15: fffffffffffea0d0 + x14: 0000000000000000 x13: 284e4f5f4e524157 x12: 5f534b434f4c5f47 + x11: ffff80000a386aa8 x10: 0000000000000029 x9 : ffff80000cfab610 + x8 : 0000000000000029 x7 : 0000000000000014 x6 : 0000000000000000 + x5 : 0000000000000001 x4 : ffff8000081ad904 x3 : 0000000000000029 + x2 : ffff0000801db4c0 x1 : ffff80000cfabb80 x0 : ffff000081aceb58 + Call trace: + drm_modeset_lock+0xf8/0x154 + drm_atomic_get_private_obj_state+0x84/0x170 + mdp5_get_global_state+0x54/0x6c + mdp5_pipe_release+0x2c/0xd4 + mdp5_plane_atomic_check+0x2ec/0x414 + drm_atomic_helper_check_planes+0xd8/0x210 + drm_atomic_helper_check+0x54/0xb0 + ... + ---[ end trace 0000000000000000 ]--- + drm_modeset_lock attempting to lock a contended lock without backoff: + drm_modeset_lock+0x148/0x154 + mdp5_get_global_state+0x30/0x6c + mdp5_pipe_release+0x2c/0xd4 + mdp5_plane_atomic_check+0x290/0x414 + drm_atomic_helper_check_planes+0xd8/0x210 + drm_atomic_helper_check+0x54/0xb0 + drm_atomic_check_only+0x4b0/0x8f4 + drm_atomic_commit+0x68/0xe0 + +Fixes: d59be579fa93 ("drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected") +Signed-off-by: Rob Clark +Reviewed-by: Abhinav Kumar +Patchwork: https://patchwork.freedesktop.org/patch/492701/ +Link: https://lore.kernel.org/r/20220707162040.1594855-1-robdclark@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c +index a4f5cb90f3e8..e4b8a789835a 100644 +--- a/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c ++++ b/drivers/gpu/drm/msm/disp/mdp5/mdp5_pipe.c +@@ -123,12 +123,13 @@ int mdp5_pipe_release(struct drm_atomic_state *s, struct mdp5_hw_pipe *hwpipe) + { + struct msm_drm_private *priv = s->dev->dev_private; + struct mdp5_kms *mdp5_kms = to_mdp5_kms(to_mdp_kms(priv->kms)); +- struct mdp5_global_state *state = mdp5_get_global_state(s); ++ struct mdp5_global_state *state; + struct mdp5_hw_pipe_state *new_state; + + if (!hwpipe) + return 0; + ++ state = mdp5_get_global_state(s); + if (IS_ERR(state)) + return PTR_ERR(state); + +-- +2.35.3 + diff --git a/patches.suse/drm-nouveau-fix-another-off-by-one-in-nvbios_addr.patch b/patches.suse/drm-nouveau-fix-another-off-by-one-in-nvbios_addr.patch new file mode 100644 index 0000000..e78efd1 --- /dev/null +++ b/patches.suse/drm-nouveau-fix-another-off-by-one-in-nvbios_addr.patch @@ -0,0 +1,40 @@ +From c441d28945fb113220d48d6c86ebc0b090a2b677 Mon Sep 17 00:00:00 2001 +From: Timur Tabi +Date: Wed, 11 May 2022 11:37:16 -0500 +Subject: [PATCH] drm/nouveau: fix another off-by-one in nvbios_addr +Git-commit: c441d28945fb113220d48d6c86ebc0b090a2b677 +Patch-mainline: v6.0-rc1 +References: git-fixes + +This check determines whether a given address is part of +image 0 or image 1. Image 1 starts at offset image0_size, +so that address should be included. + +Fixes: 4d4e9907ff572 ("drm/nouveau/bios: guard against out-of-bounds accesses to image") +Cc: # v4.8+ +Signed-off-by: Timur Tabi +Reviewed-by: Karol Herbst +Signed-off-by: Lyude Paul +Link: https://patchwork.freedesktop.org/patch/msgid/20220511163716.3520591-1-ttabi@nvidia.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c +index 64e423dddd9e..6c318e41bde0 100644 +--- a/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c ++++ b/drivers/gpu/drm/nouveau/nvkm/subdev/bios/base.c +@@ -33,7 +33,7 @@ nvbios_addr(struct nvkm_bios *bios, u32 *addr, u8 size) + { + u32 p = *addr; + +- if (*addr > bios->image0_size && bios->imaged_addr) { ++ if (*addr >= bios->image0_size && bios->imaged_addr) { + *addr -= bios->image0_size; + *addr += bios->imaged_addr; + } +-- +2.35.3 + diff --git a/patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch b/patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch new file mode 100644 index 0000000..64a7d0c --- /dev/null +++ b/patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch @@ -0,0 +1,44 @@ +From 9fc33eaaa979d112d10fea729edcd2a2e21aa912 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Thu, 30 Jun 2022 23:06:01 +0300 +Subject: [PATCH] drm/panfrost: Fix shrinker list corruption by madvise IOCTL +Git-commit: 9fc33eaaa979d112d10fea729edcd2a2e21aa912 +Patch-mainline: v5.19-rc7 +References: git-fixes + +Calling madvise IOCTL twice on BO causes memory shrinker list corruption +and crashes kernel because BO is already on the list and it's added to +the list again, while BO should be removed from the list before it's +re-added. Fix it. + +Cc: stable@vger.kernel.org +Fixes: 013b65101315 ("drm/panfrost: Add madvise and shrinker support") +Acked-by: Alyssa Rosenzweig +Reviewed-by: Steven Price +Signed-off-by: Dmitry Osipenko +Signed-off-by: Steven Price +Link: https://patchwork.freedesktop.org/patch/msgid/20220630200601.1884120-3-dmitry.osipenko@collabora.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/panfrost/panfrost_drv.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/panfrost/panfrost_drv.c b/drivers/gpu/drm/panfrost/panfrost_drv.c +index 087e69b98d06..b1e6d238674f 100644 +--- a/drivers/gpu/drm/panfrost/panfrost_drv.c ++++ b/drivers/gpu/drm/panfrost/panfrost_drv.c +@@ -433,8 +433,8 @@ static int panfrost_ioctl_madvise(struct drm_device *dev, void *data, + + if (args->retained) { + if (args->madv == PANFROST_MADV_DONTNEED) +- list_add_tail(&bo->base.madv_list, +- &pfdev->shrinker_list); ++ list_move_tail(&bo->base.madv_list, ++ &pfdev->shrinker_list); + else if (args->madv == PANFROST_MADV_WILLNEED) + list_del_init(&bo->base.madv_list); + } +-- +2.35.3 + diff --git a/patches.suse/drm-panfrost-Put-mapping-instead-of-shmem-obj-on-pan.patch b/patches.suse/drm-panfrost-Put-mapping-instead-of-shmem-obj-on-pan.patch new file mode 100644 index 0000000..9a0c013 --- /dev/null +++ b/patches.suse/drm-panfrost-Put-mapping-instead-of-shmem-obj-on-pan.patch @@ -0,0 +1,39 @@ +From fb6e0637ab7ebd8e61fe24f4d663c4bae99cfa62 Mon Sep 17 00:00:00 2001 +From: Dmitry Osipenko +Date: Thu, 30 Jun 2022 23:06:00 +0300 +Subject: [PATCH] drm/panfrost: Put mapping instead of shmem obj on panfrost_mmu_map_fault_addr() error +Git-commit: fb6e0637ab7ebd8e61fe24f4d663c4bae99cfa62 +Patch-mainline: v5.19-rc7 +References: git-fixes + +When panfrost_mmu_map_fault_addr() fails, the BO's mapping should be +unreferenced and not the shmem object which backs the mapping. + +Cc: stable@vger.kernel.org +Fixes: bdefca2d8dc0 ("drm/panfrost: Add the panfrost_gem_mapping concept") +Reviewed-by: Steven Price +Signed-off-by: Dmitry Osipenko +Signed-off-by: Steven Price +Link: https://patchwork.freedesktop.org/patch/msgid/20220630200601.1884120-2-dmitry.osipenko@collabora.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/panfrost/panfrost_mmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/panfrost/panfrost_mmu.c b/drivers/gpu/drm/panfrost/panfrost_mmu.c +index d3f82b26a631..b285a8001b1d 100644 +--- a/drivers/gpu/drm/panfrost/panfrost_mmu.c ++++ b/drivers/gpu/drm/panfrost/panfrost_mmu.c +@@ -518,7 +518,7 @@ static int panfrost_mmu_map_fault_addr(struct panfrost_device *pfdev, int as, + err_pages: + drm_gem_shmem_put_pages(&bo->base); + err_bo: +- drm_gem_object_put(&bo->base.base); ++ panfrost_gem_mapping_put(bomapping); + return ret; + } + +-- +2.35.3 + diff --git a/patches.suse/drm-radeon-fix-incorrrect-SPDX-License-Identifiers.patch b/patches.suse/drm-radeon-fix-incorrrect-SPDX-License-Identifiers.patch new file mode 100644 index 0000000..51283cd --- /dev/null +++ b/patches.suse/drm-radeon-fix-incorrrect-SPDX-License-Identifiers.patch @@ -0,0 +1,65 @@ +From 1f43b8903f3aae4a26a603c36f6d5dd25d6edb51 Mon Sep 17 00:00:00 2001 +From: Alex Deucher +Date: Wed, 15 Jun 2022 12:02:08 -0400 +Subject: [PATCH] drm/radeon: fix incorrrect SPDX-License-Identifiers +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 1f43b8903f3aae4a26a603c36f6d5dd25d6edb51 +Patch-mainline: v6.0-rc1 +References: git-fixes + +radeon is MIT. This were incorrectly changed in +commit b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to files with no license") +and +commit d198b34f3855 (".gitignore: add SPDX License Identifier") +And: +commit ec8f24b7faaf ("treewide: Add SPDX license identifier - Makefile/Kconfig") + +Fixes: d198b34f3855 (".gitignore: add SPDX License Identifier") +Fixes: ec8f24b7faaf ("treewide: Add SPDX license identifier - Makefile/Kconfig") +Fixes: b24413180f56 ("License cleanup: add SPDX GPL-2.0 license identifier to files with no license") +Bug: https://gitlab.freedesktop.org/drm/amd/-/issues/2053 +Reviewed-by: Christian König +Signed-off-by: Alex Deucher +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/radeon/.gitignore | 2 +- + drivers/gpu/drm/radeon/Kconfig | 2 +- + drivers/gpu/drm/radeon/Makefile | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/gpu/drm/radeon/.gitignore b/drivers/gpu/drm/radeon/.gitignore +index 9c1a94153983..d8777383a64a 100644 +--- a/drivers/gpu/drm/radeon/.gitignore ++++ b/drivers/gpu/drm/radeon/.gitignore +@@ -1,4 +1,4 @@ +-# SPDX-License-Identifier: GPL-2.0-only ++# SPDX-License-Identifier: MIT + mkregtable + *_reg_safe.h + +diff --git a/drivers/gpu/drm/radeon/Kconfig b/drivers/gpu/drm/radeon/Kconfig +index 6f60f4840cc5..52819e7f1fca 100644 +--- a/drivers/gpu/drm/radeon/Kconfig ++++ b/drivers/gpu/drm/radeon/Kconfig +@@ -1,4 +1,4 @@ +-# SPDX-License-Identifier: GPL-2.0-only ++# SPDX-License-Identifier: MIT + config DRM_RADEON_USERPTR + bool "Always enable userptr support" + depends on DRM_RADEON +diff --git a/drivers/gpu/drm/radeon/Makefile b/drivers/gpu/drm/radeon/Makefile +index ea5380e24c3c..e3ab3aca1396 100644 +--- a/drivers/gpu/drm/radeon/Makefile ++++ b/drivers/gpu/drm/radeon/Makefile +@@ -1,4 +1,4 @@ +-# SPDX-License-Identifier: GPL-2.0 ++# SPDX-License-Identifier: MIT + # + # Makefile for the drm device driver. This driver provides support for the + # Direct Rendering Infrastructure (DRI) in XFree86 4.1.0 and higher. +-- +2.35.3 + diff --git a/patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch b/patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch new file mode 100644 index 0000000..48950f1 --- /dev/null +++ b/patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch @@ -0,0 +1,61 @@ +From 136f614931a2bb73616b292cf542da3a18daefd5 Mon Sep 17 00:00:00 2001 +From: Alexey Kodanev +Date: Mon, 6 Jun 2022 16:50:54 +0300 +Subject: [PATCH] drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() +Git-commit: 136f614931a2bb73616b292cf542da3a18daefd5 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The last case label can write two buffers 'mc_reg_address[j]' and +'mc_data[j]' with 'j' offset equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE +since there are no checks for this value in both case labels after the +last 'j++'. + +Instead of changing '>' to '>=' there, add the bounds check at the start +of the second 'case' (the first one already has it). + +Also, remove redundant last checks for 'j' index bigger than array size. +The expression is always false. Moreover, before or after the patch +'table->last' can be equal to SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE and it +seems it can be a valid value. + +Detected using the static analysis tool - Svace. + +Fixes: 69e0b57a91ad ("drm/radeon/kms: add dpm support for cayman (v5)") +Signed-off-by: Alexey Kodanev +Signed-off-by: Alex Deucher +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/radeon/ni_dpm.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/radeon/ni_dpm.c b/drivers/gpu/drm/radeon/ni_dpm.c +index 769f666335ac..672d2239293e 100644 +--- a/drivers/gpu/drm/radeon/ni_dpm.c ++++ b/drivers/gpu/drm/radeon/ni_dpm.c +@@ -2741,10 +2741,10 @@ static int ni_set_mc_special_registers(struct radeon_device *rdev, + table->mc_reg_table_entry[k].mc_data[j] |= 0x100; + } + j++; +- if (j > SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE) +- return -EINVAL; + break; + case MC_SEQ_RESERVE_M >> 2: ++ if (j >= SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE) ++ return -EINVAL; + temp_reg = RREG32(MC_PMG_CMD_MRS1); + table->mc_reg_address[j].s1 = MC_PMG_CMD_MRS1 >> 2; + table->mc_reg_address[j].s0 = MC_SEQ_PMG_CMD_MRS1_LP >> 2; +@@ -2753,8 +2753,6 @@ static int ni_set_mc_special_registers(struct radeon_device *rdev, + (temp_reg & 0xffff0000) | + (table->mc_reg_table_entry[k].mc_data[i] & 0x0000ffff); + j++; +- if (j > SMC_NISLANDS_MC_REGISTER_ARRAY_SIZE) +- return -EINVAL; + break; + default: + break; +-- +2.35.3 + diff --git a/patches.suse/drm-rockchip-Fix-an-error-handling-path-rockchip_dp_.patch b/patches.suse/drm-rockchip-Fix-an-error-handling-path-rockchip_dp_.patch new file mode 100644 index 0000000..5307771 --- /dev/null +++ b/patches.suse/drm-rockchip-Fix-an-error-handling-path-rockchip_dp_.patch @@ -0,0 +1,45 @@ +From 5074376822fe99fa4ce344b851c5016d00c0444f Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 18 Jun 2022 19:08:05 +0200 +Subject: [PATCH] drm/rockchip: Fix an error handling path rockchip_dp_probe() +Git-commit: 5074376822fe99fa4ce344b851c5016d00c0444f +Patch-mainline: v6.0-rc1 +References: git-fixes + +Should component_add() fail, we should call analogix_dp_remove() in the +error handling path, as already done in the remove function. + +Fixes: 152cce0006ab ("drm/bridge: analogix_dp: Split bind() into probe() and real bind()") +Signed-off-by: Christophe JAILLET +Signed-off-by: Heiko Stuebner +Link: https://patchwork.freedesktop.org/patch/msgid/b719d9061bb97eb85145fbd3c5e63f4549f2e13e.1655572071.git.christophe.jaillet@wanadoo.fr +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/rockchip/analogix_dp-rockchip.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c +index 70be64ca0a00..ad2d3ae7e621 100644 +--- a/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c ++++ b/drivers/gpu/drm/rockchip/analogix_dp-rockchip.c +@@ -408,7 +408,15 @@ static int rockchip_dp_probe(struct platform_device *pdev) + if (IS_ERR(dp->adp)) + return PTR_ERR(dp->adp); + +- return component_add(dev, &rockchip_dp_component_ops); ++ ret = component_add(dev, &rockchip_dp_component_ops); ++ if (ret) ++ goto err_dp_remove; ++ ++ return 0; ++ ++err_dp_remove: ++ analogix_dp_remove(dp->adp); ++ return ret; + } + + static int rockchip_dp_remove(struct platform_device *pdev) +-- +2.35.3 + diff --git a/patches.suse/drm-rockchip-vop-Don-t-crash-for-invalid-duplicate_s.patch b/patches.suse/drm-rockchip-vop-Don-t-crash-for-invalid-duplicate_s.patch new file mode 100644 index 0000000..ecdf3ce --- /dev/null +++ b/patches.suse/drm-rockchip-vop-Don-t-crash-for-invalid-duplicate_s.patch @@ -0,0 +1,42 @@ +From 1449110b0dade8b638d2c17ab7c5b0ff696bfccb Mon Sep 17 00:00:00 2001 +From: Brian Norris +Date: Fri, 17 Jun 2022 17:26:52 -0700 +Subject: [PATCH] drm/rockchip: vop: Don't crash for invalid duplicate_state() +Git-commit: 1449110b0dade8b638d2c17ab7c5b0ff696bfccb +Patch-mainline: v6.0-rc1 +References: git-fixes + +It's possible for users to try to duplicate the CRTC state even when the +state doesn't exist. drm_atomic_helper_crtc_duplicate_state() (and other +users of __drm_atomic_helper_crtc_duplicate_state()) already guard this +with a WARN_ON() instead of crashing, so let's do that here too. + +Fixes: 4e257d9eee23 ("drm/rockchip: get rid of rockchip_drm_crtc_mode_config") +Signed-off-by: Brian Norris +Reviewed-by: Sean Paul +Reviewed-by: Douglas Anderson +Signed-off-by: Heiko Stuebner +Link: https://patchwork.freedesktop.org/patch/msgid/20220617172623.1.I62db228170b1559ada60b8d3e1637e1688424926@changeid +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/rockchip/rockchip_drm_vop.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c +index 82b011dce5e7..ad3958b6f8bf 100644 +--- a/drivers/gpu/drm/rockchip/rockchip_drm_vop.c ++++ b/drivers/gpu/drm/rockchip/rockchip_drm_vop.c +@@ -1572,6 +1572,9 @@ static struct drm_crtc_state *vop_crtc_duplicate_state(struct drm_crtc *crtc) + { + struct rockchip_crtc_state *rockchip_state; + ++ if (WARN_ON(!crtc->state)) ++ return NULL; ++ + rockchip_state = kzalloc(sizeof(*rockchip_state), GFP_KERNEL); + if (!rockchip_state) + return NULL; +-- +2.35.3 + diff --git a/patches.suse/drm-st7735r-Fix-module-autoloading-for-Okaya-RH12812.patch b/patches.suse/drm-st7735r-Fix-module-autoloading-for-Okaya-RH12812.patch new file mode 100644 index 0000000..37a6720 --- /dev/null +++ b/patches.suse/drm-st7735r-Fix-module-autoloading-for-Okaya-RH12812.patch @@ -0,0 +1,51 @@ +From 9ad6f181ad9a19a26bda73a7b199df44ccfcdaba Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 20 May 2022 11:16:02 +0200 +Subject: [PATCH] drm/st7735r: Fix module autoloading for Okaya RH128128T +Git-commit: 9ad6f181ad9a19a26bda73a7b199df44ccfcdaba +Patch-mainline: v6.0-rc1 +References: git-fixes + +The SPI core always reports a "MODALIAS=spi:", even if the device was +registered via OF. This means that the st7735r.ko module won't autoload if +a DT has a node with a compatible "okaya,rh128128t" string. + +In that case, kmod expects a "MODALIAS=of:N*T*Cokaya,rh128128t" uevent but +instead will get a "MODALIAS=spi:rh128128t", which is not present in the +list of aliases: + + $ modinfo drivers/gpu/drm/tiny/st7735r.ko | grep alias + alias: of:N*T*Cokaya,rh128128tC* + alias: of:N*T*Cokaya,rh128128t + alias: of:N*T*Cjianda,jd-t18003-t01C* + alias: of:N*T*Cjianda,jd-t18003-t01 + alias: spi:jd-t18003-t01 + +To workaround this issue, add in the SPI table an entry for that device. + +Fixes: d1d511d516f7 ("drm: tiny: st7735r: Add support for Okaya RH128128T") +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Geert Uytterhoeven +Acked-by: David Lechner +Link: https://patchwork.freedesktop.org/patch/msgid/20220520091602.179078-1-javierm@redhat.com +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/tiny/st7735r.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/gpu/drm/tiny/st7735r.c b/drivers/gpu/drm/tiny/st7735r.c +index 29d618093e94..e0f02d367d88 100644 +--- a/drivers/gpu/drm/tiny/st7735r.c ++++ b/drivers/gpu/drm/tiny/st7735r.c +@@ -174,6 +174,7 @@ MODULE_DEVICE_TABLE(of, st7735r_of_match); + + static const struct spi_device_id st7735r_id[] = { + { "jd-t18003-t01", (uintptr_t)&jd_t18003_t01_cfg }, ++ { "rh128128t", (uintptr_t)&rh128128t_cfg }, + { }, + }; + MODULE_DEVICE_TABLE(spi, st7735r_id); +-- +2.35.3 + diff --git a/patches.suse/drm-vc4-dsi-Add-correct-stop-condition-to-vc4_dsi_en.patch b/patches.suse/drm-vc4-dsi-Add-correct-stop-condition-to-vc4_dsi_en.patch new file mode 100644 index 0000000..5c034b6 --- /dev/null +++ b/patches.suse/drm-vc4-dsi-Add-correct-stop-condition-to-vc4_dsi_en.patch @@ -0,0 +1,42 @@ +From 7bcb9c8d0bc9f3cab8ac2634b056c2e6b63945ca Mon Sep 17 00:00:00 2001 +From: Dave Stevenson +Date: Mon, 13 Jun 2022 16:47:43 +0200 +Subject: [PATCH] drm/vc4: dsi: Add correct stop condition to vc4_dsi_encoder_disable iteration +Git-commit: 7bcb9c8d0bc9f3cab8ac2634b056c2e6b63945ca +Patch-mainline: v6.0-rc1 +References: git-fixes + +vc4_dsi_encoder_disable is partially an open coded version of +drm_bridge_chain_disable, but it missed a termination condition +in the loop for ->disable which meant that no post_disable +calls were made. + +Add in the termination clause. + +Fixes: 033bfe7538a1 ("drm/vc4: dsi: Fix bridge chain handling") +Signed-off-by: Dave Stevenson +Link: https://lore.kernel.org/r/20220613144800.326124-17-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_dsi.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/gpu/drm/vc4/vc4_dsi.c b/drivers/gpu/drm/vc4/vc4_dsi.c +index 333ea96fcde4..b7b2c76770dc 100644 +--- a/drivers/gpu/drm/vc4/vc4_dsi.c ++++ b/drivers/gpu/drm/vc4/vc4_dsi.c +@@ -803,6 +803,9 @@ static void vc4_dsi_encoder_disable(struct drm_encoder *encoder) + list_for_each_entry_reverse(iter, &dsi->bridge_chain, chain_node) { + if (iter->funcs->disable) + iter->funcs->disable(iter); ++ ++ if (iter == dsi->bridge) ++ break; + } + + vc4_dsi_ulps(dsi, true); +-- +2.35.3 + diff --git a/patches.suse/drm-vc4-dsi-Correct-DSI-divider-calculations.patch b/patches.suse/drm-vc4-dsi-Correct-DSI-divider-calculations.patch new file mode 100644 index 0000000..0d05a9c --- /dev/null +++ b/patches.suse/drm-vc4-dsi-Correct-DSI-divider-calculations.patch @@ -0,0 +1,51 @@ +From 3b45eee87da171caa28f61240ddb5c21170cda53 Mon Sep 17 00:00:00 2001 +From: Dave Stevenson +Date: Mon, 13 Jun 2022 16:47:39 +0200 +Subject: [PATCH] drm/vc4: dsi: Correct DSI divider calculations +Git-commit: 3b45eee87da171caa28f61240ddb5c21170cda53 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The divider calculations tried to find the divider just faster than the +clock requested. However if it required a divider of 7 then the for loop +aborted without handling the "error" case, and could end up with a clock +lower than requested. + +The integer divider from parent PLL to DSI clock is also capable of +going up to /255, not just /7 that the driver was trying. This allows +for slower link frequencies on the DSI bus where the resolution permits. + +Correct the loop so that we always have a clock greater than requested, +and covering the whole range of dividers. + +Fixes: 86c1b9eff3f2 ("drm/vc4: Adjust modes in DSI to work around the integer PLL divider.") +Signed-off-by: Dave Stevenson +Link: https://lore.kernel.org/r/20220613144800.326124-13-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_dsi.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_dsi.c b/drivers/gpu/drm/vc4/vc4_dsi.c +index e82ee94cafc7..81a6c4e9576d 100644 +--- a/drivers/gpu/drm/vc4/vc4_dsi.c ++++ b/drivers/gpu/drm/vc4/vc4_dsi.c +@@ -805,11 +805,9 @@ static bool vc4_dsi_encoder_mode_fixup(struct drm_encoder *encoder, + /* Find what divider gets us a faster clock than the requested + * pixel clock. + */ +- for (divider = 1; divider < 8; divider++) { +- if (parent_rate / divider < pll_clock) { +- divider--; ++ for (divider = 1; divider < 255; divider++) { ++ if (parent_rate / (divider + 1) < pll_clock) + break; +- } + } + + /* Now that we've picked a PLL divider, calculate back to its +-- +2.35.3 + diff --git a/patches.suse/drm-vc4-dsi-Correct-pixel-order-for-DSI0.patch b/patches.suse/drm-vc4-dsi-Correct-pixel-order-for-DSI0.patch new file mode 100644 index 0000000..96c1d54 --- /dev/null +++ b/patches.suse/drm-vc4-dsi-Correct-pixel-order-for-DSI0.patch @@ -0,0 +1,40 @@ +From edfe84ae0df16be1251b5a8e840d95f1f3827500 Mon Sep 17 00:00:00 2001 +From: Dave Stevenson +Date: Mon, 13 Jun 2022 16:47:40 +0200 +Subject: [PATCH] drm/vc4: dsi: Correct pixel order for DSI0 +Git-commit: edfe84ae0df16be1251b5a8e840d95f1f3827500 +Patch-mainline: v6.0-rc1 +References: git-fixes + +For slightly unknown reasons, dsi0 takes a different pixel format +to dsi1, and that has to be set in the pixel valve. + +Amend the setup accordingly. + +Fixes: a86773d120d7 ("drm/vc4: Add support for feeding DSI encoders from the pixel valve.") +Signed-off-by: Dave Stevenson +Link: https://lore.kernel.org/r/20220613144800.326124-14-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_crtc.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_crtc.c b/drivers/gpu/drm/vc4/vc4_crtc.c +index 0b80d84a92bd..e144ff192f44 100644 +--- a/drivers/gpu/drm/vc4/vc4_crtc.c ++++ b/drivers/gpu/drm/vc4/vc4_crtc.c +@@ -320,7 +320,8 @@ static void vc4_crtc_config_pv(struct drm_crtc *crtc, struct drm_encoder *encode + u32 pixel_rep = (mode->flags & DRM_MODE_FLAG_DBLCLK) ? 2 : 1; + bool is_dsi = (vc4_encoder->type == VC4_ENCODER_TYPE_DSI0 || + vc4_encoder->type == VC4_ENCODER_TYPE_DSI1); +- u32 format = is_dsi ? PV_CONTROL_FORMAT_DSIV_24 : PV_CONTROL_FORMAT_24; ++ bool is_dsi1 = vc4_encoder->type == VC4_ENCODER_TYPE_DSI1; ++ u32 format = is_dsi1 ? PV_CONTROL_FORMAT_DSIV_24 : PV_CONTROL_FORMAT_24; + u8 ppc = pv_data->pixels_per_clock; + bool debug_dump_regs = false; + +-- +2.35.3 + diff --git a/patches.suse/drm-vc4-hdmi-Correct-HDMI-timing-registers-for-inter.patch b/patches.suse/drm-vc4-hdmi-Correct-HDMI-timing-registers-for-inter.patch new file mode 100644 index 0000000..410a7d5 --- /dev/null +++ b/patches.suse/drm-vc4-hdmi-Correct-HDMI-timing-registers-for-inter.patch @@ -0,0 +1,41 @@ +From fb10dc451c0f15e3c19798a2f41d357f3f7576f5 Mon Sep 17 00:00:00 2001 +From: Dave Stevenson +Date: Mon, 13 Jun 2022 16:47:59 +0200 +Subject: [PATCH] drm/vc4: hdmi: Correct HDMI timing registers for interlaced modes +Git-commit: fb10dc451c0f15e3c19798a2f41d357f3f7576f5 +Patch-mainline: v6.0-rc1 +References: git-fixes + +For interlaced modes the timings were not being correctly +programmed into the HDMI block, so correct them. + +Fixes: 8323989140f3 ("drm/vc4: hdmi: Support the BCM2711 HDMI controllers") +Signed-off-by: Dave Stevenson +Link: https://lore.kernel.org/r/20220613144800.326124-33-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_hdmi.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/drivers/gpu/drm/vc4/vc4_hdmi.c ++++ b/drivers/gpu/drm/vc4/vc4_hdmi.c +@@ -561,13 +561,13 @@ static void vc5_hdmi_set_timings(struct + VC4_SET_FIELD(mode->crtc_vsync_start - mode->crtc_vdisplay, + VC5_HDMI_VERTA_VFP) | + VC4_SET_FIELD(mode->crtc_vdisplay, VC5_HDMI_VERTA_VAL)); +- u32 vertb = (VC4_SET_FIELD(0, VC5_HDMI_VERTB_VSPO) | +- VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end + +- interlaced, ++ u32 vertb = (VC4_SET_FIELD(mode->htotal >> (2 - pixel_rep), ++ VC5_HDMI_VERTB_VSPO) | ++ VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end, + VC4_HDMI_VERTB_VBP)); + u32 vertb_even = (VC4_SET_FIELD(0, VC5_HDMI_VERTB_VSPO) | + VC4_SET_FIELD(mode->crtc_vtotal - +- mode->crtc_vsync_end, ++ mode->crtc_vsync_end - interlaced, + VC4_HDMI_VERTB_VBP)); + + HDMI_WRITE(HDMI_VEC_INTERFACE_XBAR, 0x354021); diff --git a/patches.suse/drm-vc4-hdmi-Fix-timings-for-interlaced-modes.patch b/patches.suse/drm-vc4-hdmi-Fix-timings-for-interlaced-modes.patch new file mode 100644 index 0000000..000dfaa --- /dev/null +++ b/patches.suse/drm-vc4-hdmi-Fix-timings-for-interlaced-modes.patch @@ -0,0 +1,91 @@ +From 0ee5a40152b15f200ed3a0d51e8aa782ea979c6a Mon Sep 17 00:00:00 2001 +From: Mateusz Kwiatkowski +Date: Mon, 13 Jun 2022 16:47:57 +0200 +Subject: [PATCH] drm/vc4: hdmi: Fix timings for interlaced modes +Git-commit: 0ee5a40152b15f200ed3a0d51e8aa782ea979c6a +Patch-mainline: v6.0-rc1 +References: git-fixes + +Increase the number of post-sync blanking lines on odd fields instead of +decreasing it on even fields. This makes the total number of lines +properly match the modelines. + +Additionally fix the value of PV_VCONTROL_ODD_DELAY, which did not take +pixels_per_clock into account, causing some displays to invert the +fields when driven by bcm2711. + +Fixes: 682e62c45406 ("drm/vc4: Fix support for interlaced modes on HDMI.") +Signed-off-by: Mateusz Kwiatkowski +Link: https://lore.kernel.org/r/20220613144800.326124-31-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_crtc.c | 7 ++++--- + drivers/gpu/drm/vc4/vc4_hdmi.c | 12 ++++++------ + 2 files changed, 10 insertions(+), 9 deletions(-) + +--- a/drivers/gpu/drm/vc4/vc4_crtc.c ++++ b/drivers/gpu/drm/vc4/vc4_crtc.c +@@ -348,7 +348,8 @@ static void vc4_crtc_config_pv(struct dr + PV_HORZB_HACTIVE)); + + CRTC_WRITE(PV_VERTA, +- VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end, ++ VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end + ++ interlace, + PV_VERTA_VBP) | + VC4_SET_FIELD(mode->crtc_vsync_end - mode->crtc_vsync_start, + PV_VERTA_VSYNC)); +@@ -360,7 +361,7 @@ static void vc4_crtc_config_pv(struct dr + if (interlace) { + CRTC_WRITE(PV_VERTA_EVEN, + VC4_SET_FIELD(mode->crtc_vtotal - +- mode->crtc_vsync_end - 1, ++ mode->crtc_vsync_end, + PV_VERTA_VBP) | + VC4_SET_FIELD(mode->crtc_vsync_end - + mode->crtc_vsync_start, +@@ -380,7 +381,7 @@ static void vc4_crtc_config_pv(struct dr + PV_VCONTROL_CONTINUOUS | + (is_dsi ? PV_VCONTROL_DSI : 0) | + PV_VCONTROL_INTERLACE | +- VC4_SET_FIELD(mode->htotal * pixel_rep / 2, ++ VC4_SET_FIELD(mode->htotal * pixel_rep / (2 * ppc), + PV_VCONTROL_ODD_DELAY)); + CRTC_WRITE(PV_VSYNCD_EVEN, 0); + } else { +--- a/drivers/gpu/drm/vc4/vc4_hdmi.c ++++ b/drivers/gpu/drm/vc4/vc4_hdmi.c +@@ -518,12 +518,12 @@ static void vc4_hdmi_set_timings(struct + VC4_HDMI_VERTA_VFP) | + VC4_SET_FIELD(mode->crtc_vdisplay, VC4_HDMI_VERTA_VAL)); + u32 vertb = (VC4_SET_FIELD(0, VC4_HDMI_VERTB_VSPO) | +- VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end, ++ VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end + ++ interlaced, + VC4_HDMI_VERTB_VBP)); + u32 vertb_even = (VC4_SET_FIELD(0, VC4_HDMI_VERTB_VSPO) | + VC4_SET_FIELD(mode->crtc_vtotal - +- mode->crtc_vsync_end - +- interlaced, ++ mode->crtc_vsync_end, + VC4_HDMI_VERTB_VBP)); + + HDMI_WRITE(HDMI_HORZA, +@@ -562,12 +562,12 @@ static void vc5_hdmi_set_timings(struct + VC5_HDMI_VERTA_VFP) | + VC4_SET_FIELD(mode->crtc_vdisplay, VC5_HDMI_VERTA_VAL)); + u32 vertb = (VC4_SET_FIELD(0, VC5_HDMI_VERTB_VSPO) | +- VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end, ++ VC4_SET_FIELD(mode->crtc_vtotal - mode->crtc_vsync_end + ++ interlaced, + VC4_HDMI_VERTB_VBP)); + u32 vertb_even = (VC4_SET_FIELD(0, VC5_HDMI_VERTB_VSPO) | + VC4_SET_FIELD(mode->crtc_vtotal - +- mode->crtc_vsync_end - +- interlaced, ++ mode->crtc_vsync_end, + VC4_HDMI_VERTB_VBP)); + + HDMI_WRITE(HDMI_VEC_INTERFACE_XBAR, 0x354021); diff --git a/patches.suse/drm-vc4-plane-Fix-margin-calculations-for-the-right-.patch b/patches.suse/drm-vc4-plane-Fix-margin-calculations-for-the-right-.patch new file mode 100644 index 0000000..590f777 --- /dev/null +++ b/patches.suse/drm-vc4-plane-Fix-margin-calculations-for-the-right-.patch @@ -0,0 +1,51 @@ +From b7c3d6821627861f4ea3e1f2b595d0ed9e80aac8 Mon Sep 17 00:00:00 2001 +From: Dave Stevenson +Date: Mon, 13 Jun 2022 16:47:32 +0200 +Subject: [PATCH] drm/vc4: plane: Fix margin calculations for the right/bottom edges +Git-commit: b7c3d6821627861f4ea3e1f2b595d0ed9e80aac8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The current plane margin calculation code clips the right and bottom +edges of the range based using the left and top margins. + +This is obviously wrong, so let's fix it. + +Fixes: 666e73587f90 ("drm/vc4: Take margin setup into account when updating planes") +Signed-off-by: Dave Stevenson +Link: https://lore.kernel.org/r/20220613144800.326124-6-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_plane.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c +index c6d42041f4b3..da850d09ef8d 100644 +--- a/drivers/gpu/drm/vc4/vc4_plane.c ++++ b/drivers/gpu/drm/vc4/vc4_plane.c +@@ -312,16 +312,16 @@ static int vc4_plane_margins_adj(struct drm_plane_state *pstate) + adjhdisplay, + crtc_state->mode.hdisplay); + vc4_pstate->crtc_x += left; +- if (vc4_pstate->crtc_x > crtc_state->mode.hdisplay - left) +- vc4_pstate->crtc_x = crtc_state->mode.hdisplay - left; ++ if (vc4_pstate->crtc_x > crtc_state->mode.hdisplay - right) ++ vc4_pstate->crtc_x = crtc_state->mode.hdisplay - right; + + adjvdisplay = crtc_state->mode.vdisplay - (top + bottom); + vc4_pstate->crtc_y = DIV_ROUND_CLOSEST(vc4_pstate->crtc_y * + adjvdisplay, + crtc_state->mode.vdisplay); + vc4_pstate->crtc_y += top; +- if (vc4_pstate->crtc_y > crtc_state->mode.vdisplay - top) +- vc4_pstate->crtc_y = crtc_state->mode.vdisplay - top; ++ if (vc4_pstate->crtc_y > crtc_state->mode.vdisplay - bottom) ++ vc4_pstate->crtc_y = crtc_state->mode.vdisplay - bottom; + + vc4_pstate->crtc_w = DIV_ROUND_CLOSEST(vc4_pstate->crtc_w * + adjhdisplay, +-- +2.35.3 + diff --git a/patches.suse/drm-vc4-plane-Remove-subpixel-positioning-check.patch b/patches.suse/drm-vc4-plane-Remove-subpixel-positioning-check.patch new file mode 100644 index 0000000..417372e --- /dev/null +++ b/patches.suse/drm-vc4-plane-Remove-subpixel-positioning-check.patch @@ -0,0 +1,76 @@ +From 517db1ab1566dba3093dbdb8de4263ba4aa66416 Mon Sep 17 00:00:00 2001 +From: Dom Cobley +Date: Mon, 13 Jun 2022 16:47:31 +0200 +Subject: [PATCH] drm/vc4: plane: Remove subpixel positioning check +Git-commit: 517db1ab1566dba3093dbdb8de4263ba4aa66416 +Patch-mainline: v6.0-rc1 +References: git-fixes + +There is little harm in ignoring fractional coordinates +(they just get truncated). + +Without this: +modetest -M vc4 -F tiles,gradient -s 32:1920x1080-60 -P89@74:1920x1080*.1.1@XR24 + +is rejected. We have the same issue in Kodi when trying to +use zoom options on video. + +Note: even if all coordinates are fully integer. e.g. +src:[0,0,1920,1080] dest:[-10,-10,1940,1100] + +it will still get rejected as drm_atomic_helper_check_plane_state +uses drm_rect_clip_scaled which transforms this to fractional src coords + +Fixes: 21af94cf1a4c ("drm/vc4: Add support for scaling of display planes.") +Signed-off-by: Dom Cobley +Link: https://lore.kernel.org/r/20220613144800.326124-5-maxime@cerno.tech +Signed-off-by: Maxime Ripard +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/vc4/vc4_plane.c | 22 +++++++++------------- + 1 file changed, 9 insertions(+), 13 deletions(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_plane.c b/drivers/gpu/drm/vc4/vc4_plane.c +index 311077647394..c6d42041f4b3 100644 +--- a/drivers/gpu/drm/vc4/vc4_plane.c ++++ b/drivers/gpu/drm/vc4/vc4_plane.c +@@ -341,7 +341,6 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) + struct vc4_plane_state *vc4_state = to_vc4_plane_state(state); + struct drm_framebuffer *fb = state->fb; + struct drm_gem_cma_object *bo = drm_fb_cma_get_gem_obj(fb, 0); +- u32 subpixel_src_mask = (1 << 16) - 1; + int num_planes = fb->format->num_planes; + struct drm_crtc_state *crtc_state; + u32 h_subsample = fb->format->hsub; +@@ -363,18 +362,15 @@ static int vc4_plane_setup_clipping_and_scaling(struct drm_plane_state *state) + for (i = 0; i < num_planes; i++) + vc4_state->offsets[i] = bo->paddr + fb->offsets[i]; + +- /* We don't support subpixel source positioning for scaling. */ +- if ((state->src.x1 & subpixel_src_mask) || +- (state->src.x2 & subpixel_src_mask) || +- (state->src.y1 & subpixel_src_mask) || +- (state->src.y2 & subpixel_src_mask)) { +- return -EINVAL; +- } +- +- vc4_state->src_x = state->src.x1 >> 16; +- vc4_state->src_y = state->src.y1 >> 16; +- vc4_state->src_w[0] = (state->src.x2 - state->src.x1) >> 16; +- vc4_state->src_h[0] = (state->src.y2 - state->src.y1) >> 16; ++ /* ++ * We don't support subpixel source positioning for scaling, ++ * but fractional coordinates can be generated by clipping ++ * so just round for now ++ */ ++ vc4_state->src_x = DIV_ROUND_CLOSEST(state->src.x1, 1 << 16); ++ vc4_state->src_y = DIV_ROUND_CLOSEST(state->src.y1, 1 << 16); ++ vc4_state->src_w[0] = DIV_ROUND_CLOSEST(state->src.x2, 1 << 16) - vc4_state->src_x; ++ vc4_state->src_h[0] = DIV_ROUND_CLOSEST(state->src.y2, 1 << 16) - vc4_state->src_y; + + vc4_state->crtc_x = state->dst.x1; + vc4_state->crtc_y = state->dst.y1; +-- +2.35.3 + diff --git a/patches.suse/fbcon-Disallow-setting-font-bigger-than-screen-size.patch b/patches.suse/fbcon-Disallow-setting-font-bigger-than-screen-size.patch new file mode 100644 index 0000000..f919682 --- /dev/null +++ b/patches.suse/fbcon-Disallow-setting-font-bigger-than-screen-size.patch @@ -0,0 +1,42 @@ +From 65a01e601dbba8b7a51a2677811f70f783766682 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 25 Jun 2022 12:56:49 +0200 +Subject: [PATCH] fbcon: Disallow setting font bigger than screen size +Git-commit: 65a01e601dbba8b7a51a2677811f70f783766682 +Patch-mainline: v5.19-rc6 +References: CVE-2021-33655 bsc#1201635 + +Prevent that users set a font size which is bigger than the physical screen. +It's unlikely this may happen (because screens are usually much larger than the +fonts and each font char is limited to 32x32 pixels), but it may happen on +smaller screens/LCD displays. + +Signed-off-by: Helge Deller +Reviewed-by: Daniel Vetter +Reviewed-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org # v4.14+ +Acked-by: Takashi Iwai + +--- + drivers/video/fbdev/core/fbcon.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c +index c4e91715ef00..a33532564393 100644 +--- a/drivers/video/fbdev/core/fbcon.c ++++ b/drivers/video/fbdev/core/fbcon.c +@@ -2469,6 +2469,11 @@ static int fbcon_set_font(struct vc_data *vc, struct console_font *font, + if (charcount != 256 && charcount != 512) + return -EINVAL; + ++ /* font bigger than screen resolution ? */ ++ if (w > FBCON_SWAP(info->var.rotate, info->var.xres, info->var.yres) || ++ h > FBCON_SWAP(info->var.rotate, info->var.yres, info->var.xres)) ++ return -EINVAL; ++ + /* Make sure drawing engine can handle the font */ + if (!(info->pixmap.blit_x & (1 << (font->width - 1))) || + !(info->pixmap.blit_y & (1 << (font->height - 1)))) +-- +2.35.3 + diff --git a/patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch b/patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch new file mode 100644 index 0000000..8bb44a5 --- /dev/null +++ b/patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch @@ -0,0 +1,108 @@ +From e64242caef18b4a5840b0e7a9bff37abd4f4f933 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Sat, 25 Jun 2022 13:00:34 +0200 +Subject: [PATCH] fbcon: Prevent that screen size is smaller than font size +Git-commit: e64242caef18b4a5840b0e7a9bff37abd4f4f933 +Patch-mainline: v5.19-rc6 +References: CVE-2021-33655 bsc#1201635 + +We need to prevent that users configure a screen size which is smaller than the +currently selected font size. Otherwise rendering chars on the screen will +access memory outside the graphics memory region. + +This patch adds a new function fbcon_modechange_possible() which +implements this check and which later may be extended with other checks +if necessary. The new function is called from the FBIOPUT_VSCREENINFO +ioctl handler in fbmem.c, which will return -EINVAL if userspace asked +for a too small screen size. + +Signed-off-by: Helge Deller +Reviewed-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org # v5.4+ +Acked-by: Takashi Iwai + +--- + drivers/video/fbdev/core/fbcon.c | 28 ++++++++++++++++++++++++++++ + drivers/video/fbdev/core/fbmem.c | 4 +++- + include/linux/fbcon.h | 4 ++++ + 3 files changed, 35 insertions(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/core/fbcon.c b/drivers/video/fbdev/core/fbcon.c +index a33532564393..5632870a9aeb 100644 +--- a/drivers/video/fbdev/core/fbcon.c ++++ b/drivers/video/fbdev/core/fbcon.c +@@ -2736,6 +2736,34 @@ void fbcon_update_vcs(struct fb_info *info, bool all) + } + EXPORT_SYMBOL(fbcon_update_vcs); + ++/* let fbcon check if it supports a new screen resolution */ ++int fbcon_modechange_possible(struct fb_info *info, struct fb_var_screeninfo *var) ++{ ++ struct fbcon_ops *ops = info->fbcon_par; ++ struct vc_data *vc; ++ unsigned int i; ++ ++ WARN_CONSOLE_UNLOCKED(); ++ ++ if (!ops) ++ return 0; ++ ++ /* prevent setting a screen size which is smaller than font size */ ++ for (i = first_fb_vc; i <= last_fb_vc; i++) { ++ vc = vc_cons[i].d; ++ if (!vc || vc->vc_mode != KD_TEXT || ++ registered_fb[con2fb_map[i]] != info) ++ continue; ++ ++ if (vc->vc_font.width > FBCON_SWAP(var->rotate, var->xres, var->yres) || ++ vc->vc_font.height > FBCON_SWAP(var->rotate, var->yres, var->xres)) ++ return -EINVAL; ++ } ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(fbcon_modechange_possible); ++ + int fbcon_mode_deleted(struct fb_info *info, + struct fb_videomode *mode) + { +diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c +index ee63b5b47290..7dc6848a96bb 100644 +--- a/drivers/video/fbdev/core/fbmem.c ++++ b/drivers/video/fbdev/core/fbmem.c +@@ -1107,7 +1107,9 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, + return -EFAULT; + console_lock(); + lock_fb_info(info); +- ret = fb_set_var(info, &var); ++ ret = fbcon_modechange_possible(info, &var); ++ if (!ret) ++ ret = fb_set_var(info, &var); + if (!ret) + fbcon_update_vcs(info, var.activate & FB_ACTIVATE_ALL); + unlock_fb_info(info); +diff --git a/include/linux/fbcon.h b/include/linux/fbcon.h +index ff5596dd30f8..2382dec6d6ab 100644 +--- a/include/linux/fbcon.h ++++ b/include/linux/fbcon.h +@@ -15,6 +15,8 @@ void fbcon_new_modelist(struct fb_info *info); + void fbcon_get_requirement(struct fb_info *info, + struct fb_blit_caps *caps); + void fbcon_fb_blanked(struct fb_info *info, int blank); ++int fbcon_modechange_possible(struct fb_info *info, ++ struct fb_var_screeninfo *var); + void fbcon_update_vcs(struct fb_info *info, bool all); + void fbcon_remap_all(struct fb_info *info); + int fbcon_set_con2fb_map_ioctl(void __user *argp); +@@ -33,6 +35,8 @@ static inline void fbcon_new_modelist(struct fb_info *info) {} + static inline void fbcon_get_requirement(struct fb_info *info, + struct fb_blit_caps *caps) {} + static inline void fbcon_fb_blanked(struct fb_info *info, int blank) {} ++static inline int fbcon_modechange_possible(struct fb_info *info, ++ struct fb_var_screeninfo *var) { return 0; } + static inline void fbcon_update_vcs(struct fb_info *info, bool all) {} + static inline void fbcon_remap_all(struct fb_info *info) {} + static inline int fbcon_set_con2fb_map_ioctl(void __user *argp) { return 0; } +-- +2.35.3 + diff --git a/patches.suse/fbdev-fbmem-Fix-logo-center-image-dx-issue.patch b/patches.suse/fbdev-fbmem-Fix-logo-center-image-dx-issue.patch new file mode 100644 index 0000000..221aff1 --- /dev/null +++ b/patches.suse/fbdev-fbmem-Fix-logo-center-image-dx-issue.patch @@ -0,0 +1,38 @@ +From 955f04766d4e6eb94bf3baa539e096808c74ebfb Mon Sep 17 00:00:00 2001 +From: Guiling Deng +Date: Tue, 28 Jun 2022 09:36:41 -0700 +Subject: [PATCH] fbdev: fbmem: Fix logo center image dx issue +Git-commit: 955f04766d4e6eb94bf3baa539e096808c74ebfb +Patch-mainline: v5.19-rc6 +References: git-fixes + +Image.dx gets wrong value because of missing '()'. + +If xres == logo->width and n == 1, image.dx = -16. + +Signed-off-by: Guiling Deng +Fixes: 3d8b1933eb1c ("fbdev: fbmem: add config option to center the bootup logo") +Cc: stable@vger.kernel.org # v5.0+ +Signed-off-by: Helge Deller +Acked-by: Takashi Iwai + +--- + drivers/video/fbdev/core/fbmem.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c +index 8afc4538558c..ee63b5b47290 100644 +--- a/drivers/video/fbdev/core/fbmem.c ++++ b/drivers/video/fbdev/core/fbmem.c +@@ -511,7 +511,7 @@ static int fb_show_logo_line(struct fb_info *info, int rotate, + + while (n && (n * (logo->width + 8) - 8 > xres)) + --n; +- image.dx = (xres - n * (logo->width + 8) - 8) / 2; ++ image.dx = (xres - (n * (logo->width + 8) - 8)) / 2; + image.dy = y ?: (yres - logo->height) / 2; + } else { + image.dx = 0; +-- +2.35.3 + diff --git a/patches.suse/fbmem-Check-virtual-screen-sizes-in-fb_set_var.patch b/patches.suse/fbmem-Check-virtual-screen-sizes-in-fb_set_var.patch new file mode 100644 index 0000000..0aea051 --- /dev/null +++ b/patches.suse/fbmem-Check-virtual-screen-sizes-in-fb_set_var.patch @@ -0,0 +1,45 @@ +From 6c11df58fd1ac0aefcb3b227f72769272b939e56 Mon Sep 17 00:00:00 2001 +From: Helge Deller +Date: Wed, 29 Jun 2022 15:53:55 +0200 +Subject: [PATCH] fbmem: Check virtual screen sizes in fb_set_var() +Git-commit: 6c11df58fd1ac0aefcb3b227f72769272b939e56 +Patch-mainline: v5.19-rc6 +References: CVE-2021-33655 bsc#1201635 + +Verify that the fbdev or drm driver correctly adjusted the virtual +screen sizes. On failure report the failing driver and reject the screen +size change. + +Signed-off-by: Helge Deller +Reviewed-by: Geert Uytterhoeven +Cc: stable@vger.kernel.org # v5.4+ +Acked-by: Takashi Iwai + +--- + drivers/video/fbdev/core/fbmem.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/drivers/video/fbdev/core/fbmem.c b/drivers/video/fbdev/core/fbmem.c +index 7dc6848a96bb..7ee6eb2fa715 100644 +--- a/drivers/video/fbdev/core/fbmem.c ++++ b/drivers/video/fbdev/core/fbmem.c +@@ -1017,6 +1017,16 @@ fb_set_var(struct fb_info *info, struct fb_var_screeninfo *var) + if (ret) + return ret; + ++ /* verify that virtual resolution >= physical resolution */ ++ if (var->xres_virtual < var->xres || ++ var->yres_virtual < var->yres) { ++ pr_warn("WARNING: fbcon: Driver '%s' missed to adjust virtual screen size (%ux%u vs. %ux%u)\n", ++ info->fix.id, ++ var->xres_virtual, var->yres_virtual, ++ var->xres, var->yres); ++ return -EINVAL; ++ } ++ + if ((var->activate & FB_ACTIVATE_MASK) != FB_ACTIVATE_NOW) + return 0; + +-- +2.35.3 + diff --git a/patches.suse/floppy-disable-FDRAWCMD-by-default.patch b/patches.suse/floppy-disable-FDRAWCMD-by-default.patch deleted file mode 100644 index 604d0b6..0000000 --- a/patches.suse/floppy-disable-FDRAWCMD-by-default.patch +++ /dev/null @@ -1,148 +0,0 @@ -From 233087ca063686964a53c829d547c7571e3f67bf Mon Sep 17 00:00:00 2001 -From: Willy Tarreau -Date: Tue, 26 Apr 2022 23:41:05 +0300 -Subject: [PATCH] floppy: disable FDRAWCMD by default -Git-commit: 233087ca063686964a53c829d547c7571e3f67bf -Patch-mainline: v5.18-rc5 -References: bsc#1198866 CVE-2022-1836 - -Minh Yuan reported a concurrency use-after-free issue in the floppy code -between raw_cmd_ioctl and seek_interrupt. - -[ It turns out this has been around, and that others have reported the - KASAN splats over the years, but Minh Yuan had a reproducer for it and - so gets primary credit for reporting it for this fix - Linus ] - -The problem is, this driver tends to break very easily and nowadays, -nobody is expected to use FDRAWCMD anyway since it was used to -manipulate non-standard formats. The risk of breaking the driver is -higher than the risk presented by this race, and accessing the device -requires privileges anyway. - -Let's just add a config option to completely disable this ioctl and -leave it disabled by default. Distros shouldn't use it, and only those -running on antique hardware might need to enable it. - -Link: https://lore.kernel.org/all/000000000000b71cdd05d703f6bf@google.com/ -Link: https://lore.kernel.org/lkml/CAKcFiNC=MfYVW-Jt9A3=FPJpTwCD2PL_ULNCpsCVE5s8ZeBQgQ@mail.gmail.com -Link: https://lore.kernel.org/all/CAEAjamu1FRhz6StCe_55XY5s389ZP_xmCF69k987En+1z53=eg@mail.gmail.com -Reported-by: Minh Yuan -Reported-by: syzbot+8e8958586909d62b6840@syzkaller.appspotmail.com -Reported-by: cruise k -Reported-by: Kyungtae Kim -Suggested-by: Linus Torvalds -Tested-by: Denis Efremov -Signed-off-by: Willy Tarreau -Signed-off-by: Linus Torvalds -Acked-by: Vasant Karasulli - ---- - drivers/block/Kconfig | 16 ++++++++++++++++ - drivers/block/floppy.c | 43 +++++++++++++++++++++++++++++++----------- - 2 files changed, 48 insertions(+), 11 deletions(-) - -diff --git a/drivers/block/Kconfig b/drivers/block/Kconfig -index 519b6d38d4df..fdb81f2794cd 100644 ---- a/drivers/block/Kconfig -+++ b/drivers/block/Kconfig -@@ -33,6 +33,22 @@ config BLK_DEV_FD - To compile this driver as a module, choose M here: the - module will be called floppy. - -+config BLK_DEV_FD_RAWCMD -+ bool "Support for raw floppy disk commands (DEPRECATED)" -+ depends on BLK_DEV_FD -+ help -+ If you want to use actual physical floppies and expect to do -+ special low-level hardware accesses to them (access and use -+ non-standard formats, for example), then enable this. -+ -+ Note that the code enabled by this option is rarely used and -+ might be unstable or insecure, and distros should not enable it. -+ -+ Note: FDRAWCMD is deprecated and will be removed from the kernel -+ in the near future. -+ -+ If unsure, say N. -+ - config AMIGA_FLOPPY - tristate "Amiga floppy support" - depends on AMIGA -diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c -index 8c647532e3ce..d5b9ff9bcbb2 100644 ---- a/drivers/block/floppy.c -+++ b/drivers/block/floppy.c -@@ -2982,6 +2982,8 @@ static const char *drive_name(int type, int drive) - return "(null)"; - } - -+#ifdef CONFIG_BLK_DEV_FD_RAWCMD -+ - /* raw commands */ - static void raw_cmd_done(int flag) - { -@@ -3181,6 +3183,35 @@ static int raw_cmd_ioctl(int cmd, void __user *param) - return ret; - } - -+static int floppy_raw_cmd_ioctl(int type, int drive, int cmd, -+ void __user *param) -+{ -+ int ret; -+ -+ pr_warn_once("Note: FDRAWCMD is deprecated and will be removed from the kernel in the near future.\n"); -+ -+ if (type) -+ return -EINVAL; -+ if (lock_fdc(drive)) -+ return -EINTR; -+ set_floppy(drive); -+ ret = raw_cmd_ioctl(cmd, param); -+ if (ret == -EINTR) -+ return -EINTR; -+ process_fd_request(); -+ return ret; -+} -+ -+#else /* CONFIG_BLK_DEV_FD_RAWCMD */ -+ -+static int floppy_raw_cmd_ioctl(int type, int drive, int cmd, -+ void __user *param) -+{ -+ return -EOPNOTSUPP; -+} -+ -+#endif -+ - static int invalidate_drive(struct block_device *bdev) - { - /* invalidate the buffer track to force a reread */ -@@ -3369,7 +3400,6 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int - { - int drive = (long)bdev->bd_disk->private_data; - int type = ITYPE(UDRS->fd_device); -- int i; - int ret; - int size; - union inparam { -@@ -3520,16 +3550,7 @@ static int fd_locked_ioctl(struct block_device *bdev, fmode_t mode, unsigned int - outparam = UDRWE; - break; - case FDRAWCMD: -- if (type) -- return -EINVAL; -- if (lock_fdc(drive)) -- return -EINTR; -- set_floppy(drive); -- i = raw_cmd_ioctl(cmd, (void __user *)param); -- if (i == -EINTR) -- return -EINTR; -- process_fd_request(); -- return i; -+ return floppy_raw_cmd_ioctl(type, drive, cmd, (void __user *)param); - case FDTWADDLE: - if (lock_fdc(drive)) - return -EINTR; --- -2.32.0 - diff --git a/patches.suse/fpga-altera-pr-ip-fix-unsigned-comparison-with-less-.patch b/patches.suse/fpga-altera-pr-ip-fix-unsigned-comparison-with-less-.patch new file mode 100644 index 0000000..b139c4b --- /dev/null +++ b/patches.suse/fpga-altera-pr-ip-fix-unsigned-comparison-with-less-.patch @@ -0,0 +1,40 @@ +From 2df84a757d87fd62869fc401119d429735377ec5 Mon Sep 17 00:00:00 2001 +From: Marco Pagani +Date: Thu, 9 Jun 2022 16:05:19 +0200 +Subject: [PATCH] fpga: altera-pr-ip: fix unsigned comparison with less than zero +Git-commit: 2df84a757d87fd62869fc401119d429735377ec5 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Fix the "comparison with less than zero" warning reported by +cppcheck for the unsigned (size_t) parameter count of the +alt_pr_fpga_write() function. + +Fixes: d201cc17a8a3 ("fpga pr ip: Core driver support for Altera Partial Reconfiguration IP") +Reviewed-by: Tom Rix +Acked-by: Xu Yilun +Signed-off-by: Marco Pagani +Link: https://lore.kernel.org/r/20220609140520.42662-1-marpagan@redhat.com +Signed-off-by: Xu Yilun +Acked-by: Takashi Iwai + +--- + drivers/fpga/altera-pr-ip-core.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/fpga/altera-pr-ip-core.c b/drivers/fpga/altera-pr-ip-core.c +index be0667968d33..df8671af4a92 100644 +--- a/drivers/fpga/altera-pr-ip-core.c ++++ b/drivers/fpga/altera-pr-ip-core.c +@@ -108,7 +108,7 @@ static int alt_pr_fpga_write(struct fpga_manager *mgr, const char *buf, + u32 *buffer_32 = (u32 *)buf; + size_t i = 0; + +- if (count <= 0) ++ if (!count) + return -EINVAL; + + /* Write out the complete 32-bit chunks */ +-- +2.35.3 + diff --git a/patches.suse/ftgmac100-Restart-MAC-HW-once.patch b/patches.suse/ftgmac100-Restart-MAC-HW-once.patch new file mode 100644 index 0000000..5d15cdf --- /dev/null +++ b/patches.suse/ftgmac100-Restart-MAC-HW-once.patch @@ -0,0 +1,37 @@ +From 83ab4b32684d511b4be1bb3cb4a962580992ba8f Mon Sep 17 00:00:00 2001 +From: Dylan Hung +Date: Fri, 12 Mar 2021 11:04:05 +1030 +Subject: [PATCH 08/17] ftgmac100: Restart MAC HW once +Git-commit: 6897087323a2fde46df32917462750c069668b2f +References: git-fixes +Patch-mainline: v5.12-rc5 + +The interrupt handler may set the flag to reset the mac in the future, +but that flag is not cleared once the reset has occurred. + +Fixes: 10cbd6407609 ("ftgmac100: Rework NAPI & interrupts handling") +Signed-off-by: Dylan Hung +Acked-by: Benjamin Herrenschmidt +Reviewed-by: Joel Stanley +Signed-off-by: Joel Stanley +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/faraday/ftgmac100.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c +index efbe7949ec88..fe5ce50ed6a5 100644 +--- a/drivers/net/ethernet/faraday/ftgmac100.c ++++ b/drivers/net/ethernet/faraday/ftgmac100.c +@@ -1306,6 +1306,7 @@ static int ftgmac100_poll(struct napi_struct *napi, int budget) + */ + if (unlikely(priv->need_mac_restart)) { + ftgmac100_start_hw(priv); ++ priv->need_mac_restart = false; + + /* Re-enable "bad" interrupts */ + iowrite32(FTGMAC100_INT_BAD, +-- +2.16.4 + diff --git a/patches.suse/gpio-gpiolib-of-Fix-refcount-bugs-in-of_mm_gpiochip_.patch b/patches.suse/gpio-gpiolib-of-Fix-refcount-bugs-in-of_mm_gpiochip_.patch new file mode 100644 index 0000000..d09d610 --- /dev/null +++ b/patches.suse/gpio-gpiolib-of-Fix-refcount-bugs-in-of_mm_gpiochip_.patch @@ -0,0 +1,53 @@ +From 5d07a692f9562f9c06e62cce369e9dd108173a0f Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Mon, 11 Jul 2022 20:52:38 +0800 +Subject: [PATCH] gpio: gpiolib-of: Fix refcount bugs in of_mm_gpiochip_add_data() +Git-commit: 5d07a692f9562f9c06e62cce369e9dd108173a0f +Patch-mainline: v6.0-rc1 +References: git-fixes + +We should use of_node_get() when a new reference of device_node +is created. It is noted that the old reference stored in +'mm_gc->gc.of_node' should also be decreased. + +This patch is based on the fact that there is a call site in function +'qe_add_gpiochips()' of src file 'drivers\soc\fsl\qe\gpio.c'. In this +function, of_mm_gpiochip_add_data() is contained in an iteration of +for_each_compatible_node() which will automatically increase and +decrease the refcount. So we need additional of_node_get() for the +reference escape in of_mm_gpiochip_add_data(). + +Fixes: a19e3da5bc5f ("of/gpio: Kill of_gpio_chip and add members directly to gpio_chip") +Signed-off-by: Liang He +Signed-off-by: Bartosz Golaszewski +Acked-by: Takashi Iwai + +--- + drivers/gpio/gpiolib-of.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/gpio/gpiolib-of.c b/drivers/gpio/gpiolib-of.c +index 23b8de98bf7c..f80307be37d5 100644 +--- a/drivers/gpio/gpiolib-of.c ++++ b/drivers/gpio/gpiolib-of.c +@@ -860,7 +860,8 @@ int of_mm_gpiochip_add_data(struct device_node *np, + if (mm_gc->save_regs) + mm_gc->save_regs(mm_gc); + +- mm_gc->gc.of_node = np; ++ of_node_put(mm_gc->gc.of_node); ++ mm_gc->gc.of_node = of_node_get(np); + + ret = gpiochip_add_data(gc, data); + if (ret) +@@ -868,6 +869,7 @@ int of_mm_gpiochip_add_data(struct device_node *np, + + return 0; + err2: ++ of_node_put(np); + iounmap(mm_gc->regs); + err1: + kfree(gc->label); +-- +2.35.3 + diff --git a/patches.suse/gpio-pca953x-only-use-single-read-write-for-No-AI-mo.patch b/patches.suse/gpio-pca953x-only-use-single-read-write-for-No-AI-mo.patch new file mode 100644 index 0000000..ad4f6c0 --- /dev/null +++ b/patches.suse/gpio-pca953x-only-use-single-read-write-for-No-AI-mo.patch @@ -0,0 +1,48 @@ +From db8edaa09d7461ec08672a92a2eef63d5882bb79 Mon Sep 17 00:00:00 2001 +From: Haibo Chen +Date: Mon, 18 Jul 2022 16:31:41 +0800 +Subject: [PATCH] gpio: pca953x: only use single read/write for No AI mode +Git-commit: db8edaa09d7461ec08672a92a2eef63d5882bb79 +Patch-mainline: v5.19-rc8 +References: git-fixes + +For the device use NO AI mode(not support auto address increment), +only use the single read/write when config the regmap. + +We meet issue on PCA9557PW on i.MX8QXP/DXL evk board, this device +do not support AI mode, but when do the regmap sync, regmap will +sync 3 byte data to register 1, logically this means write first +data to register 1, write second data to register 2, write third data +to register 3. But this device do not support AI mode, finally, these +three data write only into register 1 one by one. the reault is the +value of register 1 alway equal to the latest data, here is the third +data, no operation happened on register 2 and register 3. This is +not what we expect. + +Fixes: 49427232764d ("gpio: pca953x: Perform basic regmap conversion") +Signed-off-by: Haibo Chen +Reviewed-by: Andy Shevchenko +Signed-off-by: Bartosz Golaszewski +Acked-by: Takashi Iwai + +--- + drivers/gpio/gpio-pca953x.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c +index 08bc52c3cdcb..7209f69a8e8d 100644 +--- a/drivers/gpio/gpio-pca953x.c ++++ b/drivers/gpio/gpio-pca953x.c +@@ -351,6 +351,9 @@ static const struct regmap_config pca953x_i2c_regmap = { + .reg_bits = 8, + .val_bits = 8, + ++ .use_single_read = true, ++ .use_single_write = true, ++ + .readable_reg = pca953x_readable_register, + .writeable_reg = pca953x_writeable_register, + .volatile_reg = pca953x_volatile_register, +-- +2.35.3 + diff --git a/patches.suse/gpio-pca953x-use-the-correct-range-when-do-regmap-sy.patch b/patches.suse/gpio-pca953x-use-the-correct-range-when-do-regmap-sy.patch new file mode 100644 index 0000000..065a516 --- /dev/null +++ b/patches.suse/gpio-pca953x-use-the-correct-range-when-do-regmap-sy.patch @@ -0,0 +1,85 @@ +From 2abc17a93867dc816f0ed9d32021dda8078e7330 Mon Sep 17 00:00:00 2001 +From: Haibo Chen +Date: Mon, 18 Jul 2022 16:31:42 +0800 +Subject: [PATCH] gpio: pca953x: use the correct range when do regmap sync +Git-commit: 2abc17a93867dc816f0ed9d32021dda8078e7330 +Patch-mainline: v5.19-rc8 +References: git-fixes + +regmap will sync a range of registers, here use the correct range +to make sure the sync do not touch other unexpected registers. + +Find on pca9557pw on imx8qxp/dxl evk board, this device support +8 pin, so only need one register(8 bits) to cover all the 8 pins's +property setting. But when sync the output, we find it actually +update two registers, output register and the following register. + +Fixes: b76574300504 ("gpio: pca953x: Restore registers after suspend/resume cycle") +Fixes: ec82d1eba346 ("gpio: pca953x: Zap ad-hoc reg_output cache") +Fixes: 0f25fda840a9 ("gpio: pca953x: Zap ad-hoc reg_direction cache") +Signed-off-by: Haibo Chen +Reviewed-by: Andy Shevchenko +Signed-off-by: Bartosz Golaszewski +Acked-by: Takashi Iwai + +--- + drivers/gpio/gpio-pca953x.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c +index 7209f69a8e8d..18888ec24d04 100644 +--- a/drivers/gpio/gpio-pca953x.c ++++ b/drivers/gpio/gpio-pca953x.c +@@ -912,12 +912,12 @@ static int device_pca95xx_init(struct pca953x_chip *chip, u32 invert) + int ret; + + ret = regcache_sync_region(chip->regmap, chip->regs->output, +- chip->regs->output + NBANK(chip)); ++ chip->regs->output + NBANK(chip) - 1); + if (ret) + goto out; + + ret = regcache_sync_region(chip->regmap, chip->regs->direction, +- chip->regs->direction + NBANK(chip)); ++ chip->regs->direction + NBANK(chip) - 1); + if (ret) + goto out; + +@@ -1130,14 +1130,14 @@ static int pca953x_regcache_sync(struct device *dev) + * sync these registers first and only then sync the rest. + */ + regaddr = pca953x_recalc_addr(chip, chip->regs->direction, 0); +- ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip)); ++ ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip) - 1); + if (ret) { + dev_err(dev, "Failed to sync GPIO dir registers: %d\n", ret); + return ret; + } + + regaddr = pca953x_recalc_addr(chip, chip->regs->output, 0); +- ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip)); ++ ret = regcache_sync_region(chip->regmap, regaddr, regaddr + NBANK(chip) - 1); + if (ret) { + dev_err(dev, "Failed to sync GPIO out registers: %d\n", ret); + return ret; +@@ -1147,7 +1147,7 @@ static int pca953x_regcache_sync(struct device *dev) + if (chip->driver_data & PCA_PCAL) { + regaddr = pca953x_recalc_addr(chip, PCAL953X_IN_LATCH, 0); + ret = regcache_sync_region(chip->regmap, regaddr, +- regaddr + NBANK(chip)); ++ regaddr + NBANK(chip) - 1); + if (ret) { + dev_err(dev, "Failed to sync INT latch registers: %d\n", + ret); +@@ -1156,7 +1156,7 @@ static int pca953x_regcache_sync(struct device *dev) + + regaddr = pca953x_recalc_addr(chip, PCAL953X_INT_MASK, 0); + ret = regcache_sync_region(chip->regmap, regaddr, +- regaddr + NBANK(chip)); ++ regaddr + NBANK(chip) - 1); + if (ret) { + dev_err(dev, "Failed to sync INT mask registers: %d\n", + ret); +-- +2.35.3 + diff --git a/patches.suse/gpio-pca953x-use-the-correct-register-address-when-r.patch b/patches.suse/gpio-pca953x-use-the-correct-register-address-when-r.patch new file mode 100644 index 0000000..3ddc4ea --- /dev/null +++ b/patches.suse/gpio-pca953x-use-the-correct-register-address-when-r.patch @@ -0,0 +1,52 @@ +From b8c768ccdd8338504fb78370747728d5002b1b5a Mon Sep 17 00:00:00 2001 +From: Haibo Chen +Date: Mon, 18 Jul 2022 16:31:43 +0800 +Subject: [PATCH] gpio: pca953x: use the correct register address when regcache sync during init +Git-commit: b8c768ccdd8338504fb78370747728d5002b1b5a +Patch-mainline: v5.19-rc8 +References: git-fixes + +For regcache_sync_region, we need to use pca953x_recalc_addr() to get +the real register address. + +Fixes: ec82d1eba346 ("gpio: pca953x: Zap ad-hoc reg_output cache") +Fixes: 0f25fda840a9 ("gpio: pca953x: Zap ad-hoc reg_direction cache") +Signed-off-by: Haibo Chen +Reviewed-by: Andy Shevchenko +Signed-off-by: Bartosz Golaszewski +Acked-by: Takashi Iwai + +--- + drivers/gpio/gpio-pca953x.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/drivers/gpio/gpio-pca953x.c b/drivers/gpio/gpio-pca953x.c +index 18888ec24d04..ecd7d169470b 100644 +--- a/drivers/gpio/gpio-pca953x.c ++++ b/drivers/gpio/gpio-pca953x.c +@@ -909,15 +909,18 @@ static int pca953x_irq_setup(struct pca953x_chip *chip, + static int device_pca95xx_init(struct pca953x_chip *chip, u32 invert) + { + DECLARE_BITMAP(val, MAX_LINE); ++ u8 regaddr; + int ret; + +- ret = regcache_sync_region(chip->regmap, chip->regs->output, +- chip->regs->output + NBANK(chip) - 1); ++ regaddr = pca953x_recalc_addr(chip, chip->regs->output, 0); ++ ret = regcache_sync_region(chip->regmap, regaddr, ++ regaddr + NBANK(chip) - 1); + if (ret) + goto out; + +- ret = regcache_sync_region(chip->regmap, chip->regs->direction, +- chip->regs->direction + NBANK(chip) - 1); ++ regaddr = pca953x_recalc_addr(chip, chip->regs->direction, 0); ++ ret = regcache_sync_region(chip->regmap, regaddr, ++ regaddr + NBANK(chip) - 1); + if (ret) + goto out; + +-- +2.35.3 + diff --git a/patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch b/patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch deleted file mode 100644 index 8bdb264..0000000 --- a/patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch +++ /dev/null @@ -1,75 +0,0 @@ -From ddaefa209c4ac791c1262e97c9b2d0440c8ef1d5 Mon Sep 17 00:00:00 2001 -From: Guenter Roeck -Date: Wed, 11 May 2022 06:22:51 -0700 -Subject: [PATCH] hwmon: Make chip parameter for with_info API mandatory -Git-commit: ddaefa209c4ac791c1262e97c9b2d0440c8ef1d5 -Patch-mainline: v5.19-rc1 -References: git-fixes - -Various attempts were made recently to "convert" the old -hwmon_device_register() API to devm_hwmon_device_register_with_info() -by just changing the function name without actually converting the -driver. Prevent this from happening by making the 'chip' parameter of -devm_hwmon_device_register_with_info() mandatory. - -Signed-off-by: Guenter Roeck -Acked-by: Takashi Iwai - ---- - Documentation/hwmon/hwmon-kernel-api.rst | 2 +- - drivers/hwmon/hwmon.c | 16 +++++++--------- - 2 files changed, 8 insertions(+), 10 deletions(-) - -diff --git a/Documentation/hwmon/hwmon-kernel-api.rst b/Documentation/hwmon/hwmon-kernel-api.rst -index e2975d5caf34..f3276b3a381a 100644 ---- a/Documentation/hwmon/hwmon-kernel-api.rst -+++ b/Documentation/hwmon/hwmon-kernel-api.rst -@@ -76,7 +76,7 @@ hwmon_device_register_with_info is the most comprehensive and preferred means - to register a hardware monitoring device. It creates the standard sysfs - attributes in the hardware monitoring core, letting the driver focus on reading - from and writing to the chip instead of having to bother with sysfs attributes. --The parent device parameter cannot be NULL with non-NULL chip info. Its -+The parent device parameter as well as the chip parameter must not be NULL. Its - parameters are described in more detail below. - - devm_hwmon_device_register_with_info is similar to -diff --git a/drivers/hwmon/hwmon.c b/drivers/hwmon/hwmon.c -index 13053a4edc9e..22de7a9e7ba7 100644 ---- a/drivers/hwmon/hwmon.c -+++ b/drivers/hwmon/hwmon.c -@@ -886,11 +886,12 @@ EXPORT_SYMBOL_GPL(hwmon_device_register_with_groups); - - /** - * hwmon_device_register_with_info - register w/ hwmon -- * @dev: the parent device -- * @name: hwmon name attribute -- * @drvdata: driver data to attach to created device -- * @chip: pointer to hwmon chip information -+ * @dev: the parent device (mandatory) -+ * @name: hwmon name attribute (mandatory) -+ * @drvdata: driver data to attach to created device (optional) -+ * @chip: pointer to hwmon chip information (mandatory) - * @extra_groups: pointer to list of additional non-standard attribute groups -+ * (optional) - * - * hwmon_device_unregister() must be called when the device is no - * longer needed. -@@ -903,13 +904,10 @@ hwmon_device_register_with_info(struct device *dev, const char *name, - const struct hwmon_chip_info *chip, - const struct attribute_group **extra_groups) - { -- if (!name) -- return ERR_PTR(-EINVAL); -- -- if (chip && (!chip->ops || !chip->ops->is_visible || !chip->info)) -+ if (!dev || !name || !chip) - return ERR_PTR(-EINVAL); - -- if (chip && !dev) -+ if (!chip->ops || !chip->ops->is_visible || !chip->info) - return ERR_PTR(-EINVAL); - - return __hwmon_device_register(dev, name, drvdata, chip, extra_groups); --- -2.35.3 - diff --git a/patches.suse/i2c-Fix-a-potential-use-after-free.patch b/patches.suse/i2c-Fix-a-potential-use-after-free.patch new file mode 100644 index 0000000..7cf6220 --- /dev/null +++ b/patches.suse/i2c-Fix-a-potential-use-after-free.patch @@ -0,0 +1,40 @@ +From e4c72c06c367758a14f227c847f9d623f1994ecf Mon Sep 17 00:00:00 2001 +From: Xu Wang +Date: Fri, 27 Dec 2019 09:34:32 +0000 +Subject: [PATCH] i2c: Fix a potential use after free +Git-commit: e4c72c06c367758a14f227c847f9d623f1994ecf +Patch-mainline: v6.0-rc1 +References: git-fixes + +Free the adap structure only after we are done using it. +This patch just moves the put_device() down a bit to avoid the +use after free. + +Fixes: 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in i2c_[get|put]_adapter") +Signed-off-by: Xu Wang +[wsa: added comment to the code, added Fixes tag] +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/i2c-core-base.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/i2c/i2c-core-base.c b/drivers/i2c/i2c-core-base.c +index 8ae47e0bbd67..10f35f942066 100644 +--- a/drivers/i2c/i2c-core-base.c ++++ b/drivers/i2c/i2c-core-base.c +@@ -2461,8 +2461,9 @@ void i2c_put_adapter(struct i2c_adapter *adap) + if (!adap) + return; + +- put_device(&adap->dev); + module_put(adap->owner); ++ /* Should be last, otherwise we risk use-after-free with 'adap' */ ++ put_device(&adap->dev); + } + EXPORT_SYMBOL(i2c_put_adapter); + +-- +2.35.3 + diff --git a/patches.suse/i2c-cadence-Change-large-transfer-count-reset-logic-.patch b/patches.suse/i2c-cadence-Change-large-transfer-count-reset-logic-.patch new file mode 100644 index 0000000..fb0603c --- /dev/null +++ b/patches.suse/i2c-cadence-Change-large-transfer-count-reset-logic-.patch @@ -0,0 +1,105 @@ +From 4ca8ca873d454635c20d508261bfc0081af75cf8 Mon Sep 17 00:00:00 2001 +From: Robert Hancock +Date: Tue, 14 Jun 2022 17:29:19 -0600 +Subject: [PATCH] i2c: cadence: Change large transfer count reset logic to be unconditional +Git-commit: 4ca8ca873d454635c20d508261bfc0081af75cf8 +Patch-mainline: v5.19-rc8 +References: git-fixes + +Problems were observed on the Xilinx ZynqMP platform with large I2C reads. +When a read of 277 bytes was performed, the controller NAKed the transfer +after only 252 bytes were transferred and returned an ENXIO error on the +transfer. + +There is some code in cdns_i2c_master_isr to handle this case by resetting +the transfer count in the controller before it reaches 0, to allow larger +transfers to work, but it was conditional on the CDNS_I2C_BROKEN_HOLD_BIT +quirk being set on the controller, and ZynqMP uses the r1p14 version of +the core where this quirk is not being set. The requirement to do this to +support larger reads seems like an inherently required workaround due to +the core only having an 8-bit transfer size register, so it does not +appear that this should be conditional on the broken HOLD bit quirk which +is used elsewhere in the driver. + +Remove the dependency on the CDNS_I2C_BROKEN_HOLD_BIT for this transfer +size reset logic to fix this problem. + +Fixes: 63cab195bf49 ("i2c: removed work arounds in i2c driver for Zynq Ultrascale+ MPSoC") +Signed-off-by: Robert Hancock +Reviewed-by: Shubhrajyoti Datta +Acked-by: Michal Simek +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-cadence.c | 30 +++++------------------------- + 1 file changed, 5 insertions(+), 25 deletions(-) + +--- a/drivers/i2c/busses/i2c-cadence.c ++++ b/drivers/i2c/busses/i2c-cadence.c +@@ -195,9 +195,9 @@ static inline bool cdns_is_holdquirk(str + */ + static irqreturn_t cdns_i2c_isr(int irq, void *ptr) + { +- unsigned int isr_status, avail_bytes, updatetx; ++ unsigned int isr_status, avail_bytes; + unsigned int bytes_to_send; +- bool hold_quirk; ++ bool updatetx; + struct cdns_i2c *id = ptr; + /* Signal completion only after everything is updated */ + int done_flag = 0; +@@ -216,11 +216,7 @@ static irqreturn_t cdns_i2c_isr(int irq, + * Check if transfer size register needs to be updated again for a + * large data receive operation. + */ +- updatetx = 0; +- if (id->recv_count > id->curr_recv_count) +- updatetx = 1; +- +- hold_quirk = (id->quirks & CDNS_I2C_BROKEN_HOLD_BIT) && updatetx; ++ updatetx = id->recv_count > id->curr_recv_count; + + /* When receiving, handle data interrupt and completion interrupt */ + if (id->p_recv_buf && +@@ -243,7 +239,7 @@ static irqreturn_t cdns_i2c_isr(int irq, + id->recv_count--; + id->curr_recv_count--; + +- if (cdns_is_holdquirk(id, hold_quirk)) ++ if (cdns_is_holdquirk(id, updatetx)) + break; + } + +@@ -254,7 +250,7 @@ static irqreturn_t cdns_i2c_isr(int irq, + * maintain transfer size non-zero while performing a large + * receive operation. + */ +- if (cdns_is_holdquirk(id, hold_quirk)) { ++ if (cdns_is_holdquirk(id, updatetx)) { + /* wait while fifo is full */ + while (cdns_i2c_readreg(CDNS_I2C_XFER_SIZE_OFFSET) != + (id->curr_recv_count - CDNS_I2C_FIFO_DEPTH)) +@@ -276,22 +272,6 @@ static irqreturn_t cdns_i2c_isr(int irq, + CDNS_I2C_XFER_SIZE_OFFSET); + id->curr_recv_count = id->recv_count; + } +- } else if (id->recv_count && !hold_quirk && +- !id->curr_recv_count) { +- +- /* Set the slave address in address register*/ +- cdns_i2c_writereg(id->p_msg->addr & CDNS_I2C_ADDR_MASK, +- CDNS_I2C_ADDR_OFFSET); +- +- if (id->recv_count > CDNS_I2C_TRANSFER_SIZE) { +- cdns_i2c_writereg(CDNS_I2C_TRANSFER_SIZE, +- CDNS_I2C_XFER_SIZE_OFFSET); +- id->curr_recv_count = CDNS_I2C_TRANSFER_SIZE; +- } else { +- cdns_i2c_writereg(id->recv_count, +- CDNS_I2C_XFER_SIZE_OFFSET); +- id->curr_recv_count = id->recv_count; +- } + } + + /* Clear hold (if not repeated start) and signal completion */ diff --git a/patches.suse/i2c-cadence-Support-PEC-for-SMBus-block-read.patch b/patches.suse/i2c-cadence-Support-PEC-for-SMBus-block-read.patch new file mode 100644 index 0000000..1ae4fab --- /dev/null +++ b/patches.suse/i2c-cadence-Support-PEC-for-SMBus-block-read.patch @@ -0,0 +1,77 @@ +From 9fdf6d97f03035ad5298e2d1635036c74c2090ed Mon Sep 17 00:00:00 2001 +From: Lars-Peter Clausen +Date: Sun, 17 Jul 2022 16:52:44 +0200 +Subject: [PATCH] i2c: cadence: Support PEC for SMBus block read +Git-commit: 9fdf6d97f03035ad5298e2d1635036c74c2090ed +Patch-mainline: v6.0-rc1 +References: git-fixes + +SMBus packet error checking (PEC) is implemented by appending one +additional byte of checksum data at the end of the message. This provides +additional protection and allows to detect data corruption on the I2C bus. + +SMBus block reads support variable length reads. The first byte in the read +message is the number of available data bytes. + +The combination of PEC and block read is currently not supported by the +Cadence I2C driver. + * When PEC is enabled the maximum transfer length for block reads + increases from 33 to 34 bytes. + * The I2C core smbus emulation layer relies on the driver updating the + `i2c_msg` `len` field with the number of received bytes. The updated + length is used when checking the PEC. + +Add support to the Cadence I2C driver for handling SMBus block reads with +PEC. To determine the maximum transfer length uses the initial `len` value +of the `i2c_msg`. When PEC is enabled this will be 2, when it is disabled +it will be 1. + +Once a read transfer is done also increment the `len` field by the amount +of received data bytes. + +This change has been tested with a UCM90320 PMBus power monitor, which +requires block reads to access certain data fields, but also has PEC +enabled by default. + +Fixes: df8eb5691c48 ("i2c: Add driver for Cadence I2C controller") +Signed-off-by: Lars-Peter Clausen +Tested-by: Shubhrajyoti Datta +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-cadence.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/i2c/busses/i2c-cadence.c b/drivers/i2c/busses/i2c-cadence.c +index b4c1ad19cdae..ae9199ad8873 100644 +--- a/drivers/i2c/busses/i2c-cadence.c ++++ b/drivers/i2c/busses/i2c-cadence.c +@@ -593,8 +593,13 @@ static void cdns_i2c_mrecv(struct cdns_i2c *id) + ctrl_reg = cdns_i2c_readreg(CDNS_I2C_CR_OFFSET); + ctrl_reg |= CDNS_I2C_CR_RW | CDNS_I2C_CR_CLR_FIFO; + ++ /* ++ * Receive up to I2C_SMBUS_BLOCK_MAX data bytes, plus one message length ++ * byte, plus one checksum byte if PEC is enabled. p_msg->len will be 2 if ++ * PEC is enabled, otherwise 1. ++ */ + if (id->p_msg->flags & I2C_M_RECV_LEN) +- id->recv_count = I2C_SMBUS_BLOCK_MAX + 1; ++ id->recv_count = I2C_SMBUS_BLOCK_MAX + id->p_msg->len; + + id->curr_recv_count = id->recv_count; + +@@ -809,6 +814,9 @@ static int cdns_i2c_process_msg(struct cdns_i2c *id, struct i2c_msg *msg, + if (id->err_status & CDNS_I2C_IXR_ARB_LOST) + return -EAGAIN; + ++ if (msg->flags & I2C_M_RECV_LEN) ++ msg->len += min_t(unsigned int, msg->buf[0], I2C_SMBUS_BLOCK_MAX); ++ + return 0; + } + +-- +2.35.3 + diff --git a/patches.suse/i2c-cadence-Unregister-the-clk-notifier-in-error-pat.patch b/patches.suse/i2c-cadence-Unregister-the-clk-notifier-in-error-pat.patch new file mode 100644 index 0000000..bee95aa --- /dev/null +++ b/patches.suse/i2c-cadence-Unregister-the-clk-notifier-in-error-pat.patch @@ -0,0 +1,32 @@ +From 3501f0c663063513ad604fb1b3f06af637d3396d Mon Sep 17 00:00:00 2001 +From: Satish Nagireddy +Date: Tue, 28 Jun 2022 12:12:16 -0700 +Subject: [PATCH] i2c: cadence: Unregister the clk notifier in error path +Git-commit: 3501f0c663063513ad604fb1b3f06af637d3396d +Patch-mainline: v5.19-rc6 +References: git-fixes + +This patch ensures that the clock notifier is unregistered +when driver probe is returning error. + +Fixes: df8eb5691c48 ("i2c: Add driver for Cadence I2C controller") +Signed-off-by: Satish Nagireddy +Tested-by: Lars-Peter Clausen +Reviewed-by: Michal Simek +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/busses/i2c-cadence.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/i2c/busses/i2c-cadence.c ++++ b/drivers/i2c/busses/i2c-cadence.c +@@ -982,6 +982,7 @@ static int cdns_i2c_probe(struct platfor + return 0; + + err_clk_dis: ++ clk_notifier_unregister(id->clk, &id->clk_rate_change_nb); + clk_disable_unprepare(id->clk); + pm_runtime_set_suspended(&pdev->dev); + pm_runtime_disable(&pdev->dev); diff --git a/patches.suse/i2c-mux-gpmux-Add-of_node_put-when-breaking-out-of-l.patch b/patches.suse/i2c-mux-gpmux-Add-of_node_put-when-breaking-out-of-l.patch new file mode 100644 index 0000000..c080623 --- /dev/null +++ b/patches.suse/i2c-mux-gpmux-Add-of_node_put-when-breaking-out-of-l.patch @@ -0,0 +1,37 @@ +From 6435319c34704994e19b0767f6a4e6f37439867b Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Fri, 22 Jul 2022 09:24:01 +0800 +Subject: [PATCH] i2c: mux-gpmux: Add of_node_put() when breaking out of loop +Git-commit: 6435319c34704994e19b0767f6a4e6f37439867b +Patch-mainline: v6.0-rc1 +References: git-fixes + +In i2c_mux_probe(), we should call of_node_put() when breaking out +of for_each_child_of_node() which will automatically increase and +decrease the refcount. + +Fixes: ac8498f0ce53 ("i2c: i2c-mux-gpmux: new driver") +Signed-off-by: Liang He +Acked-by: Peter Rosin +Signed-off-by: Wolfram Sang +Acked-by: Takashi Iwai + +--- + drivers/i2c/muxes/i2c-mux-gpmux.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/i2c/muxes/i2c-mux-gpmux.c b/drivers/i2c/muxes/i2c-mux-gpmux.c +index d3acd8d66c32..33024acaac02 100644 +--- a/drivers/i2c/muxes/i2c-mux-gpmux.c ++++ b/drivers/i2c/muxes/i2c-mux-gpmux.c +@@ -134,6 +134,7 @@ static int i2c_mux_probe(struct platform_device *pdev) + return 0; + + err_children: ++ of_node_put(child); + i2c_mux_del_adapters(muxc); + err_parent: + i2c_put_adapter(parent); +-- +2.35.3 + diff --git a/patches.suse/ida-don-t-use-BUG_ON-for-debugging.patch b/patches.suse/ida-don-t-use-BUG_ON-for-debugging.patch new file mode 100644 index 0000000..787ac4f --- /dev/null +++ b/patches.suse/ida-don-t-use-BUG_ON-for-debugging.patch @@ -0,0 +1,63 @@ +From fc82bbf4dede758007763867d0282353c06d1121 Mon Sep 17 00:00:00 2001 +From: Linus Torvalds +Date: Sun, 10 Jul 2022 13:55:49 -0700 +Subject: [PATCH] ida: don't use BUG_ON() for debugging +Git-commit: fc82bbf4dede758007763867d0282353c06d1121 +Patch-mainline: v5.19-rc6 +References: git-fixes + +This is another old BUG_ON() that just shouldn't exist (see also commit +A382f8fee42c: "signal handling: don't use BUG_ON() for debugging"). + +In fact, as Matthew Wilcox points out, this condition shouldn't really +even result in a warning, since a negative id allocation result is just +a normal allocation failure: + + "I wonder if we should even warn here -- sure, the caller is trying to + free something that wasn't allocated, but we don't warn for + kfree(NULL)" + +and goes on to point out how that current error check is only causing +people to unnecessarily do their own index range checking before freeing +it. + +This was noted by Itay Iellin, because the bluetooth HCI socket cookie +code does *not* do that range checking, and ends up just freeing the +error case too, triggering the BUG_ON(). + +The HCI code requires CAP_NET_RAW, and seems to just result in an ugly +splat, but there really is no reason to BUG_ON() here, and we have +generally striven for allocation models where it's always ok to just do + + free(alloc()); + +even if the allocation were to fail for some random reason (usually +obviously that "random" reason being some resource limit). + +Fixes: 88eca0207cf1 ("ida: simplified functions for id allocation") +Reported-by: Itay Iellin +Suggested-by: Matthew Wilcox +Signed-off-by: Linus Torvalds +Acked-by: Takashi Iwai + +--- + lib/idr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/idr.c b/lib/idr.c +index f4ab4f4aa3c7..7ecdfdb5309e 100644 +--- a/lib/idr.c ++++ b/lib/idr.c +@@ -491,7 +491,8 @@ void ida_free(struct ida *ida, unsigned int id) + struct ida_bitmap *bitmap; + unsigned long flags; + +- BUG_ON((int)id < 0); ++ if ((int)id < 0) ++ return; + + xas_lock_irqsave(&xas, flags); + bitmap = xas_load(&xas); +-- +2.35.3 + diff --git a/patches.suse/igb-Enable-RSS-for-Intel-I211-Ethernet-Controller.patch b/patches.suse/igb-Enable-RSS-for-Intel-I211-Ethernet-Controller.patch new file mode 100644 index 0000000..0df959b --- /dev/null +++ b/patches.suse/igb-Enable-RSS-for-Intel-I211-Ethernet-Controller.patch @@ -0,0 +1,48 @@ +From ef09c6ed3ca142327c1d872067589d482217bd54 Mon Sep 17 00:00:00 2001 +From: Nick Lowe +Date: Mon, 21 Dec 2020 22:25:02 +0000 +Subject: [PATCH 04/14] igb: Enable RSS for Intel I211 Ethernet Controller +Git-commit: 6e6026f2dd2005844fb35c3911e8083c09952c6c +Patch-mainline: v5.12-rc1 +References: git-fixes + +The Intel I211 Ethernet Controller supports 2 Receive Side Scaling (RSS) +queues. It should not be excluded from having this feature enabled. + +Via commit c883de9fd787 ("igb: rename igb define to be more generic") +E1000_MRQC_ENABLE_RSS_4Q was renamed to E1000_MRQC_ENABLE_RSS_MQ to +indicate that this is a generic bit flag to enable queues and not +a flag that is specific to devices that support 4 queues + +The bit flag enables 2, 4 or 8 queues appropriately depending on the part. + +Tested with a multicore CPU and frames were then distributed as expected. + +This issue appears to have been introduced because of confusion caused +by the prior name. + +Signed-off-by: Nick Lowe +Tested-by: David Switzer +Signed-off-by: Tony Nguyen +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/intel/igb/igb_main.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c +index 51ccb247ca05..49cabd3e51d1 100644 +--- a/drivers/net/ethernet/intel/igb/igb_main.c ++++ b/drivers/net/ethernet/intel/igb/igb_main.c +@@ -4507,8 +4507,7 @@ static void igb_setup_mrqc(struct igb_adapter *adapter) + else + mrqc |= E1000_MRQC_ENABLE_VMDQ; + } else { +- if (hw->mac.type != e1000_i211) +- mrqc |= E1000_MRQC_ENABLE_RSS_MQ; ++ mrqc |= E1000_MRQC_ENABLE_RSS_MQ; + } + igb_vmm_control(adapter); + +-- +2.16.4 + diff --git a/patches.suse/iio-accel-bma220-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-accel-bma220-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..262b54f --- /dev/null +++ b/patches.suse/iio-accel-bma220-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,40 @@ +From 38e71240e2ff97184cdcdaf877cf62d3f16678e2 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:45 +0100 +Subject: [PATCH] iio: accel: bma220: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 38e71240e2ff97184cdcdaf877cf62d3f16678e2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is insufficient guarantee for non-coherent DMA. +Switch to the updated IIO_DMA_MINALIGN definition. + +Fixes: bf2a5600a3ebc ("iio: accel: Add support for Bosch BMA220") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-6-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/accel/bma220_spi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/accel/bma220_spi.c b/drivers/iio/accel/bma220_spi.c +index 74024d7ce5ac..b6d9ab8e2054 100644 +--- a/drivers/iio/accel/bma220_spi.c ++++ b/drivers/iio/accel/bma220_spi.c +@@ -67,7 +67,7 @@ struct bma220_data { + /* Ensure timestamp is naturally aligned. */ + s64 timestamp __aligned(8); + } scan; +- u8 tx_buf[2] ____cacheline_aligned; ++ u8 tx_buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + static const struct iio_chan_spec bma220_channels[] = { +-- +2.35.3 + diff --git a/patches.suse/iio-accel-sca3000-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-accel-sca3000-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..9bfd368 --- /dev/null +++ b/patches.suse/iio-accel-sca3000-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,46 @@ +From a263456f0e27ec2f00d25119757f4d4bd656b2e9 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:47 +0100 +Subject: [PATCH] iio: accel: sca3000: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: a263456f0e27ec2f00d25119757f4d4bd656b2e9 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is insufficient guarantee for non-coherent DMA. +Switch to the updated IIO_DMA_MINALIGN definition. + +The second alignment marking is left in place to avoid doing more than +the simple fix in this patch. + +Fixes: ced5c03d360ae ("staging:iio:accel:sca3000 merge files into one.") +Fixes: 152a6a884ae13 ("staging:iio:accel:sca3000 move to hybrid hard / soft buffer design.") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-8-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/accel/sca3000.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/accel/sca3000.c b/drivers/iio/accel/sca3000.c +index 08dedee76e46..87c54e41f6cc 100644 +--- a/drivers/iio/accel/sca3000.c ++++ b/drivers/iio/accel/sca3000.c +@@ -167,8 +167,8 @@ struct sca3000_state { + int mo_det_use_count; + struct mutex lock; + /* Can these share a cacheline ? */ +- u8 rx[384] ____cacheline_aligned; +- u8 tx[6] ____cacheline_aligned; ++ u8 rx[384] __aligned(IIO_DMA_MINALIGN); ++ u8 tx[6] __aligned(IIO_DMA_MINALIGN); + }; + + /** +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ad7266-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7266-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..258aad2 --- /dev/null +++ b/patches.suse/iio-adc-ad7266-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,48 @@ +From b990cdfe7536a8da7e134d516350402981300016 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:49 +0100 +Subject: [PATCH] iio: adc: ad7266: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: b990cdfe7536a8da7e134d516350402981300016 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to reflect that DMA safety 'may' require separate +cachelines. + +Fixes: 54e018da3141 ("iio:ad7266: Mark transfer buffer as __be16") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-10-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7266.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/adc/ad7266.c ++++ b/drivers/iio/adc/ad7266.c +@@ -37,7 +37,7 @@ struct ad7266_state { + struct gpio gpios[3]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + * The buffer needs to be large enough to hold two samples (4 bytes) and + * the naturally aligned timestamp (8 bytes). +@@ -45,7 +45,7 @@ struct ad7266_state { + struct { + __be16 sample[2]; + s64 timestamp; +- } data ____cacheline_aligned; ++ } data __aligned(IIO_DMA_MINALIGN); + }; + + static int ad7266_wakeup(struct ad7266_state *st) diff --git a/patches.suse/iio-adc-ad7298-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7298-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..75e5268 --- /dev/null +++ b/patches.suse/iio-adc-ad7298-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 585c9772f883da3ac425e2e8277b2aaceb201f38 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:52 +0100 +Subject: [PATCH] iio: adc: ad7298: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 585c9772f883da3ac425e2e8277b2aaceb201f38 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: be7fd3b86ad2 ("iio:adc:ad7298 make the tx and rx buffers __be16") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-13-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7298.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ad7298.c b/drivers/iio/adc/ad7298.c +index 3f4e73f7d35a..c0430f71f592 100644 +--- a/drivers/iio/adc/ad7298.c ++++ b/drivers/iio/adc/ad7298.c +@@ -49,7 +49,7 @@ struct ad7298_state { + * DMA (thus cache coherency maintenance) requires the + * transfer buffers to live in their own cache lines. + */ +- __be16 rx_buf[12] ____cacheline_aligned; ++ __be16 rx_buf[12] __aligned(IIO_DMA_MINALIGN); + __be16 tx_buf[2]; + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ad7476-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7476-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..9218472 --- /dev/null +++ b/patches.suse/iio-adc-ad7476-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,54 @@ +From 58b74555afc8affe4ae4f57d396349158433fc80 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:53 +0100 +Subject: [PATCH] iio: adc: ad7476: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 58b74555afc8affe4ae4f57d396349158433fc80 +Patch-mainline: v6.0-rc1 +References: git-fixes + + ____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to reflect that DMA safety 'may' require separate +cachelines. + +Fixes tag is unlikely to be the actual introdution of the problem but is +far enough back to cover any likely backporting. + +Fixes: 7a28fe3c93d6 ("staging:iio:ad7476: Squash driver into a single file.") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-14-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7476.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/iio/adc/ad7476.c b/drivers/iio/adc/ad7476.c +index a1e8b32671cf..94776f696290 100644 +--- a/drivers/iio/adc/ad7476.c ++++ b/drivers/iio/adc/ad7476.c +@@ -44,13 +44,12 @@ struct ad7476_state { + struct spi_transfer xfer; + struct spi_message msg; + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + * Make the buffer large enough for one 16 bit sample and one 64 bit + * aligned 64 bit timestamp. + */ +- unsigned char data[ALIGN(2, sizeof(s64)) + sizeof(s64)] +- ____cacheline_aligned; ++ unsigned char data[ALIGN(2, sizeof(s64)) + sizeof(s64)] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad7476_supported_device_ids { +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ad7766-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7766-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..ac4afad --- /dev/null +++ b/patches.suse/iio-adc-ad7766-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,52 @@ +From 009ae227a1dace2d4d27c804e5bd65907e1d0557 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:55 +0100 +Subject: [PATCH] iio: adc: ad7766: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 009ae227a1dace2d4d27c804e5bd65907e1d0557 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to reflect the fact DMA safety 'may' require +separate cachelines. + +Fixes: aa16c6bd0e09 ("iio:adc: Add support for AD7766/AD7767") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-16-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7766.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/iio/adc/ad7766.c b/drivers/iio/adc/ad7766.c +index 51ee9482e0df..3079a0872947 100644 +--- a/drivers/iio/adc/ad7766.c ++++ b/drivers/iio/adc/ad7766.c +@@ -45,13 +45,12 @@ struct ad7766 { + struct spi_message msg; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + * Make the buffer large enough for one 24 bit sample and one 64 bit + * aligned 64 bit timestamp. + */ +- unsigned char data[ALIGN(3, sizeof(s64)) + sizeof(s64)] +- ____cacheline_aligned; ++ unsigned char data[ALIGN(3, sizeof(s64)) + sizeof(s64)] __aligned(IIO_DMA_MINALIGN); + }; + + /* +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ad7768-1-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7768-1-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..adcacab --- /dev/null +++ b/patches.suse/iio-adc-ad7768-1-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,48 @@ +From 211f810f8fae05c1f78e531b2b113ea1ab3d1ce7 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:56 +0100 +Subject: [PATCH] iio: adc: ad7768-1: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 211f810f8fae05c1f78e531b2b113ea1ab3d1ce7 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to reflect that separate cachelines 'may' be +required. + +Fixes: a5f8c7da3dbe ("iio: adc: Add AD7768-1 ADC basic support") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-17-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7768-1.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/adc/ad7768-1.c ++++ b/drivers/iio/adc/ad7768-1.c +@@ -162,7 +162,7 @@ struct ad7768_state { + struct iio_trigger *trig; + struct gpio_desc *gpio_sync_in; + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { +@@ -172,7 +172,7 @@ struct ad7768_state { + } scan; + __be32 d32; + u8 d8[2]; +- } data ____cacheline_aligned; ++ } data __aligned(IIO_DMA_MINALIGN); + }; + + static int ad7768_spi_reg_read(struct ad7768_state *st, unsigned int addr, diff --git a/patches.suse/iio-adc-ad7887-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ad7887-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..9567532 --- /dev/null +++ b/patches.suse/iio-adc-ad7887-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,54 @@ +From b330ea6bc52468e183ced79189ff064f36c64aa7 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:57 +0100 +Subject: [PATCH] iio: adc: ad7887: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: b330ea6bc52468e183ced79189ff064f36c64aa7 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes tag is clearly not where this was introduced but it is very unlikely +anyone will back port it past that point. + +Fixes: 65dd3d3d7a9b ("staging:iio:ad7887: Squash everything into one file") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-18-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ad7887.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/drivers/iio/adc/ad7887.c b/drivers/iio/adc/ad7887.c +index f64999714a4d..965bdc8aa696 100644 +--- a/drivers/iio/adc/ad7887.c ++++ b/drivers/iio/adc/ad7887.c +@@ -66,13 +66,12 @@ struct ad7887_state { + unsigned char tx_cmd_buf[4]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + * Buffer needs to be large enough to hold two 16 bit samples and a + * 64 bit aligned 64 bit timestamp. + */ +- unsigned char data[ALIGN(4, sizeof(s64)) + sizeof(s64)] +- ____cacheline_aligned; ++ unsigned char data[ALIGN(4, sizeof(s64)) + sizeof(s64)] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad7887_supported_device_ids { +-- +2.35.3 + diff --git a/patches.suse/iio-adc-hi8435-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-hi8435-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..38217e2 --- /dev/null +++ b/patches.suse/iio-adc-hi8435-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 48e4ae96b0b10f93de23b86fd34e573c44e95ab3 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:00 +0100 +Subject: [PATCH] iio: adc: hi8435: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 48e4ae96b0b10f93de23b86fd34e573c44e95ab3 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 72aa29ce0a59 ("iio: adc: hi8435: Holt HI-8435 threshold detector") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-21-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/hi8435.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/hi8435.c b/drivers/iio/adc/hi8435.c +index 8eb0140df133..771fa12bdc02 100644 +--- a/drivers/iio/adc/hi8435.c ++++ b/drivers/iio/adc/hi8435.c +@@ -49,7 +49,7 @@ struct hi8435_priv { + + unsigned threshold_lo[2]; /* GND-Open and Supply-Open thresholds */ + unsigned threshold_hi[2]; /* GND-Open and Supply-Open thresholds */ +- u8 reg_buffer[3] ____cacheline_aligned; ++ u8 reg_buffer[3] __aligned(IIO_DMA_MINALIGN); + }; + + static int hi8435_readb(struct hi8435_priv *priv, u8 reg, u8 *val) +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ltc2497-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ltc2497-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..627352e --- /dev/null +++ b/patches.suse/iio-adc-ltc2497-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,43 @@ +From 6ebf401d555ee1e75e779b865d38e171db0aa1f2 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:02 +0100 +Subject: [PATCH] iio: adc: ltc2497: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 6ebf401d555ee1e75e779b865d38e171db0aa1f2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: bc82222fcca1 ("iio:adc: Driver for Linear Technology LTC2497 ADC") +Signed-off-by: Jonathan Cameron +Cc: Michael Hennerich +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-23-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ltc2497.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/adc/ltc2497.c ++++ b/drivers/iio/adc/ltc2497.c +@@ -29,10 +29,10 @@ struct ltc2497_st { + ktime_t time_prev; + u8 addr_prev; + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- __be32 buf ____cacheline_aligned; ++ __be32 buf __aligned(IIO_DMA_MINALIGN); + }; + + static int ltc2497_wait_conv(struct ltc2497_st *st) diff --git a/patches.suse/iio-adc-max1027-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-max1027-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..f3192b0 --- /dev/null +++ b/patches.suse/iio-adc-max1027-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,36 @@ +From e754fb7e7a05e3838c9aa044b4114869dd0d1e17 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:03 +0100 +Subject: [PATCH] iio: adc: max1027: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: e754fb7e7a05e3838c9aa044b4114869dd0d1e17 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: fc167f624833 ("iio: add support of the max1027") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-24-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/max1027.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/max1027.c ++++ b/drivers/iio/adc/max1027.c +@@ -209,7 +209,7 @@ struct max1027_state { + __be16 *buffer; + struct mutex lock; + +- u8 reg ____cacheline_aligned; ++ u8 reg __aligned(IIO_DMA_MINALIGN); + }; + + static int max1027_read_single_value(struct iio_dev *indio_dev, diff --git a/patches.suse/iio-adc-max11100-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-max11100-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..fb0ab5c --- /dev/null +++ b/patches.suse/iio-adc-max11100-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,43 @@ +From 51f30d63145cc84cb8a8e0ec96f9a8b73e6b5448 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:04 +0100 +Subject: [PATCH] iio: adc: max11100: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 51f30d63145cc84cb8a8e0ec96f9a8b73e6b5448 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: a8e7e88df9ec ("iio: adc: Add Maxim MAX11100 driver") +Signed-off-by: Jonathan Cameron +Acked-by: Jacopo Mondi +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-25-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/max11100.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/adc/max11100.c ++++ b/drivers/iio/adc/max11100.c +@@ -31,10 +31,10 @@ struct max11100_state { + struct spi_device *spi; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- u8 buffer[3] ____cacheline_aligned; ++ u8 buffer[3] __aligned(IIO_DMA_MINALIGN); + }; + + static struct iio_chan_spec max11100_channels[] = { diff --git a/patches.suse/iio-adc-max1118-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-max1118-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..917109e --- /dev/null +++ b/patches.suse/iio-adc-max1118-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From f746ab0bac5b335b09143dcd01db6f9f26d0c9ec Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:05 +0100 +Subject: [PATCH] iio: adc: max1118: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: f746ab0bac5b335b09143dcd01db6f9f26d0c9ec +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: a9e9c7153e96 ("iio: adc: add max1117/max1118/max1119 ADC driver") +Signed-off-by: Jonathan Cameron +Cc: Akinobu Mita +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-26-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/max1118.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/max1118.c b/drivers/iio/adc/max1118.c +index a41bc570be21..75ab57d9aef7 100644 +--- a/drivers/iio/adc/max1118.c ++++ b/drivers/iio/adc/max1118.c +@@ -42,7 +42,7 @@ struct max1118 { + s64 ts __aligned(8); + } scan; + +- u8 data ____cacheline_aligned; ++ u8 data __aligned(IIO_DMA_MINALIGN); + }; + + #define MAX1118_CHANNEL(ch) \ +-- +2.35.3 + diff --git a/patches.suse/iio-adc-mcp320x-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-mcp320x-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..14b6baa --- /dev/null +++ b/patches.suse/iio-adc-mcp320x-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,45 @@ +From e770f78036ce4327caf285873f4b20564a8b4f0f Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:07 +0100 +Subject: [PATCH] iio: adc: mcp320x: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: e770f78036ce4327caf285873f4b20564a8b4f0f +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Worth noting the fixes tag refers to the same issue being observed +on a platform that probably had only 64 byte cachelines. + +Fixes: 0e81bc99a082 ("iio: mcp320x: Fix occasional incorrect readings") +Signed-off-by: Jonathan Cameron +Cc: Michael Welling +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-28-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/mcp320x.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/mcp320x.c b/drivers/iio/adc/mcp320x.c +index b4c69acb33e3..f3b81798b3c9 100644 +--- a/drivers/iio/adc/mcp320x.c ++++ b/drivers/iio/adc/mcp320x.c +@@ -92,7 +92,7 @@ struct mcp320x { + struct mutex lock; + const struct mcp320x_chip_info *chip_info; + +- u8 tx_buf ____cacheline_aligned; ++ u8 tx_buf __aligned(IIO_DMA_MINALIGN); + u8 rx_buf[4]; + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-adc0832-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-adc0832-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..a2f8739 --- /dev/null +++ b/patches.suse/iio-adc-ti-adc0832-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 1e6bb81c23a84a078736a0f2a52bd765863e94ed Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:08 +0100 +Subject: [PATCH] iio: adc: ti-adc0832: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 1e6bb81c23a84a078736a0f2a52bd765863e94ed +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: efc945fb729c ("iio: adc: add support for ADC0831/ADC0832/ADC0834/ADC0838 chips") +Signed-off-by: Jonathan Cameron +Cc: Akinobu Mita +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-29-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-adc0832.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-adc0832.c b/drivers/iio/adc/ti-adc0832.c +index fb5e72600b96..b11ce555ba3b 100644 +--- a/drivers/iio/adc/ti-adc0832.c ++++ b/drivers/iio/adc/ti-adc0832.c +@@ -36,7 +36,7 @@ struct adc0832 { + */ + u8 data[24] __aligned(8); + +- u8 tx_buf[2] ____cacheline_aligned; ++ u8 tx_buf[2] __aligned(IIO_DMA_MINALIGN); + u8 rx_buf[2]; + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-adc084s021-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-adc084s021-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..f627d1d --- /dev/null +++ b/patches.suse/iio-adc-ti-adc084s021-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,48 @@ +From bb102fd600d1d6c0020a4514197c0604c4a218d9 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:09 +0100 +Subject: [PATCH] iio: adc: ti-adc084s021: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: bb102fd600d1d6c0020a4514197c0604c4a218d9 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 3691e5a69449 ("iio: adc: add driver for the ti-adc084s021 chip") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Acked-by: Mårten Lindahl +Link: https://lore.kernel.org/r/20220508175712.647246-30-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-adc084s021.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/adc/ti-adc084s021.c b/drivers/iio/adc/ti-adc084s021.c +index c9b5d9aec3dc..1f6e53832e06 100644 +--- a/drivers/iio/adc/ti-adc084s021.c ++++ b/drivers/iio/adc/ti-adc084s021.c +@@ -32,10 +32,10 @@ struct adc084s021 { + s64 ts __aligned(8); + } scan; + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache line. + */ +- u16 tx_buf[4] ____cacheline_aligned; ++ u16 tx_buf[4] __aligned(IIO_DMA_MINALIGN); + __be16 rx_buf[5]; /* First 16-bits are trash */ + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-adc12138-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-adc12138-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..5a14768 --- /dev/null +++ b/patches.suse/iio-adc-ti-adc12138-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 76890c3bce6003caf53b283c49a210280cb8ea33 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:11 +0100 +Subject: [PATCH] iio: adc: ti-adc12138: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 76890c3bce6003caf53b283c49a210280cb8ea33 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 50a6edb1b6e0 ("iio: adc: add ADC12130/ADC12132/ADC12138 ADC driver") +Signed-off-by: Jonathan Cameron +Cc: Akinobu Mita +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-32-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-adc12138.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-adc12138.c b/drivers/iio/adc/ti-adc12138.c +index 59d75d09604f..c0a72d72f3a9 100644 +--- a/drivers/iio/adc/ti-adc12138.c ++++ b/drivers/iio/adc/ti-adc12138.c +@@ -55,7 +55,7 @@ struct adc12138 { + */ + __be16 data[20] __aligned(8); + +- u8 tx_buf[2] ____cacheline_aligned; ++ u8 tx_buf[2] __aligned(IIO_DMA_MINALIGN); + u8 rx_buf[2]; + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-adc128s052-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-adc128s052-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..7699b67 --- /dev/null +++ b/patches.suse/iio-adc-ti-adc128s052-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 23c81e7a7e5204a08b553d07362d3082926663b8 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:12 +0100 +Subject: [PATCH] iio: adc: ti-adc128s052: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 23c81e7a7e5204a08b553d07362d3082926663b8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 913b86468674 ("iio: adc: Add TI ADC128S052") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-33-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-adc128s052.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-adc128s052.c b/drivers/iio/adc/ti-adc128s052.c +index 8e7adec87755..622fd384983c 100644 +--- a/drivers/iio/adc/ti-adc128s052.c ++++ b/drivers/iio/adc/ti-adc128s052.c +@@ -29,7 +29,7 @@ struct adc128 { + struct regulator *reg; + struct mutex lock; + +- u8 buffer[2] ____cacheline_aligned; ++ u8 buffer[2] __aligned(IIO_DMA_MINALIGN); + }; + + static int adc128_adc_conversion(struct adc128 *adc, u8 channel) +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-adc161s626-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-adc161s626-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..467f358 --- /dev/null +++ b/patches.suse/iio-adc-ti-adc161s626-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 3a828f204a110dc9f253c4cf3c1103d00a0681da Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:13 +0100 +Subject: [PATCH] iio: adc: ti-adc161s626: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 3a828f204a110dc9f253c4cf3c1103d00a0681da +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 4d671b71beef ("iio: adc: ti-adc161s626: add support for TI 1-channel differential ADCs") +Signed-off-by: Jonathan Cameron +Cc: Matt Ranostay +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-34-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-adc161s626.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-adc161s626.c b/drivers/iio/adc/ti-adc161s626.c +index 75ca7f1c8726..b789891dcf49 100644 +--- a/drivers/iio/adc/ti-adc161s626.c ++++ b/drivers/iio/adc/ti-adc161s626.c +@@ -71,7 +71,7 @@ struct ti_adc_data { + u8 read_size; + u8 shift; + +- u8 buffer[16] ____cacheline_aligned; ++ u8 buffer[16] __aligned(IIO_DMA_MINALIGN); + }; + + static int ti_adc_read_measurement(struct ti_adc_data *data, +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-ads124s08-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-ads124s08-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..f76d167 --- /dev/null +++ b/patches.suse/iio-adc-ti-ads124s08-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 7df19bd26cc0b85ff997cc9e2aaea712836b5460 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:14 +0100 +Subject: [PATCH] iio: adc: ti-ads124s08: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 7df19bd26cc0b85ff997cc9e2aaea712836b5460 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: e717f8c6dfec ("iio: adc: Add the TI ads124s08 ADC code") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-35-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-ads124s08.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-ads124s08.c b/drivers/iio/adc/ti-ads124s08.c +index 767b3b634809..64833156c199 100644 +--- a/drivers/iio/adc/ti-ads124s08.c ++++ b/drivers/iio/adc/ti-ads124s08.c +@@ -106,7 +106,7 @@ struct ads124s_private { + * timestamp is maintained. + */ + u32 buffer[ADS124S08_MAX_CHANNELS + sizeof(s64)/sizeof(u32)] __aligned(8); +- u8 data[5] ____cacheline_aligned; ++ u8 data[5] __aligned(IIO_DMA_MINALIGN); + }; + + #define ADS124S08_CHAN(index) \ +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-ads7950-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-ads7950-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..7103b5b --- /dev/null +++ b/patches.suse/iio-adc-ti-ads7950-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,49 @@ +From dd54ba8b2469f6ae665c529623a9454ce5293ca8 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:16 +0100 +Subject: [PATCH] iio: adc: ti-ads7950: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: dd54ba8b2469f6ae665c529623a9454ce5293ca8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 902c4b2446d4 ("iio: adc: New driver for TI ADS7950 chips") +Signed-off-by: Jonathan Cameron +Acked-by: David Lechner +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-37-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-ads7950.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/adc/ti-ads7950.c b/drivers/iio/adc/ti-ads7950.c +index e3658b969c5b..2cc9a9bd9db6 100644 +--- a/drivers/iio/adc/ti-ads7950.c ++++ b/drivers/iio/adc/ti-ads7950.c +@@ -102,11 +102,11 @@ struct ti_ads7950_state { + unsigned int gpio_cmd_settings_bitmask; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + u16 rx_buf[TI_ADS7950_MAX_CHAN + 2 + TI_ADS7950_TIMESTAMP_SIZE] +- ____cacheline_aligned; ++ __aligned(IIO_DMA_MINALIGN); + u16 tx_buf[TI_ADS7950_MAX_CHAN + 2]; + u16 single_tx; + u16 single_rx; +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-ads8344-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-ads8344-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..d6c8e02 --- /dev/null +++ b/patches.suse/iio-adc-ti-ads8344-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 8966b11e5a14aaabc747ee97a7942fd50a681402 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:17 +0100 +Subject: [PATCH] iio: adc: ti-ads8344: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 8966b11e5a14aaabc747ee97a7942fd50a681402 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 8dd2d7c0fed7 ("iio: adc: Add driver for the TI ADS8344 A/DC chips") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-38-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-ads8344.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-ads8344.c b/drivers/iio/adc/ti-ads8344.c +index c96d2a9ba924..bbd85cb47f81 100644 +--- a/drivers/iio/adc/ti-ads8344.c ++++ b/drivers/iio/adc/ti-ads8344.c +@@ -28,7 +28,7 @@ struct ads8344 { + */ + struct mutex lock; + +- u8 tx_buf ____cacheline_aligned; ++ u8 tx_buf __aligned(IIO_DMA_MINALIGN); + u8 rx_buf[3]; + }; + +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-ads8688-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-ads8688-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..c95e4a5 --- /dev/null +++ b/patches.suse/iio-adc-ti-ads8688-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From a2105d87eb8eb03591515df10102e04a1c9e0e46 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:18 +0100 +Subject: [PATCH] iio: adc: ti-ads8688: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: a2105d87eb8eb03591515df10102e04a1c9e0e46 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 3e87e7838328 ("iio: adc: Add TI ADS8688") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-39-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-ads8688.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/adc/ti-ads8688.c b/drivers/iio/adc/ti-ads8688.c +index 708cca0a63be..ef06a897421a 100644 +--- a/drivers/iio/adc/ti-ads8688.c ++++ b/drivers/iio/adc/ti-ads8688.c +@@ -71,7 +71,7 @@ struct ads8688_state { + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + enum ads8688_id { +-- +2.35.3 + diff --git a/patches.suse/iio-adc-ti-tlc4541-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-adc-ti-tlc4541-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..06a92a8 --- /dev/null +++ b/patches.suse/iio-adc-ti-tlc4541-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,49 @@ +From 62fa19bf484bfeb52c56b7c6d6a6b1222c597f9c Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:19 +0100 +Subject: [PATCH] iio: adc: ti-tlc4541: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 62fa19bf484bfeb52c56b7c6d6a6b1222c597f9c +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: ac2bec9d587c ("iio: adc: tlc4541: add support for TI tlc4541 adc") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-40-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/adc/ti-tlc4541.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/adc/ti-tlc4541.c b/drivers/iio/adc/ti-tlc4541.c +index 2406eda9dfc6..30f629a553a1 100644 +--- a/drivers/iio/adc/ti-tlc4541.c ++++ b/drivers/iio/adc/ti-tlc4541.c +@@ -37,12 +37,12 @@ struct tlc4541_state { + struct spi_message scan_single_msg; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + * 2 bytes data + 6 bytes padding + 8 bytes timestamp when + * call iio_push_to_buffers_with_timestamp. + */ +- __be16 rx_buf[8] ____cacheline_aligned; ++ __be16 rx_buf[8] __aligned(IIO_DMA_MINALIGN); + }; + + struct tlc4541_chip_info { +-- +2.35.3 + diff --git a/patches.suse/iio-amplifiers-ad8366-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-amplifiers-ad8366-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..266d560 --- /dev/null +++ b/patches.suse/iio-amplifiers-ad8366-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,47 @@ +From 026bffa458d029a5f15ac3f82a9bb0f64aca403d Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:21 +0100 +Subject: [PATCH] iio: amplifiers: ad8366: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 026bffa458d029a5f15ac3f82a9bb0f64aca403d +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: e71d42e03c60 ("iio: amplifiers: New driver for AD8366 Dual-Digital Variable Gain Amplifier") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-42-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/amplifiers/ad8366.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/amplifiers/ad8366.c b/drivers/iio/amplifiers/ad8366.c +index 1134ae12e531..f2c2ea79a07f 100644 +--- a/drivers/iio/amplifiers/ad8366.c ++++ b/drivers/iio/amplifiers/ad8366.c +@@ -45,10 +45,10 @@ struct ad8366_state { + enum ad8366_type type; + struct ad8366_info *info; + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- unsigned char data[2] ____cacheline_aligned; ++ unsigned char data[2] __aligned(IIO_DMA_MINALIGN); + }; + + static struct ad8366_info ad8366_infos[] = { +-- +2.35.3 + diff --git a/patches.suse/iio-core-Fix-IIO_ALIGN-and-rename-as-it-was-not-suff.patch b/patches.suse/iio-core-Fix-IIO_ALIGN-and-rename-as-it-was-not-suff.patch new file mode 100644 index 0000000..55c90e3 --- /dev/null +++ b/patches.suse/iio-core-Fix-IIO_ALIGN-and-rename-as-it-was-not-suff.patch @@ -0,0 +1,105 @@ +From 12c4efe3509b8018e76ea3ebda8227cb53bf5887 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:55:41 +0100 +Subject: [PATCH] iio: core: Fix IIO_ALIGN and rename as it was not sufficiently large +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 12c4efe3509b8018e76ea3ebda8227cb53bf5887 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Discussion of the series: +https://lore.kernel.org/all/20220405135758.774016-1-catalin.marinas@arm.com/ +mm, arm64: Reduce ARCH_KMALLOC_MINALIGN brought to my attention that +our current IIO usage of L1CACHE_ALIGN is insufficient as their are Arm +platforms out their with non coherent DMA and larger cache lines at +at higher levels of their cache hierarchy. + +Rename the define to make it's purpose more explicit. It will be used +much more widely going forwards (to replace incorrect ____cacheline_aligned +markings. + +Note this patch will greatly reduce the padding on some architectures +that have smaller requirements for DMA safe buffers. + +The history of changing values of ARCH_KMALLOC_MINALIGN via +ARCH_DMA_MINALIGN on arm64 is rather complex. I'm not tagging this +as fixing a particular patch from that route as it's not clear what to tag. + +Most recently a change to bring them back inline was reverted because +of some Qualcomm Kryo cores with an L2 cache with 128-byte lines +sitting above the point of coherency. + +c1132702c71f Revert "arm64: cache: Lower ARCH_DMA_MINALIGN to 64 (L1_CACHE_BYTES)" +That reverts: +65688d2a05de arm64: cache: Lower ARCH_DMA_MINALIGN to 64 (L1_CACHE_BYTES) which +refers to the change originally being motivated by Thunder x1 performance +rather than correctness. + +Fixes: 6f7c8ee585e9d ("staging:iio: Add ability to allocate private data space to iio_allocate_device") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-2-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/industrialio-core.c | 4 ++-- + include/linux/iio/iio.h | 14 ++++++++++---- + 2 files changed, 12 insertions(+), 6 deletions(-) + +--- a/drivers/iio/industrialio-core.c ++++ b/drivers/iio/industrialio-core.c +@@ -1437,11 +1437,11 @@ struct iio_dev *iio_device_alloc(int siz + + alloc_size = sizeof(struct iio_dev); + if (sizeof_priv) { +- alloc_size = ALIGN(alloc_size, IIO_ALIGN); ++ alloc_size = ALIGN(alloc_size, IIO_DMA_MINALIGN); + alloc_size += sizeof_priv; + } + /* ensure 32-byte alignment of whole construct ? */ +- alloc_size += IIO_ALIGN - 1; ++ alloc_size += IIO_DMA_MINALIGN - 1; + + dev = kzalloc(alloc_size, GFP_KERNEL); + +--- a/include/linux/iio/iio.h ++++ b/include/linux/iio/iio.h +@@ -9,6 +9,7 @@ + + #include + #include ++#include + #include + #include + /* IIO TODO LIST */ +@@ -674,19 +675,24 @@ static inline void *iio_device_get_drvda + return dev_get_drvdata(&indio_dev->dev); + } + +-/* Can we make this smaller? */ +-#define IIO_ALIGN L1_CACHE_BYTES ++/* ++ * Used to ensure the iio_priv() structure is aligned to allow that structure ++ * to in turn include IIO_DMA_MINALIGN'd elements such as buffers which ++ * must not share cachelines with the rest of the structure, thus making ++ * them safe for use with non-coherent DMA. ++ */ ++#define IIO_DMA_MINALIGN ARCH_KMALLOC_MINALIGN + struct iio_dev *iio_device_alloc(int sizeof_priv); + + static inline void *iio_priv(const struct iio_dev *indio_dev) + { +- return (char *)indio_dev + ALIGN(sizeof(struct iio_dev), IIO_ALIGN); ++ return (char *)indio_dev + ALIGN(sizeof(struct iio_dev), IIO_DMA_MINALIGN); + } + + static inline struct iio_dev *iio_priv_to_dev(void *priv) + { + return (struct iio_dev *)((char *)priv - +- ALIGN(sizeof(struct iio_dev), IIO_ALIGN)); ++ ALIGN(sizeof(struct iio_dev), IIO_DMA_MINALIGN)); + } + + void iio_device_free(struct iio_dev *indio_dev); diff --git a/patches.suse/iio-dac-ad5064-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5064-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..2bbde17 --- /dev/null +++ b/patches.suse/iio-dac-ad5064-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,51 @@ +From 8779b88c214fa0f8fdfb9c54a124f468884d356a Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:23 +0100 +Subject: [PATCH] iio: dac: ad5064: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 8779b88c214fa0f8fdfb9c54a124f468884d356a +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 6a17a0768f77 ("iio:dac:ad5064: Add support for the ad5629r and ad5669r") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-44-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5064.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/dac/ad5064.c b/drivers/iio/dac/ad5064.c +index d87cf14daabe..4447b8811827 100644 +--- a/drivers/iio/dac/ad5064.c ++++ b/drivers/iio/dac/ad5064.c +@@ -115,13 +115,13 @@ struct ad5064_state { + struct mutex lock; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { + u8 i2c[3]; + __be32 spi; +- } data ____cacheline_aligned; ++ } data __aligned(IIO_DMA_MINALIGN); + }; + + enum ad5064_type { +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ad5360-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5360-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..efdf560 --- /dev/null +++ b/patches.suse/iio-dac-ad5360-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,46 @@ +From 94ec314e1bd686b669c24385ce2dbc967eb74147 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:24 +0100 +Subject: [PATCH] iio: dac: ad5360: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 94ec314e1bd686b669c24385ce2dbc967eb74147 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: a3e2940c24d3 ("staging:iio:dac: Add AD5360 driver") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-45-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5360.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ad5360.c ++++ b/drivers/iio/dac/ad5360.c +@@ -77,13 +77,13 @@ struct ad5360_state { + unsigned int ctrl; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad5360_type { diff --git a/patches.suse/iio-dac-ad5421-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5421-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..9706db3 --- /dev/null +++ b/patches.suse/iio-dac-ad5421-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,46 @@ +From d2b240d3d31c66df4d2da54c75ff8e27a0e006c3 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:25 +0100 +Subject: [PATCH] iio: dac: ad5421: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: d2b240d3d31c66df4d2da54c75ff8e27a0e006c3 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 5691b23489db ("staging:iio:dac: Add AD5421 driver") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-46-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5421.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ad5421.c ++++ b/drivers/iio/dac/ad5421.c +@@ -70,13 +70,13 @@ struct ad5421_state { + unsigned int fault_mask; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + static const struct iio_event_spec ad5421_current_event[] = { diff --git a/patches.suse/iio-dac-ad5449-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5449-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..f0d1057 --- /dev/null +++ b/patches.suse/iio-dac-ad5449-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,48 @@ +From 678d536bb454e3bbedcaa68208550ac9dc1cc066 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:26 +0100 +Subject: [PATCH] iio: dac: ad5449: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 678d536bb454e3bbedcaa68208550ac9dc1cc066 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 8341dc04dfb3 ("iio:dac: Add support for the ad5449") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-47-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5449.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/dac/ad5449.c b/drivers/iio/dac/ad5449.c +index bad9bdaafa94..4572d6f49275 100644 +--- a/drivers/iio/dac/ad5449.c ++++ b/drivers/iio/dac/ad5449.c +@@ -68,10 +68,10 @@ struct ad5449 { + uint16_t dac_cache[AD5449_MAX_CHANNELS]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- __be16 data[2] ____cacheline_aligned; ++ __be16 data[2] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad5449_type { +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ad5504-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5504-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..daad606 --- /dev/null +++ b/patches.suse/iio-dac-ad5504-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,37 @@ +From 00b9737caa5aaed5cf45a7c7498edf5957efa3b2 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:27 +0100 +Subject: [PATCH] iio: dac: ad5504: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 00b9737caa5aaed5cf45a7c7498edf5957efa3b2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 0dbe59c7a788 ("iio:ad5504: Do not store transfer buffers on the stack") +Signed-off-by: Jonathan Cameron +Cc: Lars-Peter Clausen +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-48-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5504.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/dac/ad5504.c ++++ b/drivers/iio/dac/ad5504.c +@@ -54,7 +54,7 @@ struct ad5504_state { + unsigned pwr_down_mask; + unsigned pwr_down_mode; + +- __be16 data[2] ____cacheline_aligned; ++ __be16 data[2] __aligned(IIO_DMA_MINALIGN); + }; + + /** diff --git a/patches.suse/iio-dac-ad5755-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5755-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..c91dfa1 --- /dev/null +++ b/patches.suse/iio-dac-ad5755-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,46 @@ +From d0c167ceff2d833ee493dd58164dc87bd36e48aa Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:30 +0100 +Subject: [PATCH] iio: dac: ad5755: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: d0c167ceff2d833ee493dd58164dc87bd36e48aa +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: c499d029d805 ("iio:dac: Add ad5755 driver") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-51-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5755.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ad5755.c ++++ b/drivers/iio/dac/ad5755.c +@@ -92,14 +92,14 @@ struct ad5755_state { + struct iio_chan_spec channels[AD5755_NUM_CHANNELS]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad5755_type { diff --git a/patches.suse/iio-dac-ad5761-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5761-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..ad779a3 --- /dev/null +++ b/patches.suse/iio-dac-ad5761-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,50 @@ +From 7d12a61187aed57863c41032acbc1fae516d6e49 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:31 +0100 +Subject: [PATCH] iio: dac: ad5761: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 7d12a61187aed57863c41032acbc1fae516d6e49 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 131497acd88a ("iio: add ad5761 DAC driver") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-52-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5761.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/iio/dac/ad5761.c b/drivers/iio/dac/ad5761.c +index 4cb8471db81e..6aa1a068adb0 100644 +--- a/drivers/iio/dac/ad5761.c ++++ b/drivers/iio/dac/ad5761.c +@@ -70,13 +70,13 @@ struct ad5761_state { + enum ad5761_voltage_range range; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { + __be32 d32; + u8 d8[4]; +- } data[3] ____cacheline_aligned; ++ } data[3] __aligned(IIO_DMA_MINALIGN); + }; + + static const struct ad5761_range_params ad5761_range_params[] = { +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ad5764-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad5764-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..e55cfb2 --- /dev/null +++ b/patches.suse/iio-dac-ad5764-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,45 @@ +From b378722a3e9bb51318c0de7eeb4d71f2fcd6987f Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:32 +0100 +Subject: [PATCH] iio: dac: ad5764: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: b378722a3e9bb51318c0de7eeb4d71f2fcd6987f +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: 68b14d7ea956 ("staging:iio:dac: Add AD5764 driver") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-53-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5764.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ad5764.c ++++ b/drivers/iio/dac/ad5764.c +@@ -55,13 +55,13 @@ struct ad5764_state { + struct regulator_bulk_data vref_reg[2]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + enum ad5764_type { diff --git a/patches.suse/iio-dac-ad5791-Fix-alignment-for-DMA-saftey.patch b/patches.suse/iio-dac-ad5791-Fix-alignment-for-DMA-saftey.patch new file mode 100644 index 0000000..84b872e --- /dev/null +++ b/patches.suse/iio-dac-ad5791-Fix-alignment-for-DMA-saftey.patch @@ -0,0 +1,36 @@ +From b2d5e9de77c8774a5a6cff59d928f2fa38cbc642 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:35 +0100 +Subject: [PATCH] iio: dac: ad5791: Fix alignment for DMA saftey +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: b2d5e9de77c8774a5a6cff59d928f2fa38cbc642 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 791bb52a0cd2 ("iio:ad5791: Do not store transfer buffers on the stack") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-56-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad5791.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/dac/ad5791.c ++++ b/drivers/iio/dac/ad5791.c +@@ -93,7 +93,7 @@ struct ad5791_state { + union { + __be32 d32; + u8 d8[4]; +- } data[3] ____cacheline_aligned; ++ } data[3] __aligned(IIO_DMA_MINALIGN); + }; + + /** diff --git a/patches.suse/iio-dac-ad7303-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad7303-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..56e32d6 --- /dev/null +++ b/patches.suse/iio-dac-ad7303-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 69e51448ddfb9062efdf83e2d3179498e0aeb293 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:37 +0100 +Subject: [PATCH] iio: dac: ad7303: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 69e51448ddfb9062efdf83e2d3179498e0aeb293 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Update the comment to include 'may'. + +Fixes: f83478240e74 ("iio:dac: Add support for the AD7303") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-58-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad7303.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ad7303.c ++++ b/drivers/iio/dac/ad7303.c +@@ -42,10 +42,10 @@ struct ad7303_state { + struct regulator *vref_reg; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- __be16 data ____cacheline_aligned; ++ __be16 data __aligned(IIO_DMA_MINALIGN); + }; + + static int ad7303_write(struct ad7303_state *st, unsigned int chan, diff --git a/patches.suse/iio-dac-ad8801-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ad8801-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..d17a705 --- /dev/null +++ b/patches.suse/iio-dac-ad8801-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 1c20292c6b60cfc60a5e652174b8063e5cc03fec Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:38 +0100 +Subject: [PATCH] iio: dac: ad8801: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 1c20292c6b60cfc60a5e652174b8063e5cc03fec +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 7f270bc9a2d9 ("iio: dac: AD8801: add Analog Devices AD8801/AD8803 support") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-59-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ad8801.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/dac/ad8801.c b/drivers/iio/dac/ad8801.c +index 6be35c92d435..919e8c880697 100644 +--- a/drivers/iio/dac/ad8801.c ++++ b/drivers/iio/dac/ad8801.c +@@ -26,7 +26,7 @@ struct ad8801_state { + struct regulator *vrefh_reg; + struct regulator *vrefl_reg; + +- __be16 data ____cacheline_aligned; ++ __be16 data __aligned(IIO_DMA_MINALIGN); + }; + + static int ad8801_spi_write(struct ad8801_state *state, +-- +2.35.3 + diff --git a/patches.suse/iio-dac-mcp4922-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-mcp4922-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..b5ae913 --- /dev/null +++ b/patches.suse/iio-dac-mcp4922-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From e66bf04797f1f95a2402414c00e64d00f63d31ec Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:40 +0100 +Subject: [PATCH] iio: dac: mcp4922: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: e66bf04797f1f95a2402414c00e64d00f63d31ec +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 1b791fadf3a1 ("iio: dac: mcp4902/mcp4912/mcp4922 dac driver") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Acked-by: Michael Welling +Link: https://lore.kernel.org/r/20220508175712.647246-61-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/mcp4922.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/dac/mcp4922.c b/drivers/iio/dac/mcp4922.c +index cb9e60e71b91..6c0e31032c57 100644 +--- a/drivers/iio/dac/mcp4922.c ++++ b/drivers/iio/dac/mcp4922.c +@@ -29,7 +29,7 @@ struct mcp4922_state { + unsigned int value[MCP4922_NUM_CHANNELS]; + unsigned int vref_mv; + struct regulator *vref_reg; +- u8 mosi[2] ____cacheline_aligned; ++ u8 mosi[2] __aligned(IIO_DMA_MINALIGN); + }; + + #define MCP4922_CHAN(chan, bits) { \ +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ti-dac082s085-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ti-dac082s085-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..867e392 --- /dev/null +++ b/patches.suse/iio-dac-ti-dac082s085-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 03a0cc77f164e4e59b970d50c6e9a6caf06dae80 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:41 +0100 +Subject: [PATCH] iio: dac: ti-dac082s085: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 03a0cc77f164e4e59b970d50c6e9a6caf06dae80 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 61011264c1af ("iio: dac: Add Texas Instruments 8/10/12-bit 2/4-channel DAC driver") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-62-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ti-dac082s085.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/dac/ti-dac082s085.c b/drivers/iio/dac/ti-dac082s085.c +index 106ce3546419..8e1590e3cc8b 100644 +--- a/drivers/iio/dac/ti-dac082s085.c ++++ b/drivers/iio/dac/ti-dac082s085.c +@@ -55,7 +55,7 @@ struct ti_dac_chip { + bool powerdown; + u8 powerdown_mode; + u8 resolution; +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + #define WRITE_NOT_UPDATE(chan) (0x00 | (chan) << 6) +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ti-dac5571-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ti-dac5571-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..60b2af6 --- /dev/null +++ b/patches.suse/iio-dac-ti-dac5571-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 58e22371539e01c742be5c30295f591a6a17e348 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:42 +0100 +Subject: [PATCH] iio: dac: ti-dac5571: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 58e22371539e01c742be5c30295f591a6a17e348 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: df38a4a72a3b ("iio: dac: add TI DAC5571 family support") +Signed-off-by: Jonathan Cameron +Cc: Sean Nyekjaer +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-63-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ti-dac5571.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/dac/ti-dac5571.c b/drivers/iio/dac/ti-dac5571.c +index 9ea42e0beb8d..f91f8a504989 100644 +--- a/drivers/iio/dac/ti-dac5571.c ++++ b/drivers/iio/dac/ti-dac5571.c +@@ -53,7 +53,7 @@ struct dac5571_data { + struct dac5571_spec const *spec; + int (*dac5571_cmd)(struct dac5571_data *data, int channel, u16 val); + int (*dac5571_pwrdwn)(struct dac5571_data *data, int channel, u8 pwrdwn); +- u8 buf[3] ____cacheline_aligned; ++ u8 buf[3] __aligned(IIO_DMA_MINALIGN); + }; + + #define DAC5571_POWERDOWN(mode) ((mode) + 1) +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ti-dac7311-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ti-dac7311-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..80147c3 --- /dev/null +++ b/patches.suse/iio-dac-ti-dac7311-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 3637c49ed54632d7c221af718d2d7b1d381d4b6e Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:43 +0100 +Subject: [PATCH] iio: dac: ti-dac7311: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 3637c49ed54632d7c221af718d2d7b1d381d4b6e +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 7a02ef7907d8 ("iio:dac:ti-dac7311 Add driver for Texas Instrument DAC7311") +Signed-off-by: Jonathan Cameron +Cc: Charles-Antoine Couret +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-64-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ti-dac7311.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/dac/ti-dac7311.c b/drivers/iio/dac/ti-dac7311.c +index 4afc411725d9..7f89d2a52f49 100644 +--- a/drivers/iio/dac/ti-dac7311.c ++++ b/drivers/iio/dac/ti-dac7311.c +@@ -52,7 +52,7 @@ struct ti_dac_chip { + bool powerdown; + u8 powerdown_mode; + u8 resolution; +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + static u8 ti_dac_get_power(struct ti_dac_chip *ti_dac, bool powerdown) +-- +2.35.3 + diff --git a/patches.suse/iio-dac-ti-dac7612-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-dac-ti-dac7612-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..8640959 --- /dev/null +++ b/patches.suse/iio-dac-ti-dac7612-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,43 @@ +From b9ac08b3282a95fcefb057c2886028a6807725d8 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:44 +0100 +Subject: [PATCH] iio: dac: ti-dac7612: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: b9ac08b3282a95fcefb057c2886028a6807725d8 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Updated help text to 'may' require buffers to be in their own cacheline. + +Fixes: 977724d20584 ("iio:dac:ti-dac7612: Add driver for Texas Instruments DAC7612") +Signed-off-by: Jonathan Cameron +Cc: Ricardo Ribalda +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-65-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/dac/ti-dac7612.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/iio/dac/ti-dac7612.c ++++ b/drivers/iio/dac/ti-dac7612.c +@@ -23,10 +23,10 @@ struct dac7612 { + uint16_t cache[2]; + + /* +- * DMA (thus cache coherency maintenance) requires the ++ * DMA (thus cache coherency maintenance) may require the + * transfer buffers to live in their own cache lines. + */ +- uint8_t data[2] ____cacheline_aligned; ++ uint8_t data[2] __aligned(IIO_DMA_MINALIGN); + }; + + static int dac7612_cmd_single(struct dac7612 *priv, int channel, u16 val) diff --git a/patches.suse/iio-frequency-ad9523-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-frequency-ad9523-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..c931e9c --- /dev/null +++ b/patches.suse/iio-frequency-ad9523-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,51 @@ +From 8ff2eb625c353b1491d9f89f1dfd52e7aef5734c Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:45 +0100 +Subject: [PATCH] iio: frequency: ad9523: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 8ff2eb625c353b1491d9f89f1dfd52e7aef5734c +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Updated help text to 'may' require buffers to be in their own cacheline. + +Fixes: cd1678f96329 ("iio: frequency: New driver for AD9523 SPI Low Jitter Clock Generator") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-66-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/frequency/ad9523.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/iio/frequency/ad9523.c b/drivers/iio/frequency/ad9523.c +index 942870539268..97662ca1ca96 100644 +--- a/drivers/iio/frequency/ad9523.c ++++ b/drivers/iio/frequency/ad9523.c +@@ -287,13 +287,13 @@ struct ad9523_state { + struct mutex lock; + + /* +- * DMA (thus cache coherency maintenance) requires the +- * transfer buffers to live in their own cache lines. ++ * DMA (thus cache coherency maintenance) may require that ++ * transfer buffers live in their own cache lines. + */ + union { + __be32 d32; + u8 d8[4]; +- } data[2] ____cacheline_aligned; ++ } data[2] __aligned(IIO_DMA_MINALIGN); + }; + + static int ad9523_read(struct iio_dev *indio_dev, unsigned int addr) +-- +2.35.3 + diff --git a/patches.suse/iio-frequency-adf4350-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-frequency-adf4350-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..c532e2e --- /dev/null +++ b/patches.suse/iio-frequency-adf4350-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,43 @@ +From 389b8972eb2a614cb3189e5fa55b1b7f66142c71 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:46 +0100 +Subject: [PATCH] iio: frequency: adf4350: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 389b8972eb2a614cb3189e5fa55b1b7f66142c71 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Updated help text to 'may' require buffers to be in their own cacheline. + +Fixes: e31166f0fd48 ("iio: frequency: New driver for Analog Devices ADF4350/ADF4351 Wideband Synthesizers") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-67-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/frequency/adf4350.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/iio/frequency/adf4350.c ++++ b/drivers/iio/frequency/adf4350.c +@@ -48,10 +48,10 @@ struct adf4350_state { + unsigned long regs_hw[6]; + unsigned long long freq_req; + /* +- * DMA (thus cache coherency maintenance) requires the +- * transfer buffers to live in their own cache lines. ++ * DMA (thus cache coherency maintenance) may require that ++ * transfer buffers live in their own cache lines. + */ +- __be32 val ____cacheline_aligned; ++ __be32 val __aligned(IIO_DMA_MINALIGN); + }; + + static struct adf4350_platform_data default_pdata = { diff --git a/patches.suse/iio-frequency-adf4371-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-frequency-adf4371-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..8654dc4 --- /dev/null +++ b/patches.suse/iio-frequency-adf4371-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From 0bb5675befe666eeed71ad808426cf2ec1c9a714 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:47 +0100 +Subject: [PATCH] iio: frequency: adf4371: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 0bb5675befe666eeed71ad808426cf2ec1c9a714 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 7f699bd14913 ("iio: frequency: adf4371: Add support for ADF4371 PLL") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-68-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/frequency/adf4371.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/frequency/adf4371.c b/drivers/iio/frequency/adf4371.c +index ecd5e18995ad..135c8cedc33d 100644 +--- a/drivers/iio/frequency/adf4371.c ++++ b/drivers/iio/frequency/adf4371.c +@@ -175,7 +175,7 @@ struct adf4371_state { + unsigned int mod2; + unsigned int rf_div_sel; + unsigned int ref_div_factor; +- u8 buf[10] ____cacheline_aligned; ++ u8 buf[10] __aligned(IIO_DMA_MINALIGN); + }; + + static unsigned long long adf4371_pll_fract_n_get_rate(struct adf4371_state *st, +-- +2.35.3 + diff --git a/patches.suse/iio-gyro-adis16080-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-gyro-adis16080-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..119547f --- /dev/null +++ b/patches.suse/iio-gyro-adis16080-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,39 @@ +From ae6eeb534924ecc2afd5a394964fd6de0ca54d39 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:52 +0100 +Subject: [PATCH] iio: gyro: adis16080: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: ae6eeb534924ecc2afd5a394964fd6de0ca54d39 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes tag is inaccurate but unlikely anyone will backport this +beyond that point so I haven't chased the history futher than 2013. + +Fixes: 3c80372dae17 ("staging:iio:adis16080: be16 cleanups") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-73-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/gyro/adis16080.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/gyro/adis16080.c ++++ b/drivers/iio/gyro/adis16080.c +@@ -43,7 +43,7 @@ struct adis16080_state { + struct spi_device *us; + const struct adis16080_chip_info *info; + +- __be16 buf ____cacheline_aligned; ++ __be16 buf __aligned(IIO_DMA_MINALIGN); + }; + + static int adis16080_read_sample(struct iio_dev *indio_dev, diff --git a/patches.suse/iio-gyro-adis16130-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-gyro-adis16130-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..1816162 --- /dev/null +++ b/patches.suse/iio-gyro-adis16130-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,41 @@ +From ff3211b2ba9afac80ceb795d148831dd879b30b7 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:53 +0100 +Subject: [PATCH] iio: gyro: adis16130: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: ff3211b2ba9afac80ceb795d148831dd879b30b7 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 8e67875141b2 ("staging:iio:gyro: adis16130 cleanup, move to abi and bug fixes.") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-74-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/gyro/adis16130.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/gyro/adis16130.c b/drivers/iio/gyro/adis16130.c +index b9c952e65b55..33cde9e6fca5 100644 +--- a/drivers/iio/gyro/adis16130.c ++++ b/drivers/iio/gyro/adis16130.c +@@ -41,7 +41,7 @@ + struct adis16130_state { + struct spi_device *us; + struct mutex buf_lock; +- u8 buf[4] ____cacheline_aligned; ++ u8 buf[4] __aligned(IIO_DMA_MINALIGN); + }; + + static int adis16130_spi_read(struct iio_dev *indio_dev, u8 reg_addr, u32 *val) +-- +2.35.3 + diff --git a/patches.suse/iio-gyro-adxrs450-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-gyro-adxrs450-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..106a159 --- /dev/null +++ b/patches.suse/iio-gyro-adxrs450-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,44 @@ +From 966d2f4ee7f6e189df47abf67223266ad31e201f Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:54 +0100 +Subject: [PATCH] iio: gyro: adxrs450: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 966d2f4ee7f6e189df47abf67223266ad31e201f +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes tag is inaccurate but unlikely anyone will be interested in +backporting beyond that point. + +Fixes: 53ac8500ba9b ("staging:iio:adxrs450: Move header file contents to main file") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-75-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/gyro/adxrs450.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/gyro/adxrs450.c b/drivers/iio/gyro/adxrs450.c +index 04f350025215..f84438e0c42c 100644 +--- a/drivers/iio/gyro/adxrs450.c ++++ b/drivers/iio/gyro/adxrs450.c +@@ -73,7 +73,7 @@ enum { + struct adxrs450_state { + struct spi_device *us; + struct mutex buf_lock; +- __be32 tx ____cacheline_aligned; ++ __be32 tx __aligned(IIO_DMA_MINALIGN); + __be32 rx; + + }; +-- +2.35.3 + diff --git a/patches.suse/iio-gyro-fxas210002c-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-gyro-fxas210002c-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..65ff7ef --- /dev/null +++ b/patches.suse/iio-gyro-fxas210002c-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,49 @@ +From 3aafe923987cb4a15e16f03c6185ed4b6a78ca00 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:56:55 +0100 +Subject: [PATCH] iio: gyro: fxas210002c: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 3aafe923987cb4a15e16f03c6185ed4b6a78ca00 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Updated the comment to 'may' require. + +Fixes: a0701b6263ae ("iio: gyro: add core driver for fxas21002c") +Signed-off-by: Jonathan Cameron +Reviewed-by: Rui Miguel Silva +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-76-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/gyro/fxas21002c_core.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/iio/gyro/fxas21002c_core.c b/drivers/iio/gyro/fxas21002c_core.c +index 0923fd793492..a36d71d9e3ea 100644 +--- a/drivers/iio/gyro/fxas21002c_core.c ++++ b/drivers/iio/gyro/fxas21002c_core.c +@@ -150,10 +150,10 @@ struct fxas21002c_data { + struct regulator *vddio; + + /* +- * DMA (thus cache coherency maintenance) requires the +- * transfer buffers to live in their own cache lines. ++ * DMA (thus cache coherency maintenance) may require the ++ * transfer buffers live in their own cache lines. + */ +- s16 buffer[8] ____cacheline_aligned; ++ s16 buffer[8] __aligned(IIO_DMA_MINALIGN); + }; + + enum fxas21002c_channel_index { +-- +2.35.3 + diff --git a/patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch b/patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch new file mode 100644 index 0000000..1bae6ce --- /dev/null +++ b/patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch @@ -0,0 +1,54 @@ +From 06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad Mon Sep 17 00:00:00 2001 +From: Zheyu Ma +Date: Sun, 17 Jul 2022 08:42:41 +0800 +Subject: [PATCH] iio: light: isl29028: Fix the warning in isl29028_remove() +Git-commit: 06674fc7c003b9d0aa1d37fef7ab2c24802cc6ad +Patch-mainline: v6.0-rc1 +References: git-fixes + +The driver use the non-managed form of the register function in +isl29028_remove(). To keep the release order as mirroring the ordering +in probe, the driver should use non-managed form in probe, too. + +The following log reveals it: + +[ 32.374955] isl29028 0-0010: remove +[ 32.376861] general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI +[ 32.377676] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] +[ 32.379432] RIP: 0010:kernfs_find_and_get_ns+0x28/0xe0 +[ 32.385461] Call Trace: +[ 32.385807] sysfs_unmerge_group+0x59/0x110 +[ 32.386110] dpm_sysfs_remove+0x58/0xc0 +[ 32.386391] device_del+0x296/0xe50 +[ 32.386959] cdev_device_del+0x1d/0xd0 +[ 32.387231] devm_iio_device_unreg+0x27/0xb0 +[ 32.387542] devres_release_group+0x319/0x3d0 +[ 32.388162] i2c_device_remove+0x93/0x1f0 + +Fixes: 2db5054ac28d ("staging: iio: isl29028: add runtime power management support") +Signed-off-by: Zheyu Ma +Link: https://lore.kernel.org/r/20220717004241.2281028-1-zheyuma97@gmail.com +Cc: +Signed-off-by: Jonathan Cameron +Acked-by: Takashi Iwai + +--- + drivers/iio/light/isl29028.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/light/isl29028.c b/drivers/iio/light/isl29028.c +index 4dde9707a52d..ff5996d77818 100644 +--- a/drivers/iio/light/isl29028.c ++++ b/drivers/iio/light/isl29028.c +@@ -625,7 +625,7 @@ static int isl29028_probe(struct i2c_client *client, + ISL29028_POWER_OFF_DELAY_MS); + pm_runtime_use_autosuspend(&client->dev); + +- ret = devm_iio_device_register(indio_dev->dev.parent, indio_dev); ++ ret = iio_device_register(indio_dev); + if (ret < 0) { + dev_err(&client->dev, + "%s(): iio registration failed with error %d\n", +-- +2.35.3 + diff --git a/patches.suse/iio-potentiometer-ad5272-Fix-alignment-for-DMA-safet.patch b/patches.suse/iio-potentiometer-ad5272-Fix-alignment-for-DMA-safet.patch new file mode 100644 index 0000000..a7b080b --- /dev/null +++ b/patches.suse/iio-potentiometer-ad5272-Fix-alignment-for-DMA-safet.patch @@ -0,0 +1,42 @@ +From da803652534271dbb4af0802bd678c759e27e6de Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:01 +0100 +Subject: [PATCH] iio: potentiometer: ad5272: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: da803652534271dbb4af0802bd678c759e27e6de +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 79e8a32d2aa9 ("iio: ad5272: Add support for Analog Devices digital potentiometers") +Signed-off-by: Jonathan Cameron +Reviewed-by: Phil Reid +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-82-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/potentiometer/ad5272.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/potentiometer/ad5272.c b/drivers/iio/potentiometer/ad5272.c +index d8cbd170262f..ed5fc0b50fe9 100644 +--- a/drivers/iio/potentiometer/ad5272.c ++++ b/drivers/iio/potentiometer/ad5272.c +@@ -50,7 +50,7 @@ struct ad5272_data { + struct i2c_client *client; + struct mutex lock; + const struct ad5272_cfg *cfg; +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + static const struct iio_chan_spec ad5272_channel = { +-- +2.35.3 + diff --git a/patches.suse/iio-potentiometer-max5481-Fix-alignment-for-DMA-safe.patch b/patches.suse/iio-potentiometer-max5481-Fix-alignment-for-DMA-safe.patch new file mode 100644 index 0000000..d4a2969 --- /dev/null +++ b/patches.suse/iio-potentiometer-max5481-Fix-alignment-for-DMA-safe.patch @@ -0,0 +1,41 @@ +From ec1ac1c0e7a14657d729159ccfbea72f434bdaf1 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:02 +0100 +Subject: [PATCH] iio: potentiometer: max5481: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: ec1ac1c0e7a14657d729159ccfbea72f434bdaf1 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: df1fd2de118e ("iio: max5481: Add support for Maxim digital potentiometers") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-83-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/potentiometer/max5481.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/potentiometer/max5481.c b/drivers/iio/potentiometer/max5481.c +index 098d144a8fdd..b40e5ac218d7 100644 +--- a/drivers/iio/potentiometer/max5481.c ++++ b/drivers/iio/potentiometer/max5481.c +@@ -44,7 +44,7 @@ static const struct max5481_cfg max5481_cfg[] = { + struct max5481_data { + struct spi_device *spi; + const struct max5481_cfg *cfg; +- u8 msg[3] ____cacheline_aligned; ++ u8 msg[3] __aligned(IIO_DMA_MINALIGN); + }; + + #define MAX5481_CHANNEL { \ +-- +2.35.3 + diff --git a/patches.suse/iio-potentiometer-mcp41010-Fix-alignment-for-DMA-saf.patch b/patches.suse/iio-potentiometer-mcp41010-Fix-alignment-for-DMA-saf.patch new file mode 100644 index 0000000..22ce32e --- /dev/null +++ b/patches.suse/iio-potentiometer-mcp41010-Fix-alignment-for-DMA-saf.patch @@ -0,0 +1,41 @@ +From c5f78f4d2168ba21324095b0d46d4353c2eace4d Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:03 +0100 +Subject: [PATCH] iio: potentiometer: mcp41010: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: c5f78f4d2168ba21324095b0d46d4353c2eace4d +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 092cb71a604e ("iio: potentiometer: Add driver for Microchip MCP41xxx/42xxx") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-84-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/potentiometer/mcp41010.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/potentiometer/mcp41010.c b/drivers/iio/potentiometer/mcp41010.c +index 30a4594d4e11..2b73c7540209 100644 +--- a/drivers/iio/potentiometer/mcp41010.c ++++ b/drivers/iio/potentiometer/mcp41010.c +@@ -60,7 +60,7 @@ struct mcp41010_data { + const struct mcp41010_cfg *cfg; + struct mutex lock; /* Protect write sequences */ + unsigned int value[MCP41010_MAX_WIPERS]; /* Cache wiper values */ +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + #define MCP41010_CHANNEL(ch) { \ +-- +2.35.3 + diff --git a/patches.suse/iio-potentiometer-mcp4131-Fix-alignment-for-DMA-safe.patch b/patches.suse/iio-potentiometer-mcp4131-Fix-alignment-for-DMA-safe.patch new file mode 100644 index 0000000..0062de2 --- /dev/null +++ b/patches.suse/iio-potentiometer-mcp4131-Fix-alignment-for-DMA-safe.patch @@ -0,0 +1,41 @@ +From 4842e5de6f39ebf2c0f6da9e6a0cb751c7108507 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:04 +0100 +Subject: [PATCH] iio: potentiometer: mcp4131: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 4842e5de6f39ebf2c0f6da9e6a0cb751c7108507 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 22d199a53910 ("iio: potentiometer: add driver for Microchip MCP413X/414X/415X/416X/423X/424X/425X/426X") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-85-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/potentiometer/mcp4131.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/potentiometer/mcp4131.c b/drivers/iio/potentiometer/mcp4131.c +index 7c8c18ab8764..7890c0993ec4 100644 +--- a/drivers/iio/potentiometer/mcp4131.c ++++ b/drivers/iio/potentiometer/mcp4131.c +@@ -129,7 +129,7 @@ struct mcp4131_data { + struct spi_device *spi; + const struct mcp4131_cfg *cfg; + struct mutex lock; +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + #define MCP4131_CHANNEL(ch) { \ +-- +2.35.3 + diff --git a/patches.suse/iio-proximity-as3935-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-proximity-as3935-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..01fc2a3 --- /dev/null +++ b/patches.suse/iio-proximity-as3935-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,42 @@ +From 2386c0f8c5b740873a4b9126c3706601b127fe22 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:06 +0100 +Subject: [PATCH] iio: proximity: as3935: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 2386c0f8c5b740873a4b9126c3706601b127fe22 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes: 24ddb0e4bba4 ("iio: Add AS3935 lightning sensor support") +Signed-off-by: Jonathan Cameron +Cc: Matt Ranostay +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-87-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/proximity/as3935.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/proximity/as3935.c b/drivers/iio/proximity/as3935.c +index 67891ce2bd09..ebc95cf8f5f4 100644 +--- a/drivers/iio/proximity/as3935.c ++++ b/drivers/iio/proximity/as3935.c +@@ -65,7 +65,7 @@ struct as3935_state { + u8 chan; + s64 timestamp __aligned(8); + } scan; +- u8 buf[2] ____cacheline_aligned; ++ u8 buf[2] __aligned(IIO_DMA_MINALIGN); + }; + + static const struct iio_chan_spec as3935_channels[] = { +-- +2.35.3 + diff --git a/patches.suse/iio-resolver-ad2s1200-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-resolver-ad2s1200-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..c8be0fa --- /dev/null +++ b/patches.suse/iio-resolver-ad2s1200-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,44 @@ +From 37882314d3bdc2ae775ebb9fa8ed7a94cd1aad61 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:08 +0100 +Subject: [PATCH] iio: resolver: ad2s1200: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 37882314d3bdc2ae775ebb9fa8ed7a94cd1aad61 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes tag is probably not where the issue was first introduced, but +is likely to be as far as anyone considers backporting this fix. + +Fixes: 0bd3d338f61b ("staging: iio: ad2s1200: Improve readability with be16_to_cpup") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-89-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/resolver/ad2s1200.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/resolver/ad2s1200.c b/drivers/iio/resolver/ad2s1200.c +index 9746bd935628..9d95241bdf8f 100644 +--- a/drivers/iio/resolver/ad2s1200.c ++++ b/drivers/iio/resolver/ad2s1200.c +@@ -41,7 +41,7 @@ struct ad2s1200_state { + struct spi_device *sdev; + struct gpio_desc *sample; + struct gpio_desc *rdvel; +- __be16 rx ____cacheline_aligned; ++ __be16 rx __aligned(IIO_DMA_MINALIGN); + }; + + static int ad2s1200_read_raw(struct iio_dev *indio_dev, +-- +2.35.3 + diff --git a/patches.suse/iio-resolver-ad2s90-Fix-alignment-for-DMA-safety.patch b/patches.suse/iio-resolver-ad2s90-Fix-alignment-for-DMA-safety.patch new file mode 100644 index 0000000..facdc1e --- /dev/null +++ b/patches.suse/iio-resolver-ad2s90-Fix-alignment-for-DMA-safety.patch @@ -0,0 +1,45 @@ +From faa05ecb1349070d874810e161b653c2220e0006 Mon Sep 17 00:00:00 2001 +From: Jonathan Cameron +Date: Sun, 8 May 2022 18:57:09 +0100 +Subject: [PATCH] iio: resolver: ad2s90: Fix alignment for DMA safety +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: faa05ecb1349070d874810e161b653c2220e0006 +Patch-mainline: v6.0-rc1 +References: git-fixes + +____cacheline_aligned is an insufficient guarantee for non-coherent DMA +on platforms with 128 byte cachelines above L1. Switch to the updated +IIO_DMA_MINALIGN definition. + +Fixes tag is probably not where the issue was first introduced, but +is likely to be far beyond the point where anyone considers +backporting this fix. + +Fixes: 58f08b0af857 ("staging:iio:resolver:ad2s90 general cleanup") +Signed-off-by: Jonathan Cameron +Acked-by: Nuno Sá +Link: https://lore.kernel.org/r/20220508175712.647246-90-jic23@kernel.org +Acked-by: Takashi Iwai + +--- + drivers/iio/resolver/ad2s90.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/iio/resolver/ad2s90.c b/drivers/iio/resolver/ad2s90.c +index d6a91f137e13..be6836e55376 100644 +--- a/drivers/iio/resolver/ad2s90.c ++++ b/drivers/iio/resolver/ad2s90.c +@@ -24,7 +24,7 @@ + struct ad2s90_state { + struct mutex lock; /* lock to protect rx buffer */ + struct spi_device *sdev; +- u8 rx[2] ____cacheline_aligned; ++ u8 rx[2] __aligned(IIO_DMA_MINALIGN); + }; + + static int ad2s90_read_raw(struct iio_dev *indio_dev, +-- +2.35.3 + diff --git a/patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch b/patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch new file mode 100644 index 0000000..d4b023d --- /dev/null +++ b/patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch @@ -0,0 +1,37 @@ +From d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 Mon Sep 17 00:00:00 2001 +From: Huaxin Lu +Date: Tue, 5 Jul 2022 13:14:17 +0800 +Subject: [PATCH] ima: Fix a potential integer overflow in ima_appraise_measurement +Git-commit: d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 +Patch-mainline: v5.19-rc7 +References: git-fixes + +When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be +negative, which may cause the integer overflow problem. + +Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures") +Signed-off-by: Huaxin Lu +Signed-off-by: Mimi Zohar +Acked-by: Takashi Iwai + +--- + security/integrity/ima/ima_appraise.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c +index cdb84dccd24e..bde74fcecee3 100644 +--- a/security/integrity/ima/ima_appraise.c ++++ b/security/integrity/ima/ima_appraise.c +@@ -514,7 +514,8 @@ int ima_appraise_measurement(enum ima_hooks func, + goto out; + } + +- status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); ++ status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, ++ rc < 0 ? 0 : rc, iint); + switch (status) { + case INTEGRITY_PASS: + case INTEGRITY_PASS_IMMUTABLE: +-- +2.35.3 + diff --git a/patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch b/patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch new file mode 100644 index 0000000..1d6b397 --- /dev/null +++ b/patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch @@ -0,0 +1,36 @@ +From 067d2521874135267e681c19d42761c601d503d6 Mon Sep 17 00:00:00 2001 +From: Jianglei Nie +Date: Tue, 12 Jul 2022 09:10:37 +0800 +Subject: [PATCH] ima: Fix potential memory leak in ima_init_crypto() +Git-commit: 067d2521874135267e681c19d42761c601d503d6 +Patch-mainline: v5.19-rc7 +References: git-fixes + +On failure to allocate the SHA1 tfm, IMA fails to initialize and exits +without freeing the ima_algo_array. Add the missing kfree() for +ima_algo_array to avoid the potential memory leak. + +Signed-off-by: Jianglei Nie +Fixes: 6d94809af6b0 ("ima: Allocate and initialize tfm for each PCR bank") +Signed-off-by: Mimi Zohar +Acked-by: Takashi Iwai + +--- + security/integrity/ima/ima_crypto.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c +index a7206cc1d7d1..64499056648a 100644 +--- a/security/integrity/ima/ima_crypto.c ++++ b/security/integrity/ima/ima_crypto.c +@@ -205,6 +205,7 @@ int __init ima_init_crypto(void) + + crypto_free_shash(ima_algo_array[i].tfm); + } ++ kfree(ima_algo_array); + out: + crypto_free_shash(ima_shash_tfm); + return rc; +-- +2.35.3 + diff --git a/patches.suse/intel_idle-Customize-IceLake-server-support.patch b/patches.suse/intel_idle-Customize-IceLake-server-support.patch new file mode 100644 index 0000000..556e014 --- /dev/null +++ b/patches.suse/intel_idle-Customize-IceLake-server-support.patch @@ -0,0 +1,99 @@ +From a472ad2bcea479ba068880125d7273fc95c14b70 Mon Sep 17 00:00:00 2001 +From: Chen Yu +Date: Fri, 10 Jul 2020 12:12:01 +0800 +Subject: [PATCH] intel_idle: Customize IceLake server support +Git-commit: a472ad2bcea479ba068880125d7273fc95c14b70 +Patch-mainline: v5.9-rc1 +References: jsc#SLE-12679 + +On ICX platform, the C1E auto-promotion is enabled by default. +As a result, the CPU might fall into C1E more offen than previous +platforms. Besides, the C1E is not exposed to sysfs on ICX, which +is inconsistent with previous server platforms. + +So disable C1E auto-promotion and expose C1E as a separate idle +state, so the C1E and C6 can be disabled via sysfs when necessary. + +Beside C1 and C1E, the exit latency of C6 was measured +by a dedicated tool. However the exit latency(41us) exposed +by _CST is much smaller than the one we measured(128us). This +is probably due to the _CST uses the exit latency when woken +up from PC0+C6, rather than PC6+C6 when C6 was measured. Choose +the latter as we need the longest latency in theory. + +Reported-by: kernel test robot +Tested-by: Artem Bityutskiy +Acked-by: Artem Bityutskiy +Reviewed-by: Zhang Rui +Signed-off-by: Chen Yu +Signed-off-by: Rafael J. Wysocki +Acked-by: Takashi Iwai + +--- + drivers/idle/intel_idle.c | 36 ++++++++++++++++++++++++++++++++++++ + 1 file changed, 36 insertions(+) + +diff --git a/drivers/idle/intel_idle.c b/drivers/idle/intel_idle.c +index 3f86f36dab2b..fd0fa9e7900b 100644 +--- a/drivers/idle/intel_idle.c ++++ b/drivers/idle/intel_idle.c +@@ -752,6 +752,35 @@ static struct cpuidle_state skx_cstates[] __initdata = { + .enter = NULL } + }; + ++static struct cpuidle_state icx_cstates[] __initdata = { ++ { ++ .name = "C1", ++ .desc = "MWAIT 0x00", ++ .flags = MWAIT2flg(0x00), ++ .exit_latency = 1, ++ .target_residency = 1, ++ .enter = &intel_idle, ++ .enter_s2idle = intel_idle_s2idle, }, ++ { ++ .name = "C1E", ++ .desc = "MWAIT 0x01", ++ .flags = MWAIT2flg(0x01) | CPUIDLE_FLAG_ALWAYS_ENABLE, ++ .exit_latency = 4, ++ .target_residency = 4, ++ .enter = &intel_idle, ++ .enter_s2idle = intel_idle_s2idle, }, ++ { ++ .name = "C6", ++ .desc = "MWAIT 0x20", ++ .flags = MWAIT2flg(0x20) | CPUIDLE_FLAG_TLB_FLUSHED, ++ .exit_latency = 128, ++ .target_residency = 384, ++ .enter = &intel_idle, ++ .enter_s2idle = intel_idle_s2idle, }, ++ { ++ .enter = NULL } ++}; ++ + static struct cpuidle_state atom_cstates[] __initdata = { + { + .name = "C1E", +@@ -1056,6 +1085,12 @@ static const struct idle_cpu idle_cpu_skx __initconst = { + .use_acpi = true, + }; + ++static const struct idle_cpu idle_cpu_icx __initconst = { ++ .state_table = icx_cstates, ++ .disable_promotion_to_c1e = true, ++ .use_acpi = true, ++}; ++ + static const struct idle_cpu idle_cpu_avn __initconst = { + .state_table = avn_cstates, + .disable_promotion_to_c1e = true, +@@ -1110,6 +1145,7 @@ static const struct x86_cpu_id intel_idle_ids[] __initconst = { + X86_MATCH_INTEL_FAM6_MODEL(KABYLAKE_L, &idle_cpu_skl), + X86_MATCH_INTEL_FAM6_MODEL(KABYLAKE, &idle_cpu_skl), + X86_MATCH_INTEL_FAM6_MODEL(SKYLAKE_X, &idle_cpu_skx), ++ X86_MATCH_INTEL_FAM6_MODEL(ICELAKE_X, &idle_cpu_icx), + X86_MATCH_INTEL_FAM6_MODEL(XEON_PHI_KNL, &idle_cpu_knl), + X86_MATCH_INTEL_FAM6_MODEL(XEON_PHI_KNM, &idle_cpu_knl), + X86_MATCH_INTEL_FAM6_MODEL(ATOM_GOLDMONT, &idle_cpu_bxt), +-- +2.16.4 + diff --git a/patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch b/patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch index fb04b57..064ef72 100644 --- a/patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch +++ b/patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:58 +0200 Subject: intel_idle: Disable IBRS during long idle Git-commit: bf5835bcdb9635c97f85120dba9bfa21e111130f -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Having IBRS enabled while the SMT sibling is idle unnecessarily slows diff --git a/patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch b/patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch new file mode 100644 index 0000000..18d3ae3 --- /dev/null +++ b/patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch @@ -0,0 +1,55 @@ +From 086c28ab7c5699256aced0049aae9c42f1410313 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Tue, 5 Jul 2022 11:26:32 +0300 +Subject: [PATCH] intel_th: Fix a resource leak in an error handling path +Git-commit: 086c28ab7c5699256aced0049aae9c42f1410313 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If an error occurs after calling 'pci_alloc_irq_vectors()', +'pci_free_irq_vectors()' must be called as already done in the remove +function. + +Fixes: 7b7036d47c35 ("intel_th: pci: Use MSI interrupt signalling") +Reviewed-by: Andy Shevchenko +Signed-off-by: Christophe JAILLET +Signed-off-by: Alexander Shishkin +Link: https://lore.kernel.org/r/20220705082637.59979-2-alexander.shishkin@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/hwtracing/intel_th/pci.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/drivers/hwtracing/intel_th/pci.c b/drivers/hwtracing/intel_th/pci.c +index 7da4f298ed01..fcd0aca75007 100644 +--- a/drivers/hwtracing/intel_th/pci.c ++++ b/drivers/hwtracing/intel_th/pci.c +@@ -100,8 +100,10 @@ static int intel_th_pci_probe(struct pci_dev *pdev, + } + + th = intel_th_alloc(&pdev->dev, drvdata, resource, r); +- if (IS_ERR(th)) +- return PTR_ERR(th); ++ if (IS_ERR(th)) { ++ err = PTR_ERR(th); ++ goto err_free_irq; ++ } + + th->activate = intel_th_pci_activate; + th->deactivate = intel_th_pci_deactivate; +@@ -109,6 +111,10 @@ static int intel_th_pci_probe(struct pci_dev *pdev, + pci_set_master(pdev); + + return 0; ++ ++err_free_irq: ++ pci_free_irq_vectors(pdev); ++ return err; + } + + static void intel_th_pci_remove(struct pci_dev *pdev) +-- +2.35.3 + diff --git a/patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch b/patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch new file mode 100644 index 0000000..0cc4064 --- /dev/null +++ b/patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch @@ -0,0 +1,69 @@ +From ac12ad3ccf6d386e64a9d6a890595a2509d24edd Mon Sep 17 00:00:00 2001 +From: Alexander Shishkin +Date: Tue, 5 Jul 2022 11:26:34 +0300 +Subject: [PATCH] intel_th: msu: Fix vmalloced buffers +Git-commit: ac12ad3ccf6d386e64a9d6a890595a2509d24edd +Patch-mainline: v6.0-rc1 +References: git-fixes + +After commit f5ff79fddf0e ("dma-mapping: remove CONFIG_DMA_REMAP") there's +a chance of DMA buffer getting allocated via vmalloc(), which messes up +the mmapping code: + +> RIP: msc_mmap_fault [intel_th_msu] +> Call Trace: +> +> __do_fault +> do_fault +... + +Fix this by accounting for vmalloc possibility. + +Fixes: ba39bd830605 ("intel_th: msu: Switch over to scatterlist") +Reviewed-by: Andy Shevchenko +Signed-off-by: Alexander Shishkin +Link: https://lore.kernel.org/r/20220705082637.59979-4-alexander.shishkin@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/hwtracing/intel_th/msu.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +--- a/drivers/hwtracing/intel_th/msu.c ++++ b/drivers/hwtracing/intel_th/msu.c +@@ -1053,6 +1053,16 @@ msc_buffer_set_uc(struct msc_window *win + static inline void msc_buffer_set_wb(struct msc_window *win) {} + #endif /* CONFIG_X86 */ + ++static struct page *msc_sg_page(struct scatterlist *sg) ++{ ++ void *addr = sg_virt(sg); ++ ++ if (is_vmalloc_addr(addr)) ++ return vmalloc_to_page(addr); ++ ++ return sg_page(sg); ++} ++ + /** + * msc_buffer_win_alloc() - alloc a window for a multiblock mode + * @msc: MSC device +@@ -1125,7 +1135,7 @@ static void __msc_buffer_win_free(struct + int i; + + for_each_sg(win->sgt->sgl, sg, win->nr_segs, i) { +- struct page *page = sg_page(sg); ++ struct page *page = msc_sg_page(sg); + + page->mapping = NULL; + dma_free_coherent(msc_dev(win->msc)->parent->parent, PAGE_SIZE, +@@ -1387,7 +1397,7 @@ found: + pgoff -= win->pgoff; + + for_each_sg(win->sgt->sgl, sg, win->nr_segs, blk) { +- struct page *page = sg_page(sg); ++ struct page *page = msc_sg_page(sg); + size_t pgsz = PFN_DOWN(sg->length); + + if (pgoff < pgsz) diff --git a/patches.suse/intel_th-msu-sink-Potential-dereference-of-null-poin.patch b/patches.suse/intel_th-msu-sink-Potential-dereference-of-null-poin.patch new file mode 100644 index 0000000..72a8560 --- /dev/null +++ b/patches.suse/intel_th-msu-sink-Potential-dereference-of-null-poin.patch @@ -0,0 +1,41 @@ +From 82f76a4a720791d889de775b5f7541d601efc8bd Mon Sep 17 00:00:00 2001 +From: Jiasheng Jiang +Date: Tue, 5 Jul 2022 11:26:33 +0300 +Subject: [PATCH] intel_th: msu-sink: Potential dereference of null pointer +Git-commit: 82f76a4a720791d889de775b5f7541d601efc8bd +Patch-mainline: v6.0-rc1 +References: git-fixes + +The return value of dma_alloc_coherent() needs to be checked. +To avoid use of null pointer in sg_set_buf() in case of the failure of +alloc. + +Fixes: f220df66f676 ("intel_th: msu-sink: An example msu buffer "sink"") +Reviewed-by: Andy Shevchenko +Signed-off-by: Jiasheng Jiang +Signed-off-by: Alexander Shishkin +Link: https://lore.kernel.org/r/20220705082637.59979-3-alexander.shishkin@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/hwtracing/intel_th/msu-sink.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/hwtracing/intel_th/msu-sink.c b/drivers/hwtracing/intel_th/msu-sink.c +index 2c7f5116be12..891b28ea25fe 100644 +--- a/drivers/hwtracing/intel_th/msu-sink.c ++++ b/drivers/hwtracing/intel_th/msu-sink.c +@@ -71,6 +71,9 @@ static int msu_sink_alloc_window(void *data, struct sg_table **sgt, size_t size) + block = dma_alloc_coherent(priv->dev->parent->parent, + PAGE_SIZE, &sg_dma_address(sg_ptr), + GFP_KERNEL); ++ if (!block) ++ return -ENOMEM; ++ + sg_set_buf(sg_ptr, block, PAGE_SIZE); + } + +-- +2.35.3 + diff --git a/patches.suse/io_uring-fix-fs-users-overflow.patch b/patches.suse/io_uring-fix-fs-users-overflow.patch new file mode 100644 index 0000000..7aae4fc --- /dev/null +++ b/patches.suse/io_uring-fix-fs-users-overflow.patch @@ -0,0 +1,73 @@ +From: Pavel Begunkov +Date: Thu Apr 14 08:50:50 2022 +0100 +Subject: [PATCH] io_uring: fix fs->users overflow +References: CVE-2022-1116, bsc#1199647 +Patch-mainline: Never, stable v5.4.189 commit 1a623d361ffe5cecd4244a02f449528416360038 + + +There is a bunch of cases where we can grab req->fs but not put it, this +can be used to cause a controllable overflow with further implications. +Release req->fs in the request free path and make sure we zero the field +to be sure we don't do it twice. + +Fixes: cac68d12c531 ("io_uring: grab ->fs as part of async offload") +Reported-by: Bing-Jhong Billy Jheng +Signed-off-by: Pavel Begunkov +Signed-off-by: Greg Kroah-Hartman +Acked-by: Goldwyn Rodrigues + +--- + fs/io_uring.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +--- a/fs/io_uring.c ++++ b/fs/io_uring.c +@@ -437,6 +437,22 @@ + return ctx; + } + ++static void io_req_put_fs(struct io_kiocb *req) ++{ ++ struct fs_struct *fs = req->fs; ++ ++ if (!fs) ++ return; ++ ++ spin_lock(&req->fs->lock); ++ if (--fs->users) ++ fs = NULL; ++ spin_unlock(&req->fs->lock); ++ if (fs) ++ free_fs_struct(fs); ++ req->fs = NULL; ++} ++ + static inline bool io_sequence_defer(struct io_ring_ctx *ctx, + struct io_kiocb *req) + { +@@ -623,6 +639,7 @@ + + static void __io_free_req(struct io_kiocb *req) + { ++ io_req_put_fs(req); + if (req->file && !(req->flags & REQ_F_FIXED_FILE)) + fput(req->file); + io_ring_drop_ctx_refs(req->ctx, 1); +@@ -1547,16 +1564,7 @@ + ret = -EINTR; + } + +- if (req->fs) { +- struct fs_struct *fs = req->fs; +- +- spin_lock(&req->fs->lock); +- if (--fs->users) +- fs = NULL; +- spin_unlock(&req->fs->lock); +- if (fs) +- free_fs_struct(fs); +- } ++ io_req_put_fs(req); + io_cqring_add_event(req->ctx, sqe->user_data, ret); + io_put_req(req); + return 0; diff --git a/patches.suse/ipv4-avoid-using-shared-IP-generator-for-connected-s.patch b/patches.suse/ipv4-avoid-using-shared-IP-generator-for-connected-s.patch new file mode 100644 index 0000000..7572885 --- /dev/null +++ b/patches.suse/ipv4-avoid-using-shared-IP-generator-for-connected-s.patch @@ -0,0 +1,64 @@ +From: Eric Dumazet +Date: Wed, 26 Jan 2022 17:10:22 -0800 +Subject: ipv4: avoid using shared IP generator for connected sockets +Patch-mainline: v5.17-rc2 +Git-commit: 23f57406b82de51809d5812afd96f210f8b627f3 +References: CVE-2020-36516 bsc#1196616 + +ip_select_ident_segs() has been very conservative about using +the connected socket private generator only for packets with IP_DF +set, claiming it was needed for some VJ compression implementations. + +As mentioned in this referenced document, this can be abused. +(Ref: Off-Path TCP Exploits of the Mixed IPID Assignment) + +Before switching to pure random IPID generation and possibly hurt +some workloads, lets use the private inet socket generator. + +Not only this will remove one vulnerability, this will also +improve performance of TCP flows using pmtudisc==IP_PMTUDISC_DONT + +Fixes: 73f156a6e8c1 ("inetpeer: get rid of ip_id_count") +Signed-off-by: Eric Dumazet +Reviewed-by: David Ahern +Reported-by: Ray Che +Cc: Willy Tarreau +Signed-off-by: Jakub Kicinski +Acked-by: Michal Kubecek + +--- + include/net/ip.h | 21 ++++++++++----------- + 1 file changed, 10 insertions(+), 11 deletions(-) + +--- a/include/net/ip.h ++++ b/include/net/ip.h +@@ -498,19 +498,18 @@ static inline void ip_select_ident_segs(struct net *net, struct sk_buff *skb, + { + struct iphdr *iph = ip_hdr(skb); + ++ /* We had many attacks based on IPID, use the private ++ * generator as much as we can. ++ */ ++ if (sk && inet_sk(sk)->inet_daddr) { ++ iph->id = htons(inet_sk(sk)->inet_id); ++ inet_sk(sk)->inet_id += segs; ++ return; ++ } + if ((iph->frag_off & htons(IP_DF)) && !skb->ignore_df) { +- /* This is only to work around buggy Windows95/2000 +- * VJ compression implementations. If the ID field +- * does not change, they drop every other packet in +- * a TCP stream using header compression. +- */ +- if (sk && inet_sk(sk)->inet_daddr) { +- iph->id = htons(inet_sk(sk)->inet_id); +- inet_sk(sk)->inet_id += segs; +- } else { +- iph->id = 0; +- } ++ iph->id = 0; + } else { ++ /* Unfortunately we need the big hammer to get a suitable IPID */ + __ip_select_ident(net, iph, segs); + } + } diff --git a/patches.suse/ipv4-tcp-send-zero-IPID-in-SYNACK-messages.patch b/patches.suse/ipv4-tcp-send-zero-IPID-in-SYNACK-messages.patch new file mode 100644 index 0000000..5dbf87a --- /dev/null +++ b/patches.suse/ipv4-tcp-send-zero-IPID-in-SYNACK-messages.patch @@ -0,0 +1,71 @@ +From: Eric Dumazet +Date: Wed, 26 Jan 2022 17:10:21 -0800 +Subject: ipv4: tcp: send zero IPID in SYNACK messages +Patch-mainline: v5.17-rc2 +Git-commit: 970a5a3ea86da637471d3cd04d513a0755aba4bf +References: CVE-2020-36516 bsc#1196616 + +In commit 431280eebed9 ("ipv4: tcp: send zero IPID for RST and +ACK sent in SYN-RECV and TIME-WAIT state") we took care of some +ctl packets sent by TCP. + +It turns out we need to use a similar strategy for SYNACK packets. + +By default, they carry IP_DF and IPID==0, but there are ways +to ask them to use the hashed IP ident generator and thus +be used to build off-path attacks. +(Ref: Off-Path TCP Exploits of the Mixed IPID Assignment) + +One of this way is to force (before listener is started) +echo 1 >/proc/sys/net/ipv4/ip_no_pmtu_disc + +Another way is using forged ICMP ICMP_FRAG_NEEDED +with a very small MTU (like 68) to force a false return from +ip_dont_fragment() + +In this patch, ip_build_and_send_pkt() uses the following +heuristics. + +1) Most SYNACK packets are smaller than IPV4_MIN_MTU and therefore +can use IP_DF regardless of the listener or route pmtu setting. + +2) In case the SYNACK packet is bigger than IPV4_MIN_MTU, +we use prandom_u32() generator instead of the IPv4 hashed ident one. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Eric Dumazet +Reported-by: Ray Che +Reviewed-by: David Ahern +Cc: Geoff Alexander +Cc: Willy Tarreau +Signed-off-by: Jakub Kicinski +Acked-by: Michal Kubecek + +--- + net/ipv4/ip_output.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -161,12 +161,19 @@ int ip_build_and_send_pkt(struct sk_buff *skb, const struct sock *sk, + iph->daddr = (opt && opt->opt.srr ? opt->opt.faddr : daddr); + iph->saddr = saddr; + iph->protocol = sk->sk_protocol; +- if (ip_dont_fragment(sk, &rt->dst)) { ++ /* Do not bother generating IPID for small packets (eg SYNACK) */ ++ if (skb->len <= IPV4_MIN_MTU || ip_dont_fragment(sk, &rt->dst)) { + iph->frag_off = htons(IP_DF); + iph->id = 0; + } else { + iph->frag_off = 0; +- __ip_select_ident(net, iph, 1); ++ /* TCP packets here are SYNACK with fat IPv4/TCP options. ++ * Avoid using the hashed IP ident generator. ++ */ ++ if (sk->sk_protocol == IPPROTO_TCP) ++ iph->id = (__force __be16)prandom_u32(); ++ else ++ __ip_select_ident(net, iph, 1); + } + + if (opt && opt->opt.optlen) { diff --git a/patches.suse/kbuild-Build-kernel-module-BTFs-if-BTF-is-enabled-and-paho.patch b/patches.suse/kbuild-Build-kernel-module-BTFs-if-BTF-is-enabled-and-paho.patch new file mode 100644 index 0000000..4a7e100 --- /dev/null +++ b/patches.suse/kbuild-Build-kernel-module-BTFs-if-BTF-is-enabled-and-paho.patch @@ -0,0 +1,152 @@ +From: Andrii Nakryiko +Date: Mon, 9 Nov 2020 17:19:30 -0800 +Subject: kbuild: Build kernel module BTFs if BTF is enabled and pahole + supports it +Git-commit: 5f9ae91f7c0dbbc4195e2a6c8eedcaeb5b9e4cbb +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +Detect if pahole supports split BTF generation, and generate BTF for each +selected kernel module, if it does. This is exposed to Makefiles and C code as +CONFIG_DEBUG_INFO_BTF_MODULES flag. + +Kernel module BTF has to be re-generated if either vmlinux's BTF changes or +module's .ko changes. To achieve that, I needed a helper similar to +if_changed, but that would allow to filter out vmlinux from the list of +updated dependencies for .ko building. I've put it next to the only place that +uses and needs it, but it might be a better idea to just add it along the +other if_changed variants into scripts/Kbuild.include. + +Each kernel module's BTF deduplication is pretty fast, as it does only +incremental BTF deduplication on top of already deduplicated vmlinux BTF. To +show the added build time, I've first ran make only just built kernel (to +establish the baseline) and then forced only BTF re-generation, without +regenerating .ko files. The build was performed with -j60 parallelization on +56-core machine. The final time also includes bzImage building, so it's not +a pure BTF overhead. + +$ time make -j60 +... +make -j60 27.65s user 10.96s system 782% cpu 4.933 total +$ touch ~/linux-build/default/vmlinux && time make -j60 +... +make -j60 123.69s user 27.85s system 1566% cpu 9.675 total + +So 4.6 seconds real time, with noticeable part spent in compressed vmlinux and +bzImage building. + +To show size savings, I've built my kernel configuration with about 700 kernel +modules with full BTF per each kernel module (without deduplicating against +vmlinux) and with split BTF against deduplicated vmlinux (approach in this +patch). Below are top 10 modules with biggest BTF sizes. And total size of BTF +data across all kernel modules. + +It shows that split BTF "compresses" 115MB down to 5MB total. And the biggest +kernel modules get a downsize from 500-570KB down to 200-300KB. + +FULL BTF +======== + +$ for f in $(find . -name '*.ko'); do size -A -d $f | grep BTF | awk '{print $2}'; done | awk '{ s += $1 } END { print s }' +115710691 + +$ for f in $(find . -name '*.ko'); do printf "%s %d\n" $f $(size -A -d $f | grep BTF | awk '{print $2}'); done | sort -nr -k2 | head -n10 +./drivers/gpu/drm/i915/i915.ko 570570 +./drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko 520240 +./drivers/gpu/drm/radeon/radeon.ko 503849 +./drivers/infiniband/hw/mlx5/mlx5_ib.ko 491777 +./fs/xfs/xfs.ko 411544 +./drivers/net/ethernet/intel/i40e/i40e.ko 403904 +./drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko 398754 +./drivers/infiniband/core/ib_core.ko 397224 +./fs/cifs/cifs.ko 386249 +./fs/nfsd/nfsd.ko 379738 + +SPLIT BTF +========= + +$ for f in $(find . -name '*.ko'); do size -A -d $f | grep BTF | awk '{print $2}'; done | awk '{ s += $1 } END { print s }' +5194047 + +$ for f in $(find . -name '*.ko'); do printf "%s %d\n" $f $(size -A -d $f | grep BTF | awk '{print $2}'); done | sort -nr -k2 | head -n10 +./drivers/gpu/drm/i915/i915.ko 293206 +./drivers/gpu/drm/radeon/radeon.ko 282103 +./fs/xfs/xfs.ko 222150 +./drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.ko 198503 +./drivers/infiniband/hw/mlx5/mlx5_ib.ko 198356 +./drivers/net/ethernet/broadcom/bnx2x/bnx2x.ko 113444 +./fs/cifs/cifs.ko 109379 +./arch/x86/kvm/kvm.ko 100225 +./drivers/gpu/drm/drm.ko 94827 +./drivers/infiniband/core/ib_core.ko 91188 + +Signed-off-by: Andrii Nakryiko +Signed-off-by: Alexei Starovoitov +Link: https://lore.kernel.org/bpf/20201110011932.3201430-4-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + lib/Kconfig.debug | 9 +++++++++ + scripts/Makefile.modfinal | 20 ++++++++++++++++++-- + 2 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index d7a7bc3b6098..1e78faaf20a5 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -274,6 +274,15 @@ config DEBUG_INFO_BTF + Turning this on expects presence of pahole tool, which will convert + DWARF type info into equivalent deduplicated BTF type info. + ++config PAHOLE_HAS_SPLIT_BTF ++ def_bool $(success, test `$(PAHOLE) --version | sed -E 's/v([0-9]+)\.([0-9]+)/\1\2/'` -ge "119") ++ ++config DEBUG_INFO_BTF_MODULES ++ def_bool y ++ depends on DEBUG_INFO_BTF && MODULES && PAHOLE_HAS_SPLIT_BTF ++ help ++ Generate compact split BTF type information for kernel modules. ++ + config GDB_SCRIPTS + bool "Provide GDB scripts for kernel debugging" + depends on DEBUG_INFO +diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal +index ae01baf96f4e..02b892421f7a 100644 +--- a/scripts/Makefile.modfinal ++++ b/scripts/Makefile.modfinal +@@ -6,6 +6,7 @@ + PHONY := __modfinal + __modfinal: + ++include include/config/auto.conf + include $(srctree)/scripts/Kbuild.include + + # for c_flags +@@ -36,8 +37,23 @@ quiet_cmd_ld_ko_o = LD [M] $@ + -o $@ $(filter %.o, $^); \ + $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) + +-$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) FORCE +- +$(call if_changed,ld_ko_o) ++quiet_cmd_btf_ko = BTF [M] $@ ++ cmd_btf_ko = LLVM_OBJCOPY=$(OBJCOPY) $(PAHOLE) -J --btf_base vmlinux $@ ++ ++# Same as newer-prereqs, but allows to exclude specified extra dependencies ++newer_prereqs_except = $(filter-out $(PHONY) $(1),$?) ++ ++# Same as if_changed, but allows to exclude specified extra dependencies ++if_changed_except = $(if $(call newer_prereqs_except,$(2))$(cmd-check), \ ++ $(cmd); \ ++ printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) ++ ++# Re-generate module BTFs if either module's .ko or vmlinux changed ++$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) vmlinux FORCE ++ +$(call if_changed_except,ld_ko_o,vmlinux) ++ifdef CONFIG_DEBUG_INFO_BTF_MODULES ++ +$(if $(newer-prereqs),$(call cmd,btf_ko)) ++endif + + targets += $(modules) $(modules:.ko=.mod.o) + + + diff --git a/patches.suse/kbuild-Skip-module-BTF-generation-for-out-of-tree-external.patch b/patches.suse/kbuild-Skip-module-BTF-generation-for-out-of-tree-external.patch new file mode 100644 index 0000000..434482b --- /dev/null +++ b/patches.suse/kbuild-Skip-module-BTF-generation-for-out-of-tree-external.patch @@ -0,0 +1,83 @@ +From: Andrii Nakryiko +Date: Fri, 20 Nov 2020 23:08:28 -0800 +Subject: kbuild: Skip module BTF generation for out-of-tree external modules +Git-commit: e732b538f4557cd0a856bbce3cde55d2dfef3b03 +Patch-mainline: v5.11-rc1 +References: jsc#SLE-24559 + +In some modes of operation, Kbuild allows to build modules without having +vmlinux image around. In such case, generation of module BTF is impossible. +This patch changes the behavior to emit a warning about impossibility of +generating kernel module BTF, instead of breaking the build. This is especially +important for out-of-tree external module builds. + +In vmlinux-less mode: + +$ make clean +$ make modules_prepare +$ touch drivers/acpi/button.c +$ make M=drivers/acpi +... + CC [M] drivers/acpi/button.o + MODPOST drivers/acpi/Module.symvers + LD [M] drivers/acpi/button.ko + BTF [M] drivers/acpi/button.ko +Skipping BTF generation for drivers/acpi/button.ko due to unavailability of vmlinux +... +$ readelf -S ~/linux-build/default/drivers/acpi/button.ko | grep BTF -A1 +... empty ... + +Now with normal build: + +$ make all +... +LD [M] drivers/acpi/button.ko +BTF [M] drivers/acpi/button.ko +... +$ readelf -S ~/linux-build/default/drivers/acpi/button.ko | grep BTF -A1 + [60] .BTF PROGBITS 0000000000000000 00029310 + 000000000000ab3f 0000000000000000 0 0 1 + +Fixes: 5f9ae91f7c0d ("kbuild: Build kernel module BTFs if BTF is enabled and pahole supports it") +Reported-by: Bruce Allan +Signed-off-by: Andrii Nakryiko +Signed-off-by: Daniel Borkmann +Cc: Jessica Yu +Cc: Greg Kroah-Hartman +Cc: Masahiro Yamada +Link: https://lore.kernel.org/bpf/20201121070829.2612884-1-andrii@kernel.org + +Acked-by: Jeff Mahoney +--- + scripts/Makefile.modfinal | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/scripts/Makefile.modfinal b/scripts/Makefile.modfinal +index 02b892421f7a..d49ec001825d 100644 +--- a/scripts/Makefile.modfinal ++++ b/scripts/Makefile.modfinal +@@ -38,7 +38,12 @@ quiet_cmd_ld_ko_o = LD [M] $@ + $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) + + quiet_cmd_btf_ko = BTF [M] $@ +- cmd_btf_ko = LLVM_OBJCOPY=$(OBJCOPY) $(PAHOLE) -J --btf_base vmlinux $@ ++ cmd_btf_ko = \ ++ if [ -f vmlinux ]; then \ ++ LLVM_OBJCOPY=$(OBJCOPY) $(PAHOLE) -J --btf_base vmlinux $@; \ ++ else \ ++ printf "Skipping BTF generation for %s due to unavailability of vmlinux\n" $@ 1>&2; \ ++ fi; + + # Same as newer-prereqs, but allows to exclude specified extra dependencies + newer_prereqs_except = $(filter-out $(PHONY) $(1),$?) +@@ -49,7 +54,7 @@ if_changed_except = $(if $(call newer_prereqs_except,$(2))$(cmd-check), \ + printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) + + # Re-generate module BTFs if either module's .ko or vmlinux changed +-$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) vmlinux FORCE ++$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) $(if $(KBUILD_BUILTIN),vmlinux) FORCE + +$(call if_changed_except,ld_ko_o,vmlinux) + ifdef CONFIG_DEBUG_INFO_BTF_MODULES + +$(if $(newer-prereqs),$(call cmd,btf_ko)) + + diff --git a/patches.suse/kbuild-add-M-marker-for-build-log-of-.mod.o.patch b/patches.suse/kbuild-add-M-marker-for-build-log-of-.mod.o.patch new file mode 100644 index 0000000..f777e63 --- /dev/null +++ b/patches.suse/kbuild-add-M-marker-for-build-log-of-.mod.o.patch @@ -0,0 +1,29 @@ +From: Masahiro Yamada +Date: Wed, 31 Jul 2019 15:13:58 +0900 +Subject: kbuild: add [M] marker for build log of *.mod.o +Git-commit: f6545bec969358eace40419aff26a2a236e0b813 +Patch-mainline: v5.4-rc1 +References: jsc#SLE-24559 + +This builds module objects, so [M] makes sense. + +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + scripts/Makefile.modpost | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/Makefile.modpost b/scripts/Makefile.modpost +index e003350bc473..bf15818f6947 100644 +--- a/scripts/Makefile.modpost ++++ b/scripts/Makefile.modpost +@@ -110,7 +110,7 @@ $(modules:.ko=.mod.c): modules-modpost + # modname is set to make c_flags define KBUILD_MODNAME + modname = $(notdir $(@:.mod.o=)) + +-quiet_cmd_cc_o_c = CC $@ ++quiet_cmd_cc_o_c = CC [M] $@ + cmd_cc_o_c = $(CC) $(c_flags) $(KBUILD_CFLAGS_MODULE) $(CFLAGS_MODULE) \ + -c -o $@ $< + + diff --git a/patches.suse/kbuild-drop-wildcard-check-in-if_changed-for-faster-rebuil.patch b/patches.suse/kbuild-drop-wildcard-check-in-if_changed-for-faster-rebuil.patch new file mode 100644 index 0000000..d6e5b5b --- /dev/null +++ b/patches.suse/kbuild-drop-wildcard-check-in-if_changed-for-faster-rebuil.patch @@ -0,0 +1,246 @@ +From: Masahiro Yamada +Date: Fri, 8 Nov 2019 00:09:44 +0900 +Subject: kbuild: drop $(wildcard $^) check in if_changed* for faster rebuild +Git-commit: 2d3b1b8f0da7b1b09f42231580d88f93b803ae7f +Patch-mainline: v5.5-rc1 +References: jsc#SLE-24559 + +The incremental build of Linux kernel is pretty slow when lots of +objects are compiled. The rebuild of allmodconfig may take a few +minutes even when none of the objects needs to be rebuilt. + +The time-consuming part in the incremental build is the evaluation of +if_changed* macros since they are used in the recipes to compile C and +assembly source files into objects. + +I notice the following code in if_changed* is expensive: + + $(filter-out $(PHONY) $(wildcard $^),$^) + +In the incremental build, every object has its .*.cmd file, which +contains the auto-generated list of included headers. So, $^ are +expanded into the long list of the source file + included headers, +and $(wildcard $^) checks whether they exist. + +It may not be clear why this check exists there. + +Here is the record of my research. + +[1] The first code addition into Kbuild + +This code dates back to 2002. It is the pre-git era. So, I copy-pasted +it from the historical git tree. + +| commit 4a6db0791528c220655b063cf13fefc8470dbfee (HEAD) +| Author: Kai Germaschewski +| Date: Mon Jun 17 00:22:37 2002 -0500 +| +| kbuild: Handle removed headers +| +| New and old way to handle dependencies would choke when a file +| #include'd by other files was removed, since the dependency on it was +| still recorded, but since it was gone, make has no idea what to do about +| it (and would complain with "No rule to make ...") +| +| We now add targets for all the previously included files, so make will +| just ignore them if they disappear. +| +| diff --git a/Rules.make b/Rules.make +| index 6ef827d3df39..7db5301ea7db 100644 +| --- a/Rules.make +| +++ b/Rules.make +| @@ -446,7 +446,7 @@ if_changed = $(if $(strip $? \ +| # execute the command and also postprocess generated .d dependencies +| # file +| +| -if_changed_dep = $(if $(strip $? \ +| +if_changed_dep = $(if $(strip $? $(filter-out FORCE $(wildcard $^),$^)\ +| $(filter-out $(cmd_$(1)),$(cmd_$@))\ +| $(filter-out $(cmd_$@),$(cmd_$(1)))),\ +| @set -e; \ +| diff --git a/scripts/fixdep.c b/scripts/fixdep.c +| index b5d7bee8efc7..db45bd1888c0 100644 +| --- a/scripts/fixdep.c +| +++ b/scripts/fixdep.c +| @@ -292,7 +292,7 @@ void parse_dep_file(void *map, size_t len) +| exit(1); +| } +| memcpy(s, m, p-m); s[p-m] = 0; +| - printf("%s: \\\n", target); +| + printf("deps_%s := \\\n", target); +| m = p+1; +| +| clear_config(); +| @@ -314,7 +314,8 @@ void parse_dep_file(void *map, size_t len) +| } +| m = p + 1; +| } +| - printf("\n"); +| + printf("\n%s: $(deps_%s)\n\n", target, target); +| + printf("$(deps_%s):\n", target); +| } +| +| void print_deps(void) + +The "No rule to make ..." error can be solved by passing -MP to +the compiler, but I think the detection of header removal is a good +feature. When a header is removed, all source files that previously +included it should be re-compiled. This makes sure we has correctly +got rid of #include directives of it. + +This is also related with the behavior of $?. The GNU Make manual says: + + $? + The names of all the prerequisites that are newer than the target, + with spaces between them. + +This does not explain whether a non-existent prerequisite is considered +to be newer than the target. + +At this point of time, GNU Make 3.7x was used, where the $? did not +include non-existent prerequisites. Therefore, + + $(filter-out FORCE $(wildcard $^),$^) + +was useful to detect the header removal, and to rebuild the related +objects if it is the case. + +[2] Change of $? behavior + +Later, the behavior of $? was changed (fixed) to include prerequisites +that did not exist. + +First, GNU Make commit 64e16d6c00a5 ("Various changes getting ready for +the release of 3.81.") changed it, but in the release test of 3.81, it +turned out to break the kernel build. + +See these: + + - http://lists.gnu.org/archive/html/bug-make/2006-03/msg00003.html + - https://savannah.gnu.org/bugs/?16002 + - https://savannah.gnu.org/bugs/?16051 + +Then, GNU Make commit 6d8d9b74d9c5 ("Numerous updates to tests for +issues found on Cygwin and Windows.") reverted it for the 3.81 release +to give Linux kernel time to adjust to the new behavior. + +After the 3.81 release, GNU Make commit 7595f38f62af ("Fixed a number +of documentation bugs, plus some build/install issues:") re-added it. + +[3] Adjustment to the new $? behavior on Kbuild side + +Meanwhile, the kernel build was changed by commit 4f1933620f57 ("kbuild: +change kbuild to not rely on incorrect GNU make behavior") to adjust to +the new $? behavior. + +[4] GNU Make 3.82 released in 2010 + +GNU Make 3.82 was the first release that integrated the correct $? +behavior. At this point, Kbuild dealt with GNU Make versions with +different $? behaviors. + + 3.81 or older: + $? does not contain any non-existent prerequisite. + $(filter-out $(PHONY) $(wildcard $^),$^) was useful to detect + removed include headers. + + 3.82 or newer: + $? contains non-existent prerequisites. When a header is removed, + it appears in $?. $(filter-out $(PHONY) $(wildcard $^),$^) became + a redundant check. + +With the correct $? behavior, we could have dropped the expensive +check for 3.82 or later, but we did not. (Maybe nobody noticed this +optimization.) + +[5] The .SECONDARY special target trips up $? + +Some time later, I noticed $? did not work as expected under some +circumstances. As above, $? should contain non-existent prerequisites, +but the ones specified as SECONDARY do not appear in $?. + +I asked this in GNU Make ML, and it seems a bug: + + https://lists.gnu.org/archive/html/bug-make/2019-01/msg00001.html + +Since commit 8e9b61b293d9 ("kbuild: move .SECONDARY special target to +Kbuild.include"), all files, including headers listed in .*.cmd files, +are treated as secondary. + +So, we are back into the incorrect $? behavior. + +If we Kbuild want to react to the header removal, we need to keep +$(filter-out $(PHONY) $(wildcard $^),$^) but this makes the rebuild +so slow. + +[Summary] + + - I believe noticing the header removal and recompiling related objects + is a nice feature for the build system. + + - If $? worked correctly, $(filter-out $(PHONY),$?) would be enough + to detect the header removal. + + - Currently, $? does not work correctly when used with .SECONDARY, + and Kbuild is hit by this bug. + + - I filed a bug report for this, but not fixed yet as of writing. + + - Currently, the header removal is detected by the following expensive + code: + + $(filter-out $(PHONY) $(wildcard $^),$^) + + - I do not want to revert commit 8e9b61b293d9 ("kbuild: move + .SECONDARY special target to Kbuild.include"). Specifying + .SECONDARY globally is clean, and it matches to the Kbuild policy. + +This commit proactively removes the expensive check since it makes the +incremental build faster. A downside is Kbuild will no longer be able +to notice the header removal. + +You can confirm it by the full-build followed by a header removal, and +then re-build. + + $ make defconfig all + [ full build ] + $ rm include/linux/device.h + $ make + CALL scripts/checksyscalls.sh + CALL scripts/atomic/check-atomics.sh + DESCEND objtool + CHK include/generated/compile.h + Kernel: arch/x86/boot/bzImage is ready (#11) + Building modules, stage 2. + MODPOST 12 modules + +Previously, Kbuild noticed a missing header and emits a build error. +Now, Kbuild is fine with it. This is an unusual corner-case, not a big +deal. Once the $? bug is fixed in GNU Make, everything will work fine. + +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + scripts/Kbuild.include | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include +index 10ba926ae292..b58a5227ff43 100644 +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -210,9 +210,12 @@ endif + # (needed for the shell) + make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1))))) + +-# Find any prerequisites that is newer than target or that does not exist. ++# Find any prerequisites that are newer than target or that do not exist. ++# (This is not true for now; $? should contain any non-existent prerequisites, ++# but it does not work as expected when .SECONDARY is present. This seems a bug ++# of GNU Make.) + # PHONY targets skipped in both cases. +-any-prereq = $(filter-out $(PHONY),$?)$(filter-out $(PHONY) $(wildcard $^),$^) ++any-prereq = $(filter-out $(PHONY),$?) + + # Execute command if command has changed or prerequisite(s) are updated. + if_changed = $(if $(any-prereq)$(cmd-check), \ + diff --git a/patches.suse/kbuild-rebuild-modules-when-module-linker-scripts-are-upda.patch b/patches.suse/kbuild-rebuild-modules-when-module-linker-scripts-are-upda.patch new file mode 100644 index 0000000..c413199 --- /dev/null +++ b/patches.suse/kbuild-rebuild-modules-when-module-linker-scripts-are-upda.patch @@ -0,0 +1,129 @@ +From: Masahiro Yamada +Date: Thu, 15 Aug 2019 01:06:22 +0900 +Subject: kbuild: rebuild modules when module linker scripts are updated +Git-commit: 10df063855822fcea3c0f51dbf534ad643d3cb1b +Patch-mainline: v5.4-rc1 +References: jsc#SLE-24559 + +Currently, the timestamp of module linker scripts are not checked. +Add them to the dependency of modules so they are correctly rebuilt. + +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + Makefile | 3 ++- + arch/arm/Makefile | 2 +- + arch/arm64/Makefile | 2 +- + arch/ia64/Makefile | 2 +- + arch/m68k/Makefile | 2 +- + arch/parisc/Makefile | 2 +- + arch/powerpc/Makefile | 2 +- + arch/riscv/Makefile | 2 +- + scripts/Makefile.modpost | 5 +++-- + 9 files changed, 12 insertions(+), 10 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -470,7 +470,8 @@ KBUILD_AFLAGS_KERNEL := + KBUILD_CFLAGS_KERNEL := + KBUILD_AFLAGS_MODULE := -DMODULE + KBUILD_CFLAGS_MODULE := -DMODULE +-KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds ++KBUILD_LDFLAGS_MODULE := ++export KBUILD_LDS_MODULE := $(srctree)/scripts/module-common.lds + KBUILD_LDFLAGS := + GCC_PLUGINS_CFLAGS := + CLANG_FLAGS := +--- a/arch/arm/Makefile ++++ b/arch/arm/Makefile +@@ -17,7 +17,7 @@ KBUILD_LDFLAGS_MODULE += --be8 + endif + + ifeq ($(CONFIG_ARM_MODULE_PLTS),y) +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/arm/kernel/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/arm/kernel/module.lds + endif + + GZFLAGS :=-9 +--- a/arch/arm64/Makefile ++++ b/arch/arm64/Makefile +@@ -101,7 +101,7 @@ endif + CHECKFLAGS += -D__aarch64__ + + ifeq ($(CONFIG_ARM64_MODULE_PLTS),y) +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/arm64/kernel/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/arm64/kernel/module.lds + endif + + # Default value +--- a/arch/ia64/Makefile ++++ b/arch/ia64/Makefile +@@ -20,7 +20,7 @@ CHECKFLAGS += -D__ia64=1 -D__ia64__=1 -D + + OBJCOPYFLAGS := --strip-all + LDFLAGS_vmlinux := -static +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/ia64/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/ia64/module.lds + KBUILD_AFLAGS_KERNEL := -mconstant-gp + EXTRA := + +--- a/arch/m68k/Makefile ++++ b/arch/m68k/Makefile +@@ -73,7 +73,7 @@ KBUILD_AFLAGS += -D__uClinux__ + endif + + KBUILD_LDFLAGS := -m m68kelf +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/m68k/kernel/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/m68k/kernel/module.lds + + ifdef CONFIG_SUN3 + LDFLAGS_vmlinux = -N +--- a/arch/parisc/Makefile ++++ b/arch/parisc/Makefile +@@ -60,7 +60,7 @@ KBUILD_CFLAGS += -DCC_USING_PATCHABLE_FU + -DFTRACE_PATCHABLE_FUNCTION_SIZE=$(NOP_COUNT) + + CC_FLAGS_FTRACE := -fpatchable-function-entry=$(NOP_COUNT),$(shell echo $$(($(NOP_COUNT)-1))) +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/parisc/kernel/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/parisc/kernel/module.lds + endif + + OBJCOPY_FLAGS =-O binary -R .note -R .comment -S +--- a/arch/powerpc/Makefile ++++ b/arch/powerpc/Makefile +@@ -65,7 +65,7 @@ UTS_MACHINE := $(subst $(space),,$(machi + ifdef CONFIG_PPC32 + KBUILD_LDFLAGS_MODULE += arch/powerpc/lib/crtsavres.o + else +-KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/powerpc/kernel/module.lds ++KBUILD_LDS_MODULE += $(srctree)/arch/powerpc/kernel/module.lds + ifeq ($(call ld-ifversion, -ge, 225000000, y),y) + # Have the linker provide sfpr if possible. + # There is a corresponding test in arch/powerpc/lib/Makefile +--- a/arch/riscv/Makefile ++++ b/arch/riscv/Makefile +@@ -52,7 +52,7 @@ ifeq ($(CONFIG_CMODEL_MEDANY),y) + KBUILD_CFLAGS += -mcmodel=medany + endif + ifeq ($(CONFIG_MODULE_SECTIONS),y) +- KBUILD_LDFLAGS_MODULE += -T $(srctree)/arch/riscv/kernel/module.lds ++ KBUILD_LDS_MODULE += $(srctree)/arch/riscv/kernel/module.lds + endif + + KBUILD_CFLAGS_MODULE += $(call cc-option,-mno-relax) +--- a/scripts/Makefile.modpost ++++ b/scripts/Makefile.modpost +@@ -126,10 +126,11 @@ quiet_cmd_ld_ko_o = LD [M] $@ + cmd_ld_ko_o = \ + $(LD) -r $(KBUILD_LDFLAGS) \ + $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ +- -o $@ $(real-prereqs) ; \ ++ $(addprefix -T , $(KBUILD_LDS_MODULE)) \ ++ -o $@ $(filter %.o, $^); \ + $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) + +-$(modules): %.ko :%.o %.mod.o FORCE ++$(modules): %.ko :%.o %.mod.o $(KBUILD_LDS_MODULE) FORCE + +$(call if_changed,ld_ko_o) + + targets += $(modules) diff --git a/patches.suse/kbuild-rename-any-prereq-to-newer-prereqs.patch b/patches.suse/kbuild-rename-any-prereq-to-newer-prereqs.patch new file mode 100644 index 0000000..414926e --- /dev/null +++ b/patches.suse/kbuild-rename-any-prereq-to-newer-prereqs.patch @@ -0,0 +1,65 @@ +From: Masahiro Yamada +Date: Fri, 8 Nov 2019 00:09:45 +0900 +Subject: kbuild: rename any-prereq to newer-prereqs +Git-commit: eba19032f99c32ecfbe23ce99bb1546db0a23bee +Patch-mainline: v5.5-rc1 +References: jsc#SLE-24559 + +GNU Make manual says: + + $? + The names of all the prerequisites that are newer than the target, + with spaces between them. + +To reflect this, rename any-prereq to newer-prereqs, which is clearer +and more intuitive. + +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + scripts/Kbuild.include | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/scripts/Kbuild.include b/scripts/Kbuild.include +index b58a5227ff43..bc5f25763c1b 100644 +--- a/scripts/Kbuild.include ++++ b/scripts/Kbuild.include +@@ -215,15 +215,15 @@ make-cmd = $(call escsq,$(subst $(pound),$$(pound),$(subst $$,$$$$,$(cmd_$(1)))) + # but it does not work as expected when .SECONDARY is present. This seems a bug + # of GNU Make.) + # PHONY targets skipped in both cases. +-any-prereq = $(filter-out $(PHONY),$?) ++newer-prereqs = $(filter-out $(PHONY),$?) + + # Execute command if command has changed or prerequisite(s) are updated. +-if_changed = $(if $(any-prereq)$(cmd-check), \ ++if_changed = $(if $(newer-prereqs)$(cmd-check), \ + $(cmd); \ + printf '%s\n' 'cmd_$@ := $(make-cmd)' > $(dot-target).cmd, @:) + + # Execute the command and also postprocess generated .d dependencies file. +-if_changed_dep = $(if $(any-prereq)$(cmd-check),$(cmd_and_fixdep),@:) ++if_changed_dep = $(if $(newer-prereqs)$(cmd-check),$(cmd_and_fixdep),@:) + + cmd_and_fixdep = \ + $(cmd); \ +@@ -233,7 +233,7 @@ cmd_and_fixdep = \ + # Usage: $(call if_changed_rule,foo) + # Will check if $(cmd_foo) or any of the prerequisites changed, + # and if so will execute $(rule_foo). +-if_changed_rule = $(if $(any-prereq)$(cmd-check),$(rule_$(1)),@:) ++if_changed_rule = $(if $(newer-prereqs)$(cmd-check),$(rule_$(1)),@:) + + ### + # why - tell why a target got built +@@ -258,7 +258,7 @@ ifeq ($(KBUILD_VERBOSE),2) + why = \ + $(if $(filter $@, $(PHONY)),- due to target is PHONY, \ + $(if $(wildcard $@), \ +- $(if $(any-prereq),- due to: $(any-prereq), \ ++ $(if $(newer-prereqs),- due to: $(newer-prereqs), \ + $(if $(cmd-check), \ + $(if $(cmd_$@),- due to command line change, \ + $(if $(filter $@, $(targets)), \ + + diff --git a/patches.suse/kbuild-split-final-module-linking-out-into-Makefile.modfin.patch b/patches.suse/kbuild-split-final-module-linking-out-into-Makefile.modfin.patch new file mode 100644 index 0000000..2e2e61c --- /dev/null +++ b/patches.suse/kbuild-split-final-module-linking-out-into-Makefile.modfin.patch @@ -0,0 +1,216 @@ +From: Masahiro Yamada +Date: Thu, 15 Aug 2019 01:06:23 +0900 +Subject: kbuild: split final module linking out into Makefile.modfinal +Git-commit: 9b9a3f20cbe0ba9269cde6fff9f9c69907e150cf +Patch-mainline: v5.4-rc1 +References: jsc#SLE-24559 + +I think splitting the modpost and linking modules into separate +Makefiles will be useful especially when more complex build steps +come in. The main motivation of this commit is to integrate the +proposed klp-convert feature cleanly. + +I moved the logging 'Building modules, stage 2.' to Makefile.modpost +to avoid the code duplication although I do not know whether or not +this message is needed in the first place. + +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + Makefile | 2 - + scripts/Makefile.modfinal | 60 ++++++++++++++++++++++++++++++++++ + scripts/Makefile.modpost | 79 ++++++---------------------------------------- + 3 files changed, 71 insertions(+), 70 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -1299,7 +1299,6 @@ all: modules + + PHONY += modules + modules: $(if $(KBUILD_BUILTIN),vmlinux) modules.order modules.builtin +- @$(kecho) ' Building modules, stage 2.'; + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost + $(Q)$(CONFIG_SHELL) $(srctree)/scripts/modules-check.sh + +@@ -1625,7 +1624,6 @@ $(module-dirs): prepare $(objtree)/Modul + $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) need-modorder=1 + + modules: $(module-dirs) +- @$(kecho) ' Building modules, stage 2.'; + $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost + + PHONY += modules_install +--- /dev/null ++++ b/scripts/Makefile.modfinal +@@ -0,0 +1,60 @@ ++# SPDX-License-Identifier: GPL-2.0-only ++# =========================================================================== ++# Module final link ++# =========================================================================== ++ ++PHONY := __modfinal ++__modfinal: ++ ++include $(srctree)/scripts/Kbuild.include ++ ++# for c_flags ++include $(srctree)/scripts/Makefile.lib ++ ++# find all modules listed in modules.order ++modules := $(sort $(shell cat $(MODORDER))) ++ ++__modfinal: $(modules) ++ @: ++ ++# modname is set to make c_flags define KBUILD_MODNAME ++modname = $(notdir $(@:.mod.o=)) ++ ++quiet_cmd_cc_o_c = CC [M] $@ ++ cmd_cc_o_c = $(CC) $(c_flags) $(KBUILD_CFLAGS_MODULE) $(CFLAGS_MODULE) \ ++ -c -o $@ $< ++ ++%.mod.o: %.mod.c FORCE ++ $(call if_changed_dep,cc_o_c) ++ ++ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) ++ ++quiet_cmd_ld_ko_o = LD [M] $@ ++ cmd_ld_ko_o = \ ++ $(LD) -r $(KBUILD_LDFLAGS) \ ++ $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ ++ $(addprefix -T , $(KBUILD_LDS_MODULE)) \ ++ -o $@ $(filter %.o, $^); \ ++ $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) ++ ++$(modules): %.ko: %.o %.mod.o $(KBUILD_LDS_MODULE) FORCE ++ +$(call if_changed,ld_ko_o) ++ ++targets += $(modules) $(modules:.ko=.mod.o) ++ ++# Add FORCE to the prequisites of a target to force it to be always rebuilt. ++# --------------------------------------------------------------------------- ++ ++PHONY += FORCE ++FORCE: ++ ++# Read all saved command lines and dependencies for the $(targets) we ++# may be building above, using $(if_changed{,_dep}). As an ++# optimization, we don't need to read them if the target does not ++# exist, we will rebuild anyway in that case. ++ ++existing-targets := $(wildcard $(sort $(targets))) ++ ++-include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) ++ ++.PHONY: $(PHONY) +--- a/scripts/Makefile.modpost ++++ b/scripts/Makefile.modpost +@@ -15,8 +15,6 @@ + # 2) modpost is then used to + # 3) create one .mod.c file pr. module + # 4) create one Module.symvers file with CRC for all exported symbols +-# 5) compile all .mod.c files +-# 6) final link of the module to a file + + # Step 3 is used to place certain information in the module's ELF + # section, including information such as: +@@ -60,13 +58,10 @@ MODPOST = scripts/mod/modpost \ + + ifdef MODPOST_VMLINUX + +-__modpost: vmlinux.o ++quiet_cmd_modpost = MODPOST vmlinux.o ++ cmd_modpost = $(MODPOST) vmlinux.o + +-quiet_cmd_modpost = MODPOST $@ +- cmd_modpost = $(MODPOST) $@ +- +-PHONY += vmlinux.o +-vmlinux.o: ++__modpost: + $(call cmd,modpost) + + else +@@ -83,74 +78,22 @@ include $(if $(wildcard $(KBUILD_EXTMOD) + $(KBUILD_EXTMOD)/Kbuild, $(KBUILD_EXTMOD)/Makefile) + endif + +-include scripts/Makefile.lib ++MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - $(wildcard vmlinux) + + # find all modules listed in modules.order + modules := $(sort $(shell cat $(MODORDER))) + +-# Stop after building .o files if NOFINAL is set. Makes compile tests quicker +-__modpost: $(if $(KBUILD_MODPOST_NOFINAL), $(modules:.ko:.o),$(modules)) +- @: +- +-MODPOST += $(subst -i,-n,$(filter -i,$(MAKEFLAGS))) -s -T - $(wildcard vmlinux) +- +-# We can go over command line length here, so be careful. ++# Read out modules.order instead of expanding $(modules) to pass in modpost. ++# Otherwise, allmodconfig would fail with "Argument list too long". + quiet_cmd_modpost = MODPOST $(words $(modules)) modules + cmd_modpost = sed 's/ko$$/o/' $(MODORDER) | $(MODPOST) + +-PHONY += modules-modpost +-modules-modpost: ++__modpost: ++ @$(kecho) ' Building modules, stage 2.' + $(call cmd,modpost) +- +-# Declare generated files as targets for modpost +-$(modules:.ko=.mod.c): modules-modpost +- +-# Step 5), compile all *.mod.c files +- +-# modname is set to make c_flags define KBUILD_MODNAME +-modname = $(notdir $(@:.mod.o=)) +- +-quiet_cmd_cc_o_c = CC [M] $@ +- cmd_cc_o_c = $(CC) $(c_flags) $(KBUILD_CFLAGS_MODULE) $(CFLAGS_MODULE) \ +- -c -o $@ $< +- +-$(modules:.ko=.mod.o): %.mod.o: %.mod.c FORCE +- $(call if_changed_dep,cc_o_c) +- +-targets += $(modules:.ko=.mod.o) +- +-ARCH_POSTLINK := $(wildcard $(srctree)/arch/$(SRCARCH)/Makefile.postlink) +- +-# Step 6), final link of the modules with optional arch pass after final link +-quiet_cmd_ld_ko_o = LD [M] $@ +- cmd_ld_ko_o = \ +- $(LD) -r $(KBUILD_LDFLAGS) \ +- $(KBUILD_LDFLAGS_MODULE) $(LDFLAGS_MODULE) \ +- $(addprefix -T , $(KBUILD_LDS_MODULE)) \ +- -o $@ $(filter %.o, $^); \ +- $(if $(ARCH_POSTLINK), $(MAKE) -f $(ARCH_POSTLINK) $@, true) +- +-$(modules): %.ko :%.o %.mod.o $(KBUILD_LDS_MODULE) FORCE +- +$(call if_changed,ld_ko_o) +- +-targets += $(modules) +- +- +-# Add FORCE to the prequisites of a target to force it to be always rebuilt. +-# --------------------------------------------------------------------------- +- +-PHONY += FORCE +- +-FORCE: +- +-# Read all saved command lines and dependencies for the $(targets) we +-# may be building above, using $(if_changed{,_dep}). As an +-# optimization, we don't need to read them if the target does not +-# exist, we will rebuild anyway in that case. +- +-existing-targets := $(wildcard $(sort $(targets))) +- +--include $(foreach f,$(existing-targets),$(dir $(f)).$(notdir $(f)).cmd) ++ifneq ($(KBUILD_MODPOST_NOFINAL),1) ++ $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modfinal ++endif + + endif + diff --git a/patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch b/patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch index 96b6dae..91c2715 100644 --- a/patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch +++ b/patches.suse/kbuild-stop-filtering-out-GCC_PLUGINS_CFLAGS-from-cc.patch @@ -25,8 +25,8 @@ diff --git a/Makefile b/Makefile --- a/Makefile +++ b/Makefile @@ -474,7 +474,6 @@ KBUILD_AFLAGS_MODULE := -DMODULE - KBUILD_CFLAGS_MODULE := -DMODULE - KBUILD_LDFLAGS_MODULE := -T $(srctree)/scripts/module-common.lds + KBUILD_LDFLAGS_MODULE := + export KBUILD_LDS_MODULE := $(srctree)/scripts/module-common.lds KBUILD_LDFLAGS := -GCC_PLUGINS_CFLAGS := CLANG_FLAGS := diff --git a/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch b/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch new file mode 100644 index 0000000..4264105 --- /dev/null +++ b/patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch @@ -0,0 +1,63 @@ +From: Paolo Bonzini +Date: Fri, 15 Jul 2022 07:34:55 -0400 +Subject: KVM: emulate: do not adjust size of fastop and setcc subroutines +Git-commit: 79629181607e801c0b41b8790ac4ee2eb5d7bc3e +Patch-mainline: v5.19-rc7 +References: bsc#1201930 + +Instead of doing complicated calculations to find the size of the subroutines +(which are even more complicated because they need to be stringified into +an asm statement), just hardcode to 16. + +It is less dense for a few combinations of IBT/SLS/retbleed, but it has +the advantage of being really simple. + +Cc: stable@vger.kernel.org # 5.15.x: 84e7051c0bc1: x86/kvm: fix FASTOP_SIZE when return thunks are enabled +Cc: stable@vger.kernel.org +Suggested-by: Linus Torvalds +Signed-off-by: Paolo Bonzini +Acked-by: Borislav Petkov +--- + arch/x86/kvm/emulate.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -188,9 +188,6 @@ + #define X8(x...) X4(x), X4(x) + #define X16(x...) X8(x), X8(x) + +-#define NR_FASTOP (ilog2(sizeof(ulong)) + 1) +-#define FASTOP_SIZE 8 +- + /* + * fastop functions have a special calling convention: + * +@@ -206,8 +203,14 @@ + * + * fastop functions are declared as taking a never-defined fastop parameter, + * so they can't be called from C directly. ++ * ++ * The 16 byte alignment, considering 5 bytes for the RET thunk, 3 for ENDBR ++ * and 1 for the straight line speculation INT3, leaves 7 bytes for the ++ * body of the function. Currently none is larger than 4. + */ + ++#define FASTOP_SIZE 16 ++ + struct fastop; + + struct opcode { +@@ -443,11 +446,7 @@ static int fastop(struct x86_emulate_ctx + * RET | JMP __x86_return_thunk [1,5 bytes; CONFIG_RETPOLINE] + * INT3 [1 byte; CONFIG_SLS] + */ +-#define RET_LENGTH (1 + (4 * IS_ENABLED(CONFIG_RETPOLINE)) + \ +- IS_ENABLED(CONFIG_SLS)) +-#define SETCC_LENGTH (3 + RET_LENGTH) +-#define SETCC_ALIGN (4 << ((SETCC_LENGTH > 4) & 1) << ((SETCC_LENGTH > 8) & 1)) +-static_assert(SETCC_LENGTH <= SETCC_ALIGN); ++#define SETCC_ALIGN 16 + + /* Special case for SETcc - 1 instruction per cc */ + #define FOP_SETCC(op) \ diff --git a/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch b/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch new file mode 100644 index 0000000..65b436d --- /dev/null +++ b/patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch @@ -0,0 +1,90 @@ +From: Borislav Petkov +Date: Wed, 16 Mar 2022 22:05:52 +0100 +Subject: kvm/emulate: Fix SETcc emulation function offsets with SLS +Git-commit: fe83f5eae432ccc8e90082d6ed506d5233547473 +Patch-mainline: v5.17 +References: bsc#1201930 + +The commit in Fixes started adding INT3 after RETs as a mitigation +against straight-line speculation. + +The fastop SETcc implementation in kvm's insn emulator uses macro magic +to generate all possible SETcc functions and to jump to them when +emulating the respective instruction. + +However, it hardcodes the size and alignment of those functions to 4: a +three-byte SETcc insn and a single-byte RET. BUT, with SLS, there's an +INT3 that gets slapped after the RET, which brings the whole scheme out +of alignment: + + 15: 0f 90 c0 seto %al + 18: c3 ret + 19: cc int3 + 1a: 0f 1f 00 nopl (%rax) + 1d: 0f 91 c0 setno %al + 20: c3 ret + 21: cc int3 + 22: 0f 1f 00 nopl (%rax) + 25: 0f 92 c0 setb %al + 28: c3 ret + 29: cc int3 + +and this explodes like this: + + int3: 0000 [#1] PREEMPT SMP PTI + CPU: 0 PID: 2435 Comm: qemu-system-x86 Not tainted 5.17.0-rc8-sls #1 + Hardware name: Dell Inc. Precision WorkStation T3400 /0TP412, BIOS A14 04/30/2012 + RIP: 0010:setc+0x5/0x8 [kvm] + Code: 00 00 0f 1f 00 0f b6 05 43 24 06 00 c3 cc 0f 1f 80 00 00 00 00 0f 90 c0 c3 cc 0f \ + 1f 00 0f 91 c0 c3 cc 0f 1f 00 0f 92 c0 c3 cc <0f> 1f 00 0f 93 c0 c3 cc 0f 1f 00 \ + 0f 94 c0 c3 cc 0f 1f 00 0f 95 c0 + Call Trace: + + ? x86_emulate_insn [kvm] + ? x86_emulate_instruction [kvm] + ? vmx_handle_exit [kvm_intel] + ? kvm_arch_vcpu_ioctl_run [kvm] + ? kvm_vcpu_ioctl [kvm] + ? __x64_sys_ioctl + ? do_syscall_64 + ? entry_SYSCALL_64_after_hwframe + + +Raise the alignment value when SLS is enabled and use a macro for that +instead of hard-coding naked numbers. + +Fixes: e463a09af2f0 ("x86: Add straight-line-speculation mitigation") +Reported-by: Jamie Heilman +Signed-off-by: Borislav Petkov +Acked-by: Peter Zijlstra (Intel) +Tested-by: Jamie Heilman +Link: https://lore.kernel.org/r/YjGzJwjrvxg5YZ0Z@audible.transient.net +[Add a comment and a bit of safety checking, since this is going to be changed + again for IBT support. - Paolo] +Signed-off-by: Paolo Bonzini + + [ bp: Backport only the fastop offset finding - the macros are largely + simplified in + + 79629181607e ("KVM: emulate: do not adjust size of fastop and setcc subroutines") + + so no need to backport pieces which will get removed anyway. ] + +--- + arch/x86/kvm/emulate.c | 19 +++++++++++++++++-- + 1 file changed, 17 insertions(+), 2 deletions(-) + +diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c +index 5719d8cfdbd9..e86d610dc6b7 100644 +--- a/arch/x86/kvm/emulate.c ++++ b/arch/x86/kvm/emulate.c +@@ -1047,7 +1062,7 @@ static int em_bsr_c(struct x86_emulate_ctxt *ctxt) + static __always_inline u8 test_cc(unsigned int condition, unsigned long flags) + { + u8 rc; +- void (*fop)(void) = (void *)em_setcc + 4 * (condition & 0xf); ++ void (*fop)(void) = (void *)em_setcc + SETCC_ALIGN * (condition & 0xf); + + flags = (flags & EFLAGS_MASK) | X86_EFLAGS_IF; + asm("push %[flags]; popf; " CALL_NOSPEC + diff --git a/patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch b/patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch new file mode 100644 index 0000000..34c0aa0 --- /dev/null +++ b/patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch @@ -0,0 +1,49 @@ +From: Richard Henderson +Date: Fri, 10 Jan 2020 14:54:18 +0000 +Subject: linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check +Git-commit: 904caa6413c87aacbf7d0682da617c39ca18cf1a +Patch-mainline: v5.6-rc1 +References: git-fixes + +We must not use the pointer output without validating the +success of the random read. + +Reviewed-by: Ard Biesheuvel +Signed-off-by: Richard Henderson +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20200110145422.49141-7-broonie@kernel.org +Signed-off-by: Theodore Ts'o +Acked-by: Lee Duncan +--- + include/linux/random.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/linux/random.h b/include/linux/random.h +index ea0e2f5f1ec5..d319f9a1e429 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -167,19 +167,19 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed) + #ifdef CONFIG_ARCH_RANDOM + # include + #else +-static inline bool arch_get_random_long(unsigned long *v) ++static inline bool __must_check arch_get_random_long(unsigned long *v) + { + return false; + } +-static inline bool arch_get_random_int(unsigned int *v) ++static inline bool __must_check arch_get_random_int(unsigned int *v) + { + return false; + } +-static inline bool arch_get_random_seed_long(unsigned long *v) ++static inline bool __must_check arch_get_random_seed_long(unsigned long *v) + { + return false; + } +-static inline bool arch_get_random_seed_int(unsigned int *v) ++static inline bool __must_check arch_get_random_seed_int(unsigned int *v) + { + return false; + } + diff --git a/patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch b/patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch new file mode 100644 index 0000000..a1af307 --- /dev/null +++ b/patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch @@ -0,0 +1,49 @@ +From: Richard Henderson +Date: Fri, 10 Jan 2020 14:54:16 +0000 +Subject: linux/random.h: Remove arch_has_random, arch_has_random_seed +Git-commit: 647f50d5d9d933b644b29c54f13ac52af1b1774d +Patch-mainline: v5.6-rc1 +References: git-fixes + +The arm64 version of archrandom.h will need to be able to test for +support and read the random number without preemption, so a separate +query predicate is not practical. + +Since this part of the generic interface is unused, remove it. + +Signed-off-by: Richard Henderson +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20200110145422.49141-5-broonie@kernel.org +Signed-off-by: Theodore Ts'o +Acked-by: Lee Duncan +--- + include/linux/random.h | 8 -------- + 1 file changed, 8 deletions(-) + +diff --git a/include/linux/random.h b/include/linux/random.h +index f189c927fdea..7fd0360908d2 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -175,10 +175,6 @@ static inline bool arch_get_random_int(unsigned int *v) + { + return 0; + } +-static inline bool arch_has_random(void) +-{ +- return 0; +-} + static inline bool arch_get_random_seed_long(unsigned long *v) + { + return 0; +@@ -187,10 +183,6 @@ static inline bool arch_get_random_seed_int(unsigned int *v) + { + return 0; + } +-static inline bool arch_has_random_seed(void) +-{ +- return 0; +-} + #endif + + /* Pseudo random number generator from numerical recipes. */ + diff --git a/patches.suse/linux-random.h-Use-false-with-bool.patch b/patches.suse/linux-random.h-Use-false-with-bool.patch new file mode 100644 index 0000000..ee15899 --- /dev/null +++ b/patches.suse/linux-random.h-Use-false-with-bool.patch @@ -0,0 +1,49 @@ +From: Richard Henderson +Date: Fri, 10 Jan 2020 14:54:17 +0000 +Subject: linux/random.h: Use false with bool +Git-commit: 66f5ae899ada79c0e9a3d8d954f93a72344cd350 +Patch-mainline: v5.6-rc1 +References: git-fixes + +Keep the generic fallback versions in sync with the other architecture +specific implementations and use the proper name for false. + +Suggested-by: Ard Biesheuvel +Signed-off-by: Richard Henderson +Signed-off-by: Mark Brown +Link: https://lore.kernel.org/r/20200110145422.49141-6-broonie@kernel.org +Signed-off-by: Theodore Ts'o +Acked-by: Lee Duncan +--- + include/linux/random.h | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/include/linux/random.h b/include/linux/random.h +index 7fd0360908d2..ea0e2f5f1ec5 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -169,19 +169,19 @@ static inline void prandom_seed_state(struct rnd_state *state, u64 seed) + #else + static inline bool arch_get_random_long(unsigned long *v) + { +- return 0; ++ return false; + } + static inline bool arch_get_random_int(unsigned int *v) + { +- return 0; ++ return false; + } + static inline bool arch_get_random_seed_long(unsigned long *v) + { +- return 0; ++ return false; + } + static inline bool arch_get_random_seed_int(unsigned int *v) + { +- return 0; ++ return false; + } + #endif + + diff --git a/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch b/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch new file mode 100644 index 0000000..9eefafa --- /dev/null +++ b/patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch @@ -0,0 +1,67 @@ +From: Josh Poimboeuf +Date: Mon, 18 Jul 2022 07:50:25 -0700 +Subject: lkdtm: Disable return thunks in rodata.c +Git-commit: efc72a665a61fd48c462f5248a9e3dc991398ddd +Patch-mainline: v5.19-rc8 +References: bsc#1178134 + +The following warning was seen: + + WARNING: CPU: 0 PID: 0 at arch/x86/kernel/alternative.c:557 apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1)) + Modules linked in: + CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.19.0-rc4-00008-gee88d363d156 #1 + Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-4 04/01/2014 + RIP: 0010:apply_returns (arch/x86/kernel/alternative.c:557 (discriminator 1)) + Code: ff ff 74 cb 48 83 c5 04 49 39 ee 0f 87 81 fe ff ff e9 22 ff ff ff 0f 0b 48 83 c5 04 49 39 ee 0f 87 6d fe ff ff e9 0e ff ff ff <0f> 0b 48 83 c5 04 49 39 ee 0f 87 59 fe ff ff e9 fa fe ff ff 48 89 + +The warning happened when apply_returns() failed to convert "JMP +__x86_return_thunk" to RET. It was instead a JMP to nowhere, due to the +thunk relocation not getting resolved. + +That rodata.o code is objcopy'd to .rodata, and later memcpy'd, so +relocations don't work (and are apparently silently ignored). + +LKDTM is only used for testing, so the naked RET should be fine. So +just disable return thunks for that file. + +While at it, disable objtool and KCSAN for the file. + +Fixes: 0b53c374b9ef ("x86/retpoline: Use -mfunction-return") +Reported-by: kernel test robot +Debugged-by: Peter Zijlstra +Signed-off-by: Josh Poimboeuf +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lore.kernel.org/lkml/Ys58BxHxoDZ7rfpr@xsang-OptiPlex-9020/ + +Acked-by: Borislav Petkov +--- + Makefile | 1 + + drivers/misc/lkdtm/Makefile | 7 ++++++- + 2 files changed, 7 insertions(+), 1 deletion(-) + +--- a/drivers/misc/lkdtm/Makefile ++++ b/drivers/misc/lkdtm/Makefile +@@ -11,7 +11,12 @@ lkdtm-$(CONFIG_LKDTM) += usercopy.o + lkdtm-$(CONFIG_LKDTM) += stackleak.o + + KASAN_SANITIZE_stackleak.o := n +-KCOV_INSTRUMENT_rodata.o := n ++ ++KASAN_SANITIZE_rodata.o := n ++KCSAN_SANITIZE_rodata.o := n ++KCOV_INSTRUMENT_rodata.o := n ++OBJECT_FILES_NON_STANDARD_rodata.o := y ++CFLAGS_REMOVE_rodata.o += $(CC_FLAGS_LTO) $(RETHUNK_CFLAGS) + + OBJCOPYFLAGS := + OBJCOPYFLAGS_rodata_objcopy.o := \ +--- a/Makefile ++++ b/Makefile +@@ -648,6 +648,7 @@ RETPOLINE_VDSO_CFLAGS := $(call cc-optio + RETHUNK_CFLAGS := -mfunction-return=thunk-extern + RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS) + ++export RETHUNK_CFLAGS + export RETPOLINE_CFLAGS + export RETPOLINE_VDSO_CFLAGS + diff --git a/patches.suse/lockdown-Fix-kexec-lockdown-bypass-with-ima-policy.patch b/patches.suse/lockdown-Fix-kexec-lockdown-bypass-with-ima-policy.patch new file mode 100644 index 0000000..45fb21b --- /dev/null +++ b/patches.suse/lockdown-Fix-kexec-lockdown-bypass-with-ima-policy.patch @@ -0,0 +1,62 @@ +From 543ce63b664e2c2f9533d089a4664b559c3e6b5b Mon Sep 17 00:00:00 2001 +From: Eric Snowberg +Date: Wed, 20 Jul 2022 12:40:27 -0400 +Subject: [PATCH] lockdown: Fix kexec lockdown bypass with ima policy +Git-commit: 543ce63b664e2c2f9533d089a4664b559c3e6b5b +Patch-mainline: v5.19-rc8 +References: CVE-2022-21505 bsc#1201458 + +The lockdown LSM is primarily used in conjunction with UEFI Secure Boot. +This LSM may also be used on machines without UEFI. It can also be +enabled when UEFI Secure Boot is disabled. One of lockdown's features +is to prevent kexec from loading untrusted kernels. Lockdown can be +enabled through a bootparam or after the kernel has booted through +securityfs. + +If IMA appraisal is used with the "ima_appraise=log" boot param, +lockdown can be defeated with kexec on any machine when Secure Boot is +disabled or unavailable. IMA prevents setting "ima_appraise=log" from +the boot param when Secure Boot is enabled, but this does not cover +cases where lockdown is used without Secure Boot. + +To defeat lockdown, boot without Secure Boot and add ima_appraise=log to +the kernel command line; then: + + $ echo "integrity" > /sys/kernel/security/lockdown + $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \ + /sys/kernel/security/ima/policy + $ kexec -ls unsigned-kernel + +Add a call to verify ima appraisal is set to "enforce" whenever lockdown +is enabled. This fixes CVE-2022-21505. + +Cc: stable@vger.kernel.org +Fixes: 29d3c1c8dfe7 ("kexec: Allow kexec_file() with appropriate IMA policy when locked down") +Signed-off-by: Eric Snowberg +Acked-by: Mimi Zohar +Reviewed-by: John Haxby +Signed-off-by: Linus Torvalds +Acked-by: Takashi Iwai + +--- + security/integrity/ima/ima_policy.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c +index 73917413365b..a8802b8da946 100644 +--- a/security/integrity/ima/ima_policy.c ++++ b/security/integrity/ima/ima_policy.c +@@ -2247,6 +2247,10 @@ bool ima_appraise_signature(enum kernel_read_file_id id) + if (id >= READING_MAX_ID) + return false; + ++ if (id == READING_KEXEC_IMAGE && !(ima_appraise & IMA_APPRAISE_ENFORCE) ++ && security_locked_down(LOCKDOWN_KEXEC)) ++ return false; ++ + func = read_idmap[id] ?: FILE_CHECK; + + rcu_read_lock(); +-- +2.35.3 + diff --git a/patches.suse/macvlan-remove-redundant-null-check-on-data.patch b/patches.suse/macvlan-remove-redundant-null-check-on-data.patch new file mode 100644 index 0000000..5c3c85e --- /dev/null +++ b/patches.suse/macvlan-remove-redundant-null-check-on-data.patch @@ -0,0 +1,36 @@ +From eb31c0e1c0e7267075cd14ea5807c67d050179e2 Mon Sep 17 00:00:00 2001 +From: Yunjian Wang +Date: Tue, 5 Jan 2021 14:31:34 +0800 +Subject: [PATCH 03/14] macvlan: remove redundant null check on data +Git-commit: 89430ef34c5b13f916acd1f1f86f1106f4d958c9 +Patch-mainline: v5.12-rc1 +References: git-fixes + +Because macvlan_common_newlink() and macvlan_changelink() already +checked NULL data parameter, so the additional check is unnecessary, +just remove it. + +Fixes: 79cf79abce71 ("macvlan: add source mode") +Signed-off-by: Yunjian Wang +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/macvlan.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index 111e070b2449..ffd4b03bec0e 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -1360,7 +1360,7 @@ static int macvlan_changelink_sources(struct macvlan_dev *vlan, u32 mode, + return ret; + } + +- if (!data || !data[IFLA_MACVLAN_MACADDR_DATA]) ++ if (!data[IFLA_MACVLAN_MACADDR_DATA]) + return 0; + + head = nla_data(data[IFLA_MACVLAN_MACADDR_DATA]); +-- +2.16.4 + diff --git a/patches.suse/media-hdpvr-fix-error-value-returns-in-hdpvr_read.patch b/patches.suse/media-hdpvr-fix-error-value-returns-in-hdpvr_read.patch new file mode 100644 index 0000000..b38e7a4 --- /dev/null +++ b/patches.suse/media-hdpvr-fix-error-value-returns-in-hdpvr_read.patch @@ -0,0 +1,44 @@ +From 359c27c6ddbde404f44a9c0d3ec88ccd1e2042f2 Mon Sep 17 00:00:00 2001 +From: Niels Dossche +Date: Tue, 14 Jun 2022 18:50:02 +0100 +Subject: [PATCH] media: hdpvr: fix error value returns in hdpvr_read +Git-commit: 359c27c6ddbde404f44a9c0d3ec88ccd1e2042f2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Error return values are supposed to be negative in hdpvr_read. Most +error returns are currently handled via an unsigned integer "ret". When +setting a negative error value to "ret", the value actually becomes a +large positive value, because "ret" is unsigned. Later on, the "ret" +value is returned. But as ssize_t is a 64-bit signed number, the error +return value stays a large positive integer instead of a negative +integer. This can cause an error value to be interpreted as the read +size, which can cause a buffer overread for applications relying on the +returned size. + +Fixes: 9aba42efe85b ("V4L/DVB (11096): V4L2 Driver for the Hauppauge HD PVR usb capture device") +Signed-off-by: Niels Dossche +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Acked-by: Takashi Iwai + +--- + drivers/media/usb/hdpvr/hdpvr-video.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/media/usb/hdpvr/hdpvr-video.c b/drivers/media/usb/hdpvr/hdpvr-video.c +index 60e57e0f1927..fd7d2a9d0449 100644 +--- a/drivers/media/usb/hdpvr/hdpvr-video.c ++++ b/drivers/media/usb/hdpvr/hdpvr-video.c +@@ -409,7 +409,7 @@ static ssize_t hdpvr_read(struct file *file, char __user *buffer, size_t count, + struct hdpvr_device *dev = video_drvdata(file); + struct hdpvr_buffer *buf = NULL; + struct urb *urb; +- unsigned int ret = 0; ++ int ret = 0; + int rem, cnt; + + if (*pos) +-- +2.35.3 + diff --git a/patches.suse/media-rc-increase-rc-mm-tolerance-and-add-debug-mess.patch b/patches.suse/media-rc-increase-rc-mm-tolerance-and-add-debug-mess.patch new file mode 100644 index 0000000..90f59bc --- /dev/null +++ b/patches.suse/media-rc-increase-rc-mm-tolerance-and-add-debug-mess.patch @@ -0,0 +1,53 @@ +From 81bab3fa6ca857b4d3af729f931e57e6bdc60186 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Fri, 23 Aug 2019 08:28:02 -0300 +Subject: [PATCH] media: rc: increase rc-mm tolerance and add debug message +Git-commit: 81bab3fa6ca857b4d3af729f931e57e6bdc60186 +References: git-fixes +Patch-mainline: v5.5-rc1 + +Decoding often fails on e.g. redrat3 devices. The dev_dbg() helps +with debugging when decoding does fail. + +Cc: Patrick Lerda +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/rc/ir-rcmm-decoder.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/media/rc/ir-rcmm-decoder.c b/drivers/media/rc/ir-rcmm-decoder.c +index 64fb65a9a19f..028df5cb1828 100644 +--- a/drivers/media/rc/ir-rcmm-decoder.c ++++ b/drivers/media/rc/ir-rcmm-decoder.c +@@ -79,7 +79,7 @@ static int ir_rcmm_decode(struct rc_dev *dev, struct ir_raw_event ev) + if (!ev.pulse) + break; + +- if (!eq_margin(ev.duration, RCMM_PREFIX_PULSE, RCMM_UNIT / 2)) ++ if (!eq_margin(ev.duration, RCMM_PREFIX_PULSE, RCMM_UNIT)) + break; + + data->state = STATE_LOW; +@@ -91,7 +91,7 @@ static int ir_rcmm_decode(struct rc_dev *dev, struct ir_raw_event ev) + if (ev.pulse) + break; + +- if (!eq_margin(ev.duration, RCMM_PULSE_0, RCMM_UNIT / 2)) ++ if (!eq_margin(ev.duration, RCMM_PULSE_0, RCMM_UNIT)) + break; + + data->state = STATE_BUMP; +@@ -164,6 +164,8 @@ static int ir_rcmm_decode(struct rc_dev *dev, struct ir_raw_event ev) + break; + } + ++ dev_dbg(&dev->dev, "RC-MM decode failed at count %d state %d (%uus %s)\n", ++ data->count, data->state, TO_US(ev.duration), TO_STR(ev.pulse)); + data->state = STATE_INACTIVE; + return -EINVAL; + } +-- +2.35.3 + diff --git a/patches.suse/media-rtl28xxu-Add-support-for-PROlectrix-DV107669-D.patch b/patches.suse/media-rtl28xxu-Add-support-for-PROlectrix-DV107669-D.patch new file mode 100644 index 0000000..b381dbc --- /dev/null +++ b/patches.suse/media-rtl28xxu-Add-support-for-PROlectrix-DV107669-D.patch @@ -0,0 +1,51 @@ +From 3fbe158406af6a062960c0713a4d97f31fcbbea6 Mon Sep 17 00:00:00 2001 +From: "David J. Fiddes" +Date: Tue, 12 Nov 2019 13:40:59 +0100 +Subject: [PATCH] media: rtl28xxu: Add support for PROlectrix DV107669 DVB-T + dongle +Git-commit: 3fbe158406af6a062960c0713a4d97f31fcbbea6 +References: git-fixes +Patch-mainline: v5.6-rc1 + +This adds support for the PROlectrix DV107669 DVT-T dongle which +uses an RTL2832 and FC0012 tuner. + +Tests: + - Verified correct operation of DVB-T reception with VLC across + several UK multiplexes + +Signed-off-by: David J. Fiddes +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/usb/dvb-usb-v2/rtl28xxu.c | 2 ++ + include/media/dvb-usb-ids.h | 1 + + 2 files changed, 3 insertions(+) + +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +index 5016ede7b35f..9a871ebffc0d 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +@@ -1955,6 +1955,8 @@ static const struct usb_device_id rtl28xxu_id_table[] = { + &rtl28xxu_props, "Sveon STV27", NULL) }, + { DVB_USB_DEVICE(USB_VID_KWORLD_2, USB_PID_TURBOX_DTT_2000, + &rtl28xxu_props, "TURBO-X Pure TV Tuner DTT-2000", NULL) }, ++ { DVB_USB_DEVICE(USB_VID_GTEK, USB_PID_PROLECTRIX_DV107669, ++ &rtl28xxu_props, "PROlectrix DV107669", NULL) }, + + /* RTL2832P devices: */ + { DVB_USB_DEVICE(USB_VID_HANFTEK, 0x0131, +diff --git a/include/media/dvb-usb-ids.h b/include/media/dvb-usb-ids.h +index 1409230ad3a4..44da5e402e49 100644 +--- a/include/media/dvb-usb-ids.h ++++ b/include/media/dvb-usb-ids.h +@@ -425,4 +425,5 @@ + #define USB_PID_EVOLVEO_XTRATV_STICK 0xa115 + #define USB_PID_HAMA_DVBT_HYBRID 0x2758 + #define USB_PID_XBOX_ONE_TUNER 0x02d5 ++#define USB_PID_PROLECTRIX_DV107669 0xd803 + #endif +-- +2.35.3 + diff --git a/patches.suse/media-rtl28xxu-add-missing-sleep-before-probing-slav.patch b/patches.suse/media-rtl28xxu-add-missing-sleep-before-probing-slav.patch new file mode 100644 index 0000000..ed2fa8a --- /dev/null +++ b/patches.suse/media-rtl28xxu-add-missing-sleep-before-probing-slav.patch @@ -0,0 +1,37 @@ +From 62d19285312004bf5980d9b6c95c6bd378612f06 Mon Sep 17 00:00:00 2001 +From: Mario Hros +Date: Wed, 19 Feb 2020 22:14:19 +0100 +Subject: [PATCH] media: rtl28xxu: add missing sleep before probing slave demod +Git-commit: 62d19285312004bf5980d9b6c95c6bd378612f06 +References: git-fixes +Patch-mainline: v5.7-rc1 + +Slave demod needs some time to wake up otherwise it may not respond to the +following probe commands. This problem manifested randomly on my Astrometa +DVB-T2 dongle. + +Signed-off-by: Mario Hros +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/usb/dvb-usb-v2/rtl28xxu.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +index c6881a1b3232..2080f6ef4be1 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +@@ -552,6 +552,9 @@ static int rtl2832u_read_config(struct dvb_usb_device *d) + if (ret) + goto err; + ++ /* slave demod needs some time to wake up */ ++ msleep(20); ++ + /* check slave answers */ + ret = rtl28xxu_ctrl_msg(d, &req_mn88472); + if (ret == 0 && buf[0] == 0x02) { +-- +2.35.3 + diff --git a/patches.suse/media-rtl28xxu-set-keymap-for-Astrometa-DVB-T2.patch b/patches.suse/media-rtl28xxu-set-keymap-for-Astrometa-DVB-T2.patch new file mode 100644 index 0000000..5cc9193 --- /dev/null +++ b/patches.suse/media-rtl28xxu-set-keymap-for-Astrometa-DVB-T2.patch @@ -0,0 +1,34 @@ +From 64659c81dfccc4f8733289d59904b7c536c00683 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Sat, 31 Aug 2019 05:37:38 -0300 +Subject: [PATCH] media: rtl28xxu: set keymap for Astrometa DVB-T2 +Git-commit: 64659c81dfccc4f8733289d59904b7c536c00683 +References: git-fixes +Patch-mainline: v5.5-rc1 + +Thanks to Jan Pieter van Woerkom for providing the hardware. + +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/usb/dvb-usb-v2/rtl28xxu.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +index 1a36bda28542..78ad9adfbeac 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +@@ -1957,7 +1957,8 @@ static const struct usb_device_id rtl28xxu_id_table[] = { + + /* RTL2832P devices: */ + { DVB_USB_DEVICE(USB_VID_HANFTEK, 0x0131, +- &rtl28xxu_props, "Astrometa DVB-T2", NULL) }, ++ &rtl28xxu_props, "Astrometa DVB-T2", ++ RC_MAP_ASTROMETA_T2HYBRID) }, + { DVB_USB_DEVICE(0x5654, 0xca42, + &rtl28xxu_props, "GoTView MasterHD 3", NULL) }, + { } +-- +2.35.3 + diff --git a/patches.suse/media-smipcie-fix-interrupt-handling-and-IR-timeout.patch b/patches.suse/media-smipcie-fix-interrupt-handling-and-IR-timeout.patch new file mode 100644 index 0000000..ecb1479 --- /dev/null +++ b/patches.suse/media-smipcie-fix-interrupt-handling-and-IR-timeout.patch @@ -0,0 +1,100 @@ +From 6532923237b427ed30cc7b4486f6f1ccdee3c647 Mon Sep 17 00:00:00 2001 +From: Sean Young +Date: Fri, 29 Jan 2021 11:54:53 +0100 +Subject: [PATCH] media: smipcie: fix interrupt handling and IR timeout +Git-commit: 6532923237b427ed30cc7b4486f6f1ccdee3c647 +References: git-fixes +Patch-mainline: v5.12-rc1 + +After the first IR message, interrupts are no longer received. In addition, +the code generates a timeout IR message of 10ms but sets the timeout value +to 100ms, so no timeout was ever generated. + +Link: https://bugzilla.kernel.org/show_bug.cgi?id=204317 + +Fixes: a49a7a4635de ("media: smipcie: add universal ir capability") +Tested-by: Laz Lev +Cc: stable@vger.kernel.org # v5.1+ +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/pci/smipcie/smipcie-ir.c | 46 ++++++++++++++++++--------------- + 1 file changed, 26 insertions(+), 20 deletions(-) + +--- a/drivers/media/pci/smipcie/smipcie-ir.c ++++ b/drivers/media/pci/smipcie/smipcie-ir.c +@@ -60,39 +60,45 @@ static void smi_ir_decode(struct smi_rc + { + struct smi_dev *dev = ir->dev; + struct rc_dev *rc_dev = ir->rc_dev; +- u32 dwIRControl, dwIRData; +- u8 index, ucIRCount, readLoop; ++ u32 control, data; ++ u8 index, ir_count, read_loop; + +- dwIRControl = smi_read(IR_Init_Reg); ++ control = smi_read(IR_Init_Reg); + +- if (dwIRControl & rbIRVld) { +- ucIRCount = (u8) smi_read(IR_Data_Cnt); ++ dev_dbg(&rc_dev->dev, "ircontrol: 0x%08x\n", control); + +- readLoop = ucIRCount/4; +- if (ucIRCount % 4) +- readLoop += 1; +- for (index = 0; index < readLoop; index++) { +- dwIRData = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); +- +- ir->irData[index*4 + 0] = (u8)(dwIRData); +- ir->irData[index*4 + 1] = (u8)(dwIRData >> 8); +- ir->irData[index*4 + 2] = (u8)(dwIRData >> 16); +- ir->irData[index*4 + 3] = (u8)(dwIRData >> 24); ++ if (control & rbIRVld) { ++ ir_count = (u8)smi_read(IR_Data_Cnt); ++ ++ dev_dbg(&rc_dev->dev, "ircount %d\n", ir_count); ++ ++ read_loop = ir_count / 4; ++ if (ir_count % 4) ++ read_loop += 1; ++ for (index = 0; index < read_loop; index++) { ++ data = smi_read(IR_DATA_BUFFER_BASE + (index * 4)); ++ dev_dbg(&rc_dev->dev, "IRData 0x%08x\n", data); ++ ++ ir->irData[index * 4 + 0] = (u8)(data); ++ ir->irData[index * 4 + 1] = (u8)(data >> 8); ++ ir->irData[index * 4 + 2] = (u8)(data >> 16); ++ ir->irData[index * 4 + 3] = (u8)(data >> 24); + } +- smi_raw_process(rc_dev, ir->irData, ucIRCount); +- smi_set(IR_Init_Reg, rbIRVld); ++ smi_raw_process(rc_dev, ir->irData, ir_count); + } + +- if (dwIRControl & rbIRhighidle) { ++ if (control & rbIRhighidle) { + struct ir_raw_event rawir = {}; + ++ dev_dbg(&rc_dev->dev, "high idle\n"); ++ + rawir.pulse = 0; + rawir.duration = US_TO_NS(SMI_SAMPLE_PERIOD * + SMI_SAMPLE_IDLEMIN); + ir_raw_event_store_with_filter(rc_dev, &rawir); +- smi_set(IR_Init_Reg, rbIRhighidle); + } + ++ smi_set(IR_Init_Reg, rbIRVld); + ir_raw_event_handle(rc_dev); + } + +@@ -174,7 +180,7 @@ void smi_ir_exit(struct smi_dev *dev) + struct smi_rc *ir = &dev->ir; + struct rc_dev *rc_dev = ir->rc_dev; + +- smi_ir_stop(ir); + rc_unregister_device(rc_dev); ++ smi_ir_stop(ir); + ir->rc_dev = NULL; + } diff --git a/patches.suse/media-tw686x-Register-the-irq-at-the-end-of-probe.patch b/patches.suse/media-tw686x-Register-the-irq-at-the-end-of-probe.patch new file mode 100644 index 0000000..f93167a --- /dev/null +++ b/patches.suse/media-tw686x-Register-the-irq-at-the-end-of-probe.patch @@ -0,0 +1,82 @@ +From fb730334e0f759d00f72168fbc555e5a95e35210 Mon Sep 17 00:00:00 2001 +From: Zheyu Ma +Date: Sat, 21 May 2022 07:24:01 +0100 +Subject: [PATCH] media: tw686x: Register the irq at the end of probe +Git-commit: fb730334e0f759d00f72168fbc555e5a95e35210 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We got the following warning when booting the kernel: + +[ 3.243674] INFO: trying to register non-static key. +[ 3.243922] The code is fine but needs lockdep annotation, or maybe +[ 3.244230] you didn't initialize this object before use? +[ 3.245642] Call Trace: +[ 3.247836] lock_acquire+0xff/0x2d0 +[ 3.248727] tw686x_audio_irq+0x1a5/0xcc0 [tw686x] +[ 3.249211] tw686x_irq+0x1f9/0x480 [tw686x] + +The lock 'vc->qlock' will be initialized in tw686x_video_init(), but the +driver registers the irq before calling the tw686x_video_init(), and we +got the warning. + +Fix this by registering the irq at the end of probe + +Fixes: 704a84ccdbf1 ("[media] media: Support Intersil/Techwell TW686x-based video capture cards") +Signed-off-by: Zheyu Ma +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Acked-by: Takashi Iwai + +--- + drivers/media/pci/tw686x/tw686x-core.c | 18 ++++++++---------- + 1 file changed, 8 insertions(+), 10 deletions(-) + +diff --git a/drivers/media/pci/tw686x/tw686x-core.c b/drivers/media/pci/tw686x/tw686x-core.c +index 6676e069b515..384d38754a4b 100644 +--- a/drivers/media/pci/tw686x/tw686x-core.c ++++ b/drivers/media/pci/tw686x/tw686x-core.c +@@ -315,13 +315,6 @@ static int tw686x_probe(struct pci_dev *pci_dev, + + spin_lock_init(&dev->lock); + +- err = request_irq(pci_dev->irq, tw686x_irq, IRQF_SHARED, +- dev->name, dev); +- if (err < 0) { +- dev_err(&pci_dev->dev, "unable to request interrupt\n"); +- goto iounmap; +- } +- + timer_setup(&dev->dma_delay_timer, tw686x_dma_delay, 0); + + /* +@@ -333,18 +326,23 @@ static int tw686x_probe(struct pci_dev *pci_dev, + err = tw686x_video_init(dev); + if (err) { + dev_err(&pci_dev->dev, "can't register video\n"); +- goto free_irq; ++ goto iounmap; + } + + err = tw686x_audio_init(dev); + if (err) + dev_warn(&pci_dev->dev, "can't register audio\n"); + ++ err = request_irq(pci_dev->irq, tw686x_irq, IRQF_SHARED, ++ dev->name, dev); ++ if (err < 0) { ++ dev_err(&pci_dev->dev, "unable to request interrupt\n"); ++ goto iounmap; ++ } ++ + pci_set_drvdata(pci_dev, dev); + return 0; + +-free_irq: +- free_irq(pci_dev->irq, dev); + iounmap: + pci_iounmap(pci_dev, dev->mmio); + free_region: +-- +2.35.3 + diff --git a/patches.suse/media-usb-dvb-usb-v2-rtl28xxu-convert-to-use-i2c_new.patch b/patches.suse/media-usb-dvb-usb-v2-rtl28xxu-convert-to-use-i2c_new.patch new file mode 100644 index 0000000..c90a5d4 --- /dev/null +++ b/patches.suse/media-usb-dvb-usb-v2-rtl28xxu-convert-to-use-i2c_new.patch @@ -0,0 +1,130 @@ +From 9785a61b74305518c5bc8a0bd2e966f44481b433 Mon Sep 17 00:00:00 2001 +From: Wolfram Sang +Date: Mon, 16 Dec 2019 16:51:39 +0100 +Subject: [PATCH] media: usb: dvb-usb-v2: rtl28xxu: convert to use + i2c_new_client_device() +Git-commit: 9785a61b74305518c5bc8a0bd2e966f44481b433 +References: git-fixes +Patch-mainline: v5.6-rc1 + +Use the newer API returning an ERRPTR and use the new helper to bail +out. + +Signed-off-by: Wolfram Sang +Signed-off-by: Sean Young +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/usb/dvb-usb-v2/rtl28xxu.c | 40 +++++++++++++------------ + 1 file changed, 21 insertions(+), 19 deletions(-) + +diff --git a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +index 9a871ebffc0d..c6881a1b3232 100644 +--- a/drivers/media/usb/dvb-usb-v2/rtl28xxu.c ++++ b/drivers/media/usb/dvb-usb-v2/rtl28xxu.c +@@ -697,8 +697,8 @@ static int rtl2831u_frontend_attach(struct dvb_usb_adapter *adap) + board_info.addr = 0x10; + board_info.platform_data = pdata; + request_module("%s", board_info.type); +- client = i2c_new_device(&d->i2c_adap, &board_info); +- if (client == NULL || client->dev.driver == NULL) { ++ client = i2c_new_client_device(&d->i2c_adap, &board_info); ++ if (!i2c_client_has_driver(client)) { + ret = -ENODEV; + goto err; + } +@@ -918,8 +918,8 @@ static int rtl2832u_frontend_attach(struct dvb_usb_adapter *adap) + board_info.addr = 0x10; + board_info.platform_data = pdata; + request_module("%s", board_info.type); +- client = i2c_new_device(&d->i2c_adap, &board_info); +- if (client == NULL || client->dev.driver == NULL) { ++ client = i2c_new_client_device(&d->i2c_adap, &board_info); ++ if (!i2c_client_has_driver(client)) { + ret = -ENODEV; + goto err; + } +@@ -960,8 +960,8 @@ static int rtl2832u_frontend_attach(struct dvb_usb_adapter *adap) + info.addr = 0x18; + info.platform_data = &mn88472_config; + request_module(info.type); +- client = i2c_new_device(&d->i2c_adap, &info); +- if (client == NULL || client->dev.driver == NULL) { ++ client = i2c_new_client_device(&d->i2c_adap, &info); ++ if (!i2c_client_has_driver(client)) { + dev->slave_demod = SLAVE_DEMOD_NONE; + goto err_slave_demod_failed; + } +@@ -982,8 +982,8 @@ static int rtl2832u_frontend_attach(struct dvb_usb_adapter *adap) + info.addr = 0x18; + info.platform_data = &mn88473_config; + request_module(info.type); +- client = i2c_new_device(&d->i2c_adap, &info); +- if (client == NULL || client->dev.driver == NULL) { ++ client = i2c_new_client_device(&d->i2c_adap, &info); ++ if (!i2c_client_has_driver(client)) { + dev->slave_demod = SLAVE_DEMOD_NONE; + goto err_slave_demod_failed; + } +@@ -1025,8 +1025,8 @@ static int rtl2832u_frontend_attach(struct dvb_usb_adapter *adap) + info.addr = 0x64; + info.platform_data = &si2168_config; + request_module(info.type); +- client = i2c_new_device(&d->i2c_adap, &info); +- if (client == NULL || client->dev.driver == NULL) { ++ client = i2c_new_client_device(&d->i2c_adap, &info); ++ if (!i2c_client_has_driver(client)) { + dev->slave_demod = SLAVE_DEMOD_NONE; + goto err_slave_demod_failed; + } +@@ -1217,8 +1217,9 @@ static int rtl2832u_tuner_attach(struct dvb_usb_adapter *adap) + info.platform_data = &e4000_config; + + request_module(info.type); +- client = i2c_new_device(dev->demod_i2c_adapter, &info); +- if (client == NULL || client->dev.driver == NULL) ++ client = i2c_new_client_device(dev->demod_i2c_adapter, ++ &info); ++ if (!i2c_client_has_driver(client)) + break; + + if (!try_module_get(client->dev.driver->owner)) { +@@ -1240,9 +1241,9 @@ static int rtl2832u_tuner_attach(struct dvb_usb_adapter *adap) + board_info.addr = 0x56; + board_info.platform_data = &fc2580_pdata; + request_module("fc2580"); +- client = i2c_new_device(dev->demod_i2c_adapter, +- &board_info); +- if (client == NULL || client->dev.driver == NULL) ++ client = i2c_new_client_device(dev->demod_i2c_adapter, ++ &board_info); ++ if (!i2c_client_has_driver(client)) + break; + if (!try_module_get(client->dev.driver->owner)) { + i2c_unregister_device(client); +@@ -1271,8 +1272,9 @@ static int rtl2832u_tuner_attach(struct dvb_usb_adapter *adap) + board_info.addr = 0x60; + board_info.platform_data = &tua9001_pdata; + request_module("tua9001"); +- client = i2c_new_device(dev->demod_i2c_adapter, &board_info); +- if (client == NULL || client->dev.driver == NULL) ++ client = i2c_new_client_device(dev->demod_i2c_adapter, ++ &board_info); ++ if (!i2c_client_has_driver(client)) + break; + if (!try_module_get(client->dev.driver->owner)) { + i2c_unregister_device(client); +@@ -1316,8 +1318,8 @@ static int rtl2832u_tuner_attach(struct dvb_usb_adapter *adap) + info.addr = 0x60; + info.platform_data = &si2157_config; + request_module(info.type); +- client = i2c_new_device(&d->i2c_adap, &info); +- if (client == NULL || client->dev.driver == NULL) ++ client = i2c_new_client_device(&d->i2c_adap, &info); ++ if (!i2c_client_has_driver(client)) + break; + + if (!try_module_get(client->dev.driver->owner)) { +-- +2.35.3 + diff --git a/patches.suse/media-v4l2-mem2mem-always-consider-OUTPUT-queue-duri.patch b/patches.suse/media-v4l2-mem2mem-always-consider-OUTPUT-queue-duri.patch new file mode 100644 index 0000000..09859e9 --- /dev/null +++ b/patches.suse/media-v4l2-mem2mem-always-consider-OUTPUT-queue-duri.patch @@ -0,0 +1,47 @@ +From 566463afdbc43c7744c5a1b89250fc808df03833 Mon Sep 17 00:00:00 2001 +From: Alexandre Courbot +Date: Thu, 27 Aug 2020 14:49:45 +0200 +Subject: [PATCH] media: v4l2-mem2mem: always consider OUTPUT queue during poll +Git-commit: 566463afdbc43c7744c5a1b89250fc808df03833 +References: git-fixes +Patch-mainline: v5.10-rc1 + +If poll() is called on a m2m device with the EPOLLOUT event after the +last buffer of the CAPTURE queue is dequeued, any buffer available on +OUTPUT queue will never be signaled because v4l2_m2m_poll_for_data() +starts by checking whether dst_q->last_buffer_dequeued is set and +returns EPOLLIN in this case, without looking at the state of the OUTPUT +queue. + +Fix this by not early returning so we keep checking the state of the +OUTPUT queue afterwards. + +Signed-off-by: Alexandre Courbot +Reviewed-by: Ezequiel Garcia +Signed-off-by: Hans Verkuil +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/v4l2-core/v4l2-mem2mem.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/drivers/media/v4l2-core/v4l2-mem2mem.c b/drivers/media/v4l2-core/v4l2-mem2mem.c +index 6a80240e9228..121243e5bece 100644 +--- a/drivers/media/v4l2-core/v4l2-mem2mem.c ++++ b/drivers/media/v4l2-core/v4l2-mem2mem.c +@@ -909,10 +909,8 @@ static __poll_t v4l2_m2m_poll_for_data(struct file *file, + * If the last buffer was dequeued from the capture queue, + * return immediately. DQBUF will return -EPIPE. + */ +- if (dst_q->last_buffer_dequeued) { +- spin_unlock_irqrestore(&dst_q->done_lock, flags); +- return EPOLLIN | EPOLLRDNORM; +- } ++ if (dst_q->last_buffer_dequeued) ++ rc |= EPOLLIN | EPOLLRDNORM; + } + spin_unlock_irqrestore(&dst_q->done_lock, flags); + +-- +2.35.3 + diff --git a/patches.suse/media-v4l2-mem2mem-reorder-checks-in-v4l2_m2m_poll.patch b/patches.suse/media-v4l2-mem2mem-reorder-checks-in-v4l2_m2m_poll.patch new file mode 100644 index 0000000..13eb738 --- /dev/null +++ b/patches.suse/media-v4l2-mem2mem-reorder-checks-in-v4l2_m2m_poll.patch @@ -0,0 +1,122 @@ +From 7708065f5d51a9ae80df29d1257d91fc6a6e50a0 Mon Sep 17 00:00:00 2001 +From: Michael Tretter +Date: Thu, 27 Jun 2019 08:44:33 -0400 +Subject: [PATCH] media: v4l2-mem2mem: reorder checks in v4l2_m2m_poll() +Git-commit: 7708065f5d51a9ae80df29d1257d91fc6a6e50a0 +References: git-fixes +Patch-mainline: v5.4-rc1 + +When reaching the end of stream, V4L2 m2m clients may expect the +V4L2_EOS_EVENT. Although the V4L2_EOS_EVENT is deprecated behavior, +drivers must signal that event before dequeuing the buffer that has the +V4L2_BUF_FLAG_LAST flag set. + +If a driver queues the V4L2_EOS_EVENT event and returns the buffer after +the check for events but before the check for buffers, vb2_m2m_poll() +will signal that the buffer with V4L2_BUF_FLAG_LAST can be read but not +that the V4L2_EOS_EVENT is available. + +Split the check for buffers into a separate function and check for +available buffers before checking for events. This ensures that if +vb2_m2m_poll() signals POLLIN | POLLRDNORM for the V4L2_BUF_FLAG_LAST +buffer, it signals POLLPRI for the V4L2_EOS_EVENT, too. + +Signed-off-by: Michael Tretter +Signed-off-by: Hans Verkuil +[hverkuil-cisco@xs4all.nl: fix checkpatch alignment warning] +Signed-off-by: Mauro Carvalho Chehab +Signed-off-by: Oliver Neukum +--- + drivers/media/v4l2-core/v4l2-mem2mem.c | 47 +++++++++++++++----------- + 1 file changed, 27 insertions(+), 20 deletions(-) + +diff --git a/drivers/media/v4l2-core/v4l2-mem2mem.c b/drivers/media/v4l2-core/v4l2-mem2mem.c +index 4f5176702937..19937dd3c6f6 100644 +--- a/drivers/media/v4l2-core/v4l2-mem2mem.c ++++ b/drivers/media/v4l2-core/v4l2-mem2mem.c +@@ -603,11 +603,10 @@ int v4l2_m2m_streamoff(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, + } + EXPORT_SYMBOL_GPL(v4l2_m2m_streamoff); + +-__poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, +- struct poll_table_struct *wait) ++static __poll_t v4l2_m2m_poll_for_data(struct file *file, ++ struct v4l2_m2m_ctx *m2m_ctx, ++ struct poll_table_struct *wait) + { +- struct video_device *vfd = video_devdata(file); +- __poll_t req_events = poll_requested_events(wait); + struct vb2_queue *src_q, *dst_q; + struct vb2_buffer *src_vb = NULL, *dst_vb = NULL; + __poll_t rc = 0; +@@ -619,16 +618,6 @@ __poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, + poll_wait(file, &src_q->done_wq, wait); + poll_wait(file, &dst_q->done_wq, wait); + +- if (test_bit(V4L2_FL_USES_V4L2_FH, &vfd->flags)) { +- struct v4l2_fh *fh = file->private_data; +- +- poll_wait(file, &fh->wait, wait); +- if (v4l2_event_pending(fh)) +- rc = EPOLLPRI; +- if (!(req_events & (EPOLLOUT | EPOLLWRNORM | EPOLLIN | EPOLLRDNORM))) +- return rc; +- } +- + /* + * There has to be at least one buffer queued on each queued_list, which + * means either in driver already or waiting for driver to claim it +@@ -637,10 +626,8 @@ __poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, + if ((!src_q->streaming || src_q->error || + list_empty(&src_q->queued_list)) && + (!dst_q->streaming || dst_q->error || +- list_empty(&dst_q->queued_list))) { +- rc |= EPOLLERR; +- goto end; +- } ++ list_empty(&dst_q->queued_list))) ++ return EPOLLERR; + + spin_lock_irqsave(&dst_q->done_lock, flags); + if (list_empty(&dst_q->done_list)) { +@@ -650,7 +637,7 @@ __poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, + */ + if (dst_q->last_buffer_dequeued) { + spin_unlock_irqrestore(&dst_q->done_lock, flags); +- return rc | EPOLLIN | EPOLLRDNORM; ++ return EPOLLIN | EPOLLRDNORM; + } + } + spin_unlock_irqrestore(&dst_q->done_lock, flags); +@@ -673,7 +660,27 @@ __poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, + rc |= EPOLLIN | EPOLLRDNORM; + spin_unlock_irqrestore(&dst_q->done_lock, flags); + +-end: ++ return rc; ++} ++ ++__poll_t v4l2_m2m_poll(struct file *file, struct v4l2_m2m_ctx *m2m_ctx, ++ struct poll_table_struct *wait) ++{ ++ struct video_device *vfd = video_devdata(file); ++ __poll_t req_events = poll_requested_events(wait); ++ __poll_t rc = 0; ++ ++ if (req_events & (EPOLLOUT | EPOLLWRNORM | EPOLLIN | EPOLLRDNORM)) ++ rc = v4l2_m2m_poll_for_data(file, m2m_ctx, wait); ++ ++ if (test_bit(V4L2_FL_USES_V4L2_FH, &vfd->flags)) { ++ struct v4l2_fh *fh = file->private_data; ++ ++ poll_wait(file, &fh->wait, wait); ++ if (v4l2_event_pending(fh)) ++ rc |= EPOLLPRI; ++ } ++ + return rc; + } + EXPORT_SYMBOL_GPL(v4l2_m2m_poll); +-- +2.35.3 + diff --git a/patches.suse/mediatek-mt76-mac80211-Fix-missing-of_node_put-in-mt.patch b/patches.suse/mediatek-mt76-mac80211-Fix-missing-of_node_put-in-mt.patch new file mode 100644 index 0000000..135fd80 --- /dev/null +++ b/patches.suse/mediatek-mt76-mac80211-Fix-missing-of_node_put-in-mt.patch @@ -0,0 +1,35 @@ +From 0a14c1d0113f121151edf34333cdf212dd209190 Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Mon, 4 Jul 2022 16:34:20 +0800 +Subject: [PATCH] mediatek: mt76: mac80211: Fix missing of_node_put() in mt76_led_init() +Git-commit: 0a14c1d0113f121151edf34333cdf212dd209190 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We should use of_node_put() for the reference 'np' returned by +of_get_child_by_name() which will increase the refcount. + +Fixes: 17f1de56df05 ("mt76: add common code shared between multiple chipsets") +Signed-off-by: Liang He +Signed-off-by: Felix Fietkau +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/mediatek/mt76/mac80211.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wireless/mediatek/mt76/mac80211.c b/drivers/net/wireless/mediatek/mt76/mac80211.c +index 0e7bd4a67ad4..253cbc1956d1 100644 +--- a/drivers/net/wireless/mediatek/mt76/mac80211.c ++++ b/drivers/net/wireless/mediatek/mt76/mac80211.c +@@ -216,6 +216,7 @@ static int mt76_led_init(struct mt76_dev *dev) + if (!of_property_read_u32(np, "led-sources", &led_pin)) + dev->led_pin = led_pin; + dev->led_al = of_property_read_bool(np, "led-active-low"); ++ of_node_put(np); + } + + return led_classdev_register(dev->dev, &dev->led_cdev); +-- +2.35.3 + diff --git a/patches.suse/memregion-Fix-memregion_free-fallback-definition.patch b/patches.suse/memregion-Fix-memregion_free-fallback-definition.patch new file mode 100644 index 0000000..085cc79 --- /dev/null +++ b/patches.suse/memregion-Fix-memregion_free-fallback-definition.patch @@ -0,0 +1,44 @@ +From f50974eee5c4a5de1e4f1a3d873099f170df25f8 Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Thu, 23 Jun 2022 13:02:31 -0700 +Subject: [PATCH] memregion: Fix memregion_free() fallback definition +Git-commit: f50974eee5c4a5de1e4f1a3d873099f170df25f8 +Patch-mainline: v5.19-rc6 +References: git-fixes + +In the CONFIG_MEMREGION=n case, memregion_free() is meant to be a static +inline. 0day reports: + + In file included from drivers/cxl/core/port.c:4: + include/linux/memregion.h:19:6: warning: no previous prototype for + function 'memregion_free' [-Wmissing-prototypes] + +Mark memregion_free() static. + +Fixes: 33dd70752cd7 ("lib: Uplevel the pmem "region" ida to a global allocator") +Reported-by: kernel test robot +Reviewed-by: Alison Schofield +Link: https://lore.kernel.org/r/165601455171.4042645.3350844271068713515.stgit@dwillia2-xfh +Signed-off-by: Dan Williams +Acked-by: Takashi Iwai + +--- + include/linux/memregion.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/linux/memregion.h b/include/linux/memregion.h +index e11595256cac..c04c4fd2e209 100644 +--- a/include/linux/memregion.h ++++ b/include/linux/memregion.h +@@ -16,7 +16,7 @@ static inline int memregion_alloc(gfp_t gfp) + { + return -ENOMEM; + } +-void memregion_free(int id) ++static inline void memregion_free(int id) + { + } + #endif +-- +2.35.3 + diff --git a/patches.suse/memstick-ms_block-Fix-a-memory-leak.patch b/patches.suse/memstick-ms_block-Fix-a-memory-leak.patch new file mode 100644 index 0000000..af1b72c --- /dev/null +++ b/patches.suse/memstick-ms_block-Fix-a-memory-leak.patch @@ -0,0 +1,39 @@ +From 54eb7a55be6779c4d0c25eaf5056498a28595049 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 25 Jun 2022 14:55:56 +0200 +Subject: [PATCH] memstick/ms_block: Fix a memory leak +Git-commit: 54eb7a55be6779c4d0c25eaf5056498a28595049 +Patch-mainline: v6.0-rc1 +References: git-fixes + +'erased_blocks_bitmap' is never freed. As it is allocated at the same time +as 'used_blocks_bitmap', it is likely that it should be freed also at the +same time. + +Add the corresponding bitmap_free() in msb_data_clear(). + +Fixes: 0ab30494bc4f ("memstick: add support for legacy memorysticks") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/b3b78926569445962ea5c3b6e9102418a9effb88.1656155715.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/memstick/core/ms_block.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c +index f8f151163667..f8fdf88fb240 100644 +--- a/drivers/memstick/core/ms_block.c ++++ b/drivers/memstick/core/ms_block.c +@@ -1947,6 +1947,7 @@ static void msb_data_clear(struct msb_data *msb) + { + kfree(msb->boot_page); + bitmap_free(msb->used_blocks_bitmap); ++ bitmap_free(msb->erased_blocks_bitmap); + kfree(msb->lba_to_pba_table); + kfree(msb->cache); + msb->card = NULL; +-- +2.35.3 + diff --git a/patches.suse/memstick-ms_block-Fix-some-incorrect-memory-allocati.patch b/patches.suse/memstick-ms_block-Fix-some-incorrect-memory-allocati.patch new file mode 100644 index 0000000..a563ccf --- /dev/null +++ b/patches.suse/memstick-ms_block-Fix-some-incorrect-memory-allocati.patch @@ -0,0 +1,65 @@ +From 2e531bc3e0d86362fcd8a577b3278d9ef3cc2ba0 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sat, 25 Jun 2022 14:55:25 +0200 +Subject: [PATCH] memstick/ms_block: Fix some incorrect memory allocation +Git-commit: 2e531bc3e0d86362fcd8a577b3278d9ef3cc2ba0 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Some functions of the bitmap API take advantage of the fact that a bitmap +is an array of long. + +So, to make sure this assertion is correct, allocate bitmaps with +bitmap_zalloc() instead of kzalloc()+hand-computed number of bytes. + +While at it, also use bitmap_free() instead of kfree() to keep the +semantic. + +Fixes: 0ab30494bc4f ("memstick: add support for legacy memorysticks") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/dbf633c48c24ae6d95f852557e8d8b3bbdef65fe.1656155715.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/memstick/core/ms_block.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/memstick/core/ms_block.c b/drivers/memstick/core/ms_block.c +index 3993bdd4b519..f8f151163667 100644 +--- a/drivers/memstick/core/ms_block.c ++++ b/drivers/memstick/core/ms_block.c +@@ -1341,17 +1341,17 @@ static int msb_ftl_initialize(struct msb_data *msb) + msb->zone_count = msb->block_count / MS_BLOCKS_IN_ZONE; + msb->logical_block_count = msb->zone_count * 496 - 2; + +- msb->used_blocks_bitmap = kzalloc(msb->block_count / 8, GFP_KERNEL); +- msb->erased_blocks_bitmap = kzalloc(msb->block_count / 8, GFP_KERNEL); ++ msb->used_blocks_bitmap = bitmap_zalloc(msb->block_count, GFP_KERNEL); ++ msb->erased_blocks_bitmap = bitmap_zalloc(msb->block_count, GFP_KERNEL); + msb->lba_to_pba_table = + kmalloc_array(msb->logical_block_count, sizeof(u16), + GFP_KERNEL); + + if (!msb->used_blocks_bitmap || !msb->lba_to_pba_table || + !msb->erased_blocks_bitmap) { +- kfree(msb->used_blocks_bitmap); ++ bitmap_free(msb->used_blocks_bitmap); ++ bitmap_free(msb->erased_blocks_bitmap); + kfree(msb->lba_to_pba_table); +- kfree(msb->erased_blocks_bitmap); + return -ENOMEM; + } + +@@ -1946,7 +1946,7 @@ static DEFINE_MUTEX(msb_disk_lock); /* protects against races in open/release */ + static void msb_data_clear(struct msb_data *msb) + { + kfree(msb->boot_page); +- kfree(msb->used_blocks_bitmap); ++ bitmap_free(msb->used_blocks_bitmap); + kfree(msb->lba_to_pba_table); + kfree(msb->cache); + msb->card = NULL; +-- +2.35.3 + diff --git a/patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch b/patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch new file mode 100644 index 0000000..7b7fcaa --- /dev/null +++ b/patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch @@ -0,0 +1,38 @@ +From a2106f38077e78afcb4bf98fdda3e162118cfb3d Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Tue, 24 May 2022 10:57:29 +0400 +Subject: [PATCH] meson-mx-socinfo: Fix refcount leak in meson_mx_socinfo_init +Git-commit: a2106f38077e78afcb4bf98fdda3e162118cfb3d +Patch-mainline: v6.0-rc1 +References: git-fixes + +of_find_matching_node() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 5e68c0fc8df8 ("soc: amlogic: Add Meson6/Meson8/Meson8b/Meson8m2 SoC Information driver") +Signed-off-by: Miaoqian Lin +Reviewed-by: Martin Blumenstingl +Signed-off-by: Neil Armstrong +Link: https://lore.kernel.org/r/20220524065729.33689-1-linmq006@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/soc/amlogic/meson-mx-socinfo.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/soc/amlogic/meson-mx-socinfo.c b/drivers/soc/amlogic/meson-mx-socinfo.c +index 78f0f1aeca57..92125dd65f33 100644 +--- a/drivers/soc/amlogic/meson-mx-socinfo.c ++++ b/drivers/soc/amlogic/meson-mx-socinfo.c +@@ -126,6 +126,7 @@ static int __init meson_mx_socinfo_init(void) + np = of_find_matching_node(NULL, meson_mx_socinfo_analog_top_ids); + if (np) { + analog_top_regmap = syscon_node_to_regmap(np); ++ of_node_put(np); + if (IS_ERR(analog_top_regmap)) + return PTR_ERR(analog_top_regmap); + +-- +2.35.3 + diff --git a/patches.suse/misc-rtsx-Fix-an-error-handling-path-in-rtsx_pci_pro.patch b/patches.suse/misc-rtsx-Fix-an-error-handling-path-in-rtsx_pci_pro.patch new file mode 100644 index 0000000..299e678 --- /dev/null +++ b/patches.suse/misc-rtsx-Fix-an-error-handling-path-in-rtsx_pci_pro.patch @@ -0,0 +1,46 @@ +From 44fd1917314e9d4f53dd95dd65df1c152f503d3a Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Wed, 15 Jun 2022 07:33:44 +0200 +Subject: [PATCH] misc: rtsx: Fix an error handling path in rtsx_pci_probe() +Git-commit: 44fd1917314e9d4f53dd95dd65df1c152f503d3a +Patch-mainline: v6.0-rc1 +References: git-fixes + +If an error occurs after a successful idr_alloc() call, the corresponding +resource must be released with idr_remove() as already done in the .remove +function. + +Update the error handling path to add the missing idr_remove() call. + +Fixes: ada8a8a13b13 ("mfd: Add realtek pcie card reader driver") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/e8dc41716cbf52fb37a12e70d8972848e69df6d6.1655271216.git.christophe.jaillet@wanadoo.fr +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/misc/cardreader/rtsx_pcr.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/misc/cardreader/rtsx_pcr.c ++++ b/drivers/misc/cardreader/rtsx_pcr.c +@@ -1485,7 +1485,7 @@ static int rtsx_pci_probe(struct pci_dev + pcr->remap_addr = ioremap_nocache(base, len); + if (!pcr->remap_addr) { + ret = -ENOMEM; +- goto free_handle; ++ goto free_idr; + } + + pcr->rtsx_resv_buf = dma_alloc_coherent(&(pcidev->dev), +@@ -1547,6 +1547,10 @@ disable_msi: + pcr->rtsx_resv_buf, pcr->rtsx_resv_buf_addr); + unmap: + iounmap(pcr->remap_addr); ++free_idr: ++ spin_lock(&rtsx_pci_lock); ++ idr_remove(&rtsx_pci_idr, pcr->id); ++ spin_unlock(&rtsx_pci_lock); + free_handle: + kfree(handle); + free_pcr: diff --git a/patches.suse/misc-rtsx_usb-fix-use-of-dma-mapped-buffer-for-usb-b.patch b/patches.suse/misc-rtsx_usb-fix-use-of-dma-mapped-buffer-for-usb-b.patch new file mode 100644 index 0000000..3076b10 --- /dev/null +++ b/patches.suse/misc-rtsx_usb-fix-use-of-dma-mapped-buffer-for-usb-b.patch @@ -0,0 +1,94 @@ +From eb7f8e28420372787933eec079735c35034bda7d Mon Sep 17 00:00:00 2001 +From: Shuah Khan +Date: Thu, 30 Jun 2022 20:32:55 -0600 +Subject: [PATCH] misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer +Git-commit: eb7f8e28420372787933eec079735c35034bda7d +Patch-mainline: v5.19-rc6 +References: git-fixes + +rtsx_usb driver allocates coherent dma buffer for urb transfers. +This buffer is passed to usb_bulk_msg() and usb core tries to +map already mapped buffer running into a dma mapping error. + +xhci_hcd 0000:01:00.0: rejecting DMA map of vmalloc memory +Warning: CPU: 1 PID: 279 at include/linux/dma-mapping.h:326 usb_ hcd_map_urb_for_dma+0x7d6/0x820 + +... + +xhci_map_urb_for_dma+0x291/0x4e0 +usb_hcd_submit_urb+0x199/0x12b0 +... +usb_submit_urb+0x3b8/0x9e0 +usb_start_wait_urb+0xe3/0x2d0 +usb_bulk_msg+0x115/0x240 +rtsx_usb_transfer_data+0x185/0x1a8 [rtsx_usb] +rtsx_usb_send_cmd+0xbb/0x123 [rtsx_usb] +rtsx_usb_write_register+0x12c/0x143 [rtsx_usb] +rtsx_usb_probe+0x226/0x4b2 [rtsx_usb] + +Fix it to use kmalloc() to get DMA-able memory region instead. + +Signed-off-by: Shuah Khan +Cc: stable +Link: https://lore.kernel.org/r/667d627d502e1ba9ff4f9b94966df3299d2d3c0d.1656642167.git.skhan@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/misc/cardreader/rtsx_usb.c | 13 +++++++------ + include/linux/rtsx_usb.h | 1 - + 2 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c +index 1ef9b61077c4..e147cc8ab0fd 100644 +--- a/drivers/misc/cardreader/rtsx_usb.c ++++ b/drivers/misc/cardreader/rtsx_usb.c +@@ -631,8 +631,7 @@ static int rtsx_usb_probe(struct usb_interface *intf, + + ucr->pusb_dev = usb_dev; + +- ucr->iobuf = usb_alloc_coherent(ucr->pusb_dev, IOBUF_SIZE, +- GFP_KERNEL, &ucr->iobuf_dma); ++ ucr->iobuf = kmalloc(IOBUF_SIZE, GFP_KERNEL); + if (!ucr->iobuf) + return -ENOMEM; + +@@ -668,8 +667,9 @@ static int rtsx_usb_probe(struct usb_interface *intf, + + out_init_fail: + usb_set_intfdata(ucr->pusb_intf, NULL); +- usb_free_coherent(ucr->pusb_dev, IOBUF_SIZE, ucr->iobuf, +- ucr->iobuf_dma); ++ kfree(ucr->iobuf); ++ ucr->iobuf = NULL; ++ ucr->cmd_buf = ucr->rsp_buf = NULL; + return ret; + } + +@@ -682,8 +682,9 @@ static void rtsx_usb_disconnect(struct usb_interface *intf) + mfd_remove_devices(&intf->dev); + + usb_set_intfdata(ucr->pusb_intf, NULL); +- usb_free_coherent(ucr->pusb_dev, IOBUF_SIZE, ucr->iobuf, +- ucr->iobuf_dma); ++ kfree(ucr->iobuf); ++ ucr->iobuf = NULL; ++ ucr->cmd_buf = ucr->rsp_buf = NULL; + } + + #ifdef CONFIG_PM +diff --git a/include/linux/rtsx_usb.h b/include/linux/rtsx_usb.h +index 159729cffd8e..a07f7341ebc2 100644 +--- a/include/linux/rtsx_usb.h ++++ b/include/linux/rtsx_usb.h +@@ -55,7 +55,6 @@ struct rtsx_ucr { + struct usb_interface *pusb_intf; + struct usb_sg_request current_sg; + unsigned char *iobuf; +- dma_addr_t iobuf_dma; + + struct timer_list sg_timer; + struct mutex dev_mutex; +-- +2.35.3 + diff --git a/patches.suse/misc-rtsx_usb-set-return-value-in-rsp_buf-alloc-err-.patch b/patches.suse/misc-rtsx_usb-set-return-value-in-rsp_buf-alloc-err-.patch new file mode 100644 index 0000000..0234451 --- /dev/null +++ b/patches.suse/misc-rtsx_usb-set-return-value-in-rsp_buf-alloc-err-.patch @@ -0,0 +1,56 @@ +From 2cd37c2e72449a7add6da1183d20a6247d6db111 Mon Sep 17 00:00:00 2001 +From: Shuah Khan +Date: Fri, 1 Jul 2022 10:53:52 -0600 +Subject: [PATCH] misc: rtsx_usb: set return value in rsp_buf alloc err path +Git-commit: 2cd37c2e72449a7add6da1183d20a6247d6db111 +Patch-mainline: v5.19-rc6 +References: git-fixes + +Set return value in rsp_buf alloc error path before going to +error handling. + +drivers/misc/cardreader/rtsx_usb.c:639:6: warning: variable 'ret' is used uninitialized whenever 'if' condition is true [-Wsometimes-uninitialized] + if (!ucr->rsp_buf) + ^~~~~~~~~~~~~ + drivers/misc/cardreader/rtsx_usb.c:678:9: note: uninitialized use occurs here + return ret; + ^~~ + drivers/misc/cardreader/rtsx_usb.c:639:2: note: remove the 'if' if its condition is always false + if (!ucr->rsp_buf) + ^~~~~~~~~~~~~~~~~~ + drivers/misc/cardreader/rtsx_usb.c:622:9: note: initialize the variable 'ret' to silence this warning + int ret; + ^ + = 0 + +Fixes: 3776c7855985 ("misc: rtsx_usb: use separate command and response buffers") +Reported-by: kernel test robot +Cc: stable +Signed-off-by: Shuah Khan +Link: https://lore.kernel.org/r/20220701165352.15687-1-skhan@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/misc/cardreader/rtsx_usb.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c +index 4e2108052509..f150d8769f19 100644 +--- a/drivers/misc/cardreader/rtsx_usb.c ++++ b/drivers/misc/cardreader/rtsx_usb.c +@@ -636,8 +636,10 @@ static int rtsx_usb_probe(struct usb_interface *intf, + return -ENOMEM; + + ucr->rsp_buf = kmalloc(IOBUF_SIZE, GFP_KERNEL); +- if (!ucr->rsp_buf) ++ if (!ucr->rsp_buf) { ++ ret = -ENOMEM; + goto out_free_cmd_buf; ++ } + + usb_set_intfdata(intf, ucr); + +-- +2.35.3 + diff --git a/patches.suse/misc-rtsx_usb-use-separate-command-and-response-buff.patch b/patches.suse/misc-rtsx_usb-use-separate-command-and-response-buff.patch new file mode 100644 index 0000000..5e83941 --- /dev/null +++ b/patches.suse/misc-rtsx_usb-use-separate-command-and-response-buff.patch @@ -0,0 +1,97 @@ +From 3776c78559853fd151be7c41e369fd076fb679d5 Mon Sep 17 00:00:00 2001 +From: Shuah Khan +Date: Thu, 30 Jun 2022 20:32:56 -0600 +Subject: [PATCH] misc: rtsx_usb: use separate command and response buffers +Git-commit: 3776c78559853fd151be7c41e369fd076fb679d5 +Patch-mainline: v5.19-rc6 +References: git-fixes + +rtsx_usb uses same buffer for command and response. There could +be a potential conflict using the same buffer for both especially +if retries and timeouts are involved. + +Use separate command and response buffers to avoid conflicts. + +Signed-off-by: Shuah Khan +Cc: stable +Link: https://lore.kernel.org/r/07e3721804ff07aaab9ef5b39a5691d0718b9ade.1656642167.git.skhan@linuxfoundation.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/misc/cardreader/rtsx_usb.c | 26 +++++++++++++++++--------- + include/linux/rtsx_usb.h | 1 - + 2 files changed, 17 insertions(+), 10 deletions(-) + +diff --git a/drivers/misc/cardreader/rtsx_usb.c b/drivers/misc/cardreader/rtsx_usb.c +index e147cc8ab0fd..4e2108052509 100644 +--- a/drivers/misc/cardreader/rtsx_usb.c ++++ b/drivers/misc/cardreader/rtsx_usb.c +@@ -631,15 +631,18 @@ static int rtsx_usb_probe(struct usb_interface *intf, + + ucr->pusb_dev = usb_dev; + +- ucr->iobuf = kmalloc(IOBUF_SIZE, GFP_KERNEL); +- if (!ucr->iobuf) ++ ucr->cmd_buf = kmalloc(IOBUF_SIZE, GFP_KERNEL); ++ if (!ucr->cmd_buf) + return -ENOMEM; + ++ ucr->rsp_buf = kmalloc(IOBUF_SIZE, GFP_KERNEL); ++ if (!ucr->rsp_buf) ++ goto out_free_cmd_buf; ++ + usb_set_intfdata(intf, ucr); + + ucr->vendor_id = id->idVendor; + ucr->product_id = id->idProduct; +- ucr->cmd_buf = ucr->rsp_buf = ucr->iobuf; + + mutex_init(&ucr->dev_mutex); + +@@ -667,9 +670,11 @@ static int rtsx_usb_probe(struct usb_interface *intf, + + out_init_fail: + usb_set_intfdata(ucr->pusb_intf, NULL); +- kfree(ucr->iobuf); +- ucr->iobuf = NULL; +- ucr->cmd_buf = ucr->rsp_buf = NULL; ++ kfree(ucr->rsp_buf); ++ ucr->rsp_buf = NULL; ++out_free_cmd_buf: ++ kfree(ucr->cmd_buf); ++ ucr->cmd_buf = NULL; + return ret; + } + +@@ -682,9 +687,12 @@ static void rtsx_usb_disconnect(struct usb_interface *intf) + mfd_remove_devices(&intf->dev); + + usb_set_intfdata(ucr->pusb_intf, NULL); +- kfree(ucr->iobuf); +- ucr->iobuf = NULL; +- ucr->cmd_buf = ucr->rsp_buf = NULL; ++ ++ kfree(ucr->cmd_buf); ++ ucr->cmd_buf = NULL; ++ ++ kfree(ucr->rsp_buf); ++ ucr->rsp_buf = NULL; + } + + #ifdef CONFIG_PM +diff --git a/include/linux/rtsx_usb.h b/include/linux/rtsx_usb.h +index a07f7341ebc2..3247ed8e9ff0 100644 +--- a/include/linux/rtsx_usb.h ++++ b/include/linux/rtsx_usb.h +@@ -54,7 +54,6 @@ struct rtsx_ucr { + struct usb_device *pusb_dev; + struct usb_interface *pusb_intf; + struct usb_sg_request current_sg; +- unsigned char *iobuf; + + struct timer_list sg_timer; + struct mutex dev_mutex; +-- +2.35.3 + diff --git a/patches.suse/mm-and-drivers-core-Convert-hugetlb_report_node_memi.patch b/patches.suse/mm-and-drivers-core-Convert-hugetlb_report_node_memi.patch new file mode 100644 index 0000000..66ee335 --- /dev/null +++ b/patches.suse/mm-and-drivers-core-Convert-hugetlb_report_node_memi.patch @@ -0,0 +1,86 @@ +From 7981593bf083801035b1f1377661849805acb216 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Wed, 16 Sep 2020 13:40:43 -0700 +Subject: [PATCH] mm: and drivers core: Convert hugetlb_report_node_meminfo to + sysfs_emit +Git-commit: 7981593bf083801035b1f1377661849805acb216 +Patch-mainline: v5.10-rc1 +References: bsc#1200598 cve-2022-20166 + +Convert the unbound sprintf in hugetlb_report_node_meminfo to use +sysfs_emit_at so that no possible overrun of a PAGE_SIZE buf can occur. + +Signed-off-by: Joe Perches +Acked-by: Mike Kravetz +Link: https://lore.kernel.org/r/894b351b82da6013cde7f36ff4b5493cd0ec30d0.1600285923.git.joe@perches.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Petr Mladek + +--- + drivers/base/node.c | 2 +- + include/linux/hugetlb.h | 4 ++-- + mm/hugetlb.c | 18 ++++++++++-------- + 3 files changed, 13 insertions(+), 11 deletions(-) + +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -461,7 +461,7 @@ static ssize_t node_read_meminfo(struct + HPAGE_PMD_NR) + #endif + ); +- len += hugetlb_report_node_meminfo(nid, buf + len); ++ len += hugetlb_report_node_meminfo(buf, len, nid); + return len; + } + +--- a/include/linux/hugetlb.h ++++ b/include/linux/hugetlb.h +@@ -84,7 +84,7 @@ void __unmap_hugepage_range(struct mmu_g + unsigned long start, unsigned long end, + struct page *ref_page); + void hugetlb_report_meminfo(struct seq_file *); +-int hugetlb_report_node_meminfo(int, char *); ++int hugetlb_report_node_meminfo(char *buf, int len, int nid); + void hugetlb_show_meminfo(void); + unsigned long hugetlb_total_pages(void); + vm_fault_t hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -170,7 +170,7 @@ static inline void adjust_range_if_pmd_s + static inline void hugetlb_report_meminfo(struct seq_file *m) + { + } +-#define hugetlb_report_node_meminfo(n, buf) 0 ++#define hugetlb_report_node_meminfo(buf, len, nid) 0 + static inline void hugetlb_show_meminfo(void) + { + } +--- a/mm/hugetlb.c ++++ b/mm/hugetlb.c +@@ -3105,18 +3105,20 @@ void hugetlb_report_meminfo(struct seq_f + seq_printf(m, "Hugetlb: %8lu kB\n", total / 1024); + } + +-int hugetlb_report_node_meminfo(int nid, char *buf) ++int hugetlb_report_node_meminfo(char *buf, int len, int nid) + { + struct hstate *h = &default_hstate; ++ + if (!hugepages_supported()) + return 0; +- return sprintf(buf, +- "Node %d HugePages_Total: %5u\n" +- "Node %d HugePages_Free: %5u\n" +- "Node %d HugePages_Surp: %5u\n", +- nid, h->nr_huge_pages_node[nid], +- nid, h->free_huge_pages_node[nid], +- nid, h->surplus_huge_pages_node[nid]); ++ ++ return sysfs_emit_at(buf, len, ++ "Node %d HugePages_Total: %5u\n" ++ "Node %d HugePages_Free: %5u\n" ++ "Node %d HugePages_Surp: %5u\n", ++ nid, h->nr_huge_pages_node[nid], ++ nid, h->free_huge_pages_node[nid], ++ nid, h->surplus_huge_pages_node[nid]); + } + + void hugetlb_show_meminfo(void) diff --git a/patches.suse/mm-fix-page-reference-leak-in-soft_offline_page.patch b/patches.suse/mm-fix-page-reference-leak-in-soft_offline_page.patch new file mode 100644 index 0000000..6e5e7fe --- /dev/null +++ b/patches.suse/mm-fix-page-reference-leak-in-soft_offline_page.patch @@ -0,0 +1,83 @@ +From ca4810f2b6758489c9fb3e2365abf1ca6f367f5c Mon Sep 17 00:00:00 2001 +From: Dan Williams +Date: Sat, 23 Jan 2021 21:01:52 -0800 +Subject: [PATCH] mm: fix page reference leak in soft_offline_page() + +References: git fixes (mm/memory-failure) +Patch-mainline: v5.11-rc5 +Git-commit: dad4e5b390866ca902653df0daa864ae4b8d4147 + +The conversion to move pfn_to_online_page() internal to +soft_offline_page() missed that the get_user_pages() reference taken by +the madvise() path needs to be dropped when pfn_to_online_page() fails. + +Note the direct sysfs-path to soft_offline_page() does not perform a +get_user_pages() lookup. + +When soft_offline_page() is handed a pfn_valid() && !pfn_to_online_page() +pfn the kernel hangs at dax-device shutdown due to a leaked reference. + +Link: https://lkml.kernel.org/r/161058501210.1840162.8108917599181157327.stgit@dwillia2-desk3.amr.corp.intel.com +Fixes: feec24a6139d ("mm, soft-offline: convert parameter to pfn") +Signed-off-by: Dan Williams +Reviewed-by: David Hildenbrand +Reviewed-by: Oscar Salvador +Reviewed-by: Naoya Horiguchi +Cc: Michal Hocko +Cc: Qian Cai +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Mel Gorman +--- + mm/memory-failure.c | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/mm/memory-failure.c b/mm/memory-failure.c +index ba254c94768f..c2e6703f6953 100644 +--- a/mm/memory-failure.c ++++ b/mm/memory-failure.c +@@ -1850,6 +1850,12 @@ static int soft_offline_free_page(struct page *page) + return rc; + } + ++static void put_ref_page(struct page *page) ++{ ++ if (page) ++ put_page(page); ++} ++ + /** + * soft_offline_page - Soft offline a page. + * @pfn: pfn to soft-offline +@@ -1875,20 +1881,26 @@ static int soft_offline_free_page(struct page *page) + int soft_offline_page(unsigned long pfn, int flags) + { + int ret; +- struct page *page; + bool try_again = true; ++ struct page *page, *ref_page = NULL; ++ ++ WARN_ON_ONCE(!pfn_valid(pfn) && (flags & MF_COUNT_INCREASED)); + + if (!pfn_valid(pfn)) + return -ENXIO; ++ if (flags & MF_COUNT_INCREASED) ++ ref_page = pfn_to_page(pfn); ++ + /* Only online pages can be soft-offlined (esp., not ZONE_DEVICE). */ + page = pfn_to_online_page(pfn); +- if (!page) ++ if (!page) { ++ put_ref_page(ref_page); + return -EIO; ++ } + + if (PageHWPoison(page)) { + pr_info("soft offline: %#lx page already poisoned\n", pfn); +- if (flags & MF_COUNT_INCREASED) +- put_page(page); ++ put_ref_page(ref_page); + return 0; + } + diff --git a/patches.suse/mmc-cavium-octeon-Add-of_node_put-when-breaking-out-.patch b/patches.suse/mmc-cavium-octeon-Add-of_node_put-when-breaking-out-.patch new file mode 100644 index 0000000..b367e1a --- /dev/null +++ b/patches.suse/mmc-cavium-octeon-Add-of_node_put-when-breaking-out-.patch @@ -0,0 +1,38 @@ +From 19bbb49acf8d7a03cb83e05624363741a4c3ec6f Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Tue, 19 Jul 2022 17:52:15 +0800 +Subject: [PATCH] mmc: cavium-octeon: Add of_node_put() when breaking out of loop +Git-commit: 19bbb49acf8d7a03cb83e05624363741a4c3ec6f +Patch-mainline: v6.0-rc1 +References: git-fixes + +In octeon_mmc_probe(), we should call of_node_put() when breaking +out of for_each_child_of_node() which has increased and decreased +the refcount during each iteration. + +Fixes: 01d95843335c ("mmc: cavium: Add MMC support for Octeon SOCs.") +Signed-off-by: Liang He +Acked-by: Robert Richter +Link: https://lore.kernel.org/r/20220719095216.1241601-1-windhl@126.com +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/mmc/host/cavium-octeon.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/mmc/host/cavium-octeon.c b/drivers/mmc/host/cavium-octeon.c +index 2c4b2df52adb..12dca91a8ef6 100644 +--- a/drivers/mmc/host/cavium-octeon.c ++++ b/drivers/mmc/host/cavium-octeon.c +@@ -277,6 +277,7 @@ static int octeon_mmc_probe(struct platform_device *pdev) + if (ret) { + dev_err(&pdev->dev, "Error populating slots\n"); + octeon_mmc_set_shared_power(host, 0); ++ of_node_put(cn); + goto error; + } + i++; +-- +2.35.3 + diff --git a/patches.suse/mmc-cavium-thunderx-Add-of_node_put-when-breaking-ou.patch b/patches.suse/mmc-cavium-thunderx-Add-of_node_put-when-breaking-ou.patch new file mode 100644 index 0000000..7285a6c --- /dev/null +++ b/patches.suse/mmc-cavium-thunderx-Add-of_node_put-when-breaking-ou.patch @@ -0,0 +1,42 @@ +From 7ee480795e41db314f2c445c65ed854a5d6e8e32 Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Tue, 19 Jul 2022 17:52:16 +0800 +Subject: [PATCH] mmc: cavium-thunderx: Add of_node_put() when breaking out of loop +Git-commit: 7ee480795e41db314f2c445c65ed854a5d6e8e32 +Patch-mainline: v6.0-rc1 +References: git-fixes + +In thunder_mmc_probe(), we should call of_node_put() when breaking +out of for_each_child_of_node() which has increased and decreased +the refcount during each iteration. + +Fixes: 166bac38c3c5 ("mmc: cavium: Add MMC PCI driver for ThunderX SOCs") +Signed-off-by: Liang He +Acked-by: Robert Richter +Link: https://lore.kernel.org/r/20220719095216.1241601-2-windhl@126.com +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/mmc/host/cavium-thunderx.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/mmc/host/cavium-thunderx.c b/drivers/mmc/host/cavium-thunderx.c +index 76013bbbcff3..202b1d6da678 100644 +--- a/drivers/mmc/host/cavium-thunderx.c ++++ b/drivers/mmc/host/cavium-thunderx.c +@@ -142,8 +142,10 @@ static int thunder_mmc_probe(struct pci_dev *pdev, + continue; + + ret = cvm_mmc_of_slot_probe(&host->slot_pdev[i]->dev, host); +- if (ret) ++ if (ret) { ++ of_node_put(child_node); + goto error; ++ } + } + i++; + } +-- +2.35.3 + diff --git a/patches.suse/mmc-sdhci-of-at91-fix-set_uhs_signaling-rewriting-of.patch b/patches.suse/mmc-sdhci-of-at91-fix-set_uhs_signaling-rewriting-of.patch new file mode 100644 index 0000000..efbcc6a --- /dev/null +++ b/patches.suse/mmc-sdhci-of-at91-fix-set_uhs_signaling-rewriting-of.patch @@ -0,0 +1,48 @@ +From 5987e6ded29d52e42fc7b06aa575c60a25eee38e Mon Sep 17 00:00:00 2001 +From: Eugen Hristev +Date: Thu, 30 Jun 2022 12:09:26 +0300 +Subject: [PATCH] mmc: sdhci-of-at91: fix set_uhs_signaling rewriting of MC1R +Git-commit: 5987e6ded29d52e42fc7b06aa575c60a25eee38e +Patch-mainline: v6.0-rc1 +References: git-fixes + +In set_uhs_signaling, the DDR bit is being set by fully writing the MC1R +register. +This can lead to accidental erase of certain bits in this register. +Avoid this by doing a read-modify-write operation. + +Fixes: d0918764c17b ("mmc: sdhci-of-at91: fix MMC_DDR_52 timing selection") +Signed-off-by: Eugen Hristev +Tested-by: Karl Olsen +Acked-by: Adrian Hunter +Link: https://lore.kernel.org/r/20220630090926.15061-1-eugen.hristev@microchip.com +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/mmc/host/sdhci-of-at91.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/mmc/host/sdhci-of-at91.c b/drivers/mmc/host/sdhci-of-at91.c +index 10fb4cb2c731..cd0134580a90 100644 +--- a/drivers/mmc/host/sdhci-of-at91.c ++++ b/drivers/mmc/host/sdhci-of-at91.c +@@ -100,8 +100,13 @@ static void sdhci_at91_set_clock(struct sdhci_host *host, unsigned int clock) + static void sdhci_at91_set_uhs_signaling(struct sdhci_host *host, + unsigned int timing) + { +- if (timing == MMC_TIMING_MMC_DDR52) +- sdhci_writeb(host, SDMMC_MC1R_DDR, SDMMC_MC1R); ++ u8 mc1r; ++ ++ if (timing == MMC_TIMING_MMC_DDR52) { ++ mc1r = sdhci_readb(host, SDMMC_MC1R); ++ mc1r |= SDMMC_MC1R_DDR; ++ sdhci_writeb(host, mc1r, SDMMC_MC1R); ++ } + sdhci_set_uhs_signaling(host, timing); + } + +-- +2.35.3 + diff --git a/patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch b/patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch new file mode 100644 index 0000000..64c038d --- /dev/null +++ b/patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch @@ -0,0 +1,38 @@ +From b5899a3e2f783a27b268e38d37f9b24c71bddf45 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Mon, 23 May 2022 18:42:54 +0400 +Subject: [PATCH] mmc: sdhci-of-esdhc: Fix refcount leak in esdhc_signal_voltage_switch +Git-commit: b5899a3e2f783a27b268e38d37f9b24c71bddf45 +Patch-mainline: v6.0-rc1 +References: git-fixes + +of_find_matching_node() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. +of_node_put() checks null pointer. + +Fixes: ea35645a3c66 ("mmc: sdhci-of-esdhc: add support for signal voltage switch") +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220523144255.10310-1-linmq006@gmail.com +Signed-off-by: Ulf Hansson +Acked-by: Takashi Iwai + +--- + drivers/mmc/host/sdhci-of-esdhc.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/mmc/host/sdhci-of-esdhc.c b/drivers/mmc/host/sdhci-of-esdhc.c +index d9dc41143bb3..8b3d8119f388 100644 +--- a/drivers/mmc/host/sdhci-of-esdhc.c ++++ b/drivers/mmc/host/sdhci-of-esdhc.c +@@ -904,6 +904,7 @@ static int esdhc_signal_voltage_switch(struct mmc_host *mmc, + scfg_node = of_find_matching_node(NULL, scfg_device_ids); + if (scfg_node) + scfg_base = of_iomap(scfg_node, 0); ++ of_node_put(scfg_node); + if (scfg_base) { + sdhciovselcr = SDHCIOVSELCR_TGLEN | + SDHCIOVSELCR_VSELVAL; +-- +2.35.3 + diff --git a/patches.suse/msft-hv-2235-hv_netvsc-Add-more-validation-for-untrusted-Hyper-V-.patch b/patches.suse/msft-hv-2235-hv_netvsc-Add-more-validation-for-untrusted-Hyper-V-.patch new file mode 100644 index 0000000..56f4da6 --- /dev/null +++ b/patches.suse/msft-hv-2235-hv_netvsc-Add-more-validation-for-untrusted-Hyper-V-.patch @@ -0,0 +1,363 @@ +From: "Andrea Parri (Microsoft)" +Date: Thu, 14 Jan 2021 21:26:28 +0100 +Patch-mainline: v5.12-rc1 +Subject: hv_netvsc: Add (more) validation for untrusted Hyper-V values +Git-commit: 505e3f00c3f3648cb6260deb35e87fae1f64f5d8 +References: bsc#1199364 + +For additional robustness in the face of Hyper-V errors or malicious +behavior, validate all values that originate from packets that Hyper-V +has sent to the guest. Ensure that invalid values cannot cause indexing +off the end of an array, or subvert an existing validation via integer +overflow. Ensure that outgoing packets do not have any leftover guest +memory that has not been zeroed out. + +Reported-by: Juan Vazquez +Signed-off-by: Andrea Parri (Microsoft) +Link: https://lore.kernel.org/r/20210114202628.119541-1-parri.andrea@gmail.com +Signed-off-by: Jakub Kicinski +Acked-by: Olaf Hering +--- + drivers/net/hyperv/netvsc.c | 3 +- + drivers/net/hyperv/netvsc_bpf.c | 6 ++ + drivers/net/hyperv/netvsc_drv.c | 18 +++- + drivers/net/hyperv/rndis_filter.c | 171 +++++++++++++++++++++++++------------- + 4 files changed, 136 insertions(+), 62 deletions(-) + +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -918,6 +918,7 @@ static inline int netvsc_send_pkt( + int ret; + u32 ring_avail = hv_get_avail_to_write_percent(&out_channel->outbound); + ++ memset(&nvmsg, 0, sizeof(struct nvsp_message)); + nvmsg.hdr.msg_type = NVSP_MSG1_TYPE_SEND_RNDIS_PKT; + if (skb) + rpkt->channel_type = 0; /* 0 is RMC_DATA */ +@@ -1337,7 +1338,7 @@ static void netvsc_send_table(struct net_device *ndev, + sizeof(union nvsp_6_message_uber); + + /* Boundary check for all versions */ +- if (offset > msglen - count * sizeof(u32)) { ++ if (msglen < count * sizeof(u32) || offset > msglen - count * sizeof(u32)) { + netdev_err(ndev, "Received send-table offset too big:%u\n", + offset); + return; +diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c +--- a/drivers/net/hyperv/netvsc_bpf.c ++++ b/drivers/net/hyperv/netvsc_bpf.c +@@ -37,6 +37,12 @@ u32 netvsc_run_xdp(struct net_device *ndev, struct netvsc_channel *nvchan, + if (!prog) + goto out; + ++ /* Ensure that the below memcpy() won't overflow the page buffer. */ ++ if (len > ndev->mtu + ETH_HLEN) { ++ act = XDP_DROP; ++ goto out; ++ } ++ + /* allocate page buffer for data */ + page = alloc_page(GFP_ATOMIC); + if (!page) { +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -761,6 +761,16 @@ void netvsc_linkstatus_callback(struct net_device *net, + if (indicate->status == RNDIS_STATUS_LINK_SPEED_CHANGE) { + u32 speed; + ++ /* Validate status_buf_offset */ ++ if (indicate->status_buflen < sizeof(speed) || ++ indicate->status_buf_offset < sizeof(*indicate) || ++ resp->msg_len - RNDIS_HEADER_SIZE < indicate->status_buf_offset || ++ resp->msg_len - RNDIS_HEADER_SIZE - indicate->status_buf_offset ++ < indicate->status_buflen) { ++ netdev_err(net, "invalid rndis_indicate_status packet\n"); ++ return; ++ } ++ + speed = *(u32 *)((void *)indicate + + indicate->status_buf_offset) / 10000; + ndev_ctx->speed = speed; +@@ -866,8 +876,14 @@ static struct sk_buff *netvsc_alloc_recv_skb(struct net_device *net, + */ + if (csum_info && csum_info->receive.ip_checksum_value_invalid && + csum_info->receive.ip_checksum_succeeded && +- skb->protocol == htons(ETH_P_IP)) ++ skb->protocol == htons(ETH_P_IP)) { ++ /* Check that there is enough space to hold the IP header. */ ++ if (skb_headlen(skb) < sizeof(struct iphdr)) { ++ kfree_skb(skb); ++ return NULL; ++ } + netvsc_comp_ipcsum(skb); ++ } + + /* Do L4 checksum offload if enabled and present. */ + if (csum_info && (net->features & NETIF_F_RXCSUM)) { +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -131,66 +131,84 @@ static void dump_rndis_message(struct net_device *netdev, + { + switch (rndis_msg->ndis_msg_type) { + case RNDIS_MSG_PACKET: +- netdev_dbg(netdev, "RNDIS_MSG_PACKET (len %u, " +- "data offset %u data len %u, # oob %u, " +- "oob offset %u, oob len %u, pkt offset %u, " +- "pkt len %u\n", +- rndis_msg->msg_len, +- rndis_msg->msg.pkt.data_offset, +- rndis_msg->msg.pkt.data_len, +- rndis_msg->msg.pkt.num_oob_data_elements, +- rndis_msg->msg.pkt.oob_data_offset, +- rndis_msg->msg.pkt.oob_data_len, +- rndis_msg->msg.pkt.per_pkt_info_offset, +- rndis_msg->msg.pkt.per_pkt_info_len); ++ if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= sizeof(struct rndis_packet)) { ++ const struct rndis_packet *pkt = &rndis_msg->msg.pkt; ++ netdev_dbg(netdev, "RNDIS_MSG_PACKET (len %u, " ++ "data offset %u data len %u, # oob %u, " ++ "oob offset %u, oob len %u, pkt offset %u, " ++ "pkt len %u\n", ++ rndis_msg->msg_len, ++ pkt->data_offset, ++ pkt->data_len, ++ pkt->num_oob_data_elements, ++ pkt->oob_data_offset, ++ pkt->oob_data_len, ++ pkt->per_pkt_info_offset, ++ pkt->per_pkt_info_len); ++ } + break; + + case RNDIS_MSG_INIT_C: +- netdev_dbg(netdev, "RNDIS_MSG_INIT_C " +- "(len %u, id 0x%x, status 0x%x, major %d, minor %d, " +- "device flags %d, max xfer size 0x%x, max pkts %u, " +- "pkt aligned %u)\n", +- rndis_msg->msg_len, +- rndis_msg->msg.init_complete.req_id, +- rndis_msg->msg.init_complete.status, +- rndis_msg->msg.init_complete.major_ver, +- rndis_msg->msg.init_complete.minor_ver, +- rndis_msg->msg.init_complete.dev_flags, +- rndis_msg->msg.init_complete.max_xfer_size, +- rndis_msg->msg.init_complete. +- max_pkt_per_msg, +- rndis_msg->msg.init_complete. +- pkt_alignment_factor); ++ if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= ++ sizeof(struct rndis_initialize_complete)) { ++ const struct rndis_initialize_complete *init_complete = ++ &rndis_msg->msg.init_complete; ++ netdev_dbg(netdev, "RNDIS_MSG_INIT_C " ++ "(len %u, id 0x%x, status 0x%x, major %d, minor %d, " ++ "device flags %d, max xfer size 0x%x, max pkts %u, " ++ "pkt aligned %u)\n", ++ rndis_msg->msg_len, ++ init_complete->req_id, ++ init_complete->status, ++ init_complete->major_ver, ++ init_complete->minor_ver, ++ init_complete->dev_flags, ++ init_complete->max_xfer_size, ++ init_complete->max_pkt_per_msg, ++ init_complete->pkt_alignment_factor); ++ } + break; + + case RNDIS_MSG_QUERY_C: +- netdev_dbg(netdev, "RNDIS_MSG_QUERY_C " +- "(len %u, id 0x%x, status 0x%x, buf len %u, " +- "buf offset %u)\n", +- rndis_msg->msg_len, +- rndis_msg->msg.query_complete.req_id, +- rndis_msg->msg.query_complete.status, +- rndis_msg->msg.query_complete. +- info_buflen, +- rndis_msg->msg.query_complete. +- info_buf_offset); ++ if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= ++ sizeof(struct rndis_query_complete)) { ++ const struct rndis_query_complete *query_complete = ++ &rndis_msg->msg.query_complete; ++ netdev_dbg(netdev, "RNDIS_MSG_QUERY_C " ++ "(len %u, id 0x%x, status 0x%x, buf len %u, " ++ "buf offset %u)\n", ++ rndis_msg->msg_len, ++ query_complete->req_id, ++ query_complete->status, ++ query_complete->info_buflen, ++ query_complete->info_buf_offset); ++ } + break; + + case RNDIS_MSG_SET_C: +- netdev_dbg(netdev, +- "RNDIS_MSG_SET_C (len %u, id 0x%x, status 0x%x)\n", +- rndis_msg->msg_len, +- rndis_msg->msg.set_complete.req_id, +- rndis_msg->msg.set_complete.status); ++ if (rndis_msg->msg_len - RNDIS_HEADER_SIZE + sizeof(struct rndis_set_complete)) { ++ const struct rndis_set_complete *set_complete = ++ &rndis_msg->msg.set_complete; ++ netdev_dbg(netdev, ++ "RNDIS_MSG_SET_C (len %u, id 0x%x, status 0x%x)\n", ++ rndis_msg->msg_len, ++ set_complete->req_id, ++ set_complete->status); ++ } + break; + + case RNDIS_MSG_INDICATE: +- netdev_dbg(netdev, "RNDIS_MSG_INDICATE " +- "(len %u, status 0x%x, buf len %u, buf offset %u)\n", +- rndis_msg->msg_len, +- rndis_msg->msg.indicate_status.status, +- rndis_msg->msg.indicate_status.status_buflen, +- rndis_msg->msg.indicate_status.status_buf_offset); ++ if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= ++ sizeof(struct rndis_indicate_status)) { ++ const struct rndis_indicate_status *indicate_status = ++ &rndis_msg->msg.indicate_status; ++ netdev_dbg(netdev, "RNDIS_MSG_INDICATE " ++ "(len %u, status 0x%x, buf len %u, buf offset %u)\n", ++ rndis_msg->msg_len, ++ indicate_status->status, ++ indicate_status->status_buflen, ++ indicate_status->status_buf_offset); ++ } + break; + + default: +@@ -246,11 +264,20 @@ static void rndis_set_link_state(struct rndis_device *rdev, + { + u32 link_status; + struct rndis_query_complete *query_complete; ++ u32 msg_len = request->response_msg.msg_len; ++ ++ /* Ensure the packet is big enough to access its fields */ ++ if (msg_len - RNDIS_HEADER_SIZE < sizeof(struct rndis_query_complete)) ++ return; + + query_complete = &request->response_msg.msg.query_complete; + + if (query_complete->status == RNDIS_STATUS_SUCCESS && +- query_complete->info_buflen == sizeof(u32)) { ++ query_complete->info_buflen >= sizeof(u32) && ++ query_complete->info_buf_offset >= sizeof(*query_complete) && ++ msg_len - RNDIS_HEADER_SIZE >= query_complete->info_buf_offset && ++ msg_len - RNDIS_HEADER_SIZE - query_complete->info_buf_offset ++ >= query_complete->info_buflen) { + memcpy(&link_status, (void *)((unsigned long)query_complete + + query_complete->info_buf_offset), sizeof(u32)); + rdev->link_state = link_status != 0; +@@ -343,7 +370,8 @@ static void rndis_filter_receive_response(struct net_device *ndev, + */ + static inline void *rndis_get_ppi(struct net_device *ndev, + struct rndis_packet *rpkt, +- u32 rpkt_len, u32 type, u8 internal) ++ u32 rpkt_len, u32 type, u8 internal, ++ u32 ppi_size) + { + struct rndis_per_packet_info *ppi; + int len; +@@ -359,7 +387,8 @@ static inline void *rndis_get_ppi(struct net_device *ndev, + return NULL; + } + +- if (rpkt->per_pkt_info_len > rpkt_len - rpkt->per_pkt_info_offset) { ++ if (rpkt->per_pkt_info_len < sizeof(*ppi) || ++ rpkt->per_pkt_info_len > rpkt_len - rpkt->per_pkt_info_offset) { + netdev_err(ndev, "Invalid per_pkt_info_len: %u\n", + rpkt->per_pkt_info_len); + return NULL; +@@ -381,8 +410,15 @@ static inline void *rndis_get_ppi(struct net_device *ndev, + continue; + } + +- if (ppi->type == type && ppi->internal == internal) ++ if (ppi->type == type && ppi->internal == internal) { ++ /* ppi->size should be big enough to hold the returned object. */ ++ if (ppi->size - ppi->ppi_offset < ppi_size) { ++ netdev_err(ndev, "Invalid ppi: size %u ppi_offset %u\n", ++ ppi->size, ppi->ppi_offset); ++ continue; ++ } + return (void *)((ulong)ppi + ppi->ppi_offset); ++ } + len -= ppi->size; + ppi = (struct rndis_per_packet_info *)((ulong)ppi + ppi->size); + } +@@ -461,13 +497,16 @@ static int rndis_filter_receive_data(struct net_device *ndev, + return NVSP_STAT_FAIL; + } + +- vlan = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, IEEE_8021Q_INFO, 0); ++ vlan = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, IEEE_8021Q_INFO, 0, sizeof(*vlan)); + +- csum_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, TCPIP_CHKSUM_PKTINFO, 0); ++ csum_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, TCPIP_CHKSUM_PKTINFO, 0, ++ sizeof(*csum_info)); + +- hash_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, NBL_HASH_VALUE, 0); ++ hash_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, NBL_HASH_VALUE, 0, ++ sizeof(*hash_info)); + +- pktinfo_id = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, RNDIS_PKTINFO_ID, 1); ++ pktinfo_id = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, RNDIS_PKTINFO_ID, 1, ++ sizeof(*pktinfo_id)); + + data = (void *)msg + data_offset; + +@@ -522,9 +561,6 @@ int rndis_filter_receive(struct net_device *ndev, + struct net_device_context *net_device_ctx = netdev_priv(ndev); + struct rndis_message *rndis_msg = data; + +- if (netif_msg_rx_status(net_device_ctx)) +- dump_rndis_message(ndev, rndis_msg); +- + /* Validate incoming rndis_message packet */ + if (buflen < RNDIS_HEADER_SIZE || rndis_msg->msg_len < RNDIS_HEADER_SIZE || + buflen < rndis_msg->msg_len) { +@@ -533,6 +569,9 @@ int rndis_filter_receive(struct net_device *ndev, + return NVSP_STAT_FAIL; + } + ++ if (netif_msg_rx_status(net_device_ctx)) ++ dump_rndis_message(ndev, rndis_msg); ++ + switch (rndis_msg->ndis_msg_type) { + case RNDIS_MSG_PACKET: + return rndis_filter_receive_data(ndev, net_dev, nvchan, +@@ -567,6 +606,7 @@ static int rndis_filter_query_device(struct rndis_device *dev, + u32 inresult_size = *result_size; + struct rndis_query_request *query; + struct rndis_query_complete *query_complete; ++ u32 msg_len; + int ret = 0; + + if (!result) +@@ -634,8 +674,19 @@ static int rndis_filter_query_device(struct rndis_device *dev, + + /* Copy the response back */ + query_complete = &request->response_msg.msg.query_complete; ++ msg_len = request->response_msg.msg_len; ++ ++ /* Ensure the packet is big enough to access its fields */ ++ if (msg_len - RNDIS_HEADER_SIZE < sizeof(struct rndis_query_complete)) { ++ ret = -1; ++ goto cleanup; ++ } + +- if (query_complete->info_buflen > inresult_size) { ++ if (query_complete->info_buflen > inresult_size || ++ query_complete->info_buf_offset < sizeof(*query_complete) || ++ msg_len - RNDIS_HEADER_SIZE < query_complete->info_buf_offset || ++ msg_len - RNDIS_HEADER_SIZE - query_complete->info_buf_offset ++ < query_complete->info_buflen) { + ret = -1; + goto cleanup; + } diff --git a/patches.suse/msft-hv-2238-hv_netvsc-Copy-packets-sent-by-Hyper-V-out-of-the-re.patch b/patches.suse/msft-hv-2238-hv_netvsc-Copy-packets-sent-by-Hyper-V-out-of-the-re.patch new file mode 100644 index 0000000..c8416c3 --- /dev/null +++ b/patches.suse/msft-hv-2238-hv_netvsc-Copy-packets-sent-by-Hyper-V-out-of-the-re.patch @@ -0,0 +1,559 @@ +From: "Andrea Parri (Microsoft)" +Date: Tue, 26 Jan 2021 17:29:07 +0100 +Patch-mainline: v5.12-rc1 +Subject: hv_netvsc: Copy packets sent by Hyper-V out of the receive buffer +Git-commit: 0ba35fe91ce34f2d0feff626efd0062dac41781c +References: bsc#1199364 + +Pointers to receive-buffer packets sent by Hyper-V are used within the +guest VM. Hyper-V can send packets with erroneous values or modify +packet fields after they are processed by the guest. To defend against +these scenarios, copy (sections of) the incoming packet after validating +their length and offset fields in netvsc_filter_receive(). In this way, +the packet can no longer be modified by the host. + +Reported-by: Juan Vazquez +Signed-off-by: Andrea Parri (Microsoft) +Link: https://lore.kernel.org/r/20210126162907.21056-1-parri.andrea@gmail.com +Signed-off-by: Jakub Kicinski +Acked-by: Olaf Hering +--- + drivers/net/hyperv/hyperv_net.h | 93 ++++++++++++++++++------------------ + drivers/net/hyperv/netvsc.c | 20 ++++++++ + drivers/net/hyperv/netvsc_drv.c | 24 ++++++---- + drivers/net/hyperv/rndis_filter.c | 99 +++++++++++++++++++++++++++------------ + 4 files changed, 150 insertions(+), 86 deletions(-) + +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -105,9 +105,43 @@ struct ndis_recv_scale_param { /* NDIS_RECEIVE_SCALE_PARAMETERS */ + u32 processor_masks_entry_size; + }; + +-/* Fwd declaration */ +-struct ndis_tcp_ip_checksum_info; +-struct ndis_pkt_8021q_info; ++struct ndis_tcp_ip_checksum_info { ++ union { ++ struct { ++ u32 is_ipv4:1; ++ u32 is_ipv6:1; ++ u32 tcp_checksum:1; ++ u32 udp_checksum:1; ++ u32 ip_header_checksum:1; ++ u32 reserved:11; ++ u32 tcp_header_offset:10; ++ } transmit; ++ struct { ++ u32 tcp_checksum_failed:1; ++ u32 udp_checksum_failed:1; ++ u32 ip_checksum_failed:1; ++ u32 tcp_checksum_succeeded:1; ++ u32 udp_checksum_succeeded:1; ++ u32 ip_checksum_succeeded:1; ++ u32 loopback:1; ++ u32 tcp_checksum_value_invalid:1; ++ u32 ip_checksum_value_invalid:1; ++ } receive; ++ u32 value; ++ }; ++}; ++ ++struct ndis_pkt_8021q_info { ++ union { ++ struct { ++ u32 pri:3; /* User Priority */ ++ u32 cfi:1; /* Canonical Format ID */ ++ u32 vlanid:12; /* VLAN ID */ ++ u32 reserved:16; ++ }; ++ u32 value; ++ }; ++}; + + /* + * Represent netvsc packet which contains 1 RNDIS and 1 ethernet frame +@@ -194,7 +228,8 @@ int netvsc_send(struct net_device *net, + struct sk_buff *skb, + bool xdp_tx); + void netvsc_linkstatus_callback(struct net_device *net, +- struct rndis_message *resp); ++ struct rndis_message *resp, ++ void *data); + int netvsc_recv_callback(struct net_device *net, + struct netvsc_device *nvdev, + struct netvsc_channel *nvchan); +@@ -884,9 +919,10 @@ struct multi_recv_comp { + #define NVSP_RSC_MAX 562 /* Max #RSC frags in a vmbus xfer page pkt */ + + struct nvsc_rsc { +- const struct ndis_pkt_8021q_info *vlan; +- const struct ndis_tcp_ip_checksum_info *csum_info; +- const u32 *hash_info; ++ struct ndis_pkt_8021q_info vlan; ++ struct ndis_tcp_ip_checksum_info csum_info; ++ u32 hash_info; ++ u8 ppi_flags; /* valid/present bits for the above PPIs */ + u8 is_last; /* last RNDIS msg in a vmtransfer_page */ + u32 cnt; /* #fragments in an RSC packet */ + u32 pktlen; /* Full packet length */ +@@ -894,6 +930,10 @@ struct nvsc_rsc { + u32 len[NVSP_RSC_MAX]; + }; + ++#define NVSC_RSC_VLAN BIT(0) /* valid/present bit for 'vlan' */ ++#define NVSC_RSC_CSUM_INFO BIT(1) /* valid/present bit for 'csum_info' */ ++#define NVSC_RSC_HASH_INFO BIT(2) /* valid/present bit for 'hash_info' */ ++ + struct netvsc_stats { + u64 packets; + u64 bytes; +@@ -1002,6 +1042,7 @@ struct net_device_context { + struct netvsc_channel { + struct vmbus_channel *channel; + struct netvsc_device *net_device; ++ void *recv_buf; /* buffer to copy packets out from the receive buffer */ + const struct vmpacket_descriptor *desc; + struct napi_struct napi; + struct multi_send_data msd; +@@ -1234,18 +1275,6 @@ struct rndis_pktinfo_id { + u16 pkt_id; + }; + +-struct ndis_pkt_8021q_info { +- union { +- struct { +- u32 pri:3; /* User Priority */ +- u32 cfi:1; /* Canonical Format ID */ +- u32 vlanid:12; /* VLAN ID */ +- u32 reserved:16; +- }; +- u32 value; +- }; +-}; +- + struct ndis_object_header { + u8 type; + u8 revision; +@@ -1436,32 +1465,6 @@ struct ndis_offload_params { + }; + }; + +-struct ndis_tcp_ip_checksum_info { +- union { +- struct { +- u32 is_ipv4:1; +- u32 is_ipv6:1; +- u32 tcp_checksum:1; +- u32 udp_checksum:1; +- u32 ip_header_checksum:1; +- u32 reserved:11; +- u32 tcp_header_offset:10; +- } transmit; +- struct { +- u32 tcp_checksum_failed:1; +- u32 udp_checksum_failed:1; +- u32 ip_checksum_failed:1; +- u32 tcp_checksum_succeeded:1; +- u32 udp_checksum_succeeded:1; +- u32 ip_checksum_succeeded:1; +- u32 loopback:1; +- u32 tcp_checksum_value_invalid:1; +- u32 ip_checksum_value_invalid:1; +- } receive; +- u32 value; +- }; +-}; +- + struct ndis_tcp_lso_info { + union { + struct { +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -131,6 +131,7 @@ static void free_netvsc_device(struct rcu_head *head) + + for (i = 0; i < VRSS_CHANNEL_MAX; i++) { + xdp_rxq_info_unreg(&nvdev->chan_table[i].xdp_rxq); ++ kfree(nvdev->chan_table[i].recv_buf); + vfree(nvdev->chan_table[i].mrc.slots); + } + +@@ -1284,6 +1285,19 @@ static int netvsc_receive(struct net_device *ndev, + continue; + } + ++ /* We're going to copy (sections of) the packet into nvchan->recv_buf; ++ * make sure that nvchan->recv_buf is large enough to hold the packet. ++ */ ++ if (unlikely(buflen > net_device->recv_section_size)) { ++ nvchan->rsc.cnt = 0; ++ status = NVSP_STAT_FAIL; ++ netif_err(net_device_ctx, rx_err, ndev, ++ "Packet too big: buflen=%u recv_section_size=%u\n", ++ buflen, net_device->recv_section_size); ++ ++ continue; ++ } ++ + data = recv_buf + offset; + + nvchan->rsc.is_last = (i == count - 1); +@@ -1535,6 +1549,12 @@ struct netvsc_device *netvsc_device_add(struct hv_device *device, + for (i = 0; i < VRSS_CHANNEL_MAX; i++) { + struct netvsc_channel *nvchan = &net_device->chan_table[i]; + ++ nvchan->recv_buf = kzalloc(device_info->recv_section_size, GFP_KERNEL); ++ if (nvchan->recv_buf == NULL) { ++ ret = -ENOMEM; ++ goto cleanup2; ++ } ++ + nvchan->channel = device->channel; + nvchan->net_device = net_device; + u64_stats_init(&nvchan->tx_stats.syncp); +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -743,7 +743,8 @@ static netdev_tx_t netvsc_start_xmit(struct sk_buff *skb, + * netvsc_linkstatus_callback - Link up/down notification + */ + void netvsc_linkstatus_callback(struct net_device *net, +- struct rndis_message *resp) ++ struct rndis_message *resp, ++ void *data) + { + struct rndis_indicate_status *indicate = &resp->msg.indicate_status; + struct net_device_context *ndev_ctx = netdev_priv(net); +@@ -757,6 +758,9 @@ void netvsc_linkstatus_callback(struct net_device *net, + return; + } + ++ /* Copy the RNDIS indicate status into nvchan->recv_buf */ ++ memcpy(indicate, data + RNDIS_HEADER_SIZE, sizeof(*indicate)); ++ + /* Update the physical link speed when changing to another vSwitch */ + if (indicate->status == RNDIS_STATUS_LINK_SPEED_CHANGE) { + u32 speed; +@@ -771,8 +775,7 @@ void netvsc_linkstatus_callback(struct net_device *net, + return; + } + +- speed = *(u32 *)((void *)indicate +- + indicate->status_buf_offset) / 10000; ++ speed = *(u32 *)(data + RNDIS_HEADER_SIZE + indicate->status_buf_offset) / 10000; + ndev_ctx->speed = speed; + return; + } +@@ -827,10 +830,11 @@ static struct sk_buff *netvsc_alloc_recv_skb(struct net_device *net, + struct xdp_buff *xdp) + { + struct napi_struct *napi = &nvchan->napi; +- const struct ndis_pkt_8021q_info *vlan = nvchan->rsc.vlan; ++ const struct ndis_pkt_8021q_info *vlan = &nvchan->rsc.vlan; + const struct ndis_tcp_ip_checksum_info *csum_info = +- nvchan->rsc.csum_info; +- const u32 *hash_info = nvchan->rsc.hash_info; ++ &nvchan->rsc.csum_info; ++ const u32 *hash_info = &nvchan->rsc.hash_info; ++ u8 ppi_flags = nvchan->rsc.ppi_flags; + struct sk_buff *skb; + void *xbuf = xdp->data_hard_start; + int i; +@@ -874,7 +878,7 @@ static struct sk_buff *netvsc_alloc_recv_skb(struct net_device *net, + * We compute it here if the flags are set, because on Linux, the IP + * checksum is always checked. + */ +- if (csum_info && csum_info->receive.ip_checksum_value_invalid && ++ if ((ppi_flags & NVSC_RSC_CSUM_INFO) && csum_info->receive.ip_checksum_value_invalid && + csum_info->receive.ip_checksum_succeeded && + skb->protocol == htons(ETH_P_IP)) { + /* Check that there is enough space to hold the IP header. */ +@@ -886,16 +890,16 @@ static struct sk_buff *netvsc_alloc_recv_skb(struct net_device *net, + } + + /* Do L4 checksum offload if enabled and present. */ +- if (csum_info && (net->features & NETIF_F_RXCSUM)) { ++ if ((ppi_flags & NVSC_RSC_CSUM_INFO) && (net->features & NETIF_F_RXCSUM)) { + if (csum_info->receive.tcp_checksum_succeeded || + csum_info->receive.udp_checksum_succeeded) + skb->ip_summed = CHECKSUM_UNNECESSARY; + } + +- if (hash_info && (net->features & NETIF_F_RXHASH)) ++ if ((ppi_flags & NVSC_RSC_HASH_INFO) && (net->features & NETIF_F_RXHASH)) + skb_set_hash(skb, *hash_info, PKT_HASH_TYPE_L4); + +- if (vlan) { ++ if (ppi_flags & NVSC_RSC_VLAN) { + u16 vlan_tci = vlan->vlanid | (vlan->pri << VLAN_PRIO_SHIFT) | + (vlan->cfi ? VLAN_CFI_MASK : 0); + +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -127,12 +127,13 @@ static void put_rndis_request(struct rndis_device *dev, + } + + static void dump_rndis_message(struct net_device *netdev, +- const struct rndis_message *rndis_msg) ++ const struct rndis_message *rndis_msg, ++ const void *data) + { + switch (rndis_msg->ndis_msg_type) { + case RNDIS_MSG_PACKET: + if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= sizeof(struct rndis_packet)) { +- const struct rndis_packet *pkt = &rndis_msg->msg.pkt; ++ const struct rndis_packet *pkt = data + RNDIS_HEADER_SIZE; + netdev_dbg(netdev, "RNDIS_MSG_PACKET (len %u, " + "data offset %u data len %u, # oob %u, " + "oob offset %u, oob len %u, pkt offset %u, " +@@ -152,7 +153,7 @@ static void dump_rndis_message(struct net_device *netdev, + if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= + sizeof(struct rndis_initialize_complete)) { + const struct rndis_initialize_complete *init_complete = +- &rndis_msg->msg.init_complete; ++ data + RNDIS_HEADER_SIZE; + netdev_dbg(netdev, "RNDIS_MSG_INIT_C " + "(len %u, id 0x%x, status 0x%x, major %d, minor %d, " + "device flags %d, max xfer size 0x%x, max pkts %u, " +@@ -173,7 +174,7 @@ static void dump_rndis_message(struct net_device *netdev, + if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= + sizeof(struct rndis_query_complete)) { + const struct rndis_query_complete *query_complete = +- &rndis_msg->msg.query_complete; ++ data + RNDIS_HEADER_SIZE; + netdev_dbg(netdev, "RNDIS_MSG_QUERY_C " + "(len %u, id 0x%x, status 0x%x, buf len %u, " + "buf offset %u)\n", +@@ -188,7 +189,7 @@ static void dump_rndis_message(struct net_device *netdev, + case RNDIS_MSG_SET_C: + if (rndis_msg->msg_len - RNDIS_HEADER_SIZE + sizeof(struct rndis_set_complete)) { + const struct rndis_set_complete *set_complete = +- &rndis_msg->msg.set_complete; ++ data + RNDIS_HEADER_SIZE; + netdev_dbg(netdev, + "RNDIS_MSG_SET_C (len %u, id 0x%x, status 0x%x)\n", + rndis_msg->msg_len, +@@ -201,7 +202,7 @@ static void dump_rndis_message(struct net_device *netdev, + if (rndis_msg->msg_len - RNDIS_HEADER_SIZE >= + sizeof(struct rndis_indicate_status)) { + const struct rndis_indicate_status *indicate_status = +- &rndis_msg->msg.indicate_status; ++ data + RNDIS_HEADER_SIZE; + netdev_dbg(netdev, "RNDIS_MSG_INDICATE " + "(len %u, status 0x%x, buf len %u, buf offset %u)\n", + rndis_msg->msg_len, +@@ -286,8 +287,10 @@ static void rndis_set_link_state(struct rndis_device *rdev, + + static void rndis_filter_receive_response(struct net_device *ndev, + struct netvsc_device *nvdev, +- const struct rndis_message *resp) ++ struct rndis_message *resp, ++ void *data) + { ++ u32 *req_id = &resp->msg.init_complete.req_id; + struct rndis_device *dev = nvdev->extension; + struct rndis_request *request = NULL; + bool found = false; +@@ -312,14 +315,16 @@ static void rndis_filter_receive_response(struct net_device *ndev, + return; + } + ++ /* Copy the request ID into nvchan->recv_buf */ ++ *req_id = *(u32 *)(data + RNDIS_HEADER_SIZE); ++ + spin_lock_irqsave(&dev->request_lock, flags); + list_for_each_entry(request, &dev->req_list, list_ent) { + /* + * All request/response message contains RequestId as the 1st + * field + */ +- if (request->request_msg.msg.init_req.req_id +- == resp->msg.init_complete.req_id) { ++ if (request->request_msg.msg.init_req.req_id == *req_id) { + found = true; + break; + } +@@ -329,8 +334,10 @@ static void rndis_filter_receive_response(struct net_device *ndev, + if (found) { + if (resp->msg_len <= + sizeof(struct rndis_message) + RNDIS_EXT_LEN) { +- memcpy(&request->response_msg, resp, +- resp->msg_len); ++ memcpy(&request->response_msg, resp, RNDIS_HEADER_SIZE + sizeof(*req_id)); ++ memcpy((void *)&request->response_msg + RNDIS_HEADER_SIZE + sizeof(*req_id), ++ data + RNDIS_HEADER_SIZE + sizeof(*req_id), ++ resp->msg_len - RNDIS_HEADER_SIZE - sizeof(*req_id)); + if (request->request_msg.ndis_msg_type == + RNDIS_MSG_QUERY && request->request_msg.msg. + query_req.oid == RNDIS_OID_GEN_MEDIA_CONNECT_STATUS) +@@ -359,7 +366,7 @@ static void rndis_filter_receive_response(struct net_device *ndev, + netdev_err(ndev, + "no rndis request found for this response " + "(id 0x%x res type 0x%x)\n", +- resp->msg.init_complete.req_id, ++ *req_id, + resp->ndis_msg_type); + } + } +@@ -371,7 +378,7 @@ static void rndis_filter_receive_response(struct net_device *ndev, + static inline void *rndis_get_ppi(struct net_device *ndev, + struct rndis_packet *rpkt, + u32 rpkt_len, u32 type, u8 internal, +- u32 ppi_size) ++ u32 ppi_size, void *data) + { + struct rndis_per_packet_info *ppi; + int len; +@@ -396,6 +403,8 @@ static inline void *rndis_get_ppi(struct net_device *ndev, + + ppi = (struct rndis_per_packet_info *)((ulong)rpkt + + rpkt->per_pkt_info_offset); ++ /* Copy the PPIs into nvchan->recv_buf */ ++ memcpy(ppi, data + RNDIS_HEADER_SIZE + rpkt->per_pkt_info_offset, rpkt->per_pkt_info_len); + len = rpkt->per_pkt_info_len; + + while (len > 0) { +@@ -438,10 +447,29 @@ void rsc_add_data(struct netvsc_channel *nvchan, + if (cnt) { + nvchan->rsc.pktlen += len; + } else { +- nvchan->rsc.vlan = vlan; +- nvchan->rsc.csum_info = csum_info; ++ /* The data/values pointed by vlan, csum_info and hash_info are shared ++ * across the different 'fragments' of the RSC packet; store them into ++ * the packet itself. ++ */ ++ if (vlan != NULL) { ++ memcpy(&nvchan->rsc.vlan, vlan, sizeof(*vlan)); ++ nvchan->rsc.ppi_flags |= NVSC_RSC_VLAN; ++ } else { ++ nvchan->rsc.ppi_flags &= ~NVSC_RSC_VLAN; ++ } ++ if (csum_info != NULL) { ++ memcpy(&nvchan->rsc.csum_info, csum_info, sizeof(*csum_info)); ++ nvchan->rsc.ppi_flags |= NVSC_RSC_CSUM_INFO; ++ } else { ++ nvchan->rsc.ppi_flags &= ~NVSC_RSC_CSUM_INFO; ++ } + nvchan->rsc.pktlen = len; +- nvchan->rsc.hash_info = hash_info; ++ if (hash_info != NULL) { ++ nvchan->rsc.csum_info = *csum_info; ++ nvchan->rsc.ppi_flags |= NVSC_RSC_HASH_INFO; ++ } else { ++ nvchan->rsc.ppi_flags &= ~NVSC_RSC_HASH_INFO; ++ } + } + + nvchan->rsc.data[cnt] = data; +@@ -453,7 +481,7 @@ static int rndis_filter_receive_data(struct net_device *ndev, + struct netvsc_device *nvdev, + struct netvsc_channel *nvchan, + struct rndis_message *msg, +- u32 data_buflen) ++ void *data, u32 data_buflen) + { + struct rndis_packet *rndis_pkt = &msg->msg.pkt; + const struct ndis_tcp_ip_checksum_info *csum_info; +@@ -461,7 +489,6 @@ static int rndis_filter_receive_data(struct net_device *ndev, + const struct rndis_pktinfo_id *pktinfo_id; + const u32 *hash_info; + u32 data_offset, rpkt_len; +- void *data; + bool rsc_more = false; + int ret; + +@@ -472,6 +499,9 @@ static int rndis_filter_receive_data(struct net_device *ndev, + return NVSP_STAT_FAIL; + } + ++ /* Copy the RNDIS packet into nvchan->recv_buf */ ++ memcpy(rndis_pkt, data + RNDIS_HEADER_SIZE, sizeof(*rndis_pkt)); ++ + /* Validate rndis_pkt offset */ + if (rndis_pkt->data_offset >= data_buflen - RNDIS_HEADER_SIZE) { + netdev_err(ndev, "invalid rndis packet offset: %u\n", +@@ -497,18 +527,17 @@ static int rndis_filter_receive_data(struct net_device *ndev, + return NVSP_STAT_FAIL; + } + +- vlan = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, IEEE_8021Q_INFO, 0, sizeof(*vlan)); ++ vlan = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, IEEE_8021Q_INFO, 0, sizeof(*vlan), ++ data); + + csum_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, TCPIP_CHKSUM_PKTINFO, 0, +- sizeof(*csum_info)); ++ sizeof(*csum_info), data); + + hash_info = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, NBL_HASH_VALUE, 0, +- sizeof(*hash_info)); ++ sizeof(*hash_info), data); + + pktinfo_id = rndis_get_ppi(ndev, rndis_pkt, rpkt_len, RNDIS_PKTINFO_ID, 1, +- sizeof(*pktinfo_id)); +- +- data = (void *)msg + data_offset; ++ sizeof(*pktinfo_id), data); + + /* Identify RSC frags, drop erroneous packets */ + if (pktinfo_id && (pktinfo_id->flag & RNDIS_PKTINFO_SUBALLOC)) { +@@ -537,7 +566,7 @@ static int rndis_filter_receive_data(struct net_device *ndev, + * the data packet to the stack, without the rndis trailer padding + */ + rsc_add_data(nvchan, vlan, csum_info, hash_info, +- data, rndis_pkt->data_len); ++ data + data_offset, rndis_pkt->data_len); + + if (rsc_more) + return NVSP_STAT_SUCCESS; +@@ -559,10 +588,18 @@ int rndis_filter_receive(struct net_device *ndev, + void *data, u32 buflen) + { + struct net_device_context *net_device_ctx = netdev_priv(ndev); +- struct rndis_message *rndis_msg = data; ++ struct rndis_message *rndis_msg = nvchan->recv_buf; ++ ++ if (buflen < RNDIS_HEADER_SIZE) { ++ netdev_err(ndev, "Invalid rndis_msg (buflen: %u)\n", buflen); ++ return NVSP_STAT_FAIL; ++ } ++ ++ /* Copy the RNDIS msg header into nvchan->recv_buf */ ++ memcpy(rndis_msg, data, RNDIS_HEADER_SIZE); + + /* Validate incoming rndis_message packet */ +- if (buflen < RNDIS_HEADER_SIZE || rndis_msg->msg_len < RNDIS_HEADER_SIZE || ++ if (rndis_msg->msg_len < RNDIS_HEADER_SIZE || + buflen < rndis_msg->msg_len) { + netdev_err(ndev, "Invalid rndis_msg (buflen: %u, msg_len: %u)\n", + buflen, rndis_msg->msg_len); +@@ -570,22 +607,22 @@ int rndis_filter_receive(struct net_device *ndev, + } + + if (netif_msg_rx_status(net_device_ctx)) +- dump_rndis_message(ndev, rndis_msg); ++ dump_rndis_message(ndev, rndis_msg, data); + + switch (rndis_msg->ndis_msg_type) { + case RNDIS_MSG_PACKET: + return rndis_filter_receive_data(ndev, net_dev, nvchan, +- rndis_msg, buflen); ++ rndis_msg, data, buflen); + case RNDIS_MSG_INIT_C: + case RNDIS_MSG_QUERY_C: + case RNDIS_MSG_SET_C: + /* completion msgs */ +- rndis_filter_receive_response(ndev, net_dev, rndis_msg); ++ rndis_filter_receive_response(ndev, net_dev, rndis_msg, data); + break; + + case RNDIS_MSG_INDICATE: + /* notification msgs */ +- netvsc_linkstatus_callback(ndev, rndis_msg); ++ netvsc_linkstatus_callback(ndev, rndis_msg, data); + break; + default: + netdev_err(ndev, diff --git a/patches.suse/msft-hv-2288-hv_netvsc-Fix-validation-in-netvsc_linkstatus_callba.patch b/patches.suse/msft-hv-2288-hv_netvsc-Fix-validation-in-netvsc_linkstatus_callba.patch new file mode 100644 index 0000000..b2f3671 --- /dev/null +++ b/patches.suse/msft-hv-2288-hv_netvsc-Fix-validation-in-netvsc_linkstatus_callba.patch @@ -0,0 +1,83 @@ +From: "Andrea Parri (Microsoft)" +Date: Mon, 1 Mar 2021 19:25:30 +0100 +Patch-mainline: v5.12-rc3 +Subject: hv_netvsc: Fix validation in netvsc_linkstatus_callback() +Git-commit: 3946688edbc5b629110c339b3babf10aa9e7adad +References: bsc#1199364 + +Contrary to the RNDIS protocol specification, certain (pre-Fe) +implementations of Hyper-V's vSwitch did not account for the status +buffer field in the length of an RNDIS packet; the bug was fixed in +newer implementations. Validate the status buffer fields using the +length of the 'vmtransfer_page' packet (all implementations), that +is known/validated to be less than or equal to the receive section +size and not smaller than the length of the RNDIS message. + +Reported-by: Dexuan Cui +Suggested-by: Haiyang Zhang +Signed-off-by: Andrea Parri (Microsoft) +Fixes: 505e3f00c3f36 ("hv_netvsc: Add (more) validation for untrusted Hyper-V values") +Signed-off-by: David S. Miller +Acked-by: Olaf Hering +--- + drivers/net/hyperv/hyperv_net.h | 2 +- + drivers/net/hyperv/netvsc_drv.c | 13 +++++++++---- + drivers/net/hyperv/rndis_filter.c | 2 +- + 3 files changed, 11 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -229,7 +229,7 @@ int netvsc_send(struct net_device *net, + bool xdp_tx); + void netvsc_linkstatus_callback(struct net_device *net, + struct rndis_message *resp, +- void *data); ++ void *data, u32 data_buflen); + int netvsc_recv_callback(struct net_device *net, + struct netvsc_device *nvdev, + struct netvsc_channel *nvchan); +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -744,7 +744,7 @@ static netdev_tx_t netvsc_start_xmit(struct sk_buff *skb, + */ + void netvsc_linkstatus_callback(struct net_device *net, + struct rndis_message *resp, +- void *data) ++ void *data, u32 data_buflen) + { + struct rndis_indicate_status *indicate = &resp->msg.indicate_status; + struct net_device_context *ndev_ctx = netdev_priv(net); +@@ -765,11 +765,16 @@ void netvsc_linkstatus_callback(struct net_device *net, + if (indicate->status == RNDIS_STATUS_LINK_SPEED_CHANGE) { + u32 speed; + +- /* Validate status_buf_offset */ ++ /* Validate status_buf_offset and status_buflen. ++ * ++ * Certain (pre-Fe) implementations of Hyper-V's vSwitch didn't account ++ * for the status buffer field in resp->msg_len; perform the validation ++ * using data_buflen (>= resp->msg_len). ++ */ + if (indicate->status_buflen < sizeof(speed) || + indicate->status_buf_offset < sizeof(*indicate) || +- resp->msg_len - RNDIS_HEADER_SIZE < indicate->status_buf_offset || +- resp->msg_len - RNDIS_HEADER_SIZE - indicate->status_buf_offset ++ data_buflen - RNDIS_HEADER_SIZE < indicate->status_buf_offset || ++ data_buflen - RNDIS_HEADER_SIZE - indicate->status_buf_offset + < indicate->status_buflen) { + netdev_err(net, "invalid rndis_indicate_status packet\n"); + return; +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -620,7 +620,7 @@ int rndis_filter_receive(struct net_device *ndev, + + case RNDIS_MSG_INDICATE: + /* notification msgs */ +- netvsc_linkstatus_callback(ndev, rndis_msg, data); ++ netvsc_linkstatus_callback(ndev, rndis_msg, data, buflen); + break; + default: + netdev_err(ndev, diff --git a/patches.suse/msft-hv-2454-hv_netvsc-Add-comment-of-netvsc_xdp_xmit.patch b/patches.suse/msft-hv-2454-hv_netvsc-Add-comment-of-netvsc_xdp_xmit.patch new file mode 100644 index 0000000..46b389d --- /dev/null +++ b/patches.suse/msft-hv-2454-hv_netvsc-Add-comment-of-netvsc_xdp_xmit.patch @@ -0,0 +1,32 @@ +From: Jiasheng Jiang +Date: Thu, 14 Oct 2021 01:26:26 +0000 +Patch-mainline: v5.16-rc1 +Subject: hv_netvsc: Add comment of netvsc_xdp_xmit() +Git-commit: 78e0a006914b9fc0dd714d68f0bb6e0f50c944f2 +References: bsc#1199364 + +Adding comment to avoid the misusing of netvsc_xdp_xmit(). +Otherwise the value of skb->queue_mapping could be 0 and +then the return value of skb_get_rx_queue() could be MAX_U16 +cause by overflow. + +Signed-off-by: Jiasheng Jiang +Reviewed-by: Haiyang Zhang +Link: https://lore.kernel.org/r/1634174786-1810351-1-git-send-email-jiasheng@iscas.ac.cn +Signed-off-by: Jakub Kicinski +Acked-by: Olaf Hering +--- + drivers/net/hyperv/netvsc_drv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -803,6 +803,7 @@ void netvsc_linkstatus_callback(struct net_device *net, + schedule_delayed_work(&ndev_ctx->dwork, 0); + } + ++/* This function should only be called after skb_record_rx_queue() */ + static void netvsc_xdp_xmit(struct sk_buff *skb, struct net_device *ndev) + { + int rc; diff --git a/patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch b/patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch new file mode 100644 index 0000000..615ad1e --- /dev/null +++ b/patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch @@ -0,0 +1,597 @@ +From: Haiyang Zhang +Date: Thu, 7 Apr 2022 13:21:34 -0700 +Patch-mainline: v5.19-rc1 +Subject: hv_netvsc: Add support for XDP_REDIRECT +Git-commit: 1cb9d3b6185b2a4d1d592632a7faf5d8c8e5f9b3 +References: bsc#1199364 + +Handle XDP_REDIRECT action in netvsc driver. +Also, transparently pass ndo_xdp_xmit to VF when available. + +Signed-off-by: Haiyang Zhang +Link: https://lore.kernel.org/r/1649362894-20077-1-git-send-email-haiyangz@microsoft.com +Signed-off-by: Jakub Kicinski +Acked-by: Olaf Hering +--- + drivers/net/hyperv/hyperv_net.h | 69 +++++++++- + drivers/net/hyperv/netvsc.c | 8 +- + drivers/net/hyperv/netvsc_bpf.c | 95 +++++++++++++- + drivers/net/hyperv/netvsc_drv.c | 150 +++++++++------------- + 4 files changed, 228 insertions(+), 94 deletions(-) + +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + /* RSS related */ + #define OID_GEN_RECEIVE_SCALE_CAPABILITIES 0x00010203 /* query only */ +@@ -237,6 +238,7 @@ int netvsc_recv_callback(struct net_device *net, + void netvsc_channel_cb(void *context); + int netvsc_poll(struct napi_struct *napi, int budget); + ++void netvsc_xdp_xmit(struct sk_buff *skb, struct net_device *ndev); + u32 netvsc_run_xdp(struct net_device *ndev, struct netvsc_channel *nvchan, + struct xdp_buff *xdp); + unsigned int netvsc_xdp_fraglen(unsigned int len); +@@ -246,6 +248,8 @@ int netvsc_xdp_set(struct net_device *dev, struct bpf_prog *prog, + struct netvsc_device *nvdev); + int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog); + int netvsc_bpf(struct net_device *dev, struct netdev_bpf *bpf); ++int netvsc_ndoxdp_xmit(struct net_device *ndev, int n, ++ struct xdp_frame **frames, u32 flags); + + int rndis_set_subchannel(struct net_device *ndev, + struct netvsc_device *nvdev, +@@ -942,12 +946,21 @@ struct nvsc_rsc { + #define NVSC_RSC_CSUM_INFO BIT(1) /* valid/present bit for 'csum_info' */ + #define NVSC_RSC_HASH_INFO BIT(2) /* valid/present bit for 'hash_info' */ + +-struct netvsc_stats { ++struct netvsc_stats_tx { ++ u64 packets; ++ u64 bytes; ++ u64 xdp_xmit; ++ struct u64_stats_sync syncp; ++}; ++ ++struct netvsc_stats_rx { + u64 packets; + u64 bytes; + u64 broadcast; + u64 multicast; + u64 xdp_drop; ++ u64 xdp_redirect; ++ u64 xdp_tx; + struct u64_stats_sync syncp; + }; + +@@ -1046,6 +1059,55 @@ struct net_device_context { + struct netvsc_device_info *saved_netvsc_dev_info; + }; + ++/* Azure hosts don't support non-TCP port numbers in hashing for fragmented ++ * packets. We can use ethtool to change UDP hash level when necessary. ++ */ ++static inline u32 netvsc_get_hash(struct sk_buff *skb, ++ const struct net_device_context *ndc) ++{ ++ struct flow_keys flow; ++ u32 hash, pkt_proto = 0; ++ static u32 hashrnd __read_mostly; ++ ++ net_get_random_once(&hashrnd, sizeof(hashrnd)); ++ ++ if (!skb_flow_dissect_flow_keys(skb, &flow, 0)) ++ return 0; ++ ++ switch (flow.basic.ip_proto) { ++ case IPPROTO_TCP: ++ if (flow.basic.n_proto == htons(ETH_P_IP)) ++ pkt_proto = HV_TCP4_L4HASH; ++ else if (flow.basic.n_proto == htons(ETH_P_IPV6)) ++ pkt_proto = HV_TCP6_L4HASH; ++ ++ break; ++ ++ case IPPROTO_UDP: ++ if (flow.basic.n_proto == htons(ETH_P_IP)) ++ pkt_proto = HV_UDP4_L4HASH; ++ else if (flow.basic.n_proto == htons(ETH_P_IPV6)) ++ pkt_proto = HV_UDP6_L4HASH; ++ ++ break; ++ } ++ ++ if (pkt_proto & ndc->l4_hash) { ++ return skb_get_hash(skb); ++ } else { ++ if (flow.basic.n_proto == htons(ETH_P_IP)) ++ hash = jhash2((u32 *)&flow.addrs.v4addrs, 2, hashrnd); ++ else if (flow.basic.n_proto == htons(ETH_P_IPV6)) ++ hash = jhash2((u32 *)&flow.addrs.v6addrs, 8, hashrnd); ++ else ++ return 0; ++ ++ __skb_set_sw_hash(skb, hash, false); ++ } ++ ++ return hash; ++} ++ + /* Per channel data */ + struct netvsc_channel { + struct vmbus_channel *channel; +@@ -1060,9 +1122,10 @@ struct netvsc_channel { + + struct bpf_prog __rcu *bpf_prog; + struct xdp_rxq_info xdp_rxq; ++ bool xdp_flush; + +- struct netvsc_stats tx_stats; +- struct netvsc_stats rx_stats; ++ struct netvsc_stats_tx tx_stats; ++ struct netvsc_stats_rx rx_stats; + }; + + /* Per netvsc device */ +diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c +--- a/drivers/net/hyperv/netvsc.c ++++ b/drivers/net/hyperv/netvsc.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + + #include + +@@ -805,7 +806,7 @@ static void netvsc_send_tx_complete(struct net_device *ndev, + const struct hv_netvsc_packet *packet + = (struct hv_netvsc_packet *)skb->cb; + u32 send_index = packet->send_buf_index; +- struct netvsc_stats *tx_stats; ++ struct netvsc_stats_tx *tx_stats; + + if (send_index != NETVSC_INVALID_INDEX) + netvsc_free_send_slot(net_device, send_index); +@@ -1670,12 +1671,17 @@ int netvsc_poll(struct napi_struct *napi, int budget) + if (!nvchan->desc) + nvchan->desc = hv_pkt_iter_first(channel); + ++ nvchan->xdp_flush = false; ++ + while (nvchan->desc && work_done < budget) { + work_done += netvsc_process_raw_pkt(device, nvchan, net_device, + ndev, nvchan->desc, budget); + nvchan->desc = hv_pkt_iter_next(channel, nvchan->desc); + } + ++ if (nvchan->xdp_flush) ++ xdp_do_flush(); ++ + /* Send any pending receive completions */ + ret = send_recv_completions(ndev, net_device, nvchan); + +diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c +--- a/drivers/net/hyperv/netvsc_bpf.c ++++ b/drivers/net/hyperv/netvsc_bpf.c +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -23,11 +24,13 @@ + u32 netvsc_run_xdp(struct net_device *ndev, struct netvsc_channel *nvchan, + struct xdp_buff *xdp) + { ++ struct netvsc_stats_rx *rx_stats = &nvchan->rx_stats; + void *data = nvchan->rsc.data[0]; + u32 len = nvchan->rsc.len[0]; + struct page *page = NULL; + struct bpf_prog *prog; + u32 act = XDP_PASS; ++ bool drop = true; + + xdp->data_hard_start = NULL; + +@@ -60,9 +63,34 @@ u32 netvsc_run_xdp(struct net_device *ndev, struct netvsc_channel *nvchan, + switch (act) { + case XDP_PASS: + case XDP_TX: ++ drop = false; ++ break; ++ + case XDP_DROP: + break; + ++ case XDP_REDIRECT: ++ if (!xdp_do_redirect(ndev, xdp, prog)) { ++ nvchan->xdp_flush = true; ++ drop = false; ++ ++ u64_stats_update_begin(&rx_stats->syncp); ++ ++ rx_stats->xdp_redirect++; ++ rx_stats->packets++; ++ rx_stats->bytes += nvchan->rsc.pktlen; ++ ++ u64_stats_update_end(&rx_stats->syncp); ++ ++ break; ++ } else { ++ u64_stats_update_begin(&rx_stats->syncp); ++ rx_stats->xdp_drop++; ++ u64_stats_update_end(&rx_stats->syncp); ++ } ++ ++ fallthrough; ++ + case XDP_ABORTED: + trace_xdp_exception(ndev, prog, act); + break; +@@ -74,7 +102,7 @@ u32 netvsc_run_xdp(struct net_device *ndev, struct netvsc_channel *nvchan, + out: + rcu_read_unlock(); + +- if (page && act != XDP_PASS && act != XDP_TX) { ++ if (page && drop) { + __free_page(page); + xdp->data_hard_start = NULL; + } +@@ -197,3 +225,68 @@ int netvsc_bpf(struct net_device *dev, struct netdev_bpf *bpf) + return -EINVAL; + } + } ++ ++static int netvsc_ndoxdp_xmit_fm(struct net_device *ndev, ++ struct xdp_frame *frame, u16 q_idx) ++{ ++ struct sk_buff *skb; ++ ++ skb = xdp_build_skb_from_frame(frame, ndev); ++ if (unlikely(!skb)) ++ return -ENOMEM; ++ ++ netvsc_get_hash(skb, netdev_priv(ndev)); ++ ++ skb_record_rx_queue(skb, q_idx); ++ ++ netvsc_xdp_xmit(skb, ndev); ++ ++ return 0; ++} ++ ++int netvsc_ndoxdp_xmit(struct net_device *ndev, int n, ++ struct xdp_frame **frames, u32 flags) ++{ ++ struct net_device_context *ndev_ctx = netdev_priv(ndev); ++ const struct net_device_ops *vf_ops; ++ struct netvsc_stats_tx *tx_stats; ++ struct netvsc_device *nvsc_dev; ++ struct net_device *vf_netdev; ++ int i, count = 0; ++ u16 q_idx; ++ ++ /* Don't transmit if netvsc_device is gone */ ++ nvsc_dev = rcu_dereference_bh(ndev_ctx->nvdev); ++ if (unlikely(!nvsc_dev || nvsc_dev->destroy)) ++ return 0; ++ ++ /* If VF is present and up then redirect packets to it. ++ * Skip the VF if it is marked down or has no carrier. ++ * If netpoll is in uses, then VF can not be used either. ++ */ ++ vf_netdev = rcu_dereference_bh(ndev_ctx->vf_netdev); ++ if (vf_netdev && netif_running(vf_netdev) && ++ netif_carrier_ok(vf_netdev) && !netpoll_tx_running(ndev) && ++ vf_netdev->netdev_ops->ndo_xdp_xmit && ++ ndev_ctx->data_path_is_vf) { ++ vf_ops = vf_netdev->netdev_ops; ++ return vf_ops->ndo_xdp_xmit(vf_netdev, n, frames, flags); ++ } ++ ++ q_idx = smp_processor_id() % ndev->real_num_tx_queues; ++ ++ for (i = 0; i < n; i++) { ++ if (netvsc_ndoxdp_xmit_fm(ndev, frames[i], q_idx)) ++ break; ++ ++ count++; ++ } ++ ++ tx_stats = &nvsc_dev->chan_table[q_idx].tx_stats; ++ ++ u64_stats_update_begin(&tx_stats->syncp); ++ tx_stats->xdp_xmit += count; ++ u64_stats_update_end(&tx_stats->syncp); ++ ++ return count; ++} +diff --git a/drivers/net/hyperv/netvsc_drv.c b/drivers/net/hyperv/netvsc_drv.c +--- a/drivers/net/hyperv/netvsc_drv.c ++++ b/drivers/net/hyperv/netvsc_drv.c +@@ -242,56 +242,6 @@ static inline void *init_ppi_data(struct rndis_message *msg, + return ppi + 1; + } + +-/* Azure hosts don't support non-TCP port numbers in hashing for fragmented +- * packets. We can use ethtool to change UDP hash level when necessary. +- */ +-static inline u32 netvsc_get_hash( +- struct sk_buff *skb, +- const struct net_device_context *ndc) +-{ +- struct flow_keys flow; +- u32 hash, pkt_proto = 0; +- static u32 hashrnd __read_mostly; +- +- net_get_random_once(&hashrnd, sizeof(hashrnd)); +- +- if (!skb_flow_dissect_flow_keys(skb, &flow, 0)) +- return 0; +- +- switch (flow.basic.ip_proto) { +- case IPPROTO_TCP: +- if (flow.basic.n_proto == htons(ETH_P_IP)) +- pkt_proto = HV_TCP4_L4HASH; +- else if (flow.basic.n_proto == htons(ETH_P_IPV6)) +- pkt_proto = HV_TCP6_L4HASH; +- +- break; +- +- case IPPROTO_UDP: +- if (flow.basic.n_proto == htons(ETH_P_IP)) +- pkt_proto = HV_UDP4_L4HASH; +- else if (flow.basic.n_proto == htons(ETH_P_IPV6)) +- pkt_proto = HV_UDP6_L4HASH; +- +- break; +- } +- +- if (pkt_proto & ndc->l4_hash) { +- return skb_get_hash(skb); +- } else { +- if (flow.basic.n_proto == htons(ETH_P_IP)) +- hash = jhash2((u32 *)&flow.addrs.v4addrs, 2, hashrnd); +- else if (flow.basic.n_proto == htons(ETH_P_IPV6)) +- hash = jhash2((u32 *)&flow.addrs.v6addrs, 8, hashrnd); +- else +- return 0; +- +- __skb_set_sw_hash(skb, hash, false); +- } +- +- return hash; +-} +- + static inline int netvsc_get_tx_queue(struct net_device *ndev, + struct sk_buff *skb, int old_idx) + { +@@ -804,7 +754,7 @@ void netvsc_linkstatus_callback(struct net_device *net, + } + + /* This function should only be called after skb_record_rx_queue() */ +-static void netvsc_xdp_xmit(struct sk_buff *skb, struct net_device *ndev) ++void netvsc_xdp_xmit(struct sk_buff *skb, struct net_device *ndev) + { + int rc; + +@@ -925,7 +875,7 @@ int netvsc_recv_callback(struct net_device *net, + struct vmbus_channel *channel = nvchan->channel; + u16 q_idx = channel->offermsg.offer.sub_channel_index; + struct sk_buff *skb; +- struct netvsc_stats *rx_stats = &nvchan->rx_stats; ++ struct netvsc_stats_rx *rx_stats = &nvchan->rx_stats; + struct xdp_buff xdp; + u32 act; + +@@ -934,6 +884,9 @@ int netvsc_recv_callback(struct net_device *net, + + act = netvsc_run_xdp(net, nvchan, &xdp); + ++ if (act == XDP_REDIRECT) ++ return NVSP_STAT_SUCCESS; ++ + if (act != XDP_PASS && act != XDP_TX) { + u64_stats_update_begin(&rx_stats->syncp); + rx_stats->xdp_drop++; +@@ -958,6 +911,9 @@ int netvsc_recv_callback(struct net_device *net, + * statistics will not work correctly. + */ + u64_stats_update_begin(&rx_stats->syncp); ++ if (act == XDP_TX) ++ rx_stats->xdp_tx++; ++ + rx_stats->packets++; + rx_stats->bytes += nvchan->rsc.pktlen; + +@@ -1353,28 +1309,29 @@ static void netvsc_get_pcpu_stats(struct net_device *net, + /* fetch percpu stats of netvsc */ + for (i = 0; i < nvdev->num_chn; i++) { + const struct netvsc_channel *nvchan = &nvdev->chan_table[i]; +- const struct netvsc_stats *stats; ++ const struct netvsc_stats_tx *tx_stats; ++ const struct netvsc_stats_rx *rx_stats; + struct netvsc_ethtool_pcpu_stats *this_tot = + &pcpu_tot[nvchan->channel->target_cpu]; + u64 packets, bytes; + unsigned int start; + +- stats = &nvchan->tx_stats; ++ tx_stats = &nvchan->tx_stats; + do { +- start = u64_stats_fetch_begin_irq(&stats->syncp); +- packets = stats->packets; +- bytes = stats->bytes; +- } while (u64_stats_fetch_retry_irq(&stats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&tx_stats->syncp); ++ packets = tx_stats->packets; ++ bytes = tx_stats->bytes; ++ } while (u64_stats_fetch_retry_irq(&tx_stats->syncp, start)); + + this_tot->tx_bytes += bytes; + this_tot->tx_packets += packets; + +- stats = &nvchan->rx_stats; ++ rx_stats = &nvchan->rx_stats; + do { +- start = u64_stats_fetch_begin_irq(&stats->syncp); +- packets = stats->packets; +- bytes = stats->bytes; +- } while (u64_stats_fetch_retry_irq(&stats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&rx_stats->syncp); ++ packets = rx_stats->packets; ++ bytes = rx_stats->bytes; ++ } while (u64_stats_fetch_retry_irq(&rx_stats->syncp, start)); + + this_tot->rx_bytes += bytes; + this_tot->rx_packets += packets; +@@ -1406,27 +1363,28 @@ static void netvsc_get_stats64(struct net_device *net, + + for (i = 0; i < nvdev->num_chn; i++) { + const struct netvsc_channel *nvchan = &nvdev->chan_table[i]; +- const struct netvsc_stats *stats; ++ const struct netvsc_stats_tx *tx_stats; ++ const struct netvsc_stats_rx *rx_stats; + u64 packets, bytes, multicast; + unsigned int start; + +- stats = &nvchan->tx_stats; ++ tx_stats = &nvchan->tx_stats; + do { +- start = u64_stats_fetch_begin_irq(&stats->syncp); +- packets = stats->packets; +- bytes = stats->bytes; +- } while (u64_stats_fetch_retry_irq(&stats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&tx_stats->syncp); ++ packets = tx_stats->packets; ++ bytes = tx_stats->bytes; ++ } while (u64_stats_fetch_retry_irq(&tx_stats->syncp, start)); + + t->tx_bytes += bytes; + t->tx_packets += packets; + +- stats = &nvchan->rx_stats; ++ rx_stats = &nvchan->rx_stats; + do { +- start = u64_stats_fetch_begin_irq(&stats->syncp); +- packets = stats->packets; +- bytes = stats->bytes; +- multicast = stats->multicast + stats->broadcast; +- } while (u64_stats_fetch_retry_irq(&stats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&rx_stats->syncp); ++ packets = rx_stats->packets; ++ bytes = rx_stats->bytes; ++ multicast = rx_stats->multicast + rx_stats->broadcast; ++ } while (u64_stats_fetch_retry_irq(&rx_stats->syncp, start)); + + t->rx_bytes += bytes; + t->rx_packets += packets; +@@ -1515,8 +1473,8 @@ static const struct { + /* statistics per queue (rx/tx packets/bytes) */ + #define NETVSC_PCPU_STATS_LEN (num_present_cpus() * ARRAY_SIZE(pcpu_stats)) + +-/* 5 statistics per queue (rx/tx packets/bytes, rx xdp_drop) */ +-#define NETVSC_QUEUE_STATS_LEN(dev) ((dev)->num_chn * 5) ++/* 8 statistics per queue (rx/tx packets/bytes, XDP actions) */ ++#define NETVSC_QUEUE_STATS_LEN(dev) ((dev)->num_chn * 8) + + static int netvsc_get_sset_count(struct net_device *dev, int string_set) + { +@@ -1543,12 +1501,16 @@ static void netvsc_get_ethtool_stats(struct net_device *dev, + struct net_device_context *ndc = netdev_priv(dev); + struct netvsc_device *nvdev = rtnl_dereference(ndc->nvdev); + const void *nds = &ndc->eth_stats; +- const struct netvsc_stats *qstats; ++ const struct netvsc_stats_tx *tx_stats; ++ const struct netvsc_stats_rx *rx_stats; + struct netvsc_vf_pcpu_stats sum; + struct netvsc_ethtool_pcpu_stats *pcpu_sum; + unsigned int start; + u64 packets, bytes; + u64 xdp_drop; ++ u64 xdp_redirect; ++ u64 xdp_tx; ++ u64 xdp_xmit; + int i, j, cpu; + + if (!nvdev) +@@ -1562,26 +1524,32 @@ static void netvsc_get_ethtool_stats(struct net_device *dev, + data[i++] = *(u64 *)((void *)&sum + vf_stats[j].offset); + + for (j = 0; j < nvdev->num_chn; j++) { +- qstats = &nvdev->chan_table[j].tx_stats; ++ tx_stats = &nvdev->chan_table[j].tx_stats; + + do { +- start = u64_stats_fetch_begin_irq(&qstats->syncp); +- packets = qstats->packets; +- bytes = qstats->bytes; +- } while (u64_stats_fetch_retry_irq(&qstats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&tx_stats->syncp); ++ packets = tx_stats->packets; ++ bytes = tx_stats->bytes; ++ xdp_xmit = tx_stats->xdp_xmit; ++ } while (u64_stats_fetch_retry_irq(&tx_stats->syncp, start)); + data[i++] = packets; + data[i++] = bytes; ++ data[i++] = xdp_xmit; + +- qstats = &nvdev->chan_table[j].rx_stats; ++ rx_stats = &nvdev->chan_table[j].rx_stats; + do { +- start = u64_stats_fetch_begin_irq(&qstats->syncp); +- packets = qstats->packets; +- bytes = qstats->bytes; +- xdp_drop = qstats->xdp_drop; +- } while (u64_stats_fetch_retry_irq(&qstats->syncp, start)); ++ start = u64_stats_fetch_begin_irq(&rx_stats->syncp); ++ packets = rx_stats->packets; ++ bytes = rx_stats->bytes; ++ xdp_drop = rx_stats->xdp_drop; ++ xdp_redirect = rx_stats->xdp_redirect; ++ xdp_tx = rx_stats->xdp_tx; ++ } while (u64_stats_fetch_retry_irq(&rx_stats->syncp, start)); + data[i++] = packets; + data[i++] = bytes; + data[i++] = xdp_drop; ++ data[i++] = xdp_redirect; ++ data[i++] = xdp_tx; + } + + pcpu_sum = kvmalloc_array(num_possible_cpus(), +@@ -1622,12 +1590,18 @@ static void netvsc_get_strings(struct net_device *dev, u32 stringset, u8 *data) + p += ETH_GSTRING_LEN; + sprintf(p, "tx_queue_%u_bytes", i); + p += ETH_GSTRING_LEN; ++ sprintf(p, "tx_queue_%u_xdp_xmit", i); ++ p += ETH_GSTRING_LEN; + sprintf(p, "rx_queue_%u_packets", i); + p += ETH_GSTRING_LEN; + sprintf(p, "rx_queue_%u_bytes", i); + p += ETH_GSTRING_LEN; + sprintf(p, "rx_queue_%u_xdp_drop", i); + p += ETH_GSTRING_LEN; ++ sprintf(p, "rx_queue_%u_xdp_redirect", i); ++ p += ETH_GSTRING_LEN; ++ sprintf(p, "rx_queue_%u_xdp_tx", i); ++ p += ETH_GSTRING_LEN; + } + + for_each_present_cpu(cpu) { +@@ -2057,6 +2028,7 @@ static const struct net_device_ops device_ops = { + .ndo_select_queue = netvsc_select_queue, + .ndo_get_stats64 = netvsc_get_stats64, + .ndo_bpf = netvsc_bpf, ++ .ndo_xdp_xmit = netvsc_ndoxdp_xmit, + }; + + /* diff --git a/patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch b/patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch new file mode 100644 index 0000000..fa05903 --- /dev/null +++ b/patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch @@ -0,0 +1,37 @@ +From cffd93411575afd987788e2ec3cb8eaff70f0215 Mon Sep 17 00:00:00 2001 +From: Lorenzo Bianconi +Date: Tue, 17 May 2022 18:37:07 +0200 +Subject: [PATCH] mt76: mt76x02u: fix possible memory leak in __mt76x02u_mcu_send_msg +Git-commit: cffd93411575afd987788e2ec3cb8eaff70f0215 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Free the skb if mt76u_bulk_msg fails in __mt76x02u_mcu_send_msg routine. + +Fixes: 4c89ff2c74e39 ("mt76: split __mt76u_mcu_send_msg and mt76u_mcu_send_msg routines") +Co-developed-by: Gergo Koteles +Signed-off-by: Gergo Koteles +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Felix Fietkau +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c +index 2953df7d8388..c6c16fe8ee85 100644 +--- a/drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c ++++ b/drivers/net/wireless/mediatek/mt76/mt76x02_usb_mcu.c +@@ -108,7 +108,7 @@ __mt76x02u_mcu_send_msg(struct mt76_dev *dev, struct sk_buff *skb, + ret = mt76u_bulk_msg(dev, skb->data, skb->len, NULL, 500, + MT_EP_OUT_INBAND_CMD); + if (ret) +- return ret; ++ goto out; + + if (wait_resp) + ret = mt76x02u_mcu_wait_resp(dev, seq); +-- +2.35.3 + diff --git a/patches.suse/mt7601u-add-USB-device-ID-for-some-versions-of-XiaoD.patch b/patches.suse/mt7601u-add-USB-device-ID-for-some-versions-of-XiaoD.patch new file mode 100644 index 0000000..60b4fa9 --- /dev/null +++ b/patches.suse/mt7601u-add-USB-device-ID-for-some-versions-of-XiaoD.patch @@ -0,0 +1,36 @@ +From 829eea7c94e0bac804e65975639a2f2e5f147033 Mon Sep 17 00:00:00 2001 +From: Wei Mingzhi +Date: Sat, 19 Jun 2021 00:08:40 +0800 +Subject: [PATCH] mt7601u: add USB device ID for some versions of XiaoDu WiFi Dongle. +Git-commit: 829eea7c94e0bac804e65975639a2f2e5f147033 +Patch-mainline: v5.14-rc1 +References: git-fixes + +USB device ID of some versions of XiaoDu WiFi Dongle is 2955:1003 +instead of 2955:1001. Both are the same mt7601u hardware. + +Signed-off-by: Wei Mingzhi +Acked-by: Jakub Kicinski +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20210618160840.305024-1-whistler@member.fsf.org +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/mediatek/mt7601u/usb.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wireless/mediatek/mt7601u/usb.c b/drivers/net/wireless/mediatek/mt7601u/usb.c +index 6bcc4a13ae6c..cc772045d526 100644 +--- a/drivers/net/wireless/mediatek/mt7601u/usb.c ++++ b/drivers/net/wireless/mediatek/mt7601u/usb.c +@@ -26,6 +26,7 @@ static const struct usb_device_id mt7601u_device_table[] = { + { USB_DEVICE(0x2717, 0x4106) }, + { USB_DEVICE(0x2955, 0x0001) }, + { USB_DEVICE(0x2955, 0x1001) }, ++ { USB_DEVICE(0x2955, 0x1003) }, + { USB_DEVICE(0x2a5f, 0x1000) }, + { USB_DEVICE(0x7392, 0x7710) }, + { 0, } +-- +2.35.3 + diff --git a/patches.suse/net-ag71xx-remove-unnecessary-MTU-reservation.patch b/patches.suse/net-ag71xx-remove-unnecessary-MTU-reservation.patch new file mode 100644 index 0000000..86c5a56 --- /dev/null +++ b/patches.suse/net-ag71xx-remove-unnecessary-MTU-reservation.patch @@ -0,0 +1,47 @@ +From 5127d1fc23d372f391681d5406fe567e6cc01aac Mon Sep 17 00:00:00 2001 +From: DENG Qingfang +Date: Thu, 18 Feb 2021 11:45:14 +0800 +Subject: [PATCH 11/14] net: ag71xx: remove unnecessary MTU reservation +Git-commit: 04b385f325080157ab1b5f8ce1b1de07ce0d9e27 +Patch-mainline: v5.12-rc1 +References: git-fixes + +2 bytes of the MTU are reserved for Atheros DSA tag, but DSA core +has already handled that since commit dc0fe7d47f9f. +Remove the unnecessary reservation. + +Fixes: d51b6ce441d3 ("net: ethernet: add ag71xx driver") +Signed-off-by: DENG Qingfang +Reviewed-by: Oleksij Rempel +Link: https://lore.kernel.org/r/20210218034514.3421-1-dqfext@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/atheros/ag71xx.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/atheros/ag71xx.c b/drivers/net/ethernet/atheros/ag71xx.c +index 203ab0adb81e..131fc49462c9 100644 +--- a/drivers/net/ethernet/atheros/ag71xx.c ++++ b/drivers/net/ethernet/atheros/ag71xx.c +@@ -222,8 +222,6 @@ + #define AG71XX_REG_RX_SM 0x01b0 + #define AG71XX_REG_TX_SM 0x01b4 + +-#define ETH_SWITCH_HEADER_LEN 2 +- + #define AG71XX_DEFAULT_MSG_ENABLE \ + (NETIF_MSG_DRV \ + | NETIF_MSG_PROBE \ +@@ -784,7 +782,7 @@ static void ag71xx_hw_setup(struct ag71xx *ag) + + static unsigned int ag71xx_max_frame_len(unsigned int mtu) + { +- return ETH_SWITCH_HEADER_LEN + ETH_HLEN + VLAN_HLEN + mtu + ETH_FCS_LEN; ++ return ETH_HLEN + VLAN_HLEN + mtu + ETH_FCS_LEN; + } + + static void ag71xx_hw_set_macaddr(struct ag71xx *ag, unsigned char *mac) +-- +2.16.4 + diff --git a/patches.suse/net-allwinner-Fix-some-resources-leak-in-the-error-h.patch b/patches.suse/net-allwinner-Fix-some-resources-leak-in-the-error-h.patch new file mode 100644 index 0000000..345c6da --- /dev/null +++ b/patches.suse/net-allwinner-Fix-some-resources-leak-in-the-error-h.patch @@ -0,0 +1,64 @@ +From a19c86c250fe95892304ebe9ed8de77aec0f6b2b Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Mon, 14 Dec 2020 21:21:17 +0100 +Subject: [PATCH 2/5] net: allwinner: Fix some resources leak in the error + handling path of the probe and in the remove function +Git-commit: 322e53d1e2529ae9d501f5e0f20604a79b873aef +Patch-mainline: v5.11-rc1 +References: git-fixes + +'irq_of_parse_and_map()' should be balanced by a corresponding +'irq_dispose_mapping()' call. Otherwise, there is some resources leaks. + +Add such a call in the error handling path of the probe function and in the +remove function. + +Fixes: 492205050d77 ("net: Add EMAC ethernet driver found on Allwinner A10 SoC's") +Signed-off-by: Christophe JAILLET +Link: https://lore.kernel.org/r/20201214202117.146293-1-christophe.jaillet@wanadoo.fr +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/allwinner/sun4i-emac.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/allwinner/sun4i-emac.c b/drivers/net/ethernet/allwinner/sun4i-emac.c +index 5ea806423e4c..80d96dd6e1d1 100644 +--- a/drivers/net/ethernet/allwinner/sun4i-emac.c ++++ b/drivers/net/ethernet/allwinner/sun4i-emac.c +@@ -845,13 +845,13 @@ static int emac_probe(struct platform_device *pdev) + db->clk = devm_clk_get(&pdev->dev, NULL); + if (IS_ERR(db->clk)) { + ret = PTR_ERR(db->clk); +- goto out_iounmap; ++ goto out_dispose_mapping; + } + + ret = clk_prepare_enable(db->clk); + if (ret) { + dev_err(&pdev->dev, "Error couldn't enable clock (%d)\n", ret); +- goto out_iounmap; ++ goto out_dispose_mapping; + } + + ret = sunxi_sram_claim(&pdev->dev); +@@ -910,6 +910,8 @@ static int emac_probe(struct platform_device *pdev) + sunxi_sram_release(&pdev->dev); + out_clk_disable_unprepare: + clk_disable_unprepare(db->clk); ++out_dispose_mapping: ++ irq_dispose_mapping(ndev->irq); + out_iounmap: + iounmap(db->membase); + out: +@@ -928,6 +930,7 @@ static int emac_remove(struct platform_device *pdev) + unregister_netdev(ndev); + sunxi_sram_release(&pdev->dev); + clk_disable_unprepare(db->clk); ++ irq_dispose_mapping(ndev->irq); + iounmap(db->membase); + free_netdev(ndev); + +-- +2.16.4 + diff --git a/patches.suse/net-amd-xgbe-Fix-NETDEV-WATCHDOG-transmit-queue-time.patch b/patches.suse/net-amd-xgbe-Fix-NETDEV-WATCHDOG-transmit-queue-time.patch new file mode 100644 index 0000000..d24c57c --- /dev/null +++ b/patches.suse/net-amd-xgbe-Fix-NETDEV-WATCHDOG-transmit-queue-time.patch @@ -0,0 +1,78 @@ +From 7cf1191e92da6d02d8bd2c91c321b632aea42d7a Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Wed, 17 Feb 2021 00:37:08 +0530 +Subject: [PATCH 08/14] net: amd-xgbe: Fix NETDEV WATCHDOG transmit queue + timeout warning +Git-commit: 186edbb510bd60e748f93975989ccba25ee99c50 +Patch-mainline: v5.12-rc1 +References: git-fixes + +The current driver calls netif_carrier_off() late in the link tear down +which can result in a netdev watchdog timeout. + +Calling netif_carrier_off() immediately after netif_tx_stop_all_queues() +avoids the warning. + + ------------[ cut here ]------------ + NETDEV WATCHDOG: enp3s0f2 (amd-xgbe): transmit queue 0 timed out + WARNING: CPU: 3 PID: 0 at net/sched/sch_generic.c:461 dev_watchdog+0x20d/0x220 + Modules linked in: amd_xgbe(E) amd-xgbe 0000:03:00.2 enp3s0f2: Link is Down + CPU: 3 PID: 0 Comm: swapper/3 Tainted: G E + Hardware name: AMD Bilby-RV2/Bilby-RV2, BIOS RBB1202A 10/18/2019 + RIP: 0010:dev_watchdog+0x20d/0x220 + Code: 00 49 63 4e e0 eb 92 4c 89 e7 c6 05 c6 e2 c1 00 01 e8 e7 ce fc ff 89 d9 48 + RSP: 0018:ffff90cfc28c3e88 EFLAGS: 00010286 + RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 + RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff90cfc28d63c0 + RBP: ffff90cfb977845c R08: 0000000000000050 R09: 0000000000196018 + R10: ffff90cfc28c3ef8 R11: 0000000000000000 R12: ffff90cfb9778000 + R13: 0000000000000003 R14: ffff90cfb9778480 R15: 0000000000000010 + FS: 0000000000000000(0000) GS:ffff90cfc28c0000(0000) knlGS:0000000000000000 + CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 + CR2: 00007f240ff2d9d0 CR3: 00000001e3e0a000 CR4: 00000000003406e0 + Call Trace: + + ? pfifo_fast_reset+0x100/0x100 + call_timer_fn+0x2b/0x130 + run_timer_softirq+0x3e8/0x440 + ? enqueue_hrtimer+0x39/0x90 + +Fixes: e722ec82374b ("amd-xgbe: Update the BelFuse quirk to support SGMII") +Co-developed-by: Sudheesh Mavila +Signed-off-by: Sudheesh Mavila +Signed-off-by: Shyam Sundar S K +Acked-by: Tom Lendacky +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 1 + + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 1 - + 2 files changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +index a87264f95f1a..6a4fa9674f50 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-drv.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-drv.c +@@ -1443,6 +1443,7 @@ static void xgbe_stop(struct xgbe_prv_data *pdata) + return; + + netif_tx_stop_all_queues(netdev); ++ netif_carrier_off(pdata->netdev); + + xgbe_stop_timers(pdata); + flush_workqueue(pdata->dev_workqueue); +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c +index 8a3a60bb2688..4d5506d92897 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c +@@ -1396,7 +1396,6 @@ static void xgbe_phy_stop(struct xgbe_prv_data *pdata) + pdata->phy_if.phy_impl.stop(pdata); + + pdata->phy.link = 0; +- netif_carrier_off(pdata->netdev); + + xgbe_phy_adjust_link(pdata); + } +-- +2.16.4 + diff --git a/patches.suse/net-amd-xgbe-Fix-network-fluctuations-when-using-1G-.patch b/patches.suse/net-amd-xgbe-Fix-network-fluctuations-when-using-1G-.patch new file mode 100644 index 0000000..7b0af7b --- /dev/null +++ b/patches.suse/net-amd-xgbe-Fix-network-fluctuations-when-using-1G-.patch @@ -0,0 +1,41 @@ +From 2f6552296c961efb9e2467db4e966d5dd6bbbd10 Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Wed, 17 Feb 2021 00:37:10 +0530 +Subject: [PATCH 10/14] net: amd-xgbe: Fix network fluctuations when using 1G + BELFUSE SFP +Git-commit: 9eab3fdb419916f66a72d1572f68d82cd9b3f963 +Patch-mainline: v5.12-rc1 +References: git-fixes + +Frequent link up/down events can happen when a Bel Fuse SFP part is +connected to the amd-xgbe device. Try to avoid the frequent link +issues by resetting the PHY as documented in Bel Fuse SFP datasheets. + +Fixes: e722ec82374b ("amd-xgbe: Update the BelFuse quirk to support SGMII") +Co-developed-by: Sudheesh Mavila +Signed-off-by: Sudheesh Mavila +Signed-off-by: Shyam Sundar S K +Acked-by: Tom Lendacky +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +index 387d3aeebf23..d6f6afb67bcc 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +@@ -921,6 +921,9 @@ static bool xgbe_phy_belfuse_phy_quirks(struct xgbe_prv_data *pdata) + if ((phy_id & 0xfffffff0) != 0x03625d10) + return false; + ++ /* Reset PHY - wait for self-clearing reset bit to clear */ ++ genphy_soft_reset(phy_data->phydev); ++ + /* Disable RGMII mode */ + phy_write(phy_data->phydev, 0x18, 0x7007); + reg = phy_read(phy_data->phydev, 0x18); +-- +2.16.4 + diff --git a/patches.suse/net-amd-xgbe-Reset-link-when-the-link-never-comes-ba.patch b/patches.suse/net-amd-xgbe-Reset-link-when-the-link-never-comes-ba.patch new file mode 100644 index 0000000..21ea37c --- /dev/null +++ b/patches.suse/net-amd-xgbe-Reset-link-when-the-link-never-comes-ba.patch @@ -0,0 +1,66 @@ +From 41ff2f1ae09e5f1819c17ebea68d61dd2d046e90 Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Wed, 17 Feb 2021 00:37:09 +0530 +Subject: [PATCH 09/14] net: amd-xgbe: Reset link when the link never comes + back +Git-commit: 84fe68eb67f9499309cffd97c1ba269de125ff14 +Patch-mainline: v5.12-rc1 +References: git-fixes + +Normally, auto negotiation and reconnect should be automatically done by +the hardware. But there seems to be an issue where auto negotiation has +to be restarted manually. This happens because of link training and so +even though still connected to the partner the link never "comes back". +This needs an auto-negotiation restart. + +Also, a change in xgbe-mdio is needed to get ethtool to recognize the +link down and get the link change message. This change is only +required in a backplane connection mode. + +Fixes: abf0a1c2b26a ("amd-xgbe: Add support for SFP+ modules") +Co-developed-by: Sudheesh Mavila +Signed-off-by: Sudheesh Mavila +Signed-off-by: Shyam Sundar S K +Acked-by: Tom Lendacky +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/amd/xgbe/xgbe-mdio.c | 2 +- + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 8 ++++++++ + 2 files changed, 9 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c +index 4d5506d92897..156a0bc8ab01 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-mdio.c +@@ -1345,7 +1345,7 @@ static void xgbe_phy_status(struct xgbe_prv_data *pdata) + &an_restart); + if (an_restart) { + xgbe_phy_config_aneg(pdata); +- return; ++ goto adjust_link; + } + + if (pdata->phy.link) { +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +index f024db6d9015..387d3aeebf23 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +@@ -2601,6 +2601,14 @@ static int xgbe_phy_link_status(struct xgbe_prv_data *pdata, int *an_restart) + if (reg & MDIO_STAT1_LSTATUS) + return 1; + ++ if (pdata->phy.autoneg == AUTONEG_ENABLE && ++ phy_data->port_mode == XGBE_PORT_MODE_BACKPLANE) { ++ if (!test_bit(XGBE_LINK_INIT, &pdata->dev_state)) { ++ netif_carrier_off(pdata->netdev); ++ *an_restart = 1; ++ } ++ } ++ + /* No link, attempt a receiver reset cycle */ + if (phy_data->rrc_count++ > XGBE_RRC_FREQUENCY) { + phy_data->rrc_count = 0; +-- +2.16.4 + diff --git a/patches.suse/net-amd-xgbe-Reset-the-PHY-rx-data-path-when-mailbox.patch b/patches.suse/net-amd-xgbe-Reset-the-PHY-rx-data-path-when-mailbox.patch new file mode 100644 index 0000000..19fddbc --- /dev/null +++ b/patches.suse/net-amd-xgbe-Reset-the-PHY-rx-data-path-when-mailbox.patch @@ -0,0 +1,127 @@ +From e24385dbf7bd21c48ee68cf585b6f63d4745b9c7 Mon Sep 17 00:00:00 2001 +From: Shyam Sundar S K +Date: Wed, 17 Feb 2021 00:37:07 +0530 +Subject: [PATCH 07/14] net: amd-xgbe: Reset the PHY rx data path when mailbox + command timeout +Git-commit: 30b7edc82ec82578f4f5e6706766f0a9535617d3 +Patch-mainline: v5.12-rc1 +References: git-fixes + +Sometimes mailbox commands timeout when the RX data path becomes +unresponsive. This prevents the submission of new mailbox commands to DXIO. +This patch identifies the timeout and resets the RX data path so that the +next message can be submitted properly. + +Fixes: 549b32af9f7c ("amd-xgbe: Simplify mailbox interface rate change code") +Co-developed-by: Sudheesh Mavila +Signed-off-by: Sudheesh Mavila +Signed-off-by: Shyam Sundar S K +Acked-by: Tom Lendacky +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/amd/xgbe/xgbe-common.h | 14 ++++++++++++++ + drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c | 28 +++++++++++++++++++++++++++- + 2 files changed, 41 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-common.h b/drivers/net/ethernet/amd/xgbe/xgbe-common.h +index b40d4377cc71..b2cd3bdba9f8 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-common.h ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-common.h +@@ -1279,10 +1279,18 @@ + #define MDIO_PMA_10GBR_FECCTRL 0x00ab + #endif + ++#ifndef MDIO_PMA_RX_CTRL1 ++#define MDIO_PMA_RX_CTRL1 0x8051 ++#endif ++ + #ifndef MDIO_PCS_DIG_CTRL + #define MDIO_PCS_DIG_CTRL 0x8000 + #endif + ++#ifndef MDIO_PCS_DIGITAL_STAT ++#define MDIO_PCS_DIGITAL_STAT 0x8010 ++#endif ++ + #ifndef MDIO_AN_XNP + #define MDIO_AN_XNP 0x0016 + #endif +@@ -1358,6 +1366,8 @@ + #define XGBE_KR_TRAINING_ENABLE BIT(1) + + #define XGBE_PCS_CL37_BP BIT(12) ++#define XGBE_PCS_PSEQ_STATE_MASK 0x1c ++#define XGBE_PCS_PSEQ_STATE_POWER_GOOD 0x10 + + #define XGBE_AN_CL37_INT_CMPLT BIT(0) + #define XGBE_AN_CL37_INT_MASK 0x01 +@@ -1375,6 +1385,10 @@ + #define XGBE_PMA_CDR_TRACK_EN_OFF 0x00 + #define XGBE_PMA_CDR_TRACK_EN_ON 0x01 + ++#define XGBE_PMA_RX_RST_0_MASK BIT(4) ++#define XGBE_PMA_RX_RST_0_RESET_ON 0x10 ++#define XGBE_PMA_RX_RST_0_RESET_OFF 0x00 ++ + /* Bit setting and getting macros + * The get macro will extract the current bit field value from within + * the variable +diff --git a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +index 128cd648ba99..f024db6d9015 100644 +--- a/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c ++++ b/drivers/net/ethernet/amd/xgbe/xgbe-phy-v2.c +@@ -1948,6 +1948,27 @@ static void xgbe_phy_set_redrv_mode(struct xgbe_prv_data *pdata) + xgbe_phy_put_comm_ownership(pdata); + } + ++static void xgbe_phy_rx_reset(struct xgbe_prv_data *pdata) ++{ ++ int reg; ++ ++ reg = XMDIO_READ_BITS(pdata, MDIO_MMD_PCS, MDIO_PCS_DIGITAL_STAT, ++ XGBE_PCS_PSEQ_STATE_MASK); ++ if (reg == XGBE_PCS_PSEQ_STATE_POWER_GOOD) { ++ /* Mailbox command timed out, reset of RX block is required. ++ * This can be done by asseting the reset bit and wait for ++ * its compeletion. ++ */ ++ XMDIO_WRITE_BITS(pdata, MDIO_MMD_PMAPMD, MDIO_PMA_RX_CTRL1, ++ XGBE_PMA_RX_RST_0_MASK, XGBE_PMA_RX_RST_0_RESET_ON); ++ ndelay(20); ++ XMDIO_WRITE_BITS(pdata, MDIO_MMD_PMAPMD, MDIO_PMA_RX_CTRL1, ++ XGBE_PMA_RX_RST_0_MASK, XGBE_PMA_RX_RST_0_RESET_OFF); ++ usleep_range(40, 50); ++ netif_err(pdata, link, pdata->netdev, "firmware mailbox reset performed\n"); ++ } ++} ++ + static void xgbe_phy_perform_ratechange(struct xgbe_prv_data *pdata, + unsigned int cmd, unsigned int sub_cmd) + { +@@ -1955,9 +1976,11 @@ static void xgbe_phy_perform_ratechange(struct xgbe_prv_data *pdata, + unsigned int wait; + + /* Log if a previous command did not complete */ +- if (XP_IOREAD_BITS(pdata, XP_DRIVER_INT_RO, STATUS)) ++ if (XP_IOREAD_BITS(pdata, XP_DRIVER_INT_RO, STATUS)) { + netif_dbg(pdata, link, pdata->netdev, + "firmware mailbox not ready for command\n"); ++ xgbe_phy_rx_reset(pdata); ++ } + + /* Construct the command */ + XP_SET_BITS(s0, XP_DRIVER_SCRATCH_0, COMMAND, cmd); +@@ -1979,6 +2002,9 @@ static void xgbe_phy_perform_ratechange(struct xgbe_prv_data *pdata, + + netif_dbg(pdata, link, pdata->netdev, + "firmware mailbox command did not complete\n"); ++ ++ /* Reset on error */ ++ xgbe_phy_rx_reset(pdata); + } + + static void xgbe_phy_rrc(struct xgbe_prv_data *pdata) +-- +2.16.4 + diff --git a/patches.suse/net-axienet-Handle-deferred-probe-on-clock-properly.patch b/patches.suse/net-axienet-Handle-deferred-probe-on-clock-properly.patch new file mode 100644 index 0000000..cd8f3eb --- /dev/null +++ b/patches.suse/net-axienet-Handle-deferred-probe-on-clock-properly.patch @@ -0,0 +1,75 @@ +From fb031b0e87d365386e170f884baebdd537be1676 Mon Sep 17 00:00:00 2001 +From: Robert Hancock +Date: Fri, 12 Feb 2021 18:17:48 -0600 +Subject: [PATCH 06/14] net: axienet: Handle deferred probe on clock properly +Git-commit: 57baf8cc70ea4cf5503c9d42f31f6a86d7f5ff1a +Patch-mainline: v5.12-rc1 +References: git-fixes + +This driver is set up to use a clock mapping in the device tree if it is +present, but still work without one for backward compatibility. However, +if getting the clock returns -EPROBE_DEFER, then we need to abort and +return that error from our driver initialization so that the probe can +be retried later after the clock is set up. + +Move clock initialization to earlier in the process so we do not waste as +much effort if the clock is not yet available. Switch to use +devm_clk_get_optional and abort initialization on any error reported. +Also enable the clock regardless of whether the controller is using an MDIO +bus, as the clock is required in any case. + +Fixes: 09a0354cadec267be7f ("net: axienet: Use clock framework to get device clock rate") +Signed-off-by: Robert Hancock +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 26 +++++++++++------------ + 1 file changed, 12 insertions(+), 14 deletions(-) + +diff --git a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +index df89ef05632a..e0bf4550dce1 100644 +--- a/drivers/net/ethernet/xilinx/xilinx_axienet_main.c ++++ b/drivers/net/ethernet/xilinx/xilinx_axienet_main.c +@@ -1678,6 +1678,18 @@ static int axienet_probe(struct platform_device *pdev) + lp->options = XAE_OPTION_DEFAULTS; + lp->rx_bd_num = RX_BD_NUM_DEFAULT; + lp->tx_bd_num = TX_BD_NUM_DEFAULT; ++ ++ lp->clk = devm_clk_get_optional(&pdev->dev, NULL); ++ if (IS_ERR(lp->clk)) { ++ ret = PTR_ERR(lp->clk); ++ goto free_netdev; ++ } ++ ret = clk_prepare_enable(lp->clk); ++ if (ret) { ++ dev_err(&pdev->dev, "Unable to enable clock: %d\n", ret); ++ goto free_netdev; ++ } ++ + /* Map device registers */ + ethres = platform_get_resource(pdev, IORESOURCE_MEM, 0); + lp->regs = devm_ioremap_resource(&pdev->dev, ethres); +@@ -1823,20 +1835,6 @@ static int axienet_probe(struct platform_device *pdev) + + lp->phy_node = of_parse_phandle(pdev->dev.of_node, "phy-handle", 0); + if (lp->phy_node) { +- lp->clk = devm_clk_get(&pdev->dev, NULL); +- if (IS_ERR(lp->clk)) { +- dev_warn(&pdev->dev, "Failed to get clock: %ld\n", +- PTR_ERR(lp->clk)); +- lp->clk = NULL; +- } else { +- ret = clk_prepare_enable(lp->clk); +- if (ret) { +- dev_err(&pdev->dev, "Unable to enable clock: %d\n", +- ret); +- goto free_netdev; +- } +- } +- + ret = axienet_mdio_setup(lp); + if (ret) + dev_warn(&pdev->dev, +-- +2.16.4 + diff --git a/patches.suse/net-dsa-b53-fix-an-off-by-one-in-checking-vlan-vid.patch b/patches.suse/net-dsa-b53-fix-an-off-by-one-in-checking-vlan-vid.patch new file mode 100644 index 0000000..7562608 --- /dev/null +++ b/patches.suse/net-dsa-b53-fix-an-off-by-one-in-checking-vlan-vid.patch @@ -0,0 +1,39 @@ +From 617a1e827415c3416fd5eaf7bd88abfeab6441e3 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 19 Jan 2021 17:48:03 +0300 +Subject: [PATCH 2/7] net: dsa: b53: fix an off by one in checking "vlan->vid" +Git-commit: 8e4052c32d6b4b39c1e13c652c7e33748d447409 +Patch-mainline: v5.11-rc5 +References: git-fixes + +The > comparison should be >= to prevent accessing one element beyond +the end of the dev->vlans[] array in the caller function, b53_vlan_add(). +The "dev->vlans" array is allocated in the b53_switch_init() function +and it has "dev->num_vlans" elements. + +Fixes: a2482d2ce349 ("net: dsa: b53: Plug in VLAN support") +Signed-off-by: Dan Carpenter +Acked-by: Florian Fainelli +Link: https://lore.kernel.org/r/YAbxI97Dl/pmBy5V@mwanda +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/b53/b53_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/dsa/b53/b53_common.c b/drivers/net/dsa/b53/b53_common.c +index c609d60bc808..0660d57d0525 100644 +--- a/drivers/net/dsa/b53/b53_common.c ++++ b/drivers/net/dsa/b53/b53_common.c +@@ -1316,7 +1316,7 @@ int b53_vlan_prepare(struct dsa_switch *ds, int port, + if ((is5325(dev) || is5365(dev)) && vlan->vid_begin == 0) + return -EOPNOTSUPP; + +- if (vlan->vid_end > dev->num_vlans) ++ if (vlan->vid_end >= dev->num_vlans) + return -ERANGE; + + b53_enable_vlan(dev, true, ds->vlan_filtering); +-- +2.16.4 + diff --git a/patches.suse/net-dsa-bcm_sf2-Qualify-phydev-dev_flags-based-on-po.patch b/patches.suse/net-dsa-bcm_sf2-Qualify-phydev-dev_flags-based-on-po.patch new file mode 100644 index 0000000..c45adc7 --- /dev/null +++ b/patches.suse/net-dsa-bcm_sf2-Qualify-phydev-dev_flags-based-on-po.patch @@ -0,0 +1,43 @@ +From f8137a462d2f7cde9f7e221cf3be38fb13af6e7e Mon Sep 17 00:00:00 2001 +From: Florian Fainelli +Date: Wed, 10 Mar 2021 14:17:58 -0800 +Subject: [PATCH 07/17] net: dsa: bcm_sf2: Qualify phydev->dev_flags based on + port +Git-commit: 47142ed6c34d544ae9f0463e58d482289cbe0d46 +References: git-fixes +Patch-mainline: v5.12-rc5 + +Similar to commit 92696286f3bb37ba50e4bd8d1beb24afb759a799 ("net: +bcmgenet: Set phydev->dev_flags only for internal PHYs") we need to +qualify the phydev->dev_flags based on whether the port is connected to +an internal or external PHY otherwise we risk having a flags collision +with a completely different interpretation depending on the driver. + +Fixes: aa9aef77c761 ("net: dsa: bcm_sf2: communicate integrated PHY revision to PHY driver") +Signed-off-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/bcm_sf2.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c +index 2f60ca86fc06..9869082352d9 100644 +--- a/drivers/net/dsa/bcm_sf2.c ++++ b/drivers/net/dsa/bcm_sf2.c +@@ -482,8 +482,10 @@ static u32 bcm_sf2_sw_get_phy_flags(struct dsa_switch *ds, int port) + * in bits 15:8 and the patch level in bits 7:0 which is exactly what + * the REG_PHY_REVISION register layout is. + */ +- +- return priv->hw_params.gphy_rev; ++ if (priv->int_phy_mask & BIT(port)) ++ return priv->hw_params.gphy_rev; ++ else ++ return 0; + } + + static void bcm_sf2_sw_validate(struct dsa_switch *ds, int port, +-- +2.16.4 + diff --git a/patches.suse/net-dsa-bcm_sf2-put-device-node-before-return.patch b/patches.suse/net-dsa-bcm_sf2-put-device-node-before-return.patch new file mode 100644 index 0000000..68b46b3 --- /dev/null +++ b/patches.suse/net-dsa-bcm_sf2-put-device-node-before-return.patch @@ -0,0 +1,48 @@ +From 3e33e4c610c32b5793cc1240b5256df2f414c7b6 Mon Sep 17 00:00:00 2001 +From: Pan Bian +Date: Thu, 21 Jan 2021 04:33:43 -0800 +Subject: [PATCH 01/14] net: dsa: bcm_sf2: put device node before return +Git-commit: cf3c46631e1637582f517a574c77cd6c05793817 +Patch-mainline: v5.11-rc6 +References: git-fixes + +Put the device node dn before return error code on failure path. + +Fixes: 461cd1b03e32 ("net: dsa: bcm_sf2: Register our slave MDIO bus") +Signed-off-by: Pan Bian +Link: https://lore.kernel.org/r/20210121123343.26330-1-bianpan2016@163.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/bcm_sf2.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/dsa/bcm_sf2.c b/drivers/net/dsa/bcm_sf2.c +index 38c21b06f408..2f60ca86fc06 100644 +--- a/drivers/net/dsa/bcm_sf2.c ++++ b/drivers/net/dsa/bcm_sf2.c +@@ -419,15 +419,19 @@ static int bcm_sf2_mdio_register(struct dsa_switch *ds) + /* Find our integrated MDIO bus node */ + dn = of_find_compatible_node(NULL, NULL, "brcm,unimac-mdio"); + priv->master_mii_bus = of_mdio_find_bus(dn); +- if (!priv->master_mii_bus) ++ if (!priv->master_mii_bus) { ++ of_node_put(dn); + return -EPROBE_DEFER; ++ } + + get_device(&priv->master_mii_bus->dev); + priv->master_mii_dn = dn; + + priv->slave_mii_bus = devm_mdiobus_alloc(ds->dev); +- if (!priv->slave_mii_bus) ++ if (!priv->slave_mii_bus) { ++ of_node_put(dn); + return -ENOMEM; ++ } + + priv->slave_mii_bus->priv = priv; + priv->slave_mii_bus->name = "sf2 slave mii"; +-- +2.16.4 + diff --git a/patches.suse/net-dsa-lantiq_gswip-Exclude-RMII-from-modes-that-re.patch b/patches.suse/net-dsa-lantiq_gswip-Exclude-RMII-from-modes-that-re.patch new file mode 100644 index 0000000..7dca6c7 --- /dev/null +++ b/patches.suse/net-dsa-lantiq_gswip-Exclude-RMII-from-modes-that-re.patch @@ -0,0 +1,45 @@ +From f0f669ddae248852f26de92d040736e4ece211fb Mon Sep 17 00:00:00 2001 +From: Aleksander Jan Bajkowski +Date: Thu, 7 Jan 2021 20:58:18 +0100 +Subject: [PATCH 5/5] net: dsa: lantiq_gswip: Exclude RMII from modes that + report 1 GbE +Git-commit: 3545454c7801e391b0d966f82c98614d45394770 +Patch-mainline: v5.11-rc3 +References: git-fixes + +Exclude RMII from modes that report 1 GbE support. Reduced MII supports +up to 100 MbE. + +Fixes: 14fceff4771e ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Signed-off-by: Aleksander Jan Bajkowski +Reviewed-by: Florian Fainelli +Link: https://lore.kernel.org/r/20210107195818.3878-1-olek2@wp.pl +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/lantiq_gswip.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c +index c67b88e70565..69884a719b87 100644 +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -1413,11 +1413,12 @@ static void gswip_phylink_validate(struct dsa_switch *ds, int port, + phylink_set(mask, Pause); + phylink_set(mask, Asym_Pause); + +- /* With the exclusion of MII and Reverse MII, we support Gigabit, +- * including Half duplex ++ /* With the exclusion of MII, Reverse MII and Reduced MII, we ++ * support Gigabit, including Half duplex + */ + if (state->interface != PHY_INTERFACE_MODE_MII && +- state->interface != PHY_INTERFACE_MODE_REVMII) { ++ state->interface != PHY_INTERFACE_MODE_REVMII && ++ state->interface != PHY_INTERFACE_MODE_RMII) { + phylink_set(mask, 1000baseT_Full); + phylink_set(mask, 1000baseT_Half); + } +-- +2.16.4 + diff --git a/patches.suse/net-dsa-lantiq_gswip-Let-GSWIP-automatically-set-the.patch b/patches.suse/net-dsa-lantiq_gswip-Let-GSWIP-automatically-set-the.patch new file mode 100644 index 0000000..f685506 --- /dev/null +++ b/patches.suse/net-dsa-lantiq_gswip-Let-GSWIP-automatically-set-the.patch @@ -0,0 +1,52 @@ +From cdd8b8a433c9c3c540d41591374fb0cbdc115878 Mon Sep 17 00:00:00 2001 +From: Martin Blumenstingl +Date: Wed, 24 Mar 2021 20:36:04 +0100 +Subject: [PATCH 10/17] net: dsa: lantiq_gswip: Let GSWIP automatically set the + xMII clock +Git-commit: 3e6fdeb28f4c331acbd27bdb0effc4befd4ef8e8 +References: git-fixes +Patch-mainline: v5.12-rc7 + +The xMII interface clock depends on the PHY interface (MII, RMII, RGMII) +as well as the current link speed. Explicitly configure the GSWIP to +automatically select the appropriate xMII interface clock. + +This fixes an issue seen by some users where ports using an external +RMII or RGMII PHY were deaf (no RX or TX traffic could be seen). Most +likely this is due to an "invalid" xMII clock being selected either by +the bootloader or hardware-defaults. + +Fixes: 14fceff4771e51 ("net: dsa: Add Lantiq / Intel DSA driver for vrx200") +Signed-off-by: Martin Blumenstingl +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/dsa/lantiq_gswip.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/dsa/lantiq_gswip.c b/drivers/net/dsa/lantiq_gswip.c +index 69884a719b87..7bb7f3f4b880 100644 +--- a/drivers/net/dsa/lantiq_gswip.c ++++ b/drivers/net/dsa/lantiq_gswip.c +@@ -789,10 +789,15 @@ static int gswip_setup(struct dsa_switch *ds) + /* Configure the MDIO Clock 2.5 MHz */ + gswip_mdio_mask(priv, 0xff, 0x09, GSWIP_MDIO_MDC_CFG1); + +- /* Disable the xMII link */ +- for (i = 0; i < priv->hw_info->max_ports; i++) ++ for (i = 0; i < priv->hw_info->max_ports; i++) { ++ /* Disable the xMII link */ + gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_EN, 0, i); + ++ /* Automatically select the xMII interface clock */ ++ gswip_mii_mask_cfg(priv, GSWIP_MII_CFG_RATE_MASK, ++ GSWIP_MII_CFG_RATE_AUTO, i); ++ } ++ + /* enable special tag insertion on cpu port */ + gswip_switch_mask(priv, 0, GSWIP_FDMA_PCTRL_STEN, + GSWIP_FDMA_PCTRLp(cpu_port)); +-- +2.16.4 + diff --git a/patches.suse/net-enetc-fix-incorrect-TPID-when-receiving-802.1ad-.patch b/patches.suse/net-enetc-fix-incorrect-TPID-when-receiving-802.1ad-.patch new file mode 100644 index 0000000..232bcba --- /dev/null +++ b/patches.suse/net-enetc-fix-incorrect-TPID-when-receiving-802.1ad-.patch @@ -0,0 +1,100 @@ +From b303a939a8de01135cbbb04fcfc171791935c504 Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Mon, 1 Mar 2021 13:18:14 +0200 +Subject: [PATCH 02/17] net: enetc: fix incorrect TPID when receiving 802.1ad + tagged packets +Git-commit: 827b6fd046516af605e190c872949f22208b5d41 +References: git-fixes +Patch-mainline: v5.12-rc3 + +When the enetc ports have rx-vlan-offload enabled, they report a TPID of +ETH_P_8021Q regardless of what was actually in the packet. When +rx-vlan-offload is disabled, packets have the proper TPID. Fix this +inconsistency by finishing the TODO left in the code. + +Fixes: d4fd0404c1c9 ("enetc: Introduce basic PF and VF ENETC ethernet drivers") +Signed-off-by: Vladimir Oltean +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/freescale/enetc/enetc.c | 34 +++++++++++++++++++------ + drivers/net/ethernet/freescale/enetc/enetc_hw.h | 3 +++ + 2 files changed, 29 insertions(+), 8 deletions(-) + +diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c +index 7ef0fe7d0c57..ad9ff4540a25 100644 +--- a/drivers/net/ethernet/freescale/enetc/enetc.c ++++ b/drivers/net/ethernet/freescale/enetc/enetc.c +@@ -570,9 +570,8 @@ static void enetc_get_rx_tstamp(struct net_device *ndev, + static void enetc_get_offloads(struct enetc_bdr *rx_ring, + union enetc_rx_bd *rxbd, struct sk_buff *skb) + { +-#ifdef CONFIG_FSL_ENETC_PTP_CLOCK + struct enetc_ndev_priv *priv = netdev_priv(rx_ring->ndev); +-#endif ++ + /* TODO: hashing */ + if (rx_ring->ndev->features & NETIF_F_RXCSUM) { + u16 inet_csum = le16_to_cpu(rxbd->r.inet_csum); +@@ -581,12 +580,31 @@ static void enetc_get_offloads(struct enetc_bdr *rx_ring, + skb->ip_summed = CHECKSUM_COMPLETE; + } + +- /* copy VLAN to skb, if one is extracted, for now we assume it's a +- * standard TPID, but HW also supports custom values +- */ +- if (le16_to_cpu(rxbd->r.flags) & ENETC_RXBD_FLAG_VLAN) +- __vlan_hwaccel_put_tag(skb, htons(ETH_P_8021Q), +- le16_to_cpu(rxbd->r.vlan_opt)); ++ if (le16_to_cpu(rxbd->r.flags) & ENETC_RXBD_FLAG_VLAN) { ++ __be16 tpid = 0; ++ ++ switch (le16_to_cpu(rxbd->r.flags) & ENETC_RXBD_FLAG_TPID) { ++ case 0: ++ tpid = htons(ETH_P_8021Q); ++ break; ++ case 1: ++ tpid = htons(ETH_P_8021AD); ++ break; ++ case 2: ++ tpid = htons(enetc_port_rd(&priv->si->hw, ++ ENETC_PCVLANR1)); ++ break; ++ case 3: ++ tpid = htons(enetc_port_rd(&priv->si->hw, ++ ENETC_PCVLANR2)); ++ break; ++ default: ++ break; ++ } ++ ++ __vlan_hwaccel_put_tag(skb, tpid, le16_to_cpu(rxbd->r.vlan_opt)); ++ } ++ + #ifdef CONFIG_FSL_ENETC_PTP_CLOCK + if (priv->active_offloads & ENETC_F_RX_TSTAMP) + enetc_get_rx_tstamp(rx_ring->ndev, rxbd, skb); +diff --git a/drivers/net/ethernet/freescale/enetc/enetc_hw.h b/drivers/net/ethernet/freescale/enetc/enetc_hw.h +index f0f9e6bce2b9..e1c94ba8b7e7 100644 +--- a/drivers/net/ethernet/freescale/enetc/enetc_hw.h ++++ b/drivers/net/ethernet/freescale/enetc/enetc_hw.h +@@ -172,6 +172,8 @@ enum enetc_bdr_type {TX, RX}; + #define ENETC_PSIPMAR0(n) (0x0100 + (n) * 0x8) /* n = SI index */ + #define ENETC_PSIPMAR1(n) (0x0104 + (n) * 0x8) + #define ENETC_PVCLCTR 0x0208 ++#define ENETC_PCVLANR1 0x0210 ++#define ENETC_PCVLANR2 0x0214 + #define ENETC_VLAN_TYPE_C BIT(0) + #define ENETC_VLAN_TYPE_S BIT(1) + #define ENETC_PVCLCTR_OVTPIDL(bmp) ((bmp) & 0xff) /* VLAN_TYPE */ +@@ -575,6 +577,7 @@ union enetc_rx_bd { + #define ENETC_RXBD_LSTATUS(flags) ((flags) << 16) + #define ENETC_RXBD_FLAG_VLAN BIT(9) + #define ENETC_RXBD_FLAG_TSTMP BIT(10) ++#define ENETC_RXBD_FLAG_TPID GENMASK(1, 0) + + #define ENETC_MAC_ADDR_FILT_CNT 8 /* # of supported entries per port */ + #define EMETC_MAC_ADDR_FILT_RES 3 /* # of reserved entries at the beginning */ +-- +2.16.4 + diff --git a/patches.suse/net-enetc-keep-RX-ring-consumer-index-in-sync-with-h.patch b/patches.suse/net-enetc-keep-RX-ring-consumer-index-in-sync-with-h.patch new file mode 100644 index 0000000..0b46164 --- /dev/null +++ b/patches.suse/net-enetc-keep-RX-ring-consumer-index-in-sync-with-h.patch @@ -0,0 +1,247 @@ +From f0f0723dc56d6917c6a93387ac71b2afa794262c Mon Sep 17 00:00:00 2001 +From: Vladimir Oltean +Date: Mon, 1 Mar 2021 13:18:18 +0200 +Subject: [PATCH 03/17] net: enetc: keep RX ring consumer index in sync with + hardware +Git-commit: 3a5d12c9be6f30080600c8bacaf310194e37d029 +References: git-fixes +Patch-mainline: v5.12-rc3 + +The RX rings have a producer index owned by hardware, where newly +received frame buffers are placed, and a consumer index owned by +software, where newly allocated buffers are placed, in expectation of +hardware being able to place frame data in them. + +Hardware increments the producer index when a frame is received, however +it is not allowed to increment the producer index to match the consumer +index (RBCIR) since the ring can hold at most RBLENR[LENGTH]-1 received +BDs. Whenever the producer index matches the value of the consumer +index, the ring has no unprocessed received frames and all BDs in the +ring have been initialized/prepared by software, i.e. hardware owns all +BDs in the ring. + +The code uses the next_to_clean variable to keep track of the producer +index, and the next_to_use variable to keep track of the consumer index. + +The RX rings are seeded from enetc_refill_rx_ring, which is called from +two places: + +1. initially the ring is seeded until full with enetc_bd_unused(rx_ring), + i.e. with 511 buffers. This will make next_to_clean=0 and next_to_use=511: + +.ndo_open +-> enetc_open + -> enetc_setup_bdrs + -> enetc_setup_rxbdr + -> enetc_refill_rx_ring + +2. then during the data path processing, it is refilled with 16 buffers + at a time: + +enetc_msix +-> napi_schedule + -> enetc_poll + -> enetc_clean_rx_ring + -> enetc_refill_rx_ring + +There is just one problem: the initial seeding done during .ndo_open +updates just the producer index (ENETC_RBPIR) with 0, and the software +next_to_clean and next_to_use variables. Notably, it will not update the +consumer index to make the hardware aware of the newly added buffers. + +Wait, what? So how does it work? + +Well, the reset values of the producer index and of the consumer index +of a ring are both zero. As per the description in the second paragraph, +it means that the ring is full of buffers waiting for hardware to put +frames in them, which by coincidence is almost true, because we have in +fact seeded 511 buffers into the ring. + +But will the hardware attempt to access the 512th entry of the ring, +which has an invalid BD in it? Well, no, because in order to do that, it +would have to first populate the first 511 entries, and the NAPI +enetc_poll will kick in by then. Eventually, after 16 processed slots +have become available in the RX ring, enetc_clean_rx_ring will call +enetc_refill_rx_ring and then will [ finally ] update the consumer index +with the new software next_to_use variable. From now on, the +next_to_clean and next_to_use variables are in sync with the producer +and consumer ring indices. + +So the day is saved, right? Well, not quite. Freeing the memory +allocated for the rings is done in: + +enetc_close +-> enetc_clear_bdrs + -> enetc_clear_rxbdr + -> this just disables the ring +-> enetc_free_rxtx_rings + -> enetc_free_rx_ring + -> sets next_to_clean and next_to_use to 0 + +but again, nothing is committed to the hardware producer and consumer +indices (yay!). The assumption is that the ring is disabled, so the +indices don't matter anyway, and it's the responsibility of the "open" +code path to set those up. + +.. Except that the "open" code path does not set those up properly. + +While initially, things almost work, during subsequent enetc_close -> +enetc_open sequences, we have problems. To be precise, the enetc_open +that is subsequent to enetc_close will again refill the ring with 511 +entries, but it will leave the consumer index untouched. Untouched +means, of course, equal to the value it had before disabling the ring +and draining the old buffers in enetc_close. + +But as mentioned, enetc_setup_rxbdr will at least update the producer +index though, through this line of code: + + enetc_rxbdr_wr(hw, idx, ENETC_RBPIR, 0); + +so at this stage we'll have: + +next_to_clean=0 (in hardware 0) +next_to_use=511 (in hardware we'll have the refill index prior to enetc_close) + +Again, the next_to_clean and producer index are in sync and set to +correct values, so the driver manages to limp on. Eventually, 16 ring +entries will be consumed by enetc_poll, and the savior +enetc_clean_rx_ring will come and call enetc_refill_rx_ring, and then +update the hardware consumer ring based upon the new next_to_use. + +So.. it works? +Well, by coincidence, it almost does, but there's a circumstance where +enetc_clean_rx_ring won't be there to save us. If the previous value of +the consumer index was 15, there's a problem, because the NAPI poll +sequence will only issue a refill when 16 or more buffers have been +consumed. + +It's easiest to illustrate this with an example: + +ip link set eno0 up +ip addr add 192.168.100.1/24 dev eno0 +ping 192.168.100.1 -c 20 # ping this port from another board +ip link set eno0 down +ip link set eno0 up +ping 192.168.100.1 -c 20 # ping it again from the same other board + +One by one: + +1. ip link set eno0 up +-> calls enetc_setup_rxbdr: + -> calls enetc_refill_rx_ring(511 buffers) + -> next_to_clean=0 (in hw 0) + -> next_to_use=511 (in hw 0) + +2. ping 192.168.100.1 -c 20 # ping this port from another board +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=1 next_to_clean 0 (in hw 1) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=2 next_to_clean 1 (in hw 2) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=3 next_to_clean 2 (in hw 3) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=4 next_to_clean 3 (in hw 4) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=5 next_to_clean 4 (in hw 5) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=6 next_to_clean 5 (in hw 6) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=7 next_to_clean 6 (in hw 7) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=8 next_to_clean 7 (in hw 8) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=9 next_to_clean 8 (in hw 9) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=10 next_to_clean 9 (in hw 10) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=11 next_to_clean 10 (in hw 11) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=12 next_to_clean 11 (in hw 12) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=13 next_to_clean 12 (in hw 13) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=14 next_to_clean 13 (in hw 14) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=15 next_to_clean 14 (in hw 15) next_to_use 511 (in hw 0) +enetc_clean_rx_ring: enetc_refill_rx_ring(16) increments next_to_use by 16 (mod 512) and writes it to hw +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=0 next_to_clean 15 (in hw 16) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=1 next_to_clean 16 (in hw 17) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=2 next_to_clean 17 (in hw 18) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=3 next_to_clean 18 (in hw 19) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=4 next_to_clean 19 (in hw 20) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=5 next_to_clean 20 (in hw 21) next_to_use 15 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=6 next_to_clean 21 (in hw 22) next_to_use 15 (in hw 15) + +20 packets transmitted, 20 packets received, 0% packet loss + +3. ip link set eno0 down +enetc_free_rx_ring: next_to_clean 0 (in hw 22), next_to_use 0 (in hw 15) + +4. ip link set eno0 up +-> calls enetc_setup_rxbdr: + -> calls enetc_refill_rx_ring(511 buffers) + -> next_to_clean=0 (in hw 0) + -> next_to_use=511 (in hw 15) + +5. ping 192.168.100.1 -c 20 # ping it again from the same other board +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=1 next_to_clean 0 (in hw 1) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=2 next_to_clean 1 (in hw 2) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=3 next_to_clean 2 (in hw 3) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=4 next_to_clean 3 (in hw 4) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=5 next_to_clean 4 (in hw 5) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=6 next_to_clean 5 (in hw 6) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=7 next_to_clean 6 (in hw 7) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=8 next_to_clean 7 (in hw 8) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=9 next_to_clean 8 (in hw 9) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=10 next_to_clean 9 (in hw 10) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=11 next_to_clean 10 (in hw 11) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=12 next_to_clean 11 (in hw 12) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=13 next_to_clean 12 (in hw 13) next_to_use 511 (in hw 15) +enetc_clean_rx_ring: rx_frm_cnt=1 cleaned_cnt=14 next_to_clean 13 (in hw 14) next_to_use 511 (in hw 15) + +20 packets transmitted, 12 packets received, 40% packet loss + +And there it dies. No enetc_refill_rx_ring (because cleaned_cnt must be equal +to 15 for that to happen), no nothing. The hardware enters the condition where +the producer (14) + 1 is equal to the consumer (15) index, which makes it +believe it has no more free buffers to put packets in, so it starts discarding +them: + +ip netns exec ns0 ethtool -S eno0 | grep -v ': 0' +NIC statistics: + Rx ring 0 discarded frames: 8 + +Summarized, if the interface receives between 16 and 32 (mod 512) frames +and then there is a link flap, then the port will eventually die with no +way to recover. If it receives less than 16 (mod 512) frames, then the +initial NAPI poll [ before the link flap ] will not update the consumer +index in hardware (it will remain zero) which will be ok when the buffers +are later reinitialized. If more than 32 (mod 512) frames are received, +the initial NAPI poll has the chance to refill the ring twice, updating +the consumer index to at least 32. So after the link flap, the consumer +index is still wrong, but the post-flap NAPI poll gets a chance to +refill the ring once (because it passes through cleaned_cnt=15) and +makes the consumer index be again back in sync with next_to_use. + +The solution to this problem is actually simple, we just need to write +next_to_use into the hardware consumer index at enetc_open time, which +always brings it back in sync after an initial buffer seeding process. + +The simpler thing would be to put the write to the consumer index into +enetc_refill_rx_ring directly, but there are issues with the MDIO +locking: in the NAPI poll code we have the enetc_lock_mdio() taken from +top-level and we use the unlocked enetc_wr_reg_hot, whereas in +enetc_open, the enetc_lock_mdio() is not taken at the top level, but +instead by each individual enetc_wr_reg, so we are forced to put an +additional enetc_wr_reg in enetc_setup_rxbdr. Better organization of +the code is left as a refactoring exercise. + +Fixes: d4fd0404c1c9 ("enetc: Introduce basic PF and VF ENETC ethernet drivers") +Signed-off-by: Vladimir Oltean +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/freescale/enetc/enetc.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c +index ad9ff4540a25..cbf2b17d3509 100644 +--- a/drivers/net/ethernet/freescale/enetc/enetc.c ++++ b/drivers/net/ethernet/freescale/enetc/enetc.c +@@ -1264,6 +1264,8 @@ static void enetc_setup_rxbdr(struct enetc_hw *hw, struct enetc_bdr *rx_ring) + rx_ring->idr = hw->reg + ENETC_SIRXIDR; + + enetc_refill_rx_ring(rx_ring, enetc_bd_unused(rx_ring)); ++ /* update ENETC's consumer index */ ++ enetc_rxbdr_wr(hw, idx, ENETC_RBCIR, rx_ring->next_to_use); + + /* enable ring */ + enetc_rxbdr_wr(hw, idx, ENETC_RBMR, rbmr); +-- +2.16.4 + diff --git a/patches.suse/net-evaluate-net.ipv4.conf.all.proxy_arp_pvlan.patch b/patches.suse/net-evaluate-net.ipv4.conf.all.proxy_arp_pvlan.patch new file mode 100644 index 0000000..11513bf --- /dev/null +++ b/patches.suse/net-evaluate-net.ipv4.conf.all.proxy_arp_pvlan.patch @@ -0,0 +1,37 @@ +From f2a0309a0908278f9037e11a2feb54be43347e63 Mon Sep 17 00:00:00 2001 +From: Vincent Bernat +Date: Sat, 7 Nov 2020 20:35:14 +0100 +Subject: [PATCH 9/9] net: evaluate net.ipv4.conf.all.proxy_arp_pvlan +Git-commit: 1af5318c00a8acc33a90537af49b3f23f72a2c4b +Patch-mainline: v5.11-rc1 +References: git-fixes + +Introduced in 65324144b50b, the "proxy_arp_vlan" sysctl is a +per-interface sysctl to tune proxy ARP support for private VLANs. +While the "all" variant is exposed, it was a noop and never evaluated. +We use the usual "or" logic for this kind of sysctls. + +Fixes: 65324144b50b ("net: RFC3069, private VLAN proxy arp support") +Signed-off-by: Vincent Bernat +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + include/linux/inetdevice.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h +index 3bbcddd22df8..53aa0343bf69 100644 +--- a/include/linux/inetdevice.h ++++ b/include/linux/inetdevice.h +@@ -105,7 +105,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev) + + #define IN_DEV_LOG_MARTIANS(in_dev) IN_DEV_ORCONF((in_dev), LOG_MARTIANS) + #define IN_DEV_PROXY_ARP(in_dev) IN_DEV_ORCONF((in_dev), PROXY_ARP) +-#define IN_DEV_PROXY_ARP_PVLAN(in_dev) IN_DEV_CONF_GET(in_dev, PROXY_ARP_PVLAN) ++#define IN_DEV_PROXY_ARP_PVLAN(in_dev) IN_DEV_ORCONF((in_dev), PROXY_ARP_PVLAN) + #define IN_DEV_SHARED_MEDIA(in_dev) IN_DEV_ORCONF((in_dev), SHARED_MEDIA) + #define IN_DEV_TX_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), SEND_REDIRECTS) + #define IN_DEV_SEC_REDIRECTS(in_dev) IN_DEV_ORCONF((in_dev), \ +-- +2.16.4 + diff --git a/patches.suse/net-evaluate-net.ipvX.conf.all.ignore_routes_with_li.patch b/patches.suse/net-evaluate-net.ipvX.conf.all.ignore_routes_with_li.patch new file mode 100644 index 0000000..1d9eb0d --- /dev/null +++ b/patches.suse/net-evaluate-net.ipvX.conf.all.ignore_routes_with_li.patch @@ -0,0 +1,96 @@ +From f5db1979dca197ab20e1789094bd6267669e4f5a Mon Sep 17 00:00:00 2001 +From: Vincent Bernat +Date: Sat, 7 Nov 2020 20:35:13 +0100 +Subject: [PATCH 8/9] net: evaluate + net.ipvX.conf.all.ignore_routes_with_linkdown +Git-commit: c0c5a60f0f1311bcf08bbe735122096d6326fb5b +Patch-mainline: v5.11-rc1 +References: git-fixes + +Introduced in 0eeb075fad73, the "ignore_routes_with_linkdown" sysctl +ignores a route whose interface is down. It is provided as a +per-interface sysctl. However, while a "all" variant is exposed, it +was a noop since it was never evaluated. We use the usual "or" logic +for this kind of sysctls. + +Tested with: + + ip link add type veth # veth0 + veth1 + ip link add type veth # veth1 + veth2 + ip link set up dev veth0 + ip link set up dev veth1 # link-status paired with veth0 + ip link set up dev veth2 + ip link set up dev veth3 # link-status paired with veth2 + + # First available path + ip -4 addr add 203.0.113.${uts#H}/24 dev veth0 + ip -6 addr add 2001:db8:1::${uts#H}/64 dev veth0 + + # Second available path + ip -4 addr add 192.0.2.${uts#H}/24 dev veth2 + ip -6 addr add 2001:db8:2::${uts#H}/64 dev veth2 + + # More specific route through first path + ip -4 route add 198.51.100.0/25 via 203.0.113.254 # via veth0 + ip -6 route add 2001:db8:3::/56 via 2001:db8:1::ff # via veth0 + + # Less specific route through second path + ip -4 route add 198.51.100.0/24 via 192.0.2.254 # via veth2 + ip -6 route add 2001:db8:3::/48 via 2001:db8:2::ff # via veth2 + + # H1: enable on "all" + # H2: enable on "veth0" + for v in ipv4 ipv6; do + case $uts in + H1) + sysctl -qw net.${v}.conf.all.ignore_routes_with_linkdown=1 + ;; + H2) + sysctl -qw net.${v}.conf.veth0.ignore_routes_with_linkdown=1 + ;; + esac + done + + set -xe + # When veth0 is up, best route is through veth0 + ip -o route get 198.51.100.1 | grep -Fw veth0 + ip -o route get 2001:db8:3::1 | grep -Fw veth0 + + # When veth0 is down, best route should be through veth2 on H1/H2, + # but on veth0 on H2 + ip link set down dev veth1 # down veth0 + ip route show + [ $uts != H3 ] || ip -o route get 198.51.100.1 | grep -Fw veth0 + [ $uts != H3 ] || ip -o route get 2001:db8:3::1 | grep -Fw veth0 + [ $uts = H3 ] || ip -o route get 198.51.100.1 | grep -Fw veth2 + [ $uts = H3 ] || ip -o route get 2001:db8:3::1 | grep -Fw veth2 + +Without this patch, the two last lines would fail on H1 (the one using +the "all" sysctl). With the patch, everything succeeds as expected. + +Also document the sysctl in `ip-sysctl.rst`. + +Fixes: 0eeb075fad73 ("net: ipv4 sysctl option to ignore routes when nexthop link is down") +Signed-off-by: Vincent Bernat +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + include/linux/inetdevice.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h +index 3515ca64e638..3bbcddd22df8 100644 +--- a/include/linux/inetdevice.h ++++ b/include/linux/inetdevice.h +@@ -126,7 +126,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev) + IN_DEV_ORCONF((in_dev), ACCEPT_REDIRECTS))) + + #define IN_DEV_IGNORE_ROUTES_WITH_LINKDOWN(in_dev) \ +- IN_DEV_CONF_GET((in_dev), IGNORE_ROUTES_WITH_LINKDOWN) ++ IN_DEV_ORCONF((in_dev), IGNORE_ROUTES_WITH_LINKDOWN) + + #define IN_DEV_ARPFILTER(in_dev) IN_DEV_ORCONF((in_dev), ARPFILTER) + #define IN_DEV_ARP_ACCEPT(in_dev) IN_DEV_ORCONF((in_dev), ARP_ACCEPT) +-- +2.16.4 + diff --git a/patches.suse/net-ftgmac100-Fix-crash-when-removing-driver.patch b/patches.suse/net-ftgmac100-Fix-crash-when-removing-driver.patch new file mode 100644 index 0000000..dc1f767 --- /dev/null +++ b/patches.suse/net-ftgmac100-Fix-crash-when-removing-driver.patch @@ -0,0 +1,72 @@ +From 29fed34761d0a14b46a1be11a3328d31a0bd60c6 Mon Sep 17 00:00:00 2001 +From: Joel Stanley +Date: Tue, 17 Nov 2020 13:14:48 +1030 +Subject: [PATCH 5/5] net: ftgmac100: Fix crash when removing driver +Git-commit: 3d5179458d22dc0b4fdc724e4bed4231a655112a +Patch-mainline: v5.10-rc5 +References: git-fixes + +When removing the driver we would hit BUG_ON(!list_empty(&dev->ptype_specific)) +in net/core/dev.c due to still having the NC-SI packet handler +registered. + + # echo 1e660000.ethernet > /sys/bus/platform/drivers/ftgmac100/unbind + ------------[ cut here ]------------ + kernel BUG at net/core/dev.c:10254! + Internal error: Oops - BUG: 0 [#1] SMP ARM + CPU: 0 PID: 115 Comm: sh Not tainted 5.10.0-rc3-next-20201111-00007-g02e0365710c4 #46 + Hardware name: Generic DT based system + PC is at netdev_run_todo+0x314/0x394 + LR is at cpumask_next+0x20/0x24 + pc : [<806f5830>] lr : [<80863cb0>] psr: 80000153 + sp : 855bbd58 ip : 00000001 fp : 855bbdac + r10: 80c03d00 r9 : 80c06228 r8 : 81158c54 + r7 : 00000000 r6 : 80c05dec r5 : 80c05d18 r4 : 813b9280 + r3 : 813b9054 r2 : 8122c470 r1 : 00000002 r0 : 00000002 + Flags: Nzcv IRQs on FIQs off Mode SVC_32 ISA ARM Segment none + Control: 00c5387d Table: 85514008 DAC: 00000051 + Process sh (pid: 115, stack limit = 0x7cb5703d) + ... + Backtrace: + [<806f551c>] (netdev_run_todo) from [<80707eec>] (rtnl_unlock+0x18/0x1c) + r10:00000051 r9:854ed710 r8:81158c54 r7:80c76bb0 r6:81158c10 r5:8115b410 + r4:813b9000 + [<80707ed4>] (rtnl_unlock) from [<806f5db8>] (unregister_netdev+0x2c/0x30) + [<806f5d8c>] (unregister_netdev) from [<805a8180>] (ftgmac100_remove+0x20/0xa8) + r5:8115b410 r4:813b9000 + [<805a8160>] (ftgmac100_remove) from [<805355e4>] (platform_drv_remove+0x34/0x4c) + +Fixes: bd466c3fb5a4 ("net/faraday: Support NCSI mode") +Signed-off-by: Joel Stanley +Link: https://lore.kernel.org/r/20201117024448.1170761-1-joel@jms.id.au +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/faraday/ftgmac100.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c +index fe5ce50ed6a5..273d455c1cb8 100644 +--- a/drivers/net/ethernet/faraday/ftgmac100.c ++++ b/drivers/net/ethernet/faraday/ftgmac100.c +@@ -1850,6 +1850,8 @@ static int ftgmac100_probe(struct platform_device *pdev) + + err_ncsi_dev: + err_register_netdev: ++ if (priv->ndev) ++ ncsi_unregister_dev(priv->ndev); + ftgmac100_destroy_mdio(netdev); + err_setup_mdio: + iounmap(priv->base); +@@ -1869,6 +1871,8 @@ static int ftgmac100_remove(struct platform_device *pdev) + netdev = platform_get_drvdata(pdev); + priv = netdev_priv(netdev); + ++ if (priv->ndev) ++ ncsi_unregister_dev(priv->ndev); + unregister_netdev(netdev); + + clk_disable_unprepare(priv->clk); +-- +2.16.4 + diff --git a/patches.suse/net-hdlc_x25-Return-meaningful-error-code-in-x25_ope.patch b/patches.suse/net-hdlc_x25-Return-meaningful-error-code-in-x25_ope.patch new file mode 100644 index 0000000..d798be9 --- /dev/null +++ b/patches.suse/net-hdlc_x25-Return-meaningful-error-code-in-x25_ope.patch @@ -0,0 +1,41 @@ +From 313926d0a772d0d1e7abf73bca2134fb95e6a479 Mon Sep 17 00:00:00 2001 +From: Xie He +Date: Tue, 2 Feb 2021 23:15:41 -0800 +Subject: [PATCH 4/7] net: hdlc_x25: Return meaningful error code in x25_open +Git-commit: 81b8be68ef8e8915d0cc6cedd2ac425c74a24813 +Patch-mainline: v5.11 +References: git-fixes + +It's not meaningful to pass on LAPB error codes to HDLC code or other +parts of the system, because they will not understand the error codes. + +Instead, use system-wide recognizable error codes. + +Fixes: f362e5fe0f1f ("wan/hdlc_x25: make lapb params configurable") +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Xie He +Acked-by: Martin Schiller +Link: https://lore.kernel.org/r/20210203071541.86138-1-xie.he.0141@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/wan/hdlc_x25.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wan/hdlc_x25.c b/drivers/net/wan/hdlc_x25.c +index e2a83f4cd3bb..32576fe8e27e 100644 +--- a/drivers/net/wan/hdlc_x25.c ++++ b/drivers/net/wan/hdlc_x25.c +@@ -154,7 +154,8 @@ static int x25_open(struct net_device *dev) + + result = lapb_register(dev, &cb); + if (result != LAPB_OK) +- return result; ++ return -ENOMEM; ++ + return 0; + } + +-- +2.16.4 + diff --git a/patches.suse/net-hns3-fix-error-mask-definition-of-flow-director.patch b/patches.suse/net-hns3-fix-error-mask-definition-of-flow-director.patch new file mode 100644 index 0000000..cd36e7a --- /dev/null +++ b/patches.suse/net-hns3-fix-error-mask-definition-of-flow-director.patch @@ -0,0 +1,50 @@ +From bf81bc6efa2565da20dcabf9523a40d5d786bc51 Mon Sep 17 00:00:00 2001 +From: Jian Shen +Date: Sat, 27 Feb 2021 15:24:51 +0800 +Subject: [PATCH 01/17] net: hns3: fix error mask definition of flow director +Git-commit: ae85ddda0f1b341b2d25f5a5e0eff1d42b6ef3df +References: git-fixes +Patch-mainline: v5.12-rc3 + +Currently, some bit filed definitions of flow director TCAM +configuration command are incorrect. Since the wrong MSB is +always 0, and these fields are assgined in order, so it still works. + +Fix it by redefine them. + +Fixes: 117328680288 ("net: hns3: Add input key and action config support for flow director") +Signed-off-by: Jian Shen +Signed-off-by: Huazhong Tan +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h +index 463f29151ef0..c68556fa8bea 100644 +--- a/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h ++++ b/drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_cmd.h +@@ -1011,16 +1011,16 @@ struct hclge_fd_tcam_config_3_cmd { + #define HCLGE_FD_AD_DROP_B 0 + #define HCLGE_FD_AD_DIRECT_QID_B 1 + #define HCLGE_FD_AD_QID_S 2 +-#define HCLGE_FD_AD_QID_M GENMASK(12, 2) ++#define HCLGE_FD_AD_QID_M GENMASK(11, 2) + #define HCLGE_FD_AD_USE_COUNTER_B 12 + #define HCLGE_FD_AD_COUNTER_NUM_S 13 + #define HCLGE_FD_AD_COUNTER_NUM_M GENMASK(20, 13) + #define HCLGE_FD_AD_NXT_STEP_B 20 + #define HCLGE_FD_AD_NXT_KEY_S 21 +-#define HCLGE_FD_AD_NXT_KEY_M GENMASK(26, 21) ++#define HCLGE_FD_AD_NXT_KEY_M GENMASK(25, 21) + #define HCLGE_FD_AD_WR_RULE_ID_B 0 + #define HCLGE_FD_AD_RULE_ID_S 1 +-#define HCLGE_FD_AD_RULE_ID_M GENMASK(13, 1) ++#define HCLGE_FD_AD_RULE_ID_M GENMASK(12, 1) + + struct hclge_fd_ad_config_cmd { + u8 stage; +-- +2.16.4 + diff --git a/patches.suse/net-lapbether-Prevent-racing-when-checking-whether-t.patch b/patches.suse/net-lapbether-Prevent-racing-when-checking-whether-t.patch new file mode 100644 index 0000000..dd3c25c --- /dev/null +++ b/patches.suse/net-lapbether-Prevent-racing-when-checking-whether-t.patch @@ -0,0 +1,139 @@ +From ff71ac28867a846c5d0606f2446d09319e9d1604 Mon Sep 17 00:00:00 2001 +From: Xie He +Date: Wed, 10 Mar 2021 23:23:09 -0800 +Subject: [PATCH 7/7] net: lapbether: Prevent racing when checking whether the + netif is running +Git-commit: 5acd0cfbfbb5a688da1bfb1a2152b0c855115a35 +Patch-mainline: v5.13-rc1 +References: git-fixes + +There are two "netif_running" checks in this driver. One is in +"lapbeth_xmit" and the other is in "lapbeth_rcv". They serve to make +sure that the LAPB APIs called in these functions are called before +"lapb_unregister" is called by the "ndo_stop" function. + +However, these "netif_running" checks are unreliable, because it's +possible that immediately after "netif_running" returns true, "ndo_stop" +is called (which causes "lapb_unregister" to be called). + +This patch adds locking to make sure "lapbeth_xmit" and "lapbeth_rcv" can +reliably check and ensure the netif is running while doing their work. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Xie He +Acked-by: Martin Schiller +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/wan/lapbether.c | 32 +++++++++++++++++++++++++------- + 1 file changed, 25 insertions(+), 7 deletions(-) + +diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c +index 924e9eb8a6d2..c3b5bdebba1e 100644 +--- a/drivers/net/wan/lapbether.c ++++ b/drivers/net/wan/lapbether.c +@@ -51,6 +51,8 @@ struct lapbethdev { + struct list_head node; + struct net_device *ethdev; /* link to ethernet device */ + struct net_device *axdev; /* lapbeth device (lapb#) */ ++ bool up; ++ spinlock_t up_lock; /* Protects "up" */ + }; + + static LIST_HEAD(lapbeth_devices); +@@ -98,8 +100,9 @@ static int lapbeth_rcv(struct sk_buff *skb, struct net_device *dev, struct packe + rcu_read_lock(); + lapbeth = lapbeth_get_x25_dev(dev); + if (!lapbeth) +- goto drop_unlock; +- if (!netif_running(lapbeth->axdev)) ++ goto drop_unlock_rcu; ++ spin_lock_bh(&lapbeth->up_lock); ++ if (!lapbeth->up) + goto drop_unlock; + + len = skb->data[0] + skb->data[1] * 256; +@@ -114,11 +117,14 @@ static int lapbeth_rcv(struct sk_buff *skb, struct net_device *dev, struct packe + goto drop_unlock; + } + out: ++ spin_unlock_bh(&lapbeth->up_lock); + rcu_read_unlock(); + return 0; + drop_unlock: + kfree_skb(skb); + goto out; ++drop_unlock_rcu: ++ rcu_read_unlock(); + drop: + kfree_skb(skb); + return 0; +@@ -148,13 +154,11 @@ static int lapbeth_data_indication(struct net_device *dev, struct sk_buff *skb) + static netdev_tx_t lapbeth_xmit(struct sk_buff *skb, + struct net_device *dev) + { ++ struct lapbethdev *lapbeth = netdev_priv(dev); + int err; + +- /* +- * Just to be *really* sure not to send anything if the interface +- * is down, the ethernet device may have gone. +- */ +- if (!netif_running(dev)) ++ spin_lock_bh(&lapbeth->up_lock); ++ if (!lapbeth->up) + goto drop; + + switch (skb->data[0]) { +@@ -179,6 +183,7 @@ static netdev_tx_t lapbeth_xmit(struct sk_buff *skb, + goto drop; + } + out: ++ spin_unlock_bh(&lapbeth->up_lock); + return NETDEV_TX_OK; + drop: + kfree_skb(skb); +@@ -268,6 +273,7 @@ static const struct lapb_register_struct lapbeth_callbacks = { + */ + static int lapbeth_open(struct net_device *dev) + { ++ struct lapbethdev *lapbeth = netdev_priv(dev); + int err; + + if ((err = lapb_register(dev, &lapbeth_callbacks)) != LAPB_OK) { +@@ -275,13 +281,22 @@ static int lapbeth_open(struct net_device *dev) + return -ENODEV; + } + ++ spin_lock_bh(&lapbeth->up_lock); ++ lapbeth->up = true; ++ spin_unlock_bh(&lapbeth->up_lock); ++ + return 0; + } + + static int lapbeth_close(struct net_device *dev) + { ++ struct lapbethdev *lapbeth = netdev_priv(dev); + int err; + ++ spin_lock_bh(&lapbeth->up_lock); ++ lapbeth->up = false; ++ spin_unlock_bh(&lapbeth->up_lock); ++ + if ((err = lapb_unregister(dev)) != LAPB_OK) + pr_err("lapb_unregister error: %d\n", err); + +@@ -329,6 +344,9 @@ static int lapbeth_new_device(struct net_device *dev) + dev_hold(dev); + lapbeth->ethdev = dev; + ++ lapbeth->up = false; ++ spin_lock_init(&lapbeth->up_lock); ++ + rc = -EIO; + if (register_netdevice(ndev)) + goto fail; +-- +2.16.4 + diff --git a/patches.suse/net-lapbether-Remove-netif_start_queue-netif_stop_qu.patch b/patches.suse/net-lapbether-Remove-netif_start_queue-netif_stop_qu.patch new file mode 100644 index 0000000..069aef4 --- /dev/null +++ b/patches.suse/net-lapbether-Remove-netif_start_queue-netif_stop_qu.patch @@ -0,0 +1,66 @@ +From 23cc3996b522c073648ab82a3673fcecdc8aecfb Mon Sep 17 00:00:00 2001 +From: Xie He +Date: Sun, 7 Mar 2021 03:33:07 -0800 +Subject: [PATCH 05/17] net: lapbether: Remove netif_start_queue / + netif_stop_queue +Git-commit: f7d9d4854519fdf4d45c70a4d953438cd88e7e58 +References: git-fixes +Patch-mainline: v5.12-rc3 + +For the devices in this driver, the default qdisc is "noqueue", +because their "tx_queue_len" is 0. + +In function "__dev_queue_xmit" in "net/core/dev.c", devices with the +"noqueue" qdisc are specially handled. Packets are transmitted without +being queued after a "dev->flags & IFF_UP" check. However, it's possible +that even if this check succeeds, "ops->ndo_stop" may still have already +been called. This is because in "__dev_close_many", "ops->ndo_stop" is +called before clearing the "IFF_UP" flag. + +If we call "netif_stop_queue" in "ops->ndo_stop", then it's possible in +"__dev_queue_xmit", it sees the "IFF_UP" flag is present, and then it +checks "netif_xmit_stopped" and finds that the queue is already stopped. +In this case, it will complain that: +"Virtual device ... asks to queue packet!" + +To prevent "__dev_queue_xmit" from generating this complaint, we should +not call "netif_stop_queue" in "ops->ndo_stop". + +We also don't need to call "netif_start_queue" in "ops->ndo_open", +because after a netdev is allocated and registered, the +"__QUEUE_STATE_DRV_XOFF" flag is initially not set, so there is no need +to call "netif_start_queue" to clear it. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Xie He +Acked-by: Martin Schiller +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/wan/lapbether.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/drivers/net/wan/lapbether.c b/drivers/net/wan/lapbether.c +index 65b220264741..924e9eb8a6d2 100644 +--- a/drivers/net/wan/lapbether.c ++++ b/drivers/net/wan/lapbether.c +@@ -275,7 +275,6 @@ static int lapbeth_open(struct net_device *dev) + return -ENODEV; + } + +- netif_start_queue(dev); + return 0; + } + +@@ -283,8 +282,6 @@ static int lapbeth_close(struct net_device *dev) + { + int err; + +- netif_stop_queue(dev); +- + if ((err = lapb_unregister(dev)) != LAPB_OK) + pr_err("lapb_unregister error: %d\n", err); + +-- +2.16.4 + diff --git a/patches.suse/net-ll_temac-Fix-potential-NULL-dereference-in-temac.patch b/patches.suse/net-ll_temac-Fix-potential-NULL-dereference-in-temac.patch new file mode 100644 index 0000000..6d727b2 --- /dev/null +++ b/patches.suse/net-ll_temac-Fix-potential-NULL-dereference-in-temac.patch @@ -0,0 +1,62 @@ +From 1370d15afdc2042f05f8a8f0d24838b5aefa3219 Mon Sep 17 00:00:00 2001 +From: Zhang Changzhong +Date: Tue, 8 Dec 2020 09:53:42 +0800 +Subject: [PATCH 6/9] net: ll_temac: Fix potential NULL dereference in + temac_probe() +Git-commit: cc6596fc7295e9dcd78156ed42f9f8e1221f7530 +Patch-mainline: v5.10 +References: git-fixes + +platform_get_resource() may fail and in this case a NULL dereference +will occur. + +Fix it to use devm_platform_ioremap_resource() instead of calling +platform_get_resource() and devm_ioremap(). + +This is detected by Coccinelle semantic patch. + +@@ +expression pdev, res, n, t, e, e1, e2; +@@ + +res = \(platform_get_resource\|platform_get_resource_byname\)(pdev, t, n); ++ if (!res) ++ return -EINVAL; +... when != res == NULL +e = devm_ioremap(e1, res->start, e2); + +Fixes: 8425c41d1ef7 ("net: ll_temac: Extend support to non-device-tree platforms") +Signed-off-by: Zhang Changzhong +Acked-by: Esben Haabendal +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/xilinx/ll_temac_main.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c +index 86e993c00dfb..b3df270fdeed 100644 +--- a/drivers/net/ethernet/xilinx/ll_temac_main.c ++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c +@@ -1276,7 +1276,6 @@ static int temac_probe(struct platform_device *pdev) + struct device_node *temac_np = dev_of_node(&pdev->dev), *dma_np; + struct temac_local *lp; + struct net_device *ndev; +- struct resource *res; + const void *addr; + __be32 *p; + bool little_endian; +@@ -1423,9 +1422,7 @@ static int temac_probe(struct platform_device *pdev) + of_node_put(dma_np); + } else if (pdata) { + /* 2nd memory resource specifies DMA registers */ +- res = platform_get_resource(pdev, IORESOURCE_MEM, 1); +- lp->sdma_regs = devm_ioremap_nocache(&pdev->dev, res->start, +- resource_size(res)); ++ lp->sdma_regs = devm_platform_ioremap_resource(pdev, 1); + if (IS_ERR(lp->sdma_regs)) { + dev_err(&pdev->dev, + "could not map DMA registers\n"); +-- +2.16.4 + diff --git a/patches.suse/net-ll_temac-Use-devm_platform_ioremap_resource_byna.patch b/patches.suse/net-ll_temac-Use-devm_platform_ioremap_resource_byna.patch new file mode 100644 index 0000000..b8fad2d --- /dev/null +++ b/patches.suse/net-ll_temac-Use-devm_platform_ioremap_resource_byna.patch @@ -0,0 +1,41 @@ +From f9cbd80011217121f57806d937401beac17b9051 Mon Sep 17 00:00:00 2001 +From: Wang Hai +Date: Thu, 30 Jul 2020 15:24:19 +0800 +Subject: [PATCH 2/9] net: ll_temac: Use + devm_platform_ioremap_resource_byname() +Git-commit: bd69058f50d5ffa659423bcfa6fe6280ce9c760a +Patch-mainline: v5.9-rc1 +References: git-fixes + +platform_get_resource() may fail and return NULL, so we had better +check its return value to avoid a NULL pointer dereference a bit later +in the code. Fix it to use devm_platform_ioremap_resource_byname() +instead of calling platform_get_resource_byname() and devm_ioremap(). + +Fixes: 8425c41d1ef7 ("net: ll_temac: Extend support to non-device-tree platforms") +Reported-by: Hulk Robot +Signed-off-by: Wang Hai +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/xilinx/ll_temac_main.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/xilinx/ll_temac_main.c b/drivers/net/ethernet/xilinx/ll_temac_main.c +index bec41c1a1e7a..86e993c00dfb 100644 +--- a/drivers/net/ethernet/xilinx/ll_temac_main.c ++++ b/drivers/net/ethernet/xilinx/ll_temac_main.c +@@ -1330,9 +1330,7 @@ static int temac_probe(struct platform_device *pdev) + } + + /* map device registers */ +- res = platform_get_resource(pdev, IORESOURCE_MEM, 0); +- lp->regs = devm_ioremap_nocache(&pdev->dev, res->start, +- resource_size(res)); ++ lp->regs = devm_platform_ioremap_resource_byname(pdev, 0); + if (IS_ERR(lp->regs)) { + dev_err(&pdev->dev, "could not map TEMAC registers\n"); + return PTR_ERR(lp->regs); +-- +2.16.4 + diff --git a/patches.suse/net-macb-add-function-to-disable-all-macb-clocks.patch b/patches.suse/net-macb-add-function-to-disable-all-macb-clocks.patch new file mode 100644 index 0000000..c00cac4 --- /dev/null +++ b/patches.suse/net-macb-add-function-to-disable-all-macb-clocks.patch @@ -0,0 +1,91 @@ +From dcbb114fb8165ffc05cf14eb8be0c34744397bde Mon Sep 17 00:00:00 2001 +From: Claudiu Beznea +Date: Wed, 9 Dec 2020 15:03:34 +0200 +Subject: [PATCH] net: macb: add function to disable all macb clocks +Git-commit: 38493da4e6a81ee8df6679da7d6f4bea74558636 +Patch-mainline: v5.11-rc1 +References: git-fixes + +Add function to disable all macb clocks. + +Signed-off-by: Claudiu Beznea +Suggested-by: Andrew Lunn +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/cadence/macb_main.c | 38 ++++++++++++++++++-------------- + 1 file changed, 21 insertions(+), 17 deletions(-) + +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c +index cff8f750f0f2..2b41705f6fb2 100644 +--- a/drivers/net/ethernet/cadence/macb_main.c ++++ b/drivers/net/ethernet/cadence/macb_main.c +@@ -3515,6 +3515,20 @@ static void macb_probe_queues(void __iomem *mem, + (*num_queues)++; + } + ++static void macb_clks_disable(struct clk *pclk, struct clk *hclk, struct clk *tx_clk, ++ struct clk *rx_clk, struct clk *tsu_clk) ++{ ++ struct clk_bulk_data clks[] = { ++ { .clk = tsu_clk, }, ++ { .clk = rx_clk, }, ++ { .clk = pclk, }, ++ { .clk = hclk, }, ++ { .clk = tx_clk }, ++ }; ++ ++ clk_bulk_disable_unprepare(ARRAY_SIZE(clks), clks); ++} ++ + static int macb_clk_init(struct platform_device *pdev, struct clk **pclk, + struct clk **hclk, struct clk **tx_clk, + struct clk **rx_clk, struct clk **tsu_clk) +@@ -4529,11 +4543,7 @@ static int macb_probe(struct platform_device *pdev) + free_netdev(dev); + + err_disable_clocks: +- clk_disable_unprepare(tx_clk); +- clk_disable_unprepare(hclk); +- clk_disable_unprepare(pclk); +- clk_disable_unprepare(rx_clk); +- clk_disable_unprepare(tsu_clk); ++ macb_clks_disable(pclk, hclk, tx_clk, rx_clk, tsu_clk); + pm_runtime_disable(&pdev->dev); + pm_runtime_set_suspended(&pdev->dev); + pm_runtime_dont_use_autosuspend(&pdev->dev); +@@ -4558,11 +4568,8 @@ static int macb_remove(struct platform_device *pdev) + pm_runtime_disable(&pdev->dev); + pm_runtime_dont_use_autosuspend(&pdev->dev); + if (!pm_runtime_suspended(&pdev->dev)) { +- clk_disable_unprepare(bp->tx_clk); +- clk_disable_unprepare(bp->hclk); +- clk_disable_unprepare(bp->pclk); +- clk_disable_unprepare(bp->rx_clk); +- clk_disable_unprepare(bp->tsu_clk); ++ macb_clks_disable(bp->pclk, bp->hclk, bp->tx_clk, ++ bp->rx_clk, bp->tsu_clk); + pm_runtime_set_suspended(&pdev->dev); + } + phylink_destroy(bp->phylink); +@@ -4664,13 +4671,10 @@ static int __maybe_unused macb_runtime_suspend(struct device *dev) + struct net_device *netdev = dev_get_drvdata(dev); + struct macb *bp = netdev_priv(netdev); + +- if (!(device_may_wakeup(dev))) { +- clk_disable_unprepare(bp->tx_clk); +- clk_disable_unprepare(bp->hclk); +- clk_disable_unprepare(bp->pclk); +- clk_disable_unprepare(bp->rx_clk); +- } +- clk_disable_unprepare(bp->tsu_clk); ++ if (!(device_may_wakeup(dev))) ++ macb_clks_disable(bp->pclk, bp->hclk, bp->tx_clk, bp->rx_clk, bp->tsu_clk); ++ else ++ macb_clks_disable(NULL, NULL, NULL, NULL, bp->tsu_clk); + + return 0; + } +-- +2.16.4 + diff --git a/patches.suse/net-macb-restore-cmp-registers-on-resume-path.patch b/patches.suse/net-macb-restore-cmp-registers-on-resume-path.patch new file mode 100644 index 0000000..e26adcb --- /dev/null +++ b/patches.suse/net-macb-restore-cmp-registers-on-resume-path.patch @@ -0,0 +1,54 @@ +From 0ae355a0643df04563e8055ba60db93d270794cf Mon Sep 17 00:00:00 2001 +From: Claudiu Beznea +Date: Fri, 2 Apr 2021 15:42:53 +0300 +Subject: [PATCH 14/17] net: macb: restore cmp registers on resume path +Git-commit: a14d273ba15968495896a38b7b3399dba66d0270 +References: git-fixes +Patch-mainline: v5.12-rc7 + +Restore CMP screener registers on resume path. + +Fixes: c1e85c6ce57ef ("net: macb: save/restore the remaining registers and features") +Signed-off-by: Claudiu Beznea +Acked-by: Nicolas Ferre +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/cadence/macb_main.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c +index 221bad04c4c9..b4dcd14037f4 100644 +--- a/drivers/net/ethernet/cadence/macb_main.c ++++ b/drivers/net/ethernet/cadence/macb_main.c +@@ -3056,6 +3056,9 @@ static void gem_prog_cmp_regs(struct macb *bp, struct ethtool_rx_flow_spec *fs) + bool cmp_b = false; + bool cmp_c = false; + ++ if (!macb_is_gem(bp)) ++ return; ++ + tp4sp_v = &(fs->h_u.tcp_ip4_spec); + tp4sp_m = &(fs->m_u.tcp_ip4_spec); + +@@ -3422,6 +3425,7 @@ static void macb_restore_features(struct macb *bp) + { + struct net_device *netdev = bp->dev; + netdev_features_t features = netdev->features; ++ struct ethtool_rx_fs_item *item; + + /* TX checksum offload */ + macb_set_txcsum_feature(bp, features); +@@ -3430,6 +3434,9 @@ static void macb_restore_features(struct macb *bp) + macb_set_rxcsum_feature(bp, features); + + /* RX Flow Filters */ ++ list_for_each_entry(item, &bp->rx_fs_list.list, list) ++ gem_prog_cmp_regs(bp, &item->fs); ++ + macb_set_rxflow_feature(bp, features); + } + +-- +2.16.4 + diff --git a/patches.suse/net-macb-unprepare-clocks-in-case-of-failure.patch b/patches.suse/net-macb-unprepare-clocks-in-case-of-failure.patch new file mode 100644 index 0000000..dfb4685 --- /dev/null +++ b/patches.suse/net-macb-unprepare-clocks-in-case-of-failure.patch @@ -0,0 +1,69 @@ +From 429a3b818179a4893e453626430b8dfbb5824f3d Mon Sep 17 00:00:00 2001 +From: Claudiu Beznea +Date: Wed, 9 Dec 2020 15:03:35 +0200 +Subject: [PATCH 1/5] net: macb: unprepare clocks in case of failure +Git-commit: f4de93f03ed8da5218607852566e3326d31729b0 +Patch-mainline: v5.11-rc1 +References: git-fixes + +Unprepare clocks in case of any failure in fu540_c000_clk_init(). + +Fixes: c218ad559020 ("macb: Add support for SiFive FU540-C000") +Signed-off-by: Claudiu Beznea +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/cadence/macb_main.c | 24 ++++++++++++++++++------ + 1 file changed, 18 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/cadence/macb_main.c b/drivers/net/ethernet/cadence/macb_main.c +index cff8f750f0f2..0278bb5f461a 100644 +--- a/drivers/net/ethernet/cadence/macb_main.c ++++ b/drivers/net/ethernet/cadence/macb_main.c +@@ -4199,8 +4199,10 @@ static int fu540_c000_clk_init(struct platform_device *pdev, struct clk **pclk, + return err; + + mgmt = devm_kzalloc(&pdev->dev, sizeof(*mgmt), GFP_KERNEL); +- if (!mgmt) +- return -ENOMEM; ++ if (!mgmt) { ++ err = -ENOMEM; ++ goto err_disable_clks; ++ } + + init.name = "sifive-gemgxl-mgmt"; + init.ops = &fu540_c000_ops; +@@ -4211,16 +4213,26 @@ static int fu540_c000_clk_init(struct platform_device *pdev, struct clk **pclk, + mgmt->hw.init = &init; + + *tx_clk = devm_clk_register(&pdev->dev, &mgmt->hw); +- if (IS_ERR(*tx_clk)) +- return PTR_ERR(*tx_clk); ++ if (IS_ERR(*tx_clk)) { ++ err = PTR_ERR(*tx_clk); ++ goto err_disable_clks; ++ } + + err = clk_prepare_enable(*tx_clk); +- if (err) ++ if (err) { + dev_err(&pdev->dev, "failed to enable tx_clk (%u)\n", err); +- else ++ *tx_clk = NULL; ++ goto err_disable_clks; ++ } else { + dev_info(&pdev->dev, "Registered clk switch '%s'\n", init.name); ++ } + + return 0; ++ ++err_disable_clks: ++ macb_clks_disable(*pclk, *hclk, *tx_clk, *rx_clk, *tsu_clk); ++ ++ return err; + } + + static int fu540_c000_init(struct platform_device *pdev) +-- +2.16.4 + diff --git a/patches.suse/net-mlx5e-Revert-parameters-on-errors-when-changing-.patch b/patches.suse/net-mlx5e-Revert-parameters-on-errors-when-changing-.patch index 881e362..013b69e 100644 --- a/patches.suse/net-mlx5e-Revert-parameters-on-errors-when-changing-.patch +++ b/patches.suse/net-mlx5e-Revert-parameters-on-errors-when-changing-.patch @@ -3,7 +3,7 @@ Date: Thu, 14 Jan 2021 12:34:01 +0200 Subject: net/mlx5e: Revert parameters on errors when changing trust state without reset Patch-mainline: v5.11-rc6 -Git-commit: 912c9b5fcca1ab65b806c19dd3b3cb12d73c6fe2 +Git-commit: 8355060f5ec381abda77659f91f56302203df535 References: jsc#SLE-15172 Trust state may be changed without recreating the channels. It happens diff --git a/patches.suse/net-mlx5e-When-changing-XDP-program-without-reset-ta.patch b/patches.suse/net-mlx5e-When-changing-XDP-program-without-reset-ta.patch new file mode 100644 index 0000000..2c467bb --- /dev/null +++ b/patches.suse/net-mlx5e-When-changing-XDP-program-without-reset-ta.patch @@ -0,0 +1,45 @@ +From 0734e314826e5d21d52945c119804d7fffacf7af Mon Sep 17 00:00:00 2001 +From: Maxim Mikityanskiy +Date: Thu, 11 Feb 2021 15:51:11 +0200 +Subject: [PATCH 06/17] net/mlx5e: When changing XDP program without reset, + take refs for XSK RQs +Git-commit: e5eb01344e9b09bb9d255b9727449186f7168df8 +References: git-fixes +Patch-mainline: v5.12-rc5 + +Each RQ (including XSK RQs) takes a reference to the XDP program. When +an XDP program is attached or detached, the channels and queues are +recreated, however, there is a special flow for changing an active XDP +program to another one. In that flow, channels and queues stay alive, +but the refcounts of the old and new XDP programs are adjusted. This +flow didn't increment refcount by the number of active XSK RQs, and this +commit fixes it. + +Fixes: db05815b36cb ("net/mlx5e: Add XSK zero-copy support") +Signed-off-by: Maxim Mikityanskiy +Reviewed-by: Tariq Toukan +Signed-off-by: Saeed Mahameed +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +index c2c7f0100358..81861669b04e 100644 +--- a/drivers/net/ethernet/mellanox/mlx5/core/en_main.c ++++ b/drivers/net/ethernet/mellanox/mlx5/core/en_main.c +@@ -4527,8 +4527,10 @@ static int mlx5e_xdp_set(struct net_device *netdev, struct bpf_prog *prog) + struct mlx5e_channel *c = priv->channels.c[i]; + + mlx5e_rq_replace_xdp_prog(&c->rq, prog); +- if (test_bit(MLX5E_CHANNEL_STATE_XSK, c->state)) ++ if (test_bit(MLX5E_CHANNEL_STATE_XSK, c->state)) { ++ bpf_prog_inc(prog); + mlx5e_rq_replace_xdp_prog(&c->xskrq, prog); ++ } + } + + unlock: +-- +2.16.4 + diff --git a/patches.suse/net-mscc-Fix-OF_MDIO-config-check.patch b/patches.suse/net-mscc-Fix-OF_MDIO-config-check.patch new file mode 100644 index 0000000..0497d6a --- /dev/null +++ b/patches.suse/net-mscc-Fix-OF_MDIO-config-check.patch @@ -0,0 +1,46 @@ +From c62a4318654b63af284489b5154bc8dc1a5dcb05 Mon Sep 17 00:00:00 2001 +From: Dan Murphy +Date: Fri, 5 Jun 2020 09:01:07 -0500 +Subject: [PATCH 1/9] net: mscc: Fix OF_MDIO config check +Git-commit: ae602786407fef34e1d66b3c8f278a10ed37197e +Patch-mainline: v5.8-rc1 +References: git-fixes + +When CONFIG_OF_MDIO is set to be a module the code block is not +compiled. Use the IS_ENABLED macro that checks for both built in as +well as module. + +Fixes: 4f58e6dceb0e4 ("net: phy: Cleanup the Edge-Rate feature in Microsemi PHYs.") +Signed-off-by: Dan Murphy +Reviewed-by: Florian Fainelli +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/phy/mscc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/phy/mscc.c b/drivers/net/phy/mscc.c +index 8f23584bc4ab..1a38956469f8 100644 +--- a/drivers/net/phy/mscc.c ++++ b/drivers/net/phy/mscc.c +@@ -418,7 +418,7 @@ struct vsc8531_private { + unsigned int base_addr; + }; + +-#ifdef CONFIG_OF_MDIO ++#if IS_ENABLED(CONFIG_OF_MDIO) + struct vsc8531_edge_rate_table { + u32 vddmac; + u32 slowdown[8]; +@@ -707,7 +707,7 @@ static void vsc85xx_wol_get(struct phy_device *phydev, + mutex_unlock(&phydev->lock); + } + +-#ifdef CONFIG_OF_MDIO ++#if IS_ENABLED(CONFIG_OF_MDIO) + static int vsc85xx_edge_rate_magic_get(struct phy_device *phydev) + { + u32 vdd, sd; +-- +2.16.4 + diff --git a/patches.suse/net-mvneta-Remove-per-cpu-queue-mapping-for-Armada-3.patch b/patches.suse/net-mvneta-Remove-per-cpu-queue-mapping-for-Armada-3.patch new file mode 100644 index 0000000..9391f9d --- /dev/null +++ b/patches.suse/net-mvneta-Remove-per-cpu-queue-mapping-for-Armada-3.patch @@ -0,0 +1,55 @@ +From 8d35afaf9df79b6fc8a7be9f124e8c8c31ea3d99 Mon Sep 17 00:00:00 2001 +From: Maxime Chevallier +Date: Tue, 16 Feb 2021 10:25:35 +0100 +Subject: [PATCH 05/14] net: mvneta: Remove per-cpu queue mapping for Armada + 3700 +Git-commit: cf9bf871280d9e0a8869d98c2602d29caf69dfa3 +Patch-mainline: v5.12-rc1 +References: git-fixes + +According to Errata #23 "The per-CPU GbE interrupt is limited to Core +0", we can't use the per-cpu interrupt mechanism on the Armada 3700 +familly. + +This is correctly checked for RSS configuration, but the initial queue +mapping is still done by having the queues spread across all the CPUs in +the system, both in the init path and in the cpu_hotplug path. + +Fixes: 2636ac3cc2b4 ("net: mvneta: Add network support for Armada 3700 SoC") +Signed-off-by: Maxime Chevallier +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/marvell/mvneta.c | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c +index af937c326360..596858199c42 100644 +--- a/drivers/net/ethernet/marvell/mvneta.c ++++ b/drivers/net/ethernet/marvell/mvneta.c +@@ -3033,7 +3033,9 @@ static int mvneta_txq_sw_init(struct mvneta_port *pp, + return -ENOMEM; + + /* Setup XPS mapping */ +- if (txq_number > 1) ++ if (pp->neta_armada3700) ++ cpu = 0; ++ else if (txq_number > 1) + cpu = txq->id % num_present_cpus(); + else + cpu = pp->rxq_def % num_present_cpus(); +@@ -3742,6 +3744,11 @@ static int mvneta_cpu_online(unsigned int cpu, struct hlist_node *node) + node_online); + struct mvneta_pcpu_port *port = per_cpu_ptr(pp->ports, cpu); + ++ /* Armada 3700's per-cpu interrupt for mvneta is broken, all interrupts ++ * are routed to CPU 0, so we don't need all the cpu-hotplug support ++ */ ++ if (pp->neta_armada3700) ++ return 0; + + spin_lock(&pp->lock); + /* +-- +2.16.4 + diff --git a/patches.suse/net-mvpp2-fix-interrupt-mask-unmask-skip-condition.patch b/patches.suse/net-mvpp2-fix-interrupt-mask-unmask-skip-condition.patch new file mode 100644 index 0000000..e251d5f --- /dev/null +++ b/patches.suse/net-mvpp2-fix-interrupt-mask-unmask-skip-condition.patch @@ -0,0 +1,49 @@ +From e0ff93fd65ea3997d6ceda71501ea8a2466f4cc3 Mon Sep 17 00:00:00 2001 +From: Stefan Chulski +Date: Thu, 11 Feb 2021 17:13:19 +0200 +Subject: [PATCH 5/7] net: mvpp2: fix interrupt mask/unmask skip condition +Git-commit: 7867299cde34e9c2d2c676f2a384a9d5853b914d +Patch-mainline: v5.12-rc1 +References: git-fixes + +The condition should be skipped if CPU ID equal to nthreads. +The patch doesn't fix any actual issue since +nthreads = min_t(unsigned int, num_present_cpus(), MVPP2_MAX_THREADS). +On all current Armada platforms, the number of CPU's is +less than MVPP2_MAX_THREADS. + +Fixes: e531f76757eb ("net: mvpp2: handle cases where more CPUs are available than s/w threads") +Reported-by: Russell King +Signed-off-by: Stefan Chulski +Reviewed-by: Russell King +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c +index cbbdcb2a849f..debe9b2c5ee0 100644 +--- a/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c ++++ b/drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c +@@ -1076,7 +1076,7 @@ static void mvpp2_interrupts_unmask(void *arg) + u32 val; + + /* If the thread isn't used, don't do anything */ +- if (smp_processor_id() > port->priv->nthreads) ++ if (smp_processor_id() >= port->priv->nthreads) + return; + + val = MVPP2_CAUSE_MISC_SUM_MASK | +@@ -2081,7 +2081,7 @@ static void mvpp2_txq_sent_counter_clear(void *arg) + int queue; + + /* If the thread isn't used, don't do anything */ +- if (smp_processor_id() > port->priv->nthreads) ++ if (smp_processor_id() >= port->priv->nthreads) + return; + + for (queue = 0; queue < port->ntxqs; queue++) { +-- +2.16.4 + diff --git a/patches.suse/net-rose-fix-UAF-bug-caused-by-rose_t0timer_expiry.patch b/patches.suse/net-rose-fix-UAF-bug-caused-by-rose_t0timer_expiry.patch new file mode 100644 index 0000000..8befe6a --- /dev/null +++ b/patches.suse/net-rose-fix-UAF-bug-caused-by-rose_t0timer_expiry.patch @@ -0,0 +1,78 @@ +From 148ca04518070910739dfc4eeda765057856403d Mon Sep 17 00:00:00 2001 +From: Duoming Zhou +Date: Tue, 5 Jul 2022 20:56:10 +0800 +Subject: [PATCH] net: rose: fix UAF bug caused by rose_t0timer_expiry +Git-commit: 148ca04518070910739dfc4eeda765057856403d +Patch-mainline: v5.19-rc6 +References: git-fixes + +There are UAF bugs caused by rose_t0timer_expiry(). The +root cause is that del_timer() could not stop the timer +handler that is running and there is no synchronization. +One of the race conditions is shown below: + + (thread 1) | (thread 2) + | rose_device_event + | rose_rt_device_down + | rose_remove_neigh +rose_t0timer_expiry | rose_stop_t0timer(rose_neigh) + ... | del_timer(&neigh->t0timer) + | kfree(rose_neigh) //[1]FREE + neigh->dce_mode //[2]USE | + +The rose_neigh is deallocated in position [1] and use in +position [2]. + +The crash trace triggered by POC is like below: + +Bug: KASAN: use-after-free in expire_timers+0x144/0x320 +Write of size 8 at addr ffff888009b19658 by task swapper/0/0 +... +Call Trace: + + dump_stack_lvl+0xbf/0xee + print_address_description+0x7b/0x440 + print_report+0x101/0x230 + ? expire_timers+0x144/0x320 + kasan_report+0xed/0x120 + ? expire_timers+0x144/0x320 + expire_timers+0x144/0x320 + __run_timers+0x3ff/0x4d0 + run_timer_softirq+0x41/0x80 + __do_softirq+0x233/0x544 + ... + +This patch changes rose_stop_ftimer() and rose_stop_t0timer() +in rose_remove_neigh() to del_timer_sync() in order that the +timer handler could be finished before the resources such as +rose_neigh and so on are deallocated. As a result, the UAF +bugs could be mitigated. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Duoming Zhou +Link: https://lore.kernel.org/r/20220705125610.77971-1-duoming@zju.edu.cn +Signed-off-by: Jakub Kicinski +Acked-by: Takashi Iwai + +--- + net/rose/rose_route.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c +index fee6409c2bb3..eb0b8197ac82 100644 +--- a/net/rose/rose_route.c ++++ b/net/rose/rose_route.c +@@ -227,8 +227,8 @@ static void rose_remove_neigh(struct rose_neigh *rose_neigh) + { + struct rose_neigh *s; + +- rose_stop_ftimer(rose_neigh); +- rose_stop_t0timer(rose_neigh); ++ del_timer_sync(&rose_neigh->ftimer); ++ del_timer_sync(&rose_neigh->t0timer); + + skb_queue_purge(&rose_neigh->queue); + +-- +2.35.3 + diff --git a/patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch b/patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch new file mode 100644 index 0000000..1dab60d --- /dev/null +++ b/patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch @@ -0,0 +1,137 @@ +From: Eric Dumazet +Date: Wed, 13 Apr 2022 10:35:41 -0700 +Subject: net/sched: cls_u32: fix netns refcount changes in u32_change() +Patch-mainline: v5.18-rc4 +Git-commit: 3db09e762dc79584a69c10d74a6b98f89a9979f8 +References: CVE-2022-29581 bsc#1199665 + +We are now able to detect extra put_net() at the moment +they happen, instead of much later in correct code paths. + +u32_init_knode() / tcf_exts_init() populates the ->exts.net +pointer, but as mentioned in tcf_exts_init(), +the refcount on netns has not been elevated yet. + +The refcount is taken only once tcf_exts_get_net() +is called. + +So the two u32_destroy_key() calls from u32_change() +are attempting to release an invalid reference on the netns. + +syzbot report: + +refcount_t: decrement hit 0; leaking memory. +WARNING: CPU: 0 PID: 21708 at lib/refcount.c:31 refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31 +Modules linked in: +CPU: 0 PID: 21708 Comm: syz-executor.5 Not tainted 5.18.0-rc2-next-20220412-syzkaller #0 +Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 +RIP: 0010:refcount_warn_saturate+0xbf/0x1e0 lib/refcount.c:31 +Code: 1d 14 b6 b2 09 31 ff 89 de e8 6d e9 89 fd 84 db 75 e0 e8 84 e5 89 fd 48 c7 c7 40 aa 26 8a c6 05 f4 b5 b2 09 01 e8 e5 81 2e 05 <0f> 0b eb c4 e8 68 e5 89 fd 0f b6 1d e3 b5 b2 09 31 ff 89 de e8 38 +RSP: 0018:ffffc900051af1b0 EFLAGS: 00010286 +RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 +RDX: 0000000000040000 RSI: ffffffff8160a0c8 RDI: fffff52000a35e28 +RBP: 0000000000000004 R08: 0000000000000000 R09: 0000000000000000 +R10: ffffffff81604a9e R11: 0000000000000000 R12: 1ffff92000a35e3b +R13: 00000000ffffffef R14: ffff8880211a0194 R15: ffff8880577d0a00 +FS: 00007f25d183e700(0000) GS:ffff8880b9c00000(0000) knlGS:0000000000000000 +CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +CR2: 00007f19c859c028 CR3: 0000000051009000 CR4: 00000000003506f0 +DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 +DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 +Call Trace: + + __refcount_dec include/linux/refcount.h:344 [inline] + refcount_dec include/linux/refcount.h:359 [inline] + ref_tracker_free+0x535/0x6b0 lib/ref_tracker.c:118 + netns_tracker_free include/net/net_namespace.h:327 [inline] + put_net_track include/net/net_namespace.h:341 [inline] + tcf_exts_put_net include/net/pkt_cls.h:255 [inline] + u32_destroy_key.isra.0+0xa7/0x2b0 net/sched/cls_u32.c:394 + u32_change+0xe01/0x3140 net/sched/cls_u32.c:909 + tc_new_tfilter+0x98d/0x2200 net/sched/cls_api.c:2148 + rtnetlink_rcv_msg+0x80d/0xb80 net/core/rtnetlink.c:6016 + netlink_rcv_skb+0x153/0x420 net/netlink/af_netlink.c:2495 + netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] + netlink_unicast+0x543/0x7f0 net/netlink/af_netlink.c:1345 + netlink_sendmsg+0x904/0xe00 net/netlink/af_netlink.c:1921 + sock_sendmsg_nosec net/socket.c:705 [inline] + sock_sendmsg+0xcf/0x120 net/socket.c:725 + ____sys_sendmsg+0x6e2/0x800 net/socket.c:2413 + ___sys_sendmsg+0xf3/0x170 net/socket.c:2467 + __sys_sendmsg+0xe5/0x1b0 net/socket.c:2496 + do_syscall_x64 arch/x86/entry/common.c:50 [inline] + do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 + entry_SYSCALL_64_after_hwframe+0x44/0xae +RIP: 0033:0x7f25d0689049 +Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 +RSP: 002b:00007f25d183e168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e +RAX: ffffffffffffffda RBX: 00007f25d079c030 RCX: 00007f25d0689049 +RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000005 +RBP: 00007f25d06e308d R08: 0000000000000000 R09: 0000000000000000 +R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 +R13: 00007ffd0b752e3f R14: 00007f25d183e300 R15: 0000000000022000 + + +Fixes: 35c55fc156d8 ("cls_u32: use tcf_exts_get_net() before call_rcu()") +Signed-off-by: Eric Dumazet +Reported-by: syzbot +Cc: Cong Wang +Cc: Jiri Pirko +Acked-by: Jamal Hadi Salim +Signed-off-by: Jakub Kicinski +Acked-by: Michal Kubecek + +--- + net/sched/cls_u32.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +--- a/net/sched/cls_u32.c ++++ b/net/sched/cls_u32.c +@@ -386,14 +386,19 @@ static int u32_init(struct tcf_proto *tp) + return 0; + } + +-static int u32_destroy_key(struct tc_u_knode *n, bool free_pf) ++static void __u32_destroy_key(struct tc_u_knode *n) + { + struct tc_u_hnode *ht = rtnl_dereference(n->ht_down); + + tcf_exts_destroy(&n->exts); +- tcf_exts_put_net(&n->exts); + if (ht && --ht->refcnt == 0) + kfree(ht); ++ kfree(n); ++} ++ ++static void u32_destroy_key(struct tc_u_knode *n, bool free_pf) ++{ ++ tcf_exts_put_net(&n->exts); + #ifdef CONFIG_CLS_U32_PERF + if (free_pf) + free_percpu(n->pf); +@@ -402,8 +407,7 @@ static int u32_destroy_key(struct tc_u_knode *n, bool free_pf) + if (free_pf) + free_percpu(n->pcpu_success); + #endif +- kfree(n); +- return 0; ++ __u32_destroy_key(n); + } + + /* u32_delete_key_rcu should be called when free'ing a copied +@@ -898,13 +902,13 @@ static int u32_change(struct net *net, struct sk_buff *in_skb, + tca[TCA_RATE], ovr, extack); + + if (err) { +- u32_destroy_key(new, false); ++ __u32_destroy_key(new); + return err; + } + + err = u32_replace_hw_knode(tp, new, flags, extack); + if (err) { +- u32_destroy_key(new, false); ++ __u32_destroy_key(new); + return err; + } + diff --git a/patches.suse/net-sonic-Fix-a-resource-leak-in-an-error-handling-p.patch b/patches.suse/net-sonic-Fix-a-resource-leak-in-an-error-handling-p.patch new file mode 100644 index 0000000..ffac999 --- /dev/null +++ b/patches.suse/net-sonic-Fix-a-resource-leak-in-an-error-handling-p.patch @@ -0,0 +1,49 @@ +From 3d51ad7bba80fcfdd2d6cafae0e9e4b3c5414583 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Mon, 27 Apr 2020 08:18:03 +0200 +Subject: [PATCH 1/5] net/sonic: Fix a resource leak in an error handling path + in 'jazz_sonic_probe()' +Git-commit: 10e3cc180e64385edc9890c6855acf5ed9ca1339 +Patch-mainline: v5.7-rc5 +References: git-fixes + +A call to 'dma_alloc_coherent()' is hidden in 'sonic_alloc_descriptors()', +called from 'sonic_probe1()'. + +This is correctly freed in the remove function, but not in the error +handling path of the probe function. +Fix it and add the missing 'dma_free_coherent()' call. + +While at it, rename a label in order to be slightly more informative. + +Fixes: efcce839360f ("[PATCH] macsonic/jazzsonic network drivers update") +Signed-off-by: Christophe JAILLET +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/natsemi/jazzsonic.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/ethernet/natsemi/jazzsonic.c b/drivers/net/ethernet/natsemi/jazzsonic.c +index 51fa82b429a3..40970352d208 100644 +--- a/drivers/net/ethernet/natsemi/jazzsonic.c ++++ b/drivers/net/ethernet/natsemi/jazzsonic.c +@@ -235,11 +235,13 @@ static int jazz_sonic_probe(struct platform_device *pdev) + + err = register_netdev(dev); + if (err) +- goto out1; ++ goto undo_probe1; + + return 0; + +-out1: ++undo_probe1: ++ dma_free_coherent(lp->device, SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode), ++ lp->descriptors, lp->descriptors_laddr); + release_mem_region(dev->base_addr, SONIC_MEM_SIZE); + out: + free_netdev(dev); +-- +2.16.4 + diff --git a/patches.suse/net-sonic-Fix-some-resource-leaks-in-error-handling-.patch b/patches.suse/net-sonic-Fix-some-resource-leaks-in-error-handling-.patch new file mode 100644 index 0000000..3164221 --- /dev/null +++ b/patches.suse/net-sonic-Fix-some-resource-leaks-in-error-handling-.patch @@ -0,0 +1,94 @@ +From dde9533ba4198cf35e0733ab06a8a6f3aaeefb65 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sun, 3 Jan 2021 11:26:26 +1100 +Subject: [PATCH 3/5] net/sonic: Fix some resource leaks in error handling + paths +Git-commit: 0f7ba7bc46fa0b574ccacf5672991b321e028492 +Patch-mainline: v5.11-rc3 +References: git-fixes + +A call to dma_alloc_coherent() is wrapped by sonic_alloc_descriptors(). + +This is correctly freed in the remove function, but not in the error +handling path of the probe function. Fix this by adding the missing +dma_free_coherent() call. + +While at it, rename a label in order to be slightly more informative. + +Cc: Christophe JAILLET +Cc: Thomas Bogendoerfer +Cc: Chris Zankel +References: commit 10e3cc180e64 ("net/sonic: Fix a resource leak in an error handling path in 'jazz_sonic_probe()'") +Fixes: 74f2a5f0ef64 ("xtensa: Add support for the Sonic Ethernet device for the XT2000 board.") +Fixes: efcce839360f ("[PATCH] macsonic/jazzsonic network drivers update") +Signed-off-by: Christophe JAILLET +Signed-off-by: Finn Thain +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/natsemi/macsonic.c | 12 ++++++++++-- + drivers/net/ethernet/natsemi/xtsonic.c | 7 +++++-- + 2 files changed, 15 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/natsemi/macsonic.c b/drivers/net/ethernet/natsemi/macsonic.c +index 0937fc2a928e..23c9394cd5d2 100644 +--- a/drivers/net/ethernet/natsemi/macsonic.c ++++ b/drivers/net/ethernet/natsemi/macsonic.c +@@ -540,10 +540,14 @@ static int mac_sonic_platform_probe(struct platform_device *pdev) + + err = register_netdev(dev); + if (err) +- goto out; ++ goto undo_probe; + + return 0; + ++undo_probe: ++ dma_free_coherent(lp->device, ++ SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode), ++ lp->descriptors, lp->descriptors_laddr); + out: + free_netdev(dev); + +@@ -618,12 +622,16 @@ static int mac_sonic_nubus_probe(struct nubus_board *board) + + err = register_netdev(ndev); + if (err) +- goto out; ++ goto undo_probe; + + nubus_set_drvdata(board, ndev); + + return 0; + ++undo_probe: ++ dma_free_coherent(lp->device, ++ SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode), ++ lp->descriptors, lp->descriptors_laddr); + out: + free_netdev(ndev); + return err; +diff --git a/drivers/net/ethernet/natsemi/xtsonic.c b/drivers/net/ethernet/natsemi/xtsonic.c +index e1b886e87a76..44171d7bb434 100644 +--- a/drivers/net/ethernet/natsemi/xtsonic.c ++++ b/drivers/net/ethernet/natsemi/xtsonic.c +@@ -265,11 +265,14 @@ int xtsonic_probe(struct platform_device *pdev) + sonic_msg_init(dev); + + if ((err = register_netdev(dev))) +- goto out1; ++ goto undo_probe1; + + return 0; + +-out1: ++undo_probe1: ++ dma_free_coherent(lp->device, ++ SIZEOF_SONIC_DESC * SONIC_BUS_SCALE(lp->dma_bitmode), ++ lp->descriptors, lp->descriptors_laddr); + release_region(dev->base_addr, SONIC_MEM_SIZE); + out: + free_netdev(dev); +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-Modify-configuration-method-of-EEE-timers.patch b/patches.suse/net-stmmac-Modify-configuration-method-of-EEE-timers.patch new file mode 100644 index 0000000..d778514 --- /dev/null +++ b/patches.suse/net-stmmac-Modify-configuration-method-of-EEE-timers.patch @@ -0,0 +1,182 @@ +From 696824b30722a4665b857ce4253de23b40e7ce9e Mon Sep 17 00:00:00 2001 +From: "Vineetha G. Jaya Kumaran" +Date: Thu, 1 Oct 2020 23:56:09 +0800 +Subject: [PATCH 3/5] net: stmmac: Modify configuration method of EEE timers +Git-commit: 388e201d41fa1ed8f2dce0f0567f56f8e919ffb0 +Patch-mainline: v5.9 +References: git-fixes + +Ethtool manual stated that the tx-timer is the "the amount of time the +device should stay in idle mode prior to asserting its Tx LPI". The +previous implementation for "ethtool --set-eee tx-timer" sets the LPI TW +timer duration which is not correct. Hence, this patch fixes the +"ethtool --set-eee tx-timer" to configure the EEE LPI timer. + +The LPI TW Timer will be using the defined default value instead of +"ethtool --set-eee tx-timer" which follows the EEE LS timer implementation. + +Changelog V2 +*Not removing/modifying the eee_timer. +*EEE LPI timer can be configured through ethtool and also the eee_timer +module param. +*EEE TW Timer will be configured with default value only, not able to be +configured through ethtool or module param. This follows the implementation +of the EEE LS Timer. + +Fixes: d765955d2ae0 ("stmmac: add the Energy Efficient Ethernet support") +Signed-off-by: Vineetha G. Jaya Kumaran +Signed-off-by: Voon Weifeng +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/stmmac.h | 2 ++ + .../net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 12 ++++++++++- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 23 ++++++++++++++-------- + 3 files changed, 28 insertions(+), 9 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac.h b/drivers/net/ethernet/stmicro/stmmac/stmmac.h +index 5cd966c154f3..8c5dd90c5cc4 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac.h ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac.h +@@ -170,6 +170,8 @@ struct stmmac_priv { + int eee_enabled; + int eee_active; + int tx_lpi_timer; ++ int tx_lpi_enabled; ++ int eee_tw_timer; + unsigned int mode; + unsigned int chain_mode; + int extend_desc; +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c +index 34515b1dc427..66c858b782cb 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c +@@ -636,6 +636,7 @@ static int stmmac_ethtool_op_get_eee(struct net_device *dev, + edata->eee_enabled = priv->eee_enabled; + edata->eee_active = priv->eee_active; + edata->tx_lpi_timer = priv->tx_lpi_timer; ++ edata->tx_lpi_enabled = priv->tx_lpi_enabled; + + return phylink_ethtool_get_eee(priv->phylink, edata); + } +@@ -649,6 +650,10 @@ static int stmmac_ethtool_op_set_eee(struct net_device *dev, + if (!priv->dma_cap.eee) + return -EOPNOTSUPP; + ++ if (priv->tx_lpi_enabled != edata->tx_lpi_enabled) ++ netdev_warn(priv->dev, ++ "Setting EEE tx-lpi is not supported\n"); ++ + if (!edata->eee_enabled) + stmmac_disable_eee_mode(priv); + +@@ -656,7 +661,12 @@ static int stmmac_ethtool_op_set_eee(struct net_device *dev, + if (ret) + return ret; + +- priv->tx_lpi_timer = edata->tx_lpi_timer; ++ if (edata->eee_enabled && ++ priv->tx_lpi_timer != edata->tx_lpi_timer) { ++ priv->tx_lpi_timer = edata->tx_lpi_timer; ++ stmmac_eee_init(priv); ++ } ++ + return 0; + } + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index b530701e7ac0..1eb8a5b94047 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -93,7 +93,7 @@ static const u32 default_msg_level = (NETIF_MSG_DRV | NETIF_MSG_PROBE | + static int eee_timer = STMMAC_DEFAULT_LPI_TIMER; + module_param(eee_timer, int, 0644); + MODULE_PARM_DESC(eee_timer, "LPI tx expiration time in msec"); +-#define STMMAC_LPI_T(x) (jiffies + msecs_to_jiffies(x)) ++#define STMMAC_LPI_T(x) (jiffies + usecs_to_jiffies(x)) + + /* By default the driver will use the ring mode to manage tx and rx descriptors, + * but allow user to force to use the chain instead of the ring +@@ -342,7 +342,7 @@ static void stmmac_eee_ctrl_timer(struct timer_list *t) + struct stmmac_priv *priv = from_timer(priv, t, eee_ctrl_timer); + + stmmac_enable_eee_mode(priv); +- mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(eee_timer)); ++ mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(priv->tx_lpi_timer)); + } + + /** +@@ -355,7 +355,7 @@ static void stmmac_eee_ctrl_timer(struct timer_list *t) + */ + bool stmmac_eee_init(struct stmmac_priv *priv) + { +- int tx_lpi_timer = priv->tx_lpi_timer; ++ int eee_tw_timer = priv->eee_tw_timer; + + /* Using PCS we cannot dial with the phy registers at this stage + * so we do not support extra feature like EEE. +@@ -376,7 +376,7 @@ bool stmmac_eee_init(struct stmmac_priv *priv) + if (priv->eee_enabled) { + netdev_dbg(priv->dev, "disable EEE\n"); + del_timer_sync(&priv->eee_ctrl_timer); +- stmmac_set_eee_timer(priv, priv->hw, 0, tx_lpi_timer); ++ stmmac_set_eee_timer(priv, priv->hw, 0, eee_tw_timer); + } + mutex_unlock(&priv->lock); + return false; +@@ -384,11 +384,12 @@ bool stmmac_eee_init(struct stmmac_priv *priv) + + if (priv->eee_active && !priv->eee_enabled) { + timer_setup(&priv->eee_ctrl_timer, stmmac_eee_ctrl_timer, 0); +- mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(eee_timer)); + stmmac_set_eee_timer(priv, priv->hw, STMMAC_DEFAULT_LIT_LS, +- tx_lpi_timer); ++ eee_tw_timer); + } + ++ mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(priv->tx_lpi_timer)); ++ + mutex_unlock(&priv->lock); + netdev_dbg(priv->dev, "Energy-Efficient Ethernet initialized\n"); + return true; +@@ -856,6 +857,7 @@ static void stmmac_mac_link_down(struct phylink_config *config, + + stmmac_mac_set(priv, priv->ioaddr, false); + priv->eee_active = false; ++ priv->tx_lpi_enabled = false; + stmmac_eee_init(priv); + stmmac_set_eee_pls(priv, priv->hw, false); + } +@@ -925,6 +927,7 @@ static void stmmac_mac_link_up(struct phylink_config *config, + if (phy && priv->dma_cap.eee) { + priv->eee_active = phy_init_eee(phy, 1) >= 0; + priv->eee_enabled = stmmac_eee_init(priv); ++ priv->tx_lpi_enabled = priv->eee_enabled; + stmmac_set_eee_pls(priv, priv->hw, true); + } + } +@@ -1936,7 +1939,7 @@ static int stmmac_tx_clean(struct stmmac_priv *priv, int budget, u32 queue) + + if ((priv->eee_enabled) && (!priv->tx_path_in_lpi_mode)) { + stmmac_enable_eee_mode(priv); +- mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(eee_timer)); ++ mod_timer(&priv->eee_ctrl_timer, STMMAC_LPI_T(priv->tx_lpi_timer)); + } + + /* We still have pending packets, let's call for a new scheduling */ +@@ -2548,7 +2551,11 @@ static int stmmac_hw_setup(struct net_device *dev, bool init_ptp) + netdev_warn(priv->dev, "PTP init failed\n"); + } + +- priv->tx_lpi_timer = STMMAC_DEFAULT_TWT_LS; ++ priv->eee_tw_timer = STMMAC_DEFAULT_TWT_LS; ++ ++ /* Convert the timer from msec to usec */ ++ if (!priv->tx_lpi_timer) ++ priv->tx_lpi_timer = eee_timer * 1000; + + if (priv->use_riwt) { + ret = stmmac_rx_watchdog(priv, priv->ioaddr, MIN_DMA_RIWT, rx_cnt); +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-Use-resolved-link-config-in-mac_link_up.patch b/patches.suse/net-stmmac-Use-resolved-link-config-in-mac_link_up.patch new file mode 100644 index 0000000..784cadb --- /dev/null +++ b/patches.suse/net-stmmac-Use-resolved-link-config-in-mac_link_up.patch @@ -0,0 +1,130 @@ +From b5f6d95733200adf12d1a251a3e6f0c58cf56e3a Mon Sep 17 00:00:00 2001 +From: Jose Abreu +Date: Mon, 9 Mar 2020 09:36:23 +0100 +Subject: [PATCH 2/5] net: stmmac: Use resolved link config in mac_link_up() +Git-commit: 46f69ded988d2311e3be2e4c3898fc0edd7e6c5a +Patch-mainline: v5.7-rc1 +References: git-fixes + +Convert the stmmac ethernet driver to use the finalised link parameters +in mac_link_up() rather than the parameters in mac_config(). + +Suggested-by: Russell King +Signed-off-by: Jose Abreu +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 66 +++++++++++------------ + 1 file changed, 33 insertions(+), 33 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index dc7b2a0c3ee2..b530701e7ac0 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -840,6 +840,31 @@ static int stmmac_mac_link_state(struct phylink_config *config, + + static void stmmac_mac_config(struct phylink_config *config, unsigned int mode, + const struct phylink_link_state *state) ++{ ++ /* Nothing for now. */ ++} ++ ++static void stmmac_mac_an_restart(struct phylink_config *config) ++{ ++ /* Not Supported */ ++} ++ ++static void stmmac_mac_link_down(struct phylink_config *config, ++ unsigned int mode, phy_interface_t interface) ++{ ++ struct stmmac_priv *priv = netdev_priv(to_net_dev(config->dev)); ++ ++ stmmac_mac_set(priv, priv->ioaddr, false); ++ priv->eee_active = false; ++ stmmac_eee_init(priv); ++ stmmac_set_eee_pls(priv, priv->hw, false); ++} ++ ++static void stmmac_mac_link_up(struct phylink_config *config, ++ struct phy_device *phy, ++ unsigned int mode, phy_interface_t interface, ++ int speed, int duplex, ++ bool tx_pause, bool rx_pause) + { + struct stmmac_priv *priv = netdev_priv(to_net_dev(config->dev)); + u32 ctrl; +@@ -847,8 +872,8 @@ static void stmmac_mac_config(struct phylink_config *config, unsigned int mode, + ctrl = readl(priv->ioaddr + MAC_CTRL_REG); + ctrl &= ~priv->hw->link.speed_mask; + +- if (state->interface == PHY_INTERFACE_MODE_USXGMII) { +- switch (state->speed) { ++ if (interface == PHY_INTERFACE_MODE_USXGMII) { ++ switch (speed) { + case SPEED_10000: + ctrl |= priv->hw->link.xgmii.speed10000; + break; +@@ -862,7 +887,7 @@ static void stmmac_mac_config(struct phylink_config *config, unsigned int mode, + return; + } + } else { +- switch (state->speed) { ++ switch (speed) { + case SPEED_2500: + ctrl |= priv->hw->link.speed2500; + break; +@@ -880,46 +905,21 @@ static void stmmac_mac_config(struct phylink_config *config, unsigned int mode, + } + } + +- priv->speed = state->speed; ++ priv->speed = speed; + + if (priv->plat->fix_mac_speed) +- priv->plat->fix_mac_speed(priv->plat->bsp_priv, state->speed); ++ priv->plat->fix_mac_speed(priv->plat->bsp_priv, speed); + +- if (!state->duplex) ++ if (!duplex) + ctrl &= ~priv->hw->link.duplex; + else + ctrl |= priv->hw->link.duplex; + + /* Flow Control operation */ +- if (state->pause) +- stmmac_mac_flow_ctrl(priv, state->duplex); ++ if (tx_pause && rx_pause) ++ stmmac_mac_flow_ctrl(priv, duplex); + + writel(ctrl, priv->ioaddr + MAC_CTRL_REG); +-} +- +-static void stmmac_mac_an_restart(struct phylink_config *config) +-{ +- /* Not Supported */ +-} +- +-static void stmmac_mac_link_down(struct phylink_config *config, +- unsigned int mode, phy_interface_t interface) +-{ +- struct stmmac_priv *priv = netdev_priv(to_net_dev(config->dev)); +- +- stmmac_mac_set(priv, priv->ioaddr, false); +- priv->eee_active = false; +- stmmac_eee_init(priv); +- stmmac_set_eee_pls(priv, priv->hw, false); +-} +- +-static void stmmac_mac_link_up(struct phylink_config *config, +- struct phy_device *phy, +- unsigned int mode, phy_interface_t interface, +- int speed, int duplex, +- bool tx_pause, bool rx_pause) +-{ +- struct stmmac_priv *priv = netdev_priv(to_net_dev(config->dev)); + + stmmac_mac_set(priv, priv->ioaddr, true); + if (phy && priv->dma_cap.eee) { +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-dwmac-sun8i-Provide-TX-and-RX-fifo-sizes.patch b/patches.suse/net-stmmac-dwmac-sun8i-Provide-TX-and-RX-fifo-sizes.patch new file mode 100644 index 0000000..72477d2 --- /dev/null +++ b/patches.suse/net-stmmac-dwmac-sun8i-Provide-TX-and-RX-fifo-sizes.patch @@ -0,0 +1,46 @@ +From 07feb844641f048f0e660d8280e893cc8d530845 Mon Sep 17 00:00:00 2001 +From: Corentin Labbe +Date: Fri, 19 Mar 2021 13:44:22 +0000 +Subject: [PATCH 09/17] net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes +Git-commit: 014dfa26ce1c647af09bf506285ef67e0e3f0a6b +References: git-fixes +Patch-mainline: v5.12-rc5 + +MTU cannot be changed on dwmac-sun8i. (ip link set eth0 mtu xxx returning EINVAL) +This is due to tx_fifo_size being 0, since this value is used to compute valid +MTU range. +Like dwmac-sunxi (with commit 806fd188ce2a ("net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes")) +dwmac-sun8i need to have tx and rx fifo sizes set. +I have used values from datasheets. +After this patch, setting a non-default MTU (like 1000) value works and network is still useable. + +Tested-on: sun8i-h3-orangepi-pc +Tested-on: sun8i-r40-bananapi-m2-ultra +Tested-on: sun50i-a64-bananapi-m64 +Tested-on: sun50i-h5-nanopi-neo-plus2 +Tested-on: sun50i-h6-pine-h64 +Fixes: 9f93ac8d408 ("net-next: stmmac: Add dwmac-sun8i") +Reported-by: Belisko Marek +Signed-off-by: Corentin Labbe +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c +index f4373a3ecd90..b486b03bd870 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c +@@ -1200,6 +1200,8 @@ static int sun8i_dwmac_probe(struct platform_device *pdev) + plat_dat->init = sun8i_dwmac_init; + plat_dat->exit = sun8i_dwmac_exit; + plat_dat->setup = sun8i_dwmac_setup; ++ plat_dat->tx_fifo_size = 4096; ++ plat_dat->rx_fifo_size = 16384; + + ret = sun8i_dwmac_set_syscon(&pdev->dev, plat_dat); + if (ret) +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-dwmac1000-provide-multicast-filter-fallba.patch b/patches.suse/net-stmmac-dwmac1000-provide-multicast-filter-fallba.patch new file mode 100644 index 0000000..95148a2 --- /dev/null +++ b/patches.suse/net-stmmac-dwmac1000-provide-multicast-filter-fallba.patch @@ -0,0 +1,38 @@ +From 17624da264b5ec274706cea367f19ec95a3498ce Mon Sep 17 00:00:00 2001 +From: Jonathan McDowell +Date: Wed, 12 Aug 2020 20:37:01 +0100 +Subject: [PATCH 3/9] net: stmmac: dwmac1000: provide multicast filter fallback +Git-commit: 592d751c1e174df5ff219946908b005eb48934b3 +Patch-mainline: v5.9-rc1 +References: git-fixes + +If we don't have a hardware multicast filter available then instead of +silently failing to listen for the requested ethernet broadcast +addresses fall back to receiving all multicast packets, in a similar +fashion to other drivers with no multicast filter. + +Cc: stable@vger.kernel.org +Signed-off-by: Jonathan McDowell +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c b/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c +index bc9b01376e80..1d0b64bd1e1a 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c +@@ -166,6 +166,9 @@ static void dwmac1000_set_filter(struct mac_device_info *hw, + value = GMAC_FRAME_FILTER_PR | GMAC_FRAME_FILTER_PCF; + } else if (dev->flags & IFF_ALLMULTI) { + value = GMAC_FRAME_FILTER_PM; /* pass all multi */ ++ } else if (!netdev_mc_empty(dev) && (mcbitslog2 == 0)) { ++ /* Fall back to all multicast if we've no filter */ ++ value = GMAC_FRAME_FILTER_PM; + } else if (!netdev_mc_empty(dev)) { + struct netdev_hw_addr *ha; + +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-fix-CBS-idleslope-and-sendslope-calculati.patch b/patches.suse/net-stmmac-fix-CBS-idleslope-and-sendslope-calculati.patch new file mode 100644 index 0000000..cab81fc --- /dev/null +++ b/patches.suse/net-stmmac-fix-CBS-idleslope-and-sendslope-calculati.patch @@ -0,0 +1,79 @@ +From 7ea543652e5d05ab5e771e4a65516cff6596bd82 Mon Sep 17 00:00:00 2001 +From: "Song, Yoong Siang" +Date: Thu, 18 Feb 2021 21:40:53 +0800 +Subject: [PATCH 12/14] net: stmmac: fix CBS idleslope and sendslope + calculation +Git-commit: 24877687b375f2c476ffb726ea915fc85df09e3d +Patch-mainline: v5.12-rc1 +References: git-fixes + +When link speed is not 100 Mbps, port transmit rate and speed divider +are set to 8 and 1000000 respectively. These values are incorrect for +CBS idleslope and sendslope HW values calculation if the link speed is +not 1 Gbps. + +This patch adds switch statement to set the values of port transmit rate +and speed divider for 10 Gbps, 5 Gbps, 2.5 Gbps, 1 Gbps, and 100 Mbps. +Note that CBS is not supported at 10 Mbps. + +Fixes: bc41a6689b30 ("net: stmmac: tc: Remove the speed dependency") +Fixes: 1f705bc61aee ("net: stmmac: Add support for CBS QDISC") +Signed-off-by: Song, Yoong Siang +Link: https://lore.kernel.org/r/1613655653-11755-1-git-send-email-yoong.siang.song@intel.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c | 30 +++++++++++++++++++++---- + 1 file changed, 26 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c +index 6bfed65ae0f9..b3077a6bb8ad 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_tc.c +@@ -306,6 +306,32 @@ static int tc_setup_cbs(struct stmmac_priv *priv, + if (priv->speed != SPEED_100 && priv->speed != SPEED_1000) + return -EOPNOTSUPP; + ++ /* Port Transmit Rate and Speed Divider */ ++ switch (priv->speed) { ++ case SPEED_10000: ++ ptr = 32; ++ speed_div = 10000000; ++ break; ++ case SPEED_5000: ++ ptr = 32; ++ speed_div = 5000000; ++ break; ++ case SPEED_2500: ++ ptr = 8; ++ speed_div = 2500000; ++ break; ++ case SPEED_1000: ++ ptr = 8; ++ speed_div = 1000000; ++ break; ++ case SPEED_100: ++ ptr = 4; ++ speed_div = 100000; ++ break; ++ default: ++ return -EOPNOTSUPP; ++ } ++ + mode_to_use = priv->plat->tx_queues_cfg[queue].mode_to_use; + if (mode_to_use == MTL_QUEUE_DCB && qopt->enable) { + ret = stmmac_dma_qmode(priv, priv->ioaddr, queue, MTL_QUEUE_AVB); +@@ -322,10 +348,6 @@ static int tc_setup_cbs(struct stmmac_priv *priv, + priv->plat->tx_queues_cfg[queue].mode_to_use = MTL_QUEUE_DCB; + } + +- /* Port Transmit Rate and Speed Divider */ +- ptr = (priv->speed == SPEED_100) ? 4 : 8; +- speed_div = (priv->speed == SPEED_100) ? 100000 : 1000000; +- + /* Final adjustments for HW */ + value = div_s64(qopt->idleslope * 1024ll * ptr, speed_div); + priv->plat->tx_queues_cfg[queue].idle_slope = value & GENMASK(31, 0); +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-fix-incorrect-DMA-channel-intr-enable-set.patch b/patches.suse/net-stmmac-fix-incorrect-DMA-channel-intr-enable-set.patch new file mode 100644 index 0000000..95e7015 --- /dev/null +++ b/patches.suse/net-stmmac-fix-incorrect-DMA-channel-intr-enable-set.patch @@ -0,0 +1,62 @@ +From ac770c3d14e6961a9fdfc889d673b1a189fef4b0 Mon Sep 17 00:00:00 2001 +From: Ong Boon Leong +Date: Wed, 3 Mar 2021 20:38:40 +0530 +Subject: [PATCH 04/17] net: stmmac: fix incorrect DMA channel intr enable + setting of EQoS v4.10 +Git-commit: 879c348c35bb5fb758dd881d8a97409c1862dae8 +References: git-fixes +Patch-mainline: v5.12-rc3 + +We introduce dwmac410_dma_init_channel() here for both EQoS v4.10 and +above which use different DMA_CH(n)_Interrupt_Enable bit definitions for +NIE and AIE. + +Fixes: 48863ce5940f ("stmmac: add DMA support for GMAC 4.xx") +Signed-off-by: Ong Boon Leong +Signed-off-by: Ramesh Babu B +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 19 ++++++++++++++++++- + 1 file changed, 18 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +index e16776ef03da..d82280bb06e8 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c +@@ -124,6 +124,23 @@ static void dwmac4_dma_init_channel(void __iomem *ioaddr, + ioaddr + DMA_CHAN_INTR_ENA(chan)); + } + ++static void dwmac410_dma_init_channel(void __iomem *ioaddr, ++ struct stmmac_dma_cfg *dma_cfg, u32 chan) ++{ ++ u32 value; ++ ++ /* common channel control register config */ ++ value = readl(ioaddr + DMA_CHAN_CONTROL(chan)); ++ if (dma_cfg->pblx8) ++ value = value | DMA_BUS_MODE_PBL; ++ ++ writel(value, ioaddr + DMA_CHAN_CONTROL(chan)); ++ ++ /* Mask interrupts by writing to CSR7 */ ++ writel(DMA_CHAN_INTR_DEFAULT_MASK_4_10, ++ ioaddr + DMA_CHAN_INTR_ENA(chan)); ++} ++ + static void dwmac4_dma_init(void __iomem *ioaddr, + struct stmmac_dma_cfg *dma_cfg, int atds) + { +@@ -487,7 +504,7 @@ const struct stmmac_dma_ops dwmac4_dma_ops = { + const struct stmmac_dma_ops dwmac410_dma_ops = { + .reset = dwmac4_dma_reset, + .init = dwmac4_dma_init, +- .init_chan = dwmac4_dma_init_channel, ++ .init_chan = dwmac410_dma_init_channel, + .init_rx_chan = dwmac4_dma_init_rx_chan, + .init_tx_chan = dwmac4_dma_init_tx_chan, + .axi = dwmac4_dma_axi, +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-fix-watchdog-timeout-during-suspend-resum.patch b/patches.suse/net-stmmac-fix-watchdog-timeout-during-suspend-resum.patch new file mode 100644 index 0000000..8023d4b --- /dev/null +++ b/patches.suse/net-stmmac-fix-watchdog-timeout-during-suspend-resum.patch @@ -0,0 +1,48 @@ +From 6c5e9b4c067b63bce93aa8a794432e30eb0601ea Mon Sep 17 00:00:00 2001 +From: Joakim Zhang +Date: Thu, 25 Feb 2021 17:01:11 +0800 +Subject: [PATCH 14/14] net: stmmac: fix watchdog timeout during suspend/resume + stress test +Git-commit: c511819d138de38e1637eedb645c207e09680d0f +Patch-mainline: v5.12-rc3 +References: git-fixes + +stmmac_xmit() call stmmac_tx_timer_arm() at the end to modify tx timer to +do the transmission cleanup work. Imagine such a situation, stmmac enters +suspend immediately after tx timer modified, it's expire callback +stmmac_tx_clean() would not be invoked. This could affect BQL, since +netdev_tx_sent_queue() has been called, but netdev_tx_completed_queue() +have not been involved, as a result, dql_avail(&dev_queue->dql) finally +always return a negative value. + +__dev_queue_xmit->__dev_xmit_skb->qdisc_run->__qdisc_run->qdisc_restart->dequeue_skb: + if ((q->flags & TCQ_F_ONETXQUEUE) && + netif_xmit_frozen_or_stopped(txq)) // __QUEUE_STATE_STACK_XOFF is set + +Net core will stop transmitting any more. Finillay, net watchdong would timeout. +To fix this issue, we should call netdev_tx_reset_queue() in stmmac_resume(). + +Fixes: 54139cf3bb33 ("net: stmmac: adding multiple buffers for rx") +Signed-off-by: Joakim Zhang +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +index 4c6f8487c774..1eb8a5b94047 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c ++++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_main.c +@@ -4572,6 +4572,8 @@ static void stmmac_reset_queues_param(struct stmmac_priv *priv) + tx_q->cur_tx = 0; + tx_q->dirty_tx = 0; + tx_q->mss = 0; ++ ++ netdev_tx_reset_queue(netdev_get_tx_queue(priv->dev, queue)); + } + } + +-- +2.16.4 + diff --git a/patches.suse/net-stmmac-stop-each-tx-channel-independently.patch b/patches.suse/net-stmmac-stop-each-tx-channel-independently.patch new file mode 100644 index 0000000..ccbefbc --- /dev/null +++ b/patches.suse/net-stmmac-stop-each-tx-channel-independently.patch @@ -0,0 +1,37 @@ +From a9b1cb799506fc0ca85665861d0fefd0cfeb1c25 Mon Sep 17 00:00:00 2001 +From: Joakim Zhang +Date: Thu, 25 Feb 2021 17:01:10 +0800 +Subject: [PATCH 13/14] net: stmmac: stop each tx channel independently +Git-commit: a3e860a83397bf761ec1128a3f0ba186445992c6 +Patch-mainline: v5.12-rc3 +References: git-fixes + +If clear GMAC_CONFIG_TE bit, it would stop all tx channels, but users +may only want to stop specific tx channel. + +Fixes: 48863ce5940f ("stmmac: add DMA support for GMAC 4.xx") +Signed-off-by: Joakim Zhang +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c +index f2a29a90e085..afdea015f4b4 100644 +--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c ++++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c +@@ -60,10 +60,6 @@ void dwmac4_dma_stop_tx(void __iomem *ioaddr, u32 chan) + + value &= ~DMA_CONTROL_ST; + writel(value, ioaddr + DMA_CHAN_TX_CONTROL(chan)); +- +- value = readl(ioaddr + GMAC_CONFIG); +- value &= ~GMAC_CONFIG_TE; +- writel(value, ioaddr + GMAC_CONFIG); + } + + void dwmac4_dma_start_rx(void __iomem *ioaddr, u32 chan) +-- +2.16.4 + diff --git a/patches.suse/net-tun-set-tun-dev-addr_len-during-TUNSETLINK-proce.patch b/patches.suse/net-tun-set-tun-dev-addr_len-during-TUNSETLINK-proce.patch new file mode 100644 index 0000000..0ab7c8b --- /dev/null +++ b/patches.suse/net-tun-set-tun-dev-addr_len-during-TUNSETLINK-proce.patch @@ -0,0 +1,101 @@ +From 03c8f8edd31682f3e6ed7527ccfaa93b418ce89c Mon Sep 17 00:00:00 2001 +From: Phillip Potter +Date: Tue, 6 Apr 2021 18:45:54 +0100 +Subject: [PATCH 15/17] net: tun: set tun->dev->addr_len during TUNSETLINK + processing +Git-commit: cca8ea3b05c972ffb5295367e6c544369b45fbdd +References: git-fixes +Patch-mainline: v5.12-rc7 + +When changing type with TUNSETLINK ioctl command, set tun->dev->addr_len +to match the appropriate type, using new tun_get_addr_len utility function +which returns appropriate address length for given type. Fixes a +KMSAN-found uninit-value bug reported by syzbot at: +https://syzkaller.appspot.com/bug?id=0766d38c656abeace60621896d705743aeefed51 + +Reported-by: syzbot+001516d86dbe88862cec@syzkaller.appspotmail.com +Diagnosed-by: Eric Dumazet +Signed-off-by: Phillip Potter +Reviewed-by: Eric Dumazet +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/tun.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) + +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index f82fd220a0e7..afe9a7a331f3 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -69,6 +69,14 @@ + #include + #include + #include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include + + #include + #include +@@ -3003,6 +3011,45 @@ static int tun_set_ebpf(struct tun_struct *tun, struct tun_prog __rcu **prog_p, + return __tun_set_ebpf(tun, prog_p, prog); + } + ++/* Return correct value for tun->dev->addr_len based on tun->dev->type. */ ++static unsigned char tun_get_addr_len(unsigned short type) ++{ ++ switch (type) { ++ case ARPHRD_IP6GRE: ++ case ARPHRD_TUNNEL6: ++ return sizeof(struct in6_addr); ++ case ARPHRD_IPGRE: ++ case ARPHRD_TUNNEL: ++ case ARPHRD_SIT: ++ return 4; ++ case ARPHRD_ETHER: ++ return ETH_ALEN; ++ case ARPHRD_IEEE802154: ++ case ARPHRD_IEEE802154_MONITOR: ++ return IEEE802154_EXTENDED_ADDR_LEN; ++ case ARPHRD_PHONET_PIPE: ++ case ARPHRD_PPP: ++ case ARPHRD_NONE: ++ return 0; ++ case ARPHRD_6LOWPAN: ++ return EUI64_ADDR_LEN; ++ case ARPHRD_FDDI: ++ return FDDI_K_ALEN; ++ case ARPHRD_HIPPI: ++ return HIPPI_ALEN; ++ case ARPHRD_IEEE802: ++ return FC_ALEN; ++ case ARPHRD_ROSE: ++ return ROSE_ADDR_LEN; ++ case ARPHRD_NETROM: ++ return AX25_ADDR_LEN; ++ case ARPHRD_LOCALTLK: ++ return LTALK_ALEN; ++ default: ++ return 0; ++ } ++} ++ + static long __tun_chr_ioctl(struct file *file, unsigned int cmd, + unsigned long arg, int ifreq_len) + { +@@ -3158,6 +3205,7 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, + ret = -EBUSY; + } else { + tun->dev->type = (int) arg; ++ tun->dev->addr_len = tun_get_addr_len(tun->dev->type); + netif_info(tun, drv, tun->dev, "linktype set to %d\n", + tun->dev->type); + ret = 0; +-- +2.16.4 + diff --git a/patches.suse/net-usb-ax88179_178a-add-Allied-Telesis-AT-UMCs.patch b/patches.suse/net-usb-ax88179_178a-add-Allied-Telesis-AT-UMCs.patch new file mode 100644 index 0000000..2f1878f --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-add-Allied-Telesis-AT-UMCs.patch @@ -0,0 +1,91 @@ +From 9fe087dda5bf097007b263664051bc0e84f6580d Mon Sep 17 00:00:00 2001 +From: Greg Jesionowski +Date: Wed, 23 Mar 2022 15:00:24 -0700 +Subject: [PATCH] net: usb: ax88179_178a: add Allied Telesis AT-UMCs +Git-commit: 9fe087dda5bf097007b263664051bc0e84f6580d +References: git-fixes +Patch-mainline: v5.18-rc1 + +Adds the driver_info and IDs for the AX88179 based Allied Telesis AT-UMC +family of devices. + +Signed-off-by: Greg Jesionowski +Link: https://lore.kernel.org/r/20220323220024.GA36800@test-HP-EliteDesk-800-G1-SFF +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 51 ++++++++++++++++++++++++++++++++++ + 1 file changed, 51 insertions(+) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index a31098981a65..e2fa56b92685 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -1872,6 +1872,45 @@ static const struct driver_info mct_info = { + .tx_fixup = ax88179_tx_fixup, + }; + ++static const struct driver_info at_umc2000_info = { ++ .description = "AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter", ++ .bind = ax88179_bind, ++ .unbind = ax88179_unbind, ++ .status = ax88179_status, ++ .link_reset = ax88179_link_reset, ++ .reset = ax88179_reset, ++ .stop = ax88179_stop, ++ .flags = FLAG_ETHER | FLAG_FRAMING_AX, ++ .rx_fixup = ax88179_rx_fixup, ++ .tx_fixup = ax88179_tx_fixup, ++}; ++ ++static const struct driver_info at_umc200_info = { ++ .description = "AT-UMC200 USB 3.0/USB 3.1 Gen 1 to Fast Ethernet Adapter", ++ .bind = ax88179_bind, ++ .unbind = ax88179_unbind, ++ .status = ax88179_status, ++ .link_reset = ax88179_link_reset, ++ .reset = ax88179_reset, ++ .stop = ax88179_stop, ++ .flags = FLAG_ETHER | FLAG_FRAMING_AX, ++ .rx_fixup = ax88179_rx_fixup, ++ .tx_fixup = ax88179_tx_fixup, ++}; ++ ++static const struct driver_info at_umc2000sp_info = { ++ .description = "AT-UMC2000/SP USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter", ++ .bind = ax88179_bind, ++ .unbind = ax88179_unbind, ++ .status = ax88179_status, ++ .link_reset = ax88179_link_reset, ++ .reset = ax88179_reset, ++ .stop = ax88179_stop, ++ .flags = FLAG_ETHER | FLAG_FRAMING_AX, ++ .rx_fixup = ax88179_rx_fixup, ++ .tx_fixup = ax88179_tx_fixup, ++}; ++ + static const struct usb_device_id products[] = { + { + /* ASIX AX88179 10/100/1000 */ +@@ -1913,6 +1952,18 @@ static const struct usb_device_id products[] = { + /* Magic Control Technology U3-A9003 USB 3.0 Gigabit Ethernet Adapter */ + USB_DEVICE(0x0711, 0x0179), + .driver_info = (unsigned long)&mct_info, ++}, { ++ /* Allied Telesis AT-UMC2000 USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter */ ++ USB_DEVICE(0x07c9, 0x000e), ++ .driver_info = (unsigned long)&at_umc2000_info, ++}, { ++ /* Allied Telesis AT-UMC200 USB 3.0/USB 3.1 Gen 1 to Fast Ethernet Adapter */ ++ USB_DEVICE(0x07c9, 0x000f), ++ .driver_info = (unsigned long)&at_umc200_info, ++}, { ++ /* Allied Telesis AT-UMC2000/SP USB 3.0/USB 3.1 Gen 1 to Gigabit Ethernet Adapter */ ++ USB_DEVICE(0x07c9, 0x0010), ++ .driver_info = (unsigned long)&at_umc2000sp_info, + }, + { }, + }; +-- +2.35.3 + diff --git a/patches.suse/net-usb-ax88179_178a-add-MCT-usb-3.0-adapter.patch b/patches.suse/net-usb-ax88179_178a-add-MCT-usb-3.0-adapter.patch new file mode 100644 index 0000000..fc5266c --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-add-MCT-usb-3.0-adapter.patch @@ -0,0 +1,56 @@ +From c92a79829c7c169139874aa1d4bf6da32d10c38a Mon Sep 17 00:00:00 2001 +From: Wilken Gottwalt +Date: Mon, 28 Sep 2020 11:17:40 +0200 +Subject: [PATCH] net: usb: ax88179_178a: add MCT usb 3.0 adapter +Git-commit: c92a79829c7c169139874aa1d4bf6da32d10c38a +References: git-fixes +Patch-mainline: v5.9 + +Adds the driver_info and usb ids of the AX88179 based MCT U3-A9003 USB +3.0 ethernet adapter. + +Signed-off-by: Wilken Gottwalt +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index 8f1798b95a02..5541f3faedbc 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -1842,6 +1842,19 @@ static const struct driver_info toshiba_info = { + .tx_fixup = ax88179_tx_fixup, + }; + ++static const struct driver_info mct_info = { ++ .description = "MCT USB 3.0 Gigabit Ethernet Adapter", ++ .bind = ax88179_bind, ++ .unbind = ax88179_unbind, ++ .status = ax88179_status, ++ .link_reset = ax88179_link_reset, ++ .reset = ax88179_reset, ++ .stop = ax88179_stop, ++ .flags = FLAG_ETHER | FLAG_FRAMING_AX, ++ .rx_fixup = ax88179_rx_fixup, ++ .tx_fixup = ax88179_tx_fixup, ++}; ++ + static const struct usb_device_id products[] = { + { + /* ASIX AX88179 10/100/1000 */ +@@ -1879,6 +1892,10 @@ static const struct usb_device_id products[] = { + /* Toshiba USB 3.0 GBit Ethernet Adapter */ + USB_DEVICE(0x0930, 0x0a13), + .driver_info = (unsigned long)&toshiba_info, ++}, { ++ /* Magic Control Technology U3-A9003 USB 3.0 Gigabit Ethernet Adapter */ ++ USB_DEVICE(0x0711, 0x0179), ++ .driver_info = (unsigned long)&mct_info, + }, + { }, + }; +-- +2.35.3 + diff --git a/patches.suse/net-usb-ax88179_178a-add-Toshiba-usb-3.0-adapter.patch b/patches.suse/net-usb-ax88179_178a-add-Toshiba-usb-3.0-adapter.patch new file mode 100644 index 0000000..f3d33a7 --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-add-Toshiba-usb-3.0-adapter.patch @@ -0,0 +1,56 @@ +From e42d72fea91f8f2e82b65808739ca04b7a8cd7a8 Mon Sep 17 00:00:00 2001 +From: Wilken Gottwalt +Date: Fri, 25 Sep 2020 15:58:57 +0200 +Subject: [PATCH] net: usb: ax88179_178a: add Toshiba usb 3.0 adapter +Git-commit: e42d72fea91f8f2e82b65808739ca04b7a8cd7a8 +References: git-fixes +Patch-mainline: v5.9 + +Adds the driver_info and usb ids of the AX88179 based Toshiba USB 3.0 +ethernet adapter. + +Signed-off-by: Wilken Gottwalt +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index a38e868e44d4..125f7bf57590 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -1828,6 +1828,19 @@ static const struct driver_info belkin_info = { + .tx_fixup = ax88179_tx_fixup, + }; + ++static const struct driver_info toshiba_info = { ++ .description = "Toshiba USB Ethernet Adapter", ++ .bind = ax88179_bind, ++ .unbind = ax88179_unbind, ++ .status = ax88179_status, ++ .link_reset = ax88179_link_reset, ++ .reset = ax88179_reset, ++ .stop = ax88179_stop, ++ .flags = FLAG_ETHER | FLAG_FRAMING_AX, ++ .rx_fixup = ax88179_rx_fixup, ++ .tx_fixup = ax88179_tx_fixup, ++}; ++ + static const struct usb_device_id products[] = { + { + /* ASIX AX88179 10/100/1000 */ +@@ -1861,6 +1874,10 @@ static const struct usb_device_id products[] = { + /* Belkin B2B128 USB 3.0 Hub + Gigabit Ethernet Adapter */ + USB_DEVICE(0x050d, 0x0128), + .driver_info = (unsigned long)&belkin_info, ++}, { ++ /* Toshiba USB 3.0 GBit Ethernet Adapter */ ++ USB_DEVICE(0x0930, 0x0a13), ++ .driver_info = (unsigned long)&toshiba_info, + }, + { }, + }; +-- +2.35.3 + diff --git a/patches.suse/net-usb-ax88179_178a-remove-redundant-assignment-to-.patch b/patches.suse/net-usb-ax88179_178a-remove-redundant-assignment-to-.patch new file mode 100644 index 0000000..f630844 --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-remove-redundant-assignment-to-.patch @@ -0,0 +1,37 @@ +From d728e6402c0023a46b8595e1736695517fd94a7a Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Sat, 9 May 2020 22:41:11 +0100 +Subject: [PATCH] net: usb: ax88179_178a: remove redundant assignment to + variable ret +Git-commit: d728e6402c0023a46b8595e1736695517fd94a7a +References: git-fixes +Patch-mainline: v5.8-rc1 + +The variable ret is being initializeed with a value that is never read +and it is being updated later with a new value. The initialization +is redundant and can be removed. + +Addresses-Coverity: ("Unused value") +Signed-off-by: Colin Ian King +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/usb/ax88179_178a.c b/drivers/net/usb/ax88179_178a.c +index b05bb11a02cb..950711448f39 100644 +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -860,7 +860,7 @@ static int ax88179_set_eee(struct net_device *net, struct ethtool_eee *edata) + { + struct usbnet *dev = netdev_priv(net); + struct ax88179_data *priv = (struct ax88179_data *)dev->data; +- int ret = -EOPNOTSUPP; ++ int ret; + + priv->eee_enabled = edata->eee_enabled; + if (!priv->eee_enabled) { +-- +2.35.3 + diff --git a/patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch b/patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch new file mode 100644 index 0000000..24fb49b --- /dev/null +++ b/patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch @@ -0,0 +1,41 @@ +From 1635520aefc1056604ad60d042a64f43898c7108 Mon Sep 17 00:00:00 2001 +From: Peter Fink +Date: Thu, 10 Oct 2019 15:00:22 +0200 +Subject: [PATCH] net: usb: ax88179_178a: write mac to hardware in get_mac_addr +Git-commit: 1635520aefc1056604ad60d042a64f43898c7108 +References: git-fixes +Patch-mainline: v5.5-rc1 + +When the MAC address is supplied via device tree or a random +MAC is generated it has to be written to the asix chip in +order to receive any data. + +Previously in 9fb137aef34e ("net: usb: ax88179_178a: allow +optionally getting mac address from device tree") this line was +omitted because it seemed to work perfectly fine without it. + +But it was simply not detected because the chip keeps the mac +stored even beyond a reset and it was tested on a hardware +with an integrated UPS where the asix chip was permanently +powered on even throughout power cycles. + +Fixes: 9fb137aef34e ("net: usb: ax88179_178a: allow optionally getting mac address from device tree") +Signed-off-by: Peter Fink +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/ax88179_178a.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -347,6 +347,9 @@ static void ax88179_status(struct usbnet + usbnet_link_change(dev, link, 1); + netdev_info(dev->net, "ax88179 - Link status is: %d\n", link); + } ++ ++ ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN, ETH_ALEN, ++ dev->net->dev_addr); + } + + static int ax88179_mdio_read(struct net_device *netdev, int phy_id, int loc) diff --git a/patches.suse/net-usb-qmi_wwan-add-Telit-0x1060-composition.patch b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1060-composition.patch new file mode 100644 index 0000000..8b6d183 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1060-composition.patch @@ -0,0 +1,29 @@ +From 8d17a33b076d24aa4861f336a125c888fb918605 Mon Sep 17 00:00:00 2001 +From: Carlo Lobrano +Date: Fri, 3 Sep 2021 14:09:53 +0200 +Subject: [PATCH] net: usb: qmi_wwan: add Telit 0x1060 composition +Git-commit: 8d17a33b076d24aa4861f336a125c888fb918605 +References: git-fixes +Patch-mainline: v5.15-rc1 + +This patch adds support for Telit LN920 0x1060 composition + +0x1060: tty, adb, rmnet, tty, tty, tty, tty + +Signed-off-by: Carlo Lobrano +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1311,6 +1311,7 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x2357, 0x9000, 4)}, /* TP-LINK MA260 */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ ++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1060, 2)}, /* Telit LN920 */ + {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ + {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */ + {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ diff --git a/patches.suse/net-usb-qmi_wwan-add-Telit-0x1070-composition.patch b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1070-composition.patch new file mode 100644 index 0000000..80aea53 --- /dev/null +++ b/patches.suse/net-usb-qmi_wwan-add-Telit-0x1070-composition.patch @@ -0,0 +1,34 @@ +From 94f2a444f28a649926c410eb9a38afb13a83ebe0 Mon Sep 17 00:00:00 2001 +From: Daniele Palmas +Date: Fri, 10 Dec 2021 10:57:22 +0100 +Subject: [PATCH] net: usb: qmi_wwan: add Telit 0x1070 composition +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 94f2a444f28a649926c410eb9a38afb13a83ebe0 +References: git-fixes +Patch-mainline: v5.16-rc6 + +Add the following Telit FN990 composition: + +0x1070: tty, adb, rmnet, tty, tty, tty, tty + +Signed-off-by: Daniele Palmas +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/20211210095722.22269-1-dnlplm@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/qmi_wwan.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1312,6 +1312,7 @@ static const struct usb_device_id produc + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1031, 3)}, /* Telit LE910C1-EUX */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1040, 2)}, /* Telit LE922A */ + {QMI_QUIRK_SET_DTR(0x1bc7, 0x1060, 2)}, /* Telit LN920 */ ++ {QMI_QUIRK_SET_DTR(0x1bc7, 0x1070, 2)}, /* Telit FN990 */ + {QMI_FIXED_INTF(0x1bc7, 0x1100, 3)}, /* Telit ME910 */ + {QMI_FIXED_INTF(0x1bc7, 0x1101, 3)}, /* Telit ME910 dual modem */ + {QMI_FIXED_INTF(0x1bc7, 0x1200, 5)}, /* Telit LE920 */ diff --git a/patches.suse/net-usb-use-eth_hw_addr_set.patch b/patches.suse/net-usb-use-eth_hw_addr_set.patch new file mode 100644 index 0000000..80bf0ac --- /dev/null +++ b/patches.suse/net-usb-use-eth_hw_addr_set.patch @@ -0,0 +1,123 @@ +From 1681371762335221b02cb9266ac1a8b05c16fdef Mon Sep 17 00:00:00 2001 +From: Jakub Kicinski +Date: Fri, 1 Oct 2021 14:32:21 -0700 +Subject: [PATCH] net: usb: use eth_hw_addr_set() +Git-commit: 1681371762335221b02cb9266ac1a8b05c16fdef +References: git-fixes +Patch-mainline: v5.16-rc1 + +Commit 406f42fa0d3c ("net-next: When a bond have a massive amount +of VLANs...") introduced a rbtree for faster Ethernet address look +up. To maintain netdev->dev_addr in this tree we need to make all +the writes to it got through appropriate helpers. + +Convert usb drivers from memcpy(... ETH_ADDR) to eth_hw_addr_set(): + + @@ + expression dev, np; + @@ + - memcpy(dev->dev_addr, np, ETH_ALEN) + + eth_hw_addr_set(dev, np) + +Signed-off-by: Jakub Kicinski +Signed-off-by: David S. Miller +Signed-off-by: Oliver Neukum +--- + drivers/net/usb/asix_common.c | 2 +- + drivers/net/usb/asix_devices.c | 2 +- + drivers/net/usb/ax88172a.c | 2 +- + drivers/net/usb/ax88179_178a.c | 2 +- + drivers/net/usb/dm9601.c | 2 +- + drivers/net/usb/ipheth.c | 2 +- + drivers/net/usb/kalmia.c | 2 +- + drivers/net/usb/sr9800.c | 2 +- + 8 files changed, 8 insertions(+), 8 deletions(-) + +--- a/drivers/net/usb/asix_common.c ++++ b/drivers/net/usb/asix_common.c +@@ -740,7 +740,7 @@ int asix_set_mac_address(struct net_devi + if (!is_valid_ether_addr(addr->sa_data)) + return -EADDRNOTAVAIL; + +- memcpy(net->dev_addr, addr->sa_data, ETH_ALEN); ++ eth_hw_addr_set(net, addr->sa_data); + + /* We use the 20 byte dev->data + * for our 6 byte mac buffer +--- a/drivers/net/usb/asix_devices.c ++++ b/drivers/net/usb/asix_devices.c +@@ -59,7 +59,7 @@ static void asix_status(struct usbnet *d + static void asix_set_netdev_dev_addr(struct usbnet *dev, u8 *addr) + { + if (is_valid_ether_addr(addr)) { +- memcpy(dev->net->dev_addr, addr, ETH_ALEN); ++ eth_hw_addr_set(dev->net, addr); + } else { + netdev_info(dev->net, "invalid hw address, using random\n"); + eth_hw_addr_random(dev->net); +--- a/drivers/net/usb/ax88172a.c ++++ b/drivers/net/usb/ax88172a.c +@@ -201,7 +201,7 @@ static int ax88172a_bind(struct usbnet * + ret = -EIO; + goto free; + } +- memcpy(dev->net->dev_addr, buf, ETH_ALEN); ++ eth_hw_addr_set(dev->net, buf); + + dev->net->netdev_ops = &ax88172a_netdev_ops; + dev->net->ethtool_ops = &ax88172a_ethtool_ops; +--- a/drivers/net/usb/ax88179_178a.c ++++ b/drivers/net/usb/ax88179_178a.c +@@ -941,7 +941,7 @@ static int ax88179_set_mac_addr(struct n + if (!is_valid_ether_addr(addr->sa_data)) + return -EADDRNOTAVAIL; + +- memcpy(net->dev_addr, addr->sa_data, ETH_ALEN); ++ eth_hw_addr_set(net, addr->sa_data); + + /* Set the MAC address */ + ret = ax88179_write_cmd(dev, AX_ACCESS_MAC, AX_NODE_ID, ETH_ALEN, +--- a/drivers/net/usb/dm9601.c ++++ b/drivers/net/usb/dm9601.c +@@ -391,7 +391,7 @@ static int dm9601_bind(struct usbnet *de + * Overwrite the auto-generated address only with good ones. + */ + if (is_valid_ether_addr(mac)) +- memcpy(dev->net->dev_addr, mac, ETH_ALEN); ++ eth_hw_addr_set(dev->net, mac); + else { + printk(KERN_WARNING + "dm9601: No valid MAC address in EEPROM, using %pM\n", +--- a/drivers/net/usb/ipheth.c ++++ b/drivers/net/usb/ipheth.c +@@ -303,7 +303,7 @@ static int ipheth_get_macaddr(struct iph + __func__, retval); + retval = -EINVAL; + } else { +- memcpy(net->dev_addr, dev->ctrl_buf, ETH_ALEN); ++ eth_hw_addr_set(net, dev->ctrl_buf); + retval = 0; + } + +--- a/drivers/net/usb/kalmia.c ++++ b/drivers/net/usb/kalmia.c +@@ -149,7 +149,7 @@ kalmia_bind(struct usbnet *dev, struct u + if (status) + return status; + +- memcpy(dev->net->dev_addr, ethernet_addr, ETH_ALEN); ++ eth_hw_addr_set(dev->net, ethernet_addr); + + return status; + } +--- a/drivers/net/usb/sr9800.c ++++ b/drivers/net/usb/sr9800.c +@@ -503,7 +503,7 @@ static int sr_set_mac_address(struct net + if (!is_valid_ether_addr(addr->sa_data)) + return -EADDRNOTAVAIL; + +- memcpy(net->dev_addr, addr->sa_data, ETH_ALEN); ++ eth_hw_addr_set(net, addr->sa_data); + + /* We use the 20 byte dev->data + * for our 6 byte mac buffer diff --git a/patches.suse/net-xdp-Introduce-__xdp_build_skb_from_frame-utility.patch b/patches.suse/net-xdp-Introduce-__xdp_build_skb_from_frame-utility.patch new file mode 100644 index 0000000..754474e --- /dev/null +++ b/patches.suse/net-xdp-Introduce-__xdp_build_skb_from_frame-utility.patch @@ -0,0 +1,150 @@ +From: Lorenzo Bianconi +Date: Tue, 12 Jan 2021 19:26:12 +0100 +Patch-mainline: v5.12-rc1 +Subject: net, xdp: Introduce __xdp_build_skb_from_frame utility routine +Git-commit: 97a0e1ea7b41c2db762c1258632f6ccc22719510 +References: bsc#1199364 + +Introduce __xdp_build_skb_from_frame utility routine to build +the skb from xdp_frame. Rely on __xdp_build_skb_from_frame in +cpumap code. + +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Daniel Borkmann +Acked-by: Jesper Dangaard Brouer +Link: https://lore.kernel.org/bpf/4f9f4c6b3dd3933770c617eb6689dbc0c6e25863.1610475660.git.lorenzo@kernel.org +Signed-off-by: Alexei Starovoitov +Acked-by: Olaf Hering +--- + include/net/xdp.h | 3 +++ + kernel/bpf/cpumap.c | 46 ++------------------------------------------- + net/core/xdp.c | 44 +++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 49 insertions(+), 44 deletions(-) + +diff --git a/include/net/xdp.h b/include/net/xdp.h +--- a/include/net/xdp.h ++++ b/include/net/xdp.h +@@ -164,6 +164,9 @@ void xdp_warn(const char *msg, const char *func, const int line); + #define XDP_WARN(msg) xdp_warn(msg, __func__, __LINE__) + + struct xdp_frame *xdp_convert_zc_to_xdp_frame(struct xdp_buff *xdp); ++struct sk_buff *__xdp_build_skb_from_frame(struct xdp_frame *xdpf, ++ struct sk_buff *skb, ++ struct net_device *dev); + + static inline + void xdp_convert_frame_to_buff(struct xdp_frame *frame, struct xdp_buff *xdp) +diff --git a/kernel/bpf/cpumap.c b/kernel/bpf/cpumap.c +--- a/kernel/bpf/cpumap.c ++++ b/kernel/bpf/cpumap.c +@@ -141,49 +141,6 @@ static void cpu_map_kthread_stop(struct work_struct *work) + kthread_stop(rcpu->kthread); + } + +-static struct sk_buff *cpu_map_build_skb(struct xdp_frame *xdpf, +- struct sk_buff *skb) +-{ +- unsigned int hard_start_headroom; +- unsigned int frame_size; +- void *pkt_data_start; +- +- /* Part of headroom was reserved to xdpf */ +- hard_start_headroom = sizeof(struct xdp_frame) + xdpf->headroom; +- +- /* Memory size backing xdp_frame data already have reserved +- * room for build_skb to place skb_shared_info in tailroom. +- */ +- frame_size = xdpf->frame_sz; +- +- pkt_data_start = xdpf->data - hard_start_headroom; +- skb = build_skb_around(skb, pkt_data_start, frame_size); +- if (unlikely(!skb)) +- return NULL; +- +- skb_reserve(skb, hard_start_headroom); +- __skb_put(skb, xdpf->len); +- if (xdpf->metasize) +- skb_metadata_set(skb, xdpf->metasize); +- +- /* Essential SKB info: protocol and skb->dev */ +- skb->protocol = eth_type_trans(skb, xdpf->dev_rx); +- +- /* Optional SKB info, currently missing: +- * - HW checksum info (skb->ip_summed) +- * - HW RX hash (skb_set_hash) +- * - RX ring dev queue index (skb_record_rx_queue) +- */ +- +- /* Until page_pool get SKB return path, release DMA here */ +- xdp_release_frame(xdpf); +- +- /* Allow SKB to reuse area used by xdp_frame */ +- xdp_scrub_frame(xdpf); +- +- return skb; +-} +- + static void __cpu_map_ring_cleanup(struct ptr_ring *ring) + { + /* The tear-down procedure should have made sure that queue is +@@ -350,7 +307,8 @@ static int cpu_map_kthread_run(void *data) + struct sk_buff *skb = skbs[i]; + int ret; + +- skb = cpu_map_build_skb(xdpf, skb); ++ skb = __xdp_build_skb_from_frame(xdpf, skb, ++ xdpf->dev_rx); + if (!skb) { + xdp_return_frame(xdpf); + continue; +diff --git a/net/core/xdp.c b/net/core/xdp.c +--- a/net/core/xdp.c ++++ b/net/core/xdp.c +@@ -513,3 +513,47 @@ void xdp_warn(const char *msg, const char *func, const int line) + WARN(1, "XDP_WARN: %s(line:%d): %s\n", func, line, msg); + }; + EXPORT_SYMBOL_GPL(xdp_warn); ++ ++struct sk_buff *__xdp_build_skb_from_frame(struct xdp_frame *xdpf, ++ struct sk_buff *skb, ++ struct net_device *dev) ++{ ++ unsigned int headroom, frame_size; ++ void *hard_start; ++ ++ /* Part of headroom was reserved to xdpf */ ++ headroom = sizeof(*xdpf) + xdpf->headroom; ++ ++ /* Memory size backing xdp_frame data already have reserved ++ * room for build_skb to place skb_shared_info in tailroom. ++ */ ++ frame_size = xdpf->frame_sz; ++ ++ hard_start = xdpf->data - headroom; ++ skb = build_skb_around(skb, hard_start, frame_size); ++ if (unlikely(!skb)) ++ return NULL; ++ ++ skb_reserve(skb, headroom); ++ __skb_put(skb, xdpf->len); ++ if (xdpf->metasize) ++ skb_metadata_set(skb, xdpf->metasize); ++ ++ /* Essential SKB info: protocol and skb->dev */ ++ skb->protocol = eth_type_trans(skb, dev); ++ ++ /* Optional SKB info, currently missing: ++ * - HW checksum info (skb->ip_summed) ++ * - HW RX hash (skb_set_hash) ++ * - RX ring dev queue index (skb_record_rx_queue) ++ */ ++ ++ /* Until page_pool get SKB return path, release DMA here */ ++ xdp_release_frame(xdpf); ++ ++ /* Allow SKB to reuse area used by xdp_frame */ ++ xdp_scrub_frame(xdpf); ++ ++ return skb; ++} ++EXPORT_SYMBOL_GPL(__xdp_build_skb_from_frame); diff --git a/patches.suse/net-xdp-Introduce-xdp_build_skb_from_frame-utility-r.patch b/patches.suse/net-xdp-Introduce-xdp_build_skb_from_frame-utility-r.patch new file mode 100644 index 0000000..7af107f --- /dev/null +++ b/patches.suse/net-xdp-Introduce-xdp_build_skb_from_frame-utility-r.patch @@ -0,0 +1,61 @@ +From: Lorenzo Bianconi +Date: Tue, 12 Jan 2021 19:26:13 +0100 +Patch-mainline: v5.12-rc1 +Subject: net, xdp: Introduce xdp_build_skb_from_frame utility routine +Git-commit: 89f479f0eccfc879e7bc0a69f44ed4a4639dfc32 +References: bsc#1199364 + +Introduce xdp_build_skb_from_frame utility routine to build the skb +from xdp_frame. Respect to __xdp_build_skb_from_frame, +xdp_build_skb_from_frame will allocate the skb object. Rely on +xdp_build_skb_from_frame in veth driver. +Introduce missing xdp metadata support in veth_xdp_rcv_one routine. +Add missing metadata support in veth_xdp_rcv_one(). + +Signed-off-by: Lorenzo Bianconi +Signed-off-by: Daniel Borkmann +Reviewed-by: Toshiaki Makita +Acked-by: Jesper Dangaard Brouer +Link: https://lore.kernel.org/bpf/94ade9e853162ae1947941965193190da97457bc.1610475660.git.lorenzo@kernel.org +Signed-off-by: Alexei Starovoitov +Acked-by: Olaf Hering +--- + drivers/net/veth.c | 18 +++--------------- + include/net/xdp.h | 2 ++ + net/core/xdp.c | 15 +++++++++++++++ + 3 files changed, 20 insertions(+), 15 deletions(-) + +diff --git a/include/net/xdp.h b/include/net/xdp.h +--- a/include/net/xdp.h ++++ b/include/net/xdp.h +@@ -167,6 +167,8 @@ struct xdp_frame *xdp_convert_zc_to_xdp_frame(struct xdp_buff *xdp); + struct sk_buff *__xdp_build_skb_from_frame(struct xdp_frame *xdpf, + struct sk_buff *skb, + struct net_device *dev); ++struct sk_buff *xdp_build_skb_from_frame(struct xdp_frame *xdpf, ++ struct net_device *dev); + + static inline + void xdp_convert_frame_to_buff(struct xdp_frame *frame, struct xdp_buff *xdp) +diff --git a/net/core/xdp.c b/net/core/xdp.c +--- a/net/core/xdp.c ++++ b/net/core/xdp.c +@@ -557,3 +557,18 @@ struct sk_buff *__xdp_build_skb_from_frame(struct xdp_frame *xdpf, + return skb; + } + EXPORT_SYMBOL_GPL(__xdp_build_skb_from_frame); ++ ++struct sk_buff *xdp_build_skb_from_frame(struct xdp_frame *xdpf, ++ struct net_device *dev) ++{ ++ struct sk_buff *skb; ++ ++ skb = kmem_cache_alloc(skbuff_head_cache, GFP_ATOMIC); ++ if (unlikely(!skb)) ++ return NULL; ++ ++ memset(skb, 0, offsetof(struct sk_buff, tail)); ++ ++ return __xdp_build_skb_from_frame(xdpf, skb, dev); ++} ++EXPORT_SYMBOL_GPL(xdp_build_skb_from_frame); diff --git a/patches.suse/netfilter-nf_queue-do-not-allow-packet-truncation-be.patch b/patches.suse/netfilter-nf_queue-do-not-allow-packet-truncation-be.patch new file mode 100644 index 0000000..83564ed --- /dev/null +++ b/patches.suse/netfilter-nf_queue-do-not-allow-packet-truncation-be.patch @@ -0,0 +1,52 @@ +From 775f928976af5c52a955aa654ce9e6e16428a951 Mon Sep 17 00:00:00 2001 +From: Florian Westphal +Date: Tue, 26 Jul 2022 12:42:06 +0200 +Subject: [PATCH] netfilter: nf_queue: do not allow packet truncation below + transport header offset +Git-commit: 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 +Patch-mainline: v5.19-rc8 +References: bsc#1201940 CVE-2022-36946 + +Domingo Dirutigliano and Nicola Guerrera report kernel panic when +sending nf_queue verdict with 1-byte nfta_payload attribute. + +The IP/IPv6 stack pulls the IP(v6) header from the packet after the +input hook. + +If user truncates the packet below the header size, this skb_pull() will +result in a malformed skb (skb->len < 0). + +Fixes: 7af4cc3fa158 ("[NETFILTER]: Add "nfnetlink_queue" netfilter queue handler over nfnetlink") +Reported-by: Domingo Dirutigliano +Signed-off-by: Florian Westphal +Reviewed-by: Pablo Neira Ayuso +Signed-off-by: Denis Kirjanov +--- + net/netfilter/nfnetlink_queue.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c +index 1b17a1b445a3..ec0efb709f3b 100644 +--- a/net/netfilter/nfnetlink_queue.c ++++ b/net/netfilter/nfnetlink_queue.c +@@ -801,11 +801,16 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum) + } + + static int +-nfqnl_mangle(void *data, int data_len, struct nf_queue_entry *e, int diff) ++nfqnl_mangle(void *data, unsigned int data_len, struct nf_queue_entry *e, int diff) + { + struct sk_buff *nskb; + + if (diff < 0) { ++ unsigned int min_len = skb_transport_offset(e->skb); ++ ++ if (data_len < min_len) ++ return -EINVAL; ++ + if (pskb_trim(e->skb, data_len)) + return -ENOMEM; + } else if (diff > 0) { +-- +2.16.4 + diff --git a/patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch b/patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch index 493a141..282cbc9 100644 --- a/patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch +++ b/patches.suse/netfilter-nf_tables-disallow-non-stateful-expression.patch @@ -3,7 +3,7 @@ Date: Wed, 25 May 2022 10:36:38 +0200 Subject: netfilter: nf_tables: disallow non-stateful expression in sets earlier Patch-mainline: v5.19-rc1 Git-commit: 520778042ccca019f3ffa136dd0ca565c486cedd -References: CVE-2022-1966 bsc#1200015 +References: CVE-2022-1966 CVE-2022-32250 bsc#1200015 Since 3e135cd499bf ("netfilter: nft_dynset: dynamic stateful expression instantiation"), it is possible to attach stateful expressions to set diff --git a/patches.suse/nvme-consider-also-host_iface-when-checking-ip-options.patch b/patches.suse/nvme-consider-also-host_iface-when-checking-ip-options.patch new file mode 100644 index 0000000..c33d7b2 --- /dev/null +++ b/patches.suse/nvme-consider-also-host_iface-when-checking-ip-options.patch @@ -0,0 +1,65 @@ +From: Daniel Wagner +Date: Fri, 22 Jul 2022 12:03:35 +0200 +Subject: [PATCH] nvme: consider also host_iface when checking ip options +Patch-mainline: Submitted, https://lore.kernel.org/linux-nvme/20220729142630.13504-1-dwagner@suse.de/ +References: bsc#1199670 + +It's perfectly fine to use the same traddr and trsvcid more than once +as long we use different host interface. This is used in setups where +the host has more than one interface but the target exposes only one +traddr/trsvcid combination. + +Use the same acceptance rules for host_iface as we have for +host_traddr. + +Signed-off-by: Daniel Wagner +--- + drivers/nvme/host/fabrics.c | 23 ++++++++++++++++++----- + 1 file changed, 18 insertions(+), 5 deletions(-) + +diff --git a/drivers/nvme/host/fabrics.c b/drivers/nvme/host/fabrics.c +index 5207a2348257..2d948bcc31e0 100644 +--- a/drivers/nvme/host/fabrics.c ++++ b/drivers/nvme/host/fabrics.c +@@ -965,13 +965,17 @@ bool nvmf_ip_options_match(struct nvme_ctrl *ctrl, + return false; + + /* +- * Checking the local address is rough. In most cases, none is specified +- * and the host port is selected by the stack. ++ * Checking the local address or host interfaces is rough. ++ * ++ * In most cases, none is specified and the host port or ++ * host interface is selected by the stack. + * + * Assume no match if: +- * - local address is specified and address is not the same +- * - local address is not specified but remote is, or vice versa +- * (admin using specific host_traddr when it matters). ++ * - local address or host interface is specified and address ++ * or host interface is not the same ++ * - local address or host interface is not specified but ++ * remote is, or vice versa (admin using specific ++ * host_traddr/host_iface when it matters). + */ + if ((opts->mask & NVMF_OPT_HOST_TRADDR) && + (ctrl->opts->mask & NVMF_OPT_HOST_TRADDR)) { +@@ -982,6 +986,15 @@ bool nvmf_ip_options_match(struct nvme_ctrl *ctrl, + return false; + } + ++ if ((opts->mask & NVMF_OPT_HOST_IFACE) && ++ (ctrl->opts->mask & NVMF_OPT_HOST_IFACE)) { ++ if (strcmp(opts->host_iface, ctrl->opts->host_iface)) ++ return false; ++ } else if ((opts->mask & NVMF_OPT_HOST_IFACE) || ++ (ctrl->opts->mask & NVMF_OPT_HOST_IFACE)) { ++ return false; ++ } ++ + return true; + } + EXPORT_SYMBOL_GPL(nvmf_ip_options_match); +-- +2.37.1 + diff --git a/patches.suse/octeontx2-af-fix-infinite-loop-in-unmapping-NPC-coun.patch b/patches.suse/octeontx2-af-fix-infinite-loop-in-unmapping-NPC-coun.patch new file mode 100644 index 0000000..a8fcd67 --- /dev/null +++ b/patches.suse/octeontx2-af-fix-infinite-loop-in-unmapping-NPC-coun.patch @@ -0,0 +1,46 @@ +From 0bc44a9bea88ea28175f787e8443a7501396e884 Mon Sep 17 00:00:00 2001 +From: Hariprasad Kelam +Date: Thu, 18 Mar 2021 19:45:48 +0530 +Subject: [PATCH 6/7] octeontx2-af: fix infinite loop in unmapping NPC counter +Git-commit: 64451b98306bf1334a62bcd020ec92bdb4cb68db +Patch-mainline: v5.12-rc5 +References: git-fixes + +unmapping npc counter works in a way by traversing all mcam +entries to find which mcam rule is associated with counter. +But loop cursor variable 'entry' is not incremented before +checking next mcam entry which resulting in infinite loop. + +This in turn hogs the kworker thread forever and no other +mbox message is processed by AF driver after that. +Fix this by updating entry value before checking next +mcam entry. + +Fixes: a958dd59f9ce ("octeontx2-af: Map or unmap NPC MCAM entry and counter") +Signed-off-by: Hariprasad Kelam +Signed-off-by: Sunil Kovvuri Goutham +Signed-off-by: David S. Miller +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c +index 15f70273e29c..d82a519a0cd9 100644 +--- a/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c ++++ b/drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c +@@ -1967,10 +1967,10 @@ int rvu_mbox_handler_npc_mcam_free_counter(struct rvu *rvu, + index = find_next_bit(mcam->bmap, mcam->bmap_entries, entry); + if (index >= mcam->bmap_entries) + break; ++ entry = index + 1; + if (mcam->entry2cntr_map[index] != req->cntr) + continue; + +- entry = index + 1; + npc_unmap_mcam_entry_and_cntr(rvu, mcam, blkaddr, + index, req->cntr); + } +-- +2.16.4 + diff --git a/patches.suse/octeontx2-af-fix-memory-leak-of-lmac-and-lmac-name.patch b/patches.suse/octeontx2-af-fix-memory-leak-of-lmac-and-lmac-name.patch new file mode 100644 index 0000000..9716ac0 --- /dev/null +++ b/patches.suse/octeontx2-af-fix-memory-leak-of-lmac-and-lmac-name.patch @@ -0,0 +1,64 @@ +From 86a64818a06a2307fab5813b1555405d78c8b728 Mon Sep 17 00:00:00 2001 +From: Colin Ian King +Date: Thu, 7 Jan 2021 12:39:16 +0000 +Subject: [PATCH 4/5] octeontx2-af: fix memory leak of lmac and lmac->name +Git-commit: ac7996d680d8b4a51bb99bbdcee3dc838b985498 +Patch-mainline: v5.11-rc3 +References: git-fixes + +Currently the error return paths don't kfree lmac and lmac->name +leading to some memory leaks. Fix this by adding two error return +paths that kfree these objects + +Addresses-Coverity: ("Resource leak") +Fixes: 1463f382f58d ("octeontx2-af: Add support for CGX link management") +Signed-off-by: Colin Ian King +Link: https://lore.kernel.org/r/20210107123916.189748-1-colin.king@canonical.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Denis Kirjanov +--- + drivers/net/ethernet/marvell/octeontx2/af/cgx.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c +index 6d55e3d0b7ea..54e9f6dc24ea 100644 +--- a/drivers/net/ethernet/marvell/octeontx2/af/cgx.c ++++ b/drivers/net/ethernet/marvell/octeontx2/af/cgx.c +@@ -725,8 +725,10 @@ static int cgx_lmac_init(struct cgx *cgx) + if (!lmac) + return -ENOMEM; + lmac->name = kcalloc(1, sizeof("cgx_fwi_xxx_yyy"), GFP_KERNEL); +- if (!lmac->name) +- return -ENOMEM; ++ if (!lmac->name) { ++ err = -ENOMEM; ++ goto err_lmac_free; ++ } + sprintf(lmac->name, "cgx_fwi_%d_%d", cgx->cgx_id, i); + lmac->lmac_id = i; + lmac->cgx = cgx; +@@ -737,7 +739,7 @@ static int cgx_lmac_init(struct cgx *cgx) + CGX_LMAC_FWI + i * 9), + cgx_fwi_event_handler, 0, lmac->name, lmac); + if (err) +- return err; ++ goto err_irq; + + /* Enable interrupt */ + cgx_write(cgx, lmac->lmac_id, CGXX_CMRX_INT_ENA_W1S, +@@ -748,6 +750,12 @@ static int cgx_lmac_init(struct cgx *cgx) + } + + return cgx_lmac_verify_fwi_version(cgx); ++ ++err_irq: ++ kfree(lmac->name); ++err_lmac_free: ++ kfree(lmac); ++ return err; + } + + static int cgx_lmac_exit(struct cgx *cgx) +-- +2.16.4 + diff --git a/patches.suse/openvswitch-fix-OOB-access-in-reserve_sfa_size.patch b/patches.suse/openvswitch-fix-OOB-access-in-reserve_sfa_size.patch new file mode 100644 index 0000000..10182bd --- /dev/null +++ b/patches.suse/openvswitch-fix-OOB-access-in-reserve_sfa_size.patch @@ -0,0 +1,88 @@ +From cefa91b2332d7009bc0be5d951d6cbbf349f90f8 Mon Sep 17 00:00:00 2001 +From: Paolo Valerio +Date: Fri, 15 Apr 2022 10:08:41 +0200 +Subject: [PATCH] openvswitch: fix OOB access in reserve_sfa_size() +Git-commit: cefa91b2332d7009bc0be5d951d6cbbf349f90f8 +Patch-mainline: v5.18-rc4 +References: CVE-2022-2639 bsc#1202154 + +Given a sufficiently large number of actions, while copying and +reserving memory for a new action of a new flow, if next_offset is +greater than MAX_ACTIONS_BUFSIZE, the function reserve_sfa_size() does +not return -EMSGSIZE as expected, but it allocates MAX_ACTIONS_BUFSIZE +bytes increasing actions_len by req_size. This can then lead to an OOB +write access, especially when further actions need to be copied. + +Fix it by rearranging the flow action size check. + +KASAN splat below: + +================================================================== +Bug: KASAN: slab-out-of-bounds in reserve_sfa_size+0x1ba/0x380 [openvswitch] +Write of size 65360 at addr ffff888147e4001c by task handler15/836 + +Cpu: 1 PID: 836 Comm: handler15 Not tainted 5.18.0-rc1+ #27 +... +Call Trace: + + dump_stack_lvl+0x45/0x5a + print_report.cold+0x5e/0x5db + ? __lock_text_start+0x8/0x8 + ? reserve_sfa_size+0x1ba/0x380 [openvswitch] + kasan_report+0xb5/0x130 + ? reserve_sfa_size+0x1ba/0x380 [openvswitch] + kasan_check_range+0xf5/0x1d0 + memcpy+0x39/0x60 + reserve_sfa_size+0x1ba/0x380 [openvswitch] + __add_action+0x24/0x120 [openvswitch] + ovs_nla_add_action+0xe/0x20 [openvswitch] + ovs_ct_copy_action+0x29d/0x1130 [openvswitch] + ? __kernel_text_address+0xe/0x30 + ? unwind_get_return_address+0x56/0xa0 + ? create_prof_cpu_mask+0x20/0x20 + ? ovs_ct_verify+0xf0/0xf0 [openvswitch] + ? prep_compound_page+0x198/0x2a0 + ? __kasan_check_byte+0x10/0x40 + ? kasan_unpoison+0x40/0x70 + ? ksize+0x44/0x60 + ? reserve_sfa_size+0x75/0x380 [openvswitch] + __ovs_nla_copy_actions+0xc26/0x2070 [openvswitch] + ? __zone_watermark_ok+0x420/0x420 + ? validate_set.constprop.0+0xc90/0xc90 [openvswitch] + ? __alloc_pages+0x1a9/0x3e0 + ? __alloc_pages_slowpath.constprop.0+0x1da0/0x1da0 + ? unwind_next_frame+0x991/0x1e40 + ? __mod_node_page_state+0x99/0x120 + ? __mod_lruvec_page_state+0x2e3/0x470 + ? __kasan_kmalloc_large+0x90/0xe0 + ovs_nla_copy_actions+0x1b4/0x2c0 [openvswitch] + ovs_flow_cmd_new+0x3cd/0xb10 [openvswitch] + ... + +Cc: stable@vger.kernel.org +Fixes: f28cd2af22a0 ("openvswitch: fix flow actions reallocation") +Signed-off-by: Paolo Valerio +Acked-by: Eelco Chaudron +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + net/openvswitch/flow_netlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/openvswitch/flow_netlink.c b/net/openvswitch/flow_netlink.c +index 7176156d3844..4c09cf8a0ab2 100644 +--- a/net/openvswitch/flow_netlink.c ++++ b/net/openvswitch/flow_netlink.c +@@ -2465,7 +2465,7 @@ static struct nlattr *reserve_sfa_size(struct sw_flow_actions **sfa, + new_acts_size = max(next_offset + req_size, ksize(*sfa) * 2); + + if (new_acts_size > MAX_ACTIONS_BUFSIZE) { +- if ((MAX_ACTIONS_BUFSIZE - next_offset) < req_size) { ++ if ((next_offset + req_size) > MAX_ACTIONS_BUFSIZE) { + OVS_NLERR(log, "Flow action size exceeds max %u", + MAX_ACTIONS_BUFSIZE); + return ERR_PTR(-EMSGSIZE); +-- +2.35.3 + diff --git a/patches.suse/pinctrl-sunxi-a83t-Fix-NAND-function-name-for-some-p.patch b/patches.suse/pinctrl-sunxi-a83t-Fix-NAND-function-name-for-some-p.patch new file mode 100644 index 0000000..50a5921 --- /dev/null +++ b/patches.suse/pinctrl-sunxi-a83t-Fix-NAND-function-name-for-some-p.patch @@ -0,0 +1,61 @@ +From aaefa29270d9551b604165a08406543efa9d16f5 Mon Sep 17 00:00:00 2001 +From: Samuel Holland +Date: Wed, 25 May 2022 21:49:56 -0500 +Subject: [PATCH] pinctrl: sunxi: a83t: Fix NAND function name for some pins +Git-commit: aaefa29270d9551b604165a08406543efa9d16f5 +Patch-mainline: v5.19-rc6 +References: git-fixes + +The other NAND pins on Port C use the "nand0" function name. +"nand0" also matches all of the other Allwinner SoCs. + +Fixes: 4730f33f0d82 ("pinctrl: sunxi: add allwinner A83T PIO controller support") +Signed-off-by: Samuel Holland +Acked-by: Jernej Skrabec +Link: https://lore.kernel.org/r/20220526024956.49500-1-samuel@sholland.org +Signed-off-by: Linus Walleij +Acked-by: Takashi Iwai + +--- + drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c b/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c +index 4ada80317a3b..b5c1a8f363f3 100644 +--- a/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c ++++ b/drivers/pinctrl/sunxi/pinctrl-sun8i-a83t.c +@@ -158,26 +158,26 @@ static const struct sunxi_desc_pin sun8i_a83t_pins[] = { + SUNXI_PIN(SUNXI_PINCTRL_PIN(C, 14), + SUNXI_FUNCTION(0x0, "gpio_in"), + SUNXI_FUNCTION(0x1, "gpio_out"), +- SUNXI_FUNCTION(0x2, "nand"), /* DQ6 */ ++ SUNXI_FUNCTION(0x2, "nand0"), /* DQ6 */ + SUNXI_FUNCTION(0x3, "mmc2")), /* D6 */ + SUNXI_PIN(SUNXI_PINCTRL_PIN(C, 15), + SUNXI_FUNCTION(0x0, "gpio_in"), + SUNXI_FUNCTION(0x1, "gpio_out"), +- SUNXI_FUNCTION(0x2, "nand"), /* DQ7 */ ++ SUNXI_FUNCTION(0x2, "nand0"), /* DQ7 */ + SUNXI_FUNCTION(0x3, "mmc2")), /* D7 */ + SUNXI_PIN(SUNXI_PINCTRL_PIN(C, 16), + SUNXI_FUNCTION(0x0, "gpio_in"), + SUNXI_FUNCTION(0x1, "gpio_out"), +- SUNXI_FUNCTION(0x2, "nand"), /* DQS */ ++ SUNXI_FUNCTION(0x2, "nand0"), /* DQS */ + SUNXI_FUNCTION(0x3, "mmc2")), /* RST */ + SUNXI_PIN(SUNXI_PINCTRL_PIN(C, 17), + SUNXI_FUNCTION(0x0, "gpio_in"), + SUNXI_FUNCTION(0x1, "gpio_out"), +- SUNXI_FUNCTION(0x2, "nand")), /* CE2 */ ++ SUNXI_FUNCTION(0x2, "nand0")), /* CE2 */ + SUNXI_PIN(SUNXI_PINCTRL_PIN(C, 18), + SUNXI_FUNCTION(0x0, "gpio_in"), + SUNXI_FUNCTION(0x1, "gpio_out"), +- SUNXI_FUNCTION(0x2, "nand")), /* CE3 */ ++ SUNXI_FUNCTION(0x2, "nand0")), /* CE3 */ + /* Hole */ + SUNXI_PIN(SUNXI_PINCTRL_PIN(D, 2), + SUNXI_FUNCTION(0x0, "gpio_in"), +-- +2.35.3 + diff --git a/patches.suse/pinctrl-sunxi-sunxi_pconf_set-use-correct-offset.patch b/patches.suse/pinctrl-sunxi-sunxi_pconf_set-use-correct-offset.patch new file mode 100644 index 0000000..edba9ce --- /dev/null +++ b/patches.suse/pinctrl-sunxi-sunxi_pconf_set-use-correct-offset.patch @@ -0,0 +1,40 @@ +From cd4c1e65a32afd003b08ad4aafe1e4d3e4e8e61b Mon Sep 17 00:00:00 2001 +From: Andrei Lalaev +Date: Wed, 25 May 2022 22:04:25 +0300 +Subject: [PATCH] pinctrl: sunxi: sunxi_pconf_set: use correct offset +Git-commit: cd4c1e65a32afd003b08ad4aafe1e4d3e4e8e61b +Patch-mainline: v5.19-rc6 +References: git-fixes + +Some Allwinner SoCs have 2 pinctrls (PIO and R_PIO). +Previous implementation used absolute pin numbering and it was incorrect +for R_PIO pinctrl. +It's necessary to take into account the base pin number. + +Fixes: 90be64e27621 ("pinctrl: sunxi: implement pin_config_set") +Signed-off-by: Andrei Lalaev +Reviewed-by: Samuel Holland +Link: https://lore.kernel.org/r/20220525190423.410609-1-andrey.lalaev@gmail.com +Signed-off-by: Linus Walleij +Acked-by: Takashi Iwai + +--- + drivers/pinctrl/sunxi/pinctrl-sunxi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/pinctrl/sunxi/pinctrl-sunxi.c b/drivers/pinctrl/sunxi/pinctrl-sunxi.c +index d9327d7d56ee..dd928402af99 100644 +--- a/drivers/pinctrl/sunxi/pinctrl-sunxi.c ++++ b/drivers/pinctrl/sunxi/pinctrl-sunxi.c +@@ -544,6 +544,8 @@ static int sunxi_pconf_set(struct pinctrl_dev *pctldev, unsigned pin, + struct sunxi_pinctrl *pctl = pinctrl_dev_get_drvdata(pctldev); + int i; + ++ pin -= pctl->desc->pin_base; ++ + for (i = 0; i < num_configs; i++) { + enum pin_config_param param; + unsigned long flags; +-- +2.35.3 + diff --git a/patches.suse/platform-olpc-Fix-uninitialized-data-in-debugfs-writ.patch b/patches.suse/platform-olpc-Fix-uninitialized-data-in-debugfs-writ.patch new file mode 100644 index 0000000..50cb3e2 --- /dev/null +++ b/patches.suse/platform-olpc-Fix-uninitialized-data-in-debugfs-writ.patch @@ -0,0 +1,50 @@ +From 40ec787e1adf302c11668d4cc69838f4d584187d Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Wed, 20 Jul 2022 21:23:38 +0300 +Subject: [PATCH] platform/olpc: Fix uninitialized data in debugfs write +Git-commit: 40ec787e1adf302c11668d4cc69838f4d584187d +Patch-mainline: v6.0-rc1 +References: git-fixes + +The call to: + + size = simple_write_to_buffer(cmdbuf, sizeof(cmdbuf), ppos, buf, size); + +will succeed if at least one byte is written to the "cmdbuf" buffer. +The "*ppos" value controls which byte is written. Another problem is +that this code does not check for errors so it's possible for the entire +buffer to be uninitialized. + +Inintialize the struct to zero to prevent reading uninitialized stack +data. + +Debugfs is normally only writable by root so the impact of this bug is +very minimal. + +Fixes: 6cca83d498bd ("Platform: OLPC: move debugfs support from x86 EC driver") +Signed-off-by: Dan Carpenter +Link: https://lore.kernel.org/r/YthIKn+TfZSZMEcM@kili +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Acked-by: Takashi Iwai + +--- + drivers/platform/olpc/olpc-ec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/platform/olpc/olpc-ec.c b/drivers/platform/olpc/olpc-ec.c +index 4ff5c3a12991..921520475ff6 100644 +--- a/drivers/platform/olpc/olpc-ec.c ++++ b/drivers/platform/olpc/olpc-ec.c +@@ -264,7 +264,7 @@ static ssize_t ec_dbgfs_cmd_write(struct file *file, const char __user *buf, + int i, m; + unsigned char ec_cmd[EC_MAX_CMD_ARGS]; + unsigned int ec_cmd_int[EC_MAX_CMD_ARGS]; +- char cmdbuf[64]; ++ char cmdbuf[64] = ""; + int ec_cmd_bytes; + + mutex_lock(&ec_dbgfs_lock); +-- +2.35.3 + diff --git a/patches.suse/platform-x86-hp-wmi-Ignore-Sanitization-Mode-event.patch b/patches.suse/platform-x86-hp-wmi-Ignore-Sanitization-Mode-event.patch new file mode 100644 index 0000000..46ac118 --- /dev/null +++ b/patches.suse/platform-x86-hp-wmi-Ignore-Sanitization-Mode-event.patch @@ -0,0 +1,44 @@ +From 9ab762a84b8094540c18a170e5ddd6488632c456 Mon Sep 17 00:00:00 2001 +From: Kai-Heng Feng +Date: Tue, 28 Jun 2022 20:37:26 +0800 +Subject: [PATCH] platform/x86: hp-wmi: Ignore Sanitization Mode event +Git-commit: 9ab762a84b8094540c18a170e5ddd6488632c456 +Patch-mainline: v5.19-rc5 +References: git-fixes + +After system resume the hp-wmi driver may complain: +[ 702.620180] hp_wmi: Unknown event_id - 23 - 0x0 + +According to HP it means 'Sanitization Mode' and it's harmless to just +ignore the event. + +Cc: Jorge Lopez +Signed-off-by: Kai-Heng Feng +Link: https://lore.kernel.org/r/20220628123726.250062-1-kai.heng.feng@canonical.com +Reviewed-by: Hans de Goede +Signed-off-by: Hans de Goede +Acked-by: Takashi Iwai + +--- + drivers/platform/x86/hp-wmi.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/platform/x86/hp-wmi.c ++++ b/drivers/platform/x86/hp-wmi.c +@@ -62,6 +62,7 @@ enum hp_wmi_event_ids { + HPWMI_BACKLIT_KB_BRIGHTNESS = 0x0D, + HPWMI_PEAKSHIFT_PERIOD = 0x0F, + HPWMI_BATTERY_CHARGE_PERIOD = 0x10, ++ HPWMI_SANITIZATION_MODE = 0x17, + }; + + struct bios_args { +@@ -618,6 +619,8 @@ static void hp_wmi_notify(u32 value, voi + break; + case HPWMI_BATTERY_CHARGE_PERIOD: + break; ++ case HPWMI_SANITIZATION_MODE: ++ break; + default: + pr_info("Unknown event_id - %d - 0x%x\n", event_id, event_data); + break; diff --git a/patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch b/patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch new file mode 100644 index 0000000..5dd11c1 --- /dev/null +++ b/patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch @@ -0,0 +1,37 @@ +From 80192eff64eee9b3bc0594a47381937b94b9d65a Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Mon, 23 May 2022 18:10:09 +0400 +Subject: [PATCH] power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe +Git-commit: 80192eff64eee9b3bc0594a47381937b94b9d65a +Patch-mainline: v5.19-rc7 +References: git-fixes + +of_find_matching_node_and_match() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 0e545f57b708 ("power: reset: driver for the Versatile syscon reboot") +Signed-off-by: Miaoqian Lin +Reviewed-by: Linus Walleij +Signed-off-by: Sebastian Reichel +Acked-by: Takashi Iwai + +--- + drivers/power/reset/arm-versatile-reboot.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/power/reset/arm-versatile-reboot.c b/drivers/power/reset/arm-versatile-reboot.c +index 08d0a07b58ef..c7624d7611a7 100644 +--- a/drivers/power/reset/arm-versatile-reboot.c ++++ b/drivers/power/reset/arm-versatile-reboot.c +@@ -146,6 +146,7 @@ static int __init versatile_reboot_probe(void) + versatile_reboot_type = (enum versatile_reboot)reboot_id->data; + + syscon_regmap = syscon_node_to_regmap(np); ++ of_node_put(np); + if (IS_ERR(syscon_regmap)) + return PTR_ERR(syscon_regmap); + +-- +2.35.3 + diff --git a/patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch b/patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch new file mode 100644 index 0000000..daf01b3 --- /dev/null +++ b/patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch @@ -0,0 +1,98 @@ +From 882c0d1704cf61df13f01933269202d51e74b9f3 Mon Sep 17 00:00:00 2001 +From: Laurent Dufour +Date: Wed, 13 Jul 2022 17:47:26 +0200 +Subject: [PATCH] powerpc/mobility: wait for memory transfer to complete + +References: bsc#1201846 ltc#198761 +Patch-mainline: v5.20-rc1 +Git-commit: 882c0d1704cf61df13f01933269202d51e74b9f3 + +In pseries_migration_partition(), loop until the memory transfer is +complete. This way the calling drmgr process will not exit earlier, +allowing callbacks to be run only once the migration is fully completed. + +If reading the VASI state is done after the hypervisor has completed the +migration, the HCALL is returning H_PARAMETER. We can safely assume that +the memory transfer is achieved if this happens. + +This will also allow to manage the NMI watchdog state in the next commits. + +Signed-off-by: Laurent Dufour +Reviewed-by: Nathan Lynch +Reviewed-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220713154729.80789-2-ldufour@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/platforms/pseries/mobility.c | 48 ++++++++++++++++++++++- + 1 file changed, 46 insertions(+), 2 deletions(-) + +diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -427,6 +427,43 @@ static int wait_for_vasi_session_suspending(u64 handle) + return ret; + } + ++static void wait_for_vasi_session_completed(u64 handle) ++{ ++ unsigned long state = 0; ++ int ret; ++ ++ pr_info("waiting for memory transfer to complete...\n"); ++ ++ /* ++ * Wait for transition from H_VASI_RESUMED to H_VASI_COMPLETED. ++ */ ++ while (true) { ++ ret = poll_vasi_state(handle, &state); ++ ++ /* ++ * If the memory transfer is already complete and the migration ++ * has been cleaned up by the hypervisor, H_PARAMETER is return, ++ * which is translate in EINVAL by poll_vasi_state(). ++ */ ++ if (ret == -EINVAL || (!ret && state == H_VASI_COMPLETED)) { ++ pr_info("memory transfer completed.\n"); ++ break; ++ } ++ ++ if (ret) { ++ pr_err("H_VASI_STATE return error (%d)\n", ret); ++ break; ++ } ++ ++ if (state != H_VASI_RESUMED) { ++ pr_err("unexpected H_VASI_STATE result %lu\n", state); ++ break; ++ } ++ ++ msleep(500); ++ } ++} ++ + static void prod_single(unsigned int target_cpu) + { + long hvrc; +@@ -673,9 +710,16 @@ static int pseries_migrate_partition(u64 handle) + return ret; + + ret = pseries_suspend(handle); +- if (ret == 0) ++ if (ret == 0) { + post_mobility_fixup(); +- else ++ /* ++ * Wait until the memory transfer is complete, so that the user ++ * space process returns from the syscall after the transfer is ++ * complete. This allows the user hooks to be executed at the ++ * right time. ++ */ ++ wait_for_vasi_session_completed(handle); ++ } else + pseries_cancel_migration(handle, ret); + + return ret; +-- +2.35.3 + diff --git a/patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch b/patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch new file mode 100644 index 0000000..6953440 --- /dev/null +++ b/patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch @@ -0,0 +1,139 @@ +From 8d41c4b246dba1ed47c4eff1cb72f41cde6aba63 Mon Sep 17 00:00:00 2001 +From: Laurent Dufour +Date: Wed, 13 Jul 2022 17:47:29 +0200 +Subject: [PATCH] powerpc/pseries/mobility: set NMI watchdog factor during an + LPM + +References: bsc#1201846 ltc#198761 +Patch-mainline: v5.20-rc1 +Git-commit: 118b1366930c8c833b8b36abef657f40d4e26610 + +During an LPM, while the memory transfer is in progress on the arrival +side, some latencies are generated when accessing not yet transferred +pages on the arrival side. Thus, the NMI watchdog may be triggered too +frequently, which increases the risk to hit an NMI interrupt in a bad +place in the kernel, leading to a kernel panic. + +Disabling the Hard Lockup Watchdog until the memory transfer could be a +too strong work around, some users would want this timeout to be +eventually triggered if the system is hanging even during an LPM. + +Introduce a new sysctl variable nmi_watchdog_factor. It allows to apply +a factor to the NMI watchdog timeout during an LPM. Just before the CPUs +are stopped for the switchover sequence, the NMI watchdog timer is set +to watchdog_thresh + factor% + +A value of 0 has no effect. The default value is 200, meaning that the +NMI watchdog is set to 30s during LPM (based on a 10s watchdog_thresh +value). Once the memory transfer is achieved, the factor is reset to 0. + +Setting this value to a high number is like disabling the NMI watchdog +during an LPM. + +Signed-off-by: Laurent Dufour +Reviewed-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220713154729.80789-5-ldufour@linux.ibm.com +Acked-by: Michal Suchanek +--- + Documentation/admin-guide/sysctl/kernel.rst | 12 ++++++ + arch/powerpc/platforms/pseries/mobility.c | 43 +++++++++++++++++++++ + 2 files changed, 55 insertions(+) + +diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst +--- a/Documentation/admin-guide/sysctl/kernel.rst ++++ b/Documentation/admin-guide/sysctl/kernel.rst +@@ -592,6 +592,18 @@ to the guest kernel command line (see + to the guest kernel command line (see Documentation/admin-guide/kernel-parameters.rst). + + ++nmi_wd_lpm_factor (PPC only) ++============================ ++ ++Factor to apply to the NMI watchdog timeout (only when ``nmi_watchdog`` is ++set to 1). This factor represents the percentage added to ++``watchdog_thresh`` when calculating the NMI watchdog timeout during an ++LPM. The soft lockup timeout is not impacted. ++ ++A value of 0 means no change. The default value is 200 meaning the NMI ++watchdog is set to 30s (based on ``watchdog_thresh`` equal to 10). ++ ++ + numa_balancing: + =============== + +diff --git a/arch/powerpc/platforms/pseries/mobility.c b/arch/powerpc/platforms/pseries/mobility.c +--- a/arch/powerpc/platforms/pseries/mobility.c ++++ b/arch/powerpc/platforms/pseries/mobility.c +@@ -48,6 +48,39 @@ struct update_props_workarea { + #define MIGRATION_SCOPE (1) + #define PRRN_SCOPE -2 + ++#ifdef CONFIG_PPC_WATCHDOG ++static unsigned int nmi_wd_lpm_factor = 200; ++ ++#ifdef CONFIG_SYSCTL ++static struct ctl_table nmi_wd_lpm_factor_ctl_table[] = { ++ { ++ .procname = "nmi_wd_lpm_factor", ++ .data = &nmi_wd_lpm_factor, ++ .maxlen = sizeof(int), ++ .mode = 0644, ++ .proc_handler = proc_douintvec_minmax, ++ }, ++ {} ++}; ++static struct ctl_table nmi_wd_lpm_factor_sysctl_root[] = { ++ { ++ .procname = "kernel", ++ .mode = 0555, ++ .child = nmi_wd_lpm_factor_ctl_table, ++ }, ++ {} ++}; ++ ++static int __init register_nmi_wd_lpm_factor_sysctl(void) ++{ ++ register_sysctl_table(nmi_wd_lpm_factor_sysctl_root); ++ ++ return 0; ++} ++device_initcall(register_nmi_wd_lpm_factor_sysctl); ++#endif /* CONFIG_SYSCTL */ ++#endif /* CONFIG_PPC_WATCHDOG */ ++ + static int mobility_rtas_call(int token, char *buf, s32 scope) + { + int rc; +@@ -702,11 +735,18 @@ static int pseries_suspend(u64 handle) + static int pseries_migrate_partition(u64 handle) + { + int ret; ++ unsigned int factor = 0; + ++#ifdef CONFIG_PPC_WATCHDOG ++ factor = nmi_wd_lpm_factor; ++#endif + ret = wait_for_vasi_session_suspending(handle); + if (ret) + return ret; + ++ if (factor) ++ watchdog_nmi_set_timeout_pct(factor); ++ + ret = pseries_suspend(handle); + if (ret == 0) { + post_mobility_fixup(); +@@ -722,6 +762,9 @@ static int pseries_migrate_partition(u64 handle) + } else + pseries_cancel_migration(handle, ret); + ++ if (factor) ++ watchdog_nmi_set_timeout_pct(0); ++ + return ret; + } + +-- +2.35.3 + diff --git a/patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch b/patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch new file mode 100644 index 0000000..c7e49c7 --- /dev/null +++ b/patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch @@ -0,0 +1,88 @@ +From 5375d121198e13f80731574f697d2d15ad1888ec Mon Sep 17 00:00:00 2001 +From: Laurent Dufour +Date: Wed, 13 Jul 2022 17:47:28 +0200 +Subject: [PATCH] powerpc/watchdog: introduce a NMI watchdog's factor + +References: bsc#1201846 ltc#198761 +Patch-mainline: v5.20-rc1 +Git-commit: f5e74e836097d1004077390717d4bd95d4a2c27a + +Introduce a factor which would apply to the NMI watchdog timeout. + +This factor is a percentage added to the watchdog_tresh value. The value is +set under the watchdog_mutex protection and lockup_detector_reconfigure() +is called to recompute wd_panic_timeout_tb. + +Once the factor is set, it remains until it is set back to 0, which means +no impact. + +Signed-off-by: Laurent Dufour +Reviewed-by: Nicholas Piggin +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220713154729.80789-4-ldufour@linux.ibm.com +Acked-by: Michal Suchanek +--- + arch/powerpc/include/asm/nmi.h | 2 ++ + arch/powerpc/kernel/watchdog.c | 21 ++++++++++++++++++++- + 2 files changed, 22 insertions(+), 1 deletion(-) + +diff --git a/arch/powerpc/include/asm/nmi.h b/arch/powerpc/include/asm/nmi.h +--- a/arch/powerpc/include/asm/nmi.h ++++ b/arch/powerpc/include/asm/nmi.h +@@ -5,8 +5,10 @@ + + #ifdef CONFIG_PPC_WATCHDOG + extern void arch_touch_nmi_watchdog(void); ++void watchdog_nmi_set_timeout_pct(u64 pct); + #else + static inline void arch_touch_nmi_watchdog(void) {} ++static inline void watchdog_nmi_set_timeout_pct(u64 pct) {} + #endif + + #if defined(CONFIG_NMI_IPI) && defined(CONFIG_STACKTRACE) +diff --git a/arch/powerpc/kernel/watchdog.c b/arch/powerpc/kernel/watchdog.c +index dd882d00845d..dbcc4a793f0b 100644 +--- a/arch/powerpc/kernel/watchdog.c ++++ b/arch/powerpc/kernel/watchdog.c +@@ -91,6 +91,10 @@ static cpumask_t wd_smp_cpus_pending; + static cpumask_t wd_smp_cpus_stuck; + static u64 wd_smp_last_reset_tb; + ++#ifdef CONFIG_PPC_PSERIES ++static u64 wd_timeout_pct; ++#endif ++ + /* + * Try to take the exclusive watchdog action / NMI IPI / printing lock. + * wd_smp_lock must be held. If this fails, we should return and wait +@@ -527,7 +531,13 @@ static int stop_watchdog_on_cpu(unsigned int cpu) + + static void watchdog_calc_timeouts(void) + { +- wd_panic_timeout_tb = watchdog_thresh * ppc_tb_freq; ++ u64 threshold = watchdog_thresh; ++ ++#ifdef CONFIG_PPC_PSERIES ++ threshold += (READ_ONCE(wd_timeout_pct) * threshold) / 100; ++#endif ++ ++ wd_panic_timeout_tb = threshold * ppc_tb_freq; + + /* Have the SMP detector trigger a bit later */ + wd_smp_panic_timeout_tb = wd_panic_timeout_tb * 3 / 2; +@@ -570,3 +580,12 @@ int __init watchdog_nmi_probe(void) + } + return 0; + } ++ ++#ifdef CONFIG_PPC_PSERIES ++void watchdog_nmi_set_timeout_pct(u64 pct) ++{ ++ pr_info("Set the NMI watchdog timeout factor to %llu%%\n", pct); ++ WRITE_ONCE(wd_timeout_pct, pct); ++ lockup_detector_reconfigure(); ++} ++#endif +-- +2.35.3 + diff --git a/patches.suse/profiling-fix-shift-out-of-bounds-bugs.patch b/patches.suse/profiling-fix-shift-out-of-bounds-bugs.patch new file mode 100644 index 0000000..f88589c --- /dev/null +++ b/patches.suse/profiling-fix-shift-out-of-bounds-bugs.patch @@ -0,0 +1,100 @@ +From 188bc0efdc021979d12d0011f370a324ba06bbf6 Mon Sep 17 00:00:00 2001 +From: Pavel Skripkin +Date: Tue, 7 Sep 2021 19:58:21 -0700 +Subject: [PATCH] profiling: fix shift-out-of-bounds bugs + +References: git fixes +Patch-mainline: v5.15-rc1 +Git-commit: 2d186afd04d669fe9c48b994c41a7405a3c9f16d + +Syzbot reported shift-out-of-bounds bug in profile_init(). +The problem was in incorrect prof_shift. Since prof_shift value comes from +userspace we need to clamp this value into [0, BITS_PER_LONG -1] +boundaries. + +Second possible shiht-out-of-bounds was found by Tetsuo: +sample_step local variable in read_profile() had "unsigned int" type, +but prof_shift allows to make a BITS_PER_LONG shift. So, to prevent +possible shiht-out-of-bounds sample_step type was changed to +"unsigned long". + +Also, "unsigned short int" will be sufficient for storing +[0, BITS_PER_LONG] value, that's why there is no need for +"unsigned long" prof_shift. + +Link: https://lkml.kernel.org/r/20210813140022.5011-1-paskripkin@gmail.com +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reported-and-tested-by: syzbot+e68c89a9510c159d9684@syzkaller.appspotmail.com +Suggested-by: Tetsuo Handa +Signed-off-by: Pavel Skripkin +Cc: Thomas Gleixner +Cc: Steven Rostedt +Signed-off-by: Andrew Morton +Signed-off-by: Linus Torvalds +Signed-off-by: Mel Gorman +--- + kernel/profile.c | 21 +++++++++++---------- + 1 file changed, 11 insertions(+), 10 deletions(-) + +diff --git a/kernel/profile.c b/kernel/profile.c +index af7c94bf5fa1..e97e42aaf202 100644 +--- a/kernel/profile.c ++++ b/kernel/profile.c +@@ -41,7 +41,8 @@ struct profile_hit { + #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ) + + static atomic_t *prof_buffer; +-static unsigned long prof_len, prof_shift; ++static unsigned long prof_len; ++static unsigned short int prof_shift; + + int prof_on __read_mostly; + EXPORT_SYMBOL_GPL(prof_on); +@@ -67,8 +68,8 @@ int profile_setup(char *str) + if (str[strlen(sleepstr)] == ',') + str += strlen(sleepstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel sleep profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel sleep profiling enabled (shift: %u)\n", + prof_shift); + #else + pr_warn("kernel sleep profiling requires CONFIG_SCHEDSTATS\n"); +@@ -78,21 +79,21 @@ int profile_setup(char *str) + if (str[strlen(schedstr)] == ',') + str += strlen(schedstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel schedule profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel schedule profiling enabled (shift: %u)\n", + prof_shift); + } else if (!strncmp(str, kvmstr, strlen(kvmstr))) { + prof_on = KVM_PROFILING; + if (str[strlen(kvmstr)] == ',') + str += strlen(kvmstr) + 1; + if (get_option(&str, &par)) +- prof_shift = par; +- pr_info("kernel KVM profiling enabled (shift: %ld)\n", ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); ++ pr_info("kernel KVM profiling enabled (shift: %u)\n", + prof_shift); + } else if (get_option(&str, &par)) { +- prof_shift = par; ++ prof_shift = clamp(par, 0, BITS_PER_LONG - 1); + prof_on = CPU_PROFILING; +- pr_info("kernel profiling enabled (shift: %ld)\n", ++ pr_info("kernel profiling enabled (shift: %u)\n", + prof_shift); + } + return 1; +@@ -468,7 +469,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) + unsigned long p = *ppos; + ssize_t read; + char *pnt; +- unsigned int sample_step = 1 << prof_shift; ++ unsigned long sample_step = 1UL << prof_shift; + + profile_flip_buffers(); + if (p >= (prof_len+1)*sizeof(unsigned int)) diff --git a/patches.suse/pty-do-tty_flip_buffer_push-without-port-lock-in-pty.patch b/patches.suse/pty-do-tty_flip_buffer_push-without-port-lock-in-pty.patch new file mode 100644 index 0000000..4754d8d --- /dev/null +++ b/patches.suse/pty-do-tty_flip_buffer_push-without-port-lock-in-pty.patch @@ -0,0 +1,133 @@ +From: Artem Savkov +Date: Wed, 2 Sep 2020 14:00:45 +0200 +Subject: pty: do tty_flip_buffer_push without port->lock in pty_write +Git-commit: 71a174b39f10b4b93223d374722aa894b5d8a82e +Patch-mainline: 5.10-rc1 +References: bsc#1198829 CVE-2022-1462 + +b6da31b2c07c "tty: Fix data race in tty_insert_flip_string_fixed_flag" +puts tty_flip_buffer_push under port->lock introducing the following +possible circular locking dependency: + +[30129.876566] ====================================================== +[30129.876566] WARNING: possible circular locking dependency detected +[30129.876567] 5.9.0-rc2+ #3 Tainted: G S W +[30129.876568] ------------------------------------------------------ +[30129.876568] sysrq.sh/1222 is trying to acquire lock: +[30129.876569] ffffffff92c39480 (console_owner){....}-{0:0}, at: console_unlock+0x3fe/0xa90 + +[30129.876572] but task is already holding lock: +[30129.876572] ffff888107cb9018 (&pool->lock/1){-.-.}-{2:2}, at: show_workqueue_state.cold.55+0x15b/0x6ca + +[30129.876576] which lock already depends on the new lock. + +[30129.876577] the existing dependency chain (in reverse order) is: + +[30129.876578] -> #3 (&pool->lock/1){-.-.}-{2:2}: +[30129.876581] _raw_spin_lock+0x30/0x70 +[30129.876581] __queue_work+0x1a3/0x10f0 +[30129.876582] queue_work_on+0x78/0x80 +[30129.876582] pty_write+0x165/0x1e0 +[30129.876583] n_tty_write+0x47f/0xf00 +[30129.876583] tty_write+0x3d6/0x8d0 +[30129.876584] vfs_write+0x1a8/0x650 + +[30129.876588] -> #2 (&port->lock#2){-.-.}-{2:2}: +[30129.876590] _raw_spin_lock_irqsave+0x3b/0x80 +[30129.876591] tty_port_tty_get+0x1d/0xb0 +[30129.876592] tty_port_default_wakeup+0xb/0x30 +[30129.876592] serial8250_tx_chars+0x3d6/0x970 +[30129.876593] serial8250_handle_irq.part.12+0x216/0x380 +[30129.876593] serial8250_default_handle_irq+0x82/0xe0 +[30129.876594] serial8250_interrupt+0xdd/0x1b0 +[30129.876595] __handle_irq_event_percpu+0xfc/0x850 + +[30129.876602] -> #1 (&port->lock){-.-.}-{2:2}: +[30129.876605] _raw_spin_lock_irqsave+0x3b/0x80 +[30129.876605] serial8250_console_write+0x12d/0x900 +[30129.876606] console_unlock+0x679/0xa90 +[30129.876606] register_console+0x371/0x6e0 +[30129.876607] univ8250_console_init+0x24/0x27 +[30129.876607] console_init+0x2f9/0x45e + +[30129.876609] -> #0 (console_owner){....}-{0:0}: +[30129.876611] __lock_acquire+0x2f70/0x4e90 +[30129.876612] lock_acquire+0x1ac/0xad0 +[30129.876612] console_unlock+0x460/0xa90 +[30129.876613] vprintk_emit+0x130/0x420 +[30129.876613] printk+0x9f/0xc5 +[30129.876614] show_pwq+0x154/0x618 +[30129.876615] show_workqueue_state.cold.55+0x193/0x6ca +[30129.876615] __handle_sysrq+0x244/0x460 +[30129.876616] write_sysrq_trigger+0x48/0x4a +[30129.876616] proc_reg_write+0x1a6/0x240 +[30129.876617] vfs_write+0x1a8/0x650 + +[30129.876619] other info that might help us debug this: + +[30129.876620] Chain exists of: +[30129.876621] console_owner --> &port->lock#2 --> &pool->lock/1 + +[30129.876625] Possible unsafe locking scenario: + +[30129.876626] CPU0 CPU1 +[30129.876626] ---- ---- +[30129.876627] lock(&pool->lock/1); +[30129.876628] lock(&port->lock#2); +[30129.876630] lock(&pool->lock/1); +[30129.876631] lock(console_owner); + +[30129.876633] *** DEADLOCK *** + +[30129.876634] 5 locks held by sysrq.sh/1222: +[30129.876634] #0: ffff8881d3ce0470 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x359/0x650 +[30129.876637] #1: ffffffff92c612c0 (rcu_read_lock){....}-{1:2}, at: __handle_sysrq+0x4d/0x460 +[30129.876640] #2: ffffffff92c612c0 (rcu_read_lock){....}-{1:2}, at: show_workqueue_state+0x5/0xf0 +[30129.876642] #3: ffff888107cb9018 (&pool->lock/1){-.-.}-{2:2}, at: show_workqueue_state.cold.55+0x15b/0x6ca +[30129.876645] #4: ffffffff92c39980 (console_lock){+.+.}-{0:0}, at: vprintk_emit+0x123/0x420 + +[30129.876648] stack backtrace: +[30129.876649] CPU: 3 PID: 1222 Comm: sysrq.sh Tainted: G S W 5.9.0-rc2+ #3 +[30129.876649] Hardware name: Intel Corporation 2012 Client Platform/Emerald Lake 2, BIOS ACRVMBY1.86C.0078.P00.1201161002 01/16/2012 +[30129.876650] Call Trace: +[30129.876650] dump_stack+0x9d/0xe0 +[30129.876651] check_noncircular+0x34f/0x410 +[30129.876653] __lock_acquire+0x2f70/0x4e90 +[30129.876656] lock_acquire+0x1ac/0xad0 +[30129.876658] console_unlock+0x460/0xa90 +[30129.876660] vprintk_emit+0x130/0x420 +[30129.876660] printk+0x9f/0xc5 +[30129.876661] show_pwq+0x154/0x618 +[30129.876662] show_workqueue_state.cold.55+0x193/0x6ca +[30129.876664] __handle_sysrq+0x244/0x460 +[30129.876665] write_sysrq_trigger+0x48/0x4a +[30129.876665] proc_reg_write+0x1a6/0x240 +[30129.876666] vfs_write+0x1a8/0x650 + +It looks like the commit was aimed to protect tty_insert_flip_string and +there is no need for tty_flip_buffer_push to be under this lock. + +Fixes: b6da31b2c07c ("tty: Fix data race in tty_insert_flip_string_fixed_flag") +Signed-off-by: Artem Savkov +Acked-by: Jiri Slaby +Link: https://lore.kernel.org/r/20200902120045.3693075-1-asavkov@redhat.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Jiri Slaby +--- + drivers/tty/pty.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/tty/pty.c ++++ b/drivers/tty/pty.c +@@ -120,10 +120,10 @@ static int pty_write(struct tty_struct * + spin_lock_irqsave(&to->port->lock, flags); + /* Stuff the data into the input queue of the other end */ + c = tty_insert_flip_string(to->port, buf, c); ++ spin_unlock_irqrestore(&to->port->lock, flags); + /* And shovel */ + if (c) + tty_flip_buffer_push(to->port); +- spin_unlock_irqrestore(&to->port->lock, flags); + } + return c; + } diff --git a/patches.suse/r8169-fix-accessing-unset-transport-header.patch b/patches.suse/r8169-fix-accessing-unset-transport-header.patch new file mode 100644 index 0000000..25a08c0 --- /dev/null +++ b/patches.suse/r8169-fix-accessing-unset-transport-header.patch @@ -0,0 +1,89 @@ +From faa4e04e5e140a6d02260289a8fba8fd8d7a3003 Mon Sep 17 00:00:00 2001 +From: Heiner Kallweit +Date: Tue, 5 Jul 2022 21:15:22 +0200 +Subject: [PATCH] r8169: fix accessing unset transport header +Git-commit: faa4e04e5e140a6d02260289a8fba8fd8d7a3003 +Patch-mainline: v5.19-rc6 +References: git-fixes + +66e4c8d95008 ("net: warn if transport header was not set") added +a check that triggers a warning in r8169, see [0]. + +The commit referenced in the Fixes tag refers to the change from +which the patch applies cleanly, there's nothing wrong with this +commit. It seems the actual issue (not bug, because the warning +is harmless here) was introduced with bdfa4ed68187 +("r8169: use Giant Send"). + +[0] https://bugzilla.kernel.org/show_bug.cgi?id=216157 + +Fixes: 8d520b4de3ed ("r8169: work around RTL8125 UDP hw bug") +Reported-by: Erhard F. +Tested-by: Erhard F. +Signed-off-by: Heiner Kallweit +Link: https://lore.kernel.org/r/1b2c2b29-3dc0-f7b6-5694-97ec526d51a0@gmail.com +Signed-off-by: Jakub Kicinski +Acked-by: Takashi Iwai + +--- + drivers/net/ethernet/realtek/r8169_main.c | 10 ++++------ + 1 file changed, 4 insertions(+), 6 deletions(-) + +diff --git a/drivers/net/ethernet/realtek/r8169_main.c b/drivers/net/ethernet/realtek/r8169_main.c +index 3098d6672192..1b7fdb4f056b 100644 +--- a/drivers/net/ethernet/realtek/r8169_main.c ++++ b/drivers/net/ethernet/realtek/r8169_main.c +@@ -4190,7 +4190,6 @@ static void rtl8169_tso_csum_v1(struct sk_buff *skb, u32 *opts) + static bool rtl8169_tso_csum_v2(struct rtl8169_private *tp, + struct sk_buff *skb, u32 *opts) + { +- u32 transport_offset = (u32)skb_transport_offset(skb); + struct skb_shared_info *shinfo = skb_shinfo(skb); + u32 mss = shinfo->gso_size; + +@@ -4207,7 +4206,7 @@ static bool rtl8169_tso_csum_v2(struct rtl8169_private *tp, + WARN_ON_ONCE(1); + } + +- opts[0] |= transport_offset << GTTCPHO_SHIFT; ++ opts[0] |= skb_transport_offset(skb) << GTTCPHO_SHIFT; + opts[1] |= mss << TD1_MSS_SHIFT; + } else if (skb->ip_summed == CHECKSUM_PARTIAL) { + u8 ip_protocol; +@@ -4235,7 +4234,7 @@ static bool rtl8169_tso_csum_v2(struct rtl8169_private *tp, + else + WARN_ON_ONCE(1); + +- opts[1] |= transport_offset << TCPHO_SHIFT; ++ opts[1] |= skb_transport_offset(skb) << TCPHO_SHIFT; + } else { + unsigned int padto = rtl_quirk_packet_padto(tp, skb); + +@@ -4402,14 +4401,13 @@ static netdev_features_t rtl8169_features_check(struct sk_buff *skb, + struct net_device *dev, + netdev_features_t features) + { +- int transport_offset = skb_transport_offset(skb); + struct rtl8169_private *tp = netdev_priv(dev); + + if (skb_is_gso(skb)) { + if (tp->mac_version == RTL_GIGA_MAC_VER_34) + features = rtl8168evl_fix_tso(skb, features); + +- if (transport_offset > GTTCPHO_MAX && ++ if (skb_transport_offset(skb) > GTTCPHO_MAX && + rtl_chip_supports_csum_v2(tp)) + features &= ~NETIF_F_ALL_TSO; + } else if (skb->ip_summed == CHECKSUM_PARTIAL) { +@@ -4420,7 +4418,7 @@ static netdev_features_t rtl8169_features_check(struct sk_buff *skb, + if (rtl_quirk_packet_padto(tp, skb)) + features &= ~NETIF_F_CSUM_MASK; + +- if (transport_offset > TCPHO_MAX && ++ if (skb_transport_offset(skb) > TCPHO_MAX && + rtl_chip_supports_csum_v2(tp)) + features &= ~NETIF_F_CSUM_MASK; + } +-- +2.35.3 + diff --git a/patches.suse/random-document-add_hwgenerator_randomness-with-othe.patch b/patches.suse/random-document-add_hwgenerator_randomness-with-othe.patch new file mode 100644 index 0000000..d99e21a --- /dev/null +++ b/patches.suse/random-document-add_hwgenerator_randomness-with-othe.patch @@ -0,0 +1,54 @@ +From 2b6c6e3d9ce3aa0e547ac25d60e06fe035cd9f79 Mon Sep 17 00:00:00 2001 +From: Mark Brown +Date: Wed, 1 Dec 2021 17:44:49 +0000 +Subject: [PATCH] random: document add_hwgenerator_randomness() with other + input functions +Git-commit: 2b6c6e3d9ce3aa0e547ac25d60e06fe035cd9f79 +References: git-fixes +Patch-mainline: v5.17-rc1 + +The section at the top of random.c which documents the input functions +available does not document add_hwgenerator_randomness() which might lead +a reader to overlook it. Add a brief note about it. + +Signed-off-by: Mark Brown +[Jason: reorganize position of function in doc comment and also document + add_bootloader_randomness() while we're at it.] +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Oliver Neukum +--- + drivers/char/random.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 605969ed0f96..c81485e2f126 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -202,6 +202,9 @@ + * unsigned int value); + * void add_interrupt_randomness(int irq, int irq_flags); + * void add_disk_randomness(struct gendisk *disk); ++ * void add_hwgenerator_randomness(const char *buffer, size_t count, ++ * size_t entropy); ++ * void add_bootloader_randomness(const void *buf, unsigned int size); + * + * add_device_randomness() is for adding data to the random pool that + * is likely to differ between two devices (or possibly even per boot). +@@ -228,6 +231,14 @@ + * particular randomness source. They do this by keeping track of the + * first and second order deltas of the event timings. + * ++ * add_hwgenerator_randomness() is for true hardware RNGs, and will credit ++ * entropy as specified by the caller. If the entropy pool is full it will ++ * block until more entropy is needed. ++ * ++ * add_bootloader_randomness() is the same as add_hwgenerator_randomness() or ++ * add_device_randomness(), depending on whether or not the configuration ++ * option CONFIG_RANDOM_TRUST_BOOTLOADER is set. ++ * + * Ensuring unpredictability at system startup + * ============================================ + * +-- +2.35.3 + diff --git a/patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch b/patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch index 20cafca..94b6c6a 100644 --- a/patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch +++ b/patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch @@ -1,140 +1,65 @@ -From f7e67b8e803185d0aabe7f29d25a35c8be724a78 Mon Sep 17 00:00:00 2001 From: Dominik Brodowski -Date: Wed, 29 Dec 2021 22:10:03 +0100 -Subject: [PATCH] random: fix crash on multiple early calls to +Date: Fri, 5 Nov 2021 07:04:36 +0100 +Subject: random: fix crash on multiple early calls to add_bootloader_randomness() - +Patch-mainline: Not yet, in maintainer queue. References: bsc#1184924 -Patch-mainline: v5.17-rc1 -Git-commit: f7e67b8e803185d0aabe7f29d25a35c8be724a78 -Currently, if CONFIG_RANDOM_TRUST_BOOTLOADER is enabled, multiple calls -to add_bootloader_randomness() are broken and can cause a NULL pointer -dereference, as noted by Ivan T. Ivanov. This is not only a hypothetical -problem, as qemu on arm64 may provide bootloader entropy via EFI and via -devicetree. +If add_bootloader_randomness() or add_hwgenerator_randomness() is +called for the first time during early boot, crng_init equals 0. Then, +crng_fast_load() gets called -- which is safe to do even if the input +pool is not yet properly set up. -On the first call to add_hwgenerator_randomness(), crng_fast_load() is -executed, and if the seed is long enough, crng_init will be set to 1. -On subsequent calls to add_bootloader_randomness() and then to -add_hwgenerator_randomness(), crng_fast_load() will be skipped. Instead, -wait_event_interruptible() and then credit_entropy_bits() will be called. -If the entropy count for that second seed is large enough, that proceeds -to crng_reseed(). +If the added entropy suffices to increase crng_init to 1, future calls +to add_bootloader_randomness() or add_hwgenerator_randomness() used to +progress to credit_entropy_bits(). However, if the input pool is not yet +properly set up, the cmpxchg call within that function can lead to an +infinite recursion. This is not only a hypothetical problem, as qemu +on arm64 may provide bootloader entropy via EFI and via devicetree. -However, both wait_event_interruptible() and crng_reseed() depends -(at least in numa_crng_init()) on workqueues. Therefore, test whether -system_wq is already initialized, which is a sufficient indicator that -workqueue_init_early() has progressed far enough. +As crng_global_init_time is set to != 0 once the input pool is properly +set up, check (also) for this condition to determine which branch to take. -If we wind up hitting the !system_wq case, we later want to do what -would have been done there when wqs are up, so set a flag, and do that -work later from the rand_initialize() call. +Calls to crng_fast_load() do not modify the input pool; therefore, the +entropy_count for the input pool must not be modified at that early +stage. Reported-by: Ivan T. Ivanov Fixes: 18b915ac6b0a ("efi/random: Treat EFI_RNG_PROTOCOL output as bootloader randomness") -Cc: stable@vger.kernel.org +Tested-by: Ivan T. Ivanov Signed-off-by: Dominik Brodowski -[Jason: added crng_need_done state and related logic.] -Signed-off-by: Jason A. Donenfeld Acked-by: Ivan T. Ivanov -Acked-by: Michal Suchanek --- - drivers/char/random.c | 56 +++++++++++++++++++++++++++---------------- - 1 file changed, 36 insertions(+), 20 deletions(-) + drivers/char/random.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/drivers/char/random.c b/drivers/char/random.c +index 605969ed0f96..18fe804c1bf8 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c -@@ -468,6 +468,7 @@ static struct crng_state primary_crng = { - * its value (from 0->1->2). - */ - static int crng_init = 0; -+static bool crng_need_final_init = false; - #define crng_ready() (likely(crng_init > 1)) - static int crng_init_cnt = 0; - static unsigned long crng_global_init_time = 0; -@@ -835,6 +836,35 @@ static void __init crng_initialize_primary(struct crng_state *crng) - crng->init_time = jiffies - CRNG_RESEED_INTERVAL - 1; - } - -+static void crng_finalize_init(struct crng_state *crng) -+{ -+ if (crng != &primary_crng || crng_init >= 2) -+ return; -+ if (!system_wq) { -+ /* We can't call numa_crng_init until we have workqueues, -+ * so mark this for processing later. */ -+ crng_need_final_init = true; -+ return; -+ } -+ -+ invalidate_batched_entropy(); -+ numa_crng_init(); -+ crng_init = 2; -+ process_random_ready_list(); -+ wake_up_interruptible(&crng_init_wait); -+ pr_notice("crng init done\n"); -+ if (unseeded_warning.missed) { -+ pr_notice("%d get_random_xx warning(s) missed due to ratelimiting\n", -+ unseeded_warning.missed); -+ unseeded_warning.missed = 0; -+ } -+ if (urandom_warning.missed) { -+ pr_notice("%d urandom warning(s) missed due to ratelimiting\n", -+ urandom_warning.missed); -+ urandom_warning.missed = 0; -+ } -+} -+ - #ifdef CONFIG_NUMA - static void do_numa_crng_init(struct work_struct *work) - { -@@ -989,24 +1020,7 @@ static void crng_reseed(struct crng_state *crng, struct entropy_store *r) - memzero_explicit(&buf, sizeof(buf)); - WRITE_ONCE(crng->init_time, jiffies); - spin_unlock_irqrestore(&crng->lock, flags); -- if (crng == &primary_crng && crng_init < 2) { -- invalidate_batched_entropy(); -- numa_crng_init(); -- crng_init = 2; -- process_random_ready_list(); -- wake_up_interruptible(&crng_init_wait); -- pr_notice("crng init done\n"); -- if (unseeded_warning.missed) { -- pr_notice("%d get_random_xx warning(s) missed due to ratelimiting\n", -- unseeded_warning.missed); -- unseeded_warning.missed = 0; -- } -- if (urandom_warning.missed) { -- pr_notice("%d urandom warning(s) missed due to ratelimiting\n", -- urandom_warning.missed); -- urandom_warning.missed = 0; -- } -- } -+ crng_finalize_init(crng); +@@ -1763,8 +1763,8 @@ static void __init init_std_data(struct entropy_store *r) } - - static void _extract_crng(struct crng_state *crng, -@@ -1780,6 +1793,8 @@ static void __init init_std_data(struct entropy_store *r) + + /* +- * Note that setup_arch() may call add_device_randomness() +- * long before we get here. This allows seeding of the pools ++ * add_device_randomness() or add_bootloader_randomness() may be ++ * called long before we get here. This allows seeding of the pools + * with some platform dependent data very early in the boot + * process. But it limits our options here. We must use + * statically allocated structures that already have all +@@ -2274,7 +2274,12 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, { - init_std_data(&input_pool); - init_std_data(&blocking_pool); -+ if (crng_need_final_init) -+ crng_finalize_init(&primary_crng); - crng_initialize_primary(&primary_crng); - crng_global_init_time = jiffies; - if (ratelimit_disable) { -@@ -2288,7 +2303,8 @@ void add_hwgenerator_randomness(const char *buffer, size_t count, - * We'll be woken up again once below random_write_wakeup_thresh, - * or when the calling thread is about to terminate. - */ -- wait_event_interruptible(random_write_wait, kthread_should_stop() || -+ wait_event_interruptible(random_write_wait, -+ !system_wq || kthread_should_stop() || - ENTROPY_BITS(&input_pool) <= random_write_wakeup_bits); - mix_pool_bytes(poolp, buffer, count); - credit_entropy_bits(poolp, entropy); --- -2.35.3 + struct entropy_store *poolp = &input_pool; + +- if (unlikely(crng_init == 0)) { ++ /* We cannot do much with the input pool until it is set up in ++ * rand_initalize(); therefore just mix into the crng state. ++ * As this does not affect the input pool, we cannot credit ++ * entropy for this. ++ */ ++ if (unlikely(crng_init == 0 || crng_global_init_time == 0)) { + crng_fast_load(buffer, count); + return; + } diff --git a/patches.suse/random-fix-typo-in-comments.patch b/patches.suse/random-fix-typo-in-comments.patch new file mode 100644 index 0000000..3f23ff6 --- /dev/null +++ b/patches.suse/random-fix-typo-in-comments.patch @@ -0,0 +1,33 @@ +From c0a8a61e7abbf66729687ee63659ee25983fbb1e Mon Sep 17 00:00:00 2001 +From: Schspa Shi +Date: Fri, 14 Jan 2022 16:12:16 +0800 +Subject: [PATCH] random: fix typo in comments +Git-commit: c0a8a61e7abbf66729687ee63659ee25983fbb1e +References: git-fixes +Patch-mainline: v5.17-rc1 + +s/or/for + +Signed-off-by: Schspa Shi +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Oliver Neukum +--- + drivers/char/random.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/char/random.c b/drivers/char/random.c +index 227fb7802738..ba8d63f52c05 100644 +--- a/drivers/char/random.c ++++ b/drivers/char/random.c +@@ -101,7 +101,7 @@ + * =============================== + * + * There are four exported interfaces; two for use within the kernel, +- * and two or use from userspace. ++ * and two for use from userspace. + * + * Exported interfaces ---- userspace output + * ----------------------------------------- +-- +2.35.3 + diff --git a/patches.suse/random-remove-useless-header-comment.patch b/patches.suse/random-remove-useless-header-comment.patch new file mode 100644 index 0000000..e3923ba --- /dev/null +++ b/patches.suse/random-remove-useless-header-comment.patch @@ -0,0 +1,35 @@ +From e9a8694cbdf9eba170b7d7968d690d2c66a9e6a2 Mon Sep 17 00:00:00 2001 +From: "Jason A. Donenfeld" +Date: Fri, 11 Feb 2022 12:28:33 +0100 +Subject: [PATCH] random: remove useless header comment + +References: git fixes +Patch-mainline: v5.18-rc1 +Git-commit: 6071a6c0fba2d747742cadcbb3ba26ed756ed73b + +This really adds nothing at all useful. + +Cc: Theodore Ts'o +Reviewed-by: Dominik Brodowski +Reviewed-by: Eric Biggers +Signed-off-by: Jason A. Donenfeld +Signed-off-by: Mel Gorman +--- + include/linux/random.h | 6 +----- + 1 file changed, 1 insertion(+), 5 deletions(-) + +diff --git a/include/linux/random.h b/include/linux/random.h +index e39ac4a7767a..1395b8a6536f 100644 +--- a/include/linux/random.h ++++ b/include/linux/random.h +@@ -1,9 +1,5 @@ + /* SPDX-License-Identifier: GPL-2.0 */ +-/* +- * include/linux/random.h +- * +- * Include file for the random number generator. +- */ ++ + #ifndef _LINUX_RANDOM_H + #define _LINUX_RANDOM_H + diff --git a/patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch b/patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch new file mode 100644 index 0000000..7407921 --- /dev/null +++ b/patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch @@ -0,0 +1,36 @@ +From 1dace014928e6e385363032d359a04dee9158af0 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Mon, 11 Jul 2022 17:15:29 -0700 +Subject: [PATCH] raw: Fix a data-race around sysctl_raw_l3mdev_accept. +Git-commit: 1dace014928e6e385363032d359a04dee9158af0 +Patch-mainline: v5.19-rc7 +References: git-fixes + +While reading sysctl_raw_l3mdev_accept, it can be changed concurrently. +Thus, we need to add READ_ONCE() to its reader. + +Fixes: 6897445fb194 ("net: provide a sysctl raw_l3mdev_accept for raw socket lookup with VRFs") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + include/net/raw.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/net/raw.h b/include/net/raw.h +index 8ad8df594853..c51a635671a7 100644 +--- a/include/net/raw.h ++++ b/include/net/raw.h +@@ -75,7 +75,7 @@ static inline bool raw_sk_bound_dev_eq(struct net *net, int bound_dev_if, + int dif, int sdif) + { + #if IS_ENABLED(CONFIG_NET_L3_MASTER_DEV) +- return inet_bound_dev_eq(!!net->ipv4.sysctl_raw_l3mdev_accept, ++ return inet_bound_dev_eq(READ_ONCE(net->ipv4.sysctl_raw_l3mdev_accept), + bound_dev_if, dif, sdif); + #else + return inet_bound_dev_eq(true, bound_dev_if, dif, sdif); +-- +2.35.3 + diff --git a/patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch b/patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch new file mode 100644 index 0000000..f18a6b0 --- /dev/null +++ b/patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch @@ -0,0 +1,42 @@ +From 66efb665cd5ad69b27dca8571bf89fc6b9c628a4 Mon Sep 17 00:00:00 2001 +From: Liang He +Date: Fri, 15 Jul 2022 19:10:27 +0800 +Subject: [PATCH] regulator: of: Fix refcount leak bug in of_get_regulation_constraints() +Git-commit: 66efb665cd5ad69b27dca8571bf89fc6b9c628a4 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We should call the of_node_put() for the reference returned by +of_get_child_by_name() which has increased the refcount. + +Fixes: 40e20d68bb3f ("regulator: of: Add support for parsing regulator_state for suspend state") +Signed-off-by: Liang He +Link: https://lore.kernel.org/r/20220715111027.391032-1-windhl@126.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/regulator/of_regulator.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/drivers/regulator/of_regulator.c b/drivers/regulator/of_regulator.c +index f54d4f176882..e12b681c72e5 100644 +--- a/drivers/regulator/of_regulator.c ++++ b/drivers/regulator/of_regulator.c +@@ -264,8 +264,12 @@ static int of_get_regulation_constraints(struct device *dev, + } + + suspend_np = of_get_child_by_name(np, regulator_states[i]); +- if (!suspend_np || !suspend_state) ++ if (!suspend_np) + continue; ++ if (!suspend_state) { ++ of_node_put(suspend_np); ++ continue; ++ } + + if (!of_property_read_u32(suspend_np, "regulator-mode", + &pval)) { +-- +2.35.3 + diff --git a/patches.suse/sched-debug-Remove-mpol_get-put-and-task_lock-unlock.patch b/patches.suse/sched-debug-Remove-mpol_get-put-and-task_lock-unlock.patch new file mode 100644 index 0000000..bbbdeb0 --- /dev/null +++ b/patches.suse/sched-debug-Remove-mpol_get-put-and-task_lock-unlock.patch @@ -0,0 +1,59 @@ +From 28c988c3ec29db74a1dda631b18785958d57df4f Mon Sep 17 00:00:00 2001 +From: Bharata B Rao +Date: Tue, 18 Jan 2022 10:35:15 +0530 +Subject: [PATCH] sched/debug: Remove mpol_get/put and task_lock/unlock from + sched_show_numa +Git-commit: 28c988c3ec29db74a1dda631b18785958d57df4f +Patch-mainline: v5.18-rc1 +References: git-fixes + +The older format of /proc/pid/sched printed home node info which +required the mempolicy and task lock around mpol_get(). However +the format has changed since then and there is no need for +sched_show_numa() any more to have mempolicy argument, +asssociated mpol_get/put and task_lock/unlock. Remove them. + +Fixes: 397f2378f1361 ("sched/numa: Fix numa balancing stats in /proc/pid/sched") +Signed-off-by: Bharata B Rao +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Srikar Dronamraju +Acked-by: Mel Gorman +Link: https://lore.kernel.org/r/20220118050515.2973-1-bharata@amd.com +Signed-off-by: Frederic Weisbecker +--- + kernel/sched/debug.c | 10 ---------- + 1 file changed, 10 deletions(-) + +diff --git a/kernel/sched/debug.c b/kernel/sched/debug.c +index aa29211de1bf..102d6f70e84d 100644 +--- a/kernel/sched/debug.c ++++ b/kernel/sched/debug.c +@@ -931,25 +931,15 @@ void print_numa_stats(struct seq_file *m, int node, unsigned long tsf, + static void sched_show_numa(struct task_struct *p, struct seq_file *m) + { + #ifdef CONFIG_NUMA_BALANCING +- struct mempolicy *pol; +- + if (p->mm) + P(mm->numa_scan_seq); + +- task_lock(p); +- pol = p->mempolicy; +- if (pol && !(pol->flags & MPOL_F_MORON)) +- pol = NULL; +- mpol_get(pol); +- task_unlock(p); +- + P(numa_pages_migrated); + P(numa_preferred_nid); + P(total_numa_faults); + SEQ_printf(m, "current_node=%d, numa_group_id=%d\n", + task_node(p), task_numa_group_id(p)); + show_numa_stats(p, m); +- mpol_put(pol); + #endif + } + +-- +2.25.1 + diff --git a/patches.suse/sched-fair-Revise-comment-about-lb-decision-matrix.patch b/patches.suse/sched-fair-Revise-comment-about-lb-decision-matrix.patch new file mode 100644 index 0000000..863a8e4 --- /dev/null +++ b/patches.suse/sched-fair-Revise-comment-about-lb-decision-matrix.patch @@ -0,0 +1,54 @@ +From 41cc7952a50ac8f69d4ecb41ed1e28ce35aaa7dc Mon Sep 17 00:00:00 2001 +From: Tao Zhou +Date: Fri, 15 Apr 2022 17:55:04 +0800 +Subject: [PATCH] sched/fair: Revise comment about lb decision matrix + +References: git fixes (sched/fair) +Patch-mainline: v5.19-rc1 +Git-commit: a658353167bf2ea6052cee071dbcc13e0f229dc9 + +If busiest group type is group_misfit_task, the local +group type must be group_has_spare according to below +code in update_sd_pick_busiest(): + + if (sgs->group_type == group_misfit_task && + (!capacity_greater(capacity_of(env->dst_cpu), sg->sgc->max_capacity) || + sds->local_stat.group_type != group_has_spare)) + return false; + +group type imbalanced and overloaded and fully_busy are filtered in here. +misfit and asym are filtered before in update_sg_lb_stats(). +So, change the decision matrix to: + + busiest \ local has_spare fully_busy misfit asym imbalanced overloaded + has_spare nr_idle balanced N/A N/A balanced balanced + fully_busy nr_idle nr_idle N/A N/A balanced balanced + misfit_task force N/A N/A N/A *N/A* *N/A* + asym_packing force force N/A N/A force force + imbalanced force force N/A N/A force force + overloaded force force N/A N/A force avg_load + +Fixes: 0b0695f2b34a ("sched/fair: Rework load_balance()") +Signed-off-by: Tao Zhou +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Dietmar Eggemann +Reviewed-by: Vincent Guittot +Link: https://lkml.kernel.org/r/20220415095505.7765-1-tao.zhou@linux.dev +Signed-off-by: Mel Gorman +--- + kernel/sched/fair.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 9abb4a591e3f..fcbe2cbf1666 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -9094,7 +9094,7 @@ static inline void calculate_imbalance(struct lb_env *env, struct sd_lb_stats *s + * busiest \ local has_spare fully_busy misfit asym imbalanced overloaded + * has_spare nr_idle balanced N/A N/A balanced balanced + * fully_busy nr_idle nr_idle N/A N/A balanced balanced +- * misfit_task force N/A N/A N/A force force ++ * misfit_task force N/A N/A N/A N/A N/A + * asym_packing force force N/A N/A force force + * imbalanced force force N/A N/A force force + * overloaded force force N/A N/A force avg_load diff --git a/patches.suse/sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch b/patches.suse/sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch new file mode 100644 index 0000000..553a92d --- /dev/null +++ b/patches.suse/sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch @@ -0,0 +1,44 @@ +From 6b11a5ebd8c277e67b37b6995ebc211901a965ef Mon Sep 17 00:00:00 2001 +From: Mathieu Desnoyers +Date: Wed, 17 Feb 2021 11:56:51 -0500 +Subject: [PATCH] sched/membarrier: fix missing local execution of + ipi_sync_rq_state() + +References: git fixes (sched/membarrier) +Patch-mainline: v5.12-rc3 +Git-commit: ce29ddc47b91f97e7f69a0fb7cbb5845f52a9825 + +The function sync_runqueues_membarrier_state() should copy the +membarrier state from the @mm received as parameter to each runqueue +currently running tasks using that mm. + +However, the use of smp_call_function_many() skips the current runqueue, +which is unintended. Replace by a call to on_each_cpu_mask(). + +Fixes: 227a4aadc75b ("sched/membarrier: Fix p->mm->membarrier_state racy load") +Reported-by: Nadav Amit +Signed-off-by: Mathieu Desnoyers +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Ingo Molnar +Cc: stable@vger.kernel.org # 5.4.x+ +Link: https://lore.kernel.org/r/74F1E842-4A84-47BF-B6C2-5407DFDD4A4A@gmail.com +Signed-off-by: Mel Gorman +--- + kernel/sched/membarrier.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/kernel/sched/membarrier.c b/kernel/sched/membarrier.c +index d124c2a8e9c2..7dfa97baf6b0 100644 +--- a/kernel/sched/membarrier.c ++++ b/kernel/sched/membarrier.c +@@ -273,9 +273,7 @@ static int sync_runqueues_membarrier_state(struct mm_struct *mm) + } + rcu_read_unlock(); + +- preempt_disable(); +- smp_call_function_many(tmpmask, ipi_sync_rq_state, mm, 1); +- preempt_enable(); ++ on_each_cpu_mask(tmpmask, ipi_sync_rq_state, mm, true); + + free_cpumask_var(tmpmask); + cpus_read_unlock(); diff --git a/patches.suse/scripts-dummy-tools-add-pahole.patch b/patches.suse/scripts-dummy-tools-add-pahole.patch new file mode 100644 index 0000000..706e008 --- /dev/null +++ b/patches.suse/scripts-dummy-tools-add-pahole.patch @@ -0,0 +1,36 @@ +From: Jiri Slaby +Date: Tue, 19 Apr 2022 08:30:09 +0200 +Subject: scripts: dummy-tools, add pahole +Git-commit: a90bb65ae2168c8b36e53f82dc3cb35c6cff4f1e +Patch-mainline: v5.19-rc1 +References: jsc#SLE-24559 + +CONFIG_PAHOLE_VERSION is a part of a config since the commit below. And +when multiple people update the config, this value constantly changes. +Even if they use dummy scripts. + +To fix this, add a pahole dummy script returning v99.99. (This is +translated into 9999 later in the process.) + +Thereafter, this script can be invoked easily for example as: +make PAHOLE=scripts/dummy-tools/pahole oldconfig + +Fixes: 613fe1692377 (kbuild: Add CONFIG_PAHOLE_VERSION) +Signed-off-by: Jiri Slaby +Signed-off-by: Masahiro Yamada +Acked-by: Jeff Mahoney +--- + scripts/dummy-tools/pahole | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/scripts/dummy-tools/pahole b/scripts/dummy-tools/pahole +new file mode 100755 +index 000000000000..53501a36fa71 +--- /dev/null ++++ b/scripts/dummy-tools/pahole +@@ -0,0 +1,4 @@ ++#!/bin/sh ++# SPDX-License-Identifier: GPL-2.0-only ++ ++echo v99.99 + diff --git a/patches.suse/scsi-lpfc-Copyright-updates-for-14.2.0.5-patches.patch b/patches.suse/scsi-lpfc-Copyright-updates-for-14.2.0.5-patches.patch new file mode 100644 index 0000000..918082e --- /dev/null +++ b/patches.suse/scsi-lpfc-Copyright-updates-for-14.2.0.5-patches.patch @@ -0,0 +1,54 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:25 -0700 +Subject: scsi: lpfc: Copyright updates for 14.2.0.5 patches +Patch-mainline: v5.20-rc1 +Git-commit: b3d11f195cbbe665c100b964f6837984b4226cd1 +References: bsc#1201956 + +Update copyrights to 2022 for files modified in the 14.2.0.5 patch set. + +Link: https://lore.kernel.org/r/20220701211425.2708-13-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_bsg.h | 2 +- + drivers/scsi/lpfc/lpfc_debugfs.c | 2 +- + drivers/scsi/lpfc/lpfc_ids.h | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_bsg.h ++++ b/drivers/scsi/lpfc/lpfc_bsg.h +@@ -1,7 +1,7 @@ + /******************************************************************* + * This file is part of the Emulex Linux Device Driver for * + * Fibre Channel Host Bus Adapters. * +- * Copyright (C) 2017-2021 Broadcom. All Rights Reserved. The term * ++ * Copyright (C) 2017-2022 Broadcom. All Rights Reserved. The term * + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * + * Copyright (C) 2010-2015 Emulex. All rights reserved. * + * EMULEX and SLI are trademarks of Emulex. * +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -1,7 +1,7 @@ + /******************************************************************* + * This file is part of the Emulex Linux Device Driver for * + * Fibre Channel Host Bus Adapters. * +- * Copyright (C) 2017-2021 Broadcom. All Rights Reserved. The term * ++ * Copyright (C) 2017-2022 Broadcom. All Rights Reserved. The term * + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * + * Copyright (C) 2007-2015 Emulex. All rights reserved. * + * EMULEX and SLI are trademarks of Emulex. * +--- a/drivers/scsi/lpfc/lpfc_ids.h ++++ b/drivers/scsi/lpfc/lpfc_ids.h +@@ -1,7 +1,7 @@ + /******************************************************************* + * This file is part of the Emulex Linux Device Driver for * + * Fibre Channel Host Bus Adapters. * +- * Copyright (C) 2017-2021 Broadcom. All Rights Reserved. The term * ++ * Copyright (C) 2017-2022 Broadcom. All Rights Reserved. The term * + * “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. * + * Copyright (C) 2004-2016 Emulex. All rights reserved. * + * EMULEX and SLI are trademarks of Emulex. * diff --git a/patches.suse/scsi-lpfc-Fix-attempted-FA-PWWN-usage-after-feature-.patch b/patches.suse/scsi-lpfc-Fix-attempted-FA-PWWN-usage-after-feature-.patch new file mode 100644 index 0000000..3846ff5 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-attempted-FA-PWWN-usage-after-feature-.patch @@ -0,0 +1,70 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:19 -0700 +Subject: scsi: lpfc: Fix attempted FA-PWWN usage after feature disable +Patch-mainline: v5.20-rc1 +Git-commit: 43e19a96a7895f5588ffc6bf9768f362ae3af70e +References: bsc#1201956 + +Disabling FA-PWWN should be effective after port reset, but in some cases +it was found to be impossible to clear FA-PWWN usage without a driver +reload. + +Clean up FA-PWWN flag management to make enable and disable of the feature +more robust. + +Link: https://lore.kernel.org/r/20220701211425.2708-7-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_init.c | 6 +++++- + drivers/scsi/lpfc/lpfc_sli.c | 7 ++++++- + 2 files changed, 11 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -374,6 +374,9 @@ lpfc_update_vport_wwn(struct lpfc_vport + if (phba->sli_rev == LPFC_SLI_REV4 && + vport->port_type == LPFC_PHYSICAL_PORT && + phba->sli4_hba.fawwpn_flag & LPFC_FAWWPN_FABRIC) { ++ if (!(phba->sli4_hba.fawwpn_flag & LPFC_FAWWPN_CONFIG)) ++ phba->sli4_hba.fawwpn_flag &= ++ ~LPFC_FAWWPN_FABRIC; + lpfc_printf_log(phba, KERN_INFO, + LOG_SLI | LOG_DISCOVERY | LOG_ELS, + "2701 FA-PWWN change WWPN from %llx to " +@@ -9966,7 +9969,8 @@ lpfc_sli4_read_config(struct lpfc_hba *p + "configured on\n"); + phba->sli4_hba.fawwpn_flag |= LPFC_FAWWPN_CONFIG; + } else { +- phba->sli4_hba.fawwpn_flag = 0; ++ /* Clear FW configured flag, preserve driver flag */ ++ phba->sli4_hba.fawwpn_flag &= ~LPFC_FAWWPN_CONFIG; + } + + phba->sli4_hba.conf_trunk = +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -5267,7 +5267,8 @@ lpfc_sli_brdrestart_s4(struct lpfc_hba * + phba->pport->stopped = 0; + phba->link_state = LPFC_INIT_START; + phba->hba_flag = 0; +- phba->sli4_hba.fawwpn_flag = 0; ++ /* Preserve FA-PWWN expectation */ ++ phba->sli4_hba.fawwpn_flag &= LPFC_FAWWPN_FABRIC; + spin_unlock_irq(&phba->hbalock); + + memset(&psli->lnk_stat_offsets, 0, sizeof(psli->lnk_stat_offsets)); +@@ -6056,6 +6057,10 @@ lpfc_sli4_retrieve_pport_name(struct lpf + /* obtain link type and link number via READ_CONFIG */ + phba->sli4_hba.lnk_info.lnk_dv = LPFC_LNK_DAT_INVAL; + lpfc_sli4_read_config(phba); ++ ++ if (phba->sli4_hba.fawwpn_flag & LPFC_FAWWPN_CONFIG) ++ phba->sli4_hba.fawwpn_flag |= LPFC_FAWWPN_FABRIC; ++ + if (phba->sli4_hba.lnk_info.lnk_dv == LPFC_LNK_DAT_VAL) + goto retrieve_ppname; + diff --git a/patches.suse/scsi-lpfc-Fix-lost-NVMe-paths-during-LIF-bounce-stre.patch b/patches.suse/scsi-lpfc-Fix-lost-NVMe-paths-during-LIF-bounce-stre.patch new file mode 100644 index 0000000..0764600 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-lost-NVMe-paths-during-LIF-bounce-stre.patch @@ -0,0 +1,67 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:20 -0700 +Subject: scsi: lpfc: Fix lost NVMe paths during LIF bounce stress test +Patch-mainline: v5.20-rc1 +Git-commit: ea92e173dc55460f1b9e71df5ceac951c506d214 +References: bsc#1201956 bsc#1200521 + +During a target link bounce test, the driver sees a mismatch between the +NPortId and the WWPN on the node structures (ndlps) involved. When this +occurs, the driver "swaps" the ndlp and new_ndlp node parameters to restore +WWPN/DID uniqueness in the fc_nodes list per vport. However, the driver +neglected to swap the nlp_fc4_type in the ndlp passed to +lpfc_plogi_confirm_nport causing a failure to recover the NVMe PLOGI/PRLI +and ultimately the NVMe paths. + +Correct confirm_nport to preserve the fc4 types from the new-ndlp when the +data is moved over ot the ndlp structure. + +Link: https://lore.kernel.org/r/20220701211425.2708-8-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_els.c | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -1790,18 +1790,20 @@ lpfc_plogi_confirm_nport(struct lpfc_hba + + /* Move this back to NPR state */ + if (memcmp(&ndlp->nlp_portname, name, sizeof(struct lpfc_name)) == 0) { +- /* The new_ndlp is replacing ndlp totally, so we need +- * to put ndlp on UNUSED list and try to free it. ++ /* The ndlp doesn't have a portname yet, but does have an ++ * NPort ID. The new_ndlp portname matches the Rport's ++ * portname. Reinstantiate the new_ndlp and reset the ndlp. + */ + lpfc_printf_vlog(vport, KERN_INFO, LOG_ELS, + "3179 PLOGI confirm NEW: %x %x\n", + new_ndlp->nlp_DID, keepDID); + + /* Two ndlps cannot have the same did on the nodelist. +- * Note: for this case, ndlp has a NULL WWPN so setting +- * the nlp_fc4_type isn't required. ++ * The KeepDID and keep_nlp_fc4_type need to be swapped ++ * because ndlp is inflight with no WWPN. + */ + ndlp->nlp_DID = keepDID; ++ ndlp->nlp_fc4_type = keep_nlp_fc4_type; + lpfc_nlp_set_state(vport, ndlp, keep_nlp_state); + if (phba->sli_rev == LPFC_SLI_REV4 && + active_rrqs_xri_bitmap) +@@ -1816,9 +1818,8 @@ lpfc_plogi_confirm_nport(struct lpfc_hba + + lpfc_unreg_rpi(vport, ndlp); + +- /* Two ndlps cannot have the same did and the fc4 +- * type must be transferred because the ndlp is in +- * flight. ++ /* The ndlp and new_ndlp both have WWPNs but are swapping ++ * NPort Ids and attributes. + */ + ndlp->nlp_DID = keepDID; + ndlp->nlp_fc4_type = keep_nlp_fc4_type; diff --git a/patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch b/patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch new file mode 100644 index 0000000..bc102a2 --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch @@ -0,0 +1,38 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:18 -0700 +Subject: scsi: lpfc: Fix possible memory leak when failing to issue CMF WQE +Patch-mainline: v5.20-rc1 +Git-commit: 2f67dc7970bce3529edce93a0a14234d88b3fcd5 +References: bsc#1201956 + +There is no corresponding free routine if lpfc_sli4_issue_wqe fails to +issue the CMF WQE in lpfc_issue_cmf_sync_wqe. + +If ret_val is non-zero, then free the iocbq request structure. + +Link: https://lore.kernel.org/r/20220701211425.2708-6-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_sli.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -2003,10 +2003,12 @@ lpfc_issue_cmf_sync_wqe(struct lpfc_hba + + sync_buf->cmd_flag |= LPFC_IO_CMF; + ret_val = lpfc_sli4_issue_wqe(phba, &phba->sli4_hba.hdwq[0], sync_buf); +- if (ret_val) ++ if (ret_val) { + lpfc_printf_log(phba, KERN_INFO, LOG_CGN_MGMT, + "6214 Cannot issue CMF_SYNC_WQE: x%x\n", + ret_val); ++ __lpfc_sli_release_iocbq(phba, sync_buf); ++ } + out_unlock: + spin_unlock_irqrestore(&phba->hbalock, iflags); + return ret_val; diff --git a/patches.suse/scsi-lpfc-Fix-uninitialized-cqe-field-in-lpfc_nvme_c.patch b/patches.suse/scsi-lpfc-Fix-uninitialized-cqe-field-in-lpfc_nvme_c.patch new file mode 100644 index 0000000..376c23e --- /dev/null +++ b/patches.suse/scsi-lpfc-Fix-uninitialized-cqe-field-in-lpfc_nvme_c.patch @@ -0,0 +1,33 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:14 -0700 +Subject: scsi: lpfc: Fix uninitialized cqe field in lpfc_nvme_cancel_iocb() +Patch-mainline: v5.20-rc1 +Git-commit: 4ecc9b0271a7623deabcbe8fcb39f065701d8f74 +References: bsc#1201956 + +In lpfc_nvme_cancel_iocb(), a cqe is created locally from stack storage. +The code didn't initialize the total_data_placed word, inheriting stack +content. + +Initialize the total_data_placed word. + +Link: https://lore.kernel.org/r/20220701211425.2708-2-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_nvme.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/lpfc/lpfc_nvme.c ++++ b/drivers/scsi/lpfc/lpfc_nvme.c +@@ -2824,6 +2824,7 @@ lpfc_nvme_cancel_iocb(struct lpfc_hba *p + wcqep->word0 = 0; + bf_set(lpfc_wcqe_c_status, wcqep, stat); + wcqep->parameter = param; ++ wcqep->total_data_placed = 0; + wcqep->word3 = 0; /* xb is 0 */ + + /* Call release with XB=1 to queue the IO into the abort list. */ diff --git a/patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch b/patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch new file mode 100644 index 0000000..1dee3ac --- /dev/null +++ b/patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch @@ -0,0 +1,79 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:15 -0700 +Subject: scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed + user input +Patch-mainline: v5.20-rc1 +Git-commit: f8191d40aa612981ce897e66cda6a88db8df17bb +References: bsc#1201956 + +Malformed user input to debugfs results in buffer overflow crashes. Adapt +input string lengths to fit within internal buffers, leaving space for NULL +terminators. + +Link: https://lore.kernel.org/r/20220701211425.2708-3-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_debugfs.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_debugfs.c ++++ b/drivers/scsi/lpfc/lpfc_debugfs.c +@@ -2607,8 +2607,8 @@ lpfc_debugfs_multixripools_write(struct + struct lpfc_sli4_hdw_queue *qp; + struct lpfc_multixri_pool *multixri_pool; + +- if (nbytes > 64) +- nbytes = 64; ++ if (nbytes > sizeof(mybuf) - 1) ++ nbytes = sizeof(mybuf) - 1; + + memset(mybuf, 0, sizeof(mybuf)); + +@@ -2688,8 +2688,8 @@ lpfc_debugfs_nvmestat_write(struct file + if (!phba->targetport) + return -ENXIO; + +- if (nbytes > 64) +- nbytes = 64; ++ if (nbytes > sizeof(mybuf) - 1) ++ nbytes = sizeof(mybuf) - 1; + + memset(mybuf, 0, sizeof(mybuf)); + +@@ -2826,8 +2826,8 @@ lpfc_debugfs_ioktime_write(struct file * + char mybuf[64]; + char *pbuf; + +- if (nbytes > 64) +- nbytes = 64; ++ if (nbytes > sizeof(mybuf) - 1) ++ nbytes = sizeof(mybuf) - 1; + + memset(mybuf, 0, sizeof(mybuf)); + +@@ -2954,8 +2954,8 @@ lpfc_debugfs_nvmeio_trc_write(struct fil + char mybuf[64]; + char *pbuf; + +- if (nbytes > 63) +- nbytes = 63; ++ if (nbytes > sizeof(mybuf) - 1) ++ nbytes = sizeof(mybuf) - 1; + + memset(mybuf, 0, sizeof(mybuf)); + +@@ -3060,8 +3060,8 @@ lpfc_debugfs_hdwqstat_write(struct file + char *pbuf; + int i; + +- if (nbytes > 64) +- nbytes = 64; ++ if (nbytes > sizeof(mybuf) - 1) ++ nbytes = sizeof(mybuf) - 1; + + memset(mybuf, 0, sizeof(mybuf)); + diff --git a/patches.suse/scsi-lpfc-Refactor-lpfc_nvmet_prep_abort_wqe-into-lp.patch b/patches.suse/scsi-lpfc-Refactor-lpfc_nvmet_prep_abort_wqe-into-lp.patch new file mode 100644 index 0000000..846a020 --- /dev/null +++ b/patches.suse/scsi-lpfc-Refactor-lpfc_nvmet_prep_abort_wqe-into-lp.patch @@ -0,0 +1,202 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:22 -0700 +Subject: scsi: lpfc: Refactor lpfc_nvmet_prep_abort_wqe() into + lpfc_sli_prep_abort_xri() +Patch-mainline: v5.20-rc1 +Git-commit: b21c9deb1479bcbeea8b06c490a815690c7c86e9 +References: bsc#1201956 + +lpfc_nvmet_prep_abort_wqe() has a lot of common code with +lpfc_sli_prep_abort_xri(). + +Delete lpfc_nvmet_prep_abort_wqe() as the wqe can be filled out using the +generic lpfc_sli_prep_abort_xri routine(). Add the wqec option to +lpfc_sli_prep_abort_xri() for lpfc_nvmet_prep_abort_wqe(). + +Link: https://lore.kernel.org/r/20220701211425.2708-10-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 3 +- + drivers/scsi/lpfc/lpfc_crtn.h | 2 - + drivers/scsi/lpfc/lpfc_hw4.h | 1 + drivers/scsi/lpfc/lpfc_nvmet.c | 48 ++++------------------------------------- + drivers/scsi/lpfc/lpfc_sli.c | 16 ++++++++----- + 5 files changed, 18 insertions(+), 52 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -987,7 +987,8 @@ struct lpfc_hba { + u8 last_seq, u8 cr_cx_cmd); + void (*__lpfc_sli_prep_abort_xri)(struct lpfc_iocbq *cmdiocbq, + u16 ulp_context, u16 iotag, +- u8 ulp_class, u16 cqid, bool ia); ++ u8 ulp_class, u16 cqid, bool ia, ++ bool wqec); + + /* expedite pool */ + struct lpfc_epd_pool epd_pool; +--- a/drivers/scsi/lpfc/lpfc_crtn.h ++++ b/drivers/scsi/lpfc/lpfc_crtn.h +@@ -370,7 +370,7 @@ void lpfc_sli_prep_xmit_seq64(struct lpf + u8 cr_cx_cmd); + void lpfc_sli_prep_abort_xri(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocbq, + u16 ulp_context, u16 iotag, u8 ulp_class, u16 cqid, +- bool ia); ++ bool ia, bool wqec); + struct lpfc_sglq *__lpfc_clear_active_sglq(struct lpfc_hba *phba, uint16_t xri); + struct lpfc_sglq *__lpfc_sli_get_nvmet_sglq(struct lpfc_hba *phba, + struct lpfc_iocbq *piocbq); +--- a/drivers/scsi/lpfc/lpfc_hw4.h ++++ b/drivers/scsi/lpfc/lpfc_hw4.h +@@ -4732,7 +4732,6 @@ struct create_xri_wqe { + uint32_t rsvd_12_15[4]; /* word 12-15 */ + }; + +-#define INHIBIT_ABORT 1 + #define T_REQUEST_TAG 3 + #define T_XRI_TAG 1 + +--- a/drivers/scsi/lpfc/lpfc_nvmet.c ++++ b/drivers/scsi/lpfc/lpfc_nvmet.c +@@ -3337,46 +3337,6 @@ lpfc_nvmet_unsol_issue_abort(struct lpfc + return 1; + } + +-/** +- * lpfc_nvmet_prep_abort_wqe - set up 'abort' work queue entry. +- * @pwqeq: Pointer to command iocb. +- * @xritag: Tag that uniqely identifies the local exchange resource. +- * @opt: Option bits - +- * bit 0 = inhibit sending abts on the link +- * +- * This function is called with hbalock held. +- **/ +-static void +-lpfc_nvmet_prep_abort_wqe(struct lpfc_iocbq *pwqeq, u16 xritag, u8 opt) +-{ +- union lpfc_wqe128 *wqe = &pwqeq->wqe; +- +- /* WQEs are reused. Clear stale data and set key fields to +- * zero like ia, iaab, iaar, xri_tag, and ctxt_tag. +- */ +- memset(wqe, 0, sizeof(*wqe)); +- +- if (opt & INHIBIT_ABORT) +- bf_set(abort_cmd_ia, &wqe->abort_cmd, 1); +- /* Abort specified xri tag, with the mask deliberately zeroed */ +- bf_set(abort_cmd_criteria, &wqe->abort_cmd, T_XRI_TAG); +- +- bf_set(wqe_cmnd, &wqe->abort_cmd.wqe_com, CMD_ABORT_XRI_CX); +- +- /* Abort the I/O associated with this outstanding exchange ID. */ +- wqe->abort_cmd.wqe_com.abort_tag = xritag; +- +- /* iotag for the wqe completion. */ +- bf_set(wqe_reqtag, &wqe->abort_cmd.wqe_com, pwqeq->iotag); +- +- bf_set(wqe_qosd, &wqe->abort_cmd.wqe_com, 1); +- bf_set(wqe_lenloc, &wqe->abort_cmd.wqe_com, LPFC_WQE_LENLOC_NONE); +- +- bf_set(wqe_cmd_type, &wqe->abort_cmd.wqe_com, OTHER_COMMAND); +- bf_set(wqe_wqec, &wqe->abort_cmd.wqe_com, 1); +- bf_set(wqe_cqid, &wqe->abort_cmd.wqe_com, LPFC_WQE_CQ_ID_DEFAULT); +-} +- + static int + lpfc_nvmet_sol_fcp_issue_abort(struct lpfc_hba *phba, + struct lpfc_async_xchg_ctx *ctxp, +@@ -3386,7 +3346,7 @@ lpfc_nvmet_sol_fcp_issue_abort(struct lp + struct lpfc_iocbq *abts_wqeq; + struct lpfc_nodelist *ndlp; + unsigned long flags; +- u8 opt; ++ bool ia; + int rc; + + tgtp = (struct lpfc_nvmet_tgtport *)phba->targetport->private; +@@ -3426,7 +3386,7 @@ lpfc_nvmet_sol_fcp_issue_abort(struct lp + } + abts_wqeq = ctxp->abort_wqeq; + ctxp->state = LPFC_NVME_STE_ABORT; +- opt = (ctxp->flag & LPFC_NVME_ABTS_RCV) ? INHIBIT_ABORT : 0; ++ ia = (ctxp->flag & LPFC_NVME_ABTS_RCV) ? true : false; + spin_unlock_irqrestore(&ctxp->ctxlock, flags); + + /* Announce entry to new IO submit field. */ +@@ -3472,7 +3432,9 @@ lpfc_nvmet_sol_fcp_issue_abort(struct lp + /* Ready - mark outstanding as aborted by driver. */ + abts_wqeq->cmd_flag |= LPFC_DRIVER_ABORTED; + +- lpfc_nvmet_prep_abort_wqe(abts_wqeq, ctxp->wqeq->sli4_xritag, opt); ++ lpfc_sli_prep_abort_xri(phba, abts_wqeq, ctxp->wqeq->sli4_xritag, ++ abts_wqeq->iotag, CLASS3, ++ LPFC_WQE_CQ_ID_DEFAULT, ia, true); + + /* ABTS WQE must go to the same WQ as the WQE to be aborted */ + abts_wqeq->hba_wqidx = ctxp->wqeq->hba_wqidx; +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -10854,7 +10854,8 @@ lpfc_sli_prep_xmit_seq64(struct lpfc_hba + + static void + __lpfc_sli_prep_abort_xri_s3(struct lpfc_iocbq *cmdiocbq, u16 ulp_context, +- u16 iotag, u8 ulp_class, u16 cqid, bool ia) ++ u16 iotag, u8 ulp_class, u16 cqid, bool ia, ++ bool wqec) + { + IOCB_t *icmd = NULL; + +@@ -10883,7 +10884,8 @@ static void + + static void + __lpfc_sli_prep_abort_xri_s4(struct lpfc_iocbq *cmdiocbq, u16 ulp_context, +- u16 iotag, u8 ulp_class, u16 cqid, bool ia) ++ u16 iotag, u8 ulp_class, u16 cqid, bool ia, ++ bool wqec) + { + union lpfc_wqe128 *wqe; + +@@ -10910,6 +10912,8 @@ static void + bf_set(wqe_qosd, &wqe->abort_cmd.wqe_com, 1); + + /* Word 11 */ ++ if (wqec) ++ bf_set(wqe_wqec, &wqe->abort_cmd.wqe_com, 1); + bf_set(wqe_cqid, &wqe->abort_cmd.wqe_com, cqid); + bf_set(wqe_cmd_type, &wqe->abort_cmd.wqe_com, OTHER_COMMAND); + } +@@ -10917,10 +10921,10 @@ static void + void + lpfc_sli_prep_abort_xri(struct lpfc_hba *phba, struct lpfc_iocbq *cmdiocbq, + u16 ulp_context, u16 iotag, u8 ulp_class, u16 cqid, +- bool ia) ++ bool ia, bool wqec) + { + phba->__lpfc_sli_prep_abort_xri(cmdiocbq, ulp_context, iotag, ulp_class, +- cqid, ia); ++ cqid, ia, wqec); + } + + /** +@@ -12198,7 +12202,7 @@ lpfc_sli_issue_abort_iotag(struct lpfc_h + + lpfc_sli_prep_abort_xri(phba, abtsiocbp, ulp_context, iotag, + cmdiocb->iocb.ulpClass, +- LPFC_WQE_CQ_ID_DEFAULT, ia); ++ LPFC_WQE_CQ_ID_DEFAULT, ia, false); + + abtsiocbp->vport = vport; + +@@ -12658,7 +12662,7 @@ lpfc_sli_abort_taskmgmt(struct lpfc_vpor + + lpfc_sli_prep_abort_xri(phba, abtsiocbq, ulp_context, iotag, + iocbq->iocb.ulpClass, cqid, +- ia); ++ ia, false); + + abtsiocbq->vport = vport; + diff --git a/patches.suse/scsi-lpfc-Remove-Menlo-Hornet-related-code.patch b/patches.suse/scsi-lpfc-Remove-Menlo-Hornet-related-code.patch new file mode 100644 index 0000000..3651613 --- /dev/null +++ b/patches.suse/scsi-lpfc-Remove-Menlo-Hornet-related-code.patch @@ -0,0 +1,757 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:23 -0700 +Subject: scsi: lpfc: Remove Menlo/Hornet related code +Patch-mainline: v5.20-rc1 +Git-commit: 7f86d2b84708752f7667f9d7b9e370125d2004e8 +References: bsc#1201956 + +The Menlo/Hornet adapter was never released to the field. As such, driver +code specific to the adapter is unnecessary and should be removed. + +Link: https://lore.kernel.org/r/20220701211425.2708-11-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 7 + drivers/scsi/lpfc/lpfc_attr.c | 27 --- + drivers/scsi/lpfc/lpfc_bsg.c | 324 --------------------------------------- + drivers/scsi/lpfc/lpfc_bsg.h | 12 - + drivers/scsi/lpfc/lpfc_els.c | 9 - + drivers/scsi/lpfc/lpfc_hbadisc.c | 57 ------ + drivers/scsi/lpfc/lpfc_hw.h | 10 - + drivers/scsi/lpfc/lpfc_ids.h | 2 + drivers/scsi/lpfc/lpfc_init.c | 13 - + drivers/scsi/lpfc/lpfc_sli.c | 10 - + drivers/scsi/lpfc/lpfc_sli.h | 1 + 11 files changed, 7 insertions(+), 465 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc_attr.c ++++ b/drivers/scsi/lpfc/lpfc_attr.c +@@ -922,25 +922,6 @@ lpfc_programtype_show(struct device *dev + } + + /** +- * lpfc_mlomgmt_show - Return the Menlo Maintenance sli flag +- * @dev: class converted to a Scsi_host structure. +- * @attr: device attribute, not used. +- * @buf: on return contains the Menlo Maintenance sli flag. +- * +- * Returns: size of formatted string. +- **/ +-static ssize_t +-lpfc_mlomgmt_show(struct device *dev, struct device_attribute *attr, char *buf) +-{ +- struct Scsi_Host *shost = class_to_shost(dev); +- struct lpfc_vport *vport = (struct lpfc_vport *)shost->hostdata; +- struct lpfc_hba *phba = vport->phba; +- +- return scnprintf(buf, PAGE_SIZE, "%d\n", +- (phba->sli.sli_flag & LPFC_MENLO_MAINT)); +-} +- +-/** + * lpfc_vportnum_show - Return the port number in ascii of the hba + * @dev: class converted to a Scsi_host structure. + * @attr: device attribute, not used. +@@ -1109,10 +1090,7 @@ lpfc_link_state_show(struct device *dev, + "Unknown\n"); + break; + } +- if (phba->sli.sli_flag & LPFC_MENLO_MAINT) +- len += scnprintf(buf + len, PAGE_SIZE-len, +- " Menlo Maint Mode\n"); +- else if (phba->fc_topology == LPFC_TOPOLOGY_LOOP) { ++ if (phba->fc_topology == LPFC_TOPOLOGY_LOOP) { + if (vport->fc_flag & FC_PUBLIC_LOOP) + len += scnprintf(buf + len, PAGE_SIZE-len, + " Public Loop\n"); +@@ -2827,7 +2805,6 @@ static DEVICE_ATTR(option_rom_version, S + lpfc_option_rom_version_show, NULL); + static DEVICE_ATTR(num_discovered_ports, S_IRUGO, + lpfc_num_discovered_ports_show, NULL); +-static DEVICE_ATTR(menlo_mgmt_mode, S_IRUGO, lpfc_mlomgmt_show, NULL); + static DEVICE_ATTR(nport_evt_cnt, S_IRUGO, lpfc_nport_evt_cnt_show, NULL); + static DEVICE_ATTR_RO(lpfc_drvr_version); + static DEVICE_ATTR_RO(lpfc_enable_fip); +@@ -6220,7 +6197,6 @@ struct device_attribute *lpfc_hba_attrs[ + &dev_attr_option_rom_version, + &dev_attr_link_state, + &dev_attr_num_discovered_ports, +- &dev_attr_menlo_mgmt_mode, + &dev_attr_lpfc_drvr_version, + &dev_attr_lpfc_enable_fip, + &dev_attr_lpfc_temp_sensor, +@@ -7369,7 +7345,6 @@ lpfc_get_hba_function_mode(struct lpfc_h + case PCI_DEVICE_ID_LANCER_FCOE: + case PCI_DEVICE_ID_LANCER_FCOE_VF: + case PCI_DEVICE_ID_ZEPHYR_DCSP: +- case PCI_DEVICE_ID_HORNET: + case PCI_DEVICE_ID_TIGERSHARK: + case PCI_DEVICE_ID_TOMCAT: + phba->hba_flag |= HBA_FCOE_MODE; +--- a/drivers/scsi/lpfc/lpfc_bsg.c ++++ b/drivers/scsi/lpfc/lpfc_bsg.c +@@ -88,17 +88,9 @@ struct lpfc_bsg_mbox { + uint32_t outExtWLen; /* from app */ + }; + +-#define MENLO_DID 0x0000FC0E +- +-struct lpfc_bsg_menlo { +- struct lpfc_iocbq *cmdiocbq; +- struct lpfc_dmabuf *rmp; +-}; +- + #define TYPE_EVT 1 + #define TYPE_IOCB 2 + #define TYPE_MBOX 3 +-#define TYPE_MENLO 4 + struct bsg_job_data { + uint32_t type; + struct bsg_job *set_job; /* job waiting for this iocb to finish */ +@@ -106,7 +98,6 @@ struct bsg_job_data { + struct lpfc_bsg_event *evt; + struct lpfc_bsg_iocb iocb; + struct lpfc_bsg_mbox mbox; +- struct lpfc_bsg_menlo menlo; + } context_un; + }; + +@@ -3502,15 +3493,6 @@ static int lpfc_bsg_check_cmd_access(str + "1226 mbox: set_variable 0x%x, 0x%x\n", + mb->un.varWords[0], + mb->un.varWords[1]); +- if ((mb->un.varWords[0] == SETVAR_MLOMNT) +- && (mb->un.varWords[1] == 1)) { +- phba->wait_4_mlo_maint_flg = 1; +- } else if (mb->un.varWords[0] == SETVAR_MLORST) { +- spin_lock_irq(&phba->hbalock); +- phba->link_flag &= ~LS_LOOPBACK_MODE; +- spin_unlock_irq(&phba->hbalock); +- phba->fc_topology = LPFC_TOPOLOGY_PT_PT; +- } + break; + case MBX_READ_SPARM64: + case MBX_REG_LOGIN: +@@ -4992,283 +4974,6 @@ lpfc_bsg_mbox_cmd(struct bsg_job *job) + return rc; + } + +-/** +- * lpfc_bsg_menlo_cmd_cmp - lpfc_menlo_cmd completion handler +- * @phba: Pointer to HBA context object. +- * @cmdiocbq: Pointer to command iocb. +- * @rspiocbq: Pointer to response iocb. +- * +- * This function is the completion handler for iocbs issued using +- * lpfc_menlo_cmd function. This function is called by the +- * ring event handler function without any lock held. This function +- * can be called from both worker thread context and interrupt +- * context. This function also can be called from another thread which +- * cleans up the SLI layer objects. +- * This function copies the contents of the response iocb to the +- * response iocb memory object provided by the caller of +- * lpfc_sli_issue_iocb_wait and then wakes up the thread which +- * sleeps for the iocb completion. +- **/ +-static void +-lpfc_bsg_menlo_cmd_cmp(struct lpfc_hba *phba, +- struct lpfc_iocbq *cmdiocbq, +- struct lpfc_iocbq *rspiocbq) +-{ +- struct bsg_job_data *dd_data; +- struct bsg_job *job; +- struct fc_bsg_reply *bsg_reply; +- IOCB_t *rsp; +- struct lpfc_dmabuf *bmp, *cmp, *rmp; +- struct lpfc_bsg_menlo *menlo; +- unsigned long flags; +- struct menlo_response *menlo_resp; +- unsigned int rsp_size; +- int rc = 0; +- +- dd_data = cmdiocbq->context_un.dd_data; +- cmp = cmdiocbq->cmd_dmabuf; +- bmp = cmdiocbq->bpl_dmabuf; +- menlo = &dd_data->context_un.menlo; +- rmp = menlo->rmp; +- rsp = &rspiocbq->iocb; +- +- /* Determine if job has been aborted */ +- spin_lock_irqsave(&phba->ct_ev_lock, flags); +- job = dd_data->set_job; +- if (job) { +- bsg_reply = job->reply; +- /* Prevent timeout handling from trying to abort job */ +- job->dd_data = NULL; +- } +- spin_unlock_irqrestore(&phba->ct_ev_lock, flags); +- +- /* Copy the job data or set the failing status for the job */ +- +- if (job) { +- /* always return the xri, this would be used in the case +- * of a menlo download to allow the data to be sent as a +- * continuation of the exchange. +- */ +- +- menlo_resp = (struct menlo_response *) +- bsg_reply->reply_data.vendor_reply.vendor_rsp; +- menlo_resp->xri = rsp->ulpContext; +- if (rsp->ulpStatus) { +- if (rsp->ulpStatus == IOSTAT_LOCAL_REJECT) { +- switch (rsp->un.ulpWord[4] & IOERR_PARAM_MASK) { +- case IOERR_SEQUENCE_TIMEOUT: +- rc = -ETIMEDOUT; +- break; +- case IOERR_INVALID_RPI: +- rc = -EFAULT; +- break; +- default: +- rc = -EACCES; +- break; +- } +- } else { +- rc = -EACCES; +- } +- } else { +- rsp_size = rsp->un.genreq64.bdl.bdeSize; +- bsg_reply->reply_payload_rcv_len = +- lpfc_bsg_copy_data(rmp, &job->reply_payload, +- rsp_size, 0); +- } +- +- } +- +- lpfc_sli_release_iocbq(phba, cmdiocbq); +- lpfc_free_bsg_buffers(phba, cmp); +- lpfc_free_bsg_buffers(phba, rmp); +- lpfc_mbuf_free(phba, bmp->virt, bmp->phys); +- kfree(bmp); +- kfree(dd_data); +- +- /* Complete the job if active */ +- +- if (job) { +- bsg_reply->result = rc; +- bsg_job_done(job, bsg_reply->result, +- bsg_reply->reply_payload_rcv_len); +- } +- +- return; +-} +- +-/** +- * lpfc_menlo_cmd - send an ioctl for menlo hardware +- * @job: fc_bsg_job to handle +- * +- * This function issues a gen request 64 CR ioctl for all menlo cmd requests, +- * all the command completions will return the xri for the command. +- * For menlo data requests a gen request 64 CX is used to continue the exchange +- * supplied in the menlo request header xri field. +- **/ +-static int +-lpfc_menlo_cmd(struct bsg_job *job) +-{ +- struct lpfc_vport *vport = shost_priv(fc_bsg_to_shost(job)); +- struct fc_bsg_request *bsg_request = job->request; +- struct fc_bsg_reply *bsg_reply = job->reply; +- struct lpfc_hba *phba = vport->phba; +- struct lpfc_iocbq *cmdiocbq; +- IOCB_t *cmd; +- int rc = 0; +- struct menlo_command *menlo_cmd; +- struct lpfc_dmabuf *bmp = NULL, *cmp = NULL, *rmp = NULL; +- int request_nseg; +- int reply_nseg; +- struct bsg_job_data *dd_data; +- struct ulp_bde64 *bpl = NULL; +- +- /* in case no data is returned return just the return code */ +- bsg_reply->reply_payload_rcv_len = 0; +- +- if (job->request_len < +- sizeof(struct fc_bsg_request) + +- sizeof(struct menlo_command)) { +- lpfc_printf_log(phba, KERN_WARNING, LOG_LIBDFC, +- "2784 Received MENLO_CMD request below " +- "minimum size\n"); +- rc = -ERANGE; +- goto no_dd_data; +- } +- +- if (job->reply_len < sizeof(*bsg_reply) + +- sizeof(struct menlo_response)) { +- lpfc_printf_log(phba, KERN_WARNING, LOG_LIBDFC, +- "2785 Received MENLO_CMD reply below " +- "minimum size\n"); +- rc = -ERANGE; +- goto no_dd_data; +- } +- +- if (!(phba->menlo_flag & HBA_MENLO_SUPPORT)) { +- lpfc_printf_log(phba, KERN_WARNING, LOG_LIBDFC, +- "2786 Adapter does not support menlo " +- "commands\n"); +- rc = -EPERM; +- goto no_dd_data; +- } +- +- menlo_cmd = (struct menlo_command *) +- bsg_request->rqst_data.h_vendor.vendor_cmd; +- +- /* allocate our bsg tracking structure */ +- dd_data = kmalloc(sizeof(struct bsg_job_data), GFP_KERNEL); +- if (!dd_data) { +- lpfc_printf_log(phba, KERN_WARNING, LOG_LIBDFC, +- "2787 Failed allocation of dd_data\n"); +- rc = -ENOMEM; +- goto no_dd_data; +- } +- +- bmp = kmalloc(sizeof(struct lpfc_dmabuf), GFP_KERNEL); +- if (!bmp) { +- rc = -ENOMEM; +- goto free_dd; +- } +- +- bmp->virt = lpfc_mbuf_alloc(phba, 0, &bmp->phys); +- if (!bmp->virt) { +- rc = -ENOMEM; +- goto free_bmp; +- } +- +- INIT_LIST_HEAD(&bmp->list); +- +- bpl = (struct ulp_bde64 *)bmp->virt; +- request_nseg = LPFC_BPL_SIZE/sizeof(struct ulp_bde64); +- cmp = lpfc_alloc_bsg_buffers(phba, job->request_payload.payload_len, +- 1, bpl, &request_nseg); +- if (!cmp) { +- rc = -ENOMEM; +- goto free_bmp; +- } +- lpfc_bsg_copy_data(cmp, &job->request_payload, +- job->request_payload.payload_len, 1); +- +- bpl += request_nseg; +- reply_nseg = LPFC_BPL_SIZE/sizeof(struct ulp_bde64) - request_nseg; +- rmp = lpfc_alloc_bsg_buffers(phba, job->reply_payload.payload_len, 0, +- bpl, &reply_nseg); +- if (!rmp) { +- rc = -ENOMEM; +- goto free_cmp; +- } +- +- cmdiocbq = lpfc_sli_get_iocbq(phba); +- if (!cmdiocbq) { +- rc = -ENOMEM; +- goto free_rmp; +- } +- +- cmd = &cmdiocbq->iocb; +- cmd->un.genreq64.bdl.ulpIoTag32 = 0; +- cmd->un.genreq64.bdl.addrHigh = putPaddrHigh(bmp->phys); +- cmd->un.genreq64.bdl.addrLow = putPaddrLow(bmp->phys); +- cmd->un.genreq64.bdl.bdeFlags = BUFF_TYPE_BLP_64; +- cmd->un.genreq64.bdl.bdeSize = +- (request_nseg + reply_nseg) * sizeof(struct ulp_bde64); +- cmd->un.genreq64.w5.hcsw.Fctl = (SI | LA); +- cmd->un.genreq64.w5.hcsw.Dfctl = 0; +- cmd->un.genreq64.w5.hcsw.Rctl = FC_RCTL_DD_UNSOL_CMD; +- cmd->un.genreq64.w5.hcsw.Type = MENLO_TRANSPORT_TYPE; /* 0xfe */ +- cmd->ulpBdeCount = 1; +- cmd->ulpClass = CLASS3; +- cmd->ulpOwner = OWN_CHIP; +- cmd->ulpLe = 1; /* Limited Edition */ +- cmdiocbq->cmd_flag |= LPFC_IO_LIBDFC; +- cmdiocbq->vport = phba->pport; +- /* We want the firmware to timeout before we do */ +- cmd->ulpTimeout = MENLO_TIMEOUT - 5; +- cmdiocbq->cmd_cmpl = lpfc_bsg_menlo_cmd_cmp; +- cmdiocbq->context_un.dd_data = dd_data; +- cmdiocbq->cmd_dmabuf = cmp; +- cmdiocbq->bpl_dmabuf = bmp; +- if (menlo_cmd->cmd == LPFC_BSG_VENDOR_MENLO_CMD) { +- cmd->ulpCommand = CMD_GEN_REQUEST64_CR; +- cmd->ulpPU = MENLO_PU; /* 3 */ +- cmd->un.ulpWord[4] = MENLO_DID; /* 0x0000FC0E */ +- cmd->ulpContext = MENLO_CONTEXT; /* 0 */ +- } else { +- cmd->ulpCommand = CMD_GEN_REQUEST64_CX; +- cmd->ulpPU = 1; +- cmd->un.ulpWord[4] = 0; +- cmd->ulpContext = menlo_cmd->xri; +- } +- +- dd_data->type = TYPE_MENLO; +- dd_data->set_job = job; +- dd_data->context_un.menlo.cmdiocbq = cmdiocbq; +- dd_data->context_un.menlo.rmp = rmp; +- job->dd_data = dd_data; +- +- rc = lpfc_sli_issue_iocb(phba, LPFC_ELS_RING, cmdiocbq, +- MENLO_TIMEOUT - 5); +- if (rc == IOCB_SUCCESS) +- return 0; /* done for now */ +- +- lpfc_sli_release_iocbq(phba, cmdiocbq); +- +-free_rmp: +- lpfc_free_bsg_buffers(phba, rmp); +-free_cmp: +- lpfc_free_bsg_buffers(phba, cmp); +-free_bmp: +- if (bmp->virt) +- lpfc_mbuf_free(phba, bmp->virt, bmp->phys); +- kfree(bmp); +-free_dd: +- kfree(dd_data); +-no_dd_data: +- /* make error code available to userspace */ +- bsg_reply->result = rc; +- job->dd_data = NULL; +- return rc; +-} +- + static int + lpfc_forced_link_speed(struct bsg_job *job) + { +@@ -5823,10 +5528,6 @@ lpfc_bsg_hst_vendor(struct bsg_job *job) + case LPFC_BSG_VENDOR_MBOX: + rc = lpfc_bsg_mbox_cmd(job); + break; +- case LPFC_BSG_VENDOR_MENLO_CMD: +- case LPFC_BSG_VENDOR_MENLO_DATA: +- rc = lpfc_menlo_cmd(job); +- break; + case LPFC_BSG_VENDOR_FORCED_LINK_SPEED: + rc = lpfc_forced_link_speed(job); + break; +@@ -5979,31 +5680,6 @@ lpfc_bsg_timeout(struct bsg_job *job) + phba->mbox_ext_buf_ctx.state = LPFC_BSG_MBOX_ABTS; + spin_unlock_irqrestore(&phba->ct_ev_lock, flags); + break; +- case TYPE_MENLO: +- /* Check to see if IOCB was issued to the port or not. If not, +- * remove it from the txq queue and call cancel iocbs. +- * Otherwise, call abort iotag. +- */ +- cmdiocb = dd_data->context_un.menlo.cmdiocbq; +- spin_unlock_irqrestore(&phba->ct_ev_lock, flags); +- +- spin_lock_irqsave(&phba->hbalock, flags); +- list_for_each_entry_safe(check_iocb, next_iocb, &pring->txq, +- list) { +- if (check_iocb == cmdiocb) { +- list_move_tail(&check_iocb->list, &completions); +- break; +- } +- } +- if (list_empty(&completions)) +- lpfc_sli_issue_abort_iotag(phba, pring, cmdiocb, NULL); +- spin_unlock_irqrestore(&phba->hbalock, flags); +- if (!list_empty(&completions)) { +- lpfc_sli_cancel_iocbs(phba, &completions, +- IOSTAT_LOCAL_REJECT, +- IOERR_SLI_ABORTED); +- } +- break; + default: + spin_unlock_irqrestore(&phba->ct_ev_lock, flags); + break; +--- a/drivers/scsi/lpfc/lpfc_bsg.h ++++ b/drivers/scsi/lpfc/lpfc_bsg.h +@@ -33,8 +33,6 @@ + #define LPFC_BSG_VENDOR_DIAG_RUN_LOOPBACK 5 + #define LPFC_BSG_VENDOR_GET_MGMT_REV 6 + #define LPFC_BSG_VENDOR_MBOX 7 +-#define LPFC_BSG_VENDOR_MENLO_CMD 8 +-#define LPFC_BSG_VENDOR_MENLO_DATA 9 + #define LPFC_BSG_VENDOR_DIAG_MODE_END 10 + #define LPFC_BSG_VENDOR_LINK_DIAG_TEST 11 + #define LPFC_BSG_VENDOR_FORCED_LINK_SPEED 14 +@@ -131,16 +129,6 @@ struct dfc_mbox_req { + uint32_t extSeqNum; + }; + +-/* Used for menlo command or menlo data. The xri is only used for menlo data */ +-struct menlo_command { +- uint32_t cmd; +- uint32_t xri; +-}; +- +-struct menlo_response { +- uint32_t xri; /* return the xri of the iocb exchange */ +-}; +- + /* + * macros and data structures for handling sli-config mailbox command + * pass-through support, this header file is shared between user and +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -4570,15 +4570,6 @@ lpfc_els_retry(struct lpfc_hba *phba, st + case IOSTAT_LOCAL_REJECT: + switch ((ulp_word4 & IOERR_PARAM_MASK)) { + case IOERR_LOOP_OPEN_FAILURE: +- if (cmd == ELS_CMD_FLOGI) { +- if (PCI_DEVICE_ID_HORNET == +- phba->pcidev->device) { +- phba->fc_topology = LPFC_TOPOLOGY_LOOP; +- phba->pport->fc_myDID = 0; +- phba->alpa_map[0] = 0; +- phba->alpa_map[1] = 0; +- } +- } + if (cmd == ELS_CMD_PLOGI && cmdiocb->retry == 0) + delay = 1000; + retry = 1; +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -47,9 +47,6 @@ struct lpfc_sli2_slim; + the NameServer before giving up. */ + #define LPFC_CMD_PER_LUN 3 /* max outstanding cmds per lun */ + #define LPFC_DEFAULT_SG_SEG_CNT 64 /* sg element count per scsi cmnd */ +-#define LPFC_DEFAULT_MENLO_SG_SEG_CNT 128 /* sg element count per scsi +- cmnd for menlo needs nearly twice as for firmware +- downloads using bsg */ + + #define LPFC_DEFAULT_XPSGL_SIZE 256 + #define LPFC_MAX_SG_TABLESIZE 0xffff +@@ -1440,8 +1437,6 @@ struct lpfc_hba { + */ + #define QUE_BUFTAG_BIT (1<<31) + uint32_t buffer_tag_count; +- int wait_4_mlo_maint_flg; +- wait_queue_head_t wait_4_mlo_m_q; + /* data structure used for latency data collection */ + #define LPFC_NO_BUCKET 0 + #define LPFC_LINEAR_BUCKET 1 +@@ -1476,8 +1471,6 @@ struct lpfc_hba { + /* RAS Support */ + struct lpfc_ras_fwlog ras_fwlog; + +- uint8_t menlo_flag; /* menlo generic flags */ +-#define HBA_MENLO_SUPPORT 0x1 /* HBA supports menlo commands */ + uint32_t iocb_cnt; + uint32_t iocb_max; + atomic_t sdev_cnt; +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -3762,18 +3762,8 @@ lpfc_mbx_cmpl_read_topology(struct lpfc_ + } + + phba->fc_eventTag = la->eventTag; +- if (phba->sli_rev < LPFC_SLI_REV4) { +- spin_lock_irqsave(&phba->hbalock, iflags); +- if (bf_get(lpfc_mbx_read_top_mm, la)) +- phba->sli.sli_flag |= LPFC_MENLO_MAINT; +- else +- phba->sli.sli_flag &= ~LPFC_MENLO_MAINT; +- spin_unlock_irqrestore(&phba->hbalock, iflags); +- } +- + phba->link_events++; +- if ((attn_type == LPFC_ATT_LINK_UP) && +- !(phba->sli.sli_flag & LPFC_MENLO_MAINT)) { ++ if (attn_type == LPFC_ATT_LINK_UP) { + phba->fc_stat.LinkUp++; + if (phba->link_flag & LS_LOOPBACK_MODE) { + lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, +@@ -3787,15 +3777,13 @@ lpfc_mbx_cmpl_read_topology(struct lpfc_ + } else { + lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, + "1303 Link Up Event x%x received " +- "Data: x%x x%x x%x x%x x%x x%x %d\n", ++ "Data: x%x x%x x%x x%x x%x\n", + la->eventTag, phba->fc_eventTag, + bf_get(lpfc_mbx_read_top_alpa_granted, + la), + bf_get(lpfc_mbx_read_top_link_spd, la), + phba->alpa_map[0], +- bf_get(lpfc_mbx_read_top_mm, la), +- bf_get(lpfc_mbx_read_top_fa, la), +- phba->wait_4_mlo_maint_flg); ++ bf_get(lpfc_mbx_read_top_fa, la)); + } + lpfc_mbx_process_link_up(phba, la); + +@@ -3815,58 +3803,25 @@ lpfc_mbx_cmpl_read_topology(struct lpfc_ + else if (attn_type == LPFC_ATT_UNEXP_WWPN) + lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, + "1313 Link Down Unexpected FA WWPN Event x%x " +- "received Data: x%x x%x x%x x%x x%x\n", ++ "received Data: x%x x%x x%x x%x\n", + la->eventTag, phba->fc_eventTag, + phba->pport->port_state, vport->fc_flag, +- bf_get(lpfc_mbx_read_top_mm, la), + bf_get(lpfc_mbx_read_top_fa, la)); + else + lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, + "1305 Link Down Event x%x received " +- "Data: x%x x%x x%x x%x x%x\n", ++ "Data: x%x x%x x%x x%x\n", + la->eventTag, phba->fc_eventTag, + phba->pport->port_state, vport->fc_flag, +- bf_get(lpfc_mbx_read_top_mm, la), + bf_get(lpfc_mbx_read_top_fa, la)); + lpfc_mbx_issue_link_down(phba); + } +- if (phba->sli.sli_flag & LPFC_MENLO_MAINT && +- attn_type == LPFC_ATT_LINK_UP) { +- if (phba->link_state != LPFC_LINK_DOWN) { +- phba->fc_stat.LinkDown++; +- lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, +- "1312 Link Down Event x%x received " +- "Data: x%x x%x x%x\n", +- la->eventTag, phba->fc_eventTag, +- phba->pport->port_state, vport->fc_flag); +- lpfc_mbx_issue_link_down(phba); +- } else +- lpfc_enable_la(phba); +- +- lpfc_printf_log(phba, KERN_ERR, LOG_LINK_EVENT, +- "1310 Menlo Maint Mode Link up Event x%x rcvd " +- "Data: x%x x%x x%x\n", +- la->eventTag, phba->fc_eventTag, +- phba->pport->port_state, vport->fc_flag); +- /* +- * The cmnd that triggered this will be waiting for this +- * signal. +- */ +- /* WAKEUP for MENLO_SET_MODE or MENLO_RESET command. */ +- if (phba->wait_4_mlo_maint_flg) { +- phba->wait_4_mlo_maint_flg = 0; +- wake_up_interruptible(&phba->wait_4_mlo_m_q); +- } +- } + + if ((phba->sli_rev < LPFC_SLI_REV4) && +- bf_get(lpfc_mbx_read_top_fa, la)) { +- if (phba->sli.sli_flag & LPFC_MENLO_MAINT) +- lpfc_issue_clear_la(phba, vport); ++ bf_get(lpfc_mbx_read_top_fa, la)) + lpfc_printf_log(phba, KERN_INFO, LOG_LINK_EVENT, + "1311 fa %d\n", + bf_get(lpfc_mbx_read_top_fa, la)); +- } + + lpfc_mbx_cmpl_read_topology_free_mbuf: + lpfc_mbox_rsrc_cleanup(phba, pmb, MBOX_THD_UNLOCKED); +--- a/drivers/scsi/lpfc/lpfc_hw.h ++++ b/drivers/scsi/lpfc/lpfc_hw.h +@@ -1728,7 +1728,6 @@ struct lpfc_fdmi_reg_portattr { + #define PCI_DEVICE_ID_HELIOS_SCSP 0xfd11 + #define PCI_DEVICE_ID_HELIOS_DCSP 0xfd12 + #define PCI_DEVICE_ID_ZEPHYR 0xfe00 +-#define PCI_DEVICE_ID_HORNET 0xfe05 + #define PCI_DEVICE_ID_ZEPHYR_SCSP 0xfe11 + #define PCI_DEVICE_ID_ZEPHYR_DCSP 0xfe12 + #define PCI_VENDOR_ID_SERVERENGINE 0x19a2 +@@ -1773,7 +1772,6 @@ struct lpfc_fdmi_reg_portattr { + #define ZEPHYR_JEDEC_ID 0x0577 + #define VIPER_JEDEC_ID 0x4838 + #define SATURN_JEDEC_ID 0x1004 +-#define HORNET_JDEC_ID 0x2057706D + + #define JEDEC_ID_MASK 0x0FFFF000 + #define JEDEC_ID_SHIFT 12 +@@ -3074,7 +3072,6 @@ struct lpfc_mbx_read_top { + #define lpfc_mbx_read_top_topology_WORD word3 + #define LPFC_TOPOLOGY_PT_PT 0x01 /* Topology is pt-pt / pt-fabric */ + #define LPFC_TOPOLOGY_LOOP 0x02 /* Topology is FC-AL */ +-#define LPFC_TOPOLOGY_MM 0x05 /* maint mode zephtr to menlo */ + /* store the LILP AL_PA position map into */ + struct ulp_bde64 lilpBde64; + #define LPFC_ALPA_MAP_SIZE 128 +@@ -4416,11 +4413,4 @@ lpfc_error_lost_link(u32 ulp_status, u32 + ulp_word4 == IOERR_SLI_DOWN)); + } + +-#define MENLO_TRANSPORT_TYPE 0xfe +-#define MENLO_CONTEXT 0 +-#define MENLO_PU 3 +-#define MENLO_TIMEOUT 30 +-#define SETVAR_MLOMNT 0x103107 +-#define SETVAR_MLORST 0x103007 +- + #define BPL_ALIGN_SZ 8 /* 8 byte alignment for bpl and mbufs */ +--- a/drivers/scsi/lpfc/lpfc_ids.h ++++ b/drivers/scsi/lpfc/lpfc_ids.h +@@ -60,8 +60,6 @@ const struct pci_device_id lpfc_id_table + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR, + PCI_ANY_ID, PCI_ANY_ID, }, +- {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_HORNET, +- PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_SCSP, + PCI_ANY_ID, PCI_ANY_ID, }, + {PCI_VENDOR_ID_EMULEX, PCI_DEVICE_ID_ZEPHYR_DCSP, +--- a/drivers/scsi/lpfc/lpfc_init.c ++++ b/drivers/scsi/lpfc/lpfc_init.c +@@ -2684,11 +2684,6 @@ lpfc_get_hba_model_desc(struct lpfc_hba + case PCI_DEVICE_ID_SAT_S: + m = (typeof(m)){"LPe12000-S", "PCIe", "Fibre Channel Adapter"}; + break; +- case PCI_DEVICE_ID_HORNET: +- m = (typeof(m)){"LP21000", "PCIe", +- "Obsolete, Unsupported FCoE Adapter"}; +- GE = 1; +- break; + case PCI_DEVICE_ID_PROTEUS_VF: + m = (typeof(m)){"LPev12000", "PCIe IOV", + "Obsolete, Unsupported Fibre Channel Adapter"}; +@@ -7694,7 +7689,6 @@ lpfc_setup_driver_resource_phase1(struct + INIT_LIST_HEAD(&phba->port_list); + + INIT_LIST_HEAD(&phba->work_list); +- init_waitqueue_head(&phba->wait_4_mlo_m_q); + + /* Initialize the wait queue head for the kernel thread */ + init_waitqueue_head(&phba->work_waitq); +@@ -7778,13 +7772,6 @@ lpfc_sli_driver_resource_setup(struct lp + if (rc) + return -ENODEV; + +- if (phba->pcidev->device == PCI_DEVICE_ID_HORNET) { +- phba->menlo_flag |= HBA_MENLO_SUPPORT; +- /* check for menlo minimum sg count */ +- if (phba->cfg_sg_seg_cnt < LPFC_DEFAULT_MENLO_SG_SEG_CNT) +- phba->cfg_sg_seg_cnt = LPFC_DEFAULT_MENLO_SG_SEG_CNT; +- } +- + if (!phba->sli.sli3_ring) + phba->sli.sli3_ring = kcalloc(LPFC_SLI3_MAX_RING, + sizeof(struct lpfc_sli_ring), +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -10214,16 +10214,6 @@ static int + * can be issued if the link is not up. + */ + switch (piocb->iocb.ulpCommand) { +- case CMD_GEN_REQUEST64_CR: +- case CMD_GEN_REQUEST64_CX: +- if (!(phba->sli.sli_flag & LPFC_MENLO_MAINT) || +- (piocb->iocb.un.genreq64.w5.hcsw.Rctl != +- FC_RCTL_DD_UNSOL_CMD) || +- (piocb->iocb.un.genreq64.w5.hcsw.Type != +- MENLO_TRANSPORT_TYPE)) +- +- goto iocb_busy; +- break; + case CMD_QUE_RING_BUF_CN: + case CMD_QUE_RING_BUF64_CN: + /* +--- a/drivers/scsi/lpfc/lpfc_sli.h ++++ b/drivers/scsi/lpfc/lpfc_sli.h +@@ -355,7 +355,6 @@ struct lpfc_sli { + #define LPFC_SLI_ACTIVE 0x200 /* SLI in firmware is active */ + #define LPFC_PROCESS_LA 0x400 /* Able to process link attention */ + #define LPFC_BLOCK_MGMT_IO 0x800 /* Don't allow mgmt mbx or iocb cmds */ +-#define LPFC_MENLO_MAINT 0x1000 /* need for menl fw download */ + #define LPFC_SLI_ASYNC_MBX_BLK 0x2000 /* Async mailbox is blocked */ + #define LPFC_SLI_SUPPRESS_RSP 0x4000 /* Suppress RSP feature is supported */ + #define LPFC_SLI_USE_EQDR 0x8000 /* EQ Delay Register is supported */ diff --git a/patches.suse/scsi-lpfc-Remove-extra-atomic_inc-on-cmd_pending-in-.patch b/patches.suse/scsi-lpfc-Remove-extra-atomic_inc-on-cmd_pending-in-.patch new file mode 100644 index 0000000..8f8a647 --- /dev/null +++ b/patches.suse/scsi-lpfc-Remove-extra-atomic_inc-on-cmd_pending-in-.patch @@ -0,0 +1,33 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:17 -0700 +Subject: scsi: lpfc: Remove extra atomic_inc on cmd_pending in queuecommand + after VMID +Patch-mainline: v5.20-rc1 +Git-commit: 0948a9c5386095baae4012190a6b65aba684a907 +References: bsc#1201956 + +VMID introduced an extra increment of cmd_pending, causing double-counting +of the I/O. The normal increment ios performed in lpfc_get_scsi_buf. + +Link: https://lore.kernel.org/r/20220701211425.2708-5-jsmart2021@gmail.com +Fixes: 33c79741deaf ("scsi: lpfc: vmid: Introduce VMID in I/O path") +Cc: # v5.14+ +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_scsi.c | 1 - + 1 file changed, 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_scsi.c ++++ b/drivers/scsi/lpfc/lpfc_scsi.c +@@ -5468,7 +5468,6 @@ lpfc_queuecommand(struct Scsi_Host *shos + cur_iocbq->cmd_flag |= LPFC_IO_VMID; + } + } +- atomic_inc(&ndlp->cmd_pending); + + #ifdef CONFIG_SCSI_LPFC_DEBUG_FS + if (unlikely(phba->hdwqstat_on & LPFC_CHECK_SCSI_IO)) diff --git a/patches.suse/scsi-lpfc-Revert-RSCN_MEMENTO-workaround-for-misbeha.patch b/patches.suse/scsi-lpfc-Revert-RSCN_MEMENTO-workaround-for-misbeha.patch new file mode 100644 index 0000000..2c41ff0 --- /dev/null +++ b/patches.suse/scsi-lpfc-Revert-RSCN_MEMENTO-workaround-for-misbeha.patch @@ -0,0 +1,100 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:21 -0700 +Subject: scsi: lpfc: Revert RSCN_MEMENTO workaround for misbehaved + configuration +Patch-mainline: v5.20-rc1 +Git-commit: ffc566411aded3c12c63e1310fb23830e9608c59 +References: bsc#1201956 + +The RSCN_MEMENTO logic was to workaround a target that does not register +both FCP and NVMe FC4 types at the same time. This caused the +configuration to not produce a second RSCN for the NVMe FC4 type +registration in a timely manner. The intention of the RSCN_MEMENTO flag +was to always signal to try NVMe PRLI. + +However, there are other FCP-only target arrays in correctly behaved +configurations that reject the NVMe PRLI followed by a LOGO leading to +never rediscovering the target after an issue_lip (as LOGO causes a repeat +of PLOGI/PRLIs). + +Revert the RSCN_MEMENTO patch as it is causing correctly behaved configs to +fail while it exists only to succeed on a misbehaved config. + +Link: https://lore.kernel.org/r/20220701211425.2708-9-jsmart2021@gmail.com +Fixes: 1045592fc968 ("scsi: lpfc: Introduce FC_RSCN_MEMENTO flag for tracking post RSCN completion") +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc.h | 1 - + drivers/scsi/lpfc/lpfc_els.c | 8 ++------ + drivers/scsi/lpfc/lpfc_hbadisc.c | 3 +-- + 3 files changed, 3 insertions(+), 9 deletions(-) + +--- a/drivers/scsi/lpfc/lpfc.h ++++ b/drivers/scsi/lpfc/lpfc.h +@@ -605,7 +605,6 @@ struct lpfc_vport { + #define FC_VFI_REGISTERED 0x800000 /* VFI is registered */ + #define FC_FDISC_COMPLETED 0x1000000/* FDISC completed */ + #define FC_DISC_DELAYED 0x2000000/* Delay NPort discovery */ +-#define FC_RSCN_MEMENTO 0x4000000/* RSCN cmd processed */ + + uint32_t ct_flags; + #define FC_CT_RFF_ID 0x1 /* RFF_ID accepted by switch */ +--- a/drivers/scsi/lpfc/lpfc_els.c ++++ b/drivers/scsi/lpfc/lpfc_els.c +@@ -1887,7 +1887,6 @@ lpfc_end_rscn(struct lpfc_vport *vport) + else { + spin_lock_irq(shost->host_lock); + vport->fc_flag &= ~FC_RSCN_MODE; +- vport->fc_flag |= FC_RSCN_MEMENTO; + spin_unlock_irq(shost->host_lock); + } + } +@@ -2435,14 +2434,13 @@ lpfc_issue_els_prli(struct lpfc_vport *v + u32 local_nlp_type, elscmd; + + /* +- * If discovery was kicked off from RSCN mode, +- * the FC4 types supported from a ++ * If we are in RSCN mode, the FC4 types supported from a + * previous GFT_ID command may not be accurate. So, if we + * are a NVME Initiator, always look for the possibility of + * the remote NPort beng a NVME Target. + */ + if (phba->sli_rev == LPFC_SLI_REV4 && +- vport->fc_flag & (FC_RSCN_MODE | FC_RSCN_MEMENTO) && ++ vport->fc_flag & FC_RSCN_MODE && + vport->nvmei_support) + ndlp->nlp_fc4_type |= NLP_FC4_NVME; + local_nlp_type = ndlp->nlp_fc4_type; +@@ -7916,7 +7914,6 @@ lpfc_els_rcv_rscn(struct lpfc_vport *vpo + if ((rscn_cnt < FC_MAX_HOLD_RSCN) && + !(vport->fc_flag & FC_RSCN_DISCOVERY)) { + vport->fc_flag |= FC_RSCN_MODE; +- vport->fc_flag &= ~FC_RSCN_MEMENTO; + spin_unlock_irq(shost->host_lock); + if (rscn_cnt) { + cmd = vport->fc_rscn_id_list[rscn_cnt-1]->virt; +@@ -7966,7 +7963,6 @@ lpfc_els_rcv_rscn(struct lpfc_vport *vpo + + spin_lock_irq(shost->host_lock); + vport->fc_flag |= FC_RSCN_MODE; +- vport->fc_flag &= ~FC_RSCN_MEMENTO; + spin_unlock_irq(shost->host_lock); + vport->fc_rscn_id_list[vport->fc_rscn_id_cnt++] = pcmd; + /* Indicate we are done walking fc_rscn_id_list on this vport */ +--- a/drivers/scsi/lpfc/lpfc_hbadisc.c ++++ b/drivers/scsi/lpfc/lpfc_hbadisc.c +@@ -1354,8 +1354,7 @@ lpfc_linkup_port(struct lpfc_vport *vpor + + spin_lock_irq(shost->host_lock); + vport->fc_flag &= ~(FC_PT2PT | FC_PT2PT_PLOGI | FC_ABORT_DISCOVERY | +- FC_RSCN_MEMENTO | FC_RSCN_MODE | +- FC_NLP_MORE | FC_RSCN_DISCOVERY); ++ FC_RSCN_MODE | FC_NLP_MORE | FC_RSCN_DISCOVERY); + vport->fc_flag |= FC_NDISC_ACTIVE; + vport->fc_ns_retry = 0; + spin_unlock_irq(shost->host_lock); diff --git a/patches.suse/scsi-lpfc-Set-PU-field-when-providing-D_ID-in-XMIT_E.patch b/patches.suse/scsi-lpfc-Set-PU-field-when-providing-D_ID-in-XMIT_E.patch new file mode 100644 index 0000000..5899dec --- /dev/null +++ b/patches.suse/scsi-lpfc-Set-PU-field-when-providing-D_ID-in-XMIT_E.patch @@ -0,0 +1,31 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:16 -0700 +Subject: scsi: lpfc: Set PU field when providing D_ID in XMIT_ELS_RSP64_CX + iocb +Patch-mainline: v5.20-rc1 +Git-commit: 35251b4d79db4ca2efeb63d6bc8fc463aa867156 +References: bsc#1201956 + +When providing a D_ID in XMIT_ELS_RSP64_CX iocb the PU field should +be set to 3 to describe the parameter being passed to firmware. + +Link: https://lore.kernel.org/r/20220701211425.2708-4-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_sli.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/drivers/scsi/lpfc/lpfc_sli.c ++++ b/drivers/scsi/lpfc/lpfc_sli.c +@@ -10540,6 +10540,7 @@ static void + cmd->un.elsreq64.bdl.bdeSize = sizeof(struct ulp_bde64); + cmd->un.genreq64.xmit_els_remoteID = did; /* DID */ + cmd->ulpCommand = CMD_XMIT_ELS_RSP64_CX; ++ cmd->ulpPU = PARM_NPIV_DID; + } + cmd->ulpBdeCount = 1; + cmd->ulpLe = 1; diff --git a/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.5.patch b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.5.patch new file mode 100644 index 0000000..2071feb --- /dev/null +++ b/patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.5.patch @@ -0,0 +1,30 @@ +From: James Smart +Date: Fri, 1 Jul 2022 14:14:24 -0700 +Subject: scsi: lpfc: Update lpfc version to 14.2.0.5 +Patch-mainline: v5.20-rc1 +Git-commit: 71faf8d30fdb7c0ea88caa785e97ed697f048f14 +References: bsc#1201956 + +Update lpfc version to 14.2.0.5 + +Link: https://lore.kernel.org/r/20220701211425.2708-12-jsmart2021@gmail.com +Co-developed-by: Justin Tee +Signed-off-by: Justin Tee +Signed-off-by: James Smart +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/lpfc/lpfc_version.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/scsi/lpfc/lpfc_version.h ++++ b/drivers/scsi/lpfc/lpfc_version.h +@@ -20,7 +20,7 @@ + * included with this package. * + *******************************************************************/ + +-#define LPFC_DRIVER_VERSION "14.2.0.4" ++#define LPFC_DRIVER_VERSION "14.2.0.5" + #define LPFC_DRIVER_NAME "lpfc" + + /* Used for SLI 2/3 */ diff --git a/patches.suse/scsi-qla2xxx-Check-correct-variable-in-qla24xx_async.patch b/patches.suse/scsi-qla2xxx-Check-correct-variable-in-qla24xx_async.patch new file mode 100644 index 0000000..53ad084 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Check-correct-variable-in-qla24xx_async.patch @@ -0,0 +1,33 @@ +From: Dan Carpenter +Date: Wed, 22 Jun 2022 09:21:55 +0300 +Subject: scsi: qla2xxx: Check correct variable in qla24xx_async_gffid() +Patch-mainline: v5.20-rc1 +Git-commit: 7c33e477bd883f79cccec418980cb8f7f2d50347 +References: bsc#1201958 + +There is a copy and paste bug here. It should check ".rsp" instead of +".req". The error message is copy and pasted as well so update that too. + +Link: https://lore.kernel.org/r/YrK1A/t3L6HKnswO@kili +Fixes: 9c40c36e75ff ("scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing") +Signed-off-by: Dan Carpenter +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_gs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -3390,9 +3390,9 @@ int qla24xx_async_gffid(scsi_qla_host_t + sp->u.iocb_cmd.u.ctarg.rsp_allocated_size, + &sp->u.iocb_cmd.u.ctarg.rsp_dma, + GFP_KERNEL); +- if (!sp->u.iocb_cmd.u.ctarg.req) { ++ if (!sp->u.iocb_cmd.u.ctarg.rsp) { + ql_log(ql_log_warn, vha, 0xd041, +- "%s: Failed to allocate ct_sns request.\n", ++ "%s: Failed to allocate ct_sns response.\n", + __func__); + goto done_free_sp; + } diff --git a/patches.suse/scsi-qla2xxx-Fix-discovery-issues-in-FC-AL-topology.patch b/patches.suse/scsi-qla2xxx-Fix-discovery-issues-in-FC-AL-topology.patch new file mode 100644 index 0000000..ba33430 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-discovery-issues-in-FC-AL-topology.patch @@ -0,0 +1,105 @@ +From: Arun Easi +Date: Tue, 12 Jul 2022 22:20:42 -0700 +Subject: scsi: qla2xxx: Fix discovery issues in FC-AL topology +Patch-mainline: v5.20-rc1 +Git-commit: 47ccb113cead905bdc236571bf8ac6fed90321b3 +References: bsc#1201958 + +A direct attach tape device, when gets swapped with another, was not +discovered. Fix this by looking at loop map and reinitialize link if there +are devices present. + +Link: https://lore.kernel.org/linux-scsi/baef87c3-5dad-3b47-44c1-6914bfc90108@cybernetics.com/ +Link: https://lore.kernel.org/r/20220713052045.10683-8-njavali@marvell.com +Cc: stable@vger.kernel.org +Reported-by: Tony Battersby +Tested-by: Tony Battersby +Reviewed-by: Himanshu Madhani +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_gbl.h | 3 ++- + drivers/scsi/qla2xxx/qla_init.c | 29 +++++++++++++++++++++++++++++ + drivers/scsi/qla2xxx/qla_mbx.c | 5 ++++- + 3 files changed, 35 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -437,7 +437,8 @@ extern int + qla2x00_get_resource_cnts(scsi_qla_host_t *); + + extern int +-qla2x00_get_fcal_position_map(scsi_qla_host_t *ha, char *pos_map); ++qla2x00_get_fcal_position_map(scsi_qla_host_t *ha, char *pos_map, ++ u8 *num_entries); + + extern int + qla2x00_get_link_status(scsi_qla_host_t *, uint16_t, struct link_statistics *, +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -5517,6 +5517,22 @@ static int qla2x00_configure_n2n_loop(sc + return QLA_FUNCTION_FAILED; + } + ++static void ++qla_reinitialize_link(scsi_qla_host_t *vha) ++{ ++ int rval; ++ ++ atomic_set(&vha->loop_state, LOOP_DOWN); ++ atomic_set(&vha->loop_down_timer, LOOP_DOWN_TIME); ++ rval = qla2x00_full_login_lip(vha); ++ if (rval == QLA_SUCCESS) { ++ ql_dbg(ql_dbg_disc, vha, 0xd050, "Link reinitialized\n"); ++ } else { ++ ql_dbg(ql_dbg_disc, vha, 0xd051, ++ "Link reinitialization failed (%d)\n", rval); ++ } ++} ++ + /* + * qla2x00_configure_local_loop + * Updates Fibre Channel Device Database with local loop devices. +@@ -5568,6 +5584,19 @@ qla2x00_configure_local_loop(scsi_qla_ho + spin_unlock_irqrestore(&vha->work_lock, flags); + + if (vha->scan.scan_retry < MAX_SCAN_RETRIES) { ++ u8 loop_map_entries = 0; ++ int rc; ++ ++ rc = qla2x00_get_fcal_position_map(vha, NULL, ++ &loop_map_entries); ++ if (rc == QLA_SUCCESS && loop_map_entries > 1) { ++ /* ++ * There are devices that are still not logged ++ * in. Reinitialize to give them a chance. ++ */ ++ qla_reinitialize_link(vha); ++ return QLA_FUNCTION_FAILED; ++ } + set_bit(LOCAL_LOOP_UPDATE, &vha->dpc_flags); + set_bit(LOOP_RESYNC_NEEDED, &vha->dpc_flags); + } +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -3069,7 +3069,8 @@ qla2x00_get_resource_cnts(scsi_qla_host_ + * Kernel context. + */ + int +-qla2x00_get_fcal_position_map(scsi_qla_host_t *vha, char *pos_map) ++qla2x00_get_fcal_position_map(scsi_qla_host_t *vha, char *pos_map, ++ u8 *num_entries) + { + int rval; + mbx_cmd_t mc; +@@ -3109,6 +3110,8 @@ qla2x00_get_fcal_position_map(scsi_qla_h + + if (pos_map) + memcpy(pos_map, pmap, FCAL_MAP_SIZE); ++ if (num_entries) ++ *num_entries = pmap[0]; + } + dma_pool_free(ha->s_dma_pool, pmap, pmap_dma); + diff --git a/patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch b/patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch deleted file mode 100644 index 8b5e0db..0000000 --- a/patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch +++ /dev/null @@ -1,72 +0,0 @@ -From: Quinn Tran -Date: Thu, 10 Mar 2022 01:25:53 -0800 -Subject: scsi: qla2xxx: Fix disk failure to rediscover -Patch-mainline: v5.18-rc1 -Git-commit: 6a45c8e137d4e2c72eecf1ac7cf64f2fdfcead99 -References: bsc#1197661 - -User experienced some of the LUN failed to get rediscovered after long -cable pull test. The issue is triggered by a race condition between driver -setting session online state vs starting the LUN scan process at the same -time. Current code set the online state after notifying the session is -available. In this case, trigger to start the LUN scan process happened -before driver could set the session in online state. LUN scan ends up with -failure due to the session online check was failing. - -Set the online state before reporting of the availability of the session. - -Link: https://lore.kernel.org/r/20220310092604.22950-3-njavali@marvell.com -Fixes: aecf043443d3 ("scsi: qla2xxx: Fix Remote port registration") -Cc: stable@vger.kernel.org -Reviewed-by: Himanshu Madhani -Signed-off-by: Quinn Tran -Signed-off-by: Nilesh Javali -Signed-off-by: Martin K. Petersen -Acked-by: Daniel Wagner ---- - drivers/scsi/qla2xxx/qla_init.c | 5 +++-- - drivers/scsi/qla2xxx/qla_nvme.c | 5 +++++ - 2 files changed, 8 insertions(+), 2 deletions(-) - ---- a/drivers/scsi/qla2xxx/qla_init.c -+++ b/drivers/scsi/qla2xxx/qla_init.c -@@ -5759,6 +5759,8 @@ qla2x00_reg_remote_port(scsi_qla_host_t - if (atomic_read(&fcport->state) == FCS_ONLINE) - return; - -+ qla2x00_set_fcport_state(fcport, FCS_ONLINE); -+ - rport_ids.node_name = wwn_to_u64(fcport->node_name); - rport_ids.port_name = wwn_to_u64(fcport->port_name); - rport_ids.port_id = fcport->d_id.b.domain << 16 | -@@ -5859,6 +5861,7 @@ qla2x00_update_fcport(scsi_qla_host_t *v - qla2x00_reg_remote_port(vha, fcport); - break; - case MODE_TARGET: -+ qla2x00_set_fcport_state(fcport, FCS_ONLINE); - if (!vha->vha_tgt.qla_tgt->tgt_stop && - !vha->vha_tgt.qla_tgt->tgt_stopped) - qlt_fc_port_added(vha, fcport); -@@ -5876,8 +5879,6 @@ qla2x00_update_fcport(scsi_qla_host_t *v - if (NVME_TARGET(vha->hw, fcport)) - qla_nvme_register_remote(vha, fcport); - -- qla2x00_set_fcport_state(fcport, FCS_ONLINE); -- - if (IS_IIDMA_CAPABLE(vha->hw) && vha->hw->flags.gpsc_supported) { - if (fcport->id_changed) { - fcport->id_changed = 0; ---- a/drivers/scsi/qla2xxx/qla_nvme.c -+++ b/drivers/scsi/qla2xxx/qla_nvme.c -@@ -36,6 +36,11 @@ int qla_nvme_register_remote(struct scsi - (fcport->nvme_flag & NVME_FLAG_REGISTERED)) - return 0; - -+ if (atomic_read(&fcport->state) == FCS_ONLINE) -+ return 0; -+ -+ qla2x00_set_fcport_state(fcport, FCS_ONLINE); -+ - fcport->nvme_flag &= ~NVME_FLAG_RESETTING; - - memset(&req, 0, sizeof(struct nvme_fc_port_info)); diff --git a/patches.suse/scsi-qla2xxx-Fix-imbalance-vha-vref_count.patch b/patches.suse/scsi-qla2xxx-Fix-imbalance-vha-vref_count.patch new file mode 100644 index 0000000..dae5195 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-imbalance-vha-vref_count.patch @@ -0,0 +1,54 @@ +From: Quinn Tran +Date: Tue, 12 Jul 2022 22:20:41 -0700 +Subject: scsi: qla2xxx: Fix imbalance vha->vref_count +Patch-mainline: v5.20-rc1 +Git-commit: 63fa7f2644b4b48e1913af33092c044bf48e9321 +References: bsc#1201958 + +vref_count took an extra decrement in the task management path. Add an +extra ref count to compensate the imbalance. + +Link: https://lore.kernel.org/r/20220713052045.10683-7-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_init.c | 4 ++++ + 1 file changed, 4 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -169,6 +169,7 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + struct srb_iocb *abt_iocb; + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; ++ uint8_t bail; + + /* ref: INIT for ABTS command */ + sp = qla2xxx_get_qpair_sp(cmd_sp->vha, cmd_sp->qpair, cmd_sp->fcport, +@@ -176,6 +177,7 @@ int qla24xx_async_abort_cmd(srb_t *cmd_s + if (!sp) + return QLA_MEMORY_ALLOC_FAILED; + ++ QLA_VHA_MARK_BUSY(vha, bail); + abt_iocb = &sp->u.iocb_cmd; + sp->type = SRB_ABT_CMD; + sp->name = "abort"; +@@ -2019,12 +2021,14 @@ qla2x00_async_tm_cmd(fc_port_t *fcport, + struct srb_iocb *tm_iocb; + srb_t *sp; + int rval = QLA_FUNCTION_FAILED; ++ uint8_t bail; + + /* ref: INIT */ + sp = qla2x00_get_sp(vha, fcport, GFP_KERNEL); + if (!sp) + goto done; + ++ QLA_VHA_MARK_BUSY(vha, bail); + sp->type = SRB_TM_CMD; + sp->name = "tmf"; + qla2x00_init_async_sp(sp, qla2x00_get_async_timeout(vha), diff --git a/patches.suse/scsi-qla2xxx-Fix-incorrect-display-of-max-frame-size.patch b/patches.suse/scsi-qla2xxx-Fix-incorrect-display-of-max-frame-size.patch new file mode 100644 index 0000000..8c0c54c --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-incorrect-display-of-max-frame-size.patch @@ -0,0 +1,97 @@ +From: Bikash Hazarika +Date: Tue, 12 Jul 2022 22:20:37 -0700 +Subject: scsi: qla2xxx: Fix incorrect display of max frame size +Patch-mainline: v5.20-rc1 +Git-commit: cf3b4fb655796674e605268bd4bfb47a47c8bce6 +References: bsc#1201958 + +Replace display field with the correct field. + +Link: https://lore.kernel.org/r/20220713052045.10683-3-njavali@marvell.com +Fixes: 8777e4314d39 ("scsi: qla2xxx: Migrate NVME N2N handling into state machine") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Bikash Hazarika +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 1 + + drivers/scsi/qla2xxx/qla_gs.c | 9 +++------ + drivers/scsi/qla2xxx/qla_init.c | 2 ++ + drivers/scsi/qla2xxx/qla_isr.c | 4 +--- + 4 files changed, 7 insertions(+), 9 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -3989,6 +3989,7 @@ struct qla_hw_data { + /* SRB cache. */ + #define SRB_MIN_REQ 128 + mempool_t *srb_mempool; ++ u8 port_name[WWN_SIZE]; + + volatile struct { + uint32_t mbox_int :1; +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -1597,7 +1597,6 @@ qla2x00_hba_attributes(scsi_qla_host_t * + unsigned int callopt) + { + struct qla_hw_data *ha = vha->hw; +- struct init_cb_24xx *icb24 = (void *)ha->init_cb; + struct new_utsname *p_sysid = utsname(); + struct ct_fdmi_hba_attr *eiter; + uint16_t alen; +@@ -1759,8 +1758,8 @@ qla2x00_hba_attributes(scsi_qla_host_t * + /* MAX CT Payload Length */ + eiter = entries + size; + eiter->type = cpu_to_be16(FDMI_HBA_MAXIMUM_CT_PAYLOAD_LENGTH); +- eiter->a.max_ct_len = cpu_to_be32(le16_to_cpu(IS_FWI2_CAPABLE(ha) ? +- icb24->frame_payload_size : ha->init_cb->frame_payload_size)); ++ eiter->a.max_ct_len = cpu_to_be32(ha->frame_payload_size >> 2); ++ + alen = sizeof(eiter->a.max_ct_len); + alen += FDMI_ATTR_TYPELEN(eiter); + eiter->len = cpu_to_be16(alen); +@@ -1852,7 +1851,6 @@ qla2x00_port_attributes(scsi_qla_host_t + unsigned int callopt) + { + struct qla_hw_data *ha = vha->hw; +- struct init_cb_24xx *icb24 = (void *)ha->init_cb; + struct new_utsname *p_sysid = utsname(); + char *hostname = p_sysid ? + p_sysid->nodename : fc_host_system_hostname(vha->host); +@@ -1904,8 +1902,7 @@ qla2x00_port_attributes(scsi_qla_host_t + /* Max frame size. */ + eiter = entries + size; + eiter->type = cpu_to_be16(FDMI_PORT_MAX_FRAME_SIZE); +- eiter->a.max_frame_size = cpu_to_be32(le16_to_cpu(IS_FWI2_CAPABLE(ha) ? +- icb24->frame_payload_size : ha->init_cb->frame_payload_size)); ++ eiter->a.max_frame_size = cpu_to_be32(ha->frame_payload_size); + alen = sizeof(eiter->a.max_frame_size); + alen += FDMI_ATTR_TYPELEN(eiter); + eiter->len = cpu_to_be16(alen); +--- a/drivers/scsi/qla2xxx/qla_init.c ++++ b/drivers/scsi/qla2xxx/qla_init.c +@@ -4535,6 +4535,8 @@ qla2x00_init_rings(scsi_qla_host_t *vha) + BIT_6) != 0; + ql_dbg(ql_dbg_init, vha, 0x00bc, "FA-WWPN Support: %s.\n", + (ha->flags.fawwpn_enabled) ? "enabled" : "disabled"); ++ /* Init_cb will be reused for other command(s). Save a backup copy of port_name */ ++ memcpy(ha->port_name, ha->init_cb->port_name, WWN_SIZE); + } + + /* ELS pass through payload is limit by frame size. */ +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -1355,9 +1355,7 @@ qla2x00_async_event(scsi_qla_host_t *vha + if (!vha->vp_idx) { + if (ha->flags.fawwpn_enabled && + (ha->current_topology == ISP_CFG_F)) { +- void *wwpn = ha->init_cb->port_name; +- +- memcpy(vha->port_name, wwpn, WWN_SIZE); ++ memcpy(vha->port_name, ha->port_name, WWN_SIZE); + fc_host_port_name(vha->host) = + wwn_to_u64(vha->port_name); + ql_dbg(ql_dbg_init + ql_dbg_verbose, diff --git a/patches.suse/scsi-qla2xxx-Fix-response-queue-handler-reading-stal.patch b/patches.suse/scsi-qla2xxx-Fix-response-queue-handler-reading-stal.patch new file mode 100644 index 0000000..1db3fed --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-response-queue-handler-reading-stal.patch @@ -0,0 +1,117 @@ +From: Arun Easi +Date: Tue, 12 Jul 2022 22:20:39 -0700 +Subject: scsi: qla2xxx: Fix response queue handler reading stale packets +Patch-mainline: v5.20-rc1 +Git-commit: b1f707146923335849fb70237eec27d4d1ae7d62 +References: bsc#1201958 + +On some platforms, the current logic of relying on finding new packet +solely based on signature pattern can lead to driver reading stale +packets. Though this is a bug in those platforms, reduce such exposures by +limiting reading packets until the IN pointer. + +Two module parameters are introduced: + + ql2xrspq_follow_inptr: + + When set, on newer adapters that has queue pointer shadowing, look for + response packets only until response queue in pointer. + + When reset, response packets are read based on a signature pattern + logic (old way). + + ql2xrspq_follow_inptr_legacy: + + Like ql2xrspq_follow_inptr, but for those adapters where there is no + queue pointer shadowing. + +Link: https://lore.kernel.org/r/20220713052045.10683-5-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Arun Easi +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_gbl.h | 2 ++ + drivers/scsi/qla2xxx/qla_isr.c | 24 +++++++++++++++++++++++- + drivers/scsi/qla2xxx/qla_os.c | 10 ++++++++++ + 3 files changed, 35 insertions(+), 1 deletion(-) + +--- a/drivers/scsi/qla2xxx/qla_gbl.h ++++ b/drivers/scsi/qla2xxx/qla_gbl.h +@@ -194,6 +194,8 @@ extern int ql2xsecenable; + extern int ql2xenforce_iocb_limit; + extern int ql2xabts_wait_nvme; + extern u32 ql2xnvme_queues; ++extern int ql2xrspq_follow_inptr; ++extern int ql2xrspq_follow_inptr_legacy; + + extern int qla2x00_loop_reset(scsi_qla_host_t *); + extern void qla2x00_abort_all_cmds(scsi_qla_host_t *, int); +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3790,6 +3790,8 @@ void qla24xx_process_response_queue(stru + struct qla_hw_data *ha = vha->hw; + struct purex_entry_24xx *purex_entry; + struct purex_item *pure_item; ++ u16 rsp_in = 0; ++ int follow_inptr, is_shadow_hba; + + if (!ha->flags.fw_started) + return; +@@ -3799,7 +3801,25 @@ void qla24xx_process_response_queue(stru + qla_cpu_update(rsp->qpair, smp_processor_id()); + } + +- while (rsp->ring_ptr->signature != RESPONSE_PROCESSED) { ++#define __update_rsp_in(_update, _is_shadow_hba, _rsp, _rsp_in) \ ++ do { \ ++ if (_update) { \ ++ _rsp_in = _is_shadow_hba ? *(_rsp)->in_ptr : \ ++ rd_reg_dword_relaxed((_rsp)->rsp_q_in); \ ++ } \ ++ } while (0) ++ ++ is_shadow_hba = IS_SHADOW_REG_CAPABLE(ha); ++ follow_inptr = is_shadow_hba ? ql2xrspq_follow_inptr : ++ ql2xrspq_follow_inptr_legacy; ++ ++ __update_rsp_in(follow_inptr, is_shadow_hba, rsp, rsp_in); ++ ++ while ((likely(follow_inptr && ++ rsp->ring_index != rsp_in && ++ rsp->ring_ptr->signature != RESPONSE_PROCESSED)) || ++ (!follow_inptr && ++ rsp->ring_ptr->signature != RESPONSE_PROCESSED)) { + pkt = (struct sts_entry_24xx *)rsp->ring_ptr; + + rsp->ring_index++; +@@ -3912,6 +3932,8 @@ void qla24xx_process_response_queue(stru + } + pure_item = qla27xx_copy_fpin_pkt(vha, + (void **)&pkt, &rsp); ++ __update_rsp_in(follow_inptr, is_shadow_hba, ++ rsp, rsp_in); + if (!pure_item) + break; + qla24xx_queue_purex_item(vha, pure_item, +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -339,6 +339,16 @@ module_param(ql2xdelay_before_pci_error_ + MODULE_PARM_DESC(ql2xdelay_before_pci_error_handling, + "Number of seconds delayed before qla begin PCI error self-handling (default: 5).\n"); + ++int ql2xrspq_follow_inptr = 1; ++module_param(ql2xrspq_follow_inptr, int, 0644); ++MODULE_PARM_DESC(ql2xrspq_follow_inptr, ++ "Follow RSP IN pointer for RSP updates for HBAs 27xx and newer (default: 1)."); ++ ++int ql2xrspq_follow_inptr_legacy = 1; ++module_param(ql2xrspq_follow_inptr_legacy, int, 0644); ++MODULE_PARM_DESC(ql2xrspq_follow_inptr_legacy, ++ "Follow RSP IN pointer for RSP updates for HBAs older than 27XX. (default: 1)."); ++ + static void qla2x00_clear_drv_active(struct qla_hw_data *); + static void qla2x00_free_device(scsi_qla_host_t *); + static int qla2xxx_map_queues(struct Scsi_Host *shost); diff --git a/patches.suse/scsi-qla2xxx-Fix-sparse-warning-for-dport_data.patch b/patches.suse/scsi-qla2xxx-Fix-sparse-warning-for-dport_data.patch new file mode 100644 index 0000000..6778bac --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Fix-sparse-warning-for-dport_data.patch @@ -0,0 +1,46 @@ +From: Nilesh Javali +Date: Tue, 12 Jul 2022 22:20:43 -0700 +Subject: scsi: qla2xxx: Fix sparse warning for dport_data +Patch-mainline: v5.20-rc1 +Git-commit: 166d74b876b7d8eb2e41b0587db93d23cef85221 +References: bsc#1201958 + +Use le16_to_cpu to fix sparse warning reported for dport_data. + +sparse warnings: (new ones prefixed by >>) +>> drivers/scsi/qla2xxx/qla_bsg.c:2485:34: sparse: sparse: incorrect +>> type in assignment (different base types) @@ expected unsigned +>> short [usertype] mbx1 @@ got restricted __le16 @@ + drivers/scsi/qla2xxx/qla_bsg.c:2485:34: sparse: expected unsigned short [usertype] mbx1 + drivers/scsi/qla2xxx/qla_bsg.c:2485:34: sparse: got restricted __le16 +>> drivers/scsi/qla2xxx/qla_bsg.c:2486:34: sparse: sparse: +>> incorrect type in assignment (different base types) @@ +>> expected unsigned short [usertype] mbx2 @@ got restricted __le16 @@ + drivers/scsi/qla2xxx/qla_bsg.c:2486:34: sparse: expected unsigned short [usertype] mbx2 + drivers/scsi/qla2xxx/qla_bsg.c:2486:34: sparse: got restricted __le16 + +Link: https://lore.kernel.org/r/20220713052045.10683-9-njavali@marvell.com +Fixes: 476da8faa336 ("scsi: qla2xxx: Add a new v2 dport diagnostic feature") +Cc: stable@vger.kernel.org +Reported-by: kernel test robot +Reviewed-by: Himanshu Madhani +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_bsg.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_bsg.c ++++ b/drivers/scsi/qla2xxx/qla_bsg.c +@@ -2483,8 +2483,8 @@ qla2x00_do_dport_diagnostics_v2(struct b + dd->mbx2 = mcp->mb[1]; + vha->dport_status |= DPORT_DIAG_IN_PROGRESS; + } else if (options == QLA_GET_DPORT_RESULT_V2) { +- dd->mbx1 = vha->dport_data[1]; +- dd->mbx2 = vha->dport_data[2]; ++ dd->mbx1 = le16_to_cpu(vha->dport_data[1]); ++ dd->mbx2 = le16_to_cpu(vha->dport_data[2]); + } + } else { + dd->mbx1 = mcp->mb[0]; diff --git a/patches.suse/scsi-qla2xxx-Update-manufacturer-details.patch b/patches.suse/scsi-qla2xxx-Update-manufacturer-details.patch new file mode 100644 index 0000000..725a07f --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Update-manufacturer-details.patch @@ -0,0 +1,43 @@ +From: Bikash Hazarika +Date: Tue, 12 Jul 2022 22:20:44 -0700 +Subject: scsi: qla2xxx: Update manufacturer details +Patch-mainline: v5.20-rc1 +Git-commit: 1ccad27716ecad1fd58c35e579bedb81fa5e1ad5 +References: bsc#1201958 + +Update manufacturer details to indicate Marvell Semiconductors. + +Link: https://lore.kernel.org/r/20220713052045.10683-10-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Bikash Hazarika +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_def.h | 2 +- + drivers/scsi/qla2xxx/qla_gs.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_def.h ++++ b/drivers/scsi/qla2xxx/qla_def.h +@@ -79,7 +79,7 @@ typedef union { + #include "qla_nvme.h" + #define QLA2XXX_DRIVER_NAME "qla2xxx" + #define QLA2XXX_APIDEV "ql2xapidev" +-#define QLA2XXX_MANUFACTURER "QLogic Corporation" ++#define QLA2XXX_MANUFACTURER "Marvell Semiconductor, Inc." + + /* + * We have MAILBOX_REGISTER_COUNT sized arrays in a few places, +--- a/drivers/scsi/qla2xxx/qla_gs.c ++++ b/drivers/scsi/qla2xxx/qla_gs.c +@@ -1617,7 +1617,7 @@ qla2x00_hba_attributes(scsi_qla_host_t * + eiter->type = cpu_to_be16(FDMI_HBA_MANUFACTURER); + alen = scnprintf( + eiter->a.manufacturer, sizeof(eiter->a.manufacturer), +- "%s", "QLogic Corporation"); ++ "%s", QLA2XXX_MANUFACTURER); + alen += FDMI_ATTR_ALIGNMENT(alen); + alen += FDMI_ATTR_TYPELEN(eiter); + eiter->len = cpu_to_be16(alen); diff --git a/patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.800-k.patch b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.800-k.patch new file mode 100644 index 0000000..5b5ca15 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.800-k.patch @@ -0,0 +1,30 @@ +From: Nilesh Javali +Date: Tue, 12 Jul 2022 22:20:45 -0700 +Subject: scsi: qla2xxx: Update version to 10.02.07.800-k +Patch-mainline: v5.20-rc1 +Git-commit: 6c20cc4885c5c11065a83c82dd8ce2074fe5c774 +References: bsc#1201958 + +Link: https://lore.kernel.org/r/20220713052045.10683-11-njavali@marvell.com +Reviewed-by: Himanshu Madhani +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_version.h | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_version.h ++++ b/drivers/scsi/qla2xxx/qla_version.h +@@ -7,9 +7,9 @@ + /* + * Driver version + */ +-#define QLA2XXX_VERSION "10.02.07.700-k" ++#define QLA2XXX_VERSION "10.02.07.800-k" + + #define QLA_DRIVER_MAJOR_VER 10 + #define QLA_DRIVER_MINOR_VER 2 + #define QLA_DRIVER_PATCH_VER 7 +-#define QLA_DRIVER_BETA_VER 700 ++#define QLA_DRIVER_BETA_VER 800 diff --git a/patches.suse/scsi-qla2xxx-Zero-undefined-mailbox-IN-registers.patch b/patches.suse/scsi-qla2xxx-Zero-undefined-mailbox-IN-registers.patch new file mode 100644 index 0000000..b24d1f4 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-Zero-undefined-mailbox-IN-registers.patch @@ -0,0 +1,34 @@ +From: Bikash Hazarika +Date: Tue, 12 Jul 2022 22:20:38 -0700 +Subject: scsi: qla2xxx: Zero undefined mailbox IN registers +Patch-mainline: v5.20-rc1 +Git-commit: 6c96a3c7d49593ef15805f5e497601c87695abc9 +References: bsc#1201958 + +While requesting a new mailbox command, driver does not write any data to +unused registers. Initialize the unused register value to zero while +requesting a new mailbox command to prevent stale entry access by firmware. + +Link: https://lore.kernel.org/r/20220713052045.10683-4-njavali@marvell.com +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Bikash Hazarika +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_mbx.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/scsi/qla2xxx/qla_mbx.c ++++ b/drivers/scsi/qla2xxx/qla_mbx.c +@@ -239,6 +239,8 @@ qla2x00_mailbox_command(scsi_qla_host_t + ql_dbg(ql_dbg_mbx, vha, 0x1112, + "mbox[%d]<-0x%04x\n", cnt, *iptr); + wrt_reg_word(optr, *iptr); ++ } else { ++ wrt_reg_word(optr, 0); + } + + mboxes >>= 1; diff --git a/patches.suse/scsi-qla2xxx-add-a-new-v2-dport-diagnostic-feature.patch b/patches.suse/scsi-qla2xxx-add-a-new-v2-dport-diagnostic-feature.patch index ea1b495..e62d3ff 100644 --- a/patches.suse/scsi-qla2xxx-add-a-new-v2-dport-diagnostic-feature.patch +++ b/patches.suse/scsi-qla2xxx-add-a-new-v2-dport-diagnostic-feature.patch @@ -1,8 +1,7 @@ From: Bikash Hazarika Date: Wed, 15 Jun 2022 22:34:59 -0700 Subject: scsi: qla2xxx: Add a new v2 dport diagnostic feature -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 476da8faa336f104cb5183ff51615335d1ff5d1f References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-add-debug-prints-in-the-device-remove-path.patch b/patches.suse/scsi-qla2xxx-add-debug-prints-in-the-device-remove-path.patch index b9bfc94..063f796 100644 --- a/patches.suse/scsi-qla2xxx-add-debug-prints-in-the-device-remove-path.patch +++ b/patches.suse/scsi-qla2xxx-add-debug-prints-in-the-device-remove-path.patch @@ -1,8 +1,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:35:05 -0700 Subject: scsi: qla2xxx: Add debug prints in the device remove path -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: f12d2d130efc49464ef0666789bfeb9073162743 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-Fix-dropped-IKE-message.patch b/patches.suse/scsi-qla2xxx-edif-Fix-dropped-IKE-message.patch new file mode 100644 index 0000000..5a488b9 --- /dev/null +++ b/patches.suse/scsi-qla2xxx-edif-Fix-dropped-IKE-message.patch @@ -0,0 +1,119 @@ +From: Quinn Tran +Date: Tue, 12 Jul 2022 22:20:40 -0700 +Subject: scsi: qla2xxx: edif: Fix dropped IKE message +Patch-mainline: v5.20-rc1 +Git-commit: c019cd656e717349ff22d0c41d6fbfc773f48c52 +References: bsc#1201958 + +This patch fixes IKE message being dropped due to error in processing Purex +IOCB and Continuation IOCBs. + +Link: https://lore.kernel.org/r/20220713052045.10683-6-njavali@marvell.com +Fixes: fac2807946c1 ("scsi: qla2xxx: edif: Add extraction of auth_els from the wire") +Cc: stable@vger.kernel.org +Reviewed-by: Himanshu Madhani +Signed-off-by: Quinn Tran +Signed-off-by: Nilesh Javali +Signed-off-by: Martin K. Petersen +Acked-by: Daniel Wagner +--- + drivers/scsi/qla2xxx/qla_isr.c | 54 ++++++++++++++++++----------------------- + 1 file changed, 24 insertions(+), 30 deletions(-) + +--- a/drivers/scsi/qla2xxx/qla_isr.c ++++ b/drivers/scsi/qla2xxx/qla_isr.c +@@ -3730,12 +3730,11 @@ void qla24xx_nvme_ls4_iocb(struct scsi_q + * Return: 0 all iocbs has arrived, xx- all iocbs have not arrived. + */ + static int qla_chk_cont_iocb_avail(struct scsi_qla_host *vha, +- struct rsp_que *rsp, response_t *pkt) ++ struct rsp_que *rsp, response_t *pkt, u32 rsp_q_in) + { +- int start_pkt_ring_index, end_pkt_ring_index, n_ring_index; +- response_t *end_pkt; ++ int start_pkt_ring_index; ++ u32 iocb_cnt = 0; + int rc = 0; +- u32 rsp_q_in; + + if (pkt->entry_count == 1) + return rc; +@@ -3746,34 +3745,18 @@ static int qla_chk_cont_iocb_avail(struc + else + start_pkt_ring_index = rsp->ring_index - 1; + +- if ((start_pkt_ring_index + pkt->entry_count) >= rsp->length) +- end_pkt_ring_index = start_pkt_ring_index + pkt->entry_count - +- rsp->length - 1; ++ if (rsp_q_in < start_pkt_ring_index) ++ /* q in ptr is wrapped */ ++ iocb_cnt = rsp->length - start_pkt_ring_index + rsp_q_in; + else +- end_pkt_ring_index = start_pkt_ring_index + pkt->entry_count - 1; ++ iocb_cnt = rsp_q_in - start_pkt_ring_index; + +- end_pkt = rsp->ring + end_pkt_ring_index; +- +- /* next pkt = end_pkt + 1 */ +- n_ring_index = end_pkt_ring_index + 1; +- if (n_ring_index >= rsp->length) +- n_ring_index = 0; +- +- rsp_q_in = rsp->qpair->use_shadow_reg ? *rsp->in_ptr : +- rd_reg_dword(rsp->rsp_q_in); +- +- /* rsp_q_in is either wrapped or pointing beyond endpkt */ +- if ((rsp_q_in < start_pkt_ring_index && rsp_q_in < n_ring_index) || +- rsp_q_in >= n_ring_index) +- /* all IOCBs arrived. */ +- rc = 0; +- else ++ if (iocb_cnt < pkt->entry_count) + rc = -EIO; + +- ql_dbg(ql_dbg_init + ql_dbg_verbose, vha, 0x5091, +- "%s - ring %p pkt %p end pkt %p entry count %#x rsp_q_in %d rc %d\n", +- __func__, rsp->ring, pkt, end_pkt, pkt->entry_count, +- rsp_q_in, rc); ++ ql_dbg(ql_dbg_init, vha, 0x5091, ++ "%s - ring %p pkt %p entry count %d iocb_cnt %d rsp_q_in %d rc %d\n", ++ __func__, rsp->ring, pkt, pkt->entry_count, iocb_cnt, rsp_q_in, rc); + + return rc; + } +@@ -3790,7 +3773,7 @@ void qla24xx_process_response_queue(stru + struct qla_hw_data *ha = vha->hw; + struct purex_entry_24xx *purex_entry; + struct purex_item *pure_item; +- u16 rsp_in = 0; ++ u16 rsp_in = 0, cur_ring_index; + int follow_inptr, is_shadow_hba; + + if (!ha->flags.fw_started) +@@ -3821,6 +3804,7 @@ void qla24xx_process_response_queue(stru + (!follow_inptr && + rsp->ring_ptr->signature != RESPONSE_PROCESSED)) { + pkt = (struct sts_entry_24xx *)rsp->ring_ptr; ++ cur_ring_index = rsp->ring_index; + + rsp->ring_index++; + if (rsp->ring_index == rsp->length) { +@@ -3941,7 +3925,17 @@ void qla24xx_process_response_queue(stru + break; + + case ELS_AUTH_ELS: +- if (qla_chk_cont_iocb_avail(vha, rsp, (response_t *)pkt)) { ++ if (qla_chk_cont_iocb_avail(vha, rsp, (response_t *)pkt, rsp_in)) { ++ /* ++ * ring_ptr and ring_index were ++ * pre-incremented above. Reset them ++ * back to current. Wait for next ++ * interrupt with all IOCBs to arrive ++ * and re-process. ++ */ ++ rsp->ring_ptr = (response_t *)pkt; ++ rsp->ring_index = cur_ring_index; ++ + ql_dbg(ql_dbg_init, vha, 0x5091, + "Defer processing ELS opcode %#x...\n", + purex_entry->els_frame_payload[3]); diff --git a/patches.suse/scsi-qla2xxx-edif-add-bsg-interface-to-read-doorbell-events.patch b/patches.suse/scsi-qla2xxx-edif-add-bsg-interface-to-read-doorbell-events.patch index b22b84e..01239c8 100644 --- a/patches.suse/scsi-qla2xxx-edif-add-bsg-interface-to-read-doorbell-events.patch +++ b/patches.suse/scsi-qla2xxx-edif-add-bsg-interface-to-read-doorbell-events.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:20 -0700 Subject: scsi: qla2xxx: edif: Add bsg interface to read doorbell events -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 5ecd241bd7b1088a189581c0b560a13fe93621f6 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-add-retry-for-els-passthrough.patch b/patches.suse/scsi-qla2xxx-edif-add-retry-for-els-passthrough.patch index 365e55f..527cbea 100644 --- a/patches.suse/scsi-qla2xxx-edif-add-retry-for-els-passthrough.patch +++ b/patches.suse/scsi-qla2xxx-edif-add-retry-for-els-passthrough.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:23 -0700 Subject: scsi: qla2xxx: edif: Add retry for ELS passthrough -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 0b3f3143d473b489a7aa0779c43bcdb344bd3014 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-bsg-refactor.patch b/patches.suse/scsi-qla2xxx-edif-bsg-refactor.patch index 3c64391..a3b2848 100644 --- a/patches.suse/scsi-qla2xxx-edif-bsg-refactor.patch +++ b/patches.suse/scsi-qla2xxx-edif-bsg-refactor.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:18 -0700 Subject: scsi: qla2xxx: edif: bsg refactor -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 7a7b0b4865d3490f62d6ef1a3aa39fa2b47859a4 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-i-o-timeout-due-to-over-subscription.patch b/patches.suse/scsi-qla2xxx-edif-fix-i-o-timeout-due-to-over-subscription.patch index f6eb8f5..553e284 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-i-o-timeout-due-to-over-subscription.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-i-o-timeout-due-to-over-subscription.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:40 -0700 Subject: scsi: qla2xxx: edif: Fix I/O timeout due to over-subscription -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 63ab6cb582fad3757a03f466db671729b97f2df8 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-n2n-discovery-issue-with-secure-target.patch b/patches.suse/scsi-qla2xxx-edif-fix-n2n-discovery-issue-with-secure-target.patch index 0f16f3c..daa9c2f 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-n2n-discovery-issue-with-secure-target.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-n2n-discovery-issue-with-secure-target.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:25 -0700 Subject: scsi: qla2xxx: edif: Fix n2n discovery issue with secure target -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 789d54a4178634850e441f60c0326124138e7269 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-n2n-login-retry-for-secure-device.patch b/patches.suse/scsi-qla2xxx-edif-fix-n2n-login-retry-for-secure-device.patch index afbc8ed..27044ae 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-n2n-login-retry-for-secure-device.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-n2n-login-retry-for-secure-device.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:26 -0700 Subject: scsi: qla2xxx: edif: Fix n2n login retry for secure device -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: aec55325ddec975216119da000092cb8664a3399 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-no-login-after-app-start.patch b/patches.suse/scsi-qla2xxx-edif-fix-no-login-after-app-start.patch index c635cff..f66aa63 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-no-login-after-app-start.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-no-login-after-app-start.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:43 -0700 Subject: scsi: qla2xxx: edif: Fix no login after app start -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 24c796098f5395477f7f7ebf8e24f3f08a139f71 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-no-logout-on-delete-for-n2n.patch b/patches.suse/scsi-qla2xxx-edif-fix-no-logout-on-delete-for-n2n.patch index 9222fff..ba7d4fe 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-no-logout-on-delete-for-n2n.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-no-logout-on-delete-for-n2n.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:46 -0700 Subject: scsi: qla2xxx: edif: Fix no logout on delete for N2N -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: ec538eb838f334453b10e7e9b260f0c358018a37 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-potential-stuck-session-in-sa-update.patch b/patches.suse/scsi-qla2xxx-edif-fix-potential-stuck-session-in-sa-update.patch index 1003574..4c472e3 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-potential-stuck-session-in-sa-update.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-potential-stuck-session-in-sa-update.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:21 -0700 Subject: scsi: qla2xxx: edif: Fix potential stuck session in sa update -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: e0fb8ce2bb9e52c846e54ad2c58b5b7beb13eb09 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-session-thrash.patch b/patches.suse/scsi-qla2xxx-edif-fix-session-thrash.patch index 66a4da4..1a6abdc 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-session-thrash.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-session-thrash.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:45 -0700 Subject: scsi: qla2xxx: edif: Fix session thrash -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: a8fdfb0b39c2b31722c70bdf2272b949d5af4b7b References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-fix-slow-session-teardown.patch b/patches.suse/scsi-qla2xxx-edif-fix-slow-session-teardown.patch index 65de386..2745f4a 100644 --- a/patches.suse/scsi-qla2xxx-edif-fix-slow-session-teardown.patch +++ b/patches.suse/scsi-qla2xxx-edif-fix-slow-session-teardown.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:48 -0700 Subject: scsi: qla2xxx: edif: Fix slow session teardown -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: bcf536072f7475c65f21fd1681e94f99c04f9d15 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-reduce-disruption-due-to-multiple-app-start.patch b/patches.suse/scsi-qla2xxx-edif-reduce-disruption-due-to-multiple-app-start.patch index ed6ac91..51ffc7b 100644 --- a/patches.suse/scsi-qla2xxx-edif-reduce-disruption-due-to-multiple-app-start.patch +++ b/patches.suse/scsi-qla2xxx-edif-reduce-disruption-due-to-multiple-app-start.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:42 -0700 Subject: scsi: qla2xxx: edif: Reduce disruption due to multiple app start -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 0dbfce5255fe8d069a1a3b712a25b263264cfa58 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-reduce-initiator-initiator-thrashing.patch b/patches.suse/scsi-qla2xxx-edif-reduce-initiator-initiator-thrashing.patch index 3c9d4f0..377166c 100644 --- a/patches.suse/scsi-qla2xxx-edif-reduce-initiator-initiator-thrashing.patch +++ b/patches.suse/scsi-qla2xxx-edif-reduce-initiator-initiator-thrashing.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:17 -0700 Subject: scsi: qla2xxx: edif: Reduce Initiator-Initiator thrashing -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 9c40c36e75ffd49952cd4ead0672defc4b4dbdf7 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-reduce-n2n-thrashing-at-app_start-time.patch b/patches.suse/scsi-qla2xxx-edif-reduce-n2n-thrashing-at-app_start-time.patch index 6e0931a..87d6623 100644 --- a/patches.suse/scsi-qla2xxx-edif-reduce-n2n-thrashing-at-app_start-time.patch +++ b/patches.suse/scsi-qla2xxx-edif-reduce-n2n-thrashing-at-app_start-time.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:47 -0700 Subject: scsi: qla2xxx: edif: Reduce N2N thrashing at app_start time -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 37be3f9d6993a721bc019f03c97ea0fe66319997 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-remove-old-doorbell-interface.patch b/patches.suse/scsi-qla2xxx-edif-remove-old-doorbell-interface.patch index 517879b..3032f28 100644 --- a/patches.suse/scsi-qla2xxx-edif-remove-old-doorbell-interface.patch +++ b/patches.suse/scsi-qla2xxx-edif-remove-old-doorbell-interface.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:24 -0700 Subject: scsi: qla2xxx: edif: Remove old doorbell interface -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 1040e5f75ddf56fdd571a2a14b4d1a9e8ed846a9 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-send-logo-for-unexpected-ike-message.patch b/patches.suse/scsi-qla2xxx-edif-send-logo-for-unexpected-ike-message.patch index 57d86d0..60208c6 100644 --- a/patches.suse/scsi-qla2xxx-edif-send-logo-for-unexpected-ike-message.patch +++ b/patches.suse/scsi-qla2xxx-edif-send-logo-for-unexpected-ike-message.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:41 -0700 Subject: scsi: qla2xxx: edif: Send LOGO for unexpected IKE message -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 2b659ed67a12f39f56d8dcad9b5d5a74d67c01b3 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-synchronize-npiv-deletion-with-authentication.patch b/patches.suse/scsi-qla2xxx-edif-synchronize-npiv-deletion-with-authentication.patch index 0e5f98f..45cd47c 100644 --- a/patches.suse/scsi-qla2xxx-edif-synchronize-npiv-deletion-with-authentication.patch +++ b/patches.suse/scsi-qla2xxx-edif-synchronize-npiv-deletion-with-authentication.patch @@ -2,8 +2,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:22 -0700 Subject: scsi: qla2xxx: edif: Synchronize NPIV deletion with authentication application -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: cf79716e6636400ae38c37bc8a652b1e522abbba References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-tear-down-session-if-keys-have-been-removed.patch b/patches.suse/scsi-qla2xxx-edif-tear-down-session-if-keys-have-been-removed.patch index 9203260..a0cceeb 100644 --- a/patches.suse/scsi-qla2xxx-edif-tear-down-session-if-keys-have-been-removed.patch +++ b/patches.suse/scsi-qla2xxx-edif-tear-down-session-if-keys-have-been-removed.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 8 Jun 2022 04:58:44 -0700 Subject: scsi: qla2xxx: edif: Tear down session if keys have been removed -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: d7e2e4a68fc047a025afcd200e6b7e1fbc8b1999 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-edif-wait-for-app-to-ack-on-sess-down.patch b/patches.suse/scsi-qla2xxx-edif-wait-for-app-to-ack-on-sess-down.patch index 3bb648e..e083386 100644 --- a/patches.suse/scsi-qla2xxx-edif-wait-for-app-to-ack-on-sess-down.patch +++ b/patches.suse/scsi-qla2xxx-edif-wait-for-app-to-ack-on-sess-down.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Mon, 6 Jun 2022 21:46:19 -0700 Subject: scsi: qla2xxx: edif: Wait for app to ack on sess down -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: df648afa39da9c4d3af99c6c03dc3e9c7dfa99b0 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch b/patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch index dbf4dd1..59e7b8f 100644 --- a/patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch +++ b/patches.suse/scsi-qla2xxx-fix-crash-due-to-stale-srb-access-around-i-o-timeouts.patch @@ -1,8 +1,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:35:02 -0700 Subject: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: c39587bc0abaf16593f7abcdf8aeec3c038c7d52 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-erroneous-mailbox-timeout-after-pci-error.patch b/patches.suse/scsi-qla2xxx-fix-erroneous-mailbox-timeout-after-pci-error.patch index fad9a2a..d3eb62f 100644 --- a/patches.suse/scsi-qla2xxx-fix-erroneous-mailbox-timeout-after-pci-error.patch +++ b/patches.suse/scsi-qla2xxx-fix-erroneous-mailbox-timeout-after-pci-error.patch @@ -2,8 +2,7 @@ From: Quinn Tran Date: Wed, 15 Jun 2022 22:35:07 -0700 Subject: scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: f260694e6463b63ae550aad25ddefe94cb1904da References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-excessive-i-o-error-messages-by-default.patch b/patches.suse/scsi-qla2xxx-fix-excessive-i-o-error-messages-by-default.patch index a0de212..71d9f3e 100644 --- a/patches.suse/scsi-qla2xxx-fix-excessive-i-o-error-messages-by-default.patch +++ b/patches.suse/scsi-qla2xxx-fix-excessive-i-o-error-messages-by-default.patch @@ -1,8 +1,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:34:58 -0700 Subject: scsi: qla2xxx: Fix excessive I/O error messages by default -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: bff4873c709085e09d0ffae0c25b8e65256e3205 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-during-port-perturbation.patch b/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-during-port-perturbation.patch index 2d54b7b..69fe561 100644 --- a/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-during-port-perturbation.patch +++ b/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-during-port-perturbation.patch @@ -2,8 +2,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:35:03 -0700 Subject: scsi: qla2xxx: Fix losing FCP-2 targets during port perturbation tests -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 58d1c124cd79ea686b512043c5bd515590b2ed95 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-on-long-port-disable-with.patch b/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-on-long-port-disable-with.patch index 1f8b39a..c5970a9 100644 --- a/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-on-long-port-disable-with.patch +++ b/patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-on-long-port-disable-with.patch @@ -2,8 +2,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:35:06 -0700 Subject: scsi: qla2xxx: Fix losing FCP-2 targets on long port disable with I/Os -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 2416ccd3815ba1613e10a6da0a24ef21acfe5633 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-fix-losing-target-when-it-reappears-during-delete.patch b/patches.suse/scsi-qla2xxx-fix-losing-target-when-it-reappears-during-delete.patch index a4fd1b9..ec35cbf 100644 --- a/patches.suse/scsi-qla2xxx-fix-losing-target-when-it-reappears-during-delete.patch +++ b/patches.suse/scsi-qla2xxx-fix-losing-target-when-it-reappears-during-delete.patch @@ -1,8 +1,7 @@ From: Arun Easi Date: Wed, 15 Jun 2022 22:35:04 -0700 Subject: scsi: qla2xxx: Fix losing target when it reappears during delete -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 118b0c863c8f5629cc5271fc24d72d926e0715d9 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-turn-off-multi-queue-for-8g-adapters.patch b/patches.suse/scsi-qla2xxx-turn-off-multi-queue-for-8g-adapters.patch index 16fd8e0..d05bdb9 100644 --- a/patches.suse/scsi-qla2xxx-turn-off-multi-queue-for-8g-adapters.patch +++ b/patches.suse/scsi-qla2xxx-turn-off-multi-queue-for-8g-adapters.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 15 Jun 2022 22:35:01 -0700 Subject: scsi: qla2xxx: Turn off multi-queue for 8G adapters -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 5304673bdb1635e27555bd636fd5d6956f1cd552 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.500-k.patch b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.500-k.patch index 0cbe397..bda86ea 100644 --- a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.500-k.patch +++ b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.500-k.patch @@ -1,8 +1,7 @@ From: Nilesh Javali Date: Mon, 6 Jun 2022 21:46:27 -0700 Subject: scsi: qla2xxx: Update version to 10.02.07.500-k -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 4dc48a107a146cade61097958ff2366c13da1f60 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.600-k.patch b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.600-k.patch index 4a479c6..5989db9 100644 --- a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.600-k.patch +++ b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.600-k.patch @@ -1,8 +1,7 @@ From: Nilesh Javali Date: Wed, 8 Jun 2022 04:58:49 -0700 Subject: scsi: qla2xxx: Update version to 10.02.07.600-k -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 0f4d7d556125019287833e8b312b3b6f0a10e58a References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.700-k.patch b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.700-k.patch index fa83bf2..7e9c362 100644 --- a/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.700-k.patch +++ b/patches.suse/scsi-qla2xxx-update-version-to-10.02.07.700-k.patch @@ -1,8 +1,7 @@ From: Nilesh Javali Date: Wed, 15 Jun 2022 22:35:08 -0700 Subject: scsi: qla2xxx: Update version to 10.02.07.700-k -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: 4de0d18da901bd271d9e4f13415c4a6eedee0591 References: bsc#1201160 diff --git a/patches.suse/scsi-qla2xxx-wind-down-adapter-after-pcie-error.patch b/patches.suse/scsi-qla2xxx-wind-down-adapter-after-pcie-error.patch index 0b59b3d..ea4e45b 100644 --- a/patches.suse/scsi-qla2xxx-wind-down-adapter-after-pcie-error.patch +++ b/patches.suse/scsi-qla2xxx-wind-down-adapter-after-pcie-error.patch @@ -1,8 +1,7 @@ From: Quinn Tran Date: Wed, 15 Jun 2022 22:35:00 -0700 Subject: scsi: qla2xxx: Wind down adapter after PCIe error -Patch-mainline: Queued in subsystem maintainer repository -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi.git +Patch-mainline: v5.20-rc1 Git-commit: d3117c83ba316b3200d9f2fe900f2b9a5525a25c References: bsc#1201160 diff --git a/patches.suse/serial-8250-fix-return-error-code-in-serial8250_requ.patch b/patches.suse/serial-8250-fix-return-error-code-in-serial8250_requ.patch new file mode 100644 index 0000000..3951e56 --- /dev/null +++ b/patches.suse/serial-8250-fix-return-error-code-in-serial8250_requ.patch @@ -0,0 +1,45 @@ +From 6e690d54cfa802f939cefbd2fa2c91bd0b8bd1b6 Mon Sep 17 00:00:00 2001 +From: Yi Yang +Date: Tue, 28 Jun 2022 16:35:15 +0800 +Subject: [PATCH] serial: 8250: fix return error code in serial8250_request_std_resource() +Git-commit: 6e690d54cfa802f939cefbd2fa2c91bd0b8bd1b6 +Patch-mainline: v5.19-rc7 +References: git-fixes + +If port->mapbase = NULL in serial8250_request_std_resource() , it need +return a error code instead of 0. If uart_set_info() fail to request new +regions by serial8250_request_std_resource() but the return value of +serial8250_request_std_resource() is 0, The system incorrectly considers +that the resource application is successful and does not attempt to +restore the old setting. A null pointer reference is triggered when the +port resource is later invoked. + +Signed-off-by: Yi Yang +Cc: stable +Link: https://lore.kernel.org/r/20220628083515.64138-1-yiyang13@huawei.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/8250/8250_port.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/tty/serial/8250/8250_port.c b/drivers/tty/serial/8250/8250_port.c +index b9cdc5552b0d..3c36a06a20b0 100644 +--- a/drivers/tty/serial/8250/8250_port.c ++++ b/drivers/tty/serial/8250/8250_port.c +@@ -2975,8 +2975,10 @@ static int serial8250_request_std_resource(struct uart_8250_port *up) + case UPIO_MEM32BE: + case UPIO_MEM16: + case UPIO_MEM: +- if (!port->mapbase) ++ if (!port->mapbase) { ++ ret = -EINVAL; + break; ++ } + + if (!request_mem_region(port->mapbase, size, "serial")) { + ret = -EBUSY; +-- +2.35.3 + diff --git a/patches.suse/serial-pl011-UPSTAT_AUTORTS-requires-.throttle-unthr.patch b/patches.suse/serial-pl011-UPSTAT_AUTORTS-requires-.throttle-unthr.patch new file mode 100644 index 0000000..cd1725b --- /dev/null +++ b/patches.suse/serial-pl011-UPSTAT_AUTORTS-requires-.throttle-unthr.patch @@ -0,0 +1,89 @@ +From 211565b100993c90b53bf40851eacaefc830cfe0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= +Date: Tue, 14 Jun 2022 10:56:37 +0300 +Subject: [PATCH] serial: pl011: UPSTAT_AUTORTS requires .throttle/unthrottle +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 211565b100993c90b53bf40851eacaefc830cfe0 +Patch-mainline: v5.19-rc7 +References: git-fixes + +The driver must provide throttle and unthrottle in uart_ops when it +sets UPSTAT_AUTORTS. Add them using existing stop_rx & +enable_interrupts functions. + +Fixes: 2a76fa283098 (serial: pl011: Adopt generic flag to store auto RTS status) +Cc: stable +Cc: Lukas Wunner +Reported-by: Nuno Gonçalves +Tested-by: Nuno Gonçalves +Signed-off-by: Ilpo Järvinen +Link: https://lore.kernel.org/r/20220614075637.8558-1-ilpo.jarvinen@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/amba-pl011.c | 23 +++++++++++++++++++++-- + 1 file changed, 21 insertions(+), 2 deletions(-) + +diff --git a/drivers/tty/serial/amba-pl011.c b/drivers/tty/serial/amba-pl011.c +index 97ef41cb2721..16a21422ddce 100644 +--- a/drivers/tty/serial/amba-pl011.c ++++ b/drivers/tty/serial/amba-pl011.c +@@ -1367,6 +1367,15 @@ static void pl011_stop_rx(struct uart_port *port) + pl011_dma_rx_stop(uap); + } + ++static void pl011_throttle_rx(struct uart_port *port) ++{ ++ unsigned long flags; ++ ++ spin_lock_irqsave(&port->lock, flags); ++ pl011_stop_rx(port); ++ spin_unlock_irqrestore(&port->lock, flags); ++} ++ + static void pl011_enable_ms(struct uart_port *port) + { + struct uart_amba_port *uap = +@@ -1788,9 +1797,10 @@ static int pl011_allocate_irq(struct uart_amba_port *uap) + */ + static void pl011_enable_interrupts(struct uart_amba_port *uap) + { ++ unsigned long flags; + unsigned int i; + +- spin_lock_irq(&uap->port.lock); ++ spin_lock_irqsave(&uap->port.lock, flags); + + /* Clear out any spuriously appearing RX interrupts */ + pl011_write(UART011_RTIS | UART011_RXIS, uap, REG_ICR); +@@ -1812,7 +1822,14 @@ static void pl011_enable_interrupts(struct uart_amba_port *uap) + if (!pl011_dma_rx_running(uap)) + uap->im |= UART011_RXIM; + pl011_write(uap->im, uap, REG_IMSC); +- spin_unlock_irq(&uap->port.lock); ++ spin_unlock_irqrestore(&uap->port.lock, flags); ++} ++ ++static void pl011_unthrottle_rx(struct uart_port *port) ++{ ++ struct uart_amba_port *uap = container_of(port, struct uart_amba_port, port); ++ ++ pl011_enable_interrupts(uap); + } + + static int pl011_startup(struct uart_port *port) +@@ -2225,6 +2242,8 @@ static const struct uart_ops amba_pl011_pops = { + .stop_tx = pl011_stop_tx, + .start_tx = pl011_start_tx, + .stop_rx = pl011_stop_rx, ++ .throttle = pl011_throttle_rx, ++ .unthrottle = pl011_unthrottle_rx, + .enable_ms = pl011_enable_ms, + .break_ctl = pl011_break_ctl, + .startup = pl011_startup, +-- +2.35.3 + diff --git a/patches.suse/serial-stm32-Clear-prev-values-before-setting-RTS-de.patch b/patches.suse/serial-stm32-Clear-prev-values-before-setting-RTS-de.patch new file mode 100644 index 0000000..b275503 --- /dev/null +++ b/patches.suse/serial-stm32-Clear-prev-values-before-setting-RTS-de.patch @@ -0,0 +1,43 @@ +From 5c5f44e36217de5ead789ff25da71c31c2331c96 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Ilpo=20J=C3=A4rvinen?= +Date: Mon, 27 Jun 2022 18:07:52 +0300 +Subject: [PATCH] serial: stm32: Clear prev values before setting RTS delays +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 5c5f44e36217de5ead789ff25da71c31c2331c96 +Patch-mainline: v5.19-rc7 +References: git-fixes + +The code lacks clearing of previous DEAT/DEDT values. Thus, changing +values on the fly results in garbage delays tending towards the maximum +value as more and more bits are ORed together. (Leaving RS485 mode +would have cleared the old values though). + +Fixes: 1bcda09d2910 ("serial: stm32: add support for RS485 hardware control mode") +Cc: stable +Signed-off-by: Ilpo Järvinen +Link: https://lore.kernel.org/r/20220627150753.34510-1-ilpo.jarvinen@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/tty/serial/stm32-usart.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/drivers/tty/serial/stm32-usart.c b/drivers/tty/serial/stm32-usart.c +index b7b44f4050d4..0973b03eeeaa 100644 +--- a/drivers/tty/serial/stm32-usart.c ++++ b/drivers/tty/serial/stm32-usart.c +@@ -72,6 +72,8 @@ static void stm32_usart_config_reg_rs485(u32 *cr1, u32 *cr3, u32 delay_ADE, + *cr3 |= USART_CR3_DEM; + over8 = *cr1 & USART_CR1_OVER8; + ++ *cr1 &= ~(USART_CR1_DEDT_MASK | USART_CR1_DEAT_MASK); ++ + if (over8) + rs485_deat_dedt = delay_ADE * baud * 8; + else +-- +2.35.3 + diff --git a/patches.suse/soc-fsl-guts-machine-variable-might-be-unset.patch b/patches.suse/soc-fsl-guts-machine-variable-might-be-unset.patch new file mode 100644 index 0000000..8e73979 --- /dev/null +++ b/patches.suse/soc-fsl-guts-machine-variable-might-be-unset.patch @@ -0,0 +1,32 @@ +From ab3f045774f704c4e7b6a878102f4e9d4ae7bc74 Mon Sep 17 00:00:00 2001 +From: Michael Walle +Date: Mon, 4 Apr 2022 11:56:03 +0200 +Subject: [PATCH] soc: fsl: guts: machine variable might be unset +Git-commit: ab3f045774f704c4e7b6a878102f4e9d4ae7bc74 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If both the model and the compatible properties are missing, then +machine will not be set. Initialize it with NULL. + +Fixes: 34c1c21e94ac ("soc: fsl: fix section mismatch build warnings") +Signed-off-by: Michael Walle +Acked-by: Arnd Bergmann +Signed-off-by: Shawn Guo +Acked-by: Takashi Iwai + +--- + drivers/soc/fsl/guts.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/soc/fsl/guts.c ++++ b/drivers/soc/fsl/guts.c +@@ -142,7 +142,7 @@ static int fsl_guts_probe(struct platfor + struct device *dev = &pdev->dev; + struct resource *res; + const struct fsl_soc_die_attr *soc_die; +- const char *machine; ++ const char *machine = NULL; + u32 svr; + + /* Initialize guts */ diff --git a/patches.suse/soc-ixp4xx-npe-Fix-unused-match-warning.patch b/patches.suse/soc-ixp4xx-npe-Fix-unused-match-warning.patch new file mode 100644 index 0000000..397ba62 --- /dev/null +++ b/patches.suse/soc-ixp4xx-npe-Fix-unused-match-warning.patch @@ -0,0 +1,45 @@ +From 620f83b8326ce9706b1118334f0257ae028ce045 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Sun, 26 Jun 2022 09:43:15 +0200 +Subject: [PATCH] soc: ixp4xx/npe: Fix unused match warning +Git-commit: 620f83b8326ce9706b1118334f0257ae028ce045 +Patch-mainline: v5.19-rc6 +References: git-fixes + +The kernel test robot found this inconsistency: + + drivers/soc/ixp4xx/ixp4xx-npe.c:737:34: warning: + 'ixp4xx_npe_of_match' defined but not used [-Wunused-const-variable=] + 737 | static const struct of_device_id ixp4xx_npe_of_match[] = { + +This is because the match is enclosed in the of_match_ptr() +which compiles into NULL when OF is disabled and this +is unnecessary. + +Fix it by dropping of_match_ptr() around the match. + +Signed-off-by: Linus Walleij +Link: https://lore.kernel.org/r/20220626074315.61209-1-linus.walleij@linaro.org' +Signed-off-by: Arnd Bergmann +Acked-by: Takashi Iwai + +--- + drivers/soc/ixp4xx/ixp4xx-npe.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/soc/ixp4xx/ixp4xx-npe.c b/drivers/soc/ixp4xx/ixp4xx-npe.c +index 613935cb6a48..58240e320c13 100644 +--- a/drivers/soc/ixp4xx/ixp4xx-npe.c ++++ b/drivers/soc/ixp4xx/ixp4xx-npe.c +@@ -758,7 +758,7 @@ static const struct of_device_id ixp4xx_npe_of_match[] = { + static struct platform_driver ixp4xx_npe_driver = { + .driver = { + .name = "ixp4xx-npe", +- .of_match_table = of_match_ptr(ixp4xx_npe_of_match), ++ .of_match_table = ixp4xx_npe_of_match, + }, + .probe = ixp4xx_npe_probe, + .remove = ixp4xx_npe_remove, +-- +2.35.3 + diff --git a/patches.suse/soundwire-bus_type-fix-remove-and-shutdown-support.patch b/patches.suse/soundwire-bus_type-fix-remove-and-shutdown-support.patch new file mode 100644 index 0000000..fea7b09 --- /dev/null +++ b/patches.suse/soundwire-bus_type-fix-remove-and-shutdown-support.patch @@ -0,0 +1,54 @@ +From df6407782964dc7e35ad84230abb38f46314b245 Mon Sep 17 00:00:00 2001 +From: Pierre-Louis Bossart +Date: Fri, 10 Jun 2022 09:51:05 +0800 +Subject: [PATCH] soundwire: bus_type: fix remove and shutdown support +Git-commit: df6407782964dc7e35ad84230abb38f46314b245 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The bus sdw_drv_remove() and sdw_drv_shutdown() helpers are used +conditionally, if the driver provides these routines. + +These helpers already test if the driver provides a .remove or +.shutdown callback, so there's no harm in invoking the +sdw_drv_remove() and sdw_drv_shutdown() unconditionally. + +In addition, the current code is imbalanced with +dev_pm_domain_attach() called from sdw_drv_probe(), but +dev_pm_domain_detach() called from sdw_drv_remove() only if the driver +provides a .remove callback. + +Fixes: 9251345dca24b ("soundwire: Add SoundWire bus type") +Signed-off-by: Pierre-Louis Bossart +Reviewed-by: Rander Wang +Signed-off-by: Bard Liao +Link: https://lore.kernel.org/r/20220610015105.25987-1-yung-chuan.liao@linux.intel.com +Signed-off-by: Vinod Koul +Acked-by: Takashi Iwai + +--- + drivers/soundwire/bus_type.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/drivers/soundwire/bus_type.c b/drivers/soundwire/bus_type.c +index 893296f3fe39..b81e04dd3a9f 100644 +--- a/drivers/soundwire/bus_type.c ++++ b/drivers/soundwire/bus_type.c +@@ -193,12 +193,8 @@ int __sdw_register_driver(struct sdw_driver *drv, struct module *owner) + + drv->driver.owner = owner; + drv->driver.probe = sdw_drv_probe; +- +- if (drv->remove) +- drv->driver.remove = sdw_drv_remove; +- +- if (drv->shutdown) +- drv->driver.shutdown = sdw_drv_shutdown; ++ drv->driver.remove = sdw_drv_remove; ++ drv->driver.shutdown = sdw_drv_shutdown; + + return driver_register(&drv->driver); + } +-- +2.35.3 + diff --git a/patches.suse/spi-amd-Limit-max-transfer-and-message-size.patch b/patches.suse/spi-amd-Limit-max-transfer-and-message-size.patch new file mode 100644 index 0000000..c0be34d --- /dev/null +++ b/patches.suse/spi-amd-Limit-max-transfer-and-message-size.patch @@ -0,0 +1,70 @@ +From 6ece49c56965544262523dae4a071ace3db63507 Mon Sep 17 00:00:00 2001 +From: Cristian Ciocaltea +Date: Wed, 6 Jul 2022 13:06:22 +0300 +Subject: [PATCH] spi: amd: Limit max transfer and message size +Git-commit: 6ece49c56965544262523dae4a071ace3db63507 +Patch-mainline: v5.19-rc7 +References: git-fixes + +Enabling the SPI CS35L41 audio codec driver for Steam Deck [1] +revealed a problem with the current AMD SPI controller driver +implementation, consisting of an unrecoverable system hang. + +The issue can be prevented if we ensure the max transfer size +and the max message size do not exceed the FIFO buffer size. + +According to the implementation of the downstream driver, the +AMD SPI controller is not able to handle more than 70 bytes per +transfer, which corresponds to the size of the FIFO buffer. + +Hence, let's fix this by setting the SPI limits mentioned above. + +[1] https://lore.kernel.org/r/20220621213819.262537-1-cristian.ciocaltea@collabora.com + +Reported-by: Anastasios Vacharakis +Fixes: bbb336f39efc ("spi: spi-amd: Add AMD SPI controller driver support") +Signed-off-by: Cristian Ciocaltea +Link: https://lore.kernel.org/r/20220706100626.1234731-2-cristian.ciocaltea@collabora.com +Signed-off-by: Mark Brown +Acked-by: Takashi Iwai + +--- + drivers/spi/spi-amd.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/spi/spi-amd.c b/drivers/spi/spi-amd.c +index cba6a4486c24..efdcbe6c4c26 100644 +--- a/drivers/spi/spi-amd.c ++++ b/drivers/spi/spi-amd.c +@@ -33,6 +33,7 @@ + #define AMD_SPI_RX_COUNT_REG 0x4B + #define AMD_SPI_STATUS_REG 0x4C + ++#define AMD_SPI_FIFO_SIZE 70 + #define AMD_SPI_MEM_SIZE 200 + + /* M_CMD OP codes for SPI */ +@@ -270,6 +271,11 @@ static int amd_spi_master_transfer(struct spi_master *master, + return 0; + } + ++static size_t amd_spi_max_transfer_size(struct spi_device *spi) ++{ ++ return AMD_SPI_FIFO_SIZE; ++} ++ + static int amd_spi_probe(struct platform_device *pdev) + { + struct device *dev = &pdev->dev; +@@ -302,6 +308,8 @@ static int amd_spi_probe(struct platform_device *pdev) + master->flags = SPI_MASTER_HALF_DUPLEX; + master->setup = amd_spi_master_setup; + master->transfer_one_message = amd_spi_master_transfer; ++ master->max_transfer_size = amd_spi_max_transfer_size; ++ master->max_message_size = amd_spi_max_transfer_size; + + /* Register the controller with SPI framework */ + err = devm_spi_register_master(dev, master); +-- +2.35.3 + diff --git a/patches.suse/spi-linux-spi-spi.h-add-missing-struct-kernel-doc-en.patch b/patches.suse/spi-linux-spi-spi.h-add-missing-struct-kernel-doc-en.patch new file mode 100644 index 0000000..bb0420b --- /dev/null +++ b/patches.suse/spi-linux-spi-spi.h-add-missing-struct-kernel-doc-en.patch @@ -0,0 +1,52 @@ +From 8dd591ad0104593f315b6b2ab636a18c002f7d86 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Mon, 28 Jun 2021 14:05:20 -0700 +Subject: [PATCH] spi: : add missing struct kernel-doc entry +Git-commit: 8dd591ad0104593f315b6b2ab636a18c002f7d86 +References: git-fixes +Patch-mainline: v5.15-rc1 + +Fix kernel-doc warning in spi.h by adding the missing kernel-doc entry +and also correct the original comment so that they both indicate the +correct polarity of the flag. + +../include/linux/spi/spi.h:673: warning: Function parameter or member 'devm_allocated' not described in 'spi_controller' + +Fixes: 794aaf01444d ("spi: Fix use-after-free with devm_spi_alloc_*") +Signed-off-by: Randy Dunlap +Cc: William A. Kennington III +Cc: Mark Brown +Cc: linux-spi@vger.kernel.org +Cc: Lukas Wunner +Reviewed-by: Lukas Wunner +Link: https://lore.kernel.org/r/20210628210520.5712-1-rdunlap@infradead.org +Signed-off-by: Mark Brown +Signed-off-by: Oliver Neukum +--- + include/linux/spi/spi.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/linux/spi/spi.h b/include/linux/spi/spi.h +index 97b8d12b5f2b..3a81b5d1c3cb 100644 +--- a/include/linux/spi/spi.h ++++ b/include/linux/spi/spi.h +@@ -339,6 +339,7 @@ extern struct spi_device *spi_new_ancillary_device(struct spi_device *spi, u8 ch + * @max_speed_hz: Highest supported transfer speed + * @flags: other constraints relevant to this driver + * @slave: indicates that this is an SPI slave controller ++ * @devm_allocated: whether the allocation of this struct is devres-managed + * @max_transfer_size: function that returns the max transfer size for + * a &spi_device; may be %NULL, so the default %SIZE_MAX will be used. + * @max_message_size: function that returns the max message size for +@@ -511,7 +512,7 @@ struct spi_controller { + + #define SPI_MASTER_GPIO_SS BIT(5) /* GPIO CS must select slave */ + +- /* flag indicating this is a non-devres managed controller */ ++ /* flag indicating if the allocation of this struct is devres-managed */ + bool devm_allocated; + + /* flag indicating this is an SPI slave controller */ +-- +2.35.3 + diff --git a/patches.suse/staging-rtl8192u-Fix-sleep-in-atomic-context-bug-in-.patch b/patches.suse/staging-rtl8192u-Fix-sleep-in-atomic-context-bug-in-.patch new file mode 100644 index 0000000..06ec9e3 --- /dev/null +++ b/patches.suse/staging-rtl8192u-Fix-sleep-in-atomic-context-bug-in-.patch @@ -0,0 +1,140 @@ +From 6a0c054930d554ad8f8044ef1fc856d9da391c81 Mon Sep 17 00:00:00 2001 +From: Duoming Zhou +Date: Sun, 10 Jul 2022 18:30:02 +0800 +Subject: [PATCH] staging: rtl8192u: Fix sleep in atomic context bug in dm_fsync_timer_callback +Git-commit: 6a0c054930d554ad8f8044ef1fc856d9da391c81 +Patch-mainline: v6.0-rc1 +References: git-fixes + +There are sleep in atomic context bugs when dm_fsync_timer_callback is +executing. The root cause is that the memory allocation functions with +GFP_KERNEL or GFP_NOIO parameters are called in dm_fsync_timer_callback +which is a timer handler. The call paths that could trigger bugs are +shown below: + + (interrupt context) +dm_fsync_timer_callback + write_nic_byte + kzalloc(sizeof(data), GFP_KERNEL); //may sleep + usb_control_msg + kmalloc(.., GFP_NOIO); //may sleep + write_nic_dword + kzalloc(sizeof(data), GFP_KERNEL); //may sleep + usb_control_msg + kmalloc(.., GFP_NOIO); //may sleep + +This patch uses delayed work to replace timer and moves the operations +that may sleep into the delayed work in order to mitigate bugs. + +Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging") +Signed-off-by: Duoming Zhou +Link: https://lore.kernel.org/r/20220710103002.63283-1-duoming@zju.edu.cn +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/staging/rtl8192u/r8192U.h | 2 - + drivers/staging/rtl8192u/r8192U_dm.c | 38 ++++++++++++++++------------------- + drivers/staging/rtl8192u/r8192U_dm.h | 2 - + 3 files changed, 20 insertions(+), 22 deletions(-) + +--- a/drivers/staging/rtl8192u/r8192U.h ++++ b/drivers/staging/rtl8192u/r8192U.h +@@ -1013,7 +1013,7 @@ typedef struct r8192_priv { + bool bis_any_nonbepkts; + bool bcurrent_turbo_EDCA; + bool bis_cur_rdlstate; +- struct timer_list fsync_timer; ++ struct delayed_work fsync_work; + bool bfsync_processing; /* 500ms Fsync timer is active or not */ + u32 rate_record; + u32 rateCountDiffRecord; +--- a/drivers/staging/rtl8192u/r8192U_dm.c ++++ b/drivers/staging/rtl8192u/r8192U_dm.c +@@ -2585,19 +2585,20 @@ static void dm_init_fsync(struct net_dev + priv->ieee80211->fsync_seconddiff_ratethreshold = 200; + priv->ieee80211->fsync_state = Default_Fsync; + priv->framesyncMonitor = 1; /* current default 0xc38 monitor on */ +- timer_setup(&priv->fsync_timer, dm_fsync_timer_callback, 0); ++ INIT_DELAYED_WORK(&priv->fsync_work, dm_fsync_work_callback); + } + + static void dm_deInit_fsync(struct net_device *dev) + { + struct r8192_priv *priv = ieee80211_priv(dev); + +- del_timer_sync(&priv->fsync_timer); ++ cancel_delayed_work_sync(&priv->fsync_work); + } + +-void dm_fsync_timer_callback(struct timer_list *t) ++void dm_fsync_work_callback(struct work_struct *work) + { +- struct r8192_priv *priv = from_timer(priv, t, fsync_timer); ++ struct r8192_priv *priv = ++ container_of(work, struct r8192_priv, fsync_work.work); + struct net_device *dev = priv->ieee80211->dev; + u32 rate_index, rate_count = 0, rate_count_diff = 0; + bool bSwitchFromCountDiff = false; +@@ -2664,17 +2665,16 @@ void dm_fsync_timer_callback(struct time + } + } + if (bDoubleTimeInterval) { +- if (timer_pending(&priv->fsync_timer)) +- del_timer_sync(&priv->fsync_timer); +- priv->fsync_timer.expires = jiffies + +- msecs_to_jiffies(priv->ieee80211->fsync_time_interval*priv->ieee80211->fsync_multiple_timeinterval); +- add_timer(&priv->fsync_timer); ++ cancel_delayed_work_sync(&priv->fsync_work); ++ schedule_delayed_work(&priv->fsync_work, ++ msecs_to_jiffies(priv ++ ->ieee80211->fsync_time_interval * ++ priv->ieee80211->fsync_multiple_timeinterval)); + } else { +- if (timer_pending(&priv->fsync_timer)) +- del_timer_sync(&priv->fsync_timer); +- priv->fsync_timer.expires = jiffies + +- msecs_to_jiffies(priv->ieee80211->fsync_time_interval); +- add_timer(&priv->fsync_timer); ++ cancel_delayed_work_sync(&priv->fsync_work); ++ schedule_delayed_work(&priv->fsync_work, ++ msecs_to_jiffies(priv ++ ->ieee80211->fsync_time_interval)); + } + } else { + /* Let Register return to default value; */ +@@ -2702,7 +2702,7 @@ static void dm_EndSWFsync(struct net_dev + struct r8192_priv *priv = ieee80211_priv(dev); + + RT_TRACE(COMP_HALDM, "%s\n", __func__); +- del_timer_sync(&(priv->fsync_timer)); ++ cancel_delayed_work_sync(&priv->fsync_work); + + /* Let Register return to default value; */ + if (priv->bswitch_fsync) { +@@ -2744,11 +2744,9 @@ static void dm_StartSWFsync(struct net_d + if (priv->ieee80211->fsync_rate_bitmap & rateBitmap) + priv->rate_record += priv->stats.received_rate_histogram[1][rateIndex]; + } +- if (timer_pending(&priv->fsync_timer)) +- del_timer_sync(&priv->fsync_timer); +- priv->fsync_timer.expires = jiffies + +- msecs_to_jiffies(priv->ieee80211->fsync_time_interval); +- add_timer(&priv->fsync_timer); ++ cancel_delayed_work_sync(&priv->fsync_work); ++ schedule_delayed_work(&priv->fsync_work, ++ msecs_to_jiffies(priv->ieee80211->fsync_time_interval)); + + write_nic_dword(dev, rOFDM0_RxDetector2, 0x465c12cd); + +--- a/drivers/staging/rtl8192u/r8192U_dm.h ++++ b/drivers/staging/rtl8192u/r8192U_dm.h +@@ -166,7 +166,7 @@ void dm_force_tx_fw_info(struct net_devi + void dm_init_edca_turbo(struct net_device *dev); + void dm_rf_operation_test_callback(unsigned long data); + void dm_rf_pathcheck_workitemcallback(struct work_struct *work); +-void dm_fsync_timer_callback(struct timer_list *t); ++void dm_fsync_work_callback(struct work_struct *work); + void dm_cck_txpower_adjust(struct net_device *dev, bool binch14); + void dm_shadow_init(struct net_device *dev); + void dm_initialize_txpower_tracking(struct net_device *dev); diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_dointvec.patch b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec.patch new file mode 100644 index 0000000..a23505b --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec.patch @@ -0,0 +1,51 @@ +From 1f1be04b4d48a2475ea1aab46a99221bfc5c0968 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Wed, 6 Jul 2022 16:39:52 -0700 +Subject: [PATCH] sysctl: Fix data races in proc_dointvec(). +Git-commit: 1f1be04b4d48a2475ea1aab46a99221bfc5c0968 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_dointvec() to use READ_ONCE() and WRITE_ONCE() +internally to fix data-races on the sysctl side. For now, proc_dointvec() +itself is tolerant to a data-race, but we still need to add annotations on +the other subsystem's side. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index e52b6e372c60..c8a05655ae60 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -446,14 +446,14 @@ static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp, + if (*negp) { + if (*lvalp > (unsigned long) INT_MAX + 1) + return -EINVAL; +- *valp = -*lvalp; ++ WRITE_ONCE(*valp, -*lvalp); + } else { + if (*lvalp > (unsigned long) INT_MAX) + return -EINVAL; +- *valp = *lvalp; ++ WRITE_ONCE(*valp, *lvalp); + } + } else { +- int val = *valp; ++ int val = READ_ONCE(*valp); + if (val < 0) { + *negp = true; + *lvalp = -(unsigned long)val; +-- +2.35.3 + diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_jiffies.patch b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_jiffies.patch new file mode 100644 index 0000000..27016e8 --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_jiffies.patch @@ -0,0 +1,48 @@ +From e877820877663fbae8cb9582ea597a7230b94df3 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Wed, 6 Jul 2022 16:39:57 -0700 +Subject: [PATCH] sysctl: Fix data races in proc_dointvec_jiffies(). +Git-commit: e877820877663fbae8cb9582ea597a7230b94df3 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_dointvec_jiffies() to use READ_ONCE() and +WRITE_ONCE() internally to fix data-races on the sysctl side. For now, +proc_dointvec_jiffies() itself is tolerant to a data-race, but we still +need to add annotations on the other subsystem's side. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 8c55ba01f41b..bf9383d17e1b 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -1173,9 +1173,12 @@ static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp, + if (write) { + if (*lvalp > INT_MAX / HZ) + return 1; +- *valp = *negp ? -(*lvalp*HZ) : (*lvalp*HZ); ++ if (*negp) ++ WRITE_ONCE(*valp, -*lvalp * HZ); ++ else ++ WRITE_ONCE(*valp, *lvalp * HZ); + } else { +- int val = *valp; ++ int val = READ_ONCE(*valp); + unsigned long lval; + if (val < 0) { + *negp = true; +-- +2.35.3 + diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_minmax.patch b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_minmax.patch new file mode 100644 index 0000000..6f6b5c1 --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_minmax.patch @@ -0,0 +1,42 @@ +From f613d86d014b6375a4085901de39406598121e35 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Wed, 6 Jul 2022 16:39:54 -0700 +Subject: [PATCH] sysctl: Fix data races in proc_dointvec_minmax(). +Git-commit: f613d86d014b6375a4085901de39406598121e35 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_dointvec_minmax() to use READ_ONCE() and +WRITE_ONCE() internally to fix data-races on the sysctl side. For now, +proc_dointvec_minmax() itself is tolerant to a data-race, but we still +need to add annotations on the other subsystem's side. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 2ab8c2a37e8f..4d87832367f2 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -857,7 +857,7 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp, + if ((param->min && *param->min > tmp) || + (param->max && *param->max < tmp)) + return -EINVAL; +- *valp = tmp; ++ WRITE_ONCE(*valp, tmp); + } + + return 0; +-- +2.35.3 + diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_ms_jiffies.patch b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_ms_jiffies.patch new file mode 100644 index 0000000..6cefd40 --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_dointvec_ms_jiffies.patch @@ -0,0 +1,56 @@ +From 7d1025e559782b58824b36cb8ad547a69f2e4b31 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Mon, 11 Jul 2022 17:15:20 -0700 +Subject: [PATCH] sysctl: Fix data-races in proc_dointvec_ms_jiffies(). +Git-commit: 7d1025e559782b58824b36cb8ad547a69f2e4b31 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_dointvec_ms_jiffies() to use READ_ONCE() and +WRITE_ONCE() internally to fix data-races on the sysctl side. For now, +proc_dointvec_ms_jiffies() itself is tolerant to a data-race, but we still +need to add annotations on the other subsystem's side. + +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index b016d68da08a..d99bc3945445 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -1224,9 +1224,9 @@ static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp, + + if (jif > INT_MAX) + return 1; +- *valp = (int)jif; ++ WRITE_ONCE(*valp, (int)jif); + } else { +- int val = *valp; ++ int val = READ_ONCE(*valp); + unsigned long lval; + if (val < 0) { + *negp = true; +@@ -1294,8 +1294,8 @@ int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write, + * @ppos: the current position in the file + * + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer +- * values from/to the user buffer, treated as an ASCII string. +- * The values read are assumed to be in 1/1000 seconds, and ++ * values from/to the user buffer, treated as an ASCII string. ++ * The values read are assumed to be in 1/1000 seconds, and + * are converted into jiffies. + * + * Returns 0 on success. +-- +2.35.3 + diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch b/patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch new file mode 100644 index 0000000..379eaf8 --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch @@ -0,0 +1,45 @@ +From 4762b532ec9539755aab61445d5da6e1926ccb99 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Wed, 6 Jul 2022 16:39:53 -0700 +Subject: [PATCH] sysctl: Fix data races in proc_douintvec(). +Git-commit: 4762b532ec9539755aab61445d5da6e1926ccb99 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() +internally to fix data-races on the sysctl side. For now, proc_douintvec() +itself is tolerant to a data-race, but we still need to add annotations on +the other subsystem's side. + +Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index c8a05655ae60..2ab8c2a37e8f 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -472,9 +472,9 @@ static int do_proc_douintvec_conv(unsigned long *lvalp, + if (write) { + if (*lvalp > UINT_MAX) + return -EINVAL; +- *valp = *lvalp; ++ WRITE_ONCE(*valp, *lvalp); + } else { +- unsigned int val = *valp; ++ unsigned int val = READ_ONCE(*valp); + *lvalp = (unsigned long)val; + } + return 0; +-- +2.35.3 + diff --git a/patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch b/patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch new file mode 100644 index 0000000..0f8fb51 --- /dev/null +++ b/patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch @@ -0,0 +1,42 @@ +From 2d3b559df3ed39258737789aae2ae7973d205bc1 Mon Sep 17 00:00:00 2001 +From: Kuniyuki Iwashima +Date: Wed, 6 Jul 2022 16:39:55 -0700 +Subject: [PATCH] sysctl: Fix data races in proc_douintvec_minmax(). +Git-commit: 2d3b559df3ed39258737789aae2ae7973d205bc1 +Patch-mainline: v5.19-rc7 +References: git-fixes + +A sysctl variable is accessed concurrently, and there is always a chance +of data-race. So, all readers and writers need some basic protection to +avoid load/store-tearing. + +This patch changes proc_douintvec_minmax() to use READ_ONCE() and +WRITE_ONCE() internally to fix data-races on the sysctl side. For now, +proc_douintvec_minmax() itself is tolerant to a data-race, but we still +need to add annotations on the other subsystem's side. + +Fixes: 61d9b56a8920 ("sysctl: add unsigned int range support") +Signed-off-by: Kuniyuki Iwashima +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + kernel/sysctl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 4d87832367f2..379721a03d41 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -923,7 +923,7 @@ static int do_proc_douintvec_minmax_conv(unsigned long *lvalp, + (param->max && *param->max < tmp)) + return -ERANGE; + +- *valp = tmp; ++ WRITE_ONCE(*valp, tmp); + } + + return 0; +-- +2.35.3 + diff --git a/patches.suse/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys.patch b/patches.suse/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys.patch new file mode 100644 index 0000000..5cfb69b --- /dev/null +++ b/patches.suse/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys.patch @@ -0,0 +1,139 @@ +From 2efc459d06f1630001e3984854848a5647086232 Mon Sep 17 00:00:00 2001 +From: Joe Perches +Date: Wed, 16 Sep 2020 13:40:38 -0700 +Subject: [PATCH] sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs + output +Git-commit: 2efc459d06f1630001e3984854848a5647086232 +Patch-mainline: v5.10-rc1 +References: bsc#1200598 cve-2022-20166 + +Output defects can exist in sysfs content using sprintf and snprintf. + +sprintf does not know the PAGE_SIZE maximum of the temporary buffer +used for outputting sysfs content and it's possible to overrun the +PAGE_SIZE buffer length. + +Add a generic sysfs_emit function that knows that the size of the +temporary buffer and ensures that no overrun is done. + +Add a generic sysfs_emit_at function that can be used in multiple +call situations that also ensures that no overrun is done. + +Validate the output buffer argument to be page aligned. +Validate the offset len argument to be within the PAGE_SIZE buf. + +Signed-off-by: Joe Perches +Link: https://lore.kernel.org/r/884235202216d464d61ee975f7465332c86f76b2.1600285923.git.joe@perches.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Petr Mladek + +[pmladek@suse.com: Removed changes in the documentation. The new API is not + used everywhere in the old code base. +] + + +--- + fs/sysfs/file.c | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ + include/linux/sysfs.h | 16 ++++++++++++++ + 2 files changed, 71 insertions(+) + +--- a/fs/sysfs/file.c ++++ b/fs/sysfs/file.c +@@ -15,6 +15,7 @@ + #include + #include + #include ++#include + + #include "sysfs.h" + +@@ -558,3 +559,57 @@ void sysfs_remove_bin_file(struct kobjec + kernfs_remove_by_name(kobj->sd, attr->attr.name); + } + EXPORT_SYMBOL_GPL(sysfs_remove_bin_file); ++ ++/** ++ * sysfs_emit - scnprintf equivalent, aware of PAGE_SIZE buffer. ++ * @buf: start of PAGE_SIZE buffer. ++ * @fmt: format ++ * @...: optional arguments to @format ++ * ++ * ++ * Returns number of characters written to @buf. ++ */ ++int sysfs_emit(char *buf, const char *fmt, ...) ++{ ++ va_list args; ++ int len; ++ ++ if (WARN(!buf || offset_in_page(buf), ++ "invalid sysfs_emit: buf:%p\n", buf)) ++ return 0; ++ ++ va_start(args, fmt); ++ len = vscnprintf(buf, PAGE_SIZE, fmt, args); ++ va_end(args); ++ ++ return len; ++} ++EXPORT_SYMBOL_GPL(sysfs_emit); ++ ++/** ++ * sysfs_emit_at - scnprintf equivalent, aware of PAGE_SIZE buffer. ++ * @buf: start of PAGE_SIZE buffer. ++ * @at: offset in @buf to start write in bytes ++ * @at must be >= 0 && < PAGE_SIZE ++ * @fmt: format ++ * @...: optional arguments to @fmt ++ * ++ * ++ * Returns number of characters written starting at &@buf[@at]. ++ */ ++int sysfs_emit_at(char *buf, int at, const char *fmt, ...) ++{ ++ va_list args; ++ int len; ++ ++ if (WARN(!buf || offset_in_page(buf) || at < 0 || at >= PAGE_SIZE, ++ "invalid sysfs_emit_at: buf:%p at:%d\n", buf, at)) ++ return 0; ++ ++ va_start(args, fmt); ++ len = vscnprintf(buf + at, PAGE_SIZE - at, fmt, args); ++ va_end(args); ++ ++ return len; ++} ++EXPORT_SYMBOL_GPL(sysfs_emit_at); +--- a/include/linux/sysfs.h ++++ b/include/linux/sysfs.h +@@ -312,6 +312,11 @@ static inline void sysfs_enable_ns(struc + return kernfs_enable_ns(kn); + } + ++__printf(2, 3) ++int sysfs_emit(char *buf, const char *fmt, ...); ++__printf(3, 4) ++int sysfs_emit_at(char *buf, int at, const char *fmt, ...); ++ + #else /* CONFIG_SYSFS */ + + static inline int sysfs_create_dir_ns(struct kobject *kobj, const void *ns) +@@ -532,6 +537,17 @@ static inline void sysfs_enable_ns(struc + { + } + ++__printf(2, 3) ++static inline int sysfs_emit(char *buf, const char *fmt, ...) ++{ ++ return 0; ++} ++ ++__printf(3, 4) ++static inline int sysfs_emit_at(char *buf, int at, const char *fmt, ...) ++{ ++ return 0; ++} + #endif /* CONFIG_SYSFS */ + + static inline int __must_check sysfs_create_file(struct kobject *kobj, diff --git a/patches.suse/thermal-tools-tmon-Include-pthread-and-time-headers-.patch b/patches.suse/thermal-tools-tmon-Include-pthread-and-time-headers-.patch new file mode 100644 index 0000000..c489049 --- /dev/null +++ b/patches.suse/thermal-tools-tmon-Include-pthread-and-time-headers-.patch @@ -0,0 +1,62 @@ +From 0cf51bfe999524377fbb71becb583b4ca6d07cfc Mon Sep 17 00:00:00 2001 +From: Markus Mayer +Date: Sun, 17 Jul 2022 20:10:39 -0700 +Subject: [PATCH] thermal/tools/tmon: Include pthread and time headers in tmon.h +Mime-version: 1.0 +Content-type: text/plain; charset=UTF-8 +Content-transfer-encoding: 8bit +Git-commit: 0cf51bfe999524377fbb71becb583b4ca6d07cfc +Patch-mainline: v6.0-rc1 +References: git-fixes + +Include sys/time.h and pthread.h in tmon.h, so that types +"pthread_mutex_t" and "struct timeval tv" are known when tmon.h +references them. + +Without these headers, compiling tmon against musl-libc will fail with +these errors: + +In file included from sysfs.c:31:0: +tmon.h:47:8: error: unknown type name 'pthread_mutex_t' + extern pthread_mutex_t input_lock; + ^~~~~~~~~~~~~~~ +Make[3]: *** [: sysfs.o] Error 1 +Make[3]: *** Waiting for unfinished jobs.... +In file included from tui.c:31:0: +tmon.h:54:17: error: field 'tv' has incomplete type + struct timeval tv; + ^~ +Make[3]: *** [: tui.o] Error 1 +Make[2]: *** [Makefile:83: tmon] Error 2 + +Signed-off-by: Markus Mayer +Acked-by: Florian Fainelli +Reviewed-by: Sumeet Pawnikar +Acked-by: Alejandro González +Tested-by: Alejandro González +Fixes: 94f69966faf8 ("tools/thermal: Introduce tmon, a tool for thermal subsystem") +Link: https://lore.kernel.org/r/20220718031040.44714-1-f.fainelli@gmail.com +Signed-off-by: Daniel Lezcano +Acked-by: Takashi Iwai + +--- + tools/thermal/tmon/tmon.h | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tools/thermal/tmon/tmon.h b/tools/thermal/tmon/tmon.h +index c9066ec104dd..44d16d778f04 100644 +--- a/tools/thermal/tmon/tmon.h ++++ b/tools/thermal/tmon/tmon.h +@@ -27,6 +27,9 @@ + #define NR_LINES_TZDATA 1 + #define TMON_LOG_FILE "/var/tmp/tmon.log" + ++#include ++#include ++ + extern unsigned long ticktime; + extern double time_elapsed; + extern unsigned long target_temp_user; +-- +2.35.3 + diff --git a/patches.suse/tick-nohz-Use-WARN_ON_ONCE-to-prevent-console-saturation.patch b/patches.suse/tick-nohz-Use-WARN_ON_ONCE-to-prevent-console-saturation.patch new file mode 100644 index 0000000..8446288 --- /dev/null +++ b/patches.suse/tick-nohz-Use-WARN_ON_ONCE-to-prevent-console-saturation.patch @@ -0,0 +1,45 @@ +From c665242d00ef37414c19c8860a363825bb622d7a Mon Sep 17 00:00:00 2001 +From: Paul Gortmaker +Date: Mon, 6 Dec 2021 09:59:50 -0500 +Subject: [PATCH] tick/nohz: Use WARN_ON_ONCE() to prevent console saturation + +References: git fixes (kernel/time) +Patch-mainline: v5.18-rc3 +Git-commit: 40e97e42961f8c6cc7bd5fe67cc18417e02d78f1 + +While running some testing on code that happened to allow the variable +tick_nohz_full_running to get set but with no "possible" NOHZ cores to +back up that setting, this warning triggered: + + if (unlikely(tick_do_timer_cpu == TICK_DO_TIMER_NONE)) + WARN_ON(tick_nohz_full_running); + +The console was overwhemled with an endless stream of one WARN per tick +per core and there was no way to even see what was going on w/o using a +serial console to capture it and then trace it back to this. + +Change it to WARN_ON_ONCE(). + +Fixes: 08ae95f4fd3b ("nohz_full: Allow the boot CPU to be nohz_full") +Signed-off-by: Paul Gortmaker +Signed-off-by: Thomas Gleixner +Cc: stable@vger.kernel.org +Link: https://lore.kernel.org/r/20211206145950.10927-3-paul.gortmaker@windriver.com +Signed-off-by: Mel Gorman +--- + kernel/time/tick-sched.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c +index 663688b2bbac..56aad84e8342 100644 +--- a/kernel/time/tick-sched.c ++++ b/kernel/time/tick-sched.c +@@ -131,7 +131,7 @@ static void tick_sched_do_timer(struct tick_sched *ts, ktime_t now) + */ + if (unlikely(tick_do_timer_cpu == TICK_DO_TIMER_NONE)) { + #ifdef CONFIG_NO_HZ_FULL +- WARN_ON(tick_nohz_full_running); ++ WARN_ON_ONCE(tick_nohz_full_running); + #endif + tick_do_timer_cpu = cpu; + } diff --git a/patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch b/patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch new file mode 100644 index 0000000..ad3f634 --- /dev/null +++ b/patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch @@ -0,0 +1,52 @@ +From: Jiri Slaby +Date: Thu, 7 Jul 2022 10:25:57 +0200 +Subject: tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: 716b10580283fda66f2b88140e3964f8a7f9da89 +Patch-mainline: v5.19-rc7 +References: bsc#1198829 CVE-2022-1462 + +We will need this new helper in the next patch. + +Cc: Hillf Danton +Cc: 一只狗 +Cc: Dan Carpenter +Signed-off-by: Jiri Slaby +Link: https://lore.kernel.org/r/20220707082558.9250-1-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/tty_buffer.c | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +--- a/drivers/tty/tty_buffer.c ++++ b/drivers/tty/tty_buffer.c +@@ -402,6 +402,15 @@ int __tty_insert_flip_char(struct tty_po + } + EXPORT_SYMBOL(__tty_insert_flip_char); + ++static inline void tty_flip_buffer_commit(struct tty_buffer *tail) ++{ ++ /* ++ * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees ++ * buffer data. ++ */ ++ smp_store_release(&tail->commit, tail->used); ++} ++ + /** + * tty_schedule_flip - push characters to ldisc + * @port: tty port to push from +@@ -415,10 +424,7 @@ void tty_schedule_flip(struct tty_port * + { + struct tty_bufhead *buf = &port->buf; + +- /* paired w/ acquire in flush_to_ldisc(); ensures +- * flush_to_ldisc() sees buffer data. +- */ +- smp_store_release(&buf->tail->commit, buf->tail->used); ++ tty_flip_buffer_commit(buf->tail); + queue_work(system_unbound_wq, &buf->work); + } + EXPORT_SYMBOL(tty_schedule_flip); diff --git a/patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch b/patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch new file mode 100644 index 0000000..44db1d8 --- /dev/null +++ b/patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch @@ -0,0 +1,116 @@ +From: Jiri Slaby +Date: Thu, 7 Jul 2022 10:25:58 +0200 +Subject: tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit +Git-commit: a501ab75e7624d133a5a3c7ec010687c8b961d23 +Patch-mainline: v5.19-rc7 +References: bsc#1198829 CVE-2022-1462 + +There is a race in pty_write(). pty_write() can be called in parallel +with e.g. ioctl(TIOCSTI) or ioctl(TCXONC) which also inserts chars to +the buffer. Provided, tty_flip_buffer_push() in pty_write() is called +outside the lock, it can commit inconsistent tail. This can lead to out +of bounds writes and other issues. See the Link below. + +To fix this, we have to introduce a new helper called +tty_insert_flip_string_and_push_buffer(). It does both +tty_insert_flip_string() and tty_flip_buffer_commit() under the port +lock. It also calls queue_work(), but outside the lock. See +71a174b39f10 (pty: do tty_flip_buffer_push without port->lock in +pty_write) for the reasons. + +Keep the helper internal-only (in drivers' tty.h). It is not intended to +be used widely. + +Link: https://seclists.org/oss-sec/2022/q2/155 +Fixes: 71a174b39f10 (pty: do tty_flip_buffer_push without port->lock in pty_write) +Cc: 一只狗 +Cc: Dan Carpenter +Suggested-by: Hillf Danton +Signed-off-by: Jiri Slaby +Link: https://lore.kernel.org/r/20220707082558.9250-2-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/pty.c | 14 ++------------ + drivers/tty/tty_buffer.c | 31 +++++++++++++++++++++++++++++++ + include/linux/tty.h | 3 +++ + 3 files changed, 36 insertions(+), 12 deletions(-) + +--- a/drivers/tty/pty.c ++++ b/drivers/tty/pty.c +@@ -111,21 +111,11 @@ static void pty_unthrottle(struct tty_st + static int pty_write(struct tty_struct *tty, const unsigned char *buf, int c) + { + struct tty_struct *to = tty->link; +- unsigned long flags; + +- if (tty->stopped) ++ if (tty->stopped || !c) + return 0; + +- if (c > 0) { +- spin_lock_irqsave(&to->port->lock, flags); +- /* Stuff the data into the input queue of the other end */ +- c = tty_insert_flip_string(to->port, buf, c); +- spin_unlock_irqrestore(&to->port->lock, flags); +- /* And shovel */ +- if (c) +- tty_flip_buffer_push(to->port); +- } +- return c; ++ return tty_insert_flip_string_and_push_buffer(to->port, buf, c); + } + + /** +--- a/drivers/tty/tty_buffer.c ++++ b/drivers/tty/tty_buffer.c +@@ -567,6 +567,37 @@ void tty_flip_buffer_push(struct tty_por + EXPORT_SYMBOL(tty_flip_buffer_push); + + /** ++ * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and ++ * push ++ * @port: tty port ++ * @chars: characters ++ * @size: size ++ * ++ * The function combines tty_insert_flip_string() and tty_flip_buffer_push() ++ * with the exception of properly holding the @port->lock. ++ * ++ * To be used only internally (by pty currently). ++ * ++ * Returns: the number added. ++ */ ++int tty_insert_flip_string_and_push_buffer(struct tty_port *port, ++ const unsigned char *chars, size_t size) ++{ ++ struct tty_bufhead *buf = &port->buf; ++ unsigned long flags; ++ ++ spin_lock_irqsave(&port->lock, flags); ++ size = tty_insert_flip_string(port, chars, size); ++ if (size) ++ tty_flip_buffer_commit(buf->tail); ++ spin_unlock_irqrestore(&port->lock, flags); ++ ++ queue_work(system_unbound_wq, &buf->work); ++ ++ return size; ++} ++ ++/** + * tty_buffer_init - prepare a tty buffer structure + * @tty: tty to initialise + * +--- a/include/linux/tty.h ++++ b/include/linux/tty.h +@@ -798,4 +798,7 @@ static inline void proc_tty_unregister_d + #define tty_info_ratelimited(tty, f, ...) \ + tty_msg(pr_info_ratelimited, tty, f, ##__VA_ARGS__) + ++int tty_insert_flip_string_and_push_buffer(struct tty_port *port, ++ const unsigned char *chars, size_t cnt); ++ + #endif diff --git a/patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch b/patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch new file mode 100644 index 0000000..ae82f67 --- /dev/null +++ b/patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch @@ -0,0 +1,129 @@ +From 04dd6e76b228891d29e49759e2351eb4a4303fc9 Mon Sep 17 00:00:00 2001 +From: Ray Chi +Date: Sun, 28 Mar 2021 02:17:42 +0800 +Subject: [PATCH] usb: dwc3: add cancelled reasons for dwc3 requests +Git-commit: 04dd6e76b228891d29e49759e2351eb4a4303fc9 +References: git-fixes +Patch-mainline: v5.13-rc1 + +Currently, when dwc3 handles request cancelled, dwc3 just returns +-ECONNRESET for all requests. It will cause USB function drivers +can't know if the requests are cancelled by other reasons. + +This patch will replace DWC3_REQUEST_STATUS_CANCELLED with the +reasons below. + - DWC3_REQUEST_STATUS_DISCONNECTED + - DWC3_REQUEST_STATUS_DEQUEUED + - DWC3_REQUEST_STATUS_STALLED + +Reviewed-by: Thinh Nguyen +Signed-off-by: Ray Chi +Link: https://lore.kernel.org/r/20210327181742.1810969-1-raychi@google.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/dwc3/core.h | 12 +++++++----- + drivers/usb/dwc3/gadget.c | 24 ++++++++++++++++++++---- + drivers/usb/dwc3/gadget.h | 6 ++++-- + 3 files changed, 31 insertions(+), 11 deletions(-) + +--- a/drivers/usb/dwc3/core.h ++++ b/drivers/usb/dwc3/core.h +@@ -890,11 +890,13 @@ struct dwc3_request { + unsigned remaining; + + unsigned int status; +-#define DWC3_REQUEST_STATUS_QUEUED 0 +-#define DWC3_REQUEST_STATUS_STARTED 1 +-#define DWC3_REQUEST_STATUS_CANCELLED 2 +-#define DWC3_REQUEST_STATUS_COMPLETED 3 +-#define DWC3_REQUEST_STATUS_UNKNOWN -1 ++#define DWC3_REQUEST_STATUS_QUEUED 0 ++#define DWC3_REQUEST_STATUS_STARTED 1 ++#define DWC3_REQUEST_STATUS_DISCONNECTED 2 ++#define DWC3_REQUEST_STATUS_DEQUEUED 3 ++#define DWC3_REQUEST_STATUS_STALLED 4 ++#define DWC3_REQUEST_STATUS_COMPLETED 5 ++#define DWC3_REQUEST_STATUS_UNKNOWN -1 + + u8 epnum; + struct dwc3_trb *trb; +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -1343,7 +1343,7 @@ static int __dwc3_gadget_kick_transfer(s + dwc3_stop_active_transfer(dep, true, true); + + list_for_each_entry_safe(req, tmp, &dep->started_list, list) +- dwc3_gadget_move_cancelled_request(req); ++ dwc3_gadget_move_cancelled_request(req, DWC3_REQUEST_STATUS_DEQUEUED); + + /* If ep isn't started, then there's no end transfer pending */ + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) +@@ -1621,10 +1621,25 @@ static void dwc3_gadget_ep_cleanup_cance + { + struct dwc3_request *req; + struct dwc3_request *tmp; ++ struct dwc3 *dwc = dep->dwc; + + list_for_each_entry_safe(req, tmp, &dep->cancelled_list, list) { + dwc3_gadget_ep_skip_trbs(dep, req); +- dwc3_gadget_giveback(dep, req, -ECONNRESET); ++ switch (req->status) { ++ case DWC3_REQUEST_STATUS_DISCONNECTED: ++ dwc3_gadget_giveback(dep, req, -ESHUTDOWN); ++ break; ++ case DWC3_REQUEST_STATUS_DEQUEUED: ++ dwc3_gadget_giveback(dep, req, -ECONNRESET); ++ break; ++ case DWC3_REQUEST_STATUS_STALLED: ++ dwc3_gadget_giveback(dep, req, -EPIPE); ++ break; ++ default: ++ dev_err(dwc->dev, "request cancelled with wrong reason:%d\n", req->status); ++ dwc3_gadget_giveback(dep, req, -ECONNRESET); ++ break; ++ } + } + } + +@@ -1673,7 +1688,8 @@ static int dwc3_gadget_ep_dequeue(struct + * cancelled. + */ + list_for_each_entry_safe(r, t, &dep->started_list, list) +- dwc3_gadget_move_cancelled_request(r); ++ dwc3_gadget_move_cancelled_request(r, ++ DWC3_REQUEST_STATUS_DEQUEUED); + + if (dep->flags & DWC3_EP_TRANSFER_STARTED) + goto out0; +@@ -1759,7 +1775,7 @@ int __dwc3_gadget_ep_set_halt(struct dwc + dwc3_stop_active_transfer(dep, true, true); + + list_for_each_entry_safe(req, tmp, &dep->started_list, list) +- dwc3_gadget_move_cancelled_request(req); ++ dwc3_gadget_move_cancelled_request(req, DWC3_REQUEST_STATUS_STALLED); + + if (!(dep->flags & DWC3_EP_END_TRANSFER_PENDING)) + dwc3_gadget_ep_cleanup_cancelled_requests(dep); +--- a/drivers/usb/dwc3/gadget.h ++++ b/drivers/usb/dwc3/gadget.h +@@ -88,15 +88,17 @@ static inline void dwc3_gadget_move_star + /** + * dwc3_gadget_move_cancelled_request - move @req to the cancelled_list + * @req: the request to be moved ++ * @reason: cancelled reason for the dwc3 request + * + * Caller should take care of locking. This function will move @req from its + * current list to the endpoint's cancelled_list. + */ +-static inline void dwc3_gadget_move_cancelled_request(struct dwc3_request *req) ++static inline void dwc3_gadget_move_cancelled_request(struct dwc3_request *req, ++ unsigned int reason) + { + struct dwc3_ep *dep = req->dep; + +- req->status = DWC3_REQUEST_STATUS_CANCELLED; ++ req->status = reason; + list_move_tail(&req->list, &dep->cancelled_list); + } + diff --git a/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch b/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch new file mode 100644 index 0000000..7784e72 --- /dev/null +++ b/patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch @@ -0,0 +1,56 @@ +From 7441b273388b9a59d8387a03ffbbca9d5af6348c Mon Sep 17 00:00:00 2001 +From: Thinh Nguyen +Date: Mon, 27 Jun 2022 18:41:19 -0700 +Subject: [PATCH] usb: dwc3: gadget: Fix event pending check +Git-commit: 7441b273388b9a59d8387a03ffbbca9d5af6348c +References: git-fixes +Patch-mainline: v5.19-rc7 + +The DWC3_EVENT_PENDING flag is used to protect against invalid call to +top-half interrupt handler, which can occur when there's a delay in +software detection of the interrupt line deassertion. + +However, the clearing of this flag was done prior to unmasking the +interrupt line, creating opportunity where the top-half handler can +come. This breaks the serialization and creates a race between the +top-half and bottom-half handler, resulting in losing synchronization +between the controller and the driver when processing events. + +To fix this, make sure the clearing of the DWC3_EVENT_PENDING is done at +the end of the bottom-half handler. + +Fixes: d325a1de49d6 ("usb: dwc3: gadget: Prevent losing events in event cache") +Cc: stable@vger.kernel.org +Signed-off-by: Thinh Nguyen +Link: https://lore.kernel.org/r/8670aaf1cf52e7d1e6df2a827af2d77263b93b75.1656380429.git.Thinh.Nguyen@synopsys.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/dwc3/gadget.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c +index 8716bece1072..0d89dfa6eef5 100644 +--- a/drivers/usb/dwc3/gadget.c ++++ b/drivers/usb/dwc3/gadget.c +@@ -4249,7 +4249,6 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) + } + + evt->count = 0; +- evt->flags &= ~DWC3_EVENT_PENDING; + ret = IRQ_HANDLED; + + /* Unmask interrupt */ +@@ -4261,6 +4260,9 @@ static irqreturn_t dwc3_process_event_buf(struct dwc3_event_buffer *evt) + dwc3_writel(dwc->regs, DWC3_DEV_IMOD(0), dwc->imod_interval); + } + ++ /* Keep the clearing of DWC3_EVENT_PENDING at the end */ ++ evt->flags &= ~DWC3_EVENT_PENDING; ++ + return ret; + } + +-- +2.35.3 + diff --git a/patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch b/patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch index 85a4d07..0886633 100644 --- a/patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch +++ b/patches.suse/usb-dwc3-gadget-Use-list_replace_init-before-travers.patch @@ -61,24 +61,28 @@ Link: https://lore.kernel.org/r/1627543994-20327-1-git-send-email-wcheng@codeaur Signed-off-by: Greg Kroah-Hartman Signed-off-by: Oliver Neukum --- - drivers/usb/dwc3/gadget.c | 18 ++++++++++++++++-- - 1 file changed, 16 insertions(+), 2 deletions(-) + drivers/usb/dwc3/gadget.c | 17 +++++++++++++++-- + 1 file changed, 15 insertions(+), 2 deletions(-) --- a/drivers/usb/dwc3/gadget.c +++ b/drivers/usb/dwc3/gadget.c -@@ -1623,11 +1623,18 @@ static void dwc3_gadget_ep_cleanup_cance +@@ -1623,9 +1623,12 @@ static void dwc3_gadget_ep_cleanup_cance { struct dwc3_request *req; struct dwc3_request *tmp; + struct list_head local; + struct dwc3 *dwc = dep->dwc; - list_for_each_entry_safe(req, tmp, &dep->cancelled_list, list) { + list_replace_init(&dep->cancelled_list, &local); -+ +restart: + list_for_each_entry_safe(req, tmp, &local, list) { dwc3_gadget_ep_skip_trbs(dep, req); - dwc3_gadget_giveback(dep, req, -ECONNRESET); + switch (req->status) { + case DWC3_REQUEST_STATUS_DISCONNECTED: +@@ -1643,6 +1646,9 @@ static void dwc3_gadget_ep_cleanup_cance + break; + } } + + if (!list_empty(&dep->cancelled_list)) @@ -86,21 +90,21 @@ Signed-off-by: Oliver Neukum } static int dwc3_gadget_ep_dequeue(struct usb_ep *ep, -@@ -2741,8 +2748,12 @@ static void dwc3_gadget_ep_cleanup_compl +@@ -2757,8 +2763,12 @@ static void dwc3_gadget_ep_cleanup_compl { struct dwc3_request *req; struct dwc3_request *tmp; + struct list_head local; - -- list_for_each_entry_safe(req, tmp, &dep->started_list, list) { ++ +restart: + list_replace_init(&dep->started_list, &local); -+ + +- list_for_each_entry_safe(req, tmp, &dep->started_list, list) { + list_for_each_entry_safe(req, tmp, &local, list) { int ret; ret = dwc3_gadget_ep_cleanup_completed_request(dep, event, -@@ -2750,6 +2761,9 @@ static void dwc3_gadget_ep_cleanup_compl +@@ -2766,6 +2776,9 @@ static void dwc3_gadget_ep_cleanup_compl if (ret) break; } diff --git a/patches.suse/usb-gadget-udc-amd5536-depends-on-HAS_DMA.patch b/patches.suse/usb-gadget-udc-amd5536-depends-on-HAS_DMA.patch new file mode 100644 index 0000000..993573d --- /dev/null +++ b/patches.suse/usb-gadget-udc-amd5536-depends-on-HAS_DMA.patch @@ -0,0 +1,46 @@ +From 8097cf2fb3b2205257f1c76f4808e3398d66b6d9 Mon Sep 17 00:00:00 2001 +From: Randy Dunlap +Date: Fri, 8 Jul 2022 18:36:01 -0700 +Subject: [PATCH] usb: gadget: udc: amd5536 depends on HAS_DMA +Git-commit: 8097cf2fb3b2205257f1c76f4808e3398d66b6d9 +Patch-mainline: v6.0-rc1 +References: git-fixes + +USB_AMD5536UDC should depend on HAS_DMA since it selects USB_SNP_CORE, +which depends on HAS_DMA and since 'select' does not follow any +dependency chains. + +Fixes this kconfig warning: + +Warning: unmet direct dependencies detected for USB_SNP_CORE Depends on [n]: USB_SUPPORT [=y] && USB_GADGET [=y] && (USB_AMD5536UDC [=y] || USB_SNP_UDC_PLAT [=n]) && HAS_DMA [=n] Selected by [y]: - USB_AMD5536UDC [=y] && USB_SUPPORT [=y] && USB_GADGET [=y] && USB_PCI [=y] + +Fixes: 97b3ffa233b9 ("usb: gadget: udc: amd5536: split core and PCI layer") +Cc: Raviteja Garimella +Cc: Felipe Balbi +Cc: linux-usb@vger.kernel.org +Cc: Greg Kroah-Hartman +Signed-off-by: Randy Dunlap +Link: https://lore.kernel.org/r/20220709013601.7536-1-rdunlap@infradead.org +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/gadget/udc/Kconfig | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/gadget/udc/Kconfig b/drivers/usb/gadget/udc/Kconfig +index 03535f33511b..43130110a0b4 100644 +--- a/drivers/usb/gadget/udc/Kconfig ++++ b/drivers/usb/gadget/udc/Kconfig +@@ -311,7 +311,7 @@ source "drivers/usb/gadget/udc/bdc/Kconfig" + + config USB_AMD5536UDC + tristate "AMD5536 UDC" +- depends on USB_PCI ++ depends on USB_PCI && HAS_DMA + select USB_SNP_CORE + help + The AMD5536 UDC is part of the AMD Geode CS5536, an x86 southbridge. +-- +2.35.3 + diff --git a/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch b/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch new file mode 100644 index 0000000..4f78cbc --- /dev/null +++ b/patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch @@ -0,0 +1,38 @@ +From b5c5b13cb45e2c88181308186b0001992cb41954 Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Thu, 2 Jun 2022 15:08:49 +0400 +Subject: [PATCH] usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe +Git-commit: b5c5b13cb45e2c88181308186b0001992cb41954 +Patch-mainline: v6.0-rc1 +References: git-fixes + +of_find_compatible_node() returns a node pointer with refcount +incremented, we should use of_node_put() on it when done. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 796bcae7361c ("USB: powerpc: Workaround for the PPC440EPX USBH_23 errata [take 3]") +Acked-by: Alan Stern +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220602110849.58549-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/host/ehci-ppc-of.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/host/ehci-ppc-of.c b/drivers/usb/host/ehci-ppc-of.c +index 6bbaee74f7e7..28a19693c19f 100644 +--- a/drivers/usb/host/ehci-ppc-of.c ++++ b/drivers/usb/host/ehci-ppc-of.c +@@ -148,6 +148,7 @@ static int ehci_hcd_ppc_of_probe(struct platform_device *op) + } else { + ehci->has_amcc_usb23 = 1; + } ++ of_node_put(np); + } + + if (of_get_property(dn, "big-endian", NULL)) { +-- +2.35.3 + diff --git a/patches.suse/usb-host-xhci-use-snprintf-in-xhci_decode_trb.patch b/patches.suse/usb-host-xhci-use-snprintf-in-xhci_decode_trb.patch new file mode 100644 index 0000000..5e79710 --- /dev/null +++ b/patches.suse/usb-host-xhci-use-snprintf-in-xhci_decode_trb.patch @@ -0,0 +1,42 @@ +From 1ce69c35b86038dd11d3a6115a04501c5b89a940 Mon Sep 17 00:00:00 2001 +From: Sergey Shtylyov +Date: Thu, 30 Jun 2022 15:46:45 +0300 +Subject: [PATCH] usb: host: xhci: use snprintf() in xhci_decode_trb() +Git-commit: 1ce69c35b86038dd11d3a6115a04501c5b89a940 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Commit cbf286e8ef83 ("xhci: fix unsafe memory usage in xhci tracing") +apparently missed one sprintf() call in xhci_decode_trb() -- replace +it with the snprintf() call as well... + +Found by Linux Verification Center (linuxtesting.org) with the SVACE static +analysis tool. + +Fixes: cbf286e8ef83 ("xhci: fix unsafe memory usage in xhci tracing") +Signed-off-by: Sergey Shtylyov +Signed-off-by: Mathias Nyman +Link: https://lore.kernel.org/r/20220630124645.1805902-2-mathias.nyman@linux.intel.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/host/xhci.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/usb/host/xhci.h b/drivers/usb/host/xhci.h +index 28aaf031f9a8..1960b47acfb2 100644 +--- a/drivers/usb/host/xhci.h ++++ b/drivers/usb/host/xhci.h +@@ -2417,7 +2417,7 @@ static inline const char *xhci_decode_trb(char *str, size_t size, + field3 & TRB_CYCLE ? 'C' : 'c'); + break; + case TRB_STOP_RING: +- sprintf(str, ++ snprintf(str, size, + "%s: slot %d sp %d ep %d flags %c", + xhci_trb_type_string(type), + TRB_TO_SLOT_ID(field3), +-- +2.35.3 + diff --git a/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch b/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch new file mode 100644 index 0000000..af4c1e2 --- /dev/null +++ b/patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch @@ -0,0 +1,38 @@ +From 302970b4cad3ebfda2c05ce06c322ccdc447d17e Mon Sep 17 00:00:00 2001 +From: Miaoqian Lin +Date: Fri, 3 Jun 2022 18:12:30 +0400 +Subject: [PATCH] usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe +Git-commit: 302970b4cad3ebfda2c05ce06c322ccdc447d17e +Patch-mainline: v6.0-rc1 +References: git-fixes + +of_parse_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 73108aa90cbf ("USB: ohci-nxp: Use isp1301 driver") +Acked-by: Alan Stern +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220603141231.979-1-linmq006@gmail.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/host/ohci-nxp.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/host/ohci-nxp.c b/drivers/usb/host/ohci-nxp.c +index 85878e8ad331..106a6bcefb08 100644 +--- a/drivers/usb/host/ohci-nxp.c ++++ b/drivers/usb/host/ohci-nxp.c +@@ -164,6 +164,7 @@ static int ohci_hcd_nxp_probe(struct platform_device *pdev) + } + + isp1301_i2c_client = isp1301_get_client(isp1301_node); ++ of_node_put(isp1301_node); + if (!isp1301_i2c_client) + return -EPROBE_DEFER; + +-- +2.35.3 + diff --git a/patches.suse/usb-typec-add-missing-uevent-when-partner-support-PD.patch b/patches.suse/usb-typec-add-missing-uevent-when-partner-support-PD.patch new file mode 100644 index 0000000..f83cca2 --- /dev/null +++ b/patches.suse/usb-typec-add-missing-uevent-when-partner-support-PD.patch @@ -0,0 +1,42 @@ +From 6fb9e1d94789e8ee5a258a23bc588693f743fd6c Mon Sep 17 00:00:00 2001 +From: Linyu Yuan +Date: Fri, 1 Jul 2022 16:08:54 +0800 +Subject: [PATCH] usb: typec: add missing uevent when partner support PD +Git-commit: 6fb9e1d94789e8ee5a258a23bc588693f743fd6c +References: git-fixes +Patch-mainline: v5.19-rc7 + +System like Android allow user control power role from UI, it is possible +to implement application base on typec uevent to refresh UI, but found +there is chance that UI show different state from typec attribute file. + +In typec_set_pwr_opmode(), when partner support PD, there is no uevent +send to user space which cause the problem. + +Fix it by sending uevent notification when change power mode to PD. + +Fixes: bdecb33af34f ("usb: typec: API for controlling USB Type-C Multiplexers") +Cc: stable@vger.kernel.org +Signed-off-by: Linyu Yuan +Link: https://lore.kernel.org/r/1656662934-10226-1-git-send-email-quic_linyyuan@quicinc.com +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Oliver Neukum +--- + drivers/usb/typec/class.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/usb/typec/class.c b/drivers/usb/typec/class.c +index ee0e520707dd..c4724750c81a 100644 +--- a/drivers/usb/typec/class.c ++++ b/drivers/usb/typec/class.c +@@ -1718,6 +1718,7 @@ void typec_set_pwr_opmode(struct typec_port *port, + partner->usb_pd = 1; + sysfs_notify(&partner_dev->kobj, NULL, + "supports_usb_power_delivery"); ++ kobject_uevent(&partner_dev->kobj, KOBJ_CHANGE); + } + put_device(partner_dev); + } +-- +2.35.3 + diff --git a/patches.suse/usb-typec-ucsi-Acknowledge-the-GET_ERROR_STATUS-comm.patch b/patches.suse/usb-typec-ucsi-Acknowledge-the-GET_ERROR_STATUS-comm.patch new file mode 100644 index 0000000..04bc22a --- /dev/null +++ b/patches.suse/usb-typec-ucsi-Acknowledge-the-GET_ERROR_STATUS-comm.patch @@ -0,0 +1,46 @@ +From a7dc438b5e446afcd1b3b6651da28271400722f2 Mon Sep 17 00:00:00 2001 +From: Linyu Yuan +Date: Tue, 26 Jul 2022 14:45:49 +0800 +Subject: [PATCH] usb: typec: ucsi: Acknowledge the GET_ERROR_STATUS command completion +Git-commit: a7dc438b5e446afcd1b3b6651da28271400722f2 +Patch-mainline: v6.0-rc1 +References: git-fixes + +We found PPM will not send any notification after it report error status +and OPM issue GET_ERROR_STATUS command to read the details about error. + +According UCSI spec, PPM may clear the Error Status Data after the OPM +has acknowledged the command completion. + +This change add operation to acknowledge the command completion from PPM. + +Fixes: bdc62f2bae8f (usb: typec: ucsi: Simplified registration and I/O API) +Cc: # 5.10 +Signed-off-by: Jack Pham +Signed-off-by: Linyu Yuan +Link: https://lore.kernel.org/r/1658817949-4632-1-git-send-email-quic_linyyuan@quicinc.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/typec/ucsi/ucsi.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/drivers/usb/typec/ucsi/ucsi.c b/drivers/usb/typec/ucsi/ucsi.c +index cbd862f9f2a1..1aea46493b85 100644 +--- a/drivers/usb/typec/ucsi/ucsi.c ++++ b/drivers/usb/typec/ucsi/ucsi.c +@@ -76,6 +76,10 @@ static int ucsi_read_error(struct ucsi *ucsi) + if (ret) + return ret; + ++ ret = ucsi_acknowledge_command(ucsi); ++ if (ret) ++ return ret; ++ + switch (error) { + case UCSI_ERROR_INCOMPATIBLE_PARTNER: + return -EOPNOTSUPP; +-- +2.35.3 + diff --git a/patches.suse/usb-xhci-tegra-Fix-error-check.patch b/patches.suse/usb-xhci-tegra-Fix-error-check.patch new file mode 100644 index 0000000..7504d7c --- /dev/null +++ b/patches.suse/usb-xhci-tegra-Fix-error-check.patch @@ -0,0 +1,49 @@ +From 18fc7c435be3f17ea26a21b2e2312fcb9088e01f Mon Sep 17 00:00:00 2001 +From: Tang Bin +Date: Tue, 24 May 2022 20:14:04 +0800 +Subject: [PATCH] usb: xhci: tegra: Fix error check +Git-commit: 18fc7c435be3f17ea26a21b2e2312fcb9088e01f +Patch-mainline: v6.0-rc1 +References: git-fixes + +In the function tegra_xusb_powerdomain_init(), +dev_pm_domain_attach_by_name() may return NULL in some cases, +so IS_ERR() doesn't meet the requirements. Thus fix it. + +Fixes: 6494a9ad86de ("usb: xhci: tegra: Add genpd support") +Signed-off-by: Tang Bin +Link: https://lore.kernel.org/r/20220524121404.18376-1-tangbin@cmss.chinamobile.com +Signed-off-by: Greg Kroah-Hartman +Acked-by: Takashi Iwai + +--- + drivers/usb/host/xhci-tegra.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/usb/host/xhci-tegra.c b/drivers/usb/host/xhci-tegra.c +index 996958a6565c..bdb776553826 100644 +--- a/drivers/usb/host/xhci-tegra.c ++++ b/drivers/usb/host/xhci-tegra.c +@@ -1010,15 +1010,15 @@ static int tegra_xusb_powerdomain_init(struct device *dev, + int err; + + tegra->genpd_dev_host = dev_pm_domain_attach_by_name(dev, "xusb_host"); +- if (IS_ERR(tegra->genpd_dev_host)) { +- err = PTR_ERR(tegra->genpd_dev_host); ++ if (IS_ERR_OR_NULL(tegra->genpd_dev_host)) { ++ err = PTR_ERR(tegra->genpd_dev_host) ? : -ENODATA; + dev_err(dev, "failed to get host pm-domain: %d\n", err); + return err; + } + + tegra->genpd_dev_ss = dev_pm_domain_attach_by_name(dev, "xusb_ss"); +- if (IS_ERR(tegra->genpd_dev_ss)) { +- err = PTR_ERR(tegra->genpd_dev_ss); ++ if (IS_ERR_OR_NULL(tegra->genpd_dev_ss)) { ++ err = PTR_ERR(tegra->genpd_dev_ss) ? : -ENODATA; + dev_err(dev, "failed to get superspeed pm-domain: %d\n", err); + return err; + } +-- +2.35.3 + diff --git a/patches.suse/usbnet-fix-memory-leak-in-error-case.patch b/patches.suse/usbnet-fix-memory-leak-in-error-case.patch new file mode 100644 index 0000000..b4e70f6 --- /dev/null +++ b/patches.suse/usbnet-fix-memory-leak-in-error-case.patch @@ -0,0 +1,72 @@ +From b55a21b764c1e182014630fa5486d717484ac58f Mon Sep 17 00:00:00 2001 +From: Oliver Neukum +Date: Tue, 5 Jul 2022 14:53:51 +0200 +Subject: [PATCH] usbnet: fix memory leak in error case +Git-commit: b55a21b764c1e182014630fa5486d717484ac58f +References: git-fixes +Patch-mainline: v5.19-rc6 + +usbnet_write_cmd_async() mixed up which buffers +need to be freed in which error case. + +v2: add Fixes tag +v3: fix uninitialized buf pointer + +Fixes: 877bd862f32b8 ("usbnet: introduce usbnet 3 command helpers") +Signed-off-by: Oliver Neukum +Link: https://lore.kernel.org/r/20220705125351.17309-1-oneukum@suse.com +Signed-off-by: Jakub Kicinski +--- + drivers/net/usb/usbnet.c | 17 ++++++++++++----- + 1 file changed, 12 insertions(+), 5 deletions(-) + +diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c +index e2135ab87a6e..78a92751ce4c 100644 +--- a/drivers/net/usb/usbnet.c ++++ b/drivers/net/usb/usbnet.c +@@ -2137,7 +2137,7 @@ static void usbnet_async_cmd_cb(struct urb *urb) + int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype, + u16 value, u16 index, const void *data, u16 size) + { +- struct usb_ctrlrequest *req = NULL; ++ struct usb_ctrlrequest *req; + struct urb *urb; + int err = -ENOMEM; + void *buf = NULL; +@@ -2155,7 +2155,7 @@ int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype, + if (!buf) { + netdev_err(dev->net, "Error allocating buffer" + " in %s!\n", __func__); +- goto fail_free; ++ goto fail_free_urb; + } + } + +@@ -2179,14 +2179,21 @@ int usbnet_write_cmd_async(struct usbnet *dev, u8 cmd, u8 reqtype, + if (err < 0) { + netdev_err(dev->net, "Error submitting the control" + " message: status=%d\n", err); +- goto fail_free; ++ goto fail_free_all; + } + return 0; + ++fail_free_all: ++ kfree(req); + fail_free_buf: + kfree(buf); +-fail_free: +- kfree(req); ++ /* ++ * avoid a double free ++ * needed because the flag can be set only ++ * after filling the URB ++ */ ++ urb->transfer_flags = 0; ++fail_free_urb: + usb_free_urb(urb); + fail: + return err; +-- +2.35.3 + diff --git a/patches.suse/video-of_display_timing.h-include-errno.h.patch b/patches.suse/video-of_display_timing.h-include-errno.h.patch new file mode 100644 index 0000000..84adb25 --- /dev/null +++ b/patches.suse/video-of_display_timing.h-include-errno.h.patch @@ -0,0 +1,38 @@ +From 3663a2fb325b8782524f3edb0ae32d6faa615109 Mon Sep 17 00:00:00 2001 +From: Hsin-Yi Wang +Date: Fri, 1 Jul 2022 01:33:29 +0800 +Subject: [PATCH] video: of_display_timing.h: include errno.h +Git-commit: 3663a2fb325b8782524f3edb0ae32d6faa615109 +Patch-mainline: v5.19-rc6 +References: git-fixes + +If CONFIG_OF is not enabled, default of_get_display_timing() returns an +errno, so include the header. + +Fixes: 422b67e0b31a ("videomode: provide dummy inline functions for !CONFIG_OF") +Suggested-by: Stephen Boyd +Signed-off-by: Hsin-Yi Wang +Reviewed-by: Stephen Boyd +Signed-off-by: Helge Deller +Acked-by: Takashi Iwai + +--- + include/video/of_display_timing.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/include/video/of_display_timing.h b/include/video/of_display_timing.h +index e1126a74882a..eff166fdd81b 100644 +--- a/include/video/of_display_timing.h ++++ b/include/video/of_display_timing.h +@@ -8,6 +8,8 @@ + #ifndef __LINUX_OF_DISPLAY_TIMING_H + #define __LINUX_OF_DISPLAY_TIMING_H + ++#include ++ + struct device_node; + struct display_timing; + struct display_timings; +-- +2.35.3 + diff --git a/patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch b/patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch new file mode 100644 index 0000000..94a1a08 --- /dev/null +++ b/patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch @@ -0,0 +1,46 @@ +From bd63f11f4c3c46afec07d821f74736161ff6e526 Mon Sep 17 00:00:00 2001 +From: Xiaomeng Tong +Date: Sun, 27 Mar 2022 13:09:45 +0800 +Subject: [PATCH] virtio-gpu: fix a missing check to avoid NULL dereference +Git-commit: bd63f11f4c3c46afec07d821f74736161ff6e526 +Patch-mainline: v6.0-rc1 +References: git-fixes + +'cache_ent' could be set NULL inside virtio_gpu_cmd_get_capset() +and it will lead to a NULL dereference by a lately use of it +(i.e., ptr = cache_ent->caps_cache). Fix it with a NULL check. + +Fixes: 62fb7a5e10962 ("virtio-gpu: add 3d/virgl support") +Signed-off-by: Xiaomeng Tong +Reviewed-by: Chia-I Wu +Link: http://patchwork.freedesktop.org/patch/msgid/20220327050945.1614-1-xiam0nd.tong@gmail.com + +[ kraxel: minor codestyle fixup ] + +Signed-off-by: Gerd Hoffmann +Acked-by: Takashi Iwai + +--- + drivers/gpu/drm/virtio/virtgpu_ioctl.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/virtio/virtgpu_ioctl.c b/drivers/gpu/drm/virtio/virtgpu_ioctl.c +index f8d83358d2a0..9b2702116f93 100644 +--- a/drivers/gpu/drm/virtio/virtgpu_ioctl.c ++++ b/drivers/gpu/drm/virtio/virtgpu_ioctl.c +@@ -580,8 +580,10 @@ static int virtio_gpu_get_caps_ioctl(struct drm_device *dev, + spin_unlock(&vgdev->display_info_lock); + + /* not in cache - need to talk to hw */ +- virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver, +- &cache_ent); ++ ret = virtio_gpu_cmd_get_capset(vgdev, found_valid, args->cap_set_ver, ++ &cache_ent); ++ if (ret) ++ return ret; + virtio_gpu_notify(vgdev); + + copy_exit: +-- +2.35.3 + diff --git a/patches.suse/virtio-net-fix-the-race-between-refill-work-and-clos.patch b/patches.suse/virtio-net-fix-the-race-between-refill-work-and-clos.patch new file mode 100644 index 0000000..fef6375 --- /dev/null +++ b/patches.suse/virtio-net-fix-the-race-between-refill-work-and-clos.patch @@ -0,0 +1,151 @@ +From 5a159128faff151b7fe5f4eb0f310b1e0a2d56bf Mon Sep 17 00:00:00 2001 +From: Jason Wang +Date: Mon, 25 Jul 2022 15:21:59 +0800 +Subject: [PATCH] virtio-net: fix the race between refill work and close +Git-commit: 5a159128faff151b7fe5f4eb0f310b1e0a2d56bf +Patch-mainline: v5.19 +References: git-fixes + +We try using cancel_delayed_work_sync() to prevent the work from +enabling NAPI. This is insufficient since we don't disable the source +of the refill work scheduling. This means an NAPI poll callback after +cancel_delayed_work_sync() can schedule the refill work then can +re-enable the NAPI that leads to use-after-free [1]. + +Since the work can enable NAPI, we can't simply disable NAPI before +calling cancel_delayed_work_sync(). So fix this by introducing a +dedicated boolean to control whether or not the work could be +scheduled from NAPI. + +[1] +================================================================== +Bug: KASAN: use-after-free in refill_work+0x43/0xd4 +Read of size 2 at addr ffff88810562c92e by task kworker/2:1/42 + +Cpu: 2 PID: 42 Comm: kworker/2:1 Not tainted 5.19.0-rc1+ #480 +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 +Workqueue: events refill_work +Call Trace: + + dump_stack_lvl+0x34/0x44 + print_report.cold+0xbb/0x6ac + ? _printk+0xad/0xde + ? refill_work+0x43/0xd4 + kasan_report+0xa8/0x130 + ? refill_work+0x43/0xd4 + refill_work+0x43/0xd4 + process_one_work+0x43d/0x780 + worker_thread+0x2a0/0x6f0 + ? process_one_work+0x780/0x780 + kthread+0x167/0x1a0 + ? kthread_exit+0x50/0x50 + ret_from_fork+0x22/0x30 + +... + +Fixes: b2baed69e605c ("virtio_net: set/cancel work on ndo_open/ndo_stop") +Signed-off-by: Jason Wang +Acked-by: Michael S. Tsirkin +Reviewed-by: Xuan Zhuo +Signed-off-by: David S. Miller +Acked-by: Takashi Iwai + +--- + drivers/net/virtio_net.c | 37 ++++++++++++++++++++++++++++++++++--- + 1 file changed, 34 insertions(+), 3 deletions(-) + +diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c +index 356cf8dd4164..ec8e1b3108c3 100644 +--- a/drivers/net/virtio_net.c ++++ b/drivers/net/virtio_net.c +@@ -242,9 +242,15 @@ struct virtnet_info { + /* Packet virtio header size */ + u8 hdr_len; + +- /* Work struct for refilling if we run low on memory. */ ++ /* Work struct for delayed refilling if we run low on memory. */ + struct delayed_work refill; + ++ /* Is delayed refill enabled? */ ++ bool refill_enabled; ++ ++ /* The lock to synchronize the access to refill_enabled */ ++ spinlock_t refill_lock; ++ + /* Work struct for config space updates */ + struct work_struct config_work; + +@@ -348,6 +354,20 @@ static struct page *get_a_page(struct receive_queue *rq, gfp_t gfp_mask) + return p; + } + ++static void enable_delayed_refill(struct virtnet_info *vi) ++{ ++ spin_lock_bh(&vi->refill_lock); ++ vi->refill_enabled = true; ++ spin_unlock_bh(&vi->refill_lock); ++} ++ ++static void disable_delayed_refill(struct virtnet_info *vi) ++{ ++ spin_lock_bh(&vi->refill_lock); ++ vi->refill_enabled = false; ++ spin_unlock_bh(&vi->refill_lock); ++} ++ + static void virtqueue_napi_schedule(struct napi_struct *napi, + struct virtqueue *vq) + { +@@ -1527,8 +1547,12 @@ static int virtnet_receive(struct receive_queue *rq, int budget, + } + + if (rq->vq->num_free > min((unsigned int)budget, virtqueue_get_vring_size(rq->vq)) / 2) { +- if (!try_fill_recv(vi, rq, GFP_ATOMIC)) +- schedule_delayed_work(&vi->refill, 0); ++ if (!try_fill_recv(vi, rq, GFP_ATOMIC)) { ++ spin_lock(&vi->refill_lock); ++ if (vi->refill_enabled) ++ schedule_delayed_work(&vi->refill, 0); ++ spin_unlock(&vi->refill_lock); ++ } + } + + u64_stats_update_begin(&rq->stats.syncp); +@@ -1651,6 +1675,8 @@ static int virtnet_open(struct net_device *dev) + struct virtnet_info *vi = netdev_priv(dev); + int i, err; + ++ enable_delayed_refill(vi); ++ + for (i = 0; i < vi->max_queue_pairs; i++) { + if (i < vi->curr_queue_pairs) + /* Make sure we have some buffers: if oom use wq. */ +@@ -2033,6 +2059,8 @@ static int virtnet_close(struct net_device *dev) + struct virtnet_info *vi = netdev_priv(dev); + int i; + ++ /* Make sure NAPI doesn't schedule refill work */ ++ disable_delayed_refill(vi); + /* Make sure refill_work doesn't re-enable napi! */ + cancel_delayed_work_sync(&vi->refill); + +@@ -2792,6 +2820,8 @@ static int virtnet_restore_up(struct virtio_device *vdev) + + virtio_device_ready(vdev); + ++ enable_delayed_refill(vi); ++ + if (netif_running(vi->dev)) { + err = virtnet_open(vi->dev); + if (err) +@@ -3535,6 +3565,7 @@ static int virtnet_probe(struct virtio_device *vdev) + vdev->priv = vi; + + INIT_WORK(&vi->config_work, virtnet_config_changed_work); ++ spin_lock_init(&vi->refill_lock); + + /* If we can receive ANY GSO packets, we must allocate large ones. */ + if (virtio_has_feature(vdev, VIRTIO_NET_F_GUEST_TSO4) || +-- +2.35.3 + diff --git a/patches.suse/virtio_mmio-Add-missing-PM-calls-to-freeze-restore.patch b/patches.suse/virtio_mmio-Add-missing-PM-calls-to-freeze-restore.patch new file mode 100644 index 0000000..1cc3240 --- /dev/null +++ b/patches.suse/virtio_mmio-Add-missing-PM-calls-to-freeze-restore.patch @@ -0,0 +1,76 @@ +From ed7ac37fde33ccd84e4bd2b9363c191f925364c7 Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Tue, 21 Jun 2022 13:06:20 +0200 +Subject: [PATCH] virtio_mmio: Add missing PM calls to freeze/restore +Git-commit: ed7ac37fde33ccd84e4bd2b9363c191f925364c7 +Patch-mainline: v5.19-rc5 +References: git-fixes + +Most virtio drivers provide freeze/restore callbacks to finish up +device usage before suspend and to reinitialize the virtio device after +resume. However, these callbacks are currently only called when using +virtio_pci. virtio_mmio does not have any PM ops defined. + +This causes problems for example after suspend to disk (hibernation), +since the virtio devices might lose their state after the VMM is +restarted. Calling virtio_device_freeze()/restore() ensures that +the virtio devices are re-initialized correctly. + +Fix this by implementing the dev_pm_ops for virtio_mmio, +similar to virtio_pci_common. + +Signed-off-by: Stephan Gerhold +Message-id: <20220621110621.3638025-2-stephan.gerhold@kernkonzept.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Takashi Iwai + +--- + drivers/virtio/virtio_mmio.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +--- a/drivers/virtio/virtio_mmio.c ++++ b/drivers/virtio/virtio_mmio.c +@@ -62,6 +62,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -514,6 +515,25 @@ static const struct virtio_config_ops vi + .bus_name = vm_bus_name, + }; + ++#ifdef CONFIG_PM_SLEEP ++static int virtio_mmio_freeze(struct device *dev) ++{ ++ struct virtio_mmio_device *vm_dev = dev_get_drvdata(dev); ++ ++ return virtio_device_freeze(&vm_dev->vdev); ++} ++ ++static int virtio_mmio_restore(struct device *dev) ++{ ++ struct virtio_mmio_device *vm_dev = dev_get_drvdata(dev); ++ ++ return virtio_device_restore(&vm_dev->vdev); ++} ++ ++static const struct dev_pm_ops virtio_mmio_pm_ops = { ++ SET_SYSTEM_SLEEP_PM_OPS(virtio_mmio_freeze, virtio_mmio_restore) ++}; ++#endif + + static void virtio_mmio_release_dev(struct device *_d) + { +@@ -767,6 +787,9 @@ static struct platform_driver virtio_mmi + .name = "virtio-mmio", + .of_match_table = virtio_mmio_match, + .acpi_match_table = ACPI_PTR(virtio_mmio_acpi_match), ++#ifdef CONFIG_PM_SLEEP ++ .pm = &virtio_mmio_pm_ops, ++#endif + }, + }; + diff --git a/patches.suse/virtio_mmio-Restore-guest-page-size-on-resume.patch b/patches.suse/virtio_mmio-Restore-guest-page-size-on-resume.patch new file mode 100644 index 0000000..964622b --- /dev/null +++ b/patches.suse/virtio_mmio-Restore-guest-page-size-on-resume.patch @@ -0,0 +1,44 @@ +From e0c2ce8217955537dd5434baeba061f209797119 Mon Sep 17 00:00:00 2001 +From: Stephan Gerhold +Date: Tue, 21 Jun 2022 13:06:21 +0200 +Subject: [PATCH] virtio_mmio: Restore guest page size on resume +Git-commit: e0c2ce8217955537dd5434baeba061f209797119 +Patch-mainline: v5.19-rc5 +References: git-fixes + +Virtio devices might lose their state when the VMM is restarted +after a suspend to disk (hibernation) cycle. This means that the +guest page size register must be restored for the virtio_mmio legacy +interface, since otherwise the virtio queues are not functional. + +This is particularly problematic for QEMU that currently still defaults +to using the legacy interface for virtio_mmio. Write the guest page +size register again in virtio_mmio_restore() to make legacy virtio_mmio +devices work correctly after hibernation. + +Signed-off-by: Stephan Gerhold +Message-id: <20220621110621.3638025-3-stephan.gerhold@kernkonzept.com> +Signed-off-by: Michael S. Tsirkin +Acked-by: Takashi Iwai + +--- + drivers/virtio/virtio_mmio.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c +index 980dffd69586..083ff1eb743d 100644 +--- a/drivers/virtio/virtio_mmio.c ++++ b/drivers/virtio/virtio_mmio.c +@@ -569,6 +569,9 @@ static int virtio_mmio_restore(struct device *dev) + { + struct virtio_mmio_device *vm_dev = dev_get_drvdata(dev); + ++ if (vm_dev->version == 1) ++ writel(PAGE_SIZE, vm_dev->base + VIRTIO_MMIO_GUEST_PAGE_SIZE); ++ + return virtio_device_restore(&vm_dev->vdev); + } + +-- +2.35.3 + diff --git a/patches.suse/vt-drop-old-FONT-ioctls.patch b/patches.suse/vt-drop-old-FONT-ioctls.patch new file mode 100644 index 0000000..c1da63e --- /dev/null +++ b/patches.suse/vt-drop-old-FONT-ioctls.patch @@ -0,0 +1,299 @@ +From: Jiri Slaby +Date: Tue, 5 Jan 2021 13:02:35 +0100 +Subject: vt: drop old FONT ioctls +Git-commit: ff2047fb755d4415ec3c70ac799889371151796d +Patch-mainline: 5.12-rc1 +References: bsc#1201636 CVE-2021-33656 + +Drop support for these ioctls: +* PIO_FONT, PIO_FONTX +* GIO_FONT, GIO_FONTX +* PIO_FONTRESET + +As was demonstrated by commit 90bfdeef83f1 (tty: make FONTX ioctl use +the tty pointer they were actually passed), these ioctls are not used +from userspace, as: +1) they used to be broken (set up font on current console, not the open + one) and racy (before the commit above) +2) KDFONTOP ioctl is used for years instead + +Note that PIO_FONTRESET is defunct on most systems as VGA_CONSOLE is set +on them for ages. That turns on BROKEN_GRAPHICS_PROGRAMS which makes +PIO_FONTRESET just return an error. + +We are removing KD_FONT_FLAG_OLD here as it was used only by these +removed ioctls. kd.h header exists both in kernel and uapi headers, so +we can remove the kernel one completely. Everyone includeing kd.h will +now automatically get the uapi one. + +There are now unused definitions of the ioctl numbers and "struct +consolefontdesc" in kd.h, but as it is a uapi header, I am not touching +these. + +Signed-off-by: Jiri Slaby +Link: https://lore.kernel.org/r/20210105120239.28031-8-jslaby@suse.cz +Signed-off-by: Greg Kroah-Hartman +--- + drivers/tty/vt/vt.c | 39 ------------ + drivers/tty/vt/vt_ioctl.c | 147 ---------------------------------------------- + include/linux/kd.h | 8 -- + 3 files changed, 3 insertions(+), 191 deletions(-) + delete mode 100644 include/linux/kd.h + +--- a/drivers/tty/vt/vt.c ++++ b/drivers/tty/vt/vt.c +@@ -4499,16 +4499,8 @@ static int con_font_get(struct vc_data * + + if (op->data && font.charcount > op->charcount) + rc = -ENOSPC; +- if (!(op->flags & KD_FONT_FLAG_OLD)) { +- if (font.width > op->width || font.height > op->height) +- rc = -ENOSPC; +- } else { +- if (font.width != 8) +- rc = -EIO; +- else if ((op->height && font.height > op->height) || +- font.height > 32) +- rc = -ENOSPC; +- } ++ if (font.width > op->width || font.height > op->height) ++ rc = -ENOSPC; + if (rc) + goto out; + +@@ -4536,7 +4528,7 @@ static int con_font_set(struct vc_data * + return -EINVAL; + if (op->charcount > 512) + return -EINVAL; +- if (op->width <= 0 || op->width > 32 || op->height > 32) ++ if (op->width <= 0 || op->width > 32 || !op->height || op->height > 32) + return -EINVAL; + size = (op->width+7)/8 * 32 * op->charcount; + if (size > max_font_size) +@@ -4546,31 +4538,6 @@ static int con_font_set(struct vc_data * + if (IS_ERR(font.data)) + return PTR_ERR(font.data); + +- if (!op->height) { /* Need to guess font height [compat] */ +- int h, i; +- u8 *charmap = font.data; +- +- /* +- * If from KDFONTOP ioctl, don't allow things which can be done +- * in userland,so that we can get rid of this soon +- */ +- if (!(op->flags & KD_FONT_FLAG_OLD)) { +- kfree(font.data); +- return -EINVAL; +- } +- +- for (h = 32; h > 0; h--) +- for (i = 0; i < op->charcount; i++) +- if (charmap[32*i+h-1]) +- goto nonzero; +- +- kfree(font.data); +- return -EINVAL; +- +- nonzero: +- op->height = h; +- } +- + font.charcount = op->charcount; + font.width = op->width; + font.height = op->height; +--- a/drivers/tty/vt/vt_ioctl.c ++++ b/drivers/tty/vt/vt_ioctl.c +@@ -220,48 +220,6 @@ int vt_waitactive(int n) + #define GPLAST 0x3df + #define GPNUM (GPLAST - GPFIRST + 1) + +- +- +-static inline int +-do_fontx_ioctl(struct vc_data *vc, int cmd, struct consolefontdesc __user *user_cfd, int perm, struct console_font_op *op) +-{ +- struct consolefontdesc cfdarg; +- int i; +- +- if (copy_from_user(&cfdarg, user_cfd, sizeof(struct consolefontdesc))) +- return -EFAULT; +- +- switch (cmd) { +- case PIO_FONTX: +- if (!perm) +- return -EPERM; +- op->op = KD_FONT_OP_SET; +- op->flags = KD_FONT_FLAG_OLD; +- op->width = 8; +- op->height = cfdarg.charheight; +- op->charcount = cfdarg.charcount; +- op->data = cfdarg.chardata; +- return con_font_op(vc, op); +- +- case GIO_FONTX: +- op->op = KD_FONT_OP_GET; +- op->flags = KD_FONT_FLAG_OLD; +- op->width = 8; +- op->height = cfdarg.charheight; +- op->charcount = cfdarg.charcount; +- op->data = cfdarg.chardata; +- i = con_font_op(vc, op); +- if (i) +- return i; +- cfdarg.charheight = op->height; +- cfdarg.charcount = op->charcount; +- if (copy_to_user(user_cfd, &cfdarg, sizeof(struct consolefontdesc))) +- return -EFAULT; +- return 0; +- } +- return -EINVAL; +-} +- + static inline int + do_unimap_ioctl(int cmd, struct unimapdesc __user *user_ud, int perm, struct vc_data *vc) + { +@@ -882,30 +840,6 @@ int vt_ioctl(struct tty_struct *tty, + break; + } + +- case PIO_FONT: { +- if (!perm) +- return -EPERM; +- op.op = KD_FONT_OP_SET; +- op.flags = KD_FONT_FLAG_OLD | KD_FONT_FLAG_DONT_RECALC; /* Compatibility */ +- op.width = 8; +- op.height = 0; +- op.charcount = 256; +- op.data = up; +- ret = con_font_op(vc, &op); +- break; +- } +- +- case GIO_FONT: { +- op.op = KD_FONT_OP_GET; +- op.flags = KD_FONT_FLAG_OLD; +- op.width = 8; +- op.height = 32; +- op.charcount = 256; +- op.data = up; +- ret = con_font_op(vc, &op); +- break; +- } +- + case PIO_CMAP: + if (!perm) + ret = -EPERM; +@@ -917,36 +851,6 @@ int vt_ioctl(struct tty_struct *tty, + ret = con_get_cmap(up); + break; + +- case PIO_FONTX: +- case GIO_FONTX: +- ret = do_fontx_ioctl(vc, cmd, up, perm, &op); +- break; +- +- case PIO_FONTRESET: +- { +- if (!perm) +- return -EPERM; +- +-#ifdef BROKEN_GRAPHICS_PROGRAMS +- /* With BROKEN_GRAPHICS_PROGRAMS defined, the default +- font is not saved. */ +- ret = -ENOSYS; +- break; +-#else +- { +- op.op = KD_FONT_OP_SET_DEFAULT; +- op.data = NULL; +- ret = con_font_op(vc, &op); +- if (ret) +- break; +- console_lock(); +- con_set_default_unimap(vc); +- console_unlock(); +- break; +- } +-#endif +- } +- + case KDFONTOP: { + if (copy_from_user(&op, up, sizeof(op))) { + ret = -EFAULT; +@@ -1060,54 +964,6 @@ void vc_SAK(struct work_struct *work) + + #ifdef CONFIG_COMPAT + +-struct compat_consolefontdesc { +- unsigned short charcount; /* characters in font (256 or 512) */ +- unsigned short charheight; /* scan lines per character (1-32) */ +- compat_caddr_t chardata; /* font data in expanded form */ +-}; +- +-static inline int +-compat_fontx_ioctl(struct vc_data *vc, int cmd, +- struct compat_consolefontdesc __user *user_cfd, +- int perm, struct console_font_op *op) +-{ +- struct compat_consolefontdesc cfdarg; +- int i; +- +- if (copy_from_user(&cfdarg, user_cfd, sizeof(struct compat_consolefontdesc))) +- return -EFAULT; +- +- switch (cmd) { +- case PIO_FONTX: +- if (!perm) +- return -EPERM; +- op->op = KD_FONT_OP_SET; +- op->flags = KD_FONT_FLAG_OLD; +- op->width = 8; +- op->height = cfdarg.charheight; +- op->charcount = cfdarg.charcount; +- op->data = compat_ptr(cfdarg.chardata); +- return con_font_op(vc, op); +- +- case GIO_FONTX: +- op->op = KD_FONT_OP_GET; +- op->flags = KD_FONT_FLAG_OLD; +- op->width = 8; +- op->height = cfdarg.charheight; +- op->charcount = cfdarg.charcount; +- op->data = compat_ptr(cfdarg.chardata); +- i = con_font_op(vc, op); +- if (i) +- return i; +- cfdarg.charheight = op->height; +- cfdarg.charcount = op->charcount; +- if (copy_to_user(user_cfd, &cfdarg, sizeof(struct compat_consolefontdesc))) +- return -EFAULT; +- return 0; +- } +- return -EINVAL; +-} +- + struct compat_console_font_op { + compat_uint_t op; /* operation code KD_FONT_OP_* */ + compat_uint_t flags; /* KD_FONT_FLAG_* */ +@@ -1184,9 +1040,6 @@ long vt_compat_ioctl(struct tty_struct * + /* + * these need special handlers for incompatible data structures + */ +- case PIO_FONTX: +- case GIO_FONTX: +- return compat_fontx_ioctl(vc, cmd, up, perm, &op); + + case KDFONTOP: + return compat_kdfontop_ioctl(up, perm, &op, vc); +--- a/include/linux/kd.h ++++ /dev/null +@@ -1,8 +0,0 @@ +-/* SPDX-License-Identifier: GPL-2.0 */ +-#ifndef _LINUX_KD_H +-#define _LINUX_KD_H +- +-#include +- +-#define KD_FONT_FLAG_OLD 0x80000000 /* Invoked via old interface [compat] */ +-#endif /* _LINUX_KD_H */ diff --git a/patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch b/patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch index 1e0e97a..4e2baf7 100644 --- a/patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch +++ b/patches.suse/vt-vt_ioctl-fix-VT_DISALLOCATE-freeing-in-use-virtua.patch @@ -4,7 +4,7 @@ Date: Sat, 21 Mar 2020 20:43:04 -0700 Subject: [PATCH] vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console Git-commit: ca4463bf8438b403596edd0ec961ca0d4fbe0220 Patch-mainline: v5.7-rc1 -References: git-fixes +References: git-fixes bsc#1201429 CVE-2020-36557 The VT_DISALLOCATE ioctl can free a virtual console while tty_release() is still running, causing a use-after-free in con_shutdown(). This diff --git a/patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch b/patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch index c29f0ce..f6150fb 100644 --- a/patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch +++ b/patches.suse/vt-vt_ioctl-fix-race-in-VT_RESIZEX.patch @@ -4,7 +4,7 @@ Date: Mon, 10 Feb 2020 11:07:21 -0800 Subject: [PATCH] vt: vt_ioctl: fix race in VT_RESIZEX Git-commit: 6cd1ed50efd88261298577cd92a14f2768eddeeb Patch-mainline: v5.6-rc3 -References: git-fixes +References: git-fixes bsc#1200910 CVE-2020-36558 We need to make sure vc_cons[i].d is not NULL after grabbing console_lock(), or risk a crash. diff --git a/patches.suse/watchdog-export-lockup_detector_reconfigure.patch b/patches.suse/watchdog-export-lockup_detector_reconfigure.patch new file mode 100644 index 0000000..240bd28 --- /dev/null +++ b/patches.suse/watchdog-export-lockup_detector_reconfigure.patch @@ -0,0 +1,113 @@ +From 24a1260705b7c69e7be35cf40ccb1e886bc732cf Mon Sep 17 00:00:00 2001 +From: Laurent Dufour +Date: Wed, 13 Jul 2022 17:47:27 +0200 +Subject: [PATCH] watchdog: export lockup_detector_reconfigure + +References: bsc#1201846 ltc#198761 +Patch-mainline: v5.20-rc1 +Git-commit: 7c56a8733d0a2a4be2438a7512566e5ce552fccf + +In some circumstances it may be interesting to reconfigure the watchdog +from inside the kernel. + +On PowerPC, this may helpful before and after a LPAR migration (LPM) is +initiated, because it implies some latencies, watchdog, and especially NMI +watchdog is expected to be triggered during this operation. Reconfiguring +the watchdog with a factor, would prevent it to happen too frequently +during LPM. + +Rename lockup_detector_reconfigure() as __lockup_detector_reconfigure() and +create a new function lockup_detector_reconfigure() calling +__lockup_detector_reconfigure() under the protection of watchdog_mutex. + +Signed-off-by: Laurent Dufour +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220713154729.80789-3-ldufour@linux.ibm.com +Acked-by: Michal Suchanek +--- + include/linux/nmi.h | 2 ++ + kernel/watchdog.c | 21 ++++++++++++++++----- + 2 files changed, 18 insertions(+), 5 deletions(-) + +diff --git a/include/linux/nmi.h b/include/linux/nmi.h +index 750c7f395ca9..f700ff2df074 100644 +--- a/include/linux/nmi.h ++++ b/include/linux/nmi.h +@@ -122,6 +122,8 @@ int watchdog_nmi_probe(void); + int watchdog_nmi_enable(unsigned int cpu); + void watchdog_nmi_disable(unsigned int cpu); + ++void lockup_detector_reconfigure(void); ++ + /** + * touch_nmi_watchdog - restart NMI watchdog timeout. + * +diff --git a/kernel/watchdog.c b/kernel/watchdog.c +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -541,7 +541,7 @@ int lockup_detector_offline_cpu(unsigned int cpu) + return 0; + } + +-static void lockup_detector_reconfigure(void) ++static void __lockup_detector_reconfigure(void) + { + cpus_read_lock(); + watchdog_nmi_stop(); +@@ -561,6 +561,13 @@ static void lockup_detector_reconfigure(void) + __lockup_detector_cleanup(); + } + ++void lockup_detector_reconfigure(void) ++{ ++ mutex_lock(&watchdog_mutex); ++ __lockup_detector_reconfigure(); ++ mutex_unlock(&watchdog_mutex); ++} ++ + /* + * Create the watchdog thread infrastructure and configure the detector(s). + * +@@ -577,13 +584,13 @@ static __init void lockup_detector_setup(void) + return; + + mutex_lock(&watchdog_mutex); +- lockup_detector_reconfigure(); ++ __lockup_detector_reconfigure(); + softlockup_initialized = true; + mutex_unlock(&watchdog_mutex); + } + + #else /* CONFIG_SOFTLOCKUP_DETECTOR */ +-static void lockup_detector_reconfigure(void) ++void __lockup_detector_reconfigure(void) + { + cpus_read_lock(); + watchdog_nmi_stop(); +@@ -591,9 +598,13 @@ static void lockup_detector_reconfigure(void) + watchdog_nmi_start(); + cpus_read_unlock(); + } ++static inline void lockup_detector_reconfigure(void) ++{ ++ __lockup_detector_reconfigure(); ++} + static inline void lockup_detector_setup(void) + { +- lockup_detector_reconfigure(); ++ __lockup_detector_reconfigure(); + } + #endif /* !CONFIG_SOFTLOCKUP_DETECTOR */ + +@@ -633,7 +644,7 @@ static void proc_watchdog_update(void) + { + /* Remove impossible cpus to keep sysctl output clean. */ + cpumask_and(&watchdog_cpumask, &watchdog_cpumask, cpu_possible_mask); +- lockup_detector_reconfigure(); ++ __lockup_detector_reconfigure(); + } + + /* +-- +2.35.3 + diff --git a/patches.suse/wifi-iwlegacy-4965-fix-potential-off-by-one-overflow.patch b/patches.suse/wifi-iwlegacy-4965-fix-potential-off-by-one-overflow.patch new file mode 100644 index 0000000..8cd86c2 --- /dev/null +++ b/patches.suse/wifi-iwlegacy-4965-fix-potential-off-by-one-overflow.patch @@ -0,0 +1,63 @@ +From a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 Mon Sep 17 00:00:00 2001 +From: Alexey Kodanev +Date: Wed, 8 Jun 2022 20:16:14 +0300 +Subject: [PATCH] wifi: iwlegacy: 4965: fix potential off-by-one overflow in il4965_rs_fill_link_cmd() +Git-commit: a8eb8e6f7159c7c20c0ddac428bde3d110890aa7 +Patch-mainline: v6.0-rc1 +References: git-fixes + +As a result of the execution of the inner while loop, the value +of 'idx' can be equal to LINK_QUAL_MAX_RETRY_NUM. However, this +is not checked after the loop and 'idx' is used to write the +LINK_QUAL_MAX_RETRY_NUM size array 'lq_cmd->rs_table[idx]' below +in the outer loop. + +The fix is to check the new value of 'idx' inside the nested loop, +and break both loops if index equals the size. Checking it at the +start is now pointless, so let's remove it. + +Detected using the static analysis tool - Svace. + +Fixes: be663ab67077 ("iwlwifi: split the drivers for agn and legacy devices 3945/4965") +Signed-off-by: Alexey Kodanev +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220608171614.28891-1-aleksei.kodanev@bell-sw.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/intel/iwlegacy/4965-rs.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intel/iwlegacy/4965-rs.c b/drivers/net/wireless/intel/iwlegacy/4965-rs.c +index 9dd2d890e35f..c62f299b9e0a 100644 +--- a/drivers/net/wireless/intel/iwlegacy/4965-rs.c ++++ b/drivers/net/wireless/intel/iwlegacy/4965-rs.c +@@ -2403,7 +2403,7 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta, + /* Repeat initial/next rate. + * For legacy IL_NUMBER_TRY == 1, this loop will not execute. + * For HT IL_HT_NUMBER_TRY == 3, this executes twice. */ +- while (repeat_rate > 0 && idx < LINK_QUAL_MAX_RETRY_NUM) { ++ while (repeat_rate > 0) { + if (is_legacy(tbl_type.lq_type)) { + if (ant_toggle_cnt < NUM_TRY_BEFORE_ANT_TOGGLE) + ant_toggle_cnt++; +@@ -2422,6 +2422,8 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta, + cpu_to_le32(new_rate); + repeat_rate--; + idx++; ++ if (idx >= LINK_QUAL_MAX_RETRY_NUM) ++ goto out; + } + + il4965_rs_get_tbl_info_from_mcs(new_rate, lq_sta->band, +@@ -2466,6 +2468,7 @@ il4965_rs_fill_link_cmd(struct il_priv *il, struct il_lq_sta *lq_sta, + repeat_rate--; + } + ++out: + lq_cmd->agg_params.agg_frame_cnt_limit = LINK_QUAL_AGG_FRAME_LIMIT_DEF; + lq_cmd->agg_params.agg_dis_start_th = LINK_QUAL_AGG_DISABLE_START_DEF; + +-- +2.35.3 + diff --git a/patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch b/patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch new file mode 100644 index 0000000..ad35cb8 --- /dev/null +++ b/patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch @@ -0,0 +1,70 @@ +From 14a3aacf517a9de725dd3219dbbcf741e31763c4 Mon Sep 17 00:00:00 2001 +From: Jose Ignacio Tornos Martinez +Date: Tue, 19 Jul 2022 17:35:42 +0200 +Subject: [PATCH] wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue +Git-commit: 14a3aacf517a9de725dd3219dbbcf741e31763c4 +Patch-mainline: v6.0-rc1 +References: git-fixes + +After successfull station association, if station queues are disabled for +some reason, the related lists are not emptied. So if some new element is +added to the list in iwl_mvm_mac_wake_tx_queue, it can match with the old +one and produce a BUG like this: + +[ 46.535263] list_add corruption. prev->next should be next (ffff94c1c318a360), but was 0000000000000000. (prev=ffff94c1d02d3388). +[ 46.535283] ------------[ cut here ]------------ +[ 46.535284] kernel BUG at lib/list_debug.c:26! +[ 46.535290] invalid opcode: 0000 [#1] PREEMPT SMP PTI +[ 46.585304] CPU: 0 PID: 623 Comm: wpa_supplicant Not tainted 5.19.0-rc3+ #1 +[ 46.592380] Hardware name: Dell Inc. Inspiron 660s/0478VN , BIOS A07 08/24/2012 +[ 46.600336] RIP: 0010:__list_add_valid.cold+0x3d/0x3f +[ 46.605475] Code: f2 4c 89 c1 48 89 fe 48 c7 c7 c8 40 67 93 e8 20 cc fd ff 0f 0b 48 89 d1 4c 89 c6 4c 89 ca 48 c7 c7 70 40 67 93 e8 09 cc fd ff <0f> 0b 48 89 fe 48 c7 c7 00 41 67 93 e8 f8 cb fd ff 0f 0b 48 89 d1 +[ 46.624469] RSP: 0018:ffffb20800ab76d8 EFLAGS: 00010286 +[ 46.629854] RAX: 0000000000000075 RBX: ffff94c1c318a0e0 RCX: 0000000000000000 +[ 46.637105] RDX: 0000000000000201 RSI: ffffffff9365e100 RDI: 00000000ffffffff +[ 46.644356] RBP: ffff94c1c5f43370 R08: 0000000000000075 R09: 3064316334396666 +[ 46.651607] R10: 3364323064316334 R11: 39666666663d7665 R12: ffff94c1c5f43388 +[ 46.658857] R13: ffff94c1d02d3388 R14: ffff94c1c318a360 R15: ffff94c1cf2289c0 +[ 46.666108] FS: 00007f65634ff7c0(0000) GS:ffff94c1da200000(0000) knlGS:0000000000000000 +[ 46.674331] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +[ 46.680170] CR2: 00007f7dfe984460 CR3: 000000010e894003 CR4: 00000000000606f0 +[ 46.687422] Call Trace: +[ 46.689906] +[ 46.691950] iwl_mvm_mac_wake_tx_queue+0xec/0x15c [iwlmvm] +[ 46.697601] ieee80211_queue_skb+0x4b3/0x720 [mac80211] +[ 46.702973] ? sta_info_get+0x46/0x60 [mac80211] +[ 46.707703] ieee80211_tx+0xad/0x110 [mac80211] +[ 46.712355] __ieee80211_tx_skb_tid_band+0x71/0x90 [mac80211] +... + +In order to avoid this problem, we must also remove the related lists when +station queues are disabled. + +Fixes: cfbc6c4c5b91c ("iwlwifi: mvm: support mac80211 TXQs model") +Reported-by: Takayuki Nagata +Reported-by: Petr Stourac +Tested-by: Petr Stourac +Signed-off-by: Jose Ignacio Tornos Martinez +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220719153542.81466-1-jtornosm@redhat.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c +index b296f4965895..ff0d3b3df140 100644 +--- a/drivers/net/wireless/intel/iwlwifi/mvm/sta.c ++++ b/drivers/net/wireless/intel/iwlwifi/mvm/sta.c +@@ -1861,6 +1861,7 @@ static void iwl_mvm_disable_sta_queues(struct iwl_mvm *mvm, + iwl_mvm_txq_from_mac80211(sta->txq[i]); + + mvmtxq->txq_id = IWL_MVM_INVALID_QUEUE; ++ list_del_init(&mvmtxq->list); + } + } + +-- +2.35.3 + diff --git a/patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch b/patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch new file mode 100644 index 0000000..d62c58d --- /dev/null +++ b/patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch @@ -0,0 +1,37 @@ +From 6fd57e1d120bf13d4dc6c200a7cf914e6347a316 Mon Sep 17 00:00:00 2001 +From: Hangyu Hua +Date: Mon, 20 Jun 2022 17:23:50 +0800 +Subject: [PATCH] wifi: libertas: Fix possible refcount leak in if_usb_probe() +Git-commit: 6fd57e1d120bf13d4dc6c200a7cf914e6347a316 +Patch-mainline: v6.0-rc1 +References: git-fixes + +usb_get_dev will be called before lbs_get_firmware_async which means that +usb_put_dev need to be called when lbs_get_firmware_async fails. + +Fixes: ce84bb69f50e ("libertas USB: convert to asynchronous firmware loading") +Signed-off-by: Hangyu Hua +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220620092350.39960-1-hbh25y@gmail.com +Link: https://lore.kernel.org/r/20220622113402.16969-1-colin.i.king@gmail.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/marvell/libertas/if_usb.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/wireless/marvell/libertas/if_usb.c b/drivers/net/wireless/marvell/libertas/if_usb.c +index 5d6dc1dd050d..32fdc4150b60 100644 +--- a/drivers/net/wireless/marvell/libertas/if_usb.c ++++ b/drivers/net/wireless/marvell/libertas/if_usb.c +@@ -287,6 +287,7 @@ static int if_usb_probe(struct usb_interface *intf, + return 0; + + err_get_fw: ++ usb_put_dev(udev); + lbs_remove_card(priv); + err_add_card: + if_usb_reset_device(cardp); +-- +2.35.3 + diff --git a/patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch b/patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch new file mode 100644 index 0000000..bf3f42a --- /dev/null +++ b/patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch @@ -0,0 +1,43 @@ +From 50e2ab39291947b6c6c7025cf01707c270fcde59 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau +Date: Sat, 2 Jul 2022 16:52:27 +0200 +Subject: [PATCH] wifi: mac80211: fix queue selection for mesh/OCB interfaces +Git-commit: 50e2ab39291947b6c6c7025cf01707c270fcde59 +Patch-mainline: v5.19-rc7 +References: git-fixes + +When using iTXQ, the code assumes that there is only one vif queue for +broadcast packets, using the BE queue. Allowing non-BE queue marking +violates that assumption and txq->ac == skb_queue_mapping is no longer +guaranteed. This can cause issues with queue handling in the driver and +also causes issues with the recent ATF change, resulting in an AQL +underflow warning. + +Cc: stable@vger.kernel.org +Signed-off-by: Felix Fietkau +Link: https://lore.kernel.org/r/20220702145227.39356-1-nbd@nbd.name +Signed-off-by: Johannes Berg +Acked-by: Takashi Iwai + +--- + net/mac80211/wme.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/mac80211/wme.c b/net/mac80211/wme.c +index 62c6733e0792..d50480b31750 100644 +--- a/net/mac80211/wme.c ++++ b/net/mac80211/wme.c +@@ -147,8 +147,8 @@ u16 __ieee80211_select_queue(struct ieee80211_sub_if_data *sdata, + bool qos; + + /* all mesh/ocb stations are required to support WME */ +- if (sdata->vif.type == NL80211_IFTYPE_MESH_POINT || +- sdata->vif.type == NL80211_IFTYPE_OCB) ++ if (sta && (sdata->vif.type == NL80211_IFTYPE_MESH_POINT || ++ sdata->vif.type == NL80211_IFTYPE_OCB)) + qos = true; + else if (sta) + qos = sta->sta.wme; +-- +2.35.3 + diff --git a/patches.suse/wifi-p54-Fix-an-error-handling-path-in-p54spi_probe.patch b/patches.suse/wifi-p54-Fix-an-error-handling-path-in-p54spi_probe.patch new file mode 100644 index 0000000..437aebd --- /dev/null +++ b/patches.suse/wifi-p54-Fix-an-error-handling-path-in-p54spi_probe.patch @@ -0,0 +1,52 @@ +From 83781f0162d080fec7dcb911afd1bc2f5ad04471 Mon Sep 17 00:00:00 2001 +From: Christophe JAILLET +Date: Sun, 12 Jun 2022 23:12:20 +0200 +Subject: [PATCH] wifi: p54: Fix an error handling path in p54spi_probe() +Git-commit: 83781f0162d080fec7dcb911afd1bc2f5ad04471 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If an error occurs after a successful call to p54spi_request_firmware(), it +must be undone by a corresponding release_firmware() as already done in +the error handling path of p54spi_request_firmware() and in the .remove() +function. + +Add the missing call in the error handling path and remove it from +p54spi_request_firmware() now that it is the responsibility of the caller +to release the firmware + +Fixes: cd8d3d321285 ("p54spi: p54spi driver") +Signed-off-by: Christophe JAILLET +Acked-by: Christian Lamparter +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/297d2547ff2ee627731662abceeab9dbdaf23231.1655068321.git.christophe.jaillet@wanadoo.fr +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/intersil/p54/p54spi.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intersil/p54/p54spi.c b/drivers/net/wireless/intersil/p54/p54spi.c +index f99b7ba69fc3..19152fd449ba 100644 +--- a/drivers/net/wireless/intersil/p54/p54spi.c ++++ b/drivers/net/wireless/intersil/p54/p54spi.c +@@ -164,7 +164,7 @@ static int p54spi_request_firmware(struct ieee80211_hw *dev) + + ret = p54_parse_firmware(dev, priv->firmware); + if (ret) { +- release_firmware(priv->firmware); ++ /* the firmware is released by the caller */ + return ret; + } + +@@ -659,6 +659,7 @@ static int p54spi_probe(struct spi_device *spi) + return 0; + + err_free_common: ++ release_firmware(priv->firmware); + free_irq(gpio_to_irq(p54spi_gpio_irq), spi); + err_free_gpio_irq: + gpio_free(p54spi_gpio_irq); +-- +2.35.3 + diff --git a/patches.suse/wifi-p54-add-missing-parentheses-in-p54_flush.patch b/patches.suse/wifi-p54-add-missing-parentheses-in-p54_flush.patch new file mode 100644 index 0000000..ac08f2a --- /dev/null +++ b/patches.suse/wifi-p54-add-missing-parentheses-in-p54_flush.patch @@ -0,0 +1,45 @@ +From bcfd9d7f6840b06d5988c7141127795cf405805e Mon Sep 17 00:00:00 2001 +From: Rustam Subkhankulov +Date: Thu, 14 Jul 2022 16:48:31 +0300 +Subject: [PATCH] wifi: p54: add missing parentheses in p54_flush() +Git-commit: bcfd9d7f6840b06d5988c7141127795cf405805e +Patch-mainline: v6.0-rc1 +References: git-fixes + +The assignment of the value to the variable total in the loop +condition must be enclosed in additional parentheses, since otherwise, +in accordance with the precedence of the operators, the conjunction +will be performed first, and only then the assignment. + +Due to this error, a warning later in the function after the loop may +not occur in the situation when it should. + +Found by Linux Verification Center (linuxtesting.org) with SVACE. + +Signed-off-by: Rustam Subkhankulov +Fixes: 0d4171e2153b ("p54: implement flush callback") +Acked-by: Christian Lamparter +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220714134831.106004-1-subkhankulov@ispras.ru +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/intersil/p54/main.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/net/wireless/intersil/p54/main.c b/drivers/net/wireless/intersil/p54/main.c +index 26b28d4d680f..b925e327e091 100644 +--- a/drivers/net/wireless/intersil/p54/main.c ++++ b/drivers/net/wireless/intersil/p54/main.c +@@ -683,7 +683,7 @@ static void p54_flush(struct ieee80211_hw *dev, struct ieee80211_vif *vif, + * queues have already been stopped and no new frames can sneak + * up from behind. + */ +- while ((total = p54_flush_count(priv) && i--)) { ++ while ((total = p54_flush_count(priv)) && i--) { + /* waste time */ + msleep(20); + } +-- +2.35.3 + diff --git a/patches.suse/wifi-rtlwifi-fix-error-codes-in-rtl_debugfs_set_writ.patch b/patches.suse/wifi-rtlwifi-fix-error-codes-in-rtl_debugfs_set_writ.patch new file mode 100644 index 0000000..112a036 --- /dev/null +++ b/patches.suse/wifi-rtlwifi-fix-error-codes-in-rtl_debugfs_set_writ.patch @@ -0,0 +1,57 @@ +From b88d28146c30a8e14f0f012d56ebf19b68a348f4 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Tue, 17 May 2022 14:48:44 +0300 +Subject: [PATCH] wifi: rtlwifi: fix error codes in rtl_debugfs_set_write_h2c() +Git-commit: b88d28146c30a8e14f0f012d56ebf19b68a348f4 +Patch-mainline: v6.0-rc1 +References: git-fixes + +If the copy_from_user() fails or the user gives invalid date then the +correct thing to do is to return a negative error code. (Currently it +returns success). + +I made a copy additional related cleanups: +1) There is no need to check "buffer" for NULL. That's handled by +copy_from_user(). +2) The "h2c_len" variable cannot be negative because it is unsigned +and because sscanf() does not return negative error codes. + +Fixes: 610247f46feb ("rtlwifi: Improve debugging by using debugfs") +Signed-off-by: Dan Carpenter +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/YoOLnDkHgVltyXK7@kili +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/realtek/rtlwifi/debug.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/drivers/net/wireless/realtek/rtlwifi/debug.c b/drivers/net/wireless/realtek/rtlwifi/debug.c +index 901cdfe3723c..0b1bc04cb6ad 100644 +--- a/drivers/net/wireless/realtek/rtlwifi/debug.c ++++ b/drivers/net/wireless/realtek/rtlwifi/debug.c +@@ -329,8 +329,8 @@ static ssize_t rtl_debugfs_set_write_h2c(struct file *filp, + + tmp_len = (count > sizeof(tmp) - 1 ? sizeof(tmp) - 1 : count); + +- if (!buffer || copy_from_user(tmp, buffer, tmp_len)) +- return count; ++ if (copy_from_user(tmp, buffer, tmp_len)) ++ return -EFAULT; + + tmp[tmp_len] = '\0'; + +@@ -340,8 +340,8 @@ static ssize_t rtl_debugfs_set_write_h2c(struct file *filp, + &h2c_data[4], &h2c_data[5], + &h2c_data[6], &h2c_data[7]); + +- if (h2c_len <= 0) +- return count; ++ if (h2c_len == 0) ++ return -EINVAL; + + for (i = 0; i < h2c_len; i++) + h2c_data_packed[i] = (u8)h2c_data[i]; +-- +2.35.3 + diff --git a/patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch b/patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch new file mode 100644 index 0000000..5f6164c --- /dev/null +++ b/patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch @@ -0,0 +1,52 @@ +From 7a4836560a6198d245d5732e26f94898b12eb760 Mon Sep 17 00:00:00 2001 +From: Dan Carpenter +Date: Fri, 15 Jul 2022 13:35:18 +0300 +Subject: [PATCH] wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi() +Git-commit: 7a4836560a6198d245d5732e26f94898b12eb760 +Patch-mainline: v6.0-rc1 +References: git-fixes + +The simple_write_to_buffer() function will succeed if even a single +byte is initialized. However, we need to initialize the whole buffer +to prevent information leaks. Just use memdup_user(). + +Fixes: ff974e408334 ("wil6210: debugfs interface to send raw WMI command") +Signed-off-by: Dan Carpenter +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/Ysg14NdKAZF/hcNG@kili +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/ath/wil6210/debugfs.c | 14 ++++---------- + 1 file changed, 4 insertions(+), 10 deletions(-) + +diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c +index 64d6c98174c8..fe84362718de 100644 +--- a/drivers/net/wireless/ath/wil6210/debugfs.c ++++ b/drivers/net/wireless/ath/wil6210/debugfs.c +@@ -1012,18 +1012,12 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf, + u16 cmdid; + int rc, rc1; + +- if (cmdlen < 0) ++ if (cmdlen < 0 || *ppos != 0) + return -EINVAL; + +- wmi = kmalloc(len, GFP_KERNEL); +- if (!wmi) +- return -ENOMEM; +- +- rc = simple_write_to_buffer(wmi, len, ppos, buf, len); +- if (rc < 0) { +- kfree(wmi); +- return rc; +- } ++ wmi = memdup_user(buf, len); ++ if (IS_ERR(wmi)) ++ return PTR_ERR(wmi); + + cmd = (cmdlen > 0) ? &wmi[1] : NULL; + cmdid = le16_to_cpu(wmi->command_id); +-- +2.35.3 + diff --git a/patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch b/patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch new file mode 100644 index 0000000..b0c3352 --- /dev/null +++ b/patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch @@ -0,0 +1,58 @@ +From d578e0af3a003736f6c440188b156483d451b329 Mon Sep 17 00:00:00 2001 +From: Ammar Faizi +Date: Mon, 25 Jul 2022 20:49:11 +0300 +Subject: [PATCH] wifi: wil6210: debugfs: fix uninitialized variable use in `wil_write_file_wmi()` +Git-commit: d578e0af3a003736f6c440188b156483d451b329 +Patch-mainline: v6.0-rc1 +References: git-fixes + +Commit 7a4836560a61 changes simple_write_to_buffer() with memdup_user() +but it forgets to change the value to be returned that came from +simple_write_to_buffer() call. It results in the following warning: + + warning: variable 'rc' is uninitialized when used here [-Wuninitialized] + return rc; + ^~ + +Remove rc variable and just return the passed in length if the +memdup_user() succeeds. + +Cc: Dan Carpenter +Reported-by: kernel test robot +Fixes: 7a4836560a6198d245d5732e26f94898b12eb760 ("wifi: wil6210: debugfs: fix info leak in wil_write_file_wmi()") +Fixes: ff974e4083341383d3dd4079e52ed30f57f376f0 ("wil6210: debugfs interface to send raw WMI command") +Signed-off-by: Ammar Faizi +Reviewed-by: Dan Carpenter +Signed-off-by: Kalle Valo +Link: https://lore.kernel.org/r/20220724202452.61846-1-ammar.faizi@intel.com +Acked-by: Takashi Iwai + +--- + drivers/net/wireless/ath/wil6210/debugfs.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c +index fe84362718de..04d1aa0e2d35 100644 +--- a/drivers/net/wireless/ath/wil6210/debugfs.c ++++ b/drivers/net/wireless/ath/wil6210/debugfs.c +@@ -1010,7 +1010,7 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf, + void *cmd; + int cmdlen = len - sizeof(struct wmi_cmd_hdr); + u16 cmdid; +- int rc, rc1; ++ int rc1; + + if (cmdlen < 0 || *ppos != 0) + return -EINVAL; +@@ -1027,7 +1027,7 @@ static ssize_t wil_write_file_wmi(struct file *file, const char __user *buf, + + wil_info(wil, "0x%04x[%d] -> %d\n", cmdid, cmdlen, rc1); + +- return rc; ++ return len; + } + + static const struct file_operations fops_wmi = { +-- +2.35.3 + diff --git a/patches.suse/x86-Add-magic-AMD-return-thunk.patch b/patches.suse/x86-Add-magic-AMD-return-thunk.patch index 1cd917f..9ab2d3e 100644 --- a/patches.suse/x86-Add-magic-AMD-return-thunk.patch +++ b/patches.suse/x86-Add-magic-AMD-return-thunk.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:48 +0200 Subject: x86: Add magic AMD return-thunk Git-commit: a149180fbcf336e97ce4eb2cdc13672727feb94d -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Note: needs to be in a section distinct from Retpolines such that the diff --git a/patches.suse/x86-Undo-return-thunk-damage.patch b/patches.suse/x86-Undo-return-thunk-damage.patch index b81a31a..801448f 100644 --- a/patches.suse/x86-Undo-return-thunk-damage.patch +++ b/patches.suse/x86-Undo-return-thunk-damage.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:37 +0200 Subject: x86: Undo return-thunk damage Git-commit: 15e67227c49a57837108acfe1c80570e1bd9f962 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Introduce X86_FEATURE_RETHUNK for those afflicted with needing this. diff --git a/patches.suse/x86-Use-return-thunk-in-asm-code.patch b/patches.suse/x86-Use-return-thunk-in-asm-code.patch index 5522d50..ece3e18 100644 --- a/patches.suse/x86-Use-return-thunk-in-asm-code.patch +++ b/patches.suse/x86-Use-return-thunk-in-asm-code.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:45 +0200 Subject: x86: Use return-thunk in asm code Git-commit: aa3d480315ba6c3025a60958e1981072ea37c3df -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Use the return thunk in asm code. If the thunk isn't needed, it will diff --git a/patches.suse/x86-bpf-Use-alternative-RET-encoding.patch b/patches.suse/x86-bpf-Use-alternative-RET-encoding.patch index 04a0440..51e198b 100644 --- a/patches.suse/x86-bpf-Use-alternative-RET-encoding.patch +++ b/patches.suse/x86-bpf-Use-alternative-RET-encoding.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:41 +0200 Subject: x86/bpf: Use alternative RET encoding Git-commit: d77cfe594ad50e0bf95d457e02ccd578791b2a15 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Use the return thunk in eBPF generated code, if needed. diff --git a/patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch b/patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch index 0817899..6c33872 100644 --- a/patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch +++ b/patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch @@ -2,8 +2,7 @@ From: Alexandre Chartre Date: Tue, 14 Jun 2022 23:15:50 +0200 Subject: x86/bugs: Add AMD retbleed= boot parameter Git-commit: 7fbf47c7ce50b38a64576b150e7011ae73d54669 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Add the "retbleed=" boot parameter to select a mitigation for diff --git a/patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch b/patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch index 703f4b0..f5c9076 100644 --- a/patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch +++ b/patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Wed, 6 Jul 2022 15:01:15 -0700 Subject: x86/bugs: Add Cannon lake to RETBleed affected CPU list Git-commit: f54d45372c6ac9c993451de5e51312485f7d10bc -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Cannon lake is also affected by RETBleed, add it to the list. diff --git a/patches.suse/x86-bugs-Add-retbleed-ibpb.patch b/patches.suse/x86-bugs-Add-retbleed-ibpb.patch index a447c81..b47bc68 100644 --- a/patches.suse/x86-bugs-Add-retbleed-ibpb.patch +++ b/patches.suse/x86-bugs-Add-retbleed-ibpb.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:16:02 +0200 Subject: x86/bugs: Add retbleed=ibpb Git-commit: 3ebc170068885b6fc7bedda6c667bb2c4d533159 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 jmp2ret mitigates the easy-to-attack case at relatively low overhead. diff --git a/patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch b/patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch index 5191fac..d5b2580 100644 --- a/patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch +++ b/patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 15:07:19 -0700 Subject: x86/bugs: Do IBPB fallback check only once Git-commit: 0fe4aeea9c01baabecc8c3afc7889c809d939bc2 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 When booting with retbleed=auto, if the kernel wasn't built with diff --git a/patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch b/patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch index ba76aed..4e7c9e8 100644 --- a/patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch +++ b/patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch @@ -2,8 +2,7 @@ From: Thadeu Lima de Souza Cascardo Date: Thu, 7 Jul 2022 13:41:52 -0300 Subject: x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported Git-commit: 2259da159fbe5dba8ac00b560cf00b6a6537fa18 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 There are some VM configurations which have Skylake model but do not diff --git a/patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch b/patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch index a36a301..91c90f6 100644 --- a/patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch +++ b/patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch @@ -2,8 +2,7 @@ From: Kim Phillips Date: Tue, 14 Jun 2022 23:15:51 +0200 Subject: x86/bugs: Enable STIBP for JMP2RET Git-commit: e8ec1b6e08a2102d8755ccb06fa26d540f26a2fa -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 For untrained return thunks to be fully effective, STIBP must be enabled diff --git a/patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch b/patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch index d402673..5a751a6 100644 --- a/patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch +++ b/patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:30:12 -0700 Subject: x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations Git-commit: e5925fb867290ee924fcf2fe3ca887b792714366 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 MDS, TAA and Processor MMIO Stale Data mitigations rely on clearing CPU diff --git a/patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch b/patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch index 304217c..e19fafd 100644 --- a/patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch +++ b/patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:52 +0200 Subject: x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value Git-commit: caa0ff24d5d0e02abce5e65c3d2b7f20a6617be5 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Due to TIF_SSBD and TIF_SPEC_IB the actual IA32_SPEC_CTRL value can diff --git a/patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch b/patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch index 3c01189..b981b3c 100644 --- a/patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch +++ b/patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:54 +0200 Subject: x86/bugs: Optimize SPEC_CTRL MSR writes Git-commit: c779bc1a9002fa474175b80e72b85c9bf628abb0 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 When changing SPEC_CTRL for user control, the WRMSR can be delayed diff --git a/patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch b/patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch index 9a3f0f0..50a0ac2 100644 --- a/patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch +++ b/patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch @@ -2,8 +2,7 @@ From: Alexandre Chartre Date: Tue, 14 Jun 2022 23:15:49 +0200 Subject: x86/bugs: Report AMD retbleed vulnerability Git-commit: 6b80b59b3555706508008f1f127b5412c89c7fd8 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Report that AMD x86 CPUs are vulnerable to the RETBleed (Arbitrary diff --git a/patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch b/patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch index b6bff2d..fa6d765 100644 --- a/patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch +++ b/patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Fri, 24 Jun 2022 13:48:58 +0200 Subject: x86/bugs: Report Intel retbleed vulnerability Git-commit: 6ad0ad2bf8a67e27d1f9d006a1dabb0e1c360cc3 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Skylake suffers from RSB underflow speculation issues; report this diff --git a/patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch b/patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch index c204225..63f0955 100644 --- a/patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch +++ b/patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch @@ -3,8 +3,7 @@ Date: Tue, 14 Jun 2022 23:15:56 +0200 Subject: x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() Git-commit: 166115c08a9b0b846b783088808a27d739be6e8d -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 retbleed will depend on spectre_v2, while spectre_v2_user depends on diff --git a/patches.suse/x86-bugs-remove-apostrophe-typo.patch b/patches.suse/x86-bugs-remove-apostrophe-typo.patch new file mode 100644 index 0000000..57e6ad7 --- /dev/null +++ b/patches.suse/x86-bugs-remove-apostrophe-typo.patch @@ -0,0 +1,30 @@ +From: Kim Phillips +Date: Fri, 8 Jul 2022 16:21:28 -0500 +Subject: x86/bugs: Remove apostrophe typo +Git-commit: bcf163150cd37348a0cb59e95c916a83a9344b0e +Patch-mainline: v5.19-rc7 +References: bsc#1178134 + +Remove a superfluous ' in the mitigation string. + +Fixes: e8ec1b6e08a2 ("x86/bugs: Enable STIBP for JMP2RET") +Signed-off-by: Kim Phillips +Signed-off-by: Borislav Petkov +--- + arch/x86/kernel/cpu/bugs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c +index 3a0787a36910..aa34f908c39f 100644 +--- a/arch/x86/kernel/cpu/bugs.c ++++ b/arch/x86/kernel/cpu/bugs.c +@@ -1181,7 +1181,7 @@ spectre_v2_user_select_mitigation(void) + if (retbleed_mitigation == RETBLEED_MITIGATION_UNRET) { + if (mode != SPECTRE_V2_USER_STRICT && + mode != SPECTRE_V2_USER_STRICT_PREFERRED) +- pr_info("Selecting STIBP always-on mode to complement retbleed mitigation'\n"); ++ pr_info("Selecting STIBP always-on mode to complement retbleed mitigation\n"); + mode = SPECTRE_V2_USER_STRICT_PREFERRED; + } + + diff --git a/patches.suse/x86-common-Stamp-out-the-stepping-madness.patch b/patches.suse/x86-common-Stamp-out-the-stepping-madness.patch index 7ad2c2d..afb4139 100644 --- a/patches.suse/x86-common-Stamp-out-the-stepping-madness.patch +++ b/patches.suse/x86-common-Stamp-out-the-stepping-madness.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Fri, 24 Jun 2022 14:03:25 +0200 Subject: x86/common: Stamp out the stepping madness Git-commit: 7a05bc95ed1c5a59e47aaade9fb4083c27de9e62 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 The whole MMIO/RETBLEED enumeration went overboard on steppings. Get diff --git a/patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch b/patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch index 642f25d..792ab00 100644 --- a/patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch +++ b/patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:16:04 +0200 Subject: x86/cpu/amd: Add Spectral Chicken Git-commit: d7caac991feeef1b871ee6988fd2c9725df09039 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Zen2 uarchs have an undocumented, unnamed, MSR that contains a chicken diff --git a/patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch b/patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch index 01d13f6..a8dd008 100644 --- a/patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch +++ b/patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch @@ -2,8 +2,7 @@ From: Andrew Cooper Date: Fri, 24 Jun 2022 14:41:21 +0100 Subject: x86/cpu/amd: Enumerate BTC_NO Git-commit: 26aae8ccbc1972233afd08fb3f368947c0314265 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 BTC_NO indicates that hardware is not susceptible to Branch Type Confusion. diff --git a/patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch b/patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch index 3cb42a2..12040cc 100644 --- a/patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch +++ b/patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:33 +0200 Subject: x86/cpufeatures: Move RETPOLINE flags to word 11 Git-commit: a883d624aed463c84c22596006e5a96f5b44db31 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 In order to extend the RETPOLINE features to 4, move them to word 11 diff --git a/patches.suse/x86-kexec-Disable-RET-on-kexec.patch b/patches.suse/x86-kexec-Disable-RET-on-kexec.patch deleted file mode 100644 index 1373cad..0000000 --- a/patches.suse/x86-kexec-Disable-RET-on-kexec.patch +++ /dev/null @@ -1,144 +0,0 @@ -From: Konrad Rzeszutek Wilk -Date: Fri, 8 Jul 2022 19:10:11 +0200 -Subject: x86/kexec: Disable RET on kexec -Git-commit: 4c5d5e03fbcc1ebfee05498edc7b47915921c76c -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 - -All the invocations unroll to __x86_return_thunk and this file -must be PIC independent. - -This fixes kexec on 64-bit AMD boxes. - -Reported-by: Edward Tran -Reported-by: Awais Tanveer -Suggested-by: Ankur Arora -Signed-off-by: Konrad Rzeszutek Wilk -Signed-off-by: Alexandre Chartre -Signed-off-by: Borislav Petkov ---- - arch/x86/kernel/relocate_kernel_32.S | 16 +++++++++++----- - arch/x86/kernel/relocate_kernel_64.S | 18 ++++++++++++------ - 2 files changed, 23 insertions(+), 11 deletions(-) - ---- a/arch/x86/kernel/relocate_kernel_32.S -+++ b/arch/x86/kernel/relocate_kernel_32.S -@@ -10,7 +10,8 @@ - #include - - /* -- * Must be relocatable PIC code callable as a C function -+ * Must be relocatable PIC code callable as a C function, in particular -+ * there must be a plain RET and not jump to return thunk. - */ - - #define PTR(x) (x << 2) -@@ -92,7 +93,8 @@ relocate_kernel: - movl %edi, %eax - addl $(identity_mapped - relocate_kernel), %eax - pushl %eax -- RET -+ ret -+ int3 - - identity_mapped: - /* set return address to 0 if not preserving context */ -@@ -159,12 +161,14 @@ identity_mapped: - xorl %edx, %edx - xorl %esi, %esi - xorl %ebp, %ebp -- RET -+ ret -+ int3 - 1: - popl %edx - movl CP_PA_SWAP_PAGE(%edi), %esp - addl $PAGE_SIZE, %esp - 2: -+ ANNOTATE_RETPOLINE_SAFE - call *%edx - - /* get the re-entry point of the peer system */ -@@ -207,7 +211,8 @@ virtual_mapped: - popl %edi - popl %esi - popl %ebx -- RET -+ ret -+ int3 - - /* Do the copies */ - swap_pages: -@@ -269,7 +274,8 @@ swap_pages: - popl %edi - popl %ebx - popl %ebp -- RET -+ ret -+ int3 - - .globl kexec_control_code_size - .set kexec_control_code_size, . - relocate_kernel ---- a/arch/x86/kernel/relocate_kernel_64.S -+++ b/arch/x86/kernel/relocate_kernel_64.S -@@ -11,7 +11,8 @@ - #include - - /* -- * Must be relocatable PIC code callable as a C function -+ * Must be relocatable PIC code callable as a C function, in particular -+ * there must be a plain RET and not jump to return thunk. - */ - - #define PTR(x) (x << 3) -@@ -102,7 +103,8 @@ relocate_kernel: - /* jump to identity mapped page */ - addq $(identity_mapped - relocate_kernel), %r8 - pushq %r8 -- RET -+ ret -+ int3 - - identity_mapped: - /* set return address to 0 if not preserving context */ -@@ -187,7 +189,8 @@ identity_mapped: - xorl %r14d, %r14d - xorl %r15d, %r15d - -- RET -+ ret -+ int3 - - 1: - popq %rdx -@@ -208,7 +211,8 @@ identity_mapped: - call swap_pages - movq $virtual_mapped, %rax - pushq %rax -- RET -+ ret -+ int3 - - virtual_mapped: - movq RSP(%r8), %rsp -@@ -227,7 +231,8 @@ virtual_mapped: - popq %r12 - popq %rbp - popq %rbx -- RET -+ ret -+ int3 - - /* Do the copies */ - swap_pages: -@@ -282,7 +287,8 @@ swap_pages: - lea PAGE_SIZE(%rax), %rsi - jmp 0b - 3: -- RET -+ ret -+ int3 - - .globl kexec_control_code_size - .set kexec_control_code_size, . - relocate_kernel diff --git a/patches.suse/x86-kexec-disable-ret-on-kexec.patch b/patches.suse/x86-kexec-disable-ret-on-kexec.patch new file mode 100644 index 0000000..08f97c9 --- /dev/null +++ b/patches.suse/x86-kexec-disable-ret-on-kexec.patch @@ -0,0 +1,149 @@ +From: Konrad Rzeszutek Wilk +Date: Fri, 8 Jul 2022 19:10:11 +0200 +Subject: x86/kexec: Disable RET on kexec +Git-commit: 697977d8415d61f3acbc4ee6d564c9dcf0309507 +Patch-mainline: v5.19-rc7 +References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 + +All the invocations unroll to __x86_return_thunk and this file +must be PIC independent. + +This fixes kexec on 64-bit AMD boxes. + + [ bp: Fix 32-bit build. ] + +Reported-by: Edward Tran +Reported-by: Awais Tanveer +Suggested-by: Ankur Arora +Signed-off-by: Konrad Rzeszutek Wilk +Signed-off-by: Alexandre Chartre +Signed-off-by: Borislav Petkov +--- + arch/x86/kernel/relocate_kernel_32.S | 17 ++++++++++++----- + arch/x86/kernel/relocate_kernel_64.S | 18 ++++++++++++------ + 2 files changed, 24 insertions(+), 11 deletions(-) + +--- a/arch/x86/kernel/relocate_kernel_32.S ++++ b/arch/x86/kernel/relocate_kernel_32.S +@@ -7,10 +7,12 @@ + #include + #include + #include ++#include + #include + + /* +- * Must be relocatable PIC code callable as a C function ++ * Must be relocatable PIC code callable as a C function, in particular ++ * there must be a plain RET and not jump to return thunk. + */ + + #define PTR(x) (x << 2) +@@ -92,7 +94,8 @@ relocate_kernel: + movl %edi, %eax + addl $(identity_mapped - relocate_kernel), %eax + pushl %eax +- RET ++ ret ++ int3 + + identity_mapped: + /* set return address to 0 if not preserving context */ +@@ -159,12 +162,14 @@ identity_mapped: + xorl %edx, %edx + xorl %esi, %esi + xorl %ebp, %ebp +- RET ++ ret ++ int3 + 1: + popl %edx + movl CP_PA_SWAP_PAGE(%edi), %esp + addl $PAGE_SIZE, %esp + 2: ++ ANNOTATE_RETPOLINE_SAFE + call *%edx + + /* get the re-entry point of the peer system */ +@@ -207,7 +212,8 @@ virtual_mapped: + popl %edi + popl %esi + popl %ebx +- RET ++ ret ++ int3 + + /* Do the copies */ + swap_pages: +@@ -269,7 +275,8 @@ swap_pages: + popl %edi + popl %ebx + popl %ebp +- RET ++ ret ++ int3 + + .globl kexec_control_code_size + .set kexec_control_code_size, . - relocate_kernel +--- a/arch/x86/kernel/relocate_kernel_64.S ++++ b/arch/x86/kernel/relocate_kernel_64.S +@@ -11,7 +11,8 @@ + #include + + /* +- * Must be relocatable PIC code callable as a C function ++ * Must be relocatable PIC code callable as a C function, in particular ++ * there must be a plain RET and not jump to return thunk. + */ + + #define PTR(x) (x << 3) +@@ -102,7 +103,8 @@ relocate_kernel: + /* jump to identity mapped page */ + addq $(identity_mapped - relocate_kernel), %r8 + pushq %r8 +- RET ++ ret ++ int3 + + identity_mapped: + /* set return address to 0 if not preserving context */ +@@ -187,7 +189,8 @@ identity_mapped: + xorl %r14d, %r14d + xorl %r15d, %r15d + +- RET ++ ret ++ int3 + + 1: + popq %rdx +@@ -208,7 +211,8 @@ identity_mapped: + call swap_pages + movq $virtual_mapped, %rax + pushq %rax +- RET ++ ret ++ int3 + + virtual_mapped: + movq RSP(%r8), %rsp +@@ -227,7 +231,8 @@ virtual_mapped: + popq %r12 + popq %rbp + popq %rbx +- RET ++ ret ++ int3 + + /* Do the copies */ + swap_pages: +@@ -282,7 +287,8 @@ swap_pages: + lea PAGE_SIZE(%rax), %rsi + jmp 0b + 3: +- RET ++ ret ++ int3 + + .globl kexec_control_code_size + .set kexec_control_code_size, . - relocate_kernel diff --git a/patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch b/patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch index 26f5f5f..ab0d1f5 100644 --- a/patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch +++ b/patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:42 +0200 Subject: x86/kvm: Fix SETcc emulation for return thunks Git-commit: af2e140f34208a5dfb6b7a8ad2d56bda88f0524d -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Prepare the SETcc fastop stuff for when RET can be larger still. diff --git a/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch b/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch index 055d99a..6ef93e2 100644 --- a/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch +++ b/patches.suse/x86-prepare-asm-files-for-straight-line-speculation.patch @@ -25,10 +25,11 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/crypto/aes_ctrby8_avx-x86_64.S | 2 - arch/x86/crypto/aesni-intel_asm.S | 48 +++++++++++++-------------- arch/x86/crypto/blowfish-x86_64-asm_64.S | 12 +++--- - arch/x86/crypto/camellia-aesni-avx-asm_64.S | 14 +++---- - arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 14 +++---- + arch/x86/crypto/camellia-aesni-avx-asm_64.S | 18 +++++----- + arch/x86/crypto/camellia-aesni-avx2-asm_64.S | 18 +++++----- + arch/x86/crypto/camellia-x86_64-asm_64.S | 12 +++--- arch/x86/crypto/cast5-avx-x86_64-asm_64.S | 12 +++--- - arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 10 ++--- + arch/x86/crypto/cast6-avx-x86_64-asm_64.S | 16 ++++----- arch/x86/crypto/chacha-avx2-x86_64.S | 6 +-- arch/x86/crypto/chacha-avx512vl-x86_64.S | 6 +-- arch/x86/crypto/chacha-ssse3-x86_64.S | 8 ++-- @@ -37,12 +38,14 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/crypto/des3_ede-asm_64.S | 4 +- arch/x86/crypto/ghash-clmulni-intel_asm.S | 6 +-- arch/x86/crypto/nh-sse2-x86_64.S | 2 - - arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 10 ++--- - arch/x86/crypto/serpent-avx2-asm_64.S | 10 ++--- + arch/x86/crypto/serpent-avx-x86_64-asm_64.S | 16 ++++----- + arch/x86/crypto/serpent-avx2-asm_64.S | 16 ++++----- + arch/x86/crypto/serpent-sse2-i586-asm_32.S | 6 +-- + arch/x86/crypto/serpent-sse2-x86_64-asm_64.S | 6 +-- arch/x86/crypto/sha512-avx-asm.S | 2 - arch/x86/crypto/sha512-avx2-asm.S | 2 - arch/x86/crypto/sha512-ssse3-asm.S | 2 - - arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 10 ++--- + arch/x86/crypto/twofish-avx-x86_64-asm_64.S | 16 ++++----- arch/x86/crypto/twofish-i586-asm_32.S | 4 +- arch/x86/crypto/twofish-x86_64-asm_64-3way.S | 6 +-- arch/x86/crypto/twofish-x86_64-asm_64.S | 4 +- @@ -58,6 +61,7 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/kvm/vmx/vmenter.S | 10 ++--- arch/x86/lib/atomic64_386_32.S | 2 - arch/x86/lib/atomic64_cx8_32.S | 16 ++++----- + arch/x86/lib/checksum_32.S | 8 ++-- arch/x86/lib/cmpxchg8b_emu.S | 4 +- arch/x86/lib/copy_mc_64.S | 6 +-- arch/x86/lib/copy_page_64.S | 4 +- @@ -88,7 +92,7 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org arch/x86/um/checksum_32.S | 4 +- arch/x86/um/setjmp_32.S | 2 - arch/x86/um/setjmp_64.S | 2 - - 70 files changed, 246 insertions(+), 246 deletions(-) + 74 files changed, 278 insertions(+), 278 deletions(-) --- a/arch/x86/boot/compressed/efi_thunk_64.S +++ b/arch/x86/boot/compressed/efi_thunk_64.S @@ -714,6 +718,24 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(camellia_cbc_dec_32way) #define inc_le128(x, minus_one, tmp) \ +@@ -1199,7 +1199,7 @@ ENTRY(camellia_ctr_32way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_ctr_32way) + + #define gf128mul_x_ble(iv, mask, tmp) \ +@@ -1366,7 +1366,7 @@ SYM_FUNC_START_LOCAL(camellia_xts_crypt_ + vzeroupper; + + FRAME_END +- ret; ++ RET; + SYM_FUNC_END(camellia_xts_crypt_32way) + + ENTRY(camellia_xts_enc_32way) --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S @@ -193,7 +193,7 @@ SYM_FUNC_START_LOCAL(roundsm16_x0_x1_x2_ @@ -779,6 +801,75 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(camellia_cbc_dec_16way) #define inc_le128(x, minus_one, tmp) \ +@@ -1109,7 +1109,7 @@ ENTRY(camellia_ctr_16way) + %xmm8, %rsi); + + FRAME_END +- ret; ++ RET; + ENDPROC(camellia_ctr_16way) + + #define gf128mul_x_ble(iv, mask, tmp) \ +@@ -1253,7 +1253,7 @@ SYM_FUNC_START_LOCAL(camellia_xts_crypt_ + %xmm8, %rsi); + + FRAME_END +- ret; ++ RET; + SYM_FUNC_END(camellia_xts_crypt_16way) + + ENTRY(camellia_xts_enc_16way) +--- a/arch/x86/crypto/camellia-x86_64-asm_64.S ++++ b/arch/x86/crypto/camellia-x86_64-asm_64.S +@@ -213,13 +213,13 @@ ENTRY(__camellia_enc_blk) + enc_outunpack(mov, RT1); + + movq RR12, %r12; +- ret; ++ RET; + + .L__enc_xor: + enc_outunpack(xor, RT1); + + movq RR12, %r12; +- ret; ++ RET; + ENDPROC(__camellia_enc_blk) + + ENTRY(camellia_dec_blk) +@@ -257,7 +257,7 @@ ENTRY(camellia_dec_blk) + dec_outunpack(); + + movq RR12, %r12; +- ret; ++ RET; + ENDPROC(camellia_dec_blk) + + /********************************************************************** +@@ -448,14 +448,14 @@ ENTRY(__camellia_enc_blk_2way) + + movq RR12, %r12; + popq %rbx; +- ret; ++ RET; + + .L__enc2_xor: + enc_outunpack2(xor, RT2); + + movq RR12, %r12; + popq %rbx; +- ret; ++ RET; + ENDPROC(__camellia_enc_blk_2way) + + ENTRY(camellia_dec_blk_2way) +@@ -495,5 +495,5 @@ ENTRY(camellia_dec_blk_2way) + + movq RR12, %r12; + movq RXOR, %rbx; +- ret; ++ RET; + ENDPROC(camellia_dec_blk_2way) --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S @@ -279,7 +279,7 @@ SYM_FUNC_START_LOCAL(__cast5_enc_blk16) @@ -880,6 +971,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(cast6_cbc_dec_8way) ENTRY(cast6_ctr_8way) +@@ -438,7 +438,7 @@ ENTRY(cast6_ctr_8way) + popq %r15; + popq %r12; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_ctr_8way) + + ENTRY(cast6_xts_enc_8way) +@@ -465,7 +465,7 @@ ENTRY(cast6_xts_enc_8way) + + popq %r15; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_xts_enc_8way) + + ENTRY(cast6_xts_dec_8way) +@@ -492,5 +492,5 @@ ENTRY(cast6_xts_dec_8way) + + popq %r15; + FRAME_END +- ret; ++ RET; + ENDPROC(cast6_xts_dec_8way) --- a/arch/x86/crypto/chacha-avx2-x86_64.S +++ b/arch/x86/crypto/chacha-avx2-x86_64.S @@ -193,7 +193,7 @@ ENTRY(chacha_2block_xor_avx2) @@ -1101,6 +1217,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(serpent_cbc_dec_16way) ENTRY(serpent_ctr_16way) +@@ -757,7 +757,7 @@ ENTRY(serpent_ctr_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_ctr_16way) + + ENTRY(serpent_xts_enc_16way) +@@ -783,7 +783,7 @@ ENTRY(serpent_xts_enc_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_enc_16way) + + ENTRY(serpent_xts_dec_16way) +@@ -809,5 +809,5 @@ ENTRY(serpent_xts_dec_16way) + vzeroupper; + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_dec_16way) --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S @@ -605,7 +605,7 @@ SYM_FUNC_START_LOCAL(__serpent_enc_blk8_ @@ -1148,6 +1289,80 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(serpent_cbc_dec_8way_avx) ENTRY(serpent_ctr_8way_avx) +@@ -733,7 +733,7 @@ ENTRY(serpent_ctr_8way_avx) + store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_ctr_8way_avx) + + ENTRY(serpent_xts_enc_8way_avx) +@@ -755,7 +755,7 @@ ENTRY(serpent_xts_enc_8way_avx) + store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_enc_8way_avx) + + ENTRY(serpent_xts_dec_8way_avx) +@@ -777,5 +777,5 @@ ENTRY(serpent_xts_dec_8way_avx) + store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + + FRAME_END +- ret; ++ RET; + ENDPROC(serpent_xts_dec_8way_avx) +--- a/arch/x86/crypto/serpent-sse2-i586-asm_32.S ++++ b/arch/x86/crypto/serpent-sse2-i586-asm_32.S +@@ -553,12 +553,12 @@ ENTRY(__serpent_enc_blk_4way) + + write_blocks(%eax, RA, RB, RC, RD, RT0, RT1, RE); + +- ret; ++ RET; + + .L__enc_xor4: + xor_blocks(%eax, RA, RB, RC, RD, RT0, RT1, RE); + +- ret; ++ RET; + ENDPROC(__serpent_enc_blk_4way) + + ENTRY(serpent_dec_blk_4way) +@@ -612,5 +612,5 @@ ENTRY(serpent_dec_blk_4way) + movl arg_dst(%esp), %eax; + write_blocks(%eax, RC, RD, RB, RE, RT0, RT1, RA); + +- ret; ++ RET; + ENDPROC(serpent_dec_blk_4way) +--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S ++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +@@ -675,13 +675,13 @@ ENTRY(__serpent_enc_blk_8way) + write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + +- ret; ++ RET; + + .L__enc_xor8: + xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + +- ret; ++ RET; + ENDPROC(__serpent_enc_blk_8way) + + ENTRY(serpent_dec_blk_8way) +@@ -735,5 +735,5 @@ ENTRY(serpent_dec_blk_8way) + write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); + +- ret; ++ RET; + ENDPROC(serpent_dec_blk_8way) --- a/arch/x86/crypto/sha512-avx2-asm.S +++ b/arch/x86/crypto/sha512-avx2-asm.S @@ -681,7 +681,7 @@ done_hash: @@ -1228,6 +1443,31 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org ENDPROC(twofish_cbc_dec_8way) ENTRY(twofish_ctr_8way) +@@ -404,7 +404,7 @@ ENTRY(twofish_ctr_8way) + popq %r12; + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_ctr_8way) + + ENTRY(twofish_xts_enc_8way) +@@ -428,7 +428,7 @@ ENTRY(twofish_xts_enc_8way) + store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_xts_enc_8way) + + ENTRY(twofish_xts_dec_8way) +@@ -452,5 +452,5 @@ ENTRY(twofish_xts_dec_8way) + store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + + FRAME_END +- ret; ++ RET; + ENDPROC(twofish_xts_dec_8way) --- a/arch/x86/crypto/twofish-i586-asm_32.S +++ b/arch/x86/crypto/twofish-i586-asm_32.S @@ -260,7 +260,7 @@ ENTRY(twofish_enc_blk) @@ -1648,6 +1888,44 @@ Link: https://lore.kernel.org/r/20211204134907.905503893@infradead.org - ret + RET ENDPROC(atomic64_inc_not_zero_cx8) +--- a/arch/x86/lib/checksum_32.S ++++ b/arch/x86/lib/checksum_32.S +@@ -127,7 +127,7 @@ ENTRY(csum_partial) + 8: + popl %ebx + popl %esi +- ret ++ RET + ENDPROC(csum_partial) + + #else +@@ -245,7 +245,7 @@ ENTRY(csum_partial) + 90: + popl %ebx + popl %esi +- ret ++ RET + ENDPROC(csum_partial) + + #endif +@@ -397,7 +397,7 @@ DST( movb %cl, (%edi) ) + popl %esi + popl %edi + popl %ecx # equivalent to addl $4,%esp +- ret ++ RET + ENDPROC(csum_partial_copy_generic) + + #else +@@ -482,7 +482,7 @@ DST( movb %dl, (%edi) ) + popl %esi + popl %edi + popl %ebx +- ret ++ RET + ENDPROC(csum_partial_copy_generic) + + #undef ROUND --- a/arch/x86/lib/cmpxchg8b_emu.S +++ b/arch/x86/lib/cmpxchg8b_emu.S @@ -32,7 +32,7 @@ ENTRY(cmpxchg8b_emu) diff --git a/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch b/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch new file mode 100644 index 0000000..ebdc882 --- /dev/null +++ b/patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch @@ -0,0 +1,40 @@ +From: Peter Zijlstra +Date: Mon, 27 Jun 2022 22:21:17 +0000 +Subject: x86/retbleed: Add fine grained Kconfig knobs +Git-commit: f43b9876e857c739d407bc56df288b0ebe1a9164 +Patch-mainline: v5.19-rc7 +References: bsc#1178134 + +Do fine-grained Kconfig for all the various retbleed parts. + +NOTE: if your compiler doesn't support return thunks this will +silently 'upgrade' your mitigation to IBPB, you might not like this. + +Signed-off-by: Peter Zijlstra (Intel) +Signed-off-by: Borislav Petkov + + [ bp: just the RETPOLINE_CFLAGS changes in order to simplify a later backport. ] +--- + Makefile | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/Makefile ++++ b/Makefile +@@ -700,13 +700,15 @@ endif + + RETPOLINE_CFLAGS_GCC := -mindirect-branch=thunk-extern -mindirect-branch-register + RETPOLINE_CFLAGS_GCC += $(call cc-option,-mindirect-branch-cs-prefix) +-RETPOLINE_CFLAGS_GCC += $(call cc-option,-mfunction-return=thunk-extern) + RETPOLINE_VDSO_CFLAGS_GCC := -mindirect-branch=thunk-inline -mindirect-branch-register + RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk +-RETPOLINE_CFLAGS_CLANG += $(call cc-option,-mfunction-return=thunk-extern) + RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline + RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG))) + RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG))) ++ ++RETHUNK_CFLAGS := -mfunction-return=thunk-extern ++RETPOLINE_CFLAGS += $(RETHUNK_CFLAGS) ++ + export RETPOLINE_CFLAGS + export RETPOLINE_VDSO_CFLAGS + diff --git a/patches.suse/x86-retpoline-Use-mfunction-return.patch b/patches.suse/x86-retpoline-Use-mfunction-return.patch index 7c434f2..ad7f986 100644 --- a/patches.suse/x86-retpoline-Use-mfunction-return.patch +++ b/patches.suse/x86-retpoline-Use-mfunction-return.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:36 +0200 Subject: x86/retpoline: Use -mfunction-return Git-commit: 0b53c374b9eff2255a386f1f1cfb9a928e52a5ae -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Utilize -mfunction-return=thunk-extern when available to have the diff --git a/patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch b/patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch index eac41e7..3a54257 100644 --- a/patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch +++ b/patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch @@ -2,8 +2,7 @@ From: Kim Phillips Date: Tue, 14 Jun 2022 23:15:44 +0200 Subject: x86/sev: Avoid using __x86_return_thunk Git-commit: 0ee9073000e8791f8b134a8ded31bcc767f7f232 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Specifically, it's because __enc_copy() encrypts the kernel after diff --git a/patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch b/patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch index 7c2d176..9cf83ab 100644 --- a/patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch +++ b/patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:28:10 -0700 Subject: x86/speculation: Add a common function for MD_CLEAR mitigation update Git-commit: f52ea6c26953fed339aa4eae717ee5c2133c7ff2 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 Processor MMIO Stale Data mitigation uses similar mitigation as MDS and diff --git a/patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch b/patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch index 7038844..2fc5970 100644 --- a/patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch +++ b/patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Tue, 14 Jun 2022 23:15:55 +0200 Subject: x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS Git-commit: 7c693f54c873691a4b7da05c7e0f74e67745d144 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Extend spectre_v2= boot option with Kernel IBRS. diff --git a/patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch b/patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch index 79ce0bd..ad5545c 100644 --- a/patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch +++ b/patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:15 +0200 Subject: x86/speculation: Fill RSB on vmexit for IBRS Git-commit: 9756bba28470722dacb79ffce554336dd1f6a6cd -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Prevent RSB underflow/poisoning attacks with RSB. While at it, add a diff --git a/patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch b/patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch index 5ea97f5..83a4c9c 100644 --- a/patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch +++ b/patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:07 +0200 Subject: x86/speculation: Fix SPEC_CTRL write on SMT state change Git-commit: 56aa4d221f1ee2c3a49b45b800778ec6e0ab73c5 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 If the SMT state changes, SSBD might get accidentally disabled. Fix diff --git a/patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch b/patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch index c1b5e65..04347cf 100644 --- a/patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch +++ b/patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:06 +0200 Subject: x86/speculation: Fix firmware entry SPEC_CTRL handling Git-commit: e6aa13622ea8283cc699cac5d018cc40a2ba2010 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 The firmware entry code may accidentally clear STIBP or SSBD. Fix that. diff --git a/patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch b/patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch index e3aad1e..8c119d5 100644 --- a/patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch +++ b/patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Fri, 17 Jun 2022 12:12:48 -0700 Subject: x86/speculation: Remove x86_spec_ctrl_mask Git-commit: acac5e98ef8d638a411cfa2ee676c87e1973f126 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 This mask has been made redundant by kvm_spec_ctrl_test_value(). And it diff --git a/patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch b/patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch index 986cc12..8741e67 100644 --- a/patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch +++ b/patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch @@ -2,8 +2,7 @@ From: Josh Poimboeuf Date: Tue, 14 Jun 2022 23:16:08 +0200 Subject: x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit Git-commit: bbb69e8bee1bd882784947095ffb2bfe0f7c9470 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 There's no need to recalculate the host value for every entry/exit. diff --git a/patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch b/patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch index d265118..c353689 100644 --- a/patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch +++ b/patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:29:11 -0700 Subject: x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data Git-commit: 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 Processor MMIO Stale Data is a class of vulnerabilities that may diff --git a/patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch b/patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch index 523fc87..d2212ab 100644 --- a/patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch +++ b/patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:32:13 -0700 Subject: x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data Git-commit: 8d50cdf8b8341770bc6367bce40c0c1bb0e1d5b3 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 Add the sysfs reporting file for Processor MMIO Stale Data diff --git a/patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch b/patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch index 9eb320c..2e9890b 100644 --- a/patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch +++ b/patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:31:12 -0700 Subject: x86/speculation/mmio: Enable CPU Fill buffer clearing on idle Git-commit: 99a83db5a605137424e1efe29dc0573d6a5b6316 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 When the CPU is affected by Processor MMIO Stale Data vulnerabilities, diff --git a/patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch b/patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch index fef70f8..af80549 100644 --- a/patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch +++ b/patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:27:08 -0700 Subject: x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug Git-commit: 51802186158c74a0304f51ab963e7c2b3a2b046f -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 Processor MMIO Stale Data is a class of vulnerabilities that may diff --git a/patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch b/patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch index eb993bc..bd1235b 100644 --- a/patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch +++ b/patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:34:14 -0700 Subject: x86/speculation/mmio: Reuse SRBDS mitigation for SBDS Git-commit: a992b8a4682f119ae035a01b40d4d0665c4a2875 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 The Shared Buffers Data Sampling (SBDS) variant of Processor MMIO Stale diff --git a/patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch b/patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch index a9b94b3..09cdf27 100644 --- a/patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch +++ b/patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch @@ -2,8 +2,7 @@ From: Pawan Gupta Date: Thu, 19 May 2022 20:33:13 -0700 Subject: x86/speculation/srbds: Update SRBDS mitigation selection Git-commit: 22cac9c677c95f3ac5c9244f8ca0afdc7c8afb19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git -Patch-mainline: Queued in tip for v5.19 +Patch-mainline: v5.19-rc3 References: bsc#1199650 CVE-2022-21166 CVE-2022-21127 CVE-2022-21123 CVE-2022-21125 CVE-2022-21180 Currently, Linux disables SRBDS mitigation on CPUs not affected by diff --git a/patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch b/patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch index 11ef0b5..9104fbd 100644 --- a/patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch +++ b/patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:15:43 +0200 Subject: x86/vsyscall_emu/64: Don't use RET in vsyscall emulation Git-commit: 15583e514eb16744b80be85dea0774ece153177d -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 This is userspace code and doesn't play by the normal kernel rules. diff --git a/patches.suse/x86-xen-Rename-SYS-entry-points.patch b/patches.suse/x86-xen-Rename-SYS-entry-points.patch index 34df93e..7ac238f 100644 --- a/patches.suse/x86-xen-Rename-SYS-entry-points.patch +++ b/patches.suse/x86-xen-Rename-SYS-entry-points.patch @@ -2,8 +2,7 @@ From: Peter Zijlstra Date: Tue, 14 Jun 2022 23:16:00 +0200 Subject: x86/xen: Rename SYS* entry points Git-commit: b75b7f8ef1148be1b9321ffc2f6c19238904b438 -Patch-mainline: Queued in tip for 5.19 -Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git +Patch-mainline: v5.19-rc7 References: bsc#1199657 CVE-2022-29900 CVE-2022-29901 Native SYS{CALL,ENTER} entry points are called diff --git a/patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch b/patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch new file mode 100644 index 0000000..27cf112 --- /dev/null +++ b/patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch @@ -0,0 +1,49 @@ +Patch-mainline: 5.19-rc6 +Git-commit: 2f446ffe9d737e9a844b97887919c4fda18246e7 +References: bsc#1200762, CVE-2022-26365, XSA-403 +From: Roger Pau Monne +Date: Fri, 1 Jul 2022 08:23:54 +0200 +Subject: [PATCH] xen/blkfront: fix leaking data in shared pages +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When allocating pages to be used for shared communication with the +backend always zero them, this avoids leaking unintended data present +on the pages. + +This is CVE-2022-26365, part of XSA-403. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Jan Beulich +Reviewed-by: Juergen Gross +--- + drivers/block/xen-blkfront.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index 33f04ef78984..4b3bef6ace68 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -311,7 +311,7 @@ static int fill_grant_buffer(struct blkfront_ring_info *rinfo, int num) + goto out_of_memory; + + if (info->feature_persistent) { +- granted_page = alloc_page(GFP_NOIO); ++ granted_page = alloc_page(GFP_NOIO | __GFP_ZERO); + if (!granted_page) { + kfree(gnt_list_entry); + goto out_of_memory; +@@ -2183,7 +2183,8 @@ static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo) + + BUG_ON(!list_empty(&rinfo->indirect_pages)); + for (i = 0; i < num; i++) { +- struct page *indirect_page = alloc_page(GFP_KERNEL); ++ struct page *indirect_page = alloc_page(GFP_KERNEL | ++ __GFP_ZERO); + if (!indirect_page) + goto out_of_memory; + list_add(&indirect_page->lru, &rinfo->indirect_pages); +-- +2.35.3 + diff --git a/patches.suse/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch b/patches.suse/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch new file mode 100644 index 0000000..299343c --- /dev/null +++ b/patches.suse/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch @@ -0,0 +1,207 @@ +Patch-mainline: 5.19-rc6 +Git-commit: 2400617da7eebf9167d71a46122828bc479d64c9 +References: bsc#1200762, CVE-2022-33742, XSA-403 +From: Roger Pau Monne +Date: Thu, 7 Apr 2022 13:04:24 +0200 +Subject: [PATCH] xen/blkfront: force data bouncing when backend is untrusted +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Split the current bounce buffering logic used with persistent grants +into it's own option, and allow enabling it independently of +persistent grants. This allows to reuse the same code paths to +perform the bounce buffering required to avoid leaking contiguous data +in shared pages not part of the request fragments. + +Reporting whether the backend is to be trusted can be done using a +module parameter, or from the xenstore frontend path as set by the +toolstack when adding the device. + +This is CVE-2022-33742, part of XSA-403. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Juergen Gross +--- + drivers/block/xen-blkfront.c | 49 +++++++++++++++++++++++++----------- + 1 file changed, 34 insertions(+), 15 deletions(-) + +diff --git a/drivers/block/xen-blkfront.c b/drivers/block/xen-blkfront.c +index 4b3bef6ace68..3646c0cae672 100644 +--- a/drivers/block/xen-blkfront.c ++++ b/drivers/block/xen-blkfront.c +@@ -152,6 +152,10 @@ static unsigned int xen_blkif_max_ring_order; + module_param_named(max_ring_page_order, xen_blkif_max_ring_order, int, 0444); + MODULE_PARM_DESC(max_ring_page_order, "Maximum order of pages to be used for the shared ring"); + ++static bool __read_mostly xen_blkif_trusted = true; ++module_param_named(trusted, xen_blkif_trusted, bool, 0644); ++MODULE_PARM_DESC(trusted, "Is the backend trusted"); ++ + #define BLK_RING_SIZE(info) \ + __CONST_RING_SIZE(blkif, XEN_PAGE_SIZE * (info)->nr_ring_pages) + +@@ -210,6 +214,7 @@ struct blkfront_info + unsigned int feature_discard:1; + unsigned int feature_secdiscard:1; + unsigned int feature_persistent:1; ++ unsigned int bounce:1; + unsigned int discard_granularity; + unsigned int discard_alignment; + /* Number of 4KB segments handled */ +@@ -310,7 +315,7 @@ static int fill_grant_buffer(struct blkfront_ring_info *rinfo, int num) + if (!gnt_list_entry) + goto out_of_memory; + +- if (info->feature_persistent) { ++ if (info->bounce) { + granted_page = alloc_page(GFP_NOIO | __GFP_ZERO); + if (!granted_page) { + kfree(gnt_list_entry); +@@ -330,7 +335,7 @@ static int fill_grant_buffer(struct blkfront_ring_info *rinfo, int num) + list_for_each_entry_safe(gnt_list_entry, n, + &rinfo->grants, node) { + list_del(&gnt_list_entry->node); +- if (info->feature_persistent) ++ if (info->bounce) + __free_page(gnt_list_entry->page); + kfree(gnt_list_entry); + i--; +@@ -376,7 +381,7 @@ static struct grant *get_grant(grant_ref_t *gref_head, + /* Assign a gref to this page */ + gnt_list_entry->gref = gnttab_claim_grant_reference(gref_head); + BUG_ON(gnt_list_entry->gref == -ENOSPC); +- if (info->feature_persistent) ++ if (info->bounce) + grant_foreign_access(gnt_list_entry, info); + else { + /* Grant access to the GFN passed by the caller */ +@@ -400,7 +405,7 @@ static struct grant *get_indirect_grant(grant_ref_t *gref_head, + /* Assign a gref to this page */ + gnt_list_entry->gref = gnttab_claim_grant_reference(gref_head); + BUG_ON(gnt_list_entry->gref == -ENOSPC); +- if (!info->feature_persistent) { ++ if (!info->bounce) { + struct page *indirect_page; + + /* Fetch a pre-allocated page to use for indirect grefs */ +@@ -703,7 +708,7 @@ static int blkif_queue_rw_req(struct request *req, struct blkfront_ring_info *ri + .grant_idx = 0, + .segments = NULL, + .rinfo = rinfo, +- .need_copy = rq_data_dir(req) && info->feature_persistent, ++ .need_copy = rq_data_dir(req) && info->bounce, + }; + + /* +@@ -981,11 +986,12 @@ static void xlvbd_flush(struct blkfront_info *info) + { + blk_queue_write_cache(info->rq, info->feature_flush ? true : false, + info->feature_fua ? true : false); +- pr_info("blkfront: %s: %s %s %s %s %s\n", ++ pr_info("blkfront: %s: %s %s %s %s %s %s %s\n", + info->gd->disk_name, flush_info(info), + "persistent grants:", info->feature_persistent ? + "enabled;" : "disabled;", "indirect descriptors:", +- info->max_indirect_segments ? "enabled;" : "disabled;"); ++ info->max_indirect_segments ? "enabled;" : "disabled;", ++ "bounce buffer:", info->bounce ? "enabled" : "disabled;"); + } + + static int xen_translate_vdev(int vdevice, int *minor, unsigned int *offset) +@@ -1207,7 +1213,7 @@ static void blkif_free_ring(struct blkfront_ring_info *rinfo) + if (!list_empty(&rinfo->indirect_pages)) { + struct page *indirect_page, *n; + +- BUG_ON(info->feature_persistent); ++ BUG_ON(info->bounce); + list_for_each_entry_safe(indirect_page, n, &rinfo->indirect_pages, lru) { + list_del(&indirect_page->lru); + __free_page(indirect_page); +@@ -1224,7 +1230,7 @@ static void blkif_free_ring(struct blkfront_ring_info *rinfo) + 0, 0UL); + rinfo->persistent_gnts_c--; + } +- if (info->feature_persistent) ++ if (info->bounce) + __free_page(persistent_gnt->page); + kfree(persistent_gnt); + } +@@ -1245,7 +1251,7 @@ static void blkif_free_ring(struct blkfront_ring_info *rinfo) + for (j = 0; j < segs; j++) { + persistent_gnt = rinfo->shadow[i].grants_used[j]; + gnttab_end_foreign_access(persistent_gnt->gref, 0, 0UL); +- if (info->feature_persistent) ++ if (info->bounce) + __free_page(persistent_gnt->page); + kfree(persistent_gnt); + } +@@ -1428,7 +1434,7 @@ static int blkif_completion(unsigned long *id, + data.s = s; + num_sg = s->num_sg; + +- if (bret->operation == BLKIF_OP_READ && info->feature_persistent) { ++ if (bret->operation == BLKIF_OP_READ && info->bounce) { + for_each_sg(s->sg, sg, num_sg, i) { + BUG_ON(sg->offset + sg->length > PAGE_SIZE); + +@@ -1487,7 +1493,7 @@ static int blkif_completion(unsigned long *id, + * Add the used indirect page back to the list of + * available pages for indirect grefs. + */ +- if (!info->feature_persistent) { ++ if (!info->bounce) { + indirect_page = s->indirect_grants[i]->page; + list_add(&indirect_page->lru, &rinfo->indirect_pages); + } +@@ -1764,6 +1770,10 @@ static int talk_to_blkback(struct xenbus_device *dev, + if (!info) + return -ENODEV; + ++ /* Check if backend is trusted. */ ++ info->bounce = !xen_blkif_trusted || ++ !xenbus_read_unsigned(dev->nodename, "trusted", 1); ++ + max_page_order = xenbus_read_unsigned(info->xbdev->otherend, + "max-ring-page-order", 0); + ring_page_order = min(xen_blkif_max_ring_order, max_page_order); +@@ -2173,10 +2183,10 @@ static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo) + if (err) + goto out_of_memory; + +- if (!info->feature_persistent && info->max_indirect_segments) { ++ if (!info->bounce && info->max_indirect_segments) { + /* +- * We are using indirect descriptors but not persistent +- * grants, we need to allocate a set of pages that can be ++ * We are using indirect descriptors but don't have a bounce ++ * buffer, we need to allocate a set of pages that can be + * used for mapping indirect grefs + */ + int num = INDIRECT_GREFS(grants) * BLK_RING_SIZE(info); +@@ -2277,6 +2287,8 @@ static void blkfront_gather_backend_features(struct blkfront_info *info) + info->feature_persistent = + !!xenbus_read_unsigned(info->xbdev->otherend, + "feature-persistent", 0); ++ if (info->feature_persistent) ++ info->bounce = true; + + indirect_segments = xenbus_read_unsigned(info->xbdev->otherend, + "feature-max-indirect-segments", 0); +@@ -2548,6 +2560,13 @@ static void blkfront_delay_work(struct work_struct *work) + struct blkfront_info *info; + bool need_schedule_work = false; + ++ /* ++ * Note that when using bounce buffers but not persistent grants ++ * there's no need to run blkfront_delay_work because grants are ++ * revoked in blkif_completion or else an error is reported and the ++ * connection is closed. ++ */ ++ + mutex_lock(&blkfront_mutex); + + list_for_each_entry(info, &info_list, info_list) { +-- +2.35.3 + diff --git a/patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch b/patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch new file mode 100644 index 0000000..cea6cb2 --- /dev/null +++ b/patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch @@ -0,0 +1,63 @@ +Patch-mainline: 5.19-rc7 +Git-commit: 94e8100678889ab428e68acadf042de723f094b9 +References: bsc#1201381 +From: Juergen Gross +Date: Wed, 13 Jul 2022 15:53:22 +0200 +Subject: [PATCH] xen/netback: avoid entering xenvif_rx_next_skb() with an + empty rx queue + +xenvif_rx_next_skb() is expecting the rx queue not being empty, but +in case the loop in xenvif_rx_action() is doing multiple iterations, +the availability of another skb in the rx queue is not being checked. + +This can lead to crashes: + +[40072.537261] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 +[40072.537407] IP: xenvif_rx_skb+0x23/0x590 [xen_netback] +[40072.537534] PGD 0 P4D 0 +[40072.537644] Oops: 0000 [#1] SMP NOPTI +[40072.537749] CPU: 0 PID: 12505 Comm: v1-c40247-q2-gu Not tainted 4.12.14-122.121-default #1 SLE12-SP5 +[40072.537867] Hardware name: HP ProLiant DL580 Gen9/ProLiant DL580 Gen9, BIOS U17 11/23/2021 +[40072.537999] task: ffff880433b38100 task.stack: ffffc90043d40000 +[40072.538112] RIP: e030:xenvif_rx_skb+0x23/0x590 [xen_netback] +[40072.538217] RSP: e02b:ffffc90043d43de0 EFLAGS: 00010246 +[40072.538319] RAX: 0000000000000000 RBX: ffffc90043cd7cd0 RCX: 00000000000000f7 +[40072.538430] RDX: 0000000000000000 RSI: 0000000000000006 RDI: ffffc90043d43df8 +[40072.538531] RBP: 000000000000003f R08: 000077ff80000000 R09: 0000000000000008 +[40072.538644] R10: 0000000000007ff0 R11: 00000000000008f6 R12: ffffc90043ce2708 +[40072.538745] R13: 0000000000000000 R14: ffffc90043d43ed0 R15: ffff88043ea748c0 +[40072.538861] FS: 0000000000000000(0000) GS:ffff880484600000(0000) knlGS:0000000000000000 +[40072.538988] CS: e033 DS: 0000 ES: 0000 CR0: 0000000080050033 +[40072.539088] CR2: 0000000000000080 CR3: 0000000407ac8000 CR4: 0000000000040660 +[40072.539211] Call Trace: +[40072.539319] xenvif_rx_action+0x71/0x90 [xen_netback] +[40072.539429] xenvif_kthread_guest_rx+0x14a/0x29c [xen_netback] + +Fix that by stopping the loop in case the rx queue becomes empty. + +Cc: stable@vger.kernel.org +Fixes: 98f6d57ced73 ("xen-netback: process guest rx packets in batches") +Signed-off-by: Juergen Gross +Reviewed-by: Jan Beulich +Reviewed-by: Paul Durrant +Link: https://lore.kernel.org/r/20220713135322.19616-1-jgross@suse.com +Signed-off-by: Jakub Kicinski +--- + drivers/net/xen-netback/rx.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/net/xen-netback/rx.c b/drivers/net/xen-netback/rx.c +index dbac4c03d21a..a0335407be42 100644 +--- a/drivers/net/xen-netback/rx.c ++++ b/drivers/net/xen-netback/rx.c +@@ -495,6 +495,7 @@ void xenvif_rx_action(struct xenvif_queue *queue) + queue->rx_copy.completed = &completed_skbs; + + while (xenvif_rx_ring_slots_available(queue) && ++ !skb_queue_empty(&queue->rx_queue) && + work_done < RX_BATCH_SIZE) { + xenvif_rx_skb(queue); + work_done++; +-- +2.35.3 + diff --git a/patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch b/patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch new file mode 100644 index 0000000..cc12318 --- /dev/null +++ b/patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch @@ -0,0 +1,39 @@ +Patch-mainline: 5.19-rc6 +Git-commit: 307c8de2b02344805ebead3440d8feed28f2f010 +References: bsc#1200762, CVE-2022-33740, XSA-403 +From: Roger Pau Monne +Date: Wed, 6 Apr 2022 17:38:04 +0200 +Subject: [PATCH] xen/netfront: fix leaking data in shared pages +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When allocating pages to be used for shared communication with the +backend always zero them, this avoids leaking unintended data present +on the pages. + +This is CVE-2022-33740, part of XSA-403. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Jan Beulich +Reviewed-by: Juergen Gross +--- + drivers/net/xen-netfront.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index 8c0b9546d5a2..e3165139629d 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -271,7 +271,7 @@ static struct sk_buff *xennet_alloc_one_rx_buffer(struct netfront_queue *queue) + if (unlikely(!skb)) + return NULL; + +- page = alloc_page(GFP_ATOMIC | __GFP_NOWARN); ++ page = alloc_page(GFP_ATOMIC | __GFP_NOWARN | __GFP_ZERO); + if (!page) { + kfree_skb(skb); + return NULL; +-- +2.35.3 + diff --git a/patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch b/patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch new file mode 100644 index 0000000..9973151 --- /dev/null +++ b/patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch @@ -0,0 +1,129 @@ +Patch-mainline: 5.19-rc6 +Git-commit: 4491001c2e0fa69efbb748c96ec96b100a5cdb7e +References: bsc#1200762, CVE-2022-33741, XSA-403 +From: Roger Pau Monne +Date: Thu, 7 Apr 2022 12:20:06 +0200 +Subject: [PATCH] xen/netfront: force data bouncing when backend is untrusted +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Bounce all data on the skbs to be transmitted into zeroed pages if the +backend is untrusted. This avoids leaking data present in the pages +shared with the backend but not part of the skb fragments. This +requires introducing a new helper in order to allocate skbs with a +size multiple of XEN_PAGE_SIZE so we don't leak contiguous data on the +granted pages. + +Reporting whether the backend is to be trusted can be done using a +module parameter, or from the xenstore frontend path as set by the +toolstack when adding the device. + +This is CVE-2022-33741, part of XSA-403. + +Signed-off-by: Roger Pau Monné +Reviewed-by: Juergen Gross +--- + drivers/net/xen-netfront.c | 49 ++++++++++++++++++++++++++++++++++++-- + 1 file changed, 47 insertions(+), 2 deletions(-) + +diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c +index e3165139629d..87f6df77bfbf 100644 +--- a/drivers/net/xen-netfront.c ++++ b/drivers/net/xen-netfront.c +@@ -66,6 +66,10 @@ module_param_named(max_queues, xennet_max_queues, uint, 0644); + MODULE_PARM_DESC(max_queues, + "Maximum number of queues per virtual interface"); + ++static bool __read_mostly xennet_trusted = true; ++module_param_named(trusted, xennet_trusted, bool, 0644); ++MODULE_PARM_DESC(trusted, "Is the backend trusted"); ++ + static const struct ethtool_ops xennet_ethtool_ops; + + struct netfront_cb { +@@ -173,6 +177,9 @@ struct netfront_info { + /* Is device behaving sane? */ + bool broken; + ++ /* Should skbs be bounced into a zeroed buffer? */ ++ bool bounce; ++ + atomic_t rx_gso_checksum_fixup; + }; + +@@ -666,6 +673,34 @@ static int xennet_xdp_xmit(struct net_device *dev, int n, + queue->tx_link[i] = TX_PENDING; + } + ++struct sk_buff *bounce_skb(const struct sk_buff *skb) ++{ ++ unsigned int headerlen = skb_headroom(skb); ++ /* Align size to allocate full pages and avoid contiguous data leaks */ ++ unsigned int size = ALIGN(skb_end_offset(skb) + skb->data_len, ++ XEN_PAGE_SIZE); ++ struct sk_buff *n = alloc_skb(size, GFP_ATOMIC | __GFP_ZERO); ++ ++ if (!n) ++ return NULL; ++ ++ if (!IS_ALIGNED((uintptr_t)n->head, XEN_PAGE_SIZE)) { ++ WARN_ONCE(1, "misaligned skb allocated\n"); ++ kfree_skb(n); ++ return NULL; ++ } ++ ++ /* Set the data pointer */ ++ skb_reserve(n, headerlen); ++ /* Set the tail pointer and length */ ++ skb_put(n, skb->len); ++ ++ BUG_ON(skb_copy_bits(skb, -headerlen, n->head, headerlen + skb->len)); ++ ++ skb_copy_header(n, skb); ++ return n; ++} ++ + #define MAX_XEN_SKB_FRAGS (65536 / XEN_PAGE_SIZE + 1) + + static netdev_tx_t xennet_start_xmit(struct sk_buff *skb, struct net_device *dev) +@@ -719,9 +753,13 @@ static netdev_tx_t xennet_start_xmit(struct sk_buff *skb, struct net_device *dev + + /* The first req should be at least ETH_HLEN size or the packet will be + * dropped by netback. ++ * ++ * If the backend is not trusted bounce all data to zeroed pages to ++ * avoid exposing contiguous data on the granted page not belonging to ++ * the skb. + */ +- if (unlikely(PAGE_SIZE - offset < ETH_HLEN)) { +- nskb = skb_copy(skb, GFP_ATOMIC); ++ if (np->bounce || unlikely(PAGE_SIZE - offset < ETH_HLEN)) { ++ nskb = bounce_skb(skb); + if (!nskb) + goto drop; + dev_consume_skb_any(skb); +@@ -2215,6 +2253,10 @@ static int talk_to_netback(struct xenbus_device *dev, + + info->netdev->irq = 0; + ++ /* Check if backend is trusted. */ ++ info->bounce = !xennet_trusted || ++ !xenbus_read_unsigned(dev->nodename, "trusted", 1); ++ + /* Check if backend supports multiple queues */ + max_queues = xenbus_read_unsigned(info->xbdev->otherend, + "multi-queue-max-queues", 1); +@@ -2382,6 +2424,9 @@ static int xennet_connect(struct net_device *dev) + err = talk_to_netback(np->xbdev, np); + if (err) + return err; ++ if (np->bounce) ++ dev_info(&np->xbdev->dev, ++ "bouncing transmitted data to zeroed pages\n"); + + /* talk_to_netback() sets the correct number of queues */ + num_queues = dev->real_num_tx_queues; +-- +2.35.3 + diff --git a/rpm/kernel-binary.spec.in b/rpm/kernel-binary.spec.in index 5942892..44ddc75 100644 --- a/rpm/kernel-binary.spec.in +++ b/rpm/kernel-binary.spec.in @@ -137,6 +137,10 @@ BuildRequires: modutils # Used to sign the kernel in the buildservice BuildRequires: openssl BuildRequires: pesign-obs-integration +%if 0%{?suse_version} > 1500 || 0%{?sle_version} >= 150300 +# pahole for CONFIG_DEBUG_INFO_BTF +BuildRequires: dwarves >= 1.22 +%endif # for objtool BuildRequires: libelf-devel # required for 50-check-kernel-build-id rpm check diff --git a/series.conf b/series.conf index 87fb037..e2a27cf 100644 --- a/series.conf +++ b/series.conf @@ -1442,6 +1442,7 @@ patches.suse/0001-media-stih-cec-use-cec_notifier_cec_adap_-un-registe.patch patches.suse/0001-media-tegra-cec-use-cec_notifier_cec_adap_-un-regist.patch patches.suse/media-vb2-reorder-checks-in-vb2_poll.patch + patches.suse/media-v4l2-mem2mem-reorder-checks-in-v4l2_m2m_poll.patch patches.suse/media-vivid-fix-potential-integer-overflow-on-left-s.patch patches.suse/media-vivid-add-sanity-check-to-avoid-divide-error-a.patch patches.suse/media-vivid-work-around-high-stack-usage-with-clang.patch @@ -5775,6 +5776,9 @@ patches.suse/2068-drm-nouveau-bar-gm20b-Avoid-BAR1-teardown-during-ini.patch patches.suse/kbuild-Fail-if-gold-linker-is-detected.patch patches.rt/Kbuild-Handle-PREEMPT_RT-for-version-string-and-magi.patch + patches.suse/kbuild-add-M-marker-for-build-log-of-.mod.o.patch + patches.suse/kbuild-rebuild-modules-when-module-linker-scripts-are-upda.patch + patches.suse/kbuild-split-final-module-linking-out-into-Makefile.modfin.patch patches.suse/docs-kbuild-fix-invalid-ReST-syntax.patch patches.suse/docs-kbuild-remove-cc-ldoption-from-document-again.patch patches.suse/kbuild-Do-not-enable-Wimplicit-fallthrough-for-clang.patch @@ -9162,6 +9166,7 @@ patches.suse/arm64-Fake-the-IminLine-size-on-systems-affected-by-.patch patches.suse/arm64-compat-Workaround-Neoverse-N1-1542419-for-comp.patch patches.suse/arm64-Silence-clang-warning-on-mismatched-value-regi.patch + patches.suse/arm64-module-rework-special-section-handling.patch patches.suse/Documentation-perf-Update-documentation-for-ThunderX.patch patches.suse/drivers-perf-Add-CCPI2-PMU-support-in-ThunderX2-UNCO.patch patches.suse/arm64-perf-Simplify-the-ARMv8-PMUv3-event-attributes.patch @@ -9505,6 +9510,7 @@ patches.suse/ipvlan-consolidate-TSO-flags-using-NETIF_F_ALL_TSO.patch patches.suse/af_unix-__unix_find_socket_byname-cleanup.patch patches.suse/sock_get_timeout-drop-unnecessary-return-variable.patch + patches.suse/net-usb-ax88179_178a-write-mac-to-hardware-in-get_ma.patch patches.suse/devlink-don-t-do-reporter-recovery-if-the-state-is-h.patch patches.suse/devlink-propagate-extack-down-to-health-reporter-ops.patch patches.suse/netdevsim-implement-couple-of-testing-devlink-health.patch @@ -10841,6 +10847,7 @@ patches.suse/powerpc-Add-const-qual-to-local_read-parameter.patch patches.suse/mlxsw-spectrum_router-After-underlay-moves-demote-co.patch patches.suse/mlxsw-spectrum_router-Fix-use-of-uninitialized-adjac.patch + patches.suse/ax88179_178a-add-ethtool_op_get_ts_info.patch patches.suse/0001-Bluetooth-btusb-fix-PM-leak-in-error-case-of-setup.patch patches.suse/Bluetooth-btbcm-Add-entry-for-BCM4334B0-UART-Bluetoo.patch patches.suse/Bluetooth-delete-a-stray-unlock.patch @@ -11628,7 +11635,9 @@ patches.suse/media-venus-core-Fix-msm8996-frequency-table.patch patches.suse/media-venus-Fix-occasionally-failures-to-suspend.patch patches.suse/media-rc-mark-input-device-as-pointing-stick.patch + patches.suse/media-rc-increase-rc-mm-tolerance-and-add-debug-mess.patch patches.suse/media-mceusb-fix-out-of-bounds-read-in-MCE-receiver-.patch + patches.suse/media-rtl28xxu-set-keymap-for-Astrometa-DVB-T2.patch patches.suse/media-rc-prevent-memory-leak-in-cx23888_ir_probe.patch patches.suse/media-flexcop-usb-fix-NULL-ptr-deref-in-flexcop_usb_.patch patches.suse/media-cec-funcs.h-add-status_req-checks.patch @@ -14816,6 +14825,8 @@ patches.suse/0028-modpost-dump-missing-namespaces-into-a-single-module.patch patches.suse/0029-scripts-nsdeps-support-nsdeps-for-external-module-bu.patch patches.suse/0030-modpost-remove-unneeded-local-variable-in-contains_n.patch + patches.suse/kbuild-drop-wildcard-check-in-if_changed-for-faster-rebuil.patch + patches.suse/kbuild-rename-any-prereq-to-newer-prereqs.patch patches.suse/1885-kbuild-remove-header-compile-test.patch patches.suse/percpu-refcount-Use-normal-instead-of-RCU-sched.patch patches.suse/irq_work-Convert-flags-to-atomic_t.patch @@ -16536,6 +16547,8 @@ patches.suse/arm64-nofpsmid-Handle-TIF_FOREIGN_FPSTATE-flag-clean.patch patches.suse/drivers-perf-hisi-Simplify-hisi_read_sccl_and_ccl_id.patch patches.suse/perf-imx_ddr-fix-cpu-hotplug-state-cleanup.patch + patches.suse/arm64-asm-Add-new-style-position-independent-function-annotations.patch + patches.suse/arm64-lib-Use-modern-annotations-for-assembly-functions.patch patches.suse/arm64-Implement-archrandom.h-for-ARMv8.5-RNG.patch patches.suse/arm64-Use-v8.5-RNG-entropy-for-KASLR-seed.patch patches.suse/arm64-acpi-fix-DAIF-manipulation-with-pNMI.patch @@ -21014,6 +21027,7 @@ patches.suse/kvm-nvmx-vmwrite-checks-unsupported-field-before-read-only-field patches.suse/kvm-x86-fix-potential-put_fpu-w-o-load_fpu-on-mpx-platform patches.suse/msft-hv-2009-KVM-hyperv-Fix-some-typos-in-vcpu-unimpl-info.patch + patches.suse/KVM-VMX-Add-non-canonical-check-on-writes-to-RTIT-ad.patch patches.suse/KVM-x86-Don-t-let-userspace-set-host-reserved-cr4-bi.patch patches.suse/kvm-svm-override-default-mmio-mask-if-memory-encryption-is-enabled patches.suse/kvm-x86-mmu-apply-max-pa-check-for-mmio-sptes-to-32-bit-kvm @@ -21237,10 +21251,12 @@ patches.suse/media-af9005-uninitialized-variable-printked.patch patches.suse/media-vp7045-do-not-read-uninitialized-values-if-usb.patch patches.suse/media-rc-ensure-lirc-is-initialized-before-registeri.patch + patches.suse/media-rtl28xxu-Add-support-for-PROlectrix-DV107669-D.patch patches.suse/media-ov5640-Fix-check-for-PLL1-exceeding-max-allowe.patch patches.suse/media-i2c-mt9v032-fix-enum-mbus-codes-and-frame-size.patch patches.suse/media-v4l2-rect.h-fix-v4l2_rect_map_inside-top-left-.patch patches.suse/media-sti-bdisp-fix-a-possible-sleep-in-atomic-conte.patch + patches.suse/media-usb-dvb-usb-v2-rtl28xxu-convert-to-use-i2c_new.patch patches.suse/media-iguanair-fix-endpoint-sanity-check.patch patches.suse/media-uvcvideo-Avoid-cyclic-entity-chains-due-to-mal.patch patches.suse/media-uvcvideo-Add-a-quirk-to-force-GEO-GC6500-Camer.patch @@ -21276,6 +21292,9 @@ patches.suse/char-random-silence-a-lockdep-splat-with-printk.patch patches.suse/random-remove-unnecessary-unlikely.patch patches.suse/random-Add-and-use-pr_fmt.patch + patches.suse/linux-random.h-Remove-arch_has_random-arch_has_random_seed.patch + patches.suse/linux-random.h-Use-false-with-bool.patch + patches.suse/linux-random.h-Mark-CONFIG_ARCH_RANDOM-functions-__must_check.patch patches.suse/kbuild-use-S-instead-of-E-for-precise-cc-option-test.patch patches.suse/vfs-fix-do_last-regression.patch patches.suse/cifs-fix-soft-mounts-hanging-in-the-reconnect-code.patch @@ -23406,6 +23425,7 @@ patches.suse/media-staging-imx-Missing-assignment-in-imx_media_ca.patch patches.suse/media-venus-hfi_parser-Ignore-HEVC-encoding-for-V1.patch patches.suse/media-vsp1-tidyup-VI6_HGT_LBn_H-macro.patch + patches.suse/media-rtl28xxu-add-missing-sleep-before-probing-slav.patch patches.suse/media-go7007-Fix-URB-type-for-interrupt-handling.patch patches.suse/media-v4l2-core-fix-a-use-after-free-bug-of-sd-devno.patch patches.suse/media-v4l2-core-fix-entity-initialization-in-device_.patch @@ -24825,6 +24845,7 @@ patches.suse/net-mlx5e-Show-set-Rx-flow-indir-table-and-RSS-hash-.patch patches.suse/net-mlx5e-Init-ethtool-steering-for-representors.patch patches.suse/net-mlx5e-Show-set-Rx-network-flow-classification-ru.patch + patches.suse/net-stmmac-Use-resolved-link-config-in-mac_link_up.patch patches.suse/flow_offload-use-flow_action_for_each-in-flow_action.patch patches.suse/enetc-Drop-redundant-device-node-check.patch patches.suse/enetc-Clean-up-of-ehtool-stats-len.patch @@ -28162,6 +28183,8 @@ patches.suse/arm64-tegra-Fix-Tegra194-PCIe-compatible-string.patch patches.suse/arm64-tegra-Enable-I2C-controller-for-EEPROM.patch patches.suse/arm64-dts-clearfog-gt-8k-set-gigabit-PHY-reset-deass.patch + patches.suse/arm64-dts-mcbin-support-2W-SFP-modules.patch + patches.suse/arm64-dts-marvell-espressobin-add-ethernet-alias.patch patches.suse/ARM-dts-uniphier-Set-SCSSI-clock-and-reset-IDs-for-each-channel.patch patches.suse/arm64-dts-uniphier-Set-SCSSI-clock-and-reset-IDs-for.patch patches.suse/ARM-dts-imx7-colibri-fix-muxing-of-usbc_det-pin.patch @@ -29375,6 +29398,7 @@ patches.suse/bnxt_en-Fix-VLAN-acceleration-handling-in-bnxt_fix_f.patch patches.suse/sch_sfq-validate-silly-quantum-values.patch patches.suse/net-tc35815-Fix-phydev-supported-advertising-mask.patch + patches.suse/net-sonic-Fix-a-resource-leak-in-an-error-handling-p.patch patches.suse/batman-adv-fix-batadv_nc_random_weight_tq.patch patches.suse/batman-adv-Fix-refcnt-leak-in-batadv_show_throughput.patch patches.suse/batman-adv-Fix-refcnt-leak-in-batadv_store_throughpu.patch @@ -32600,6 +32624,7 @@ patches.suse/selftests-mlxsw-rename-tc_flower_restrictions.sh-to-.patch patches.suse/selftests-mlxsw-tc_restrictions-add-test-to-check-sa.patch patches.suse/selftests-mlxsw-tc_restrictions-add-couple-of-test-f.patch + patches.suse/net-usb-ax88179_178a-remove-redundant-assignment-to-.patch patches.suse/net-phy-Add-cable-test-support-to-state-machine.patch patches.suse/net-phy-Add-support-for-polling-cable-test.patch patches.suse/net-ethtool-netlink-Add-support-for-triggering-a-cab.patch @@ -34226,6 +34251,7 @@ patches.suse/ARM-dts-sun8i-h2-plus-bananapi-m2-zero-Fix-led-polarity.patch patches.suse/ARM-dts-at91-sama5d2_ptc_ek-fix-sdmmc0-node-description.patch patches.suse/ARM-dts-at91-sama5d2_ptc_ek-fix-vbus-pin.patch + patches.suse/arm64-dts-marvell-armada-37xx-Set-pcie_reset_pin-to-gpio-function.patch patches.suse/arm64-tegra-Fix-ethernet-phy-mode-for-Jetson-Xavier.patch patches.suse/arm64-tegra-Fix-flag-for-64-bit-resources-in-ranges-.patch patches.suse/x86-tlb-uv-Add-a-forward-declaration-for-struct-flus.patch @@ -35179,6 +35205,7 @@ patches.suse/ethtool-linkinfo-remove-an-unnecessary-NULL-check.patch patches.suse/net-dp83867-Fix-OF_MDIO-config-check.patch patches.suse/net-marvell-Fix-OF_MDIO-config-check.patch + patches.suse/net-mscc-Fix-OF_MDIO-config-check.patch patches.suse/net-ethtool-Fix-comment-mentioning-typo-in-IS_ENABLE.patch patches.suse/net-qed-fixes-crash-while-running-driver-in-kdump-ke.patch patches.suse/cxgb4-Use-kfree-instead-kvfree-where-appropriate.patch @@ -36097,6 +36124,7 @@ patches.suse/cpufreq-intel_pstate-Add-one-more-OOB-control-bit.patch patches.suse/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch patches.suse/ACPI-sysfs-Fix-pm_profile_attr-type.patch + patches.suse/arm64-perf-Report-the-PC-value-in-REGS_ABI_32-mode.patch patches.suse/clk-sifive-allocate-sufficient-memory-for-struct-__p.patch patches.suse/dm-zoned-fix-uninitialized-pointer-dereference.patch patches.suse/0002-dm-zoned-assign-max_io_len-correctly.patch @@ -36343,6 +36371,7 @@ patches.suse/drm-amdgpu-don-t-do-soft-recovery-if-gpu_recovery-0.patch patches.suse/mmc-meson-gx-limit-segments-to-1-when-dram-access-qu.patch patches.suse/s390-mm-fix-huge-pte-soft-dirty-copying + patches.suse/KVM-arm64-Fix-definition-of-PAGE_HYP_DEVICE.patch patches.suse/drivers-firmware-psci-Fix-memory-leakage-in-alloc_in.patch patches.suse/drivers-firmware-psci-Assign-err-directly-in-hotplug.patch patches.suse/arm64-kgdb-Fix-single-step-exception-handling-oops.patch @@ -36601,6 +36630,9 @@ patches.suse/nvme-explicitly-update-mpath-disk-capacity-on-revali.patch patches.suse/efi-libstub-arm64-Retain-2MB-kernel-Image-alignment-.patch patches.suse/drivers-perf-Fix-kernel-panic-when-rmmod-PMU-modules.patch + patches.suse/arm64-ptrace-Consistently-use-pseudo-singlestep-exceptions.patch + patches.suse/arm64-ptrace-Override-SPSR.SS-when-single-stepping-is-enabled.patch + patches.suse/arm64-compat-Ensure-upper-32-bits-of-x0-are-zero-on-syscall-return.patch patches.suse/arm64-ptrace-Use-NO_SYSCALL-instead-of-1-in-syscall_.patch patches.suse/drivers-perf-prevent-forced-unbinding-of-pmu-drivers.patch patches.suse/ARM-dts-imx6qdl-gw551x-fix-audio-SSI.patch @@ -37324,7 +37356,7 @@ patches.suse/cpuidle-psci-Fix-error-path-via-converting-to-a-plat.patch patches.suse/cpuidle-psci-Convert-PM-domain-to-platform-driver.patch patches.suse/cpuidle-psci-Prevent-domain-idlestates-until-consume.patch - patches.suse/bsc1175543-intel_idle-Customize-IceLake-server-support.patch + patches.suse/intel_idle-Customize-IceLake-server-support.patch patches.suse/powercap-intel_rapl-add-support-for-Sapphire-Rapids.patch patches.suse/powercap-Add-Power-Limit4-support.patch patches.suse/ACPICA-Replace-one-element-array-with-flexible-array.patch @@ -40279,6 +40311,7 @@ patches.suse/mlxsw-spectrum_cnt-Use-flex_array_size-helper-in-mem.patch patches.suse/net-sched-act_pedit-Use-flex_array_size-helper-in-me.patch patches.suse/bnxt_en-Remove-superfluous-memset.patch + patches.suse/net-ll_temac-Use-devm_platform_ioremap_resource_byna.patch patches.suse/mwifiex-Fix-firmware-filename-for-sd8977-chipset.patch patches.suse/mwifiex-Fix-firmware-filename-for-sd8997-chipset.patch patches.suse/btmrvl-Fix-firmware-filename-for-sd8977-chipset.patch @@ -42201,6 +42234,7 @@ patches.suse/net-refactor-bind_bucket-fastreuse-into-helper.patch patches.suse/net-initialize-fastreuse-on-inet_inherit_port.patch patches.suse/sfc-fix-ef100-design-param-checking.patch + patches.suse/net-stmmac-dwmac1000-provide-multicast-filter-fallba.patch patches.suse/net-ethernet-stmmac-Disable-hardware-multicast-filte.patch patches.suse/crypto-algif_aead-fix-uninitialized-ctx-init.patch patches.suse/x86-fsgsbase-64-fix-null-deref-in-86_fsgsbase_read_task.patch @@ -42892,6 +42926,7 @@ patches.suse/0003-dax-fix-detection-of-dax-support-for-non-persistent-.patch patches.suse/kvm-fix-memory-leak-in-kvm_io_bus_unregister_dev patches.suse/kvm-svm-periodically-schedule-when-unregistering-regions-on-destroy.patch + patches.suse/KVM-VMX-Don-t-freeze-guest-when-event-delivery-cause.patch patches.suse/soundwire-bus-fix-typo-in-comment-on-INTSTAT-registe.patch patches.suse/soundwire-fix-double-free-of-dangling-pointer.patch patches.suse/video-fbdev-fix-OOB-read-in-vga_8planes_imageblit.patch @@ -43190,6 +43225,7 @@ patches.suse/spi-fsl-dspi-fix-use-after-free-in-remove-path.patch patches.suse/0001-mm-THP-swap-fix-allocating-cluster-for-swapfile-by-m.patch patches.suse/s390-mm-gup-fix-gup_fast-with-dynamic-page-table-folding.patch + patches.suse/0001-lib-string.c-implement-stpcpy.patch patches.suse/arch-x86-lib-usercopy_64-c-fix-_copy_user_flushcache-cache-writeback.patch patches.suse/0001-mm-replace-memmap_context-by-meminit_context.patch patches.suse/0002-mm-don-t-rely-on-system-state-to-detect-hot-plug-ope.patch @@ -43274,6 +43310,7 @@ patches.suse/net-ethernet-cavium-octeon_mgmt-use-phy_start-and-ph.patch patches.suse/bonding-set-dev-needed_headroom-in-bond_setup_by_sla.patch patches.suse/team-set-dev-needed_headroom-in-team_setup_by_port.patch + patches.suse/net-usb-ax88179_178a-add-Toshiba-usb-3.0-adapter.patch patches.suse/dpaa2-eth-fix-command-version-for-Tx-shaping.patch patches.suse/mdio-fix-mdio-thunder.c-dependency-build-error.patch patches.suse/mlxsw-spectrum_acl-Fix-mlxsw_sp_acl_tcam_group_add-s.patch @@ -43283,6 +43320,7 @@ patches.suse/net-core-introduce-struct-netdev_nested_priv-for-nes.patch patches.suse/net-core-add-nested_level-variable-in-net_device.patch patches.suse/net-usb-ax88179_178a-fix-missing-stop-entry-in-drive.patch + patches.suse/net-usb-ax88179_178a-add-MCT-usb-3.0-adapter.patch patches.suse/ethtool-mark-netlink-family-as-__ro_after_init.patch patches.suse/virtio-net-don-t-disable-guest-csum-when-disable-LRO.patch patches.suse/net-phy-realtek-fix-rtl8211e-rx-tx-delay-config.patch @@ -43317,6 +43355,7 @@ patches.suse/net-mlx5e-Fix-VLAN-cleanup-flow.patch patches.suse/net-mlx5e-Fix-VLAN-create-flow.patch patches.suse/net-mlx5e-Fix-race-condition-on-nhe-n-pointer-in-nei.patch + patches.suse/net-stmmac-Modify-configuration-method-of-EEE-timers.patch patches.suse/net-hinic-fix-DEVLINK-build-errors.patch patches.suse/net-team-fix-memory-leak-in-__team_options_register.patch patches.suse/net-mvneta-fix-double-free-of-txq-buf.patch @@ -43634,6 +43673,7 @@ patches.suse/media-rcar_drif-Allocate-v4l2_async_subdev-dynamical.patch patches.suse/media-rcar-csi2-Allocate-v4l2_async_subdev-dynamical.patch patches.suse/media-mx2_emmaprp-Fix-memleak-in-emmaprp_probe.patch + patches.suse/media-v4l2-mem2mem-always-consider-OUTPUT-queue-duri.patch patches.suse/media-tc358743-initialize-variable.patch patches.suse/media-tc358743-cleanup-tc358743_cec_isr.patch patches.suse/media-media-pci-prevent-memory-leak-in-bttv_probe.patch @@ -43873,6 +43913,7 @@ patches.suse/platform-x86-mlx-platform-Remove-PSU-EEPROM-configur.patch patches.suse/cpufreq-tegra186-Fix-initial-frequency.patch patches.suse/ACPI-processor-Print-more-information-when-acpi_proc.patch + patches.suse/PM-runtime-Remove-link-state-checks-in-rpm_get-put_s.patch patches.suse/PM-runtime-Fix-timer_expires-data-type-on-32-bit-arc.patch patches.suse/PM-hibernate-Batch-hibernate-and-resume-IO-requests.patch patches.suse/PM-hibernate-remove-the-bogus-call-to-get_gendisk-in.patch @@ -44047,9 +44088,15 @@ patches.suse/backlight-sky81452-backlight-Fix-refcount-imbalance-.patch patches.suse/tty-serial-earlycon-dependency.patch patches.suse/tty-ipwireless-fix-error-handling.patch + patches.suse/pty-do-tty_flip_buffer_push-without-port-lock-in-pty.patch patches.suse/tty-serial-imx-fix-link-error-with-config_serial_core_console-n.patch patches.suse/tty-serial-lpuart-fix-lpuart32_write-usage.patch patches.suse/tty-serial-fsl_lpuart-fix-lpuart32_poll_get_char.patch + patches.suse/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys.patch + patches.suse/drivers-core-Use-sysfs_emit-and-sysfs_emit_at-for-sh.patch + patches.suse/drivers-core-Remove-strcat-uses-around-sysfs_emit-an.patch + patches.suse/drivers-core-Miscellaneous-changes-for-sysfs_emit.patch + patches.suse/mm-and-drivers-core-Convert-hugetlb_report_node_memi.patch patches.suse/staging-rtl8192u-Do-not-use-GFP_KERNEL-in-atomic-con.patch patches.suse/staging-emxx_udc-Fix-passing-of-NULL-to-dma_alloc_co.patch patches.suse/staging-rtl8192e-fix-kconfig-dependency-warning-for-.patch @@ -45034,8 +45081,10 @@ patches.suse/can-flexcan-initialize-all-flexcan-memory-for-ECC-fu.patch patches.suse/can-flexcan-add-flexcan-driver-for-i.MX8MP.patch patches.suse/can-flexcan-disable-runtime-PM-if-register-flexcande.patch + patches.suse/bpf-cpumap-Remove-rcpu-pointer-from-cpu_map_build_sk.patch patches.suse/bpf-disallow-attaching-modify_return-tracing-functio.patch patches.suse/selftests-Remove-fmod_ret-from-test_overhead.patch + patches.suse/bpf-Provide-function-to-get-vmlinux-BTF-information.patch patches.suse/xsk-Fix-a-documentation-mistake-in-xsk_queue.h.patch patches.suse/selftests-bpf-Move-and-extend-ASSERT_xxx-testing-mac.patch patches.suse/selftests-bpf-Fix-endianness-issues-in-sk_lookup-ctx.patch @@ -45849,6 +45898,7 @@ patches.suse/ACPI-NFIT-Fix-comparison-to-ENXIO.patch patches.suse/ACPI-button-Drop-no-longer-necessary-Acer-SW5-012-li.patch patches.suse/ACPI-dock-fix-enum-conversion-warning.patch + patches.suse/arm64-dts-marvell-espressobin-Add-ethernet-switch-aliases.patch patches.suse/ARM-mvebu-drop-pointless-check-for-coherency_base.patch patches.suse/KVM-arm64-ARM_SMCCC_ARCH_WORKAROUND_1-doesn-t-return.patch patches.suse/arm64-avoid-Woverride-init-warning.patch @@ -46230,6 +46280,7 @@ patches.suse/bnxt_en-Avoid-unnecessary-NVM_GET_DEV_INFO-cmd-error.patch patches.suse/qed-fix-error-return-code-in-qed_iwarp_ll2_start.patch patches.suse/net-b44-fix-error-return-code-in-b44_init_one.patch + patches.suse/net-ftgmac100-Fix-crash-when-removing-driver.patch patches.suse/enetc-Workaround-for-MDIO-register-access-issue.patch patches.suse/netdevsim-set-.owner-to-THIS_MODULE.patch patches.suse/net-tls-Fix-wrong-record-sn-in-async-mode-of-device-.patch @@ -46248,6 +46299,7 @@ patches.suse/net-mlx4_core-Fix-init_hca-fields-offset.patch patches.suse/can-kvaser_usb-kvaser_usb_hydra-Fix-KCAN-bittiming-l.patch patches.suse/can-flexcan-flexcan_chip_start-fix-erroneous-flexcan.patch + patches.suse/can-m_can-process-interrupt-only-when-not-runtime-su.patch patches.suse/net-smc-fix-matching-of-existing-link-groups patches.suse/net-smc-fix-direct-access-to-ib_gid_addr-ndev-in-smc_ib_determine_gid patches.suse/libbpf-Don-t-attempt-to-load-unused-subprog-as-an-en.patch @@ -46347,6 +46399,8 @@ patches.suse/powerpc-64s-Fix-allnoconfig-build-since-uaccess-flus.patch patches.suse/kvm-s390-pv-mark-mm-as-protected-after-the-set-secure-parameters-and-improve-cleanup patches.suse/kvm-s390-remove-diag318-reset-code + patches.suse/KVM-x86-handle-lapic_in_kernel-case-in-kvm_cpu_-_ext.patch + patches.suse/KVM-x86-Fix-split-irqchip-vs-interrupt-injection-win.patch patches.suse/platform-x86-thinkpad_acpi-Do-not-report-SW_TABLET_M.patch patches.suse/platform-x86-thinkpad_acpi-Add-BAT1-is-primary-batte.patch patches.suse/platform-x86-thinkpad_acpi-Send-tablet-mode-switch-a.patch @@ -46570,6 +46624,7 @@ patches.suse/enetc-Fix-reporting-of-h-w-packet-counters.patch patches.suse/bonding-fix-feature-flag-setting-at-init-time.patch patches.suse/net-stmmac-free-tx-skb-buffer-in-stmmac_resume.patch + patches.suse/net-ll_temac-Fix-potential-NULL-dereference-in-temac.patch patches.suse/Revert-geneve-pull-IP-header-before-ECN-decapsulatio.patch patches.suse/e1000e-fix-S0ix-flow-to-allow-S0i3.2-subset-entry.patch patches.suse/net-flow_offload-Fix-memory-leak-for-indirect-flow-b.patch @@ -46872,6 +46927,13 @@ patches.suse/lan743x-fix-for-potential-NULL-pointer-dereference-w.patch patches.suse/soc-fsl-qbman-Add-an-argument-to-signal-if-NAPI-proc.patch patches.suse/crypto-caam-Replace-in_irq-usage.patch + patches.suse/cxgb4-Fix-the-Wmisleading-indentation-warning.patch + patches.suse/net-evaluate-net.ipvX.conf.all.ignore_routes_with_li.patch + patches.suse/net-evaluate-net.ipv4.conf.all.proxy_arp_pvlan.patch + patches.suse/bpf-Add-in-kernel-split-BTF-support.patch + patches.suse/bpf-Assign-ID-to-vmlinux-BTF-and-return-extra-info-for-BTF.patch + patches.suse/kbuild-Build-kernel-module-BTFs-if-BTF-is-enabled-and-paho.patch + patches.suse/bpf-Load-and-verify-kernel-module-BTFs.patch patches.suse/selftest-bpf-Add-missed-ip6ip6-test-back.patch patches.suse/samples-bpf-Remove-unused-test_ipip.sh.patch patches.suse/tools-bpftool-Fix-build-slowdown.patch @@ -46920,10 +46982,13 @@ patches.suse/net-mlx5-Add-ts_cqe_to_dest_cqn-related-bits.patch patches.suse/net-mlx5-Update-the-list-of-the-PCI-supported-device-dd8595ea.patch patches.suse/bpf-Simplify-task_file_seq_get_next.patch + patches.suse/kbuild-Skip-module-BTF-generation-for-out-of-tree-external.patch + patches.suse/bpf-Sanitize-BTF-data-pointer-after-module-is-loaded.patch patches.suse/samples-bpf-Refactor-hbm-program-with-libbpf.patch patches.suse/samples-bpf-Refactor-test_cgrp2_sock2-program-with-l.patch patches.suse/libbpf-Sanitise-map-names-before-pinning.patch patches.suse/bpf-fix-bpf_put_raw_tracepoint-s-use-of-_module_address.patch + patches.suse/bpf-Keep-module-s-btf_data_size-intact-after-load.patch patches.suse/selftests-bpf-Fix-invalid-use-of-strncat-in-test_soc.patch patches.suse/rsi-Fix-TX-EAPOL-packet-handling-against-iwlwifi-AP.patch patches.suse/rtw88-remove-extraneous-const-qualifier.patch @@ -46968,6 +47033,8 @@ patches.suse/gve-Add-support-for-raw-addressing-to-the-rx-path.patch patches.suse/gve-Rx-Buffer-Recycling.patch patches.suse/gve-Add-support-for-raw-addressing-in-the-tx-path.patch + patches.suse/net-macb-add-function-to-disable-all-macb-clocks.patch + patches.suse/net-macb-unprepare-clocks-in-case-of-failure.patch patches.suse/ibmvnic-fix-rx-buffer-tracking-and-index-management-.patch patches.suse/can-flexcan-convert-the-driver-to-DT-only.patch patches.suse/nl80211-validate-key-indexes-for-cfg80211_registered.patch @@ -47706,6 +47773,7 @@ patches.suse/i40e-xsk-clear-the-status-bits-for-the-next_to_use-d.patch patches.suse/dpaa2-eth-fix-the-size-of-the-mapped-SGT-buffer.patch patches.suse/net-bcmgenet-Fix-a-resource-leak-in-an-error-handlin.patch + patches.suse/net-allwinner-Fix-some-resources-leak-in-the-error-h.patch patches.suse/net-core-introduce-__netdev_notify_peers.patch patches.suse/use-__netdev_notify_peers-in-ibmvnic.patch patches.suse/ethtool-fix-error-paths-in-ethnl_set_channels.patch @@ -47957,6 +48025,7 @@ patches.suse/wil6210-select-CONFIG_CRC32.patch patches.suse/misdn-dsp-select-CONFIG_BITREVERSE.patch patches.suse/wan-ds26522-select-CONFIG_BITREVERSE.patch + patches.suse/net-sonic-Fix-some-resource-leaks-in-error-handling-.patch patches.suse/net-vlan-avoid-leaks-on-register_vlan_dev-failures.patch patches.suse/net-stmmac-dwmac-sun8i-Fix-probe-error-handling.patch patches.suse/net-stmmac-dwmac-sun8i-Balance-internal-PHY-resource.patch @@ -47974,10 +48043,12 @@ patches.suse/chtls-Replace-skb_dequeue-with-skb_peek.patch patches.suse/chtls-Added-a-check-to-avoid-NULL-pointer-dereferenc.patch patches.suse/chtls-Fix-chtls-resources-release-sequence.patch + patches.suse/octeontx2-af-fix-memory-leak-of-lmac-and-lmac-name.patch patches.suse/nexthop-Bounce-NHA_GATEWAY-in-FDB-nexthop-groups.patch patches.suse/s390-qeth-fix-deadlock-during-recovery patches.suse/s390-qeth-fix-locking-for-discipline-setup-removal patches.suse/s390-qeth-fix-l2-header-access-in-qeth_l3_osa_features_check + patches.suse/net-dsa-lantiq_gswip-Exclude-RMII-from-modes-that-re.patch patches.suse/net-mlx5e-Add-missing-capability-check-for-uplink-fo.patch patches.suse/net-mlx5-Use-port_num-1-instead-of-0-when-delete-a-R.patch patches.suse/net-mlx5-E-Switch-fix-changing-vf-VLANID.patch @@ -48143,8 +48214,10 @@ patches.suse/0016-dm-zoned-select-CONFIG_CRC32.patch patches.suse/0003-dm-crypt-do-not-wait-for-backlogged-crypto-request-c.patch patches.suse/0004-dm-crypt-use-GFP_ATOMIC-when-allocating-crypto-reque.patch + patches.suse/0002-dm-snapshot-flush-merged-data-before-committing-meta.patch patches.suse/0017-dm-eliminate-potential-source-of-excessive-kernel-lo.patch patches.suse/0005-dm-crypt-do-not-call-bio_endio-from-the-dm-crypt-tas.patch + patches.suse/0003-dm-integrity-fix-the-maximum-number-of-arguments.patch patches.suse/0006-dm-crypt-defer-decryption-to-a-tasklet-if-interrupts.patch patches.suse/nvmet-rdma-Fix-NULL-deref-when-setting-pi_enable-and.patch patches.suse/nvme-tcp-Fix-warning-with-CONFIG_DEBUG_PREEMPT.patch @@ -48167,6 +48240,7 @@ patches.suse/mac80211-check-if-atf-has-been-disabled-in-__ieee802.patch patches.suse/net-core-devlink-use-right-genl-user_ptr-when-handli.patch patches.suse/selftests-net-fib_tests-remove-duplicate-log-test.patch + patches.suse/net-dsa-b53-fix-an-off-by-one-in-checking-vlan-vid.patch patches.suse/bpf-Fix-helper-bpf_map_peek_elem_proto-pointing-to-w.patch patches.suse/bpf-Fix-signed_-sub-add32-_overflows-type-handling.patch patches.suse/can-dev-can_restart-fix-use-after-free-bug.patch @@ -48207,6 +48281,8 @@ patches.suse/mmc-sdhci-of-dwcmshc-fix-rpmb-access.patch patches.suse/mmc-sdhci-xenon-fix-1.8v-regulator-stabilization.patch patches.suse/mmc-core-don-t-initialize-block-size-from-ext_csd-if.patch + patches.suse/0004-dm-integrity-fix-a-crash-if-recalculate-used-without.patch + patches.suse/0005-dm-integrity-conditionally-disable-recalculate-featu.patch patches.suse/0007-dm-crypt-fix-copy-and-paste-bug-in-crypt_alloc_req_a.patch patches.suse/dm-avoid-filesystem-lookup-in-dm_get_dev_t.patch patches.suse/scsi-megaraid_sas-Fix-MEGASAS_IOC_FIRMWARE-regression @@ -48240,6 +48316,8 @@ patches.suse/iio-ad5504-Fix-setting-power-down-state.patch patches.suse/phy-cpcap-usb-Fix-warning-for-missing-regulator_disa.patch patches.suse/intel_th-pci-Add-Alder-Lake-P-support.patch + patches.suse/mm-fix-page-reference-leak-in-soft_offline_page.patch + patches.suse/0006-md-Set-prev_flush_start-and-flush_bio-in-an-atomic-w.patch patches.suse/0001-nvme-rdma-avoid-request-double-completion-for-concur.patch patches.suse/0001-nvme-tcp-avoid-request-double-completion-for-concurr.patch patches.suse/nvme-pci-refactor-nvme_unmap_data.patch @@ -48291,6 +48369,7 @@ patches.suse/0007-futex-Handle-faults-correctly-for-PI-futexes.patch patches.suse/net-usb-qmi_wwan-added-support-for-Thales-Cinterion-.patch patches.suse/net-fec-put-child-node-on-error-path.patch + patches.suse/net-dsa-bcm_sf2-put-device-node-before-return.patch patches.suse/NFC-fix-possible-resource-leak.patch patches.suse/NFC-fix-resource-leak-when-target-index-is-invalid.patch patches.suse/uapi-fix-big-endian-definition-of-ipv6_rpl_sr_hdr.patch @@ -48450,6 +48529,7 @@ patches.suse/firmware_loader-align-.builtin_fw-to-8.patch patches.suse/NET-usb-qmi_wwan-Adding-support-for-Cinterion-MV31.patch patches.suse/netback-avoid-race-in-xenvif_rx_ring_slots_avail.patch + patches.suse/net-hdlc_x25-Return-meaningful-error-code-in-x25_ope.patch patches.suse/msft-hv-2219-hv_netvsc-Reset-the-RSC-count-if-NVSP_STAT_FAIL-in-n.patch patches.suse/net-enetc-initialize-the-RFS-and-RSS-memories.patch patches.suse/net-gro-do-not-keep-too-many-GRO-packets-in-napi-rx_.patch @@ -48491,6 +48571,7 @@ patches.suse/cgroup-fix-psi-monitor-for-root-cgroup.patch patches.suse/clk-sunxi-ng-mp-fix-parent-rate-change-flag-check.patch patches.suse/x86-pci-Create-PCI-MSI-irqdomain-after-x86_init.pci..patch + patches.suse/macvlan-remove-redundant-null-check-on-data.patch patches.suse/dt-bindings-can-fsl-flexcan-add-fsl-scu-index-proper.patch patches.suse/ibmvnic-merge-do_change_param_reset-into-do_reset.patch patches.suse/bus-fsl-mc-return-EPROBE_DEFER-when-a-device-is-not-.patch @@ -48502,6 +48583,7 @@ patches.suse/bpf-Avoid-warning-when-re-casting-__bpf_call_base-in.patch patches.suse/bpf-Declare-__bpf_free_used_maps-unconditionally.patch patches.suse/net-ethernet-ibm-ibmvnic-Fix-some-kernel-doc-misdeme.patch + patches.suse/msft-hv-2235-hv_netvsc-Add-more-validation-for-untrusted-Hyper-V-.patch patches.suse/net-netdevice-Add-operation-ndo_sk_get_lower_dev.patch patches.suse/net-bonding-Take-IP-hash-logic-into-a-helper.patch patches.suse/net-bonding-Implement-ndo_sk_get_lower_dev.patch @@ -48510,10 +48592,12 @@ patches.suse/net-bonding-Declare-TLS-RX-device-offload-support.patch patches.suse/net-tls-Device-offload-to-use-lowest-netdevice-in-ch.patch patches.suse/net-tls-Except-bond-interface-from-some-TLS-checks.patch + patches.suse/msft-hv-2238-hv_netvsc-Copy-packets-sent-by-Hyper-V-out-of-the-re.patch patches.suse/vmxnet3-Remove-buf_info-from-device-accessible-struc.patch patches.suse/ibmvnic-rework-to-ensure-SCRQ-entry-reads-are-proper.patch patches.suse/ibmvnic-remove-unnecessary-rmb-inside-ibmvnic_poll.patch patches.suse/r8169-Add-support-for-another-RTL8168FP.patch + patches.suse/igb-Enable-RSS-for-Intel-I211-Ethernet-Controller.patch patches.suse/ath10k-Fix-error-handling-in-case-of-CE-pipe-init-fa.patch patches.suse/ath-Use-safer-key-clearing-with-key-cache-entries.patch patches.suse/ath9k-Clear-key-cache-explicitly-on-disabling-hardwa.patch @@ -48551,6 +48635,7 @@ patches.suse/Bluetooth-Fix-null-pointer-dereference-in-amp_read_l.patch patches.suse/Bluetooth-btusb-Fix-memory-leak-in-btusb_mtk_wmt_rec.patch patches.suse/Bluetooth-btusb-Some-Qualcomm-Bluetooth-adapters-sto.patch + patches.suse/net-mvpp2-fix-interrupt-mask-unmask-skip-condition.patch patches.suse/ath10k-fix-wmi-mgmt-tx-queue-full-due-to-race-condit.patch patches.suse/rtw88-coex-8821c-correct-antenna-switch-function.patch patches.suse/brcmfmac-Add-DMI-nvram-filename-quirk-for-Predia-Bas.patch @@ -48572,6 +48657,8 @@ patches.suse/mac80211-fix-potential-overflow-when-multiplying-to-.patch patches.suse/ibmvnic-simplify-reset_long_term_buff-function.patch patches.suse/ibmvnic-substitute-mb-with-dma_wmb-for-send_-crq-fun.patch + patches.suse/net-xdp-Introduce-__xdp_build_skb_from_frame-utility.patch + patches.suse/net-xdp-Introduce-xdp_build_skb_from_frame-utility-r.patch patches.suse/bpf-x64-Pad-NOPs-to-make-images-converge-more-easily.patch patches.suse/bpf_lru_list-Read-double-checked-variable-once-witho.patch patches.suse/libbpf-Ignore-non-function-pointer-member-in-struct_.patch @@ -48579,6 +48666,7 @@ patches.suse/bpf-devmap-Use-GFP_KERNEL-for-xdp-bulk-queue-allocat.patch patches.suse/bpf-Remove-MTU-check-in-__bpf_skb_max_len.patch patches.suse/bpf-Clear-subreg_def-for-global-function-return-valu.patch + patches.suse/net-mvneta-Remove-per-cpu-queue-mapping-for-Armada-3.patch patches.suse/ibmvnic-Set-to-CLOSED-state-even-on-error.patch patches.suse/bnxt_en-reverse-order-of-TX-disable-and-carrier-off.patch patches.suse/bnxt_en-Fix-devlink-info-s-stored-fw.psid-version-fo.patch @@ -48599,6 +48687,7 @@ patches.suse/bpf-Fix-truncation-handling-for-mod32-dst-reg-wrt-ze.patch patches.suse/appletalk-Fix-skb-allocation-size-in-loopback-case.patch patches.suse/ibmvnic-change-IBMVNIC_MAX_IND_DESCS-to-16.patch + patches.suse/net-axienet-Handle-deferred-probe-on-clock-properly.patch patches.suse/cxgb4-chtls-cxgbit-Keeping-the-max-ofld-immediate-da.patch patches.suse/b43-N-PHY-Fix-the-update-of-coef-for-the-PHY-revisio.patch patches.suse/net-wan-lmc-unregister-device-when-no-matching-devic.patch @@ -48606,6 +48695,10 @@ patches.suse/ibmvnic-add-memory-barrier-to-protect-long-term-buff.patch patches.suse/ibmvnic-skip-send_request_unmap-for-timeout-reset.patch patches.suse/ibmvnic-serialize-access-to-work-queue-on-remove.patch + patches.suse/net-amd-xgbe-Reset-the-PHY-rx-data-path-when-mailbox.patch + patches.suse/net-amd-xgbe-Fix-NETDEV-WATCHDOG-transmit-queue-time.patch + patches.suse/net-amd-xgbe-Reset-link-when-the-link-never-comes-ba.patch + patches.suse/net-amd-xgbe-Fix-network-fluctuations-when-using-1G-.patch patches.suse/net-re-solve-some-conflicts-after-net-net-next-merge.patch patches.suse/ARM-dts-Configure-missing-thermal-interrupt-for-4430.patch patches.suse/ARM-dts-armada388-helios4-assign-pinctrl-to-LEDs.patch @@ -48623,6 +48716,7 @@ patches.suse/soc-aspeed-snoop-Add-clock-control-logic.patch patches.suse/edac-amd64-do-not-load-on-family-0x15-model-0x13.patch patches.suse/vt-consolemap-do-font-sum-unsigned.patch + patches.suse/vt-drop-old-FONT-ioctls.patch patches.suse/usb-gadget-u_audio-Free-requests-only-after-callback.patch patches.suse/usb-dwc2-Do-not-update-data-length-if-it-is-0-on-inb.patch patches.suse/usb-dwc2-Abort-transaction-after-errors-with-unknown.patch @@ -48726,6 +48820,7 @@ patches.suse/0007-xen-netback-don-t-handle-error-by-BUG.patch patches.suse/0008-xen-scsiback-don-t-handle-error-by-BUG.patch patches.suse/0009-xen-blkback-fix-error-handling-in-xen_blkbk_map.patch + patches.suse/arm64-Extend-workaround-for-erratum-1024718-to-all-versions-of-Cortex-A55.patch patches.suse/msft-hv-2226-Drivers-hv-vmbus-Avoid-use-after-free-in-vmbus_onoff.patch patches.suse/kvm-do-not-assume-pte-is-writable-after-follow_pfn.patch patches.suse/x86-reboot-force-all-cpus-to-exit-vmx-root-if-vmx-is-supported.patch @@ -48764,6 +48859,7 @@ patches.suse/media-zr364xx-fix-memory-leaks-in-probe.patch patches.suse/media-uvcvideo-Accept-invalid-bFormatIndex-and-bFram.patch patches.suse/media-uvcvideo-Allow-entities-with-no-pads.patch + patches.suse/media-smipcie-fix-interrupt-handling-and-IR-timeout.patch patches.suse/ALSA-hda-realtek-modify-EAPD-in-the-ALC886.patch patches.suse/ALSA-hda-hdmi-Drop-bogus-check-at-closing-a-stream.patch patches.suse/ALSA-hda-Add-another-CometLake-H-PCI-ID.patch @@ -49159,6 +49255,8 @@ patches.suse/PCI-rockchip-Make-ep-gpios-DT-property-optional.patch patches.suse/PCI-xgene-msi-Fix-race-in-installing-chained-irq-han.patch patches.suse/ext4-fix-potential-htree-index-checksum-corruption.patch + patches.suse/net-ag71xx-remove-unnecessary-MTU-reservation.patch + patches.suse/net-stmmac-fix-CBS-idleslope-and-sendslope-calculati.patch patches.suse/net-mlx4_core-Add-missed-mlx4_free_cmd_mailbox.patch patches.suse/i40e-Fix-flow-for-IPv6-next-header-extension-header.patch patches.suse/i40e-Add-zero-initialization-of-AQ-command-structure.patch @@ -49195,6 +49293,8 @@ patches.suse/0027-mm-rmap-fix-potential-pte_unmap-on-an-not-mapped-pte.patch patches.suse/x86-fix-seq_file-iteration-for-pat-memtype.c.patch patches.suse/arm64-kexec_file-fix-memory-leakage-in-create_dtb-wh.patch + patches.suse/arm64-module-set-plt-section-addresses-to-0x0.patch + patches.suse/arm64-uprobe-Return-EOPNOTSUPP-for-AARCH32-instruction-probing.patch patches.suse/arm64-Add-missing-ISB-after-invalidating-TLB-in-__pr.patch patches.suse/arm64-ptrace-Fix-seccomp-of-traced-syscall-1-NO_SYSC.patch patches.suse/driver-core-add-a-min_align_mask-field-to-struct-device_dma_parameters @@ -49278,6 +49378,8 @@ patches.suse/rsxx-Return-EFAULT-if-copy_to_user-fails.patch patches.suse/nvme-hwmon-Return-error-code-when-registration-fails.patch patches.suse/nvme-fabrics-fix-kato-initialization.patch + patches.suse/0007-dm-bufio-subtract-the-number-of-initial-sectors-in-d.patch + patches.suse/0008-dm-verity-fix-FEC-for-RS-roots-unaligned-to-block-si.patch patches.suse/RDMA-cm-Fix-IRQ-restore-in-ib_send_cm_sidr_rep.patch patches.suse/RDMA-rxe-Fix-missing-kconfig-dependency-on-CRYPTO.patch patches.suse/IB-mlx5-Add-missing-error-code.patch @@ -49292,18 +49394,25 @@ patches.suse/selftests-bpf-No-need-to-drop-the-packet-when-there-.patch patches.suse/ath9k-fix-transmitting-to-stations-in-dynamic-SMPS-m.patch patches.suse/mt76-dma-do-not-report-truncated-frames-to-mac80211.patch + patches.suse/net-stmmac-stop-each-tx-channel-independently.patch + patches.suse/net-stmmac-fix-watchdog-timeout-during-suspend-resum.patch patches.suse/bnxt_en-reliably-allocate-IRQ-table-on-reset-to-avoi.patch + patches.suse/net-hns3-fix-error-mask-definition-of-flow-director.patch patches.suse/net-hns3-fix-query-vlan-mask-value-error-for-flow-di.patch patches.suse/net-hns3-fix-bug-when-calculating-the-TCAM-table-inf.patch patches.suse/net-phy-fix-save-wrong-speed-and-duplex-problem-if-a.patch patches.suse/net-enetc-take-the-MDIO-lock-only-once-per-NAPI-poll.patch + patches.suse/net-enetc-fix-incorrect-TPID-when-receiving-802.1ad-.patch patches.suse/net-enetc-don-t-disable-VLAN-filtering-in-IFF_PROMIS.patch patches.suse/net-enetc-remove-bogus-write-to-SIRXIDR-from-enetc_s.patch + patches.suse/net-enetc-keep-RX-ring-consumer-index-in-sync-with-h.patch patches.suse/can-flexcan-assert-FRZ-bit-in-flexcan_chip_freeze.patch patches.suse/can-flexcan-enable-RX-FIFO-after-FRZ-HALT-valid.patch patches.suse/can-flexcan-invoke-flexcan_chip_freeze-to-enter-free.patch patches.suse/can-skb-can_skb_set_owner-fix-ref-counting-if-socket.patch + patches.suse/msft-hv-2288-hv_netvsc-Fix-validation-in-netvsc_linkstatus_callba.patch patches.suse/ibmvnic-Fix-possibly-uninitialized-old_num_tx_queues.patch + patches.suse/net-stmmac-fix-incorrect-DMA-channel-intr-enable-set.patch patches.suse/Revert-r8152-adjust-the-settings-about-MAC-clock-spe.patch patches.suse/ixgbe-fail-to-create-xfrm-offload-of-IPsec-tunnel-mo.patch patches.suse/net-usb-qmi_wwan-allow-qmimux-add-del-with-master-up.patch @@ -49321,6 +49430,7 @@ patches.suse/0001-netfilter-conntrack-avoid-misleading-invalid-in-log-.patch patches.suse/net-enetc-allow-hardware-timestamping-on-TX-queues-w.patch patches.suse/net-bonding-fix-error-return-code-of-bond_neigh_init.patch + patches.suse/net-lapbether-Remove-netif_start_queue-netif_stop_qu.patch patches.suse/s390-qeth-fix-memory-leak-after-failed-tx-buffer-allocation.patch patches.suse/s390-qeth-improve-completion-of-pending-tx-buffers.patch patches.suse/s390-qeth-schedule-tx-napi-on-qaob-completion.patch @@ -49451,6 +49561,7 @@ patches.suse/x86-sev-es-check-regs-sp-is-trusted-before-adjusting-vc-ist-stack patches.suse/x86-sev-es-use-_copy_from_user_inatomic patches.suse/seqlock-lockdep-Fix-seqcount_latch_init.patch + patches.suse/sched-membarrier-fix-missing-local-execution-of-ipi_sync_rq_state.patch patches.suse/hrtimer-Update-softirq_expires_next-correctly-after-.patch patches.suse/svcrdma-disable-timeouts-on-rdma-backchannel.patch patches.suse/NFSD-Repair-misuse-of-sv_lock-in-5.10.16-rt30.patch @@ -49560,8 +49671,10 @@ patches.suse/bpf-Don-t-do-bpf_cgroup_storage_set-for-kuprobe-tp-p.patch patches.suse/macvlan-macvlan_count_rx-needs-to-be-aware-of-preemp.patch patches.suse/net-mlx5e-RX-Mind-the-MPWQE-gaps-when-calculating-of.patch + patches.suse/net-mlx5e-When-changing-XDP-program-without-reset-ta.patch patches.suse/net-mlx5e-Don-t-match-on-Geneve-options-in-case-opti.patch patches.suse/net-mlx5e-E-switch-Fix-rate-calculation-division.patch + patches.suse/net-dsa-bcm_sf2-Qualify-phydev-dev_flags-based-on-po.patch patches.suse/igc-reinit_locked-should-be-called-with-rtnl_lock.patch patches.suse/igc-Fix-Pause-Frame-Advertising.patch patches.suse/igc-Fix-Supported-Pause-Frame-Link-Setting.patch @@ -49571,6 +49684,7 @@ patches.suse/net-qlcnic-Fix-a-use-after-free-in-qlcnic_83xx_get_m.patch patches.suse/mISDN-fix-crash-in-fritzpci.patch patches.suse/Revert-net-bonding-fix-error-return-code-of-bond_nei.patch + patches.suse/ftgmac100-Restart-MAC-HW-once.patch patches.suse/igb-avoid-premature-Rx-buffer-reuse.patch patches.suse/net-qrtr-fix-a-kernel-infoleak-in-qrtr_recvmsg.patch patches.suse/flow_dissector-fix-byteorder-of-dissected-ICMP-ID.patch @@ -49595,6 +49709,7 @@ patches.suse/libbpf-Fix-error-path-in-bpf_object__elf_init.patch patches.suse/libbpf-Use-SOCK_CLOEXEC-when-opening-the-netlink-soc.patch patches.suse/netsec-restore-phy-power-state-after-controller-rese.patch + patches.suse/octeontx2-af-fix-infinite-loop-in-unmapping-NPC-coun.patch patches.suse/net-make-__dev_alloc_name-consider-all-name-nodes-wh.patch patches.suse/netfilter-x_tables-use-correct-memory-barriers.patch patches.suse/netfilter-nftables-report-EOPNOTSUPP-on-unsupported-.patch @@ -49602,6 +49717,7 @@ patches.suse/netfilter-flowtable-Make-sure-GC-works-periodically-.patch patches.suse/net-cdc-phonet-fix-data-interface-release-on-probe-f.patch patches.suse/r8152-limit-the-RX-buffer-size-of-RTL8153A-for-USB-2.patch + patches.suse/net-stmmac-dwmac-sun8i-Provide-TX-and-RX-fifo-sizes.patch patches.suse/e1000e-Fix-duplicate-include-guard.patch patches.suse/igb-Fix-duplicate-include-guard.patch patches.suse/igb-check-timestamp-validity.patch @@ -49726,6 +49842,8 @@ patches.suse/gpu-xen-Fix-a-use-after-free-in-xen_drm_drv_init.patch patches.suse/drm-vc4-crtc-Reduce-PV-fifo-threshold-on-hvs4.patch patches.suse/drm-i915-Fix-invalid-access-to-ACPI-_DSM-objects.patch + patches.suse/net-dsa-lantiq_gswip-Let-GSWIP-automatically-set-the.patch + patches.suse/amd-xgbe-Update-DMA-coherency-values.patch patches.suse/nfc-fix-refcount-leak-in-llcp_sock_bind.patch patches.suse/nfc-fix-refcount-leak-in-llcp_sock_connect.patch patches.suse/nfc-fix-memory-leak-in-llcp_sock_connect.patch @@ -49752,6 +49870,8 @@ patches.suse/xfrm-Provide-private-skb-extensions-for-segmented-an.patch patches.suse/net-mlx5e-Fix-ethtool-indication-of-connector-type.patch patches.suse/net-mlx5-Don-t-request-more-than-supported-EQs.patch + patches.suse/drivers-net-fix-memory-leak-in-atusb_probe.patch + patches.suse/drivers-net-fix-memory-leak-in-peak_usb_create_dev.patch patches.suse/i40e-Fix-display-statistics-for-veb_tc.patch patches.suse/libbpf-Fix-bail-out-from-ringbuf_process_ring-on-err.patch patches.suse/bpf-Enforce-that-struct_ops-programs-be-GPL-only.patch @@ -49759,12 +49879,14 @@ patches.suse/bpf-link-Refuse-non-O_RDWR-flags-in-BPF_OBJ_GET.patch patches.suse/libbpf-Only-create-rx-and-tx-XDP-rings-when-necessar.patch patches.suse/net-cls_api-Fix-uninitialised-struct-field-bo-unlock.patch + patches.suse/net-macb-restore-cmp-registers-on-resume-path.patch patches.suse/net-hns3-Remove-the-left-over-redundant-check-assign.patch patches.suse/net-hns3-Remove-un-necessary-else-if-in-the-hclge_re.patch patches.suse/batman-adv-initialize-struct-batadv_tvlv_tt_vlan_dat.patch patches.suse/pcnet32-Use-pci_resource_len-to-validate-PCI-resourc.patch patches.suse/net-hns3-clear-VF-down-state-bit-before-request-link.patch patches.suse/ethtool-fix-incorrect-datatype-in-set_eee-ops.patch + patches.suse/net-tun-set-tun-dev-addr_len-during-TUNSETLINK-proce.patch patches.suse/net-mlx5-Fix-placement-of-log_max_flow_counter.patch patches.suse/net-mlx5-Fix-PPLM-register-mapping.patch patches.suse/net-mlx5-Fix-PBMC-register-mapping.patch @@ -49807,6 +49929,7 @@ patches.suse/dmaengine-Fix-a-double-free-in-dma_async_device_regi.patch patches.suse/dmaengine-idxd-clear-MSIX-permission-entry-on-shutdo.patch patches.suse/dmaengine-idxd-fix-wq-cleanup-of-WQCFG-registers.patch + patches.suse/arm64-fix-inline-asm-in-load_unaligned_zeropad.patch patches.suse/s390-entry-save-the-caller-of-psw_idle.patch patches.suse/Input-s6sy761-fix-coordinate-read-bit-shift.patch patches.suse/Input-i8042-fix-Pegatron-C15B-ID-entry.patch @@ -49880,6 +50003,7 @@ patches.suse/x86-platform-uv-Add-more-to-secondary-CPU-kdump-info.patch patches.suse/genirq-Reduce-irqdebug-cacheline-bouncing.patch patches.suse/posix-timers-Preserve-return-value-in-clock_adjtime3.patch + patches.suse/arm64-vdso-Avoid-ISB-after-reading-from-cntvct_el0.patch patches.suse/xen-blkback-fix-compatibility-bug-with-single-page-r.patch patches.suse/msft-hv-2269-drivers-hv-Fix-whitespace-errors.patch patches.suse/msft-hv-2305-Drivers-hv-vmbus-Use-after-free-in-__vmbus_open.patch @@ -49945,6 +50069,7 @@ patches.suse/fotg210-udc-Mask-GRP2-interrupts-we-don-t-handle.patch patches.suse/fotg210-udc-Don-t-DMA-more-than-the-buffer-can-take.patch patches.suse/fotg210-udc-Complete-OUT-requests-on-short-packets.patch + patches.suse/usb-dwc3-add-cancelled-reasons-for-dwc3-requests.patch patches.suse/usb-gadget-aspeed-fix-dma-map-failure.patch patches.suse/USB-gadget-udc-fix-wrong-pointer-passed-to-IS_ERR-an.patch patches.suse/xhci-check-control-context-is-valid-before-dereferen.patch @@ -50210,6 +50335,7 @@ patches.suse/nvme-fc-check-sgl-supported-by-target.patch patches.suse/nvme-remove-superfluous-else-in-nvme_ctrl_loss_tmo_s.patch patches.suse/nvme-retrigger-ANA-log-update-if-group-descriptor-is.patch + patches.suse/block-drbd-drbd_nl-Make-conversion-to-enum-drbd_ret_code-explicit.patch patches.suse/0002-md-md_open-returns-EBUSY-when-entering-racing-area.patch patches.suse/0003-md-factor-out-a-mddev_find_locked-helper-from-mddev_.patch patches.suse/0004-md-split-mddev_find.patch @@ -50221,6 +50347,7 @@ patches.suse/0009-bcache-Use-64-bit-arithmetic-instead-of-32-bit.patch patches.suse/0010-bcache-fix-a-regression-of-code-compiling-failure-in.patch patches.suse/nvme-let-namespace-probing-continue-for-unsupported-.patch + patches.suse/0009-md-bitmap-wait-for-external-bitmap-writes-to-complet.patch patches.suse/nvme-sanitize-KATO-setting.patch patches.suse/nvme-add-kato-sysfs-attribute.patch patches.suse/0005-md-cluster-fix-use-after-free-issue-when-removing-rd.patch @@ -50383,6 +50510,8 @@ patches.suse/exfat-fix-erroneous-discard-when-clear-cluster-bit.patch patches.suse/netdevice-Add-missing-IFF_PHONY_HEADROOM-self-defini.patch patches.suse/xsk-Respect-device-s-headroom-and-tailroom-on-generi.patch + patches.suse/FDDI-defxx-Bail-out-gracefully-with-unassigned-PCI-r.patch + patches.suse/FDDI-defxx-Make-MMIO-the-configuration-default-excep.patch patches.suse/ionic-move-rx_page_alloc-and-free.patch patches.suse/ionic-implement-Rx-page-reuse.patch patches.suse/ionic-optimize-fastpath-struct-usage.patch @@ -50393,6 +50522,7 @@ patches.suse/ionic-generic-tx-skb-mapping.patch patches.suse/ionic-simplify-tx-clean.patch patches.suse/ionic-aggregate-Tx-byte-counting-calls.patch + patches.suse/net-lapbether-Prevent-racing-when-checking-whether-t.patch patches.suse/ionic-code-cleanup-details.patch patches.suse/ionic-simplify-the-intr_index-use-in-txq_init.patch patches.suse/ionic-fix-unchecked-reference.patch @@ -50664,7 +50794,10 @@ patches.suse/KVM-s390-VSIE-correctly-handle-MVPG-when-in-VSIE.patch patches.suse/KVM-s390-fix-guarded-storage-control-register-handli.patch patches.suse/kvm-nvmx-truncate-bits-63-32-of-vmcs-field-on-nested.patch + patches.suse/0010-dm-persistent-data-packed-struct-should-have-an-alig.patch + patches.suse/0011-dm-space-map-common-fix-division-bug-in-sm_ll_find_f.patch patches.suse/0004-dm-integrity-fix-missing-goto-in-bitmap_flush_interv.patch + patches.suse/0012-dm-raid-fix-inconclusive-reshape-layout-on-fast-raid.patch patches.suse/0005-dm-rq-fix-double-free-of-blk_mq_tag_set-in-dev-remov.patch patches.suse/0007-dm-raid-remove-unnecessary-discard-limits-for-raid0-.patch patches.suse/tracing-map-all-pids-to-command-lines.patch @@ -50909,6 +51042,7 @@ patches.suse/RDMA-core-Don-t-access-cm_id-after-its-destruction.patch patches.suse/RDMA-mlx5-Fix-query-DCT-via-DEVX.patch patches.suse/RDMA-uverbs-Fix-a-NULL-vs-IS_ERR-bug.patch + patches.suse/0013-dm-snapshot-fix-crash-with-transient-storage-and-zer.patch patches.suse/scsi-qedf-Add-pointer-checks-in-qedf_update_link_speed patches.suse/scsi-qla2xxx-Fix-error-return-code-in-qla82xx_write_.patch patches.suse/firmware-arm_scpi-Prevent-the-ternary-sign-expansion.patch @@ -51006,6 +51140,7 @@ patches.suse/iommu-vt-d-check-for-allocation-failure-in-aux_detach_device patches.suse/iommu-vt-d-use-user-privilege-for-rid2pasid-translation patches.suse/iommu-vt-d-fix-sysfs-leak-in-alloc_iommu + patches.suse/0014-dm-snapshot-properly-fix-a-crash-when-an-origin-has-.patch patches.suse/ALSA-usb-audio-fix-control-request-direction.patch patches.suse/ALSA-usb-audio-scarlett2-Fix-device-hang-with-ehci-p.patch patches.suse/ALSA-usb-audio-scarlett2-Improve-driver-startup-mess.patch @@ -51584,6 +51719,7 @@ patches.suse/mt76-mt7915-fix-IEEE80211_HE_PHY_CAP7_MAX_NC-for-sta.patch patches.suse/rtl8xxxu-Fix-device-info-for-RTL8192EU-devices.patch patches.suse/rtw88-8822c-fix-lc-calibration-timing.patch + patches.suse/mt7601u-add-USB-device-ID-for-some-versions-of-XiaoD.patch patches.suse/iwlwifi-mvm-don-t-change-band-on-bound-PHY-contexts.patch patches.suse/iwlwifi-increase-PNVM-load-timeout.patch patches.suse/iwlwifi-mvm-fix-error-print-when-session-protection-.patch @@ -51649,6 +51785,7 @@ patches.suse/sctp-add-param-size-validation-for-SCTP_PARAM_SET_PR.patch patches.suse/dm-writecache-flush-origin-device-when-writing-and-c.patch patches.suse/dm-writecache-add-cleaner-and-max_age-to-Documentati.patch + patches.suse/0015-dm-btree-remove-assign-new_root-only-when-removal-su.patch patches.suse/ext4-fix-kernel-infoleak-via-ext4_extent_header.patch patches.suse/ext4-cleanup-in-core-orphan-list-if-ext4_truncate-fa.patch patches.suse/ext4-return-error-code-when-ext4_fill_flex_info-fail.patch @@ -52355,6 +52492,7 @@ patches.suse/spi-imx-mx51-ecspi-Fix-low-speed-CONFIGREG-delay-cal.patch patches.suse/spi-imx-mx51-ecspi-Fix-CONFIGREG-delay-comment.patch patches.suse/spi-mediatek-Fix-fifo-transfer.patch + patches.suse/arm64-fix-compat-syscall-return-truncation.patch patches.suse/arm64-dts-ls1028a-fix-node-name-for-the-sysclk.patch patches.suse/ARM-imx-add-missing-iounmap.patch patches.suse/ARM-imx-add-missing-clk_disable_unprepare.patch @@ -52527,6 +52665,7 @@ patches.suse/regmap-fix-the-offset-of-register-error-log.patch patches.suse/regulator-vctrl-Use-locked-regulator_get_voltage-in-.patch patches.suse/regulator-vctrl-Avoid-lockdep-warning-in-enable-disa.patch + patches.suse/spi-linux-spi-spi.h-add-missing-struct-kernel-doc-en.patch patches.suse/spi-spi-fsl-dspi-Fix-issue-with-uninitialized-dma_sl.patch patches.suse/spi-spi-pic32-Fix-issue-with-uninitialized-dma_slave.patch patches.suse/spi-sprd-Fix-the-wrong-WDG_LOAD_VAL.patch @@ -52559,6 +52698,8 @@ patches.suse/x86-reboot-limit-dell-optiplex-990-quirk-to-early-bios-versions.patch patches.suse/block-bfq-fix-bfq_set_next_ioprio_data.patch patches.suse/bio-fix-page-leak-bio_add_hw_page-failure.patch + patches.suse/0016-blk-zoned-allow-zone-management-send-operations-with.patch + patches.suse/0017-blk-zoned-allow-BLKREPORTZONE-without-CAP_SYS_ADMIN.patch patches.suse/params-lift-param_set_uint_minmax-to-common-code.patch patches.suse/nvme-pci-limit-maximum-queue-depth-to-4095.patch patches.suse/nvme-tcp-don-t-check-blk_mq_tag_to_rq-when-receiving.patch @@ -52609,6 +52750,7 @@ patches.suse/hwmon-k10temp-rework-the-temperature-offset-calculation.patch patches.suse/hwmon-k10temp-add-support-for-yellow-carp.patch patches.suse/leds-trigger-audio-Add-an-activate-callback-to-ensur.patch + patches.suse/0018-dm-crypt-Avoid-percpu_counter-spinlock-contention-in.patch patches.suse/cgroup-cpuset-Fix-a-partition-bug-with-hotplug.patch patches.suse/bpf-Fix-a-typo-of-reuseport-map-in-bpf.h.patch patches.suse/gve-fix-the-wrong-AdminQ-buffer-overflow-check.patch @@ -52999,7 +53141,9 @@ patches.suse/KVM-x86-Don-t-force-set-BSP-bit-when-local-APIC-is-m.patch patches.suse/KVM-nVMX-Unconditionally-clear-nested.pi_pending-on-.patch patches.suse/KVM-s390-index-kvm-arch.idle_mask-by-vcpu_idx.patch + patches.suse/KVM-x86-Update-vCPU-s-hv_clock-before-back-to-guest-.patch patches.suse/net-hso-add-failure-handler-for-add_net_device.patch + patches.suse/net-usb-qmi_wwan-add-Telit-0x1060-composition.patch patches.suse/qlcnic-Remove-redundant-unlock-in-qlcnic_pinit_from_.patch patches.suse/bnxt_en-fix-stored-FW_PSID-version-masks.patch patches.suse/bnxt_en-Fix-asic.rev-in-devlink-dev-info-command.patch @@ -53020,6 +53164,7 @@ patches.suse/PCI-of-Don-t-fail-devm_pci_alloc_host_bridge-on-miss.patch patches.suse/PCI-iproc-Fix-BCMA-probe-resource-handling.patch patches.suse/PCI-xilinx-nwl-Enable-the-clock-through-CCF.patch + patches.suse/profiling-fix-shift-out-of-bounds-bugs.patch patches.suse/Kconfig.debug-drop-selecting-non-existing-HARDLOCKUP.patch patches.suse/ipc-replace-costly-bailout-check-in-sysvipc_find_ipc.patch patches.suse/SUNRPC-improve-error-response-to-over-size-gss-crede.patch @@ -53299,6 +53444,7 @@ patches.suse/spi-spi-nxp-fspi-don-t-depend-on-a-specific-node-nam.patch patches.suse/gpio-pca953x-Improve-bias-setting.patch patches.suse/s390-fix-strrchr-implementation + patches.suse/0019-dm-fix-mempool-NULL-pointer-race-when-completing-IO.patch patches.suse/Input-snvs_pwrkey-add-clk-handling.patch patches.suse/Input-xpad-add-support-for-another-USB-ID-of-Nacon-G.patch patches.suse/xhci-guard-accesses-to-ep_state-in-xhci_endpoint_res.patch @@ -53497,6 +53643,7 @@ patches.suse/ice-Delete-always-true-check-of-PF-pointer.patch patches.suse/gve-DQO-avoid-unused-variable-warnings.patch patches.suse/gve-Use-kvcalloc-instead-of-kvzalloc.patch + patches.suse/net-usb-use-eth_hw_addr_set.patch patches.suse/Bluetooth-sco-Fix-lock_sock-blockage-by-memcpy_from_.patch patches.suse/Bluetooth-fix-use-after-free-error-in-lock_sock_nest.patch patches.suse/Bluetooth-btusb-Add-the-new-support-ID-for-Realtek-R.patch @@ -53522,6 +53669,7 @@ patches.suse/gve-Track-RX-buffer-allocation-failures.patch patches.suse/netdevice-demote-the-type-of-some-dev_addr_set-helpe.patch patches.suse/net-delete-redundant-function-declaration.patch + patches.suse/msft-hv-2454-hv_netvsc-Add-comment-of-netvsc_xdp_xmit.patch patches.suse/ipvs-add-sysctl_run_estimation-to-support-disable-es.patch patches.suse/b43legacy-fix-a-lower-bounds-test.patch patches.suse/b43-fix-a-lower-bounds-test.patch @@ -53975,6 +54123,7 @@ patches.suse/scsi-scsi_debug-Sanity-check-block-descriptor-length-in-resp_mode_select.patch patches.suse/tracing-Check-pid-filtering-when-creating-events.patch patches.suse/tracing-Fix-pid-filtering-when-triggers-are-attached.patch + patches.suse/KVM-arm64-Avoid-setting-the-upper-32-bits-of-TCR_EL2-and-CPTR_EL2-to-1.patch patches.suse/ASoC-tegra-Fix-wrong-value-type-in-ADMAIF.patch patches.suse/ASoC-tegra-Fix-wrong-value-type-in-I2S.patch patches.suse/ASoC-tegra-Fix-wrong-value-type-in-DMIC.patch @@ -54114,6 +54263,7 @@ patches.suse/fget-clarify-and-improve-__fget_files-implementation.patch patches.suse/s390-kexec_file-fix-error-handling-when-applying-relocations patches.suse/recordmcount.pl-look-for-jgnop-instruction-as-well-as-bcrl-on-s390.patch + patches.suse/0020-dm-btree-remove-fix-use-after-free-in-rebalance_chil.patch patches.suse/clk-Don-t-parent-clks-until-the-parent-is-fully-regi.patch patches.suse/ARM-socfpga-dts-fix-qspi-node-compatible.patch patches.suse/firmware-tegra-Fix-error-application-of-sizeof-to-po.patch @@ -54122,6 +54272,7 @@ patches.suse/firmware-arm_scpi-Fix-string-overflow-in-SCPI-genpd-.patch patches.suse/soc-tegra-fuse-Fix-bitwise-vs.-logical-OR-warning.patch patches.suse/phonet-refcount-leak-in-pep_sock_accep.patch + patches.suse/net-usb-qmi_wwan-add-Telit-0x1070-composition.patch patches.suse/net-hns3-fix-use-after-free-bug-in-hclgevf_send_mbx_.patch patches.suse/net-sched-sch_ets-don-t-remove-idle-classes-from-the.patch patches.suse/flow_offload-return-EOPNOTSUPP-for-the-unsupported-m.patch @@ -54244,9 +54395,9 @@ patches.suse/power-reset-ltc2952-Fix-use-of-floating-point-litera.patch patches.suse/ARM-dts-armada-38x-Add-generic-compatible-to-UART-nodes.patch patches.suse/arm64-clear_page-shouldn-t-use-DC-ZVA-when-DCZID_EL0.DZP-1.patch + patches.suse/random-document-add_hwgenerator_randomness-with-othe.patch patches.suse/random-fix-data-race-on-crng_node_pool.patch patches.suse/random-fix-data-race-on-crng-init-time.patch - patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch patches.suse/drm-bridge-display-connector-fix-an-uninitialized-po.patch patches.suse/drm-fix-null-ptr-deref-in-drm_dev_init_release.patch patches.suse/drm-panel-kingdisplay-kd097d04-Delete-panel-on-attac.patch @@ -54434,6 +54585,7 @@ patches.suse/ext4-set-csum-seed-in-tmp-inode-while-migrating-to-extents.patch patches.suse/cputime-cpuacct-Include-guest-time-in-user-time-in-c.patch patches.suse/sched-fair-Fix-detection-of-per-CPU-kthreads-waking-a-task.patch + patches.suse/0021-block-Fix-fsync-always-failed-if-once-failed.patch patches.suse/floppy-Fix-hang-in-watchdog-when-disk-is-ejected.patch patches.suse/floppy-Add-max-size-check-for-user-space-request.patch patches.suse/nvme-add-iopolicy-module-parameter.patch @@ -54593,6 +54745,7 @@ patches.suse/dmaengine-at_xdmac-Fix-concurrency-over-xfers_list.patch patches.suse/dmaengine-at_xdmac-Fix-lld-view-setting.patch patches.suse/dmaengine-at_xdmac-Fix-at_xdmac_lld-struct-definitio.patch + patches.suse/random-fix-typo-in-comments.patch patches.suse/f2fs-fix-to-do-sanity-check-on-inode-type-during-gar.patch patches.suse/nfc-st21nfca-Fix-potential-buffer-overflows-in-EVT_T.patch patches.suse/net-bonding-fix-bond_xmit_broadcast-return-value-err.patch @@ -54606,6 +54759,7 @@ patches.suse/clk-si5341-Fix-clock-HW-provider-cleanup.patch patches.suse/drm-radeon-fix-error-handling-in-radeon_driver_open_.patch patches.suse/blk-mq-fix-tag_get-wait-task-can-t-be-awakened.patch + patches.suse/0022-block-Fix-wrong-offset-in-bio_truncate.patch patches.suse/HID-uhid-Fix-worker-destroying-device-without-any-pr.patch patches.suse/HID-wacom-Reset-expected-and-received-contact-counts.patch patches.suse/Documentation-fix-firewire.rst-ABI-file-path-error.patch @@ -54651,6 +54805,8 @@ patches.suse/yam-fix-a-memory-leak-in-yam_siocdevprivate.patch patches.suse/gve-Fix-GFP-flags-when-allocing-pages.patch patches.suse/net-bridge-vlan-fix-single-net-device-option-dumping.patch + patches.suse/ipv4-tcp-send-zero-IPID-in-SYNACK-messages.patch + patches.suse/ipv4-avoid-using-shared-IP-generator-for-connected-s.patch patches.suse/net-bridge-vlan-fix-memory-leak-in-__allowed_ingress.patch patches.suse/drm-panel-orientation-quirks-Add-quirk-for-the-1Netb.patch patches.suse/drm-msm-dsi-Fix-missing-put_device-call-in-dsi_get_p.patch @@ -54739,6 +54895,7 @@ patches.suse/nvme-tcp-fix-possible-use-after-free-in-transport-er.patch patches.suse/nvme-rdma-fix-possible-use-after-free-in-transport-e.patch patches.suse/nvme-fabrics-fix-state-check-in-nvmf_ctlr_matches_ba.patch + patches.suse/0023-block-bio-integrity-Advance-seed-correctly-for-large.patch patches.suse/scsi-bnx2fc-Make-bnx2fc_recv_frame-mp-safe patches.suse/IB-hfi1-Fix-AIP-early-init-panic.patch patches.suse/RDMA-cma-Use-correct-address-when-leaving-multicast-.patch @@ -55005,7 +55162,9 @@ patches.suse/usb-gadget-Fix-use-after-free-bug-by-not-setting-udc.patch patches.suse/scsi-mpt3sas-Page-fault-in-reply-q-processing patches.suse/Input-aiptek-properly-check-endpoint-type.patch + patches.suse/kvm-emulate-fix-setcc-emulation-function-offsets-with-sls.patch patches.suse/KEYS-fix-length-validation-in-keyctl_pkey_params_get.patch + patches.suse/arm64-module-remove-NOLOAD-from-linker-script.patch patches.suse/arm64-mm-avoid-fixmap-race-condition-when-create-pud-mapping.patch patches.suse/clocksource-drivers-timer-of-Check-return-value-of-o.patch patches.suse/ACPICA-Avoid-walking-the-ACPI-Namespace-if-it-is-not.patch @@ -55020,11 +55179,13 @@ patches.suse/ACPI-docs-enumeration-Update-UART-serial-bus-resourc.patch patches.suse/ACPI-docs-enumeration-Remove-redundant-.owner-assign.patch patches.suse/PM-core-keep-irq-flags-in-device_pm_check_callbacks.patch + patches.suse/cpuidle-PSCI-Move-the-has_lpi-check-to-the-beginning-of-the-function.patch patches.suse/ACPI-processor-idle-Check-for-architectural-support-.patch patches.suse/PM-hibernate-fix-__setup-handler-error-handling.patch patches.suse/PM-suspend-fix-return-value-of-__setup-handler.patch patches.suse/thermal-int340x-Check-for-NULL-after-calling-kmemdup.patch patches.suse/thermal-int340x-Increase-bitmap-size.patch + patches.suse/random-remove-useless-header-comment.patch patches.suse/hwrng-cavium-HW_RANDOM_CAVIUM-should-depend-on-ARCH_.patch patches.suse/crypto-rsa-pkcs1pad-correctly-get-hash-from-source-s.patch patches.suse/crypto-rsa-pkcs1pad-restore-signature-length-check.patch @@ -55037,7 +55198,9 @@ patches.suse/crypto-vmx-add-missing-dependencies.patch patches.suse/crypto-cavium-nitrox-don-t-cast-parameter-in-bit-ope.patch patches.suse/crypto-ccp-ccp_dmaengine_unregister-release-dma-chan.patch + patches.suse/crypto-qat-disable-registration-of-algorithms.patch patches.suse/block-update-io_ticks-when-io-hang.patch + patches.suse/0024-block-don-t-delete-queue-kobject-before-its-children.patch patches.suse/block-don-t-merge-across-cgroup-boundaries-if-blkcg-.patch patches.suse/0002-bcache-fixup-multiple-threads-crash.patch patches.suse/lib-raid6-test-fix-multiple-definition-linking-error.patch @@ -55055,6 +55218,7 @@ patches.suse/Adjust-cifssb-maximum-read-size.patch patches.suse/cifs-we-do-not-need-a-spinlock-around-the-tree-access-during-umount.patch patches.suse/cifs-use-a-different-reconnect-helper-for-non-cifsd-threads.patch + patches.suse/sched-debug-Remove-mpol_get-put-and-task_lock-unlock.patch patches.suse/vsprintf-Fix-pK-with-kptr_restrict-0.patch patches.suse/printk-Add-panic_in_progress-helper.patch patches.suse/printk-disable-optimistic-spin-during-panic.patch @@ -55170,12 +55334,14 @@ patches.suse/mt76-mt7603-check-sta_rates-pointer-in-mt7603_sta_ra.patch patches.suse/mt76-mt7615-check-sta_rates-pointer-in-mt7615_sta_ra.patch patches.suse/net-ibmvnic-Cleanup-workaround-doing-an-EOI-after-pa.patch + patches.suse/bpf-Add-config-to-allow-loading-modules-with-BTF-mismatche.patch patches.suse/ixgbe-add-the-ability-for-the-PF-to-disable-VF-link-.patch patches.suse/ixgbe-add-improvement-for-MDD-response-functionality.patch patches.suse/ixgbevf-add-disable-link-state.patch patches.suse/iwlwifi-Fix-EIO-error-code-that-is-never-returned.patch patches.suse/iwlwifi-mvm-Fix-an-error-code-in-iwl_mvm_up.patch patches.suse/carl9170-fix-missing-bit-wise-or-operator-for-tx_par.patch + patches.suse/ath10k-Fix-error-handling-in-ath10k_setup_msa_resour.patch patches.suse/mac80211-fix-potential-double-free-on-mesh-join.patch patches.suse/bareudp-use-ipv6_mod_enabled-to-check-if-IPv6-enable.patch patches.suse/Bluetooth-btusb-Add-missing-Chicony-device-for-Realt.patch @@ -55215,6 +55381,7 @@ patches.suse/RDMA-core-Set-MR-type-in-ib_reg_user_mr.patch patches.suse/RDMA-mlx5-Fix-the-flow-of-a-miss-in-the-allocation-o.patch patches.suse/IB-hfi1-Allow-larger-MTU-without-AIP.patch + patches.suse/0025-dm-crypt-fix-get_key_size-compiler-warning-if-CONFIG.patch patches.suse/scsi-qla2xxx-Refactor-asynchronous-command-initializ.patch patches.suse/scsi-qla2xxx-Implement-ref-count-for-SRB.patch patches.suse/scsi-qla2xxx-Fix-stuck-session-in-gpdb.patch @@ -55259,7 +55426,6 @@ patches.suse/scsi-lpfc-Use-rport-as-argument-for-lpfc_chk_tgt_map.patch patches.suse/scsi-lpfc-Remove-failing-soft_wwn-support.patch patches.suse/scsi-qla2xxx-Fix-incorrect-reporting-of-task-managem.patch - patches.suse/scsi-qla2xxx-Fix-disk-failure-to-rediscover.patch patches.suse/scsi-qla2xxx-Fix-loss-of-NVMe-namespaces-after-drive.patch patches.suse/scsi-qla2xxx-Fix-missed-DMA-unmap-for-NVMe-ls-reques.patch patches.suse/scsi-qla2xxx-Fix-crash-during-module-load-unload-tes.patch @@ -55368,6 +55534,7 @@ patches.suse/serial-8250-Fix-race-condition-in-RTS-after-send-han.patch patches.suse/xen-fix-is_xen_pmu.patch patches.suse/livepatch-Don-t-block-removal-of-patches-that-are-safe-to-unload.patch + patches.suse/net-usb-ax88179_178a-add-Allied-Telesis-AT-UMCs.patch patches.suse/net-hns3-fix-bug-when-PF-set-the-duplicate-MAC-addre.patch patches.suse/net-phy-broadcom-Fix-brcm_fet_config_init.patch patches.suse/net-x25-Fix-null-ptr-deref-caused-by-x25_disconnect.patch @@ -55439,6 +55606,7 @@ patches.suse/cifs-prevent-bad-output-lengths-in-smb2_ioctl_query_info-.patch patches.suse/cifs-fix-NULL-ptr-dereference-in-smb2_ioctl_query_info-.patch patches.suse/xen-blkfront-fix-comment-for-need_copy.patch + patches.suse/drbd-fix-potential-silent-data-corruption.patch patches.suse/platform-chrome-cros_ec_debugfs-detach-log-reader-wq.patch patches.suse/kvm-x86-mmu-do-compare-and-exchange-of-gpte-via-the-user-address patches.suse/ARM-9187-1-JIVE-fix-return-value-of-__setup-handler.patch @@ -55515,6 +55683,8 @@ patches.suse/drm-msm-mdp5-check-the-return-of-kzalloc.patch patches.suse/drm-msm-dsi-Use-connector-directly-in-msm_dsi_manage.patch patches.suse/drm-amd-display-don-t-ignore-alpha-property-on-pre-m.patch + patches.suse/0026-block-compat_ioctl-fix-range-check-in-BLKGETSIZE.patch + patches.suse/0027-dm-integrity-fix-memory-corruption-when-tag_size-is-.patch patches.suse/mm-page_alloc-fix-build_zonerefs_node.patch patches.suse/scsi-pm80xx-Mask-and-unmask-upper-interrupt-vectors-32-63 patches.suse/scsi-pm80xx-Enable-upper-inbound-outbound-queues @@ -55528,8 +55698,11 @@ patches.suse/genirq-affinity-Consider-that-CPUs-on-nodes-can-be-u.patch patches.suse/smp-Fix-offline-cpu-check-in-flush_smp_call_function.patch patches.suse/timers-Fix-warning-condition-in-__run_timers.patch + patches.suse/tick-nohz-Use-WARN_ON_ONCE-to-prevent-console-saturation.patch patches.suse/spi-atmel-quadspi-Fix-the-buswidth-adjustment-betwee.patch + patches.suse/openvswitch-fix-OOB-access-in-reserve_sfa_size.patch patches.suse/e1000e-Fix-possible-overflow-in-LTR-decoding.patch + patches.suse/net-sched-cls_u32-fix-netns-refcount-changes-in-u32_.patch patches.suse/dma-at_xdmac-fix-a-missing-check-on-list-iterator.patch patches.suse/dmaengine-imx-sdma-Fix-error-checking-in-sdma_event_.patch patches.suse/dmaengine-mediatek-Fix-PM-usage-reference-leak-of-mt.patch @@ -55562,9 +55735,10 @@ patches.suse/0003-video-fbdev-udlfb-properly-check-endpoint-type.patch patches.suse/pinctrl-rockchip-fix-RK3308-pinmux-bits.patch patches.suse/pinctrl-pistachio-fix-use-of-irq_of_parse_and_map.patch - patches.suse/floppy-disable-FDRAWCMD-by-default.patch + patches.suse/0001-floppy-disable-FDRAWCMD-by-default.patch patches.suse/mtd-rawnand-fix-ecc-parameters-for-mt7622.patch patches.suse/mtd-rawnand-Fix-return-value-check-of-wait_for_compl.patch + patches.suse/0028-hex2bin-make-the-function-hex_to_bin-constant-time.patch patches.suse/hex2bin-fix-access-beyond-string-end.patch patches.suse/thermal-int340x-Fix-attr.show-callback-prototype.patch patches.suse/wireguard-device-check-for-metadata_dst-with-skb_val.patch @@ -55717,16 +55891,18 @@ patches.suse/raid5-introduce-MD_BROKEN.patch patches.suse/md-fix-an-incorrect-NULL-check-in-does_sb_need_chang.patch patches.suse/md-fix-an-incorrect-NULL-check-in-md_reload_sb.patch + patches.suse/0029-md-raid0-Ignore-RAID0-layout-if-the-second-zone-has-.patch patches.suse/irqchip-exiu-Fix-acknowledgment-of-edge-triggered-in.patch patches.suse/irqchip-aspeed-i2c-ic-Fix-irq_of_parse_and_map-retur.patch patches.suse/irqchip-armada-370-xp-Do-not-touch-Performance-Count.patch patches.suse/x86-entry-remove-skip_r11rcx.patch patches.suse/irqchip-irq-xtensa-mx-fix-initial-IRQ-affinity.patch + patches.suse/sched-fair-Revise-comment-about-lb-decision-matrix.patch patches.suse/lockdown-also-lock-down-previous-kgdb-use.patch + patches.suse/arm64-stackleak-fix-current_top_of_stack.patch patches.suse/tpm-ibmvtpm-Correct-the-return-value-in-tpm_ibmvtpm_.patch patches.suse/tpm-Fix-buffer-access-in-tpm2_get_tpm_pt.patch patches.suse/efi-Do-not-import-certificates-from-UEFI-Secure-Boot.patch - patches.suse/hwmon-Make-chip-parameter-for-with_info-API-mandator.patch patches.suse/mtd-spi-nor-core-Check-written-SR-value-in-spi_nor_w.patch patches.suse/mmc-jz4740-Apply-DMA-engine-limits-to-maximum-segmen.patch patches.suse/regulator-core-Fix-enable_count-imbalance-with-EXCLU.patch @@ -55760,6 +55936,7 @@ patches.suse/ext4-fix-bug_on-in-__es_tree_search.patch patches.suse/iomap-iomap_write_failed-fix.patch patches.suse/docs-submitting-patches-Fix-crossref-to-The-canonica.patch + patches.suse/msft-hv-2570-hv_netvsc-Add-support-for-XDP_REDIRECT.patch patches.suse/NFC-NULL-out-the-dev-rfkill-to-prevent-UAF.patch patches.suse/ath9k-fix-ar9003_get_eepmisc.patch patches.suse/mwifiex-add-mutex-lock-for-call-in-mwifiex_dfs_chan_.patch @@ -55899,9 +56076,13 @@ patches.suse/soc-qcom-smsm-Fix-missing-of_node_put-in-smsm_parse_.patch patches.suse/arm-mediatek-select-arch-timer-for-mt7629.patch patches.suse/ARM-omap-remove-debug-leds-driver.patch + patches.suse/scripts-dummy-tools-add-pahole.patch patches.suse/drivers-base-node.c-fix-compaction-sysfs-file-leak.patch patches.suse/drivers-base-memory-fix-an-unlikely-reference-counti.patch patches.suse/nfsd-Fix-null-ptr-deref-in-nfsd_fill_super.patch + patches.suse/0030-dm-stats-add-cond_resched-when-looping-over-entries.patch + patches.suse/0031-dm-integrity-fix-error-code-in-dm_integrity_ctr.patch + patches.suse/0032-dm-crypt-make-printing-of-the-key-constant-time.patch patches.suse/tty-fix-deadlock-caused-by-calling-printk-under-tty_.patch patches.suse/PCI-AER-Clear-MULTI_ERR_COR-UNCOR_RCV-bits.patch patches.suse/PCI-PM-Power-up-all-devices-during-runtime-resume.patch @@ -55938,6 +56119,10 @@ patches.suse/crypto-x86-eliminate-anonymous-module_init-module_ex.patch patches.suse/crypto-caam-fix-i.MX6SX-entropy-delay-value.patch patches.suse/crypto-ecrdsa-Fix-incorrect-use-of-vli_cmp.patch + patches.suse/crypto-qat-set-to-zero-DH-parameters-before-free.patch + patches.suse/crypto-qat-fix-memory-leak-in-RSA.patch + patches.suse/crypto-qat-remove-dma_free_coherent-for-RSA.patch + patches.suse/crypto-qat-remove-dma_free_coherent-for-DH.patch patches.suse/0004-nvdimm-Fix-firmware-activation-deadlock-scenarios.patch patches.suse/pinctrl-rockchip-support-deferring-other-gpio-params.patch patches.suse/pinctrl-mvebu-Fix-irq_of_parse_and_map-return-value.patch @@ -56000,6 +56185,7 @@ patches.suse/0007-bcache-remove-incremental-dirty-sector-counting-for-.patch patches.suse/0008-bcache-avoid-journal-no-space-deadlock-by-reserving-.patch patches.suse/0009-bcache-memset-on-stack-variables-in-bch_btree_check-.patch + patches.suse/0033-md-bcache-check-the-return-value-of-kzalloc-in-detac.patch patches.suse/0010-bcache-avoid-unnecessary-soft-lockup-in-kworker-upda.patch patches.suse/drivers-staging-rtl8192u-Fix-deadlock-in-ieee80211_b.patch patches.suse/drivers-staging-rtl8192e-Fix-deadlock-in-rtllib_beac.patch @@ -56116,6 +56302,15 @@ patches.suse/scsi-lpfc-Add-more-logging-of-cmd-and-cqe-informatio.patch patches.suse/scsi-lpfc-Allow-reduced-polling-rate-for-nvme_admin_.patch patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.4.patch + patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch + patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch + patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch + patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch + patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch + patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch + patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch + patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch + patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch patches.suse/certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch patches.suse/net-ax25-Fix-deadlock-caused-by-skb_recv_datagram-in.patch patches.suse/drm-i915-reset-Fix-error_state_read-ptr-offset-use.patch @@ -56125,9 +56320,11 @@ patches.suse/usb-gadget-lpc32xx_udc-Fix-refcount-leak-in-lpc32xx_.patch patches.suse/usb-gadget-u_ether-fix-regression-in-setting-fixed-M.patch patches.suse/tty-goldfish-Fix-free_irq-on-remove.patch + patches.suse/0034-dm-mirror-log-round-up-region-bitmap-size-to-BITS_PE.patch patches.suse/init-Initialize-noop_backing_dev_info-early.patch patches.suse/block-Fix-handling-of-offline-queues-in-blk_mq_alloc.patch patches.suse/arm64-ftrace-fix-branch-range-checks.patch + patches.suse/arm64-mm-Don-t-invalidate-FROM_DEVICE-buffers-at-start-of-DMA-transfer.patch patches.suse/pNFS-Don-t-keep-retrying-if-the-server-replied-NFS4E.patch patches.suse/ext4-fix-bug_on-ext4_mb_use_inode_pa.patch patches.suse/ext4-make-variable-count-signed.patch @@ -56164,17 +56361,300 @@ patches.suse/soc-bcm-brcmstb-pm-pm-arm-Fix-refcount-leak-in-brcms.patch patches.suse/virtio-net-fix-race-between-ndo_open-and-virtio_devi.patch patches.suse/caif_virtio-fix-race-between-virtio_device_ready-and.patch + patches.suse/virtio_mmio-Add-missing-PM-calls-to-freeze-restore.patch + patches.suse/virtio_mmio-Restore-guest-page-size-on-resume.patch + patches.suse/platform-x86-hp-wmi-Ignore-Sanitization-Mode-event.patch patches.suse/linux-dim-Fix-divide-by-0-in-RDMA-DIM.patch patches.suse/nfc-nfcmrvl-Fix-irq_of_parse_and_map-return-value.patch patches.suse/NFC-nxp-nci-Don-t-issue-a-zero-length-i2c_master_rea.patch + patches.suse/NFC-nxp-nci-don-t-print-header-length-mismatch-on-i2.patch patches.suse/usbnet-fix-memory-allocation-in-helpers.patch patches.suse/net-usb-ax88179_178a-Fix-packet-receiving.patch patches.suse/net-rose-fix-UAF-bugs-caused-by-timer-handler.patch patches.suse/hwmon-ibmaem-don-t-call-platform_device_del-if-platf.patch patches.suse/drivers-cpufreq-Add-missing-of_node_put-in-qoriq-cpu.patch + patches.suse/soc-ixp4xx-npe-Fix-unused-match-warning.patch + patches.suse/xen-blkfront-fix-leaking-data-in-shared-pages.patch + patches.suse/xen-netfront-fix-leaking-data-in-shared-pages.patch + patches.suse/xen-netfront-force-data-bouncing-when-backend-is-unt.patch + patches.suse/xen-blkfront-force-data-bouncing-when-backend-is-unt.patch + patches.suse/ASoC-ops-Fix-off-by-one-in-range-control-validation.patch + patches.suse/ASoC-Remove-unused-hw_write_t-type.patch + patches.suse/ASoC-wm5110-Fix-DRE-control.patch + patches.suse/ASoC-cs47l15-Fix-event-generation-for-low-power-mux-.patch + patches.suse/ASoC-madera-Fix-event-generation-for-OUT1-demux.patch + patches.suse/ASoC-madera-Fix-event-generation-for-rate-controls.patch + patches.suse/pinctrl-sunxi-a83t-Fix-NAND-function-name-for-some-p.patch + patches.suse/pinctrl-sunxi-sunxi_pconf_set-use-correct-offset.patch patches.suse/ibmvnic-Properly-dispose-of-all-skbs-during-a-failov.patch - - # jejb/scsi for-next + patches.suse/can-gs_usb-gs_usb_open-close-fix-memory-leak.patch + patches.suse/usbnet-fix-memory-leak-in-error-case.patch + patches.suse/net-rose-fix-UAF-bug-caused-by-rose_t0timer_expiry.patch + patches.suse/r8169-fix-accessing-unset-transport-header.patch + patches.suse/fbdev-fbmem-Fix-logo-center-image-dx-issue.patch + patches.suse/video-of_display_timing.h-include-errno.h.patch + patches.suse/fbcon-Disallow-setting-font-bigger-than-screen-size.patch + patches.suse/fbcon-Prevent-that-screen-size-is-smaller-than-font-.patch + patches.suse/fbmem-Check-virtual-screen-sizes-in-fb_set_var.patch + patches.suse/memregion-Fix-memregion_free-fallback-definition.patch + patches.suse/i2c-cadence-Unregister-the-clk-notifier-in-error-pat.patch + patches.suse/misc-rtsx_usb-fix-use-of-dma-mapped-buffer-for-usb-b.patch + patches.suse/misc-rtsx_usb-use-separate-command-and-response-buff.patch + patches.suse/misc-rtsx_usb-set-return-value-in-rsp_buf-alloc-err-.patch + patches.suse/dmaengine-ti-Fix-refcount-leak-in-ti_dra7_xbar_route.patch + patches.suse/dmaengine-ti-Add-missing-put_device-in-ti_dra7_xbar_.patch + patches.suse/dmaengine-imx-sdma-Allow-imx8m-for-imx7-FW-revs.patch + patches.suse/dmaengine-at_xdma-handle-errors-of-at_xdmac_alloc_de.patch + patches.suse/dmaengine-pl330-Fix-lockdep-warning-about-non-static.patch + patches.suse/ida-don-t-use-BUG_ON-for-debugging.patch + patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch + patches.suse/x86-retpoline-Use-mfunction-return.patch + patches.suse/x86-Undo-return-thunk-damage.patch + patches.suse/x86-bpf-Use-alternative-RET-encoding.patch + patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch + patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch + patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch + patches.suse/x86-Use-return-thunk-in-asm-code.patch + patches.suse/x86-Add-magic-AMD-return-thunk.patch + patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch + patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch + patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch + patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch + patches.suse/x86-entry-add-kernel-ibrs-implementation.patch + patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch + patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch + patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch + patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch + patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch + patches.suse/x86-xen-Rename-SYS-entry-points.patch + patches.suse/x86-bugs-Add-retbleed-ibpb.patch + patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch + patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch + patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch + patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch + patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch + patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch + patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch + patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch + patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch + patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch + patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch + patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch + patches.suse/x86-common-Stamp-out-the-stepping-madness.patch + patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch + patches.suse/x86-retbleed-add-fine-grained-kconfig-knobs.patch + patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch + patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch + patches.suse/x86-kexec-disable-ret-on-kexec.patch + patches.suse/drm-i915-fix-a-possible-refcount-leak-in-intel_dp_ad.patch + patches.suse/drm-panfrost-Put-mapping-instead-of-shmem-obj-on-pan.patch + patches.suse/drm-panfrost-Fix-shrinker-list-corruption-by-madvise.patch + patches.suse/ASoC-sgtl5000-Fix-noise-on-shutdown-remove.patch + patches.suse/ASoC-Intel-Skylake-Correct-the-ssp-rate-discovery-in.patch + patches.suse/ASoC-Intel-Skylake-Correct-the-handling-of-fmt_confi.patch + patches.suse/ALSA-hda-conexant-Apply-quirk-for-another-HP-ProDesk.patch + patches.suse/ALSA-hda-Add-fixup-for-Dell-Latitidue-E5430.patch + patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-dbe75d314748.patch + patches.suse/ALSA-hda-realtek-Fix-headset-mic-problem-for-a-HP-ma-4ba5c853d794.patch + patches.suse/ALSA-hda-realtek-Enable-the-headset-mic-on-a-Xiaomi--9b043a8f3864.patch + patches.suse/ima-Fix-a-potential-integer-overflow-in-ima_appraise.patch + patches.suse/ima-Fix-potential-memory-leak-in-ima_init_crypto.patch + patches.suse/sysctl-Fix-data-races-in-proc_dointvec.patch + patches.suse/sysctl-Fix-data-races-in-proc_douintvec.patch + patches.suse/sysctl-Fix-data-races-in-proc_dointvec_minmax.patch + patches.suse/sysctl-Fix-data-races-in-proc_douintvec_minmax.patch + patches.suse/sysctl-Fix-data-races-in-proc_dointvec_jiffies.patch + patches.suse/sysctl-Fix-data-races-in-proc_dointvec_ms_jiffies.patch + patches.suse/raw-Fix-a-data-race-around-sysctl_raw_l3mdev_accept.patch + patches.suse/wifi-mac80211-fix-queue-selection-for-mesh-OCB-inter.patch + patches.suse/xen-netback-avoid-entering-xenvif_rx_next_skb-with-a.patch + patches.suse/drm-i915-selftests-fix-a-couple-IS_ERR-vs-NULL-tests.patch + patches.suse/drm-i915-gt-Serialize-TLB-invalidates-with-GT-resets.patch + patches.suse/spi-amd-Limit-max-transfer-and-message-size.patch + patches.suse/kvm-emulate-do-not-adjust-size-of-fastop-and-setcc-subroutines.patch + patches.suse/serial-pl011-UPSTAT_AUTORTS-requires-.throttle-unthr.patch + patches.suse/serial-stm32-Clear-prev-values-before-setting-RTS-de.patch + patches.suse/serial-8250-fix-return-error-code-in-serial8250_requ.patch + patches.suse/tty-extract-tty_flip_buffer_commit-from-tty_flip_buf.patch + patches.suse/tty-use-new-tty_insert_flip_string_and_push_buffer-i.patch + patches.suse/usb-dwc3-gadget-Fix-event-pending-check.patch + patches.suse/usb-typec-add-missing-uevent-when-partner-support-PD.patch + patches.suse/USB-serial-ftdi_sio-add-Belimo-device-ids.patch + patches.suse/power-reset-arm-versatile-Fix-refcount-leak-in-versa.patch + patches.suse/x86-bugs-remove-apostrophe-typo.patch + patches.suse/lockdown-Fix-kexec-lockdown-bypass-with-ima-policy.patch + patches.suse/gpio-pca953x-only-use-single-read-write-for-No-AI-mo.patch + patches.suse/gpio-pca953x-use-the-correct-range-when-do-regmap-sy.patch + patches.suse/gpio-pca953x-use-the-correct-register-address-when-r.patch + patches.suse/i2c-cadence-Change-large-transfer-count-reset-logic-.patch + patches.suse/lkdtm-disable-return-thunks-in-rodata-c.patch + patches.suse/Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_c.patch + patches.suse/netfilter-nf_queue-do-not-allow-packet-truncation-be.patch + patches.suse/virtio-net-fix-the-race-between-refill-work-and-clos.patch + patches.suse/meson-mx-socinfo-Fix-refcount-leak-in-meson_mx_socin.patch + patches.suse/soc-fsl-guts-machine-variable-might-be-unset.patch + patches.suse/regulator-of-Fix-refcount-leak-bug-in-of_get_regulat.patch + patches.suse/ACPI-CPPC-Do-not-prevent-CPPC-from-working-in-the-fu.patch + patches.suse/bus-hisi_lpc-fix-missing-platform_device_put-in-hisi.patch + patches.suse/ACPI-APEI-Better-fix-to-avoid-spamming-the-console-w.patch + patches.suse/ACPI-video-Shortening-quirk-list-by-identifying-Clev.patch + patches.suse/thermal-tools-tmon-Include-pthread-and-time-headers-.patch + patches.suse/wifi-rtlwifi-fix-error-codes-in-rtl_debugfs_set_writ.patch + patches.suse/can-Break-loopback-loop-on-loopback-documentation.patch + patches.suse/ath10k-do-not-enforce-interrupt-trigger-type.patch + patches.suse/wifi-iwlegacy-4965-fix-potential-off-by-one-overflow.patch + patches.suse/can-pch_can-do-not-report-txerr-and-rxerr-during-bus.patch + patches.suse/can-rcar_can-do-not-report-txerr-and-rxerr-during-bu.patch + patches.suse/can-sja1000-do-not-report-txerr-and-rxerr-during-bus.patch + patches.suse/can-hi311x-do-not-report-txerr-and-rxerr-during-bus-.patch + patches.suse/can-sun4i_can-do-not-report-txerr-and-rxerr-during-b.patch + patches.suse/can-kvaser_usb_hydra-do-not-report-txerr-and-rxerr-d.patch + patches.suse/can-kvaser_usb_leaf-do-not-report-txerr-and-rxerr-du.patch + patches.suse/can-usb_8dev-do-not-report-txerr-and-rxerr-during-bu.patch + patches.suse/can-error-specify-the-values-of-data-5.7-of-CAN-erro.patch + patches.suse/can-pch_can-pch_can_error-initialize-errc-before-usi.patch + patches.suse/Bluetooth-hci_intel-Add-check-for-platform_driver_re.patch + patches.suse/mt76-mt76x02u-fix-possible-memory-leak-in-__mt76x02u.patch + patches.suse/mediatek-mt76-mac80211-Fix-missing-of_node_put-in-mt.patch + patches.suse/wifi-p54-Fix-an-error-handling-path-in-p54spi_probe.patch + patches.suse/wifi-p54-add-missing-parentheses-in-p54_flush.patch + patches.suse/wifi-wil6210-debugfs-fix-info-leak-in-wil_write_file.patch + patches.suse/wifi-iwlwifi-mvm-fix-double-list_add-at-iwl_mvm_mac_.patch + patches.suse/wifi-libertas-Fix-possible-refcount-leak-in-if_usb_p.patch + patches.suse/wifi-wil6210-debugfs-fix-uninitialized-variable-use-.patch + patches.suse/i2c-Fix-a-potential-use-after-free.patch + patches.suse/i2c-cadence-Support-PEC-for-SMBus-block-read.patch + patches.suse/i2c-mux-gpmux-Add-of_node_put-when-breaking-out-of-l.patch + patches.suse/media-tw686x-Register-the-irq-at-the-end-of-probe.patch + patches.suse/media-hdpvr-fix-error-value-returns-in-hdpvr_read.patch + patches.suse/drm-bridge-tc358767-Make-sure-Refclk-clock-are-enabl.patch + patches.suse/drm-st7735r-Fix-module-autoloading-for-Okaya-RH12812.patch + patches.suse/drm-mipi-dbi-align-max_chunk-to-2-in-spi_transfer.patch + patches.suse/drm-nouveau-fix-another-off-by-one-in-nvbios_addr.patch + patches.suse/virtio-gpu-fix-a-missing-check-to-avoid-NULL-derefer.patch + patches.suse/drm-adv7511-override-i2c-address-of-cec-before-acces.patch + patches.suse/drm-bridge-adv7511-Add-check-for-mipi_dsi_driver_reg.patch + patches.suse/drm-mcde-Fix-refcount-leak-in-mcde_dsi_bind.patch + patches.suse/drm-doc-Fix-comment-typo.patch + patches.suse/drm-vc4-plane-Remove-subpixel-positioning-check.patch + patches.suse/drm-vc4-plane-Fix-margin-calculations-for-the-right-.patch + patches.suse/drm-vc4-dsi-Correct-DSI-divider-calculations.patch + patches.suse/drm-vc4-dsi-Correct-pixel-order-for-DSI0.patch + patches.suse/drm-vc4-dsi-Add-correct-stop-condition-to-vc4_dsi_en.patch + patches.suse/drm-vc4-hdmi-Fix-timings-for-interlaced-modes.patch + patches.suse/drm-vc4-hdmi-Correct-HDMI-timing-registers-for-inter.patch + patches.suse/drm-radeon-fix-potential-buffer-overflow-in-ni_set_m.patch + patches.suse/drm-radeon-fix-incorrrect-SPDX-License-Identifiers.patch + patches.suse/drm-rockchip-vop-Don-t-crash-for-invalid-duplicate_s.patch + patches.suse/drm-rockchip-Fix-an-error-handling-path-rockchip_dp_.patch + patches.suse/drm-bridge-sii8620-fix-possible-off-by-one.patch + patches.suse/drm-mediatek-Add-pull-down-MIPI-operation-in-mtk_dsi.patch + patches.suse/drm-mediatek-dpi-Remove-output-format-of-YUV.patch + patches.suse/drm-mediatek-dpi-Only-enable-dpi-after-the-bridge-is.patch + patches.suse/drm-msm-hdmi-enable-core-vcc-core-vdda-supply-for-89.patch + patches.suse/drm-msm-mdp5-Fix-global-state-lock-backoff.patch + patches.suse/drm-exynos-exynos7_drm_decon-free-resources-when-clk.patch + patches.suse/drm-amd-display-Enable-building-new-display-engine-w.patch + patches.suse/fpga-altera-pr-ip-fix-unsigned-comparison-with-less-.patch + patches.suse/misc-rtsx-Fix-an-error-handling-path-in-rtsx_pci_pro.patch + patches.suse/intel_th-Fix-a-resource-leak-in-an-error-handling-pa.patch + patches.suse/intel_th-msu-sink-Potential-dereference-of-null-poin.patch + patches.suse/intel_th-msu-Fix-vmalloced-buffers.patch + patches.suse/iio-core-Fix-IIO_ALIGN-and-rename-as-it-was-not-suff.patch + patches.suse/iio-accel-bma220-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-accel-sca3000-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7266-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7298-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7476-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7766-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7768-1-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ad7887-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-hi8435-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ltc2497-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-max1027-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-max11100-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-max1118-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-mcp320x-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-adc0832-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-adc084s021-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-adc12138-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-adc128s052-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-adc161s626-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-ads124s08-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-ads7950-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-ads8344-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-ads8688-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-adc-ti-tlc4541-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-amplifiers-ad8366-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5064-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5360-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5421-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5449-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5504-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5755-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5761-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5764-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad5791-Fix-alignment-for-DMA-saftey.patch + patches.suse/iio-dac-ad7303-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ad8801-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-mcp4922-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ti-dac082s085-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ti-dac5571-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ti-dac7311-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-dac-ti-dac7612-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-frequency-ad9523-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-frequency-adf4350-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-frequency-adf4371-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-gyro-adis16080-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-gyro-adis16130-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-gyro-adxrs450-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-gyro-fxas210002c-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-potentiometer-ad5272-Fix-alignment-for-DMA-safet.patch + patches.suse/iio-potentiometer-max5481-Fix-alignment-for-DMA-safe.patch + patches.suse/iio-potentiometer-mcp41010-Fix-alignment-for-DMA-saf.patch + patches.suse/iio-potentiometer-mcp4131-Fix-alignment-for-DMA-safe.patch + patches.suse/iio-proximity-as3935-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-resolver-ad2s1200-Fix-alignment-for-DMA-safety.patch + patches.suse/iio-resolver-ad2s90-Fix-alignment-for-DMA-safety.patch + patches.suse/soundwire-bus_type-fix-remove-and-shutdown-support.patch + patches.suse/iio-light-isl29028-Fix-the-warning-in-isl29028_remov.patch + patches.suse/driver-core-fix-potential-deadlock-in-__driver_attac.patch + patches.suse/usb-host-Fix-refcount-leak-in-ehci_hcd_ppc_of_probe.patch + patches.suse/usb-ohci-nxp-Fix-refcount-leak-in-ohci_hcd_nxp_probe.patch + patches.suse/usb-xhci-tegra-Fix-error-check.patch + patches.suse/usb-host-xhci-use-snprintf-in-xhci_decode_trb.patch + patches.suse/usb-gadget-udc-amd5536-depends-on-HAS_DMA.patch + patches.suse/USB-serial-fix-tty-port-initialized-comments.patch + patches.suse/usb-typec-ucsi-Acknowledge-the-GET_ERROR_STATUS-comm.patch + patches.suse/staging-rtl8192u-Fix-sleep-in-atomic-context-bug-in-.patch + patches.suse/USB-Follow-up-to-SPDX-identifiers-addition-remove-no.patch + patches.suse/HID-cp2112-prevent-a-buffer-overflow-in-cp2112_xfer.patch + patches.suse/platform-olpc-Fix-uninitialized-data-in-debugfs-writ.patch + patches.suse/gpio-gpiolib-of-Fix-refcount-bugs-in-of_mm_gpiochip_.patch + patches.suse/clk-renesas-r9a06g032-Fix-UART-clkgrp-bitsel.patch + patches.suse/clk-qcom-clk-krait-unlock-spin-after-mux-completion.patch + patches.suse/clk-qcom-ipq8074-fix-NSS-core-PLL-s.patch + patches.suse/clk-qcom-ipq8074-SW-workaround-for-UBI32-PLL-lock.patch + patches.suse/clk-qcom-ipq8074-fix-NSS-port-frequency-tables.patch + patches.suse/clk-qcom-ipq8074-set-BRANCH_HALT_DELAY-flag-for-UBI-.patch + patches.suse/clk-qcom-camcc-sdm845-Fix-topology-around-titan_top-.patch + patches.suse/PCI-portdrv-Don-t-disable-AER-reporting-in-get_port_.patch + patches.suse/PCI-dwc-Stop-link-on-host_init-errors-and-de-initial.patch + patches.suse/PCI-dwc-Add-unroll-iATU-space-support-to-dw_pcie_dis.patch + patches.suse/PCI-dwc-Disable-outbound-windows-only-for-controller.patch + patches.suse/PCI-dwc-Deallocate-EPC-memory-on-dw_pcie_ep_init-err.patch + patches.suse/PCI-dwc-Always-enable-CDM-check-if-snps-enable-cdm-c.patch + patches.suse/PCI-qcom-Set-up-rev-2.1.0-PARF_PHY-before-enabling-c.patch + patches.suse/PCI-qcom-Power-on-PHY-before-IPQ8074-DBI-register-ac.patch + patches.suse/PCI-tegra194-Fix-PM-error-handling-in-tegra_pcie_con.patch + patches.suse/PCI-tegra194-Fix-Root-Port-interrupt-handling.patch + patches.suse/PCI-tegra194-Fix-link-up-retry-sequence.patch + patches.suse/mmc-sdhci-of-esdhc-Fix-refcount-leak-in-esdhc_signal.patch + patches.suse/memstick-ms_block-Fix-some-incorrect-memory-allocati.patch + patches.suse/memstick-ms_block-Fix-a-memory-leak.patch + patches.suse/mmc-sdhci-of-at91-fix-set_uhs_signaling-rewriting-of.patch + patches.suse/mmc-cavium-octeon-Add-of_node_put-when-breaking-out-.patch + patches.suse/mmc-cavium-thunderx-Add-of_node_put-when-breaking-ou.patch patches.suse/scsi-qla2xxx-edif-reduce-initiator-initiator-thrashing.patch patches.suse/scsi-qla2xxx-edif-bsg-refactor.patch patches.suse/scsi-qla2xxx-edif-wait-for-app-to-ack-on-sess-down.patch @@ -56207,6 +56687,35 @@ patches.suse/scsi-qla2xxx-fix-losing-fcp-2-targets-on-long-port-disable-with.patch patches.suse/scsi-qla2xxx-fix-erroneous-mailbox-timeout-after-pci-error.patch patches.suse/scsi-qla2xxx-update-version-to-10.02.07.700-k.patch + patches.suse/scsi-qla2xxx-Check-correct-variable-in-qla24xx_async.patch + patches.suse/scsi-lpfc-Fix-uninitialized-cqe-field-in-lpfc_nvme_c.patch + patches.suse/scsi-lpfc-Prevent-buffer-overflow-crashes-in-debugfs.patch + patches.suse/scsi-lpfc-Set-PU-field-when-providing-D_ID-in-XMIT_E.patch + patches.suse/scsi-lpfc-Remove-extra-atomic_inc-on-cmd_pending-in-.patch + patches.suse/scsi-lpfc-Fix-possible-memory-leak-when-failing-to-i.patch + patches.suse/scsi-lpfc-Fix-attempted-FA-PWWN-usage-after-feature-.patch + patches.suse/scsi-lpfc-Fix-lost-NVMe-paths-during-LIF-bounce-stre.patch + patches.suse/scsi-lpfc-Revert-RSCN_MEMENTO-workaround-for-misbeha.patch + patches.suse/scsi-lpfc-Refactor-lpfc_nvmet_prep_abort_wqe-into-lp.patch + patches.suse/scsi-lpfc-Remove-Menlo-Hornet-related-code.patch + patches.suse/scsi-lpfc-Update-lpfc-version-to-14.2.0.5.patch + patches.suse/scsi-lpfc-Copyright-updates-for-14.2.0.5-patches.patch + patches.suse/scsi-qla2xxx-Fix-incorrect-display-of-max-frame-size.patch + patches.suse/scsi-qla2xxx-Zero-undefined-mailbox-IN-registers.patch + patches.suse/scsi-qla2xxx-Fix-response-queue-handler-reading-stal.patch + patches.suse/scsi-qla2xxx-edif-Fix-dropped-IKE-message.patch + patches.suse/scsi-qla2xxx-Fix-imbalance-vha-vref_count.patch + patches.suse/scsi-qla2xxx-Fix-discovery-issues-in-FC-AL-topology.patch + patches.suse/scsi-qla2xxx-Fix-sparse-warning-for-dport_data.patch + patches.suse/scsi-qla2xxx-Update-manufacturer-details.patch + patches.suse/scsi-qla2xxx-Update-version-to-10.02.07.800-k.patch + patches.suse/powerpc-mobility-wait-for-memory-transfer-to-complet.patch + patches.suse/watchdog-export-lockup_detector_reconfigure.patch + patches.suse/powerpc-watchdog-introduce-a-NMI-watchdog-s-factor.patch + patches.suse/powerpc-pseries-mobility-set-NMI-watchdog-factor-dur.patch + + # out-of-tree patches + patches.suse/random-fix-crash-on-multiple-early-calls-to-add_bootloader_randomness.patch ######################################################## # end of sorted patches @@ -56245,60 +56754,10 @@ patches.suse/SUNRPC-remove-scheduling-boost-for-SWAPPER-tasks.patch patches.suse/SUNRPC-xprt-async-tasks-mustn-t-block-waiting-for-me.patch patches.suse/VFS-filename_create-fix-incorrect-intent.patch - - # mmio - patches.suse/x86-speculation-mmio-Enumerate-Processor-MMIO-Stale-Data-bug.patch - patches.suse/x86-speculation-Add-a-common-function-for-MD_CLEAR-mitigation-update.patch - patches.suse/x86-speculation-mmio-Add-mitigation-for-Processor-MMIO-Stale-Data.patch - patches.suse/x86-bugs-Group-MDS-TAA-Processor-MMIO-Stale-Data-mitigations.patch - patches.suse/x86-speculation-mmio-Enable-CPU-Fill-buffer-clearing-on-idle.patch - patches.suse/x86-speculation-mmio-Add-sysfs-reporting-for-Processor-MMIO-Stale-Data.patch - patches.suse/x86-speculation-srbds-Update-SRBDS-mitigation-selection.patch - patches.suse/x86-speculation-mmio-Reuse-SRBDS-mitigation-for-SBDS.patch - patches.suse/KVM-x86-speculation-Disable-Fill-buffer-clear-within-guests.patch + patches.suse/nvme-consider-also-host_iface-when-checking-ip-options.patch patches.suse/ath9k-fix-use-after-free-in-ath9k_hif_usb_rx_cb.patch patches.suse/netfilter-nf_tables-stricter-validation-of-element-d.patch - # tip - patches.suse/x86-cpufeatures-Move-RETPOLINE-flags-to-word-11.patch - patches.suse/x86-retpoline-Use-mfunction-return.patch - patches.suse/x86-Undo-return-thunk-damage.patch - patches.suse/x86-bpf-Use-alternative-RET-encoding.patch - patches.suse/x86-kvm-Fix-SETcc-emulation-for-return-thunks.patch - patches.suse/x86-vsyscall_emu-64-Don-t-use-RET-in-vsyscall-emulation.patch - patches.suse/x86-sev-Avoid-using-__x86_return_thunk.patch - patches.suse/x86-Use-return-thunk-in-asm-code.patch - patches.suse/x86-Add-magic-AMD-return-thunk.patch - patches.suse/x86-bugs-Report-AMD-retbleed-vulnerability.patch - patches.suse/x86-bugs-Add-AMD-retbleed-boot-parameter.patch - patches.suse/x86-bugs-Enable-STIBP-for-JMP2RET.patch - patches.suse/x86-bugs-Keep-a-per-CPU-IA32_SPEC_CTRL-value.patch - patches.suse/x86-entry-add-kernel-ibrs-implementation.patch - patches.suse/x86-bugs-Optimize-SPEC_CTRL-MSR-writes.patch - patches.suse/x86-speculation-Add-spectre_v2-ibrs-option-to-support-Kern.patch - patches.suse/x86-bugs-Split-spectre_v2_select_mitigation-and-spectre_v2.patch - patches.suse/x86-bugs-Report-Intel-retbleed-vulnerability.patch - patches.suse/intel_idle-Disable-IBRS-during-long-idle.patch - patches.suse/x86-xen-Rename-SYS-entry-points.patch - patches.suse/x86-bugs-Add-retbleed-ibpb.patch - patches.suse/x86-bugs-Do-IBPB-fallback-check-only-once.patch - patches.suse/x86-cpu-amd-Add-Spectral-Chicken.patch - patches.suse/x86-speculation-Fix-firmware-entry-SPEC_CTRL-handling.patch - patches.suse/x86-speculation-Fix-SPEC_CTRL-write-on-SMT-state-change.patch - patches.suse/x86-speculation-Use-cached-host-SPEC_CTRL-value-for-guest-.patch - patches.suse/x86-speculation-Remove-x86_spec_ctrl_mask.patch - patches.suse/KVM-VMX-Flatten-__vmx_vcpu_run.patch - patches.suse/KVM-VMX-Convert-launched-argument-to-flags.patch - patches.suse/KVM-VMX-Prevent-guest-RSB-poisoning-attacks-with-eIBRS.patch - patches.suse/KVM-VMX-Fix-IBRS-handling-after-vmexit.patch - patches.suse/x86-speculation-Fill-RSB-on-vmexit-for-IBRS.patch - patches.suse/KVM-VMX-Prevent-RSB-underflow-before-vmenter.patch - patches.suse/x86-common-Stamp-out-the-stepping-madness.patch - patches.suse/x86-cpu-amd-Enumerate-BTC_NO.patch - patches.suse/x86-bugs-Add-Cannon-lake-to-RETBleed-affected-CPU-list.patch - patches.suse/x86-bugs-Do-not-enable-IBPB-on-entry-when-IBPB-is-not-supp.patch - patches.suse/x86-kexec-Disable-RET-on-kexec.patch - ######################################################## # kbuild/module infrastructure fixes ######################################################## @@ -56404,6 +56863,7 @@ ######################################################## # generic + patches.suse/io_uring-fix-fs-users-overflow.patch patches.suse/vfs-add-super_operations-get_inode_dev patches.suse/unsupported-features.patch patches.suse/procfs-add-tunable-for-fd-fdinfo-dentry-retention.patch @@ -56837,6 +57297,10 @@ patches.kabi/move-devm_allocate-to-end-of-structure-for-kABI.patch patches.kabi/kabi-nvme-workaround-header-include.patch patches.kabi/kABI-Fix-kABI-after-KVM-nVMX-handle-nested-posted-interrupts-when-apicv-.patch + patches.kabi/rtsx_usb-kABI-workaround.patch + patches.kabi/net-tun-fixup-kabi.patch + patches.kabi/kabi-create-module-private-struct-to-hold-btf-size-data.patch + patches.kabi/sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sys-kabi-workaround.patch ######################################################## # You'd better have a good reason for adding a patch