From c984fc41e1f1ba39d49d3f05f2d6aeed699bedd8 Mon Sep 17 00:00:00 2001 From: Mike Pagano Date: Fri, 3 Mar 2023 07:30:47 -0500 Subject: Linux patch 5.4.234 Signed-off-by: Mike Pagano --- 0000_README | 4 + 1233_linux-5.4.234.patch | 327 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 331 insertions(+) create mode 100644 1233_linux-5.4.234.patch diff --git a/0000_README b/0000_README index 7c529d2e..1b10c228 100644 --- a/0000_README +++ b/0000_README @@ -975,6 +975,10 @@ Patch: 1232_linux-5.4.233.patch From: https://www.kernel.org Desc: Linux 5.4.233 +Patch: 1233_linux-5.4.234.patch +From: https://www.kernel.org +Desc: Linux 5.4.234 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1233_linux-5.4.234.patch b/1233_linux-5.4.234.patch new file mode 100644 index 00000000..cbadd690 --- /dev/null +++ b/1233_linux-5.4.234.patch @@ -0,0 +1,327 @@ +diff --git a/Makefile b/Makefile +index 900a2864bfb76..7688832a51d28 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 5 + PATCHLEVEL = 4 +-SUBLEVEL = 233 ++SUBLEVEL = 234 + EXTRAVERSION = + NAME = Kleptomaniac Octopus + +diff --git a/arch/arm/boot/dts/rk3288.dtsi b/arch/arm/boot/dts/rk3288.dtsi +index 7dcafd0833ba8..3a7d375389d0e 100644 +--- a/arch/arm/boot/dts/rk3288.dtsi ++++ b/arch/arm/boot/dts/rk3288.dtsi +@@ -1188,6 +1188,7 @@ + clock-names = "dp", "pclk"; + phys = <&edp_phy>; + phy-names = "dp"; ++ power-domains = <&power RK3288_PD_VIO>; + resets = <&cru SRST_EDP>; + reset-names = "dp"; + rockchip,grf = <&grf>; +diff --git a/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts b/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts +index 6c3368f795ca3..fbd942b46c542 100644 +--- a/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts ++++ b/arch/arm64/boot/dts/rockchip/rk3328-roc-cc.dts +@@ -90,7 +90,6 @@ + linux,default-trigger = "heartbeat"; + gpios = <&rk805 1 GPIO_ACTIVE_LOW>; + default-state = "on"; +- mode = <0x23>; + }; + + user { +@@ -98,7 +97,6 @@ + linux,default-trigger = "mmc1"; + gpios = <&rk805 0 GPIO_ACTIVE_LOW>; + default-state = "off"; +- mode = <0x05>; + }; + }; + }; +diff --git a/drivers/acpi/nfit/core.c b/drivers/acpi/nfit/core.c +index 0fe4f3ed72ca4..793b8d9d749a0 100644 +--- a/drivers/acpi/nfit/core.c ++++ b/drivers/acpi/nfit/core.c +@@ -3599,8 +3599,8 @@ void acpi_nfit_shutdown(void *data) + + mutex_lock(&acpi_desc->init_mutex); + set_bit(ARS_CANCEL, &acpi_desc->scrub_flags); +- cancel_delayed_work_sync(&acpi_desc->dwork); + mutex_unlock(&acpi_desc->init_mutex); ++ cancel_delayed_work_sync(&acpi_desc->dwork); + + /* + * Bounce the nvdimm bus lock to make sure any in-flight +diff --git a/drivers/dma/sh/rcar-dmac.c b/drivers/dma/sh/rcar-dmac.c +index eba942441e382..10a8a6d4e8601 100644 +--- a/drivers/dma/sh/rcar-dmac.c ++++ b/drivers/dma/sh/rcar-dmac.c +@@ -1824,7 +1824,10 @@ static int rcar_dmac_probe(struct platform_device *pdev) + dmac->dev = &pdev->dev; + platform_set_drvdata(pdev, dmac); + dmac->dev->dma_parms = &dmac->parms; +- dma_set_max_seg_size(dmac->dev, RCAR_DMATCR_MASK); ++ ret = dma_set_max_seg_size(dmac->dev, RCAR_DMATCR_MASK); ++ if (ret) ++ return ret; ++ + ret = dma_set_mask_and_coherent(dmac->dev, DMA_BIT_MASK(40)); + if (ret) + return ret; +diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c +index 2888bd5502f3f..0c8075d9717cb 100644 +--- a/drivers/hid/hid-core.c ++++ b/drivers/hid/hid-core.c +@@ -1190,6 +1190,7 @@ int hid_open_report(struct hid_device *device) + __u8 *end; + __u8 *next; + int ret; ++ int i; + static int (*dispatch_type[])(struct hid_parser *parser, + struct hid_item *item) = { + hid_parser_main, +@@ -1240,6 +1241,8 @@ int hid_open_report(struct hid_device *device) + goto err; + } + device->collection_size = HID_DEFAULT_NUM_COLLECTIONS; ++ for (i = 0; i < HID_DEFAULT_NUM_COLLECTIONS; i++) ++ device->collection[i].parent_idx = -1; + + ret = -EINVAL; + while ((next = fetch_item(start, end, &item)) != NULL) { +diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b/drivers/infiniband/hw/hfi1/user_exp_rcv.c +index e7daa65589ab9..6c1d36b2e2a74 100644 +--- a/drivers/infiniband/hw/hfi1/user_exp_rcv.c ++++ b/drivers/infiniband/hw/hfi1/user_exp_rcv.c +@@ -215,16 +215,11 @@ static void unpin_rcv_pages(struct hfi1_filedata *fd, + static int pin_rcv_pages(struct hfi1_filedata *fd, struct tid_user_buf *tidbuf) + { + int pinned; +- unsigned int npages; ++ unsigned int npages = tidbuf->npages; + unsigned long vaddr = tidbuf->vaddr; + struct page **pages = NULL; + struct hfi1_devdata *dd = fd->uctxt->dd; + +- /* Get the number of pages the user buffer spans */ +- npages = num_user_pages(vaddr, tidbuf->length); +- if (!npages) +- return -EINVAL; +- + if (npages > fd->uctxt->expected_count) { + dd_dev_err(dd, "Expected buffer too big\n"); + return -EINVAL; +@@ -258,7 +253,6 @@ static int pin_rcv_pages(struct hfi1_filedata *fd, struct tid_user_buf *tidbuf) + return pinned; + } + tidbuf->pages = pages; +- tidbuf->npages = npages; + fd->tid_n_pinned += pinned; + return pinned; + } +@@ -334,6 +328,7 @@ int hfi1_user_exp_rcv_setup(struct hfi1_filedata *fd, + + tidbuf->vaddr = tinfo->vaddr; + tidbuf->length = tinfo->length; ++ tidbuf->npages = num_user_pages(tidbuf->vaddr, tidbuf->length); + tidbuf->psets = kcalloc(uctxt->expected_count, sizeof(*tidbuf->psets), + GFP_KERNEL); + if (!tidbuf->psets) { +diff --git a/drivers/tty/vt/vc_screen.c b/drivers/tty/vt/vc_screen.c +index e61fd04a0d8d0..eb7208f07345d 100644 +--- a/drivers/tty/vt/vc_screen.c ++++ b/drivers/tty/vt/vc_screen.c +@@ -284,10 +284,11 @@ vcs_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) + ssize_t orig_count; + long p = pos; + +- ret = -ENXIO; + vc = vcs_vc(inode, &viewed); +- if (!vc) +- goto unlock_out; ++ if (!vc) { ++ ret = -ENXIO; ++ break; ++ } + + /* Check whether we are above size each round, + * as copy_to_user at the end of this loop +diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c +index 549bf04f29b27..f787e9771b1f4 100644 +--- a/drivers/usb/core/hub.c ++++ b/drivers/usb/core/hub.c +@@ -2379,9 +2379,8 @@ static int usb_enumerate_device_otg(struct usb_device *udev) + * usb_enumerate_device - Read device configs/intfs/otg (usbcore-internal) + * @udev: newly addressed device (in ADDRESS state) + * +- * This is only called by usb_new_device() and usb_authorize_device() +- * and FIXME -- all comments that apply to them apply here wrt to +- * environment. ++ * This is only called by usb_new_device() -- all comments that apply there ++ * apply here wrt to environment. + * + * If the device is WUSB and not authorized, we don't attempt to read + * the string descriptors, as they will be errored out by the device +diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c +index 2f594c88d9058..f19694e69f5c3 100644 +--- a/drivers/usb/core/sysfs.c ++++ b/drivers/usb/core/sysfs.c +@@ -889,11 +889,7 @@ read_descriptors(struct file *filp, struct kobject *kobj, + size_t srclen, n; + int cfgno; + void *src; +- int retval; + +- retval = usb_lock_device_interruptible(udev); +- if (retval < 0) +- return -EINTR; + /* The binary attribute begins with the device descriptor. + * Following that are the raw descriptor entries for all the + * configurations (config plus subsidiary descriptors). +@@ -918,7 +914,6 @@ read_descriptors(struct file *filp, struct kobject *kobj, + off -= srclen; + } + } +- usb_unlock_device(udev); + return count - nleft; + } + +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 159b01b9e1727..c1839091edf5c 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -402,6 +402,8 @@ static void option_instat_callback(struct urb *urb); + #define LONGCHEER_VENDOR_ID 0x1c9e + + /* 4G Systems products */ ++/* This one was sold as the VW and Skoda "Carstick LTE" */ ++#define FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE 0x7605 + /* This is the 4G XS Stick W14 a.k.a. Mobilcom Debitel Surf-Stick * + * It seems to contain a Qualcomm QSC6240/6290 chipset */ + #define FOUR_G_SYSTEMS_PRODUCT_W14 0x9603 +@@ -1976,6 +1978,8 @@ static const struct usb_device_id option_ids[] = { + .driver_info = RSVD(2) }, + { USB_DEVICE(AIRPLUS_VENDOR_ID, AIRPLUS_PRODUCT_MCD650) }, + { USB_DEVICE(TLAYTECH_VENDOR_ID, TLAYTECH_PRODUCT_TEU800) }, ++ { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_CARSTICK_LTE), ++ .driver_info = RSVD(0) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W14), + .driver_info = NCTRL(0) | NCTRL(1) }, + { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W100), +diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c +index fb1996980d265..97417b5569a98 100644 +--- a/fs/btrfs/send.c ++++ b/fs/btrfs/send.c +@@ -7347,10 +7347,10 @@ long btrfs_ioctl_send(struct file *mnt_file, struct btrfs_ioctl_send_args *arg) + /* + * Check that we don't overflow at later allocations, we request + * clone_sources_count + 1 items, and compare to unsigned long inside +- * access_ok. ++ * access_ok. Also set an upper limit for allocation size so this can't ++ * easily exhaust memory. Max number of clone sources is about 200K. + */ +- if (arg->clone_sources_count > +- ULONG_MAX / sizeof(struct clone_root) - 1) { ++ if (arg->clone_sources_count > SZ_8M / sizeof(struct clone_root)) { + ret = -EINVAL; + goto out; + } +diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c +index 8fa98c62c4fcf..53f19ee5642f4 100644 +--- a/net/caif/caif_socket.c ++++ b/net/caif/caif_socket.c +@@ -1022,6 +1022,7 @@ static void caif_sock_destructor(struct sock *sk) + return; + } + sk_stream_kill_queues(&cf_sk->sk); ++ WARN_ON(sk->sk_forward_alloc); + caif_free_client(&cf_sk->layer); + } + +diff --git a/net/core/filter.c b/net/core/filter.c +index 051b9710d7b5e..d866e1c5970cc 100644 +--- a/net/core/filter.c ++++ b/net/core/filter.c +@@ -4732,7 +4732,7 @@ static int bpf_ipv4_fib_lookup(struct net *net, struct bpf_fib_lookup *params, + neigh = __ipv6_neigh_lookup_noref_stub(dev, dst); + } + +- if (!neigh) ++ if (!neigh || !(neigh->nud_state & NUD_VALID)) + return BPF_FIB_LKUP_RET_NO_NEIGH; + + return bpf_fib_set_fwd_params(params, neigh, dev); +@@ -4845,7 +4845,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params, + * not needed here. + */ + neigh = __ipv6_neigh_lookup_noref_stub(dev, dst); +- if (!neigh) ++ if (!neigh || !(neigh->nud_state & NUD_VALID)) + return BPF_FIB_LKUP_RET_NO_NEIGH; + + return bpf_fib_set_fwd_params(params, neigh, dev); +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index 67820219e3b60..ed754217cd1cc 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -242,7 +242,7 @@ static int neigh_forced_gc(struct neigh_table *tbl) + (n->nud_state == NUD_NOARP) || + (tbl->is_multicast && + tbl->is_multicast(n->primary_key)) || +- time_after(tref, n->updated)) ++ !time_in_range(n->updated, tref, jiffies)) + remove = true; + write_unlock(&n->lock); + +@@ -262,7 +262,17 @@ static int neigh_forced_gc(struct neigh_table *tbl) + + static void neigh_add_timer(struct neighbour *n, unsigned long when) + { ++ /* Use safe distance from the jiffies - LONG_MAX point while timer ++ * is running in DELAY/PROBE state but still show to user space ++ * large times in the past. ++ */ ++ unsigned long mint = jiffies - (LONG_MAX - 86400 * HZ); ++ + neigh_hold(n); ++ if (!time_in_range(n->confirmed, mint, jiffies)) ++ n->confirmed = mint; ++ if (time_before(n->used, n->confirmed)) ++ n->used = n->confirmed; + if (unlikely(mod_timer(&n->timer, when))) { + printk("NEIGH: BUG, double timer add, state is %x\n", + n->nud_state); +@@ -948,12 +958,14 @@ static void neigh_periodic_work(struct work_struct *work) + goto next_elt; + } + +- if (time_before(n->used, n->confirmed)) ++ if (time_before(n->used, n->confirmed) && ++ time_is_before_eq_jiffies(n->confirmed)) + n->used = n->confirmed; + + if (refcount_read(&n->refcnt) == 1 && + (state == NUD_FAILED || +- time_after(jiffies, n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { ++ !time_in_range_open(jiffies, n->used, ++ n->used + NEIGH_VAR(n->parms, GC_STALETIME)))) { + *np = n->next; + neigh_mark_dead(n); + write_unlock(&n->lock); +diff --git a/net/core/stream.c b/net/core/stream.c +index d7c5413d16d57..cd60746877b1e 100644 +--- a/net/core/stream.c ++++ b/net/core/stream.c +@@ -209,7 +209,6 @@ void sk_stream_kill_queues(struct sock *sk) + sk_mem_reclaim(sk); + + WARN_ON(sk->sk_wmem_queued); +- WARN_ON(sk->sk_forward_alloc); + + /* It is _impossible_ for the backlog to contain anything + * when we get here. All user references to this socket -- cgit v1.2.3-65-gdbad