commit: 31261c1d5923f7915b28bbf7fcedc686dae45266 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Sat Jul 27 13:47:18 2024 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Sat Jul 27 13:47:18 2024 +0000 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=31261c1d
Linux patch 6.1.102 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org> 0000_README | 4 + 1101_linux-6.1.102.patch | 433 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 437 insertions(+) diff --git a/0000_README b/0000_README index ad9ca363..2afa5cc7 100644 --- a/0000_README +++ b/0000_README @@ -447,6 +447,10 @@ Patch: 1100_linux-6.1.101.patch From: https://www.kernel.org Desc: Linux 6.1.101 +Patch: 1101_linux-6.1.102.patch +From: https://www.kernel.org +Desc: Linux 6.1.102 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1101_linux-6.1.102.patch b/1101_linux-6.1.102.patch new file mode 100644 index 00000000..5a6129d9 --- /dev/null +++ b/1101_linux-6.1.102.patch @@ -0,0 +1,433 @@ +diff --git a/Makefile b/Makefile +index c2dc43c862dbf..00ec5357bc78d 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,7 +1,7 @@ + # SPDX-License-Identifier: GPL-2.0 + VERSION = 6 + PATCHLEVEL = 1 +-SUBLEVEL = 101 ++SUBLEVEL = 102 + EXTRAVERSION = + NAME = Curry Ramen + +diff --git a/arch/arm64/boot/dts/qcom/ipq6018.dtsi b/arch/arm64/boot/dts/qcom/ipq6018.dtsi +index 1533c61cb106c..3a943912b090b 100644 +--- a/arch/arm64/boot/dts/qcom/ipq6018.dtsi ++++ b/arch/arm64/boot/dts/qcom/ipq6018.dtsi +@@ -760,6 +760,7 @@ dwc_0: usb@8a00000 { + clocks = <&xo>; + clock-names = "ref"; + tx-fifo-resize; ++ snps,parkmode-disable-ss-quirk; + snps,is-utmi-l1-suspend; + snps,hird-threshold = /bits/ 8 <0x0>; + snps,dis_u2_susphy_quirk; +diff --git a/arch/arm64/boot/dts/qcom/msm8996.dtsi b/arch/arm64/boot/dts/qcom/msm8996.dtsi +index 789121171a110..986a5b5c05e48 100644 +--- a/arch/arm64/boot/dts/qcom/msm8996.dtsi ++++ b/arch/arm64/boot/dts/qcom/msm8996.dtsi +@@ -3004,6 +3004,7 @@ usb3_dwc3: usb@6a00000 { + snps,dis_u2_susphy_quirk; + snps,dis_enblslpm_quirk; + snps,is-utmi-l1-suspend; ++ snps,parkmode-disable-ss-quirk; + tx-fifo-resize; + }; + }; +diff --git a/arch/arm64/boot/dts/qcom/sdm630.dtsi b/arch/arm64/boot/dts/qcom/sdm630.dtsi +index 2430549265d3f..75ddebebb8fc1 100644 +--- a/arch/arm64/boot/dts/qcom/sdm630.dtsi ++++ b/arch/arm64/boot/dts/qcom/sdm630.dtsi +@@ -1243,6 +1243,7 @@ usb3_dwc3: usb@a800000 { + interrupts = <GIC_SPI 131 IRQ_TYPE_LEVEL_HIGH>; + snps,dis_u2_susphy_quirk; + snps,dis_enblslpm_quirk; ++ snps,parkmode-disable-ss-quirk; + + /* + * SDM630 technically supports USB3 but I +diff --git a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c +index 68cdb6682776a..b19353412d8a1 100644 +--- a/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c ++++ b/drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c +@@ -2045,7 +2045,7 @@ static int sdma_v4_0_process_trap_irq(struct amdgpu_device *adev, + struct amdgpu_irq_src *source, + struct amdgpu_iv_entry *entry) + { +- uint32_t instance; ++ int instance; + + DRM_DEBUG("IH: SDMA trap\n"); + instance = sdma_v4_0_irq_id_to_seq(entry->client_id); +diff --git a/drivers/net/tap.c b/drivers/net/tap.c +index 8c010857e6d70..f8e7b163810de 100644 +--- a/drivers/net/tap.c ++++ b/drivers/net/tap.c +@@ -1156,6 +1156,11 @@ static int tap_get_user_xdp(struct tap_queue *q, struct xdp_buff *xdp) + struct sk_buff *skb; + int err, depth; + ++ if (unlikely(xdp->data_end - xdp->data < ETH_HLEN)) { ++ err = -EINVAL; ++ goto err; ++ } ++ + if (q->flags & IFF_VNET_HDR) + vnet_hdr_len = READ_ONCE(q->vnet_hdr_sz); + +diff --git a/drivers/net/tun.c b/drivers/net/tun.c +index 4af1ba5d074c0..ea98d93138c12 100644 +--- a/drivers/net/tun.c ++++ b/drivers/net/tun.c +@@ -2448,6 +2448,9 @@ static int tun_xdp_one(struct tun_struct *tun, + bool skb_xdp = false; + struct page *page; + ++ if (unlikely(datasize < ETH_HLEN)) ++ return -EINVAL; ++ + xdp_prog = rcu_dereference(tun->xdp_prog); + if (xdp_prog) { + if (gso->gso_type) { +diff --git a/fs/btrfs/transaction.c b/fs/btrfs/transaction.c +index a7853a3a57190..604241e6e2c1e 100644 +--- a/fs/btrfs/transaction.c ++++ b/fs/btrfs/transaction.c +@@ -1701,7 +1701,10 @@ static noinline int create_pending_snapshot(struct btrfs_trans_handle *trans, + * insert the directory item + */ + ret = btrfs_set_inode_index(BTRFS_I(parent_inode), &index); +- BUG_ON(ret); /* -ENOMEM */ ++ if (ret) { ++ btrfs_abort_transaction(trans, ret); ++ goto fail; ++ } + + /* check if there is a file/dir which has the same name. */ + dir_item = btrfs_lookup_dir_item(NULL, parent_root, path, +diff --git a/fs/f2fs/super.c b/fs/f2fs/super.c +index 6bd8c231069ad..2d586a6bfe5fa 100644 +--- a/fs/f2fs/super.c ++++ b/fs/f2fs/super.c +@@ -2824,15 +2824,26 @@ static int f2fs_quota_on(struct super_block *sb, int type, int format_id, + return -EBUSY; + } + ++ if (path->dentry->d_sb != sb) ++ return -EXDEV; ++ + err = f2fs_quota_sync(sb, type); + if (err) + return err; + +- err = dquot_quota_on(sb, type, format_id, path); ++ inode = d_inode(path->dentry); ++ ++ err = filemap_fdatawrite(inode->i_mapping); + if (err) + return err; + +- inode = d_inode(path->dentry); ++ err = filemap_fdatawait(inode->i_mapping); ++ if (err) ++ return err; ++ ++ err = dquot_quota_on(sb, type, format_id, path); ++ if (err) ++ return err; + + inode_lock(inode); + F2FS_I(inode)->i_flags |= F2FS_NOATIME_FL | F2FS_IMMUTABLE_FL; +diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c +index 07df16ce80064..8ef8dfc3c1944 100644 +--- a/fs/jfs/xattr.c ++++ b/fs/jfs/xattr.c +@@ -797,7 +797,7 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, + size_t buf_size) + { + struct jfs_ea_list *ealist; +- struct jfs_ea *ea; ++ struct jfs_ea *ea, *ealist_end; + struct ea_buffer ea_buf; + int xattr_size; + ssize_t size; +@@ -817,9 +817,16 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, + goto not_found; + + ealist = (struct jfs_ea_list *) ea_buf.xattr; ++ ealist_end = END_EALIST(ealist); + + /* Find the named attribute */ +- for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) ++ for (ea = FIRST_EA(ealist); ea < ealist_end; ea = NEXT_EA(ea)) { ++ if (unlikely(ea + 1 > ealist_end) || ++ unlikely(NEXT_EA(ea) > ealist_end)) { ++ size = -EUCLEAN; ++ goto release; ++ } ++ + if ((namelen == ea->namelen) && + memcmp(name, ea->name, namelen) == 0) { + /* Found it */ +@@ -834,6 +841,7 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data, + memcpy(data, value, size); + goto release; + } ++ } + not_found: + size = -ENODATA; + release: +@@ -861,7 +869,7 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) + ssize_t size = 0; + int xattr_size; + struct jfs_ea_list *ealist; +- struct jfs_ea *ea; ++ struct jfs_ea *ea, *ealist_end; + struct ea_buffer ea_buf; + + down_read(&JFS_IP(inode)->xattr_sem); +@@ -876,9 +884,16 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size) + goto release; + + ealist = (struct jfs_ea_list *) ea_buf.xattr; ++ ealist_end = END_EALIST(ealist); + + /* compute required size of list */ +- for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) { ++ for (ea = FIRST_EA(ealist); ea < ealist_end; ea = NEXT_EA(ea)) { ++ if (unlikely(ea + 1 > ealist_end) || ++ unlikely(NEXT_EA(ea) > ealist_end)) { ++ size = -EUCLEAN; ++ goto release; ++ } ++ + if (can_list(ea)) + size += name_size(ea) + 1; + } +diff --git a/fs/locks.c b/fs/locks.c +index 5aa574fec3026..9495a55f6347d 100644 +--- a/fs/locks.c ++++ b/fs/locks.c +@@ -2516,8 +2516,9 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd, + error = do_lock_file_wait(filp, cmd, file_lock); + + /* +- * Attempt to detect a close/fcntl race and recover by releasing the +- * lock that was just acquired. There is no need to do that when we're ++ * Detect close/fcntl races and recover by zapping all POSIX locks ++ * associated with this file and our files_struct, just like on ++ * filp_flush(). There is no need to do that when we're + * unlocking though, or for OFD locks. + */ + if (!error && file_lock->fl_type != F_UNLCK && +@@ -2532,9 +2533,7 @@ int fcntl_setlk64(unsigned int fd, struct file *filp, unsigned int cmd, + f = files_lookup_fd_locked(files, fd); + spin_unlock(&files->file_lock); + if (f != filp) { +- file_lock->fl_type = F_UNLCK; +- error = do_lock_file_wait(filp, cmd, file_lock); +- WARN_ON_ONCE(error); ++ locks_remove_posix(filp, files); + error = -EBADF; + } + } +diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c +index a2d5b2a94d854..6d0d9b1c3b2e7 100644 +--- a/fs/ntfs3/fslog.c ++++ b/fs/ntfs3/fslog.c +@@ -724,7 +724,8 @@ static bool check_rstbl(const struct RESTART_TABLE *rt, size_t bytes) + + if (!rsize || rsize > bytes || + rsize + sizeof(struct RESTART_TABLE) > bytes || bytes < ts || +- le16_to_cpu(rt->total) > ne || ff > ts || lf > ts || ++ le16_to_cpu(rt->total) > ne || ++ ff > ts - sizeof(__le32) || lf > ts - sizeof(__le32) || + (ff && ff < sizeof(struct RESTART_TABLE)) || + (lf && lf < sizeof(struct RESTART_TABLE))) { + return false; +@@ -754,6 +755,9 @@ static bool check_rstbl(const struct RESTART_TABLE *rt, size_t bytes) + return false; + + off = le32_to_cpu(*(__le32 *)Add2Ptr(rt, off)); ++ ++ if (off > ts - sizeof(__le32)) ++ return false; + } + + return true; +diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c +index 694471fc46b82..d27e15b54be4b 100644 +--- a/fs/ocfs2/dir.c ++++ b/fs/ocfs2/dir.c +@@ -294,13 +294,16 @@ static void ocfs2_dx_dir_name_hash(struct inode *dir, const char *name, int len, + * bh passed here can be an inode block or a dir data block, depending + * on the inode inline data flag. + */ +-static int ocfs2_check_dir_entry(struct inode * dir, +- struct ocfs2_dir_entry * de, +- struct buffer_head * bh, ++static int ocfs2_check_dir_entry(struct inode *dir, ++ struct ocfs2_dir_entry *de, ++ struct buffer_head *bh, ++ char *buf, ++ unsigned int size, + unsigned long offset) + { + const char *error_msg = NULL; + const int rlen = le16_to_cpu(de->rec_len); ++ const unsigned long next_offset = ((char *) de - buf) + rlen; + + if (unlikely(rlen < OCFS2_DIR_REC_LEN(1))) + error_msg = "rec_len is smaller than minimal"; +@@ -308,9 +311,11 @@ static int ocfs2_check_dir_entry(struct inode * dir, + error_msg = "rec_len % 4 != 0"; + else if (unlikely(rlen < OCFS2_DIR_REC_LEN(de->name_len))) + error_msg = "rec_len is too small for name_len"; +- else if (unlikely( +- ((char *) de - bh->b_data) + rlen > dir->i_sb->s_blocksize)) +- error_msg = "directory entry across blocks"; ++ else if (unlikely(next_offset > size)) ++ error_msg = "directory entry overrun"; ++ else if (unlikely(next_offset > size - OCFS2_DIR_REC_LEN(1)) && ++ next_offset != size) ++ error_msg = "directory entry too close to end"; + + if (unlikely(error_msg != NULL)) + mlog(ML_ERROR, "bad entry in directory #%llu: %s - " +@@ -352,16 +357,17 @@ static inline int ocfs2_search_dirblock(struct buffer_head *bh, + de_buf = first_de; + dlimit = de_buf + bytes; + +- while (de_buf < dlimit) { ++ while (de_buf < dlimit - OCFS2_DIR_MEMBER_LEN) { + /* this code is executed quadratically often */ + /* do minimal checking `by hand' */ + + de = (struct ocfs2_dir_entry *) de_buf; + +- if (de_buf + namelen <= dlimit && ++ if (de->name + namelen <= dlimit && + ocfs2_match(namelen, name, de)) { + /* found a match - just to be sure, do a full check */ +- if (!ocfs2_check_dir_entry(dir, de, bh, offset)) { ++ if (!ocfs2_check_dir_entry(dir, de, bh, first_de, ++ bytes, offset)) { + ret = -1; + goto bail; + } +@@ -1138,7 +1144,7 @@ static int __ocfs2_delete_entry(handle_t *handle, struct inode *dir, + pde = NULL; + de = (struct ocfs2_dir_entry *) first_de; + while (i < bytes) { +- if (!ocfs2_check_dir_entry(dir, de, bh, i)) { ++ if (!ocfs2_check_dir_entry(dir, de, bh, first_de, bytes, i)) { + status = -EIO; + mlog_errno(status); + goto bail; +@@ -1638,7 +1644,8 @@ int __ocfs2_add_entry(handle_t *handle, + /* These checks should've already been passed by the + * prepare function, but I guess we can leave them + * here anyway. */ +- if (!ocfs2_check_dir_entry(dir, de, insert_bh, offset)) { ++ if (!ocfs2_check_dir_entry(dir, de, insert_bh, data_start, ++ size, offset)) { + retval = -ENOENT; + goto bail; + } +@@ -1776,7 +1783,8 @@ static int ocfs2_dir_foreach_blk_id(struct inode *inode, + } + + de = (struct ocfs2_dir_entry *) (data->id_data + ctx->pos); +- if (!ocfs2_check_dir_entry(inode, de, di_bh, ctx->pos)) { ++ if (!ocfs2_check_dir_entry(inode, de, di_bh, (char *)data->id_data, ++ i_size_read(inode), ctx->pos)) { + /* On error, skip the f_pos to the end. */ + ctx->pos = i_size_read(inode); + break; +@@ -1869,7 +1877,8 @@ static int ocfs2_dir_foreach_blk_el(struct inode *inode, + while (ctx->pos < i_size_read(inode) + && offset < sb->s_blocksize) { + de = (struct ocfs2_dir_entry *) (bh->b_data + offset); +- if (!ocfs2_check_dir_entry(inode, de, bh, offset)) { ++ if (!ocfs2_check_dir_entry(inode, de, bh, bh->b_data, ++ sb->s_blocksize, offset)) { + /* On error, skip the f_pos to the + next block. */ + ctx->pos = (ctx->pos | (sb->s_blocksize - 1)) + 1; +@@ -3341,7 +3350,7 @@ static int ocfs2_find_dir_space_id(struct inode *dir, struct buffer_head *di_bh, + struct super_block *sb = dir->i_sb; + struct ocfs2_dinode *di = (struct ocfs2_dinode *)di_bh->b_data; + struct ocfs2_dir_entry *de, *last_de = NULL; +- char *de_buf, *limit; ++ char *first_de, *de_buf, *limit; + unsigned long offset = 0; + unsigned int rec_len, new_rec_len, free_space; + +@@ -3354,14 +3363,16 @@ static int ocfs2_find_dir_space_id(struct inode *dir, struct buffer_head *di_bh, + else + free_space = dir->i_sb->s_blocksize - i_size_read(dir); + +- de_buf = di->id2.i_data.id_data; ++ first_de = di->id2.i_data.id_data; ++ de_buf = first_de; + limit = de_buf + i_size_read(dir); + rec_len = OCFS2_DIR_REC_LEN(namelen); + + while (de_buf < limit) { + de = (struct ocfs2_dir_entry *)de_buf; + +- if (!ocfs2_check_dir_entry(dir, de, di_bh, offset)) { ++ if (!ocfs2_check_dir_entry(dir, de, di_bh, first_de, ++ i_size_read(dir), offset)) { + ret = -ENOENT; + goto out; + } +@@ -3443,7 +3454,8 @@ static int ocfs2_find_dir_space_el(struct inode *dir, const char *name, + /* move to next block */ + de = (struct ocfs2_dir_entry *) bh->b_data; + } +- if (!ocfs2_check_dir_entry(dir, de, bh, offset)) { ++ if (!ocfs2_check_dir_entry(dir, de, bh, bh->b_data, blocksize, ++ offset)) { + status = -ENOENT; + goto bail; + } +diff --git a/sound/core/pcm_dmaengine.c b/sound/core/pcm_dmaengine.c +index e299e8634751f..62489677f3947 100644 +--- a/sound/core/pcm_dmaengine.c ++++ b/sound/core/pcm_dmaengine.c +@@ -352,8 +352,12 @@ EXPORT_SYMBOL_GPL(snd_dmaengine_pcm_open_request_chan); + int snd_dmaengine_pcm_sync_stop(struct snd_pcm_substream *substream) + { + struct dmaengine_pcm_runtime_data *prtd = substream_to_prtd(substream); ++ struct dma_tx_state state; ++ enum dma_status status; + +- dmaengine_synchronize(prtd->dma_chan); ++ status = dmaengine_tx_status(prtd->dma_chan, prtd->cookie, &state); ++ if (status != DMA_PAUSED) ++ dmaengine_synchronize(prtd->dma_chan); + + return 0; + } +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c +index 66b8adb2069af..e0df44bfda4e6 100644 +--- a/sound/pci/hda/patch_realtek.c ++++ b/sound/pci/hda/patch_realtek.c +@@ -9928,6 +9928,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x10cf, 0x1845, "Lifebook U904", ALC269_FIXUP_LIFEBOOK_EXTMIC), + SND_PCI_QUIRK(0x10ec, 0x10f2, "Intel Reference board", ALC700_FIXUP_INTEL_REFERENCE), + SND_PCI_QUIRK(0x10ec, 0x118c, "Medion EE4254 MD62100", ALC256_FIXUP_MEDION_HEADSET_NO_PRESENCE), ++ SND_PCI_QUIRK(0x10ec, 0x119e, "Positivo SU C1400", ALC269_FIXUP_ASPIRE_HEADSET_MIC), + SND_PCI_QUIRK(0x10ec, 0x11bc, "VAIO VJFE-IL", ALC269_FIXUP_LIMIT_INT_MIC_BOOST), + SND_PCI_QUIRK(0x10ec, 0x1230, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK), + SND_PCI_QUIRK(0x10ec, 0x124c, "Intel Reference board", ALC295_FIXUP_CHROME_BOOK), +@@ -9941,6 +9942,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = { + SND_PCI_QUIRK(0x144d, 0xc189, "Samsung Galaxy Flex Book (NT950QCG-X716)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x144d, 0xc18a, "Samsung Galaxy Book Ion (NP930XCJ-K01US)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x144d, 0xc1a3, "Samsung Galaxy Book Pro (NP935XDB-KC1SE)", ALC298_FIXUP_SAMSUNG_AMP), ++ SND_PCI_QUIRK(0x144d, 0xc1a4, "Samsung Galaxy Book Pro 360 (NT935QBD)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x144d, 0xc1a6, "Samsung Galaxy Book Pro 360 (NP930QBD)", ALC298_FIXUP_SAMSUNG_AMP), + SND_PCI_QUIRK(0x144d, 0xc740, "Samsung Ativ book 8 (NP870Z5G)", ALC269_FIXUP_ATIV_BOOK_8), + SND_PCI_QUIRK(0x144d, 0xc812, "Samsung Notebook Pen S (NT950SBE-X58)", ALC298_FIXUP_SAMSUNG_AMP),
