--- /dev/null
+From e35ac9d0b56e9efefaeeb84b635ea26c2839ea86 Mon Sep 17 00:00:00 2001
+From: Mark Brown <broonie@kernel.org>
+Date: Thu, 9 Sep 2021 17:53:56 +0100
+Subject: arm64/sve: Use correct size when reinitialising SVE state
+
+From: Mark Brown <broonie@kernel.org>
+
+commit e35ac9d0b56e9efefaeeb84b635ea26c2839ea86 upstream.
+
+When we need a buffer for SVE register state we call sve_alloc() to make
+sure that one is there. In order to avoid repeated allocations and frees
+we keep the buffer around unless we change vector length and just memset()
+it to ensure a clean register state. The function that deals with this
+takes the task to operate on as an argument, however in the case where we
+do a memset() we initialise using the SVE state size for the current task
+rather than the task passed as an argument.
+
+This is only an issue in the case where we are setting the register state
+for a task via ptrace and the task being configured has a different vector
+length to the task tracing it. In the case where the buffer is larger in
+the traced process we will leak old state from the traced process to
+itself, in the case where the buffer is smaller in the traced process we
+will overflow the buffer and corrupt memory.
+
+Fixes: bc0ee4760364 ("arm64/sve: Core task context handling")
+Cc: <stable@vger.kernel.org> # 4.15.x
+Signed-off-by: Mark Brown <broonie@kernel.org>
+Link: https://lore.kernel.org/r/20210909165356.10675-1-broonie@kernel.org
+Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arm64/kernel/fpsimd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arm64/kernel/fpsimd.c
++++ b/arch/arm64/kernel/fpsimd.c
+@@ -434,7 +434,7 @@ size_t sve_state_size(struct task_struct
+ void sve_alloc(struct task_struct *task)
+ {
+ if (task->thread.sve_state) {
+- memset(task->thread.sve_state, 0, sve_state_size(current));
++ memset(task->thread.sve_state, 0, sve_state_size(task));
+ return;
+ }
+
--- /dev/null
+From 52ce14c134a003fee03d8fc57442c05a55b53715 Mon Sep 17 00:00:00 2001
+From: Adrian Bunk <bunk@kernel.org>
+Date: Sun, 12 Sep 2021 22:05:23 +0300
+Subject: bnx2x: Fix enabling network interfaces without VFs
+
+From: Adrian Bunk <bunk@kernel.org>
+
+commit 52ce14c134a003fee03d8fc57442c05a55b53715 upstream.
+
+This function is called to enable SR-IOV when available,
+not enabling interfaces without VFs was a regression.
+
+Fixes: 65161c35554f ("bnx2x: Fix missing error code in bnx2x_iov_init_one()")
+Signed-off-by: Adrian Bunk <bunk@kernel.org>
+Reported-by: YunQiang Su <wzssyqa@gmail.com>
+Tested-by: YunQiang Su <wzssyqa@gmail.com>
+Cc: stable@vger.kernel.org
+Acked-by: Shai Malin <smalin@marvell.com>
+Link: https://lore.kernel.org/r/20210912190523.27991-1-bunk@kernel.org
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c
+@@ -1245,7 +1245,7 @@ int bnx2x_iov_init_one(struct bnx2x *bp,
+
+ /* SR-IOV capability was enabled but there are no VFs*/
+ if (iov->total == 0) {
+- err = -EINVAL;
++ err = 0;
+ goto failed;
+ }
+
--- /dev/null
+From 3a653b205f29b3f9827a01a0c88bfbcb0d169494 Mon Sep 17 00:00:00 2001
+From: Ye Bin <yebin10@huawei.com>
+Date: Tue, 1 Sep 2020 14:25:44 +0800
+Subject: dm thin metadata: Fix use-after-free in dm_bm_set_read_only
+
+From: Ye Bin <yebin10@huawei.com>
+
+commit 3a653b205f29b3f9827a01a0c88bfbcb0d169494 upstream.
+
+The following error ocurred when testing disk online/offline:
+
+[ 301.798344] device-mapper: thin: 253:5: aborting current metadata transaction
+[ 301.848441] device-mapper: thin: 253:5: failed to abort metadata transaction
+[ 301.849206] Aborting journal on device dm-26-8.
+[ 301.850489] EXT4-fs error (device dm-26) in __ext4_new_inode:943: Journal has aborted
+[ 301.851095] EXT4-fs (dm-26): Delayed block allocation failed for inode 398742 at logical offset 181 with max blocks 19 with error 30
+[ 301.854476] BUG: KASAN: use-after-free in dm_bm_set_read_only+0x3a/0x40 [dm_persistent_data]
+
+Reason is:
+
+ metadata_operation_failed
+ abort_transaction
+ dm_pool_abort_metadata
+ __create_persistent_data_objects
+ r = __open_or_format_metadata
+ if (r) --> If failed will free pmd->bm but pmd->bm not set NULL
+ dm_block_manager_destroy(pmd->bm);
+ set_pool_mode
+ dm_pool_metadata_read_only(pool->pmd);
+ dm_bm_set_read_only(pmd->bm); --> use-after-free
+
+Add checks to see if pmd->bm is NULL in dm_bm_set_read_only and
+dm_bm_set_read_write functions. If bm is NULL it means creating the
+bm failed and so dm_bm_is_read_only must return true.
+
+Signed-off-by: Ye Bin <yebin10@huawei.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Mike Snitzer <snitzer@redhat.com>
+Signed-off-by: xiejingfeng <xiejingfeng@linux.alibaba.com>
+Signed-off-by: Jeffle Xu <jefflexu@linux.alibaba.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/md/dm-thin-metadata.c | 2 +-
+ drivers/md/persistent-data/dm-block-manager.c | 14 ++++++++------
+ 2 files changed, 9 insertions(+), 7 deletions(-)
+
+--- a/drivers/md/dm-thin-metadata.c
++++ b/drivers/md/dm-thin-metadata.c
+@@ -901,7 +901,7 @@ int dm_pool_metadata_close(struct dm_poo
+ return -EBUSY;
+ }
+
+- if (!dm_bm_is_read_only(pmd->bm) && !pmd->fail_io) {
++ if (!pmd->fail_io && !dm_bm_is_read_only(pmd->bm)) {
+ r = __commit_transaction(pmd);
+ if (r < 0)
+ DMWARN("%s: __commit_transaction() failed, error = %d",
+--- a/drivers/md/persistent-data/dm-block-manager.c
++++ b/drivers/md/persistent-data/dm-block-manager.c
+@@ -494,7 +494,7 @@ int dm_bm_write_lock(struct dm_block_man
+ void *p;
+ int r;
+
+- if (bm->read_only)
++ if (dm_bm_is_read_only(bm))
+ return -EPERM;
+
+ p = dm_bufio_read(bm->bufio, b, (struct dm_buffer **) result);
+@@ -563,7 +563,7 @@ int dm_bm_write_lock_zero(struct dm_bloc
+ struct buffer_aux *aux;
+ void *p;
+
+- if (bm->read_only)
++ if (dm_bm_is_read_only(bm))
+ return -EPERM;
+
+ p = dm_bufio_new(bm->bufio, b, (struct dm_buffer **) result);
+@@ -603,7 +603,7 @@ EXPORT_SYMBOL_GPL(dm_bm_unlock);
+
+ int dm_bm_flush(struct dm_block_manager *bm)
+ {
+- if (bm->read_only)
++ if (dm_bm_is_read_only(bm))
+ return -EPERM;
+
+ return dm_bufio_write_dirty_buffers(bm->bufio);
+@@ -617,19 +617,21 @@ void dm_bm_prefetch(struct dm_block_mana
+
+ bool dm_bm_is_read_only(struct dm_block_manager *bm)
+ {
+- return bm->read_only;
++ return (bm ? bm->read_only : true);
+ }
+ EXPORT_SYMBOL_GPL(dm_bm_is_read_only);
+
+ void dm_bm_set_read_only(struct dm_block_manager *bm)
+ {
+- bm->read_only = true;
++ if (bm)
++ bm->read_only = true;
+ }
+ EXPORT_SYMBOL_GPL(dm_bm_set_read_only);
+
+ void dm_bm_set_read_write(struct dm_block_manager *bm)
+ {
+- bm->read_only = false;
++ if (bm)
++ bm->read_only = false;
+ }
+ EXPORT_SYMBOL_GPL(dm_bm_set_read_write);
+
--- /dev/null
+From 60b78ed088ebe1a872ee1320b6c5ad6ee2c4bd9a Mon Sep 17 00:00:00 2001
+From: Evan Quan <evan.quan@amd.com>
+Date: Fri, 3 Sep 2021 14:33:11 +0800
+Subject: PCI: Add AMD GPU multi-function power dependencies
+
+From: Evan Quan <evan.quan@amd.com>
+
+commit 60b78ed088ebe1a872ee1320b6c5ad6ee2c4bd9a upstream.
+
+Some AMD GPUs have built-in USB xHCI and USB Type-C UCSI controllers with
+power dependencies between the GPU and the other functions as in
+6d2e369f0d4c ("PCI: Add NVIDIA GPU multi-function power dependencies").
+
+Add device link support for the AMD integrated USB xHCI and USB Type-C UCSI
+controllers.
+
+Without this, runtime power management, including GPU resume and temp and
+fan sensors don't work correctly.
+
+Reported-at: https://gitlab.freedesktop.org/drm/amd/-/issues/1704
+Link: https://lore.kernel.org/r/20210903063311.3606226-1-evan.quan@amd.com
+Signed-off-by: Evan Quan <evan.quan@amd.com>
+Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pci/quirks.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -5254,7 +5254,7 @@ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR
+ PCI_CLASS_MULTIMEDIA_HD_AUDIO, 8, quirk_gpu_hda);
+
+ /*
+- * Create device link for NVIDIA GPU with integrated USB xHCI Host
++ * Create device link for GPUs with integrated USB xHCI Host
+ * controller to VGA.
+ */
+ static void quirk_gpu_usb(struct pci_dev *usb)
+@@ -5263,9 +5263,11 @@ static void quirk_gpu_usb(struct pci_dev
+ }
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb);
++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID,
++ PCI_CLASS_SERIAL_USB, 8, quirk_gpu_usb);
+
+ /*
+- * Create device link for NVIDIA GPU with integrated Type-C UCSI controller
++ * Create device link for GPUs with integrated Type-C UCSI controller
+ * to VGA. Currently there is no class code defined for UCSI device over PCI
+ * so using UNKNOWN class for now and it will be updated when UCSI
+ * over PCI gets a class code.
+@@ -5278,6 +5280,9 @@ static void quirk_gpu_usb_typec_ucsi(str
+ DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_NVIDIA, PCI_ANY_ID,
+ PCI_CLASS_SERIAL_UNKNOWN, 8,
+ quirk_gpu_usb_typec_ucsi);
++DECLARE_PCI_FIXUP_CLASS_FINAL(PCI_VENDOR_ID_ATI, PCI_ANY_ID,
++ PCI_CLASS_SERIAL_UNKNOWN, 8,
++ quirk_gpu_usb_typec_ucsi);
+
+ /*
+ * Enable the NVIDIA GPU integrated HDA controller if the BIOS left it
--- /dev/null
+From 0560204b360a332c321124dbc5cdfd3364533a74 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Fri, 3 Sep 2021 10:49:36 +0200
+Subject: PM: base: power: don't try to use non-existing RTC for storing data
+
+From: Juergen Gross <jgross@suse.com>
+
+commit 0560204b360a332c321124dbc5cdfd3364533a74 upstream.
+
+If there is no legacy RTC device, don't try to use it for storing trace
+data across suspend/resume.
+
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Rafael J. Wysocki <rafael@kernel.org>
+Link: https://lore.kernel.org/r/20210903084937.19392-2-jgross@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/base/power/trace.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+--- a/drivers/base/power/trace.c
++++ b/drivers/base/power/trace.c
+@@ -11,6 +11,7 @@
+ #include <linux/export.h>
+ #include <linux/rtc.h>
+ #include <linux/suspend.h>
++#include <linux/init.h>
+
+ #include <linux/mc146818rtc.h>
+
+@@ -165,6 +166,9 @@ void generate_pm_trace(const void *trace
+ const char *file = *(const char **)(tracedata + 2);
+ unsigned int user_hash_value, file_hash_value;
+
++ if (!x86_platform.legacy.rtc)
++ return;
++
+ user_hash_value = user % USERHASH;
+ file_hash_value = hash_string(lineno, file, FILEHASH);
+ set_magic_time(user_hash_value, file_hash_value, dev_hash_value);
+@@ -267,6 +271,9 @@ static struct notifier_block pm_trace_nb
+
+ static int early_resume_init(void)
+ {
++ if (!x86_platform.legacy.rtc)
++ return 0;
++
+ hash_value_early_read = read_magic_time();
+ register_pm_notifier(&pm_trace_nb);
+ return 0;
+@@ -277,6 +284,9 @@ static int late_resume_init(void)
+ unsigned int val = hash_value_early_read;
+ unsigned int user, file, dev;
+
++ if (!x86_platform.legacy.rtc)
++ return 0;
++
+ user = val % USERHASH;
+ val = val / USERHASH;
+ file = val % FILEHASH;
memcg-enable-accounting-for-pids-in-nested-pid-namespaces.patch
platform-chrome-cros_ec_proto-send-command-again-when-timeout-occurs.patch
drm-amdgpu-fix-bug_on-assert.patch
+dm-thin-metadata-fix-use-after-free-in-dm_bm_set_read_only.patch
+xen-reset-legacy-rtc-flag-for-pv-domu.patch
+bnx2x-fix-enabling-network-interfaces-without-vfs.patch
+arm64-sve-use-correct-size-when-reinitialising-sve-state.patch
+pm-base-power-don-t-try-to-use-non-existing-rtc-for-storing-data.patch
+pci-add-amd-gpu-multi-function-power-dependencies.patch
--- /dev/null
+From f68aa100d815b5b4467fd1c3abbe3b99d65fd028 Mon Sep 17 00:00:00 2001
+From: Juergen Gross <jgross@suse.com>
+Date: Fri, 3 Sep 2021 10:49:37 +0200
+Subject: xen: reset legacy rtc flag for PV domU
+
+From: Juergen Gross <jgross@suse.com>
+
+commit f68aa100d815b5b4467fd1c3abbe3b99d65fd028 upstream.
+
+A Xen PV guest doesn't have a legacy RTC device, so reset the legacy
+RTC flag. Otherwise the following WARN splat will occur at boot:
+
+[ 1.333404] WARNING: CPU: 1 PID: 1 at /home/gross/linux/head/drivers/rtc/rtc-mc146818-lib.c:25 mc146818_get_time+0x1be/0x210
+[ 1.333404] Modules linked in:
+[ 1.333404] CPU: 1 PID: 1 Comm: swapper/0 Tainted: G W 5.14.0-rc7-default+ #282
+[ 1.333404] RIP: e030:mc146818_get_time+0x1be/0x210
+[ 1.333404] Code: c0 64 01 c5 83 fd 45 89 6b 14 7f 06 83 c5 64 89 6b 14 41 83 ec 01 b8 02 00 00 00 44 89 63 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 <0f> 0b 48 c7 c7 30 0e ef 82 4c 89 e6 e8 71 2a 24 00 48 c7 c0 ff ff
+[ 1.333404] RSP: e02b:ffffc90040093df8 EFLAGS: 00010002
+[ 1.333404] RAX: 00000000000000ff RBX: ffffc90040093e34 RCX: 0000000000000000
+[ 1.333404] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000d
+[ 1.333404] RBP: ffffffff82ef0e30 R08: ffff888005013e60 R09: 0000000000000000
+[ 1.333404] R10: ffffffff82373e9b R11: 0000000000033080 R12: 0000000000000200
+[ 1.333404] R13: 0000000000000000 R14: 0000000000000002 R15: ffffffff82cdc6d4
+[ 1.333404] FS: 0000000000000000(0000) GS:ffff88807d440000(0000) knlGS:0000000000000000
+[ 1.333404] CS: 10000e030 DS: 0000 ES: 0000 CR0: 0000000080050033
+[ 1.333404] CR2: 0000000000000000 CR3: 000000000260a000 CR4: 0000000000050660
+[ 1.333404] Call Trace:
+[ 1.333404] ? wakeup_sources_sysfs_init+0x30/0x30
+[ 1.333404] ? rdinit_setup+0x2b/0x2b
+[ 1.333404] early_resume_init+0x23/0xa4
+[ 1.333404] ? cn_proc_init+0x36/0x36
+[ 1.333404] do_one_initcall+0x3e/0x200
+[ 1.333404] kernel_init_freeable+0x232/0x28e
+[ 1.333404] ? rest_init+0xd0/0xd0
+[ 1.333404] kernel_init+0x16/0x120
+[ 1.333404] ret_from_fork+0x1f/0x30
+
+Cc: <stable@vger.kernel.org>
+Fixes: 8d152e7a5c7537 ("x86/rtc: Replace paravirt rtc check with platform legacy quirk")
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
+Link: https://lore.kernel.org/r/20210903084937.19392-3-jgross@suse.com
+Signed-off-by: Juergen Gross <jgross@suse.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/xen/enlighten_pv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+--- a/arch/x86/xen/enlighten_pv.c
++++ b/arch/x86/xen/enlighten_pv.c
+@@ -1187,6 +1187,11 @@ static void __init xen_dom0_set_legacy_f
+ x86_platform.legacy.rtc = 1;
+ }
+
++static void __init xen_domu_set_legacy_features(void)
++{
++ x86_platform.legacy.rtc = 0;
++}
++
+ /* First C function to be called on Xen boot */
+ asmlinkage __visible void __init xen_start_kernel(void)
+ {
+@@ -1354,6 +1359,8 @@ asmlinkage __visible void __init xen_sta
+ add_preferred_console("xenboot", 0, NULL);
+ if (pci_xen)
+ x86_init.pci.arch_init = pci_xen_init;
++ x86_platform.set_legacy_features =
++ xen_domu_set_legacy_features;
+ } else {
+ const struct dom0_vga_console_info *info =
+ (void *)((char *)xen_start_info +
projects / thirdparty / kernel / stable-queue.git / commitdiff
