--- /dev/null
+From 83c8cf9ab53888ba19d8ddde5dc085ee7a179664 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 12 Feb 2024 13:55:34 -0800
+Subject: drm/crtc: fix uninitialized variable use even harder
+
+From: Rob Clark <robdclark@chromium.org>
+
+[ Upstream commit b6802b61a9d0e99dcfa6fff7c50db7c48a9623d3 ]
+
+DRM_MODESET_LOCK_ALL_BEGIN() has a hidden trap-door (aka retry loop),
+which means we can't rely too much on variable initializers.
+
+Fixes: 6e455f5dcdd1 ("drm/crtc: fix uninitialized variable use")
+Signed-off-by: Rob Clark <robdclark@chromium.org>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Tested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> # sc7180, sdm845
+Link: https://patchwork.freedesktop.org/patch/msgid/20240212215534.190682-1-robdclark@gmail.com
+Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/drm_crtc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
+index 4ed3fc28d4dab..5d2cbff02df12 100644
+--- a/drivers/gpu/drm/drm_crtc.c
++++ b/drivers/gpu/drm/drm_crtc.c
+@@ -754,6 +754,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
+ connector_set = NULL;
+ fb = NULL;
+ mode = NULL;
++ num_connectors = 0;
+
+ DRM_MODESET_LOCK_ALL_END(dev, ctx, ret);
+
+--
+2.43.0
+
--- /dev/null
+From d2c0d8ff6b2d3299afa24f40e050467d8b3563ba Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 9 Oct 2024 05:42:01 +0000
+Subject: Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
+
+From: Mathias Krause <minipli@grsecurity.net>
+
+commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream.
+
+Calling irq_domain_remove() will lead to freeing the IRQ domain
+prematurely. The domain is still referenced and will be attempted to get
+used via rmi_free_function_list() -> rmi_unregister_function() ->
+irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer.
+
+With PaX's MEMORY_SANITIZE this will lead to an access fault when
+attempting to dereference embedded pointers, as in Torsten's report that
+was faulting on the 'domain->ops->unmap' test.
+
+Fix this by releasing the IRQ domain only after all related IRQs have
+been deactivated.
+
+Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain")
+Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
+Signed-off-by: Mathias Krause <minipli@grsecurity.net>
+Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/input/rmi4/rmi_driver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
+index aa32371f04af6..ef9ea295f9e03 100644
+--- a/drivers/input/rmi4/rmi_driver.c
++++ b/drivers/input/rmi4/rmi_driver.c
+@@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev)
+
+ rmi_disable_irq(rmi_dev, false);
+
+- irq_domain_remove(data->irqdomain);
+- data->irqdomain = NULL;
+-
+ rmi_f34_remove_sysfs(rmi_dev);
+ rmi_free_function_list(rmi_dev);
+
++ irq_domain_remove(data->irqdomain);
++ data->irqdomain = NULL;
++
+ return 0;
+ }
+
+--
+2.43.0
+
--- /dev/null
+From c13d5ec497c48382911f5492d82595ae8bdb8d57 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 15:29:45 -0700
+Subject: kallsyms: Make kallsyms_on_each_symbol generally available
+
+From: Jiri Olsa <jolsa@kernel.org>
+
+[ Upstream commit d721def7392a7348ffb9f3583b264239cbd3702c ]
+
+Making kallsyms_on_each_symbol generally available, so it can be
+used outside CONFIG_LIVEPATCH option in following changes.
+
+Rather than adding another ifdef option let's make the function
+generally available (when CONFIG_KALLSYMS option is defined).
+
+Cc: Christoph Hellwig <hch@lst.de>
+Reviewed-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Link: https://lore.kernel.org/r/20220510122616.2652285-2-jolsa@kernel.org
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Stable-dep-of: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when
+func matches several symbols")
+Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/kallsyms.h | 7 ++++++-
+ kernel/kallsyms.c | 2 --
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
+index 465060acc9816..430f1cefbb9e1 100644
+--- a/include/linux/kallsyms.h
++++ b/include/linux/kallsyms.h
+@@ -71,11 +71,11 @@ static inline void *dereference_symbol_descriptor(void *ptr)
+ return ptr;
+ }
+
++#ifdef CONFIG_KALLSYMS
+ int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *,
+ unsigned long),
+ void *data);
+
+-#ifdef CONFIG_KALLSYMS
+ /* Lookup the address for a symbol. Returns 0 if not found. */
+ unsigned long kallsyms_lookup_name(const char *name);
+
+@@ -155,6 +155,11 @@ static inline bool kallsyms_show_value(const struct cred *cred)
+ return false;
+ }
+
++static inline int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *,
++ unsigned long), void *data)
++{
++ return -EOPNOTSUPP;
++}
+ #endif /*CONFIG_KALLSYMS*/
+
+ static inline void print_ip_sym(const char *loglvl, unsigned long ip)
+diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
+index 8043a90aa50ed..a0d3f0865916f 100644
+--- a/kernel/kallsyms.c
++++ b/kernel/kallsyms.c
+@@ -177,7 +177,6 @@ unsigned long kallsyms_lookup_name(const char *name)
+ return module_kallsyms_lookup_name(name);
+ }
+
+-#ifdef CONFIG_LIVEPATCH
+ /*
+ * Iterate over all symbols in vmlinux. For symbols from modules use
+ * module_kallsyms_on_each_symbol instead.
+@@ -199,7 +198,6 @@ int kallsyms_on_each_symbol(int (*fn)(void *, const char *, struct module *,
+ }
+ return 0;
+ }
+-#endif /* CONFIG_LIVEPATCH */
+
+ static unsigned long get_symbol_pos(unsigned long addr,
+ unsigned long *symbolsize,
+--
+2.43.0
+
--- /dev/null
+From fbb3ba4e5e1c5f35eb35d421cc1b477bc377c3a4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 15:29:46 -0700
+Subject: kallsyms: Make module_kallsyms_on_each_symbol generally available
+
+From: Jiri Olsa <jolsa@kernel.org>
+
+commit 73feb8d5fa3b755bb51077c0aabfb6aa556fd498 upstream.
+
+Making module_kallsyms_on_each_symbol generally available, so it
+can be used outside CONFIG_LIVEPATCH option in following changes.
+
+Rather than adding another ifdef option let's make the function
+generally available (when CONFIG_KALLSYMS and CONFIG_MODULES
+options are defined).
+
+Cc: Christoph Hellwig <hch@lst.de>
+Acked-by: Song Liu <song@kernel.org>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Link: https://lore.kernel.org/r/20221025134148.3300700-2-jolsa@kernel.org
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 926fe783c8a6 ("tracing/kprobes: Fix symbol counting logic by looking at modules as well")
+Signed-off-by: Markus Boehme <markubo@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Stable-dep-of: 329197033bb0 ("tracing/kprobes: Fix symbol counting logic
+by looking at modules as well")
+Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ include/linux/module.h | 9 +++++++++
+ kernel/module.c | 2 --
+ 2 files changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/include/linux/module.h b/include/linux/module.h
+index a55a40c28568e..63fe94e6ae6f1 100644
+--- a/include/linux/module.h
++++ b/include/linux/module.h
+@@ -875,8 +875,17 @@ static inline bool module_sig_ok(struct module *module)
+ }
+ #endif /* CONFIG_MODULE_SIG */
+
++#if defined(CONFIG_MODULES) && defined(CONFIG_KALLSYMS)
+ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
+ struct module *, unsigned long),
+ void *data);
++#else
++static inline int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
++ struct module *, unsigned long),
++ void *data)
++{
++ return -EOPNOTSUPP;
++}
++#endif /* CONFIG_MODULES && CONFIG_KALLSYMS */
+
+ #endif /* _LINUX_MODULE_H */
+diff --git a/kernel/module.c b/kernel/module.c
+index edc7b99cb16fa..7f3ba597af6c1 100644
+--- a/kernel/module.c
++++ b/kernel/module.c
+@@ -4444,7 +4444,6 @@ unsigned long module_kallsyms_lookup_name(const char *name)
+ return ret;
+ }
+
+-#ifdef CONFIG_LIVEPATCH
+ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
+ struct module *, unsigned long),
+ void *data)
+@@ -4475,7 +4474,6 @@ int module_kallsyms_on_each_symbol(int (*fn)(void *, const char *,
+ mutex_unlock(&module_mutex);
+ return ret;
+ }
+-#endif /* CONFIG_LIVEPATCH */
+ #endif /* CONFIG_KALLSYMS */
+
+ /* Maximum number of characters written by module_flags() */
+--
+2.43.0
+
--- /dev/null
+From f53038aa6ffec2e121c51c3a5952252df2fb4e8c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 6 Jan 2024 01:12:22 +0100
+Subject: net: ethernet: cortina: Drop TSO support
+
+From: Linus Walleij <linus.walleij@linaro.org>
+
+[ Upstream commit ac631873c9e7a50d2a8de457cfc4b9f86666403e ]
+
+The recent change to allow large frames without hardware checksumming
+slotted in software checksumming in the driver if hardware could not
+do it.
+
+This will however upset TSO (TCP Segment Offloading). Typical
+error dumps includes this:
+
+skb len=2961 headroom=222 headlen=66 tailroom=0
+(...)
+WARNING: CPU: 0 PID: 956 at net/core/dev.c:3259 skb_warn_bad_offload+0x7c/0x108
+gemini-ethernet-port: caps=(0x0000010000154813, 0x00002007ffdd7889)
+
+And the packets do not go through.
+
+The TSO implementation is bogus: a TSO enabled driver must propagate
+the skb_shinfo(skb)->gso_size value to the TSO engine on the NIC.
+
+Drop the size check and TSO offloading features for now: this
+needs to be fixed up properly.
+
+After this ethernet works fine on Gemini devices with a direct connected
+PHY such as D-Link DNS-313.
+
+Also tested to still be working with a DSA switch using the Gemini
+ethernet as conduit interface.
+
+Link: https://lore.kernel.org/netdev/CANn89iJLfxng1sYL5Zk0mknXpyYQPCp83m3KgD2KJ2_hKCpEUg@mail.gmail.com/
+Suggested-by: Eric Dumazet <edumazet@google.com>
+Fixes: d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames")
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/cortina/gemini.c | 15 ++-------------
+ 1 file changed, 2 insertions(+), 13 deletions(-)
+
+diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c
+index fa46854fd697c..04a034cd5183f 100644
+--- a/drivers/net/ethernet/cortina/gemini.c
++++ b/drivers/net/ethernet/cortina/gemini.c
+@@ -80,8 +80,7 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)");
+ #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT)
+
+ #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \
+- NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \
+- NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6)
++ NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM)
+
+ /**
+ * struct gmac_queue_page - page buffer per-page info
+@@ -1149,23 +1148,13 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb,
+ struct gmac_txdesc *txd;
+ skb_frag_t *skb_frag;
+ dma_addr_t mapping;
+- unsigned short mtu;
+ void *buffer;
+ int ret;
+
+- mtu = ETH_HLEN;
+- mtu += netdev->mtu;
+- if (skb->protocol == htons(ETH_P_8021Q))
+- mtu += VLAN_HLEN;
+-
++ /* TODO: implement proper TSO using MTU in word3 */
+ word1 = skb->len;
+ word3 = SOF_BIT;
+
+- if (word1 > mtu) {
+- word1 |= TSS_MTU_ENABLE_BIT;
+- word3 |= mtu;
+- }
+-
+ if (skb->len >= ETH_FRAME_LEN) {
+ /* Hardware offloaded checksumming isn't working on frames
+ * bigger than 1514 bytes. A hypothesis about this is that the
+--
+2.43.0
+
--- /dev/null
+From 8ea752ce4a33788843523afdad0c8669d3ae6617 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 26 Feb 2021 11:21:05 +0100
+Subject: s390/zcore: no need to check return value of debugfs_create functions
+
+From: Alexander Egorenkov <egorenar@linux.ibm.com>
+
+[ Upstream commit 7449ca87312a5b0390b765be65a126e6e5451026 ]
+
+When calling debugfs functions, there is no need to ever check the
+return value. The function can work or not, but the code logic should
+never do something different based on this.
+
+See commit 7dd541a3fb34 ("s390: no need to check return value of debugfs_create functions").
+
+Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Stable-dep-of: 0b18c852cc6f ("tracing: Have saved_cmdlines arrays all in one allocation")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/s390/char/zcore.c | 18 +-----------------
+ 1 file changed, 1 insertion(+), 17 deletions(-)
+
+diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c
+index 3841c0e77df69..5f659fa9224a3 100644
+--- a/drivers/s390/char/zcore.c
++++ b/drivers/s390/char/zcore.c
+@@ -302,28 +302,12 @@ static int __init zcore_init(void)
+ goto fail;
+
+ zcore_dir = debugfs_create_dir("zcore" , NULL);
+- if (!zcore_dir) {
+- rc = -ENOMEM;
+- goto fail;
+- }
+ zcore_reipl_file = debugfs_create_file("reipl", S_IRUSR, zcore_dir,
+ NULL, &zcore_reipl_fops);
+- if (!zcore_reipl_file) {
+- rc = -ENOMEM;
+- goto fail_dir;
+- }
+ zcore_hsa_file = debugfs_create_file("hsa", S_IRUSR|S_IWUSR, zcore_dir,
+ NULL, &zcore_hsa_fops);
+- if (!zcore_hsa_file) {
+- rc = -ENOMEM;
+- goto fail_reipl_file;
+- }
+- return 0;
+
+-fail_reipl_file:
+- debugfs_remove(zcore_reipl_file);
+-fail_dir:
+- debugfs_remove(zcore_dir);
++ return 0;
+ fail:
+ diag308(DIAG308_REL_HSA, NULL);
+ return rc;
+--
+2.43.0
+
--- /dev/null
+From 1aa06df8ec106228daa96889e6f252790296b28a Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 25 Feb 2021 14:28:52 +0100
+Subject: s390/zcore: release dump save area on restart or power down
+
+From: Alexander Egorenkov <egorenar@linux.ibm.com>
+
+[ Upstream commit dabdfac0e85c8c1e811b10c08742f49285e78a17 ]
+
+The zFCP/NVMe standalone dumper is supposed to release the dump save area
+resource as soon as possible but might fail to do so, for instance, if it
+crashes. To avoid this situation, register a reboot notifier and ensure
+the dump save area resource is released on reboot or power down.
+
+Signed-off-by: Alexander Egorenkov <egorenar@linux.ibm.com>
+Reviewed-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Stable-dep-of: 0b18c852cc6f ("tracing: Have saved_cmdlines arrays all in one allocation")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/s390/char/zcore.c | 26 ++++++++++++++++++++++++++
+ 1 file changed, 26 insertions(+)
+
+diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c
+index 5f659fa9224a3..1aee6b2ae66fb 100644
+--- a/drivers/s390/char/zcore.c
++++ b/drivers/s390/char/zcore.c
+@@ -15,6 +15,7 @@
+ #include <linux/init.h>
+ #include <linux/slab.h>
+ #include <linux/debugfs.h>
++#include <linux/reboot.h>
+
+ #include <asm/asm-offsets.h>
+ #include <asm/ipl.h>
+@@ -247,6 +248,28 @@ static int __init zcore_reipl_init(void)
+ return 0;
+ }
+
++static int zcore_reboot_and_on_panic_handler(struct notifier_block *self,
++ unsigned long event,
++ void *data)
++{
++ if (hsa_available)
++ release_hsa();
++
++ return NOTIFY_OK;
++}
++
++static struct notifier_block zcore_reboot_notifier = {
++ .notifier_call = zcore_reboot_and_on_panic_handler,
++ /* we need to be notified before reipl and kdump */
++ .priority = INT_MAX,
++};
++
++static struct notifier_block zcore_on_panic_notifier = {
++ .notifier_call = zcore_reboot_and_on_panic_handler,
++ /* we need to be notified before reipl and kdump */
++ .priority = INT_MAX,
++};
++
+ static int __init zcore_init(void)
+ {
+ unsigned char arch;
+@@ -307,6 +330,9 @@ static int __init zcore_init(void)
+ zcore_hsa_file = debugfs_create_file("hsa", S_IRUSR|S_IWUSR, zcore_dir,
+ NULL, &zcore_hsa_fops);
+
++ register_reboot_notifier(&zcore_reboot_notifier);
++ atomic_notifier_chain_register(&panic_notifier_list, &zcore_on_panic_notifier);
++
+ return 0;
+ fail:
+ diag308(DIAG308_REL_HSA, NULL);
+--
+2.43.0
+
vhost-scsi-null-ptr-dereference-in-vhost_scsi_get_req.patch
clk-imx6ul-fix-failed-to-get-parent-error.patch
unicode-don-t-special-case-ignorable-code-points.patch
+net-ethernet-cortina-drop-tso-support.patch
+tracing-remove-precision-vsnprintf-check-from-print-.patch
+drm-crtc-fix-uninitialized-variable-use-even-harder.patch
+s390-zcore-no-need-to-check-return-value-of-debugfs_.patch
+s390-zcore-release-dump-save-area-on-restart-or-powe.patch
+tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch
+virtio_console-fix-misc-probe-bugs.patch
+kallsyms-make-kallsyms_on_each_symbol-generally-avai.patch
+kallsyms-make-module_kallsyms_on_each_symbol-general.patch
+tracing-kprobes-return-eaddrnotavail-when-func-match.patch
+tracing-kprobes-fix-symbol-counting-logic-by-looking.patch
+input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch
--- /dev/null
+From f1fc32fddc4d664dadb302191b5cd33fe03eb70c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 20 Feb 2024 09:06:14 -0500
+Subject: tracing: Have saved_cmdlines arrays all in one allocation
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+[ Upstream commit 0b18c852cc6fb8284ac0ab97e3e840974a6a8a64 ]
+
+The saved_cmdlines have three arrays for mapping PIDs to COMMs:
+
+ - map_pid_to_cmdline[]
+ - map_cmdline_to_pid[]
+ - saved_cmdlines
+
+The map_pid_to_cmdline[] is PID_MAX_DEFAULT in size and holds the index
+into the other arrays. The map_cmdline_to_pid[] is a mapping back to the
+full pid as it can be larger than PID_MAX_DEFAULT. And the
+saved_cmdlines[] just holds the COMMs associated to the pids.
+
+Currently the map_pid_to_cmdline[] and saved_cmdlines[] are allocated
+together (in reality the saved_cmdlines is just in the memory of the
+rounding of the allocation of the structure as it is always allocated in
+powers of two). The map_cmdline_to_pid[] array is allocated separately.
+
+Since the rounding to a power of two is rather large (it allows for 8000
+elements in saved_cmdlines), also include the map_cmdline_to_pid[] array.
+(This drops it to 6000 by default, which is still plenty for most use
+cases). This saves even more memory as the map_cmdline_to_pid[] array
+doesn't need to be allocated.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240212174011.068211d9@gandalf.local.home/
+Link: https://lore.kernel.org/linux-trace-kernel/20240220140703.182330529@goodmis.org
+
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: Vincent Donnefort <vdonnefort@google.com>
+Cc: Sven Schnelle <svens@linux.ibm.com>
+Cc: Mete Durlu <meted@linux.ibm.com>
+Fixes: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic")
+Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index b16291f4c5731..9f5b9036f001d 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -2244,6 +2244,10 @@ struct saved_cmdlines_buffer {
+ };
+ static struct saved_cmdlines_buffer *savedcmd;
+
++/* Holds the size of a cmdline and pid element */
++#define SAVED_CMDLINE_MAP_ELEMENT_SIZE(s) \
++ (TASK_COMM_LEN + sizeof((s)->map_cmdline_to_pid[0]))
++
+ static inline char *get_saved_cmdlines(int idx)
+ {
+ return &savedcmd->saved_cmdlines[idx * TASK_COMM_LEN];
+@@ -2258,7 +2262,6 @@ static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s)
+ {
+ int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN);
+
+- kfree(s->map_cmdline_to_pid);
+ kmemleak_free(s);
+ free_pages((unsigned long)s, order);
+ }
+@@ -2271,7 +2274,7 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val)
+ int order;
+
+ /* Figure out how much is needed to hold the given number of cmdlines */
+- orig_size = sizeof(*s) + val * TASK_COMM_LEN;
++ orig_size = sizeof(*s) + val * SAVED_CMDLINE_MAP_ELEMENT_SIZE(s);
+ order = get_order(orig_size);
+ size = 1 << (order + PAGE_SHIFT);
+ page = alloc_pages(GFP_KERNEL, order);
+@@ -2283,16 +2286,11 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val)
+ memset(s, 0, sizeof(*s));
+
+ /* Round up to actual allocation */
+- val = (size - sizeof(*s)) / TASK_COMM_LEN;
++ val = (size - sizeof(*s)) / SAVED_CMDLINE_MAP_ELEMENT_SIZE(s);
+ s->cmdline_num = val;
+
+- s->map_cmdline_to_pid = kmalloc_array(val,
+- sizeof(*s->map_cmdline_to_pid),
+- GFP_KERNEL);
+- if (!s->map_cmdline_to_pid) {
+- free_saved_cmdlines_buffer(s);
+- return NULL;
+- }
++ /* Place map_cmdline_to_pid array right after saved_cmdlines */
++ s->map_cmdline_to_pid = (unsigned *)&s->saved_cmdlines[val * TASK_COMM_LEN];
+
+ s->cmdline_idx = 0;
+ memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP,
+--
+2.43.0
+
--- /dev/null
+From c8ce567da9750645c1bd9c65fd11a23c8c0ef991 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 15:29:48 -0700
+Subject: tracing/kprobes: Fix symbol counting logic by looking at modules as
+ well
+
+From: Andrii Nakryiko <andrii@kernel.org>
+
+commit 926fe783c8a64b33997fec405cf1af3e61aed441 upstream.
+
+Recent changes to count number of matching symbols when creating
+a kprobe event failed to take into account kernel modules. As such, it
+breaks kprobes on kernel module symbols, by assuming there is no match.
+
+Fix this my calling module_kallsyms_on_each_symbol() in addition to
+kallsyms_on_each_match_symbol() to perform a proper counting.
+
+Link: https://lore.kernel.org/all/20231027233126.2073148-1-andrii@kernel.org/
+
+Cc: Francis Laniel <flaniel@linux.microsoft.com>
+Cc: stable@vger.kernel.org
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Steven Rostedt <rostedt@goodmis.org>
+Fixes: b022f0c7e404 ("tracing/kprobes: Return EADDRNOTAVAIL when func matches several symbols")
+Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
+Acked-by: Song Liu <song@kernel.org>
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Markus Boehme <markubo@amazon.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+[Sherry: It's a fix for previous backport, thus backport together]
+Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_kprobe.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
+index 91dfe8cf1ce8b..ae059345ddf4c 100644
+--- a/kernel/trace/trace_kprobe.c
++++ b/kernel/trace/trace_kprobe.c
+@@ -742,6 +742,8 @@ static unsigned int number_of_same_symbols(char *func_name)
+
+ kallsyms_on_each_symbol(count_symbols, &args);
+
++ module_kallsyms_on_each_symbol(count_symbols, &args);
++
+ return args.count;
+ }
+
+--
+2.43.0
+
--- /dev/null
+From 225b8fa07ad0b6a981d8d9bcf3742be0125e8f96 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 15:29:47 -0700
+Subject: tracing/kprobes: Return EADDRNOTAVAIL when func matches several
+ symbols
+
+From: Francis Laniel <flaniel@linux.microsoft.com>
+
+commit b022f0c7e404887a7c5229788fc99eff9f9a80d5 upstream.
+
+When a kprobe is attached to a function that's name is not unique (is
+static and shares the name with other functions in the kernel), the
+kprobe is attached to the first function it finds. This is a bug as the
+function that it is attaching to is not necessarily the one that the
+user wants to attach to.
+
+Instead of blindly picking a function to attach to what is ambiguous,
+error with EADDRNOTAVAIL to let the user know that this function is not
+unique, and that the user must use another unique function with an
+address offset to get to the function they want to attach to.
+
+Link: https://lore.kernel.org/all/20231020104250.9537-2-flaniel@linux.microsoft.com/
+
+Cc: stable@vger.kernel.org
+Fixes: 413d37d1eb69 ("tracing: Add kprobe-based event tracer")
+Suggested-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Francis Laniel <flaniel@linux.microsoft.com>
+Link: https://lore.kernel.org/lkml/20230819101105.b0c104ae4494a7d1f2eea742@kernel.org/
+Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+[Sherry: 5.10.y added a new kselftest kprobe_non_uniq_symbol.tc by
+backporting commit 09bcf9254838 ("selftests/ftrace: Add new test case which
+checks non unique symbol"). However, 5.10.y didn't backport this commit which
+provides unique symbol check suppport from kernel side. Minor conflicts due to
+context change, ignore context change]
+Signed-off-by: Sherry Yang <sherry.yang@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_kprobe.c | 74 +++++++++++++++++++++++++++++++++++++
+ kernel/trace/trace_probe.h | 1 +
+ 2 files changed, 75 insertions(+)
+
+diff --git a/kernel/trace/trace_kprobe.c b/kernel/trace/trace_kprobe.c
+index 5453af26ff764..91dfe8cf1ce8b 100644
+--- a/kernel/trace/trace_kprobe.c
++++ b/kernel/trace/trace_kprobe.c
+@@ -715,6 +715,36 @@ static inline void sanitize_event_name(char *name)
+ *name = '_';
+ }
+
++struct count_symbols_struct {
++ const char *func_name;
++ unsigned int count;
++};
++
++static int count_symbols(void *data, const char *name, struct module *unused0,
++ unsigned long unused1)
++{
++ struct count_symbols_struct *args = data;
++
++ if (strcmp(args->func_name, name))
++ return 0;
++
++ args->count++;
++
++ return 0;
++}
++
++static unsigned int number_of_same_symbols(char *func_name)
++{
++ struct count_symbols_struct args = {
++ .func_name = func_name,
++ .count = 0,
++ };
++
++ kallsyms_on_each_symbol(count_symbols, &args);
++
++ return args.count;
++}
++
+ static int trace_kprobe_create(int argc, const char *argv[])
+ {
+ /*
+@@ -842,6 +872,31 @@ static int trace_kprobe_create(int argc, const char *argv[])
+ }
+ }
+
++ if (symbol && !strchr(symbol, ':')) {
++ unsigned int count;
++
++ count = number_of_same_symbols(symbol);
++ if (count > 1) {
++ /*
++ * Users should use ADDR to remove the ambiguity of
++ * using KSYM only.
++ */
++ trace_probe_log_err(0, NON_UNIQ_SYMBOL);
++ ret = -EADDRNOTAVAIL;
++
++ goto error;
++ } else if (count == 0) {
++ /*
++ * We can return ENOENT earlier than when register the
++ * kprobe.
++ */
++ trace_probe_log_err(0, BAD_PROBE_ADDR);
++ ret = -ENOENT;
++
++ goto error;
++ }
++ }
++
+ trace_probe_log_set_index(0);
+ if (event) {
+ ret = traceprobe_parse_event_name(&event, &group, buf,
+@@ -1805,6 +1860,7 @@ static int unregister_kprobe_event(struct trace_kprobe *tk)
+ }
+
+ #ifdef CONFIG_PERF_EVENTS
++
+ /* create a trace_kprobe, but don't add it to global lists */
+ struct trace_event_call *
+ create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
+@@ -1814,6 +1870,24 @@ create_local_trace_kprobe(char *func, void *addr, unsigned long offs,
+ int ret;
+ char *event;
+
++ if (func) {
++ unsigned int count;
++
++ count = number_of_same_symbols(func);
++ if (count > 1)
++ /*
++ * Users should use addr to remove the ambiguity of
++ * using func only.
++ */
++ return ERR_PTR(-EADDRNOTAVAIL);
++ else if (count == 0)
++ /*
++ * We can return ENOENT earlier than when register the
++ * kprobe.
++ */
++ return ERR_PTR(-ENOENT);
++ }
++
+ /*
+ * local trace_kprobes are not added to dyn_event, so they are never
+ * searched in find_trace_kprobe(). Therefore, there is no concern of
+diff --git a/kernel/trace/trace_probe.h b/kernel/trace/trace_probe.h
+index d4a69b83902e1..22c05ca977587 100644
+--- a/kernel/trace/trace_probe.h
++++ b/kernel/trace/trace_probe.h
+@@ -390,6 +390,7 @@ extern int traceprobe_define_arg_fields(struct trace_event_call *event_call,
+ C(BAD_MAXACT, "Invalid maxactive number"), \
+ C(MAXACT_TOO_BIG, "Maxactive is too big"), \
+ C(BAD_PROBE_ADDR, "Invalid probed address or symbol"), \
++ C(NON_UNIQ_SYMBOL, "The symbol is not unique"), \
+ C(BAD_RETPROBE, "Retprobe address must be an function entry"), \
+ C(BAD_ADDR_SUFFIX, "Invalid probed address suffix"), \
+ C(NO_GROUP_NAME, "Group name is not specified"), \
+--
+2.43.0
+
--- /dev/null
+From 05863ffae406209dced50ea821bb5e3cd9040d2d Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 4 Mar 2024 17:43:41 -0500
+Subject: tracing: Remove precision vsnprintf() check from print event
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+[ Upstream commit 5efd3e2aef91d2d812290dcb25b2058e6f3f532c ]
+
+This reverts 60be76eeabb3d ("tracing: Add size check when printing
+trace_marker output"). The only reason the precision check was added
+was because of a bug that miscalculated the write size of the string into
+the ring buffer and it truncated it removing the terminating nul byte. On
+reading the trace it crashed the kernel. But this was due to the bug in
+the code that happened during development and should never happen in
+practice. If anything, the precision can hide bugs where the string in the
+ring buffer isn't nul terminated and it will not be checked.
+
+Link: https://lore.kernel.org/all/C7E7AF1A-D30F-4D18-B8E5-AF1EF58004F5@linux.ibm.com/
+Link: https://lore.kernel.org/linux-trace-kernel/20240227125706.04279ac2@gandalf.local.home
+Link: https://lore.kernel.org/all/20240302111244.3a1674be@gandalf.local.home/
+Link: https://lore.kernel.org/linux-trace-kernel/20240304174341.2a561d9f@gandalf.local.home
+
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Fixes: 60be76eeabb3d ("tracing: Add size check when printing trace_marker output")
+Reported-by: Sachin Sant <sachinp@linux.ibm.com>
+Tested-by: Sachin Sant <sachinp@linux.ibm.com>
+Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_output.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
+index 753b84c50848a..94b0991717b6d 100644
+--- a/kernel/trace/trace_output.c
++++ b/kernel/trace/trace_output.c
+@@ -1313,12 +1313,11 @@ static enum print_line_t trace_print_print(struct trace_iterator *iter,
+ {
+ struct print_entry *field;
+ struct trace_seq *s = &iter->seq;
+- int max = iter->ent_size - offsetof(struct print_entry, buf);
+
+ trace_assign_type(field, iter->ent);
+
+ seq_print_ip_sym(s, field->ip, flags);
+- trace_seq_printf(s, ": %.*s", max, field->buf);
++ trace_seq_printf(s, ": %s", field->buf);
+
+ return trace_handle_return(s);
+ }
+@@ -1327,11 +1326,10 @@ static enum print_line_t trace_print_raw(struct trace_iterator *iter, int flags,
+ struct trace_event *event)
+ {
+ struct print_entry *field;
+- int max = iter->ent_size - offsetof(struct print_entry, buf);
+
+ trace_assign_type(field, iter->ent);
+
+- trace_seq_printf(&iter->seq, "# %lx %.*s", field->ip, max, field->buf);
++ trace_seq_printf(&iter->seq, "# %lx %s", field->ip, field->buf);
+
+ return trace_handle_return(&iter->seq);
+ }
+--
+2.43.0
+
--- /dev/null
+From 162d7ac0283953028ff1a442c79e918c74825fe4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 16 Sep 2024 14:16:44 -0400
+Subject: virtio_console: fix misc probe bugs
+
+From: Michael S. Tsirkin <mst@redhat.com>
+
+[ Upstream commit b9efbe2b8f0177fa97bfab290d60858900aa196b ]
+
+This fixes the following issue discovered by code review:
+
+after vqs have been created, a buggy device can send an interrupt.
+
+A control vq callback will then try to schedule control_work which has
+not been initialized yet. Similarly for config interrupt. Further, in
+and out vq callbacks invoke find_port_by_vq which attempts to take
+ports_lock which also has not been initialized.
+
+To fix, init all locks and work before creating vqs.
+
+Message-ID: <ad982e975a6160ad110c623c016041311ca15b4f.1726511547.git.mst@redhat.com>
+Fixes: 17634ba25544 ("virtio: console: Add a new MULTIPORT feature, support for generic ports")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/char/virtio_console.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
+index 6d361420ffe82..1734b4341585c 100644
+--- a/drivers/char/virtio_console.c
++++ b/drivers/char/virtio_console.c
+@@ -2049,25 +2049,27 @@ static int virtcons_probe(struct virtio_device *vdev)
+ multiport = true;
+ }
+
+- err = init_vqs(portdev);
+- if (err < 0) {
+- dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
+- goto free_chrdev;
+- }
+-
+ spin_lock_init(&portdev->ports_lock);
+ INIT_LIST_HEAD(&portdev->ports);
+ INIT_LIST_HEAD(&portdev->list);
+
+- virtio_device_ready(portdev->vdev);
+-
+ INIT_WORK(&portdev->config_work, &config_work_handler);
+ INIT_WORK(&portdev->control_work, &control_work_handler);
+
+ if (multiport) {
+ spin_lock_init(&portdev->c_ivq_lock);
+ spin_lock_init(&portdev->c_ovq_lock);
++ }
+
++ err = init_vqs(portdev);
++ if (err < 0) {
++ dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
++ goto free_chrdev;
++ }
++
++ virtio_device_ready(portdev->vdev);
++
++ if (multiport) {
+ err = fill_queue(portdev->c_ivq, &portdev->c_ivq_lock);
+ if (err < 0) {
+ dev_err(&vdev->dev,
+--
+2.43.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
