--- /dev/null
+From 4fd9df10cb7a9289fbd22d669f9f98164d95a1ce Mon Sep 17 00:00:00 2001
+From: Pavel Kozlov <pavel.kozlov@synopsys.com>
+Date: Mon, 17 Oct 2022 20:11:27 +0400
+Subject: ARC: mm: fix leakage of memory allocated for PTE
+
+From: Pavel Kozlov <pavel.kozlov@synopsys.com>
+
+commit 4fd9df10cb7a9289fbd22d669f9f98164d95a1ce upstream.
+
+Since commit d9820ff ("ARC: mm: switch pgtable_t back to struct page *")
+a memory leakage problem occurs. Memory allocated for page table entries
+not released during process termination. This issue can be reproduced by
+a small program that allocates a large amount of memory. After several
+runs, you'll see that the amount of free memory has reduced and will
+continue to reduce after each run. All ARC CPUs are effected by this
+issue. The issue was introduced since the kernel stable release v5.15-rc1.
+
+As described in commit d9820ff after switch pgtable_t back to struct
+page *, a pointer to "struct page" and appropriate functions are used to
+allocate and free a memory page for PTEs, but the pmd_pgtable macro hasn't
+changed and returns the direct virtual address from the PMD (PGD) entry.
+Than this address used as a parameter in the __pte_free() and as a result
+this function couldn't release memory page allocated for PTEs.
+
+Fix this issue by changing the pmd_pgtable macro and returning pointer to
+struct page.
+
+Fixes: d9820ff76f95 ("ARC: mm: switch pgtable_t back to struct page *")
+Cc: Mike Rapoport <rppt@kernel.org>
+Cc: <stable@vger.kernel.org> # 5.15.x
+Signed-off-by: Pavel Kozlov <pavel.kozlov@synopsys.com>
+Signed-off-by: Vineet Gupta <vgupta@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/arc/include/asm/pgtable-levels.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/arch/arc/include/asm/pgtable-levels.h
++++ b/arch/arc/include/asm/pgtable-levels.h
+@@ -161,7 +161,7 @@
+ #define pmd_pfn(pmd) ((pmd_val(pmd) & PAGE_MASK) >> PAGE_SHIFT)
+ #define pmd_page(pmd) virt_to_page(pmd_page_vaddr(pmd))
+ #define set_pmd(pmdp, pmd) (*(pmdp) = pmd)
+-#define pmd_pgtable(pmd) ((pgtable_t) pmd_page_vaddr(pmd))
++#define pmd_pgtable(pmd) ((pgtable_t) pmd_page(pmd))
+
+ /*
+ * 4th level paging: pte
--- /dev/null
+From 4abc99652812a2ddf932f137515d5c5a04723538 Mon Sep 17 00:00:00 2001
+From: "Christian A. Ehrhardt" <lk@c--e.de>
+Date: Tue, 13 Sep 2022 14:17:23 +0200
+Subject: kernfs: fix use-after-free in __kernfs_remove
+
+From: Christian A. Ehrhardt <lk@c--e.de>
+
+commit 4abc99652812a2ddf932f137515d5c5a04723538 upstream.
+
+Syzkaller managed to trigger concurrent calls to
+kernfs_remove_by_name_ns() for the same file resulting in
+a KASAN detected use-after-free. The race occurs when the root
+node is freed during kernfs_drain().
+
+To prevent this acquire an additional reference for the root
+of the tree that is removed before calling __kernfs_remove().
+
+Found by syzkaller with the following reproducer (slab_nomerge is
+required):
+
+syz_mount_image$ext4(0x0, &(0x7f0000000100)='./file0\x00', 0x100000, 0x0, 0x0, 0x0, 0x0)
+r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0)
+close(r0)
+pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
+mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x408, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@mmap}, {@loose}, {@loose}, {@mmap}], [{@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@fsmagic={'fsmagic', 0x3d, 0x10001}}, {@dont_hash}]}})
+
+Sample report:
+
+==================================================================
+BUG: KASAN: use-after-free in kernfs_type include/linux/kernfs.h:335 [inline]
+BUG: KASAN: use-after-free in kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]
+BUG: KASAN: use-after-free in __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369
+Read of size 2 at addr ffff8880088807f0 by task syz-executor.2/857
+
+CPU: 0 PID: 857 Comm: syz-executor.2 Not tainted 6.0.0-rc3-00363-g7726d4c3e60b #5
+Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
+Call Trace:
+ <TASK>
+ __dump_stack lib/dump_stack.c:88 [inline]
+ dump_stack_lvl+0x6e/0x91 lib/dump_stack.c:106
+ print_address_description mm/kasan/report.c:317 [inline]
+ print_report.cold+0x5e/0x5e5 mm/kasan/report.c:433
+ kasan_report+0xa3/0x130 mm/kasan/report.c:495
+ kernfs_type include/linux/kernfs.h:335 [inline]
+ kernfs_leftmost_descendant fs/kernfs/dir.c:1261 [inline]
+ __kernfs_remove.part.0+0x843/0x960 fs/kernfs/dir.c:1369
+ __kernfs_remove fs/kernfs/dir.c:1356 [inline]
+ kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589
+ sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943
+ __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
+ create_cache mm/slab_common.c:229 [inline]
+ kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
+ p9_client_create+0xd4d/0x1190 net/9p/client.c:993
+ v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
+ v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
+ legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
+ vfs_get_tree+0x85/0x2e0 fs/super.c:1530
+ do_new_mount fs/namespace.c:3040 [inline]
+ path_mount+0x675/0x1d00 fs/namespace.c:3370
+ do_mount fs/namespace.c:3383 [inline]
+ __do_sys_mount fs/namespace.c:3591 [inline]
+ __se_sys_mount fs/namespace.c:3568 [inline]
+ __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x63/0xcd
+RIP: 0033:0x7f725f983aed
+Code: 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
+RSP: 002b:00007f725f0f7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
+RAX: ffffffffffffffda RBX: 00007f725faa3f80 RCX: 00007f725f983aed
+RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000
+RBP: 00007f725f9f419c R08: 0000000020000280 R09: 0000000000000000
+R10: 0000000000000408 R11: 0000000000000246 R12: 0000000000000000
+R13: 0000000000000006 R14: 00007f725faa3f80 R15: 00007f725f0d7000
+ </TASK>
+
+Allocated by task 855:
+ kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
+ kasan_set_track mm/kasan/common.c:45 [inline]
+ set_alloc_info mm/kasan/common.c:437 [inline]
+ __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:470
+ kasan_slab_alloc include/linux/kasan.h:224 [inline]
+ slab_post_alloc_hook mm/slab.h:727 [inline]
+ slab_alloc_node mm/slub.c:3243 [inline]
+ slab_alloc mm/slub.c:3251 [inline]
+ __kmem_cache_alloc_lru mm/slub.c:3258 [inline]
+ kmem_cache_alloc+0xbf/0x200 mm/slub.c:3268
+ kmem_cache_zalloc include/linux/slab.h:723 [inline]
+ __kernfs_new_node+0xd4/0x680 fs/kernfs/dir.c:593
+ kernfs_new_node fs/kernfs/dir.c:655 [inline]
+ kernfs_create_dir_ns+0x9c/0x220 fs/kernfs/dir.c:1010
+ sysfs_create_dir_ns+0x127/0x290 fs/sysfs/dir.c:59
+ create_dir lib/kobject.c:63 [inline]
+ kobject_add_internal+0x24a/0x8d0 lib/kobject.c:223
+ kobject_add_varg lib/kobject.c:358 [inline]
+ kobject_init_and_add+0x101/0x160 lib/kobject.c:441
+ sysfs_slab_add+0x156/0x1e0 mm/slub.c:5954
+ __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
+ create_cache mm/slab_common.c:229 [inline]
+ kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
+ p9_client_create+0xd4d/0x1190 net/9p/client.c:993
+ v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
+ v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
+ legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
+ vfs_get_tree+0x85/0x2e0 fs/super.c:1530
+ do_new_mount fs/namespace.c:3040 [inline]
+ path_mount+0x675/0x1d00 fs/namespace.c:3370
+ do_mount fs/namespace.c:3383 [inline]
+ __do_sys_mount fs/namespace.c:3591 [inline]
+ __se_sys_mount fs/namespace.c:3568 [inline]
+ __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+Freed by task 857:
+ kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38
+ kasan_set_track+0x21/0x30 mm/kasan/common.c:45
+ kasan_set_free_info+0x20/0x40 mm/kasan/generic.c:370
+ ____kasan_slab_free mm/kasan/common.c:367 [inline]
+ ____kasan_slab_free mm/kasan/common.c:329 [inline]
+ __kasan_slab_free+0x108/0x190 mm/kasan/common.c:375
+ kasan_slab_free include/linux/kasan.h:200 [inline]
+ slab_free_hook mm/slub.c:1754 [inline]
+ slab_free_freelist_hook mm/slub.c:1780 [inline]
+ slab_free mm/slub.c:3534 [inline]
+ kmem_cache_free+0x9c/0x340 mm/slub.c:3551
+ kernfs_put.part.0+0x2b2/0x520 fs/kernfs/dir.c:547
+ kernfs_put+0x42/0x50 fs/kernfs/dir.c:521
+ __kernfs_remove.part.0+0x72d/0x960 fs/kernfs/dir.c:1407
+ __kernfs_remove fs/kernfs/dir.c:1356 [inline]
+ kernfs_remove_by_name_ns+0x108/0x190 fs/kernfs/dir.c:1589
+ sysfs_slab_add+0x133/0x1e0 mm/slub.c:5943
+ __kmem_cache_create+0x3e0/0x550 mm/slub.c:4899
+ create_cache mm/slab_common.c:229 [inline]
+ kmem_cache_create_usercopy+0x167/0x2a0 mm/slab_common.c:335
+ p9_client_create+0xd4d/0x1190 net/9p/client.c:993
+ v9fs_session_init+0x1e6/0x13c0 fs/9p/v9fs.c:408
+ v9fs_mount+0xb9/0xbd0 fs/9p/vfs_super.c:126
+ legacy_get_tree+0xf1/0x200 fs/fs_context.c:610
+ vfs_get_tree+0x85/0x2e0 fs/super.c:1530
+ do_new_mount fs/namespace.c:3040 [inline]
+ path_mount+0x675/0x1d00 fs/namespace.c:3370
+ do_mount fs/namespace.c:3383 [inline]
+ __do_sys_mount fs/namespace.c:3591 [inline]
+ __se_sys_mount fs/namespace.c:3568 [inline]
+ __x64_sys_mount+0x282/0x300 fs/namespace.c:3568
+ do_syscall_x64 arch/x86/entry/common.c:50 [inline]
+ do_syscall_64+0x38/0x90 arch/x86/entry/common.c:80
+ entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+The buggy address belongs to the object at ffff888008880780
+ which belongs to the cache kernfs_node_cache of size 128
+The buggy address is located 112 bytes inside of
+ 128-byte region [ffff888008880780, ffff888008880800)
+
+The buggy address belongs to the physical page:
+page:00000000732833f8 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8880
+flags: 0x100000000000200(slab|node=0|zone=1)
+raw: 0100000000000200 0000000000000000 dead000000000122 ffff888001147280
+raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
+page dumped because: kasan: bad access detected
+
+Memory state around the buggy address:
+ ffff888008880680: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
+ ffff888008880700: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+>ffff888008880780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
+ ^
+ ffff888008880800: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
+ ffff888008880880: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
+==================================================================
+
+Acked-by: Tejun Heo <tj@kernel.org>
+Cc: stable <stable@kernel.org> # -rc3
+Signed-off-by: Christian A. Ehrhardt <lk@c--e.de>
+Link: https://lore.kernel.org/r/20220913121723.691454-1-lk@c--e.de
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/kernfs/dir.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/fs/kernfs/dir.c
++++ b/fs/kernfs/dir.c
+@@ -1585,8 +1585,11 @@ int kernfs_remove_by_name_ns(struct kern
+ down_write(&root->kernfs_rwsem);
+
+ kn = kernfs_find_ns(parent, name, ns);
+- if (kn)
++ if (kn) {
++ kernfs_get(kn);
+ __kernfs_remove(kn);
++ kernfs_put(kn);
++ }
+
+ up_write(&root->kernfs_rwsem);
+
--- /dev/null
+From cba04f3136b658583adb191556f99d087589c1cc Mon Sep 17 00:00:00 2001
+From: Adrian Hunter <adrian.hunter@intel.com>
+Date: Wed, 26 Oct 2022 10:27:36 +0300
+Subject: perf auxtrace: Fix address filter symbol name match for modules
+
+From: Adrian Hunter <adrian.hunter@intel.com>
+
+commit cba04f3136b658583adb191556f99d087589c1cc upstream.
+
+For modules, names from kallsyms__parse() contain the module name which
+meant that module symbols did not match exactly by name.
+
+Fix by matching the name string up to the separating tab character.
+
+Fixes: 1b36c03e356936d6 ("perf record: Add support for using symbols in address filters")
+Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Adrian Hunter <adrian.hunter@intel.com>
+Cc: Ian Rogers <irogers@google.com>
+Cc: Jiri Olsa <jolsa@kernel.org>
+Cc: Namhyung Kim <namhyung@kernel.org>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20221026072736.2982-1-adrian.hunter@intel.com
+Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ tools/perf/util/auxtrace.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/tools/perf/util/auxtrace.c
++++ b/tools/perf/util/auxtrace.c
+@@ -2308,11 +2308,19 @@ struct sym_args {
+ bool near;
+ };
+
++static bool kern_sym_name_match(const char *kname, const char *name)
++{
++ size_t n = strlen(name);
++
++ return !strcmp(kname, name) ||
++ (!strncmp(kname, name, n) && kname[n] == '\t');
++}
++
+ static bool kern_sym_match(struct sym_args *args, const char *name, char type)
+ {
+ /* A function with the same name, and global or the n'th found or any */
+ return kallsyms__is_function(type) &&
+- !strcmp(name, args->name) &&
++ kern_sym_name_match(name, args->name) &&
+ ((args->global && isupper(type)) ||
+ (args->selected && ++(args->cnt) == args->idx) ||
+ (!args->global && !args->selected));
--- /dev/null
+From 17747577bbcb496e1b1c4096d64c2fc1e7bc0fef Mon Sep 17 00:00:00 2001
+From: Siarhei Volkau <lis8215@gmail.com>
+Date: Sun, 16 Oct 2022 18:35:48 +0300
+Subject: pinctrl: Ingenic: JZ4755 bug fixes
+
+From: Siarhei Volkau <lis8215@gmail.com>
+
+commit 17747577bbcb496e1b1c4096d64c2fc1e7bc0fef upstream.
+
+Fixes UART1 function bits and MMC groups typo.
+
+For pins 0x97,0x99 function 0 is designated to PWM3/PWM5
+respectively, function is 1 designated to the UART1.
+
+Diff from v1:
+ - sent separately
+ - added tag Fixes
+
+Cc: stable@vger.kernel.org
+Fixes: b582b5a434d3 ("pinctrl: Ingenic: Add pinctrl driver for JZ4755.")
+Tested-by: Siarhei Volkau <lis8215@gmail.com>
+Signed-off-by: Siarhei Volkau <lis8215@gmail.com>
+Link: https://lore.kernel.org/r/20221016153548.3024209-1-lis8215@gmail.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/pinctrl-ingenic.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/pinctrl/pinctrl-ingenic.c
++++ b/drivers/pinctrl/pinctrl-ingenic.c
+@@ -667,7 +667,7 @@ static u8 jz4755_lcd_24bit_funcs[] = { 1
+ static const struct group_desc jz4755_groups[] = {
+ INGENIC_PIN_GROUP("uart0-data", jz4755_uart0_data, 0),
+ INGENIC_PIN_GROUP("uart0-hwflow", jz4755_uart0_hwflow, 0),
+- INGENIC_PIN_GROUP("uart1-data", jz4755_uart1_data, 0),
++ INGENIC_PIN_GROUP("uart1-data", jz4755_uart1_data, 1),
+ INGENIC_PIN_GROUP("uart2-data", jz4755_uart2_data, 1),
+ INGENIC_PIN_GROUP("ssi-dt-b", jz4755_ssi_dt_b, 0),
+ INGENIC_PIN_GROUP("ssi-dt-f", jz4755_ssi_dt_f, 0),
+@@ -721,7 +721,7 @@ static const char *jz4755_ssi_groups[] =
+ "ssi-ce1-b", "ssi-ce1-f",
+ };
+ static const char *jz4755_mmc0_groups[] = { "mmc0-1bit", "mmc0-4bit", };
+-static const char *jz4755_mmc1_groups[] = { "mmc0-1bit", "mmc0-4bit", };
++static const char *jz4755_mmc1_groups[] = { "mmc1-1bit", "mmc1-4bit", };
+ static const char *jz4755_i2c_groups[] = { "i2c-data", };
+ static const char *jz4755_cim_groups[] = { "cim-data", };
+ static const char *jz4755_lcd_groups[] = {
--- /dev/null
+From ff8356060e3a5e126abb5e1f6b6e9931c220dec2 Mon Sep 17 00:00:00 2001
+From: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+Date: Mon, 17 Oct 2022 18:33:03 +0530
+Subject: Revert "dt-bindings: pinctrl-zynqmp: Add output-enable configuration"
+
+From: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+
+commit ff8356060e3a5e126abb5e1f6b6e9931c220dec2 upstream.
+
+This reverts commit 133ad0d9af99bdca90705dadd8d31c20bfc9919f.
+
+On systems with older PMUFW (Xilinx ZynqMP Platform Management Firmware)
+using these pinctrl properties can cause system hang because there is
+missing feature autodetection.
+When this feature is implemented, support for these two properties should
+bring back.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+Acked-by: Michal Simek <michal.simek@amd.com>
+Link: https://lore.kernel.org/r/20221017130303.21746-3-sai.krishna.potthuri@amd.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ .../devicetree/bindings/pinctrl/xlnx,zynqmp-pinctrl.yaml | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/Documentation/devicetree/bindings/pinctrl/xlnx,zynqmp-pinctrl.yaml b/Documentation/devicetree/bindings/pinctrl/xlnx,zynqmp-pinctrl.yaml
+index 1e2b9b627b12..2722dc7bb03d 100644
+--- a/Documentation/devicetree/bindings/pinctrl/xlnx,zynqmp-pinctrl.yaml
++++ b/Documentation/devicetree/bindings/pinctrl/xlnx,zynqmp-pinctrl.yaml
+@@ -274,10 +274,6 @@ patternProperties:
+ slew-rate:
+ enum: [0, 1]
+
+- output-enable:
+- description:
+- This will internally disable the tri-state for MIO pins.
+-
+ drive-strength:
+ description:
+ Selects the drive strength for MIO pins, in mA.
+--
+2.38.1
+
--- /dev/null
+From 9989bc33c4894e0751679b91fc6eb585772487b9 Mon Sep 17 00:00:00 2001
+From: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+Date: Mon, 17 Oct 2022 18:33:02 +0530
+Subject: Revert "pinctrl: pinctrl-zynqmp: Add support for output-enable and bias-high-impedance"
+
+From: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+
+commit 9989bc33c4894e0751679b91fc6eb585772487b9 upstream.
+
+This reverts commit ad2bea79ef0144043721d4893eef719c907e2e63.
+
+On systems with older PMUFW (Xilinx ZynqMP Platform Management Firmware)
+using these pinctrl properties can cause system hang because there is
+missing feature autodetection.
+When this feature is implemented in the PMUFW, support for these two
+properties should bring back.
+
+Cc: stable@vger.kernel.org
+Signed-off-by: Sai Krishna Potthuri <sai.krishna.potthuri@amd.com>
+Acked-by: Michal Simek <michal.simek@amd.com>
+Link: https://lore.kernel.org/r/20221017130303.21746-2-sai.krishna.potthuri@amd.com
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/pinctrl/pinctrl-zynqmp.c | 9 ---------
+ 1 file changed, 9 deletions(-)
+
+diff --git a/drivers/pinctrl/pinctrl-zynqmp.c b/drivers/pinctrl/pinctrl-zynqmp.c
+index 7d2fbf8a02cd..c98f35ad8921 100644
+--- a/drivers/pinctrl/pinctrl-zynqmp.c
++++ b/drivers/pinctrl/pinctrl-zynqmp.c
+@@ -412,10 +412,6 @@ static int zynqmp_pinconf_cfg_set(struct pinctrl_dev *pctldev,
+
+ break;
+ case PIN_CONFIG_BIAS_HIGH_IMPEDANCE:
+- param = PM_PINCTRL_CONFIG_TRI_STATE;
+- arg = PM_PINCTRL_TRI_STATE_ENABLE;
+- ret = zynqmp_pm_pinctrl_set_config(pin, param, arg);
+- break;
+ case PIN_CONFIG_MODE_LOW_POWER:
+ /*
+ * These cases are mentioned in dts but configurable
+@@ -424,11 +420,6 @@ static int zynqmp_pinconf_cfg_set(struct pinctrl_dev *pctldev,
+ */
+ ret = 0;
+ break;
+- case PIN_CONFIG_OUTPUT_ENABLE:
+- param = PM_PINCTRL_CONFIG_TRI_STATE;
+- arg = PM_PINCTRL_TRI_STATE_DISABLE;
+- ret = zynqmp_pm_pinctrl_set_config(pin, param, arg);
+- break;
+ default:
+ dev_warn(pctldev->dev,
+ "unsupported configuration parameter '%u'\n",
+--
+2.38.1
+
--- /dev/null
+From aa127a069ef312aca02b730d5137e1778d0c3ba7 Mon Sep 17 00:00:00 2001
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+Date: Fri, 16 Sep 2022 15:01:36 +0200
+Subject: s390/boot: add secure boot trailer
+
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+
+commit aa127a069ef312aca02b730d5137e1778d0c3ba7 upstream.
+
+This patch enhances the kernel image adding a trailer as required for
+secure boot by future firmware versions.
+
+Cc: <stable@vger.kernel.org> # 5.2+
+Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Reviewed-by: Sven Schnelle <svens@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/boot/vmlinux.lds.S | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+--- a/arch/s390/boot/vmlinux.lds.S
++++ b/arch/s390/boot/vmlinux.lds.S
+@@ -102,8 +102,17 @@ SECTIONS
+ _compressed_start = .;
+ *(.vmlinux.bin.compressed)
+ _compressed_end = .;
+- FILL(0xff);
+- . = ALIGN(4096);
++ }
++
++#define SB_TRAILER_SIZE 32
++ /* Trailer needed for Secure Boot */
++ . += SB_TRAILER_SIZE; /* make sure .sb.trailer does not overwrite the previous section */
++ . = ALIGN(4096) - SB_TRAILER_SIZE;
++ .sb.trailer : {
++ QUAD(0)
++ QUAD(0)
++ QUAD(0)
++ QUAD(0x000000207a49504c)
+ }
+ _end = .;
+
--- /dev/null
+From 1b6074112742f65ece71b0f299ca5a6a887d2db6 Mon Sep 17 00:00:00 2001
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+Date: Fri, 14 Oct 2022 12:24:58 +0200
+Subject: s390/cio: fix out-of-bounds access on cio_ignore free
+
+From: Peter Oberparleiter <oberpar@linux.ibm.com>
+
+commit 1b6074112742f65ece71b0f299ca5a6a887d2db6 upstream.
+
+The channel-subsystem-driver scans for newly available devices whenever
+device-IDs are removed from the cio_ignore list using a command such as:
+
+ echo free >/proc/cio_ignore
+
+Since an I/O device scan might interfer with running I/Os, commit
+172da89ed0ea ("s390/cio: avoid excessive path-verification requests")
+introduced an optimization to exclude online devices from the scan.
+
+The newly added check for online devices incorrectly assumes that
+an I/O-subchannel's drvdata points to a struct io_subchannel_private.
+For devices that are bound to a non-default I/O subchannel driver, such
+as the vfio_ccw driver, this results in an out-of-bounds read access
+during each scan.
+
+Fix this by changing the scan logic to rely on a driver-independent
+online indication. For this we can use struct subchannel->config.ena,
+which is the driver's requested subchannel-enabled state. Since I/Os
+can only be started on enabled subchannels, this matches the intent
+of the original optimization of not scanning devices where I/O might
+be running.
+
+Fixes: 172da89ed0ea ("s390/cio: avoid excessive path-verification requests")
+Fixes: 0c3812c347bf ("s390/cio: derive cdev information only for IO-subchannels")
+Cc: <stable@vger.kernel.org> # v5.15
+Reported-by: Alexander Egorenkov <egorenar@linux.ibm.com>
+Reviewed-by: Vineeth Vijayan <vneethv@linux.ibm.com>
+Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/s390/cio/css.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+--- a/drivers/s390/cio/css.c
++++ b/drivers/s390/cio/css.c
+@@ -753,13 +753,9 @@ static int __unset_online(struct device
+ {
+ struct idset *set = data;
+ struct subchannel *sch = to_subchannel(dev);
+- struct ccw_device *cdev;
+
+- if (sch->st == SUBCHANNEL_TYPE_IO) {
+- cdev = sch_get_cdev(sch);
+- if (cdev && cdev->online)
+- idset_sch_del(set, sch->schid);
+- }
++ if (sch->st == SUBCHANNEL_TYPE_IO && sch->config.ena)
++ idset_sch_del(set, sch->schid);
+
+ return 0;
+ }
--- /dev/null
+From a262d3ad6a433e4080cecd0a8841104a5906355e Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <hca@linux.ibm.com>
+Date: Tue, 18 Oct 2022 13:44:11 +0200
+Subject: s390/futex: add missing EX_TABLE entry to __futex_atomic_op()
+
+From: Heiko Carstens <hca@linux.ibm.com>
+
+commit a262d3ad6a433e4080cecd0a8841104a5906355e upstream.
+
+For some exception types the instruction address points behind the
+instruction that caused the exception. Take that into account and add
+the missing exception table entry.
+
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/include/asm/futex.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/s390/include/asm/futex.h
++++ b/arch/s390/include/asm/futex.h
+@@ -17,7 +17,8 @@
+ "3: jl 1b\n" \
+ " lhi %0,0\n" \
+ "4: sacf 768\n" \
+- EX_TABLE(0b,4b) EX_TABLE(2b,4b) EX_TABLE(3b,4b) \
++ EX_TABLE(0b,4b) EX_TABLE(1b,4b) \
++ EX_TABLE(2b,4b) EX_TABLE(3b,4b) \
+ : "=d" (ret), "=&d" (oldval), "=&d" (newval), \
+ "=m" (*uaddr) \
+ : "0" (-EFAULT), "d" (oparg), "a" (uaddr), \
--- /dev/null
+From 6ec803025cf3173a57222e4411097166bd06fa98 Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <hca@linux.ibm.com>
+Date: Tue, 18 Oct 2022 13:48:34 +0200
+Subject: s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser()
+
+From: Heiko Carstens <hca@linux.ibm.com>
+
+commit 6ec803025cf3173a57222e4411097166bd06fa98 upstream.
+
+For some exception types the instruction address points behind the
+instruction that caused the exception. Take that into account and add
+the missing exception table entry.
+
+Cc: <stable@vger.kernel.org>
+Fixes: f058599e22d5 ("s390/pci: Fix s390_mmio_read/write with MIO")
+Reviewed-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/pci/pci_mmio.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+--- a/arch/s390/pci/pci_mmio.c
++++ b/arch/s390/pci/pci_mmio.c
+@@ -64,7 +64,7 @@ static inline int __pcistg_mio_inuser(
+ asm volatile (
+ " sacf 256\n"
+ "0: llgc %[tmp],0(%[src])\n"
+- " sllg %[val],%[val],8\n"
++ "4: sllg %[val],%[val],8\n"
+ " aghi %[src],1\n"
+ " ogr %[val],%[tmp]\n"
+ " brctg %[cnt],0b\n"
+@@ -72,7 +72,7 @@ static inline int __pcistg_mio_inuser(
+ "2: ipm %[cc]\n"
+ " srl %[cc],28\n"
+ "3: sacf 768\n"
+- EX_TABLE(0b, 3b) EX_TABLE(1b, 3b) EX_TABLE(2b, 3b)
++ EX_TABLE(0b, 3b) EX_TABLE(4b, 3b) EX_TABLE(1b, 3b) EX_TABLE(2b, 3b)
+ :
+ [src] "+a" (src), [cnt] "+d" (cnt),
+ [val] "+d" (val), [tmp] "=d" (tmp),
+@@ -215,10 +215,10 @@ static inline int __pcilg_mio_inuser(
+ "2: ahi %[shift],-8\n"
+ " srlg %[tmp],%[val],0(%[shift])\n"
+ "3: stc %[tmp],0(%[dst])\n"
+- " aghi %[dst],1\n"
++ "5: aghi %[dst],1\n"
+ " brctg %[cnt],2b\n"
+ "4: sacf 768\n"
+- EX_TABLE(0b, 4b) EX_TABLE(1b, 4b) EX_TABLE(3b, 4b)
++ EX_TABLE(0b, 4b) EX_TABLE(1b, 4b) EX_TABLE(3b, 4b) EX_TABLE(5b, 4b)
+ :
+ [ioaddr_len] "+&d" (ioaddr_len.pair),
+ [cc] "+d" (cc), [val] "=d" (val),
--- /dev/null
+From 4e1b5a86a5edfbefc9396d41b0fc1a2ebd0101b6 Mon Sep 17 00:00:00 2001
+From: Heiko Carstens <hca@linux.ibm.com>
+Date: Tue, 18 Oct 2022 13:39:43 +0200
+Subject: s390/uaccess: add missing EX_TABLE entries to __clear_user()
+
+From: Heiko Carstens <hca@linux.ibm.com>
+
+commit 4e1b5a86a5edfbefc9396d41b0fc1a2ebd0101b6 upstream.
+
+For some exception types the instruction address points behind the
+instruction that caused the exception. Take that into account and add
+the missing exception table entries.
+
+Cc: <stable@vger.kernel.org>
+Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Heiko Carstens <hca@linux.ibm.com>
+Signed-off-by: Vasily Gorbik <gor@linux.ibm.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/s390/lib/uaccess.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/arch/s390/lib/uaccess.c
++++ b/arch/s390/lib/uaccess.c
+@@ -156,7 +156,7 @@ unsigned long __clear_user(void __user *
+ asm volatile(
+ " lr 0,%[spec]\n"
+ "0: mvcos 0(%1),0(%4),%0\n"
+- " jz 4f\n"
++ "6: jz 4f\n"
+ "1: algr %0,%2\n"
+ " slgr %1,%2\n"
+ " j 0b\n"
+@@ -166,11 +166,11 @@ unsigned long __clear_user(void __user *
+ " clgr %0,%3\n" /* copy crosses next page boundary? */
+ " jnh 5f\n"
+ "3: mvcos 0(%1),0(%4),%3\n"
+- " slgr %0,%3\n"
++ "7: slgr %0,%3\n"
+ " j 5f\n"
+ "4: slgr %0,%0\n"
+ "5:\n"
+- EX_TABLE(0b,2b) EX_TABLE(3b,5b)
++ EX_TABLE(0b,2b) EX_TABLE(6b,2b) EX_TABLE(3b,5b) EX_TABLE(7b,5b)
+ : "+a" (size), "+a" (to), "+a" (tmp1), "=a" (tmp2)
+ : "a" (empty_zero_page), [spec] "d" (spec.val)
+ : "cc", "memory", "0");
mm-kmemleak-prevent-soft-lockup-in-kmemleak_scan-s-object-iteration-loops.patch
mm-huge_memory-do-not-clobber-swp_entry_t-during-thp-split.patch
mm-prep_compound_tail-clear-page-private.patch
+kernfs-fix-use-after-free-in-__kernfs_remove.patch
+revert-dt-bindings-pinctrl-zynqmp-add-output-enable-configuration.patch
+pinctrl-ingenic-jz4755-bug-fixes.patch
+revert-pinctrl-pinctrl-zynqmp-add-support-for-output-enable-and-bias-high-impedance.patch
+arc-mm-fix-leakage-of-memory-allocated-for-pte.patch
+perf-auxtrace-fix-address-filter-symbol-name-match-for-modules.patch
+s390-boot-add-secure-boot-trailer.patch
+s390-cio-fix-out-of-bounds-access-on-cio_ignore-free.patch
+s390-uaccess-add-missing-ex_table-entries-to-__clear_user.patch
+s390-futex-add-missing-ex_table-entry-to-__futex_atomic_op.patch
+s390-pci-add-missing-ex_table-entries-to-__pcistg_mio_inuser-__pcilg_mio_inuser.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
