--- /dev/null
+From a4f9f0dcdb108413a1f36692d6a8d79b17f767ad Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 12 Feb 2024 13:55:34 -0800
+Subject: drm/crtc: fix uninitialized variable use even harder
+
+From: Rob Clark <robdclark@chromium.org>
+
+[ Upstream commit b6802b61a9d0e99dcfa6fff7c50db7c48a9623d3 ]
+
+DRM_MODESET_LOCK_ALL_BEGIN() has a hidden trap-door (aka retry loop),
+which means we can't rely too much on variable initializers.
+
+Fixes: 6e455f5dcdd1 ("drm/crtc: fix uninitialized variable use")
+Signed-off-by: Rob Clark <robdclark@chromium.org>
+Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
+Reviewed-by: Abhinav Kumar <quic_abhinavk@quicinc.com>
+Reviewed-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Tested-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> # sc7180, sdm845
+Link: https://patchwork.freedesktop.org/patch/msgid/20240212215534.190682-1-robdclark@gmail.com
+Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/drm_crtc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c
+index c5e0c652766c8..e8cee1891fd60 100644
+--- a/drivers/gpu/drm/drm_crtc.c
++++ b/drivers/gpu/drm/drm_crtc.c
+@@ -832,6 +832,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data,
+ connector_set = NULL;
+ fb = NULL;
+ mode = NULL;
++ num_connectors = 0;
+
+ DRM_MODESET_LOCK_ALL_END(dev, ctx, ret);
+
+--
+2.43.0
+
--- /dev/null
+From c2361eff8735c40ff9fdbf21bc60ba32803f12e9 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 23 Jul 2024 16:51:18 +0300
+Subject: fs/ntfs3: Refactor enum_rstbl to suppress static checker
+
+From: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+
+[ Upstream commit 56c16d5459d5c050a97a138a00a82b105a8e0a66 ]
+
+Comments and brief description of function enum_rstbl added.
+
+Fixes: b46acd6a6a62 ("fs/ntfs3: Add NTFS journal")
+Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
+Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ntfs3/fslog.c | 19 +++++++++++++++++--
+ 1 file changed, 17 insertions(+), 2 deletions(-)
+
+diff --git a/fs/ntfs3/fslog.c b/fs/ntfs3/fslog.c
+index ba4dc7385b446..6fddedca71f32 100644
+--- a/fs/ntfs3/fslog.c
++++ b/fs/ntfs3/fslog.c
+@@ -609,14 +609,29 @@ static inline void add_client(struct CLIENT_REC *ca, u16 index, __le16 *head)
+ *head = cpu_to_le16(index);
+ }
+
++/*
++ * Enumerate restart table.
++ *
++ * @t - table to enumerate.
++ * @c - current enumerated element.
++ *
++ * enumeration starts with @c == NULL
++ * returns next element or NULL
++ */
+ static inline void *enum_rstbl(struct RESTART_TABLE *t, void *c)
+ {
+ __le32 *e;
+ u32 bprt;
+- u16 rsize = t ? le16_to_cpu(t->size) : 0;
++ u16 rsize;
++
++ if (!t)
++ return NULL;
++
++ rsize = le16_to_cpu(t->size);
+
+ if (!c) {
+- if (!t || !t->total)
++ /* start enumeration. */
++ if (!t->total)
+ return NULL;
+ e = Add2Ptr(t, sizeof(struct RESTART_TABLE));
+ } else {
+--
+2.43.0
+
--- /dev/null
+From 0f6a230af237970930344453172e87ab8aaf4295 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 9 Oct 2024 05:41:48 +0000
+Subject: Input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal
+
+From: Mathias Krause <minipli@grsecurity.net>
+
+commit fbf8d71742557abaf558d8efb96742d442720cc2 upstream.
+
+Calling irq_domain_remove() will lead to freeing the IRQ domain
+prematurely. The domain is still referenced and will be attempted to get
+used via rmi_free_function_list() -> rmi_unregister_function() ->
+irq_dispose_mapping() -> irq_get_irq_data()'s ->domain pointer.
+
+With PaX's MEMORY_SANITIZE this will lead to an access fault when
+attempting to dereference embedded pointers, as in Torsten's report that
+was faulting on the 'domain->ops->unmap' test.
+
+Fix this by releasing the IRQ domain only after all related IRQs have
+been deactivated.
+
+Fixes: 24d28e4f1271 ("Input: synaptics-rmi4 - convert irq distribution to irq_domain")
+Reported-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
+Signed-off-by: Mathias Krause <minipli@grsecurity.net>
+Link: https://lore.kernel.org/r/20240222142654.856566-1-minipli@grsecurity.net
+Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
+Signed-off-by: Tzung-Bi Shih <tzungbi@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/input/rmi4/rmi_driver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/input/rmi4/rmi_driver.c b/drivers/input/rmi4/rmi_driver.c
+index aa32371f04af6..ef9ea295f9e03 100644
+--- a/drivers/input/rmi4/rmi_driver.c
++++ b/drivers/input/rmi4/rmi_driver.c
+@@ -978,12 +978,12 @@ static int rmi_driver_remove(struct device *dev)
+
+ rmi_disable_irq(rmi_dev, false);
+
+- irq_domain_remove(data->irqdomain);
+- data->irqdomain = NULL;
+-
+ rmi_f34_remove_sysfs(rmi_dev);
+ rmi_free_function_list(rmi_dev);
+
++ irq_domain_remove(data->irqdomain);
++ data->irqdomain = NULL;
++
+ return 0;
+ }
+
+--
+2.43.0
+
--- /dev/null
+From 4cd3a9246294bf5ea9a9ffc8293ddfcf88b46466 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 6 Jan 2024 01:12:22 +0100
+Subject: net: ethernet: cortina: Drop TSO support
+
+From: Linus Walleij <linus.walleij@linaro.org>
+
+[ Upstream commit ac631873c9e7a50d2a8de457cfc4b9f86666403e ]
+
+The recent change to allow large frames without hardware checksumming
+slotted in software checksumming in the driver if hardware could not
+do it.
+
+This will however upset TSO (TCP Segment Offloading). Typical
+error dumps includes this:
+
+skb len=2961 headroom=222 headlen=66 tailroom=0
+(...)
+WARNING: CPU: 0 PID: 956 at net/core/dev.c:3259 skb_warn_bad_offload+0x7c/0x108
+gemini-ethernet-port: caps=(0x0000010000154813, 0x00002007ffdd7889)
+
+And the packets do not go through.
+
+The TSO implementation is bogus: a TSO enabled driver must propagate
+the skb_shinfo(skb)->gso_size value to the TSO engine on the NIC.
+
+Drop the size check and TSO offloading features for now: this
+needs to be fixed up properly.
+
+After this ethernet works fine on Gemini devices with a direct connected
+PHY such as D-Link DNS-313.
+
+Also tested to still be working with a DSA switch using the Gemini
+ethernet as conduit interface.
+
+Link: https://lore.kernel.org/netdev/CANn89iJLfxng1sYL5Zk0mknXpyYQPCp83m3KgD2KJ2_hKCpEUg@mail.gmail.com/
+Suggested-by: Eric Dumazet <edumazet@google.com>
+Fixes: d4d0c5b4d279 ("net: ethernet: cortina: Handle large frames")
+Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
+Reviewed-by: Eric Dumazet <edumazet@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/net/ethernet/cortina/gemini.c | 15 ++-------------
+ 1 file changed, 2 insertions(+), 13 deletions(-)
+
+diff --git a/drivers/net/ethernet/cortina/gemini.c b/drivers/net/ethernet/cortina/gemini.c
+index 0c8c92ff7704f..3a11dccec8c1b 100644
+--- a/drivers/net/ethernet/cortina/gemini.c
++++ b/drivers/net/ethernet/cortina/gemini.c
+@@ -79,8 +79,7 @@ MODULE_PARM_DESC(debug, "Debug level (0=none,...,16=all)");
+ #define GMAC0_IRQ4_8 (GMAC0_MIB_INT_BIT | GMAC0_RX_OVERRUN_INT_BIT)
+
+ #define GMAC_OFFLOAD_FEATURES (NETIF_F_SG | NETIF_F_IP_CSUM | \
+- NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM | \
+- NETIF_F_TSO | NETIF_F_TSO_ECN | NETIF_F_TSO6)
++ NETIF_F_IPV6_CSUM | NETIF_F_RXCSUM)
+
+ /**
+ * struct gmac_queue_page - page buffer per-page info
+@@ -1148,23 +1147,13 @@ static int gmac_map_tx_bufs(struct net_device *netdev, struct sk_buff *skb,
+ struct gmac_txdesc *txd;
+ skb_frag_t *skb_frag;
+ dma_addr_t mapping;
+- unsigned short mtu;
+ void *buffer;
+ int ret;
+
+- mtu = ETH_HLEN;
+- mtu += netdev->mtu;
+- if (skb->protocol == htons(ETH_P_8021Q))
+- mtu += VLAN_HLEN;
+-
++ /* TODO: implement proper TSO using MTU in word3 */
+ word1 = skb->len;
+ word3 = SOF_BIT;
+
+- if (word1 > mtu) {
+- word1 |= TSS_MTU_ENABLE_BIT;
+- word3 |= mtu;
+- }
+-
+ if (skb->len >= ETH_FRAME_LEN) {
+ /* Hardware offloaded checksumming isn't working on frames
+ * bigger than 1514 bytes. A hypothesis about this is that the
+--
+2.43.0
+
--- /dev/null
+From 64d505a1045b9d1aba5aec6db6fd1d7e702beef7 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 1 Nov 2022 14:48:08 -0400
+Subject: selftests/net: give more time to udpgro bg processes to complete
+ startup
+
+From: Adrien Thierry <athierry@redhat.com>
+
+[ Upstream commit cdb525ca92b196f8916102b62431aa0d9a644ff2 ]
+
+In some conditions, background processes in udpgro don't have enough
+time to set up the sockets. When foreground processes start, this
+results in the test failing with "./udpgso_bench_tx: sendmsg: Connection
+refused". For instance, this happens from time to time on a Qualcomm
+SA8540P SoC running CentOS Stream 9.
+
+To fix this, increase the time given to background processes to
+complete the startup before foreground processes start.
+
+Signed-off-by: Adrien Thierry <athierry@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: 9d851dd4dab6 ("selftests: net: Remove executable bits from library scripts")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/udpgro.sh | 4 ++--
+ tools/testing/selftests/net/udpgro_bench.sh | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh
+index ebbd0b2824327..6a443ca3cd3a4 100755
+--- a/tools/testing/selftests/net/udpgro.sh
++++ b/tools/testing/selftests/net/udpgro.sh
+@@ -50,7 +50,7 @@ run_one() {
+ echo "failed" &
+
+ # Hack: let bg programs complete the startup
+- sleep 0.1
++ sleep 0.2
+ ./udpgso_bench_tx ${tx_args}
+ ret=$?
+ wait $(jobs -p)
+@@ -117,7 +117,7 @@ run_one_2sock() {
+ echo "failed" &
+
+ # Hack: let bg programs complete the startup
+- sleep 0.1
++ sleep 0.2
+ ./udpgso_bench_tx ${tx_args} -p 12345
+ sleep 0.1
+ # first UDP GSO socket should be closed at this point
+diff --git a/tools/testing/selftests/net/udpgro_bench.sh b/tools/testing/selftests/net/udpgro_bench.sh
+index fad2d1a71cac3..8a1109a545dba 100755
+--- a/tools/testing/selftests/net/udpgro_bench.sh
++++ b/tools/testing/selftests/net/udpgro_bench.sh
+@@ -39,7 +39,7 @@ run_one() {
+ ip netns exec "${PEER_NS}" ./udpgso_bench_rx -t ${rx_args} -r &
+
+ # Hack: let bg programs complete the startup
+- sleep 0.1
++ sleep 0.2
+ ./udpgso_bench_tx ${tx_args}
+ }
+
+--
+2.43.0
+
--- /dev/null
+From 476a489abb7a581d9182f5cdd6381a1f30f11595 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 31 Jan 2024 09:08:46 -0500
+Subject: selftests: net: Remove executable bits from library scripts
+
+From: Benjamin Poirier <bpoirier@nvidia.com>
+
+[ Upstream commit 9d851dd4dab63e95c1911a2fa847796d1ec5d58d ]
+
+setup_loopback.sh and net_helper.sh are meant to be sourced from other
+scripts, not executed directly. Therefore, remove the executable bits from
+those files' permissions.
+
+This change is similar to commit 49078c1b80b6 ("selftests: forwarding:
+Remove executable bits from lib.sh")
+
+Fixes: 7d1575014a63 ("selftests/net: GRO coalesce test")
+Fixes: 3bdd9fd29cb0 ("selftests/net: synchronize udpgro tests' tx and rx connection")
+Suggested-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
+Link: https://lore.kernel.org/r/20240131140848.360618-4-bpoirier@nvidia.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/net_helper.sh | 0
+ tools/testing/selftests/net/setup_loopback.sh | 0
+ 2 files changed, 0 insertions(+), 0 deletions(-)
+ mode change 100755 => 100644 tools/testing/selftests/net/net_helper.sh
+ mode change 100755 => 100644 tools/testing/selftests/net/setup_loopback.sh
+
+diff --git a/tools/testing/selftests/net/net_helper.sh b/tools/testing/selftests/net/net_helper.sh
+old mode 100755
+new mode 100644
+diff --git a/tools/testing/selftests/net/setup_loopback.sh b/tools/testing/selftests/net/setup_loopback.sh
+old mode 100755
+new mode 100644
+--
+2.43.0
+
--- /dev/null
+From 219f48d2cf111e7b58fe1c6d9cd1688db59841b4 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Nov 2023 10:11:31 -0500
+Subject: selftests/net: synchronize udpgro tests' tx and rx connection
+
+From: Lucas Karpinski <lkarpins@redhat.com>
+
+[ Upstream commit 3bdd9fd29cb0f136b307559a19c107210ad5c314 ]
+
+The sockets used by udpgso_bench_tx aren't always ready when
+udpgso_bench_tx transmits packets. This issue is more prevalent in -rt
+kernels, but can occur in both. Replace the hacky sleep calls with a
+function that checks whether the ports in the namespace are ready for
+use.
+
+Suggested-by: Paolo Abeni <pabeni@redhat.com>
+Signed-off-by: Lucas Karpinski <lkarpins@redhat.com>
+Reviewed-by: Willem de Bruijn <willemb@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Stable-dep-of: 9d851dd4dab6 ("selftests: net: Remove executable bits from library scripts")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ tools/testing/selftests/net/net_helper.sh | 22 +++++++++++++++++++++
+ tools/testing/selftests/net/udpgro.sh | 13 ++++++------
+ tools/testing/selftests/net/udpgro_bench.sh | 5 +++--
+ 3 files changed, 31 insertions(+), 9 deletions(-)
+ create mode 100755 tools/testing/selftests/net/net_helper.sh
+
+diff --git a/tools/testing/selftests/net/net_helper.sh b/tools/testing/selftests/net/net_helper.sh
+new file mode 100755
+index 0000000000000..4fe0befa13fbc
+--- /dev/null
++++ b/tools/testing/selftests/net/net_helper.sh
+@@ -0,0 +1,22 @@
++#!/bin/bash
++# SPDX-License-Identifier: GPL-2.0
++#
++# Helper functions
++
++wait_local_port_listen()
++{
++ local listener_ns="${1}"
++ local port="${2}"
++ local protocol="${3}"
++ local port_hex
++ local i
++
++ port_hex="$(printf "%04X" "${port}")"
++ for i in $(seq 10); do
++ if ip netns exec "${listener_ns}" cat /proc/net/"${protocol}"* | \
++ grep -q "${port_hex}"; then
++ break
++ fi
++ sleep 0.1
++ done
++}
+diff --git a/tools/testing/selftests/net/udpgro.sh b/tools/testing/selftests/net/udpgro.sh
+index 6a443ca3cd3a4..41d85eb745b7b 100755
+--- a/tools/testing/selftests/net/udpgro.sh
++++ b/tools/testing/selftests/net/udpgro.sh
+@@ -3,6 +3,8 @@
+ #
+ # Run a series of udpgro functional tests.
+
++source net_helper.sh
++
+ readonly PEER_NS="ns-peer-$(mktemp -u XXXXXX)"
+
+ # set global exit status, but never reset nonzero one.
+@@ -49,8 +51,7 @@ run_one() {
+ echo "ok" || \
+ echo "failed" &
+
+- # Hack: let bg programs complete the startup
+- sleep 0.2
++ wait_local_port_listen ${PEER_NS} 8000 udp
+ ./udpgso_bench_tx ${tx_args}
+ ret=$?
+ wait $(jobs -p)
+@@ -95,7 +96,7 @@ run_one_nat() {
+ echo "ok" || \
+ echo "failed"&
+
+- sleep 0.1
++ wait_local_port_listen "${PEER_NS}" 8000 udp
+ ./udpgso_bench_tx ${tx_args}
+ ret=$?
+ kill -INT $pid
+@@ -116,11 +117,9 @@ run_one_2sock() {
+ echo "ok" || \
+ echo "failed" &
+
+- # Hack: let bg programs complete the startup
+- sleep 0.2
++ wait_local_port_listen "${PEER_NS}" 12345 udp
+ ./udpgso_bench_tx ${tx_args} -p 12345
+- sleep 0.1
+- # first UDP GSO socket should be closed at this point
++ wait_local_port_listen "${PEER_NS}" 8000 udp
+ ./udpgso_bench_tx ${tx_args}
+ ret=$?
+ wait $(jobs -p)
+diff --git a/tools/testing/selftests/net/udpgro_bench.sh b/tools/testing/selftests/net/udpgro_bench.sh
+index 8a1109a545dba..12e7b48355b27 100755
+--- a/tools/testing/selftests/net/udpgro_bench.sh
++++ b/tools/testing/selftests/net/udpgro_bench.sh
+@@ -3,6 +3,8 @@
+ #
+ # Run a series of udpgro benchmarks
+
++source net_helper.sh
++
+ readonly PEER_NS="ns-peer-$(mktemp -u XXXXXX)"
+
+ cleanup() {
+@@ -38,8 +40,7 @@ run_one() {
+ ip netns exec "${PEER_NS}" ./udpgso_bench_rx ${rx_args} -r &
+ ip netns exec "${PEER_NS}" ./udpgso_bench_rx -t ${rx_args} -r &
+
+- # Hack: let bg programs complete the startup
+- sleep 0.2
++ wait_local_port_listen "${PEER_NS}" 8000 udp
+ ./udpgso_bench_tx ${tx_args}
+ }
+
+--
+2.43.0
+
clk-imx6ul-fix-failed-to-get-parent-error.patch
alsa-usb-audio-fix-possible-null-pointer-dereference-in-snd_usb_pcm_has_fixed_rate.patch
unicode-don-t-special-case-ignorable-code-points.patch
+net-ethernet-cortina-drop-tso-support.patch
+tracing-remove-precision-vsnprintf-check-from-print-.patch
+drm-crtc-fix-uninitialized-variable-use-even-harder.patch
+tracing-have-saved_cmdlines-arrays-all-in-one-alloca.patch
+selftests-net-give-more-time-to-udpgro-bg-processes-.patch
+selftests-net-synchronize-udpgro-tests-tx-and-rx-con.patch
+selftests-net-remove-executable-bits-from-library-sc.patch
+fs-ntfs3-refactor-enum_rstbl-to-suppress-static-chec.patch
+virtio_console-fix-misc-probe-bugs.patch
+input-synaptics-rmi4-fix-uaf-of-irq-domain-on-driver.patch
--- /dev/null
+From b0ce4fb6128cf83afc48d6cad1122f915b7a673b Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 20 Feb 2024 09:06:14 -0500
+Subject: tracing: Have saved_cmdlines arrays all in one allocation
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+[ Upstream commit 0b18c852cc6fb8284ac0ab97e3e840974a6a8a64 ]
+
+The saved_cmdlines have three arrays for mapping PIDs to COMMs:
+
+ - map_pid_to_cmdline[]
+ - map_cmdline_to_pid[]
+ - saved_cmdlines
+
+The map_pid_to_cmdline[] is PID_MAX_DEFAULT in size and holds the index
+into the other arrays. The map_cmdline_to_pid[] is a mapping back to the
+full pid as it can be larger than PID_MAX_DEFAULT. And the
+saved_cmdlines[] just holds the COMMs associated to the pids.
+
+Currently the map_pid_to_cmdline[] and saved_cmdlines[] are allocated
+together (in reality the saved_cmdlines is just in the memory of the
+rounding of the allocation of the structure as it is always allocated in
+powers of two). The map_cmdline_to_pid[] array is allocated separately.
+
+Since the rounding to a power of two is rather large (it allows for 8000
+elements in saved_cmdlines), also include the map_cmdline_to_pid[] array.
+(This drops it to 6000 by default, which is still plenty for most use
+cases). This saves even more memory as the map_cmdline_to_pid[] array
+doesn't need to be allocated.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20240212174011.068211d9@gandalf.local.home/
+Link: https://lore.kernel.org/linux-trace-kernel/20240220140703.182330529@goodmis.org
+
+Cc: Mark Rutland <mark.rutland@arm.com>
+Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Cc: Andrew Morton <akpm@linux-foundation.org>
+Cc: Tim Chen <tim.c.chen@linux.intel.com>
+Cc: Vincent Donnefort <vdonnefort@google.com>
+Cc: Sven Schnelle <svens@linux.ibm.com>
+Cc: Mete Durlu <meted@linux.ibm.com>
+Fixes: 44dc5c41b5b1 ("tracing: Fix wasted memory in saved_cmdlines logic")
+Acked-by: Masami Hiramatsu (Google) <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace.c | 18 ++++++++----------
+ 1 file changed, 8 insertions(+), 10 deletions(-)
+
+diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
+index a1d034b7300ac..b199b0c7cba09 100644
+--- a/kernel/trace/trace.c
++++ b/kernel/trace/trace.c
+@@ -2241,6 +2241,10 @@ struct saved_cmdlines_buffer {
+ };
+ static struct saved_cmdlines_buffer *savedcmd;
+
++/* Holds the size of a cmdline and pid element */
++#define SAVED_CMDLINE_MAP_ELEMENT_SIZE(s) \
++ (TASK_COMM_LEN + sizeof((s)->map_cmdline_to_pid[0]))
++
+ static inline char *get_saved_cmdlines(int idx)
+ {
+ return &savedcmd->saved_cmdlines[idx * TASK_COMM_LEN];
+@@ -2255,7 +2259,6 @@ static void free_saved_cmdlines_buffer(struct saved_cmdlines_buffer *s)
+ {
+ int order = get_order(sizeof(*s) + s->cmdline_num * TASK_COMM_LEN);
+
+- kfree(s->map_cmdline_to_pid);
+ kmemleak_free(s);
+ free_pages((unsigned long)s, order);
+ }
+@@ -2268,7 +2271,7 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val)
+ int order;
+
+ /* Figure out how much is needed to hold the given number of cmdlines */
+- orig_size = sizeof(*s) + val * TASK_COMM_LEN;
++ orig_size = sizeof(*s) + val * SAVED_CMDLINE_MAP_ELEMENT_SIZE(s);
+ order = get_order(orig_size);
+ size = 1 << (order + PAGE_SHIFT);
+ page = alloc_pages(GFP_KERNEL, order);
+@@ -2280,16 +2283,11 @@ static struct saved_cmdlines_buffer *allocate_cmdlines_buffer(unsigned int val)
+ memset(s, 0, sizeof(*s));
+
+ /* Round up to actual allocation */
+- val = (size - sizeof(*s)) / TASK_COMM_LEN;
++ val = (size - sizeof(*s)) / SAVED_CMDLINE_MAP_ELEMENT_SIZE(s);
+ s->cmdline_num = val;
+
+- s->map_cmdline_to_pid = kmalloc_array(val,
+- sizeof(*s->map_cmdline_to_pid),
+- GFP_KERNEL);
+- if (!s->map_cmdline_to_pid) {
+- free_saved_cmdlines_buffer(s);
+- return NULL;
+- }
++ /* Place map_cmdline_to_pid array right after saved_cmdlines */
++ s->map_cmdline_to_pid = (unsigned *)&s->saved_cmdlines[val * TASK_COMM_LEN];
+
+ s->cmdline_idx = 0;
+ memset(&s->map_pid_to_cmdline, NO_CMDLINE_MAP,
+--
+2.43.0
+
--- /dev/null
+From 4265e782e874121d4eda910b06a39f373debfde3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 4 Mar 2024 17:43:41 -0500
+Subject: tracing: Remove precision vsnprintf() check from print event
+
+From: Steven Rostedt (Google) <rostedt@goodmis.org>
+
+[ Upstream commit 5efd3e2aef91d2d812290dcb25b2058e6f3f532c ]
+
+This reverts 60be76eeabb3d ("tracing: Add size check when printing
+trace_marker output"). The only reason the precision check was added
+was because of a bug that miscalculated the write size of the string into
+the ring buffer and it truncated it removing the terminating nul byte. On
+reading the trace it crashed the kernel. But this was due to the bug in
+the code that happened during development and should never happen in
+practice. If anything, the precision can hide bugs where the string in the
+ring buffer isn't nul terminated and it will not be checked.
+
+Link: https://lore.kernel.org/all/C7E7AF1A-D30F-4D18-B8E5-AF1EF58004F5@linux.ibm.com/
+Link: https://lore.kernel.org/linux-trace-kernel/20240227125706.04279ac2@gandalf.local.home
+Link: https://lore.kernel.org/all/20240302111244.3a1674be@gandalf.local.home/
+Link: https://lore.kernel.org/linux-trace-kernel/20240304174341.2a561d9f@gandalf.local.home
+
+Cc: Masami Hiramatsu <mhiramat@kernel.org>
+Cc: Linus Torvalds <torvalds@linux-foundation.org>
+Fixes: 60be76eeabb3d ("tracing: Add size check when printing trace_marker output")
+Reported-by: Sachin Sant <sachinp@linux.ibm.com>
+Tested-by: Sachin Sant <sachinp@linux.ibm.com>
+Reviewed-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/trace/trace_output.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
+index 4c4b84e507f74..6b4d3f3abdae2 100644
+--- a/kernel/trace/trace_output.c
++++ b/kernel/trace/trace_output.c
+@@ -1446,12 +1446,11 @@ static enum print_line_t trace_print_print(struct trace_iterator *iter,
+ {
+ struct print_entry *field;
+ struct trace_seq *s = &iter->seq;
+- int max = iter->ent_size - offsetof(struct print_entry, buf);
+
+ trace_assign_type(field, iter->ent);
+
+ seq_print_ip_sym(s, field->ip, flags);
+- trace_seq_printf(s, ": %.*s", max, field->buf);
++ trace_seq_printf(s, ": %s", field->buf);
+
+ return trace_handle_return(s);
+ }
+@@ -1460,11 +1459,10 @@ static enum print_line_t trace_print_raw(struct trace_iterator *iter, int flags,
+ struct trace_event *event)
+ {
+ struct print_entry *field;
+- int max = iter->ent_size - offsetof(struct print_entry, buf);
+
+ trace_assign_type(field, iter->ent);
+
+- trace_seq_printf(&iter->seq, "# %lx %.*s", field->ip, max, field->buf);
++ trace_seq_printf(&iter->seq, "# %lx %s", field->ip, field->buf);
+
+ return trace_handle_return(&iter->seq);
+ }
+--
+2.43.0
+
--- /dev/null
+From d5cae751b3774af22c613cacb8f1c360e9bbe743 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 16 Sep 2024 14:16:44 -0400
+Subject: virtio_console: fix misc probe bugs
+
+From: Michael S. Tsirkin <mst@redhat.com>
+
+[ Upstream commit b9efbe2b8f0177fa97bfab290d60858900aa196b ]
+
+This fixes the following issue discovered by code review:
+
+after vqs have been created, a buggy device can send an interrupt.
+
+A control vq callback will then try to schedule control_work which has
+not been initialized yet. Similarly for config interrupt. Further, in
+and out vq callbacks invoke find_port_by_vq which attempts to take
+ports_lock which also has not been initialized.
+
+To fix, init all locks and work before creating vqs.
+
+Message-ID: <ad982e975a6160ad110c623c016041311ca15b4f.1726511547.git.mst@redhat.com>
+Fixes: 17634ba25544 ("virtio: console: Add a new MULTIPORT feature, support for generic ports")
+Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/char/virtio_console.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
+index 77bc993d75130..a5d38fdc25897 100644
+--- a/drivers/char/virtio_console.c
++++ b/drivers/char/virtio_console.c
+@@ -2046,25 +2046,27 @@ static int virtcons_probe(struct virtio_device *vdev)
+ multiport = true;
+ }
+
+- err = init_vqs(portdev);
+- if (err < 0) {
+- dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
+- goto free_chrdev;
+- }
+-
+ spin_lock_init(&portdev->ports_lock);
+ INIT_LIST_HEAD(&portdev->ports);
+ INIT_LIST_HEAD(&portdev->list);
+
+- virtio_device_ready(portdev->vdev);
+-
+ INIT_WORK(&portdev->config_work, &config_work_handler);
+ INIT_WORK(&portdev->control_work, &control_work_handler);
+
+ if (multiport) {
+ spin_lock_init(&portdev->c_ivq_lock);
+ spin_lock_init(&portdev->c_ovq_lock);
++ }
+
++ err = init_vqs(portdev);
++ if (err < 0) {
++ dev_err(&vdev->dev, "Error %d initializing vqs\n", err);
++ goto free_chrdev;
++ }
++
++ virtio_device_ready(portdev->vdev);
++
++ if (multiport) {
+ err = fill_queue(portdev->c_ivq, &portdev->c_ivq_lock);
+ if (err < 0) {
+ dev_err(&vdev->dev,
+--
+2.43.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
