--- /dev/null
+From 5ce00760a84848d008554c693ceb6286f4d9c509 Mon Sep 17 00:00:00 2001
+From: Arnd Bergmann <arnd@arndb.de>
+Date: Wed, 29 Apr 2020 21:02:03 +0200
+Subject: ALSA: opti9xx: shut up gcc-10 range warning
+
+From: Arnd Bergmann <arnd@arndb.de>
+
+commit 5ce00760a84848d008554c693ceb6286f4d9c509 upstream.
+
+gcc-10 points out a few instances of suspicious integer arithmetic
+leading to value truncation:
+
+sound/isa/opti9xx/opti92x-ad1848.c: In function 'snd_opti9xx_configure':
+sound/isa/opti9xx/opti92x-ad1848.c:322:43: error: overflow in conversion from 'int' to 'unsigned char' changes value from '(int)snd_opti9xx_read(chip, 3) & -256 | 240' to '240' [-Werror=overflow]
+ 322 | (snd_opti9xx_read(chip, reg) & ~(mask)) | ((value) & (mask)))
+ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
+sound/isa/opti9xx/opti92x-ad1848.c:351:3: note: in expansion of macro 'snd_opti9xx_write_mask'
+ 351 | snd_opti9xx_write_mask(chip, OPTi9XX_MC_REG(3), 0xf0, 0xff);
+ | ^~~~~~~~~~~~~~~~~~~~~~
+sound/isa/opti9xx/miro.c: In function 'snd_miro_configure':
+sound/isa/opti9xx/miro.c:873:40: error: overflow in conversion from 'int' to 'unsigned char' changes value from '(int)snd_miro_read(chip, 3) & -256 | 240' to '240' [-Werror=overflow]
+ 873 | (snd_miro_read(chip, reg) & ~(mask)) | ((value) & (mask)))
+ | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~
+sound/isa/opti9xx/miro.c:1010:3: note: in expansion of macro 'snd_miro_write_mask'
+ 1010 | snd_miro_write_mask(chip, OPTi9XX_MC_REG(3), 0xf0, 0xff);
+ | ^~~~~~~~~~~~~~~~~~~
+
+These are all harmless here as only the low 8 bit are passed down
+anyway. Change the macros to inline functions to make the code
+more readable and also avoid the warning.
+
+Strictly speaking those functions also need locking to make the
+read/write pair atomic, but it seems unlikely that anyone would
+still run into that issue.
+
+Fixes: 1841f613fd2e ("[ALSA] Add snd-miro driver")
+Signed-off-by: Arnd Bergmann <arnd@arndb.de>
+Link: https://lore.kernel.org/r/20200429190216.85919-1-arnd@arndb.de
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ sound/isa/opti9xx/miro.c | 9 ++++++---
+ sound/isa/opti9xx/opti92x-ad1848.c | 9 ++++++---
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+--- a/sound/isa/opti9xx/miro.c
++++ b/sound/isa/opti9xx/miro.c
+@@ -875,10 +875,13 @@ static void snd_miro_write(struct snd_mi
+ spin_unlock_irqrestore(&chip->lock, flags);
+ }
+
++static inline void snd_miro_write_mask(struct snd_miro *chip,
++ unsigned char reg, unsigned char value, unsigned char mask)
++{
++ unsigned char oldval = snd_miro_read(chip, reg);
+
+-#define snd_miro_write_mask(chip, reg, value, mask) \
+- snd_miro_write(chip, reg, \
+- (snd_miro_read(chip, reg) & ~(mask)) | ((value) & (mask)))
++ snd_miro_write(chip, reg, (oldval & ~mask) | (value & mask));
++}
+
+ /*
+ * Proc Interface
+--- a/sound/isa/opti9xx/opti92x-ad1848.c
++++ b/sound/isa/opti9xx/opti92x-ad1848.c
+@@ -327,10 +327,13 @@ static void snd_opti9xx_write(struct snd
+ }
+
+
+-#define snd_opti9xx_write_mask(chip, reg, value, mask) \
+- snd_opti9xx_write(chip, reg, \
+- (snd_opti9xx_read(chip, reg) & ~(mask)) | ((value) & (mask)))
++static inline void snd_opti9xx_write_mask(struct snd_opti9xx *chip,
++ unsigned char reg, unsigned char value, unsigned char mask)
++{
++ unsigned char oldval = snd_opti9xx_read(chip, reg);
+
++ snd_opti9xx_write(chip, reg, (oldval & ~mask) | (value & mask));
++}
+
+ static int snd_opti9xx_configure(struct snd_opti9xx *chip,
+ long port,
--- /dev/null
+From b9f960201249f20deea586b4ec814669b4c6b1c0 Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Fri, 24 Apr 2020 19:11:42 +0300
+Subject: dmaengine: dmatest: Fix iteration non-stop logic
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit b9f960201249f20deea586b4ec814669b4c6b1c0 upstream.
+
+Under some circumstances, i.e. when test is still running and about to
+time out and user runs, for example,
+
+ grep -H . /sys/module/dmatest/parameters/*
+
+the iterations parameter is not respected and test is going on and on until
+user gives
+
+ echo 0 > /sys/module/dmatest/parameters/run
+
+This is not what expected.
+
+The history of this bug is interesting. I though that the commit
+ 2d88ce76eb98 ("dmatest: add a 'wait' parameter")
+is a culprit, but looking closer to the code I think it simple revealed the
+broken logic from the day one, i.e. in the commit
+ 0a2ff57d6fba ("dmaengine: dmatest: add a maximum number of test iterations")
+which adds iterations parameter.
+
+So, to the point, the conditional of checking the thread to be stopped being
+first part of conjunction logic prevents to check iterations. Thus, we have to
+always check both conditions to be able to stop after given iterations.
+
+Since it wasn't visible before second commit appeared, I add a respective
+Fixes tag.
+
+Fixes: 2d88ce76eb98 ("dmatest: add a 'wait' parameter")
+Cc: Dan Williams <dan.j.williams@intel.com>
+Cc: Nicolas Ferre <nicolas.ferre@microchip.com>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Acked-by: Nicolas Ferre <nicolas.ferre@microchip.com>
+Link: https://lore.kernel.org/r/20200424161147.16895-1-andriy.shevchenko@linux.intel.com
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/dma/dmatest.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/dma/dmatest.c
++++ b/drivers/dma/dmatest.c
+@@ -505,8 +505,8 @@ static int dmatest_func(void *data)
+ flags = DMA_CTRL_ACK | DMA_PREP_INTERRUPT;
+
+ ktime = ktime_get();
+- while (!kthread_should_stop()
+- && !(params->iterations && total_tests >= params->iterations)) {
++ while (!(kthread_should_stop() ||
++ (params->iterations && total_tests >= params->iterations))) {
+ struct dma_async_tx_descriptor *tx = NULL;
+ struct dmaengine_unmap_data *um;
+ dma_addr_t srcs[src_cnt];
--- /dev/null
+From b74aa02d7a30ee5e262072a7d6e8deff10b37924 Mon Sep 17 00:00:00 2001
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Date: Wed, 22 Apr 2020 08:30:02 -0500
+Subject: iommu/amd: Fix legacy interrupt remapping for x2APIC-enabled system
+
+From: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+
+commit b74aa02d7a30ee5e262072a7d6e8deff10b37924 upstream.
+
+Currently, system fails to boot because the legacy interrupt remapping
+mode does not enable 128-bit IRTE (GA), which is required for x2APIC
+support.
+
+Fix by using AMD_IOMMU_GUEST_IR_LEGACY_GA mode when booting with
+kernel option amd_iommu_intr=legacy instead. The initialization
+logic will check GASup and automatically fallback to using
+AMD_IOMMU_GUEST_IR_LEGACY if GA mode is not supported.
+
+Fixes: 3928aa3f5775 ("iommu/amd: Detect and enable guest vAPIC support")
+Signed-off-by: Suravee Suthikulpanit <suravee.suthikulpanit@amd.com>
+Link: https://lore.kernel.org/r/1587562202-14183-1-git-send-email-suravee.suthikulpanit@amd.com
+Signed-off-by: Joerg Roedel <jroedel@suse.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/iommu/amd_iommu_init.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/iommu/amd_iommu_init.c
++++ b/drivers/iommu/amd_iommu_init.c
+@@ -2574,7 +2574,7 @@ static int __init parse_amd_iommu_intr(c
+ {
+ for (; *str; ++str) {
+ if (strncmp(str, "legacy", 6) == 0) {
+- amd_iommu_guest_ir = AMD_IOMMU_GUEST_IR_LEGACY;
++ amd_iommu_guest_ir = AMD_IOMMU_GUEST_IR_LEGACY_GA;
+ break;
+ }
+ if (strncmp(str, "vapic", 5) == 0) {
--- /dev/null
+From 7648f939cb919b9d15c21fff8cd9eba908d595dc Mon Sep 17 00:00:00 2001
+From: Andreas Gruenbacher <agruenba@redhat.com>
+Date: Mon, 20 Apr 2020 15:51:47 +0200
+Subject: nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl
+
+From: Andreas Gruenbacher <agruenba@redhat.com>
+
+commit 7648f939cb919b9d15c21fff8cd9eba908d595dc upstream.
+
+nfs3_set_acl keeps track of the acl it allocated locally to determine if an acl
+needs to be released at the end. This results in a memory leak when the
+function allocates an acl as well as a default acl. Fix by releasing acls
+that differ from the acl originally passed into nfs3_set_acl.
+
+Fixes: b7fa0554cf1b ("[PATCH] NFS: Add support for NFSv3 ACLs")
+Reported-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
+Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
+Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/nfs/nfs3acl.c | 22 +++++++++++++++-------
+ 1 file changed, 15 insertions(+), 7 deletions(-)
+
+--- a/fs/nfs/nfs3acl.c
++++ b/fs/nfs/nfs3acl.c
+@@ -252,37 +252,45 @@ int nfs3_proc_setacls(struct inode *inod
+
+ int nfs3_set_acl(struct inode *inode, struct posix_acl *acl, int type)
+ {
+- struct posix_acl *alloc = NULL, *dfacl = NULL;
++ struct posix_acl *orig = acl, *dfacl = NULL, *alloc;
+ int status;
+
+ if (S_ISDIR(inode->i_mode)) {
+ switch(type) {
+ case ACL_TYPE_ACCESS:
+- alloc = dfacl = get_acl(inode, ACL_TYPE_DEFAULT);
++ alloc = get_acl(inode, ACL_TYPE_DEFAULT);
+ if (IS_ERR(alloc))
+ goto fail;
++ dfacl = alloc;
+ break;
+
+ case ACL_TYPE_DEFAULT:
+- dfacl = acl;
+- alloc = acl = get_acl(inode, ACL_TYPE_ACCESS);
++ alloc = get_acl(inode, ACL_TYPE_ACCESS);
+ if (IS_ERR(alloc))
+ goto fail;
++ dfacl = acl;
++ acl = alloc;
+ break;
+ }
+ }
+
+ if (acl == NULL) {
+- alloc = acl = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
++ alloc = posix_acl_from_mode(inode->i_mode, GFP_KERNEL);
+ if (IS_ERR(alloc))
+ goto fail;
++ acl = alloc;
+ }
+ status = __nfs3_proc_setacls(inode, acl, dfacl);
+- posix_acl_release(alloc);
++out:
++ if (acl != orig)
++ posix_acl_release(acl);
++ if (dfacl != orig)
++ posix_acl_release(dfacl);
+ return status;
+
+ fail:
+- return PTR_ERR(alloc);
++ status = PTR_ERR(alloc);
++ goto out;
+ }
+
+ const struct xattr_handler *nfs3_xattr_handlers[] = {
--- /dev/null
+From c08cfb2d8d78bfe81b37cc6ba84f0875bddd0d5c Mon Sep 17 00:00:00 2001
+From: Alaa Hleihel <alaa@mellanox.com>
+Date: Mon, 13 Apr 2020 16:22:35 +0300
+Subject: RDMA/mlx4: Initialize ib_spec on the stack
+
+From: Alaa Hleihel <alaa@mellanox.com>
+
+commit c08cfb2d8d78bfe81b37cc6ba84f0875bddd0d5c upstream.
+
+Initialize ib_spec on the stack before using it, otherwise we will have
+garbage values that will break creating default rules with invalid parsing
+error.
+
+Fixes: a37a1a428431 ("IB/mlx4: Add mechanism to support flow steering over IB links")
+Link: https://lore.kernel.org/r/20200413132235.930642-1-leon@kernel.org
+Signed-off-by: Alaa Hleihel <alaa@mellanox.com>
+Reviewed-by: Maor Gottlieb <maorg@mellanox.com>
+Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/mlx4/main.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/mlx4/main.c
++++ b/drivers/infiniband/hw/mlx4/main.c
+@@ -1589,8 +1589,9 @@ static int __mlx4_ib_create_default_rule
+ int i;
+
+ for (i = 0; i < ARRAY_SIZE(pdefault_rules->rules_create_list); i++) {
++ union ib_flow_spec ib_spec = {};
+ int ret;
+- union ib_flow_spec ib_spec;
++
+ switch (pdefault_rules->rules_create_list[i]) {
+ case 0:
+ /* no rule */
pm-acpi-output-correct-message-on-target-power-state.patch
pm-hibernate-freeze-kernel-threads-in-software_resume.patch
dm-verity-fec-fix-hash-block-number-in-verity_fec_decode.patch
+rdma-mlx4-initialize-ib_spec-on-the-stack.patch
+vfio-type1-fix-va-pa-translation-for-pfnmap-vmas-in-vaddr_get_pfn.patch
+iommu-amd-fix-legacy-interrupt-remapping-for-x2apic-enabled-system.patch
+alsa-opti9xx-shut-up-gcc-10-range-warning.patch
+nfs-fix-potential-posix_acl-refcnt-leak-in-nfs3_set_acl.patch
+dmaengine-dmatest-fix-iteration-non-stop-logic.patch
--- /dev/null
+From 5cbf3264bc715e9eb384e2b68601f8c02bb9a61d Mon Sep 17 00:00:00 2001
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+Date: Thu, 16 Apr 2020 15:50:57 -0700
+Subject: vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
+
+From: Sean Christopherson <sean.j.christopherson@intel.com>
+
+commit 5cbf3264bc715e9eb384e2b68601f8c02bb9a61d upstream.
+
+Use follow_pfn() to get the PFN of a PFNMAP VMA instead of assuming that
+vma->vm_pgoff holds the base PFN of the VMA. This fixes a bug where
+attempting to do VFIO_IOMMU_MAP_DMA on an arbitrary PFNMAP'd region of
+memory calculates garbage for the PFN.
+
+Hilariously, this only got detected because the first "PFN" calculated
+by vaddr_get_pfn() is PFN 0 (vma->vm_pgoff==0), and iommu_iova_to_phys()
+uses PA==0 as an error, which triggers a WARN in vfio_unmap_unpin()
+because the translation "failed". PFN 0 is now unconditionally reserved
+on x86 in order to mitigate L1TF, which causes is_invalid_reserved_pfn()
+to return true and in turns results in vaddr_get_pfn() returning success
+for PFN 0. Eventually the bogus calculation runs into PFNs that aren't
+reserved and leads to failure in vfio_pin_map_dma(). The subsequent
+call to vfio_remove_dma() attempts to unmap PFN 0 and WARNs.
+
+ WARNING: CPU: 8 PID: 5130 at drivers/vfio/vfio_iommu_type1.c:750 vfio_unmap_unpin+0x2e1/0x310 [vfio_iommu_type1]
+ Modules linked in: vfio_pci vfio_virqfd vfio_iommu_type1 vfio ...
+ CPU: 8 PID: 5130 Comm: sgx Tainted: G W 5.6.0-rc5-705d787c7fee-vfio+ #3
+ Hardware name: Intel Corporation Mehlow UP Server Platform/Moss Beach Server, BIOS CNLSE2R1.D00.X119.B49.1803010910 03/01/2018
+ RIP: 0010:vfio_unmap_unpin+0x2e1/0x310 [vfio_iommu_type1]
+ Code: <0f> 0b 49 81 c5 00 10 00 00 e9 c5 fe ff ff bb 00 10 00 00 e9 3d fe
+ RSP: 0018:ffffbeb5039ebda8 EFLAGS: 00010246
+ RAX: 0000000000000000 RBX: ffff9a55cbf8d480 RCX: 0000000000000000
+ RDX: 0000000000000000 RSI: 0000000000000001 RDI: ffff9a52b771c200
+ RBP: 0000000000000000 R08: 0000000000000040 R09: 00000000fffffff2
+ R10: 0000000000000001 R11: ffff9a51fa896000 R12: 0000000184010000
+ R13: 0000000184000000 R14: 0000000000010000 R15: ffff9a55cb66ea08
+ FS: 00007f15d3830b40(0000) GS:ffff9a55d5600000(0000) knlGS:0000000000000000
+ CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
+ CR2: 0000561cf39429e0 CR3: 000000084f75f005 CR4: 00000000003626e0
+ DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
+ DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
+ Call Trace:
+ vfio_remove_dma+0x17/0x70 [vfio_iommu_type1]
+ vfio_iommu_type1_ioctl+0x9e3/0xa7b [vfio_iommu_type1]
+ ksys_ioctl+0x92/0xb0
+ __x64_sys_ioctl+0x16/0x20
+ do_syscall_64+0x4c/0x180
+ entry_SYSCALL_64_after_hwframe+0x44/0xa9
+ RIP: 0033:0x7f15d04c75d7
+ Code: <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 81 48 2d 00 f7 d8 64 89 01 48
+
+Fixes: 73fa0d10d077 ("vfio: Type1 IOMMU implementation")
+Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
+Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/vfio/vfio_iommu_type1.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/vfio/vfio_iommu_type1.c
++++ b/drivers/vfio/vfio_iommu_type1.c
+@@ -229,8 +229,8 @@ static int vaddr_get_pfn(unsigned long v
+ vma = find_vma_intersection(current->mm, vaddr, vaddr + 1);
+
+ if (vma && vma->vm_flags & VM_PFNMAP) {
+- *pfn = ((vaddr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
+- if (is_invalid_reserved_pfn(*pfn))
++ if (!follow_pfn(vma, vaddr, pfn) &&
++ is_invalid_reserved_pfn(*pfn))
+ ret = 0;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
