--- /dev/null
+From 6fcac87e1f9e5b27805a2a404f4849194bb51de8 Mon Sep 17 00:00:00 2001
+From: QiuXi <qiuxi1@huawei.com>
+Date: Tue, 7 Sep 2021 20:00:32 -0700
+Subject: coredump: fix memleak in dump_vma_snapshot()
+
+From: QiuXi <qiuxi1@huawei.com>
+
+commit 6fcac87e1f9e5b27805a2a404f4849194bb51de8 upstream.
+
+dump_vma_snapshot() allocs memory for *vma_meta, when dump_vma_snapshot()
+returns -EFAULT, the memory will be leaked, so we free it correctly.
+
+Link: https://lkml.kernel.org/r/20210810020441.62806-1-qiuxi1@huawei.com
+Fixes: a07279c9a8cd7 ("binfmt_elf, binfmt_elf_fdpic: use a VMA list snapshot")
+Signed-off-by: QiuXi <qiuxi1@huawei.com>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Jann Horn <jannh@google.com>
+Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/coredump.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/fs/coredump.c
++++ b/fs/coredump.c
+@@ -1127,8 +1127,10 @@ int dump_vma_snapshot(struct coredump_pa
+
+ mmap_write_unlock(mm);
+
+- if (WARN_ON(i != *vma_count))
++ if (WARN_ON(i != *vma_count)) {
++ kvfree(*vma_meta);
+ return -EFAULT;
++ }
+
+ *vma_data_size_ptr = vma_data_size;
+ return 0;
--- /dev/null
+From 67db87dc8284070adb15b3c02c1c31d5cf51c5d6 Mon Sep 17 00:00:00 2001
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Date: Fri, 30 Jul 2021 23:27:15 +0300
+Subject: dmaengine: acpi: Avoid comparison GSI with Linux vIRQ
+
+From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+
+commit 67db87dc8284070adb15b3c02c1c31d5cf51c5d6 upstream.
+
+Currently the CRST parsing relies on the fact that on most of x86 devices
+the IRQ mapping is 1:1 with Linux vIRQ. However, it may be not true for
+some. Fix this by converting GSI to Linux vIRQ before checking it.
+
+Fixes: ee8209fd026b ("dma: acpi-dma: parse CSRT to extract additional resources")
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Link: https://lore.kernel.org/r/20210730202715.24375-1-andriy.shevchenko@linux.intel.com
+Signed-off-by: Vinod Koul <vkoul@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/dma/acpi-dma.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/drivers/dma/acpi-dma.c
++++ b/drivers/dma/acpi-dma.c
+@@ -70,10 +70,14 @@ static int acpi_dma_parse_resource_group
+
+ si = (const struct acpi_csrt_shared_info *)&grp[1];
+
+- /* Match device by MMIO and IRQ */
++ /* Match device by MMIO */
+ if (si->mmio_base_low != lower_32_bits(mem) ||
+- si->mmio_base_high != upper_32_bits(mem) ||
+- si->gsi_interrupt != irq)
++ si->mmio_base_high != upper_32_bits(mem))
++ return 0;
++
++ /* Match device by Linux vIRQ */
++ ret = acpi_register_gsi(NULL, si->gsi_interrupt, si->interrupt_mode, si->interrupt_polarity);
++ if (ret != irq)
+ return 0;
+
+ dev_dbg(&adev->dev, "matches with %.4s%04X (rev %u)\n",
--- /dev/null
+From 260f64a40198309008026447f7fda277a73ed8c3 Mon Sep 17 00:00:00 2001
+From: Yixing Liu <liuyixing1@huawei.com>
+Date: Sat, 21 Aug 2021 17:53:26 +0800
+Subject: RDMA/hns: Enable stash feature of HIP09
+
+From: Yixing Liu <liuyixing1@huawei.com>
+
+commit 260f64a40198309008026447f7fda277a73ed8c3 upstream.
+
+The stash feature is enabled by default on HIP09.
+
+Fixes: f93c39bc9547 ("RDMA/hns: Add support for QP stash")
+Fixes: bfefae9f108d ("RDMA/hns: Add support for CQ stash")
+Link: https://lore.kernel.org/r/1629539607-33217-3-git-send-email-liangwenpeng@huawei.com
+Signed-off-by: Yixing Liu <liuyixing1@huawei.com>
+Signed-off-by: Wenpeng Liang <liangwenpeng@huawei.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/hns/hns_roce_hw_v2.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
++++ b/drivers/infiniband/hw/hns/hns_roce_hw_v2.c
+@@ -2004,6 +2004,7 @@ static void set_default_caps(struct hns_
+ caps->gid_table_len[0] = HNS_ROCE_V2_GID_INDEX_NUM;
+
+ if (hr_dev->pci_dev->revision >= PCI_REVISION_ID_HIP09) {
++ caps->flags |= HNS_ROCE_CAP_FLAG_STASH;
+ caps->max_sq_inline = HNS_ROCE_V3_MAX_SQ_INLINE;
+ } else {
+ caps->max_sq_inline = HNS_ROCE_V2_MAX_SQ_INLINE;
--- /dev/null
+From f4c6f31011eafe027abddf6cee1288a1b5a05b73 Mon Sep 17 00:00:00 2001
+From: Niklas Schnelle <schnelle@linux.ibm.com>
+Date: Wed, 8 Sep 2021 10:18:49 +0200
+Subject: RDMA/mlx5: Fix xlt_chunk_align calculation
+
+From: Niklas Schnelle <schnelle@linux.ibm.com>
+
+commit f4c6f31011eafe027abddf6cee1288a1b5a05b73 upstream.
+
+The XLT chunk alignment depends on ent_size not sizeof(ent_size) aka
+sizeof(size_t). The incoming ent_size is either 8 or 16, so the
+miscalculation when 16 is required is only an over-alignment and
+functional harmless.
+
+Fixes: 8010d74b9965 ("RDMA/mlx5: Split the WR setup out of mlx5_ib_update_xlt()")
+Link: https://lore.kernel.org/r/20210908081849.7948-2-schnelle@linux.ibm.com
+Signed-off-by: Niklas Schnelle <schnelle@linux.ibm.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/mlx5/mr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/mlx5/mr.c
++++ b/drivers/infiniband/hw/mlx5/mr.c
+@@ -995,7 +995,7 @@ static struct mlx5_ib_mr *alloc_cacheabl
+ static void *mlx5_ib_alloc_xlt(size_t *nents, size_t ent_size, gfp_t gfp_mask)
+ {
+ const size_t xlt_chunk_align =
+- MLX5_UMR_MTT_ALIGNMENT / sizeof(ent_size);
++ MLX5_UMR_MTT_ALIGNMENT / ent_size;
+ size_t size;
+ void *res = NULL;
+
pci-pci-bridge-emul-add-pcie-root-capabilities-register.patch
pci-aardvark-fix-reporting-crs-value.patch
console-consume-apc-dm-dcs.patch
+staging-rtl8192u-fix-bitwise-vs-logical-operator-in-translaterxsignalstuff819xusb.patch
+um-fix-stub-location-calculation.patch
+coredump-fix-memleak-in-dump_vma_snapshot.patch
+um-virtio_uml-fix-memory-leak-on-init-failures.patch
+rdma-hns-enable-stash-feature-of-hip09.patch
+rdma-mlx5-fix-xlt_chunk_align-calculation.patch
+dmaengine-acpi-avoid-comparison-gsi-with-linux-virq.patch
--- /dev/null
+From 099ec97ac92911abfb102bb5c68ed270fc12e0dd Mon Sep 17 00:00:00 2001
+From: Nathan Chancellor <nathan@kernel.org>
+Date: Sat, 14 Aug 2021 16:56:26 -0700
+Subject: staging: rtl8192u: Fix bitwise vs logical operator in TranslateRxSignalStuff819xUsb()
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+commit 099ec97ac92911abfb102bb5c68ed270fc12e0dd upstream.
+
+clang warns:
+
+drivers/staging/rtl8192u/r8192U_core.c:4268:20: warning: bitwise and of
+boolean expressions; did you mean logical and? [-Wbool-operation-and]
+ bpacket_toself = bpacket_match_bssid &
+ ^~~~~~~~~~~~~~~~~~~~~
+ &&
+1 warning generated.
+
+Replace the bitwise AND with a logical one to clear up the warning, as
+that is clearly what was intended.
+
+Fixes: 8fc8598e61f6 ("Staging: Added Realtek rtl8192u driver to staging")
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Link: https://lore.kernel.org/r/20210814235625.1780033-1-nathan@kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/staging/rtl8192u/r8192U_core.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/staging/rtl8192u/r8192U_core.c
++++ b/drivers/staging/rtl8192u/r8192U_core.c
+@@ -4265,7 +4265,7 @@ static void TranslateRxSignalStuff819xUs
+ bpacket_match_bssid = (type != IEEE80211_FTYPE_CTL) &&
+ (ether_addr_equal(priv->ieee80211->current_network.bssid, (fc & IEEE80211_FCTL_TODS) ? hdr->addr1 : (fc & IEEE80211_FCTL_FROMDS) ? hdr->addr2 : hdr->addr3))
+ && (!pstats->bHwError) && (!pstats->bCRC) && (!pstats->bICV);
+- bpacket_toself = bpacket_match_bssid &
++ bpacket_toself = bpacket_match_bssid &&
+ (ether_addr_equal(praddr, priv->ieee80211->dev->dev_addr));
+
+ if (WLAN_FC_GET_FRAMETYPE(fc) == IEEE80211_STYPE_BEACON)
--- /dev/null
+From adf9ae0d159d3dc94f58d788fc4757c8749ac0df Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Tue, 13 Jul 2021 23:47:10 +0200
+Subject: um: fix stub location calculation
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit adf9ae0d159d3dc94f58d788fc4757c8749ac0df upstream.
+
+In commit 9f0b4807a44f ("um: rework userspace stubs to not hard-code
+stub location") I changed stub_segv_handler() to do a calculation with
+a pointer to a stack variable to find the data page that we're using
+for the stack and the rest of the data. This same commit was meant to
+do it as well for stub_clone_handler(), but the change inadvertently
+went into commit 84b2789d6115 ("um: separate child and parent errors
+in clone stub") instead.
+
+This was reported to not be compiled correctly by gcc 5, causing the
+code to crash here. I'm not sure why, perhaps it's UB because the var
+isn't initialized? In any case, this trick always seemed bad, so just
+create a new inline function that does the calculation in assembly.
+
+Reported-by: subashab@codeaurora.org
+Fixes: 9f0b4807a44f ("um: rework userspace stubs to not hard-code stub location")
+Fixes: 84b2789d6115 ("um: separate child and parent errors in clone stub")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/um/kernel/skas/clone.c | 3 +--
+ arch/x86/um/shared/sysdep/stub_32.h | 12 ++++++++++++
+ arch/x86/um/shared/sysdep/stub_64.h | 12 ++++++++++++
+ arch/x86/um/stub_segv.c | 3 +--
+ 4 files changed, 26 insertions(+), 4 deletions(-)
+
+--- a/arch/um/kernel/skas/clone.c
++++ b/arch/um/kernel/skas/clone.c
+@@ -24,8 +24,7 @@
+ void __attribute__ ((__section__ (".__syscall_stub")))
+ stub_clone_handler(void)
+ {
+- int stack;
+- struct stub_data *data = (void *) ((unsigned long)&stack & ~(UM_KERN_PAGE_SIZE - 1));
++ struct stub_data *data = get_stub_page();
+ long err;
+
+ err = stub_syscall2(__NR_clone, CLONE_PARENT | CLONE_FILES | SIGCHLD,
+--- a/arch/x86/um/shared/sysdep/stub_32.h
++++ b/arch/x86/um/shared/sysdep/stub_32.h
+@@ -101,4 +101,16 @@ static inline void remap_stack_and_trap(
+ "memory");
+ }
+
++static __always_inline void *get_stub_page(void)
++{
++ unsigned long ret;
++
++ asm volatile (
++ "movl %%esp,%0 ;"
++ "andl %1,%0"
++ : "=a" (ret)
++ : "g" (~(UM_KERN_PAGE_SIZE - 1)));
++
++ return (void *)ret;
++}
+ #endif
+--- a/arch/x86/um/shared/sysdep/stub_64.h
++++ b/arch/x86/um/shared/sysdep/stub_64.h
+@@ -108,4 +108,16 @@ static inline void remap_stack_and_trap(
+ __syscall_clobber, "r10", "r8", "r9");
+ }
+
++static __always_inline void *get_stub_page(void)
++{
++ unsigned long ret;
++
++ asm volatile (
++ "movq %%rsp,%0 ;"
++ "andq %1,%0"
++ : "=a" (ret)
++ : "g" (~(UM_KERN_PAGE_SIZE - 1)));
++
++ return (void *)ret;
++}
+ #endif
+--- a/arch/x86/um/stub_segv.c
++++ b/arch/x86/um/stub_segv.c
+@@ -11,9 +11,8 @@
+ void __attribute__ ((__section__ (".__syscall_stub")))
+ stub_segv_handler(int sig, siginfo_t *info, void *p)
+ {
+- int stack;
++ struct faultinfo *f = get_stub_page();
+ ucontext_t *uc = p;
+- struct faultinfo *f = (void *)(((unsigned long)&stack) & ~(UM_KERN_PAGE_SIZE - 1));
+
+ GET_FAULTINFO_FROM_MC(*f, &uc->uc_mcontext);
+ trap_myself();
--- /dev/null
+From 7ad28e0df7ee9dbcb793bb88dd81d4d22bb9a10e Mon Sep 17 00:00:00 2001
+From: Johannes Berg <johannes.berg@intel.com>
+Date: Fri, 25 Jun 2021 10:34:37 +0200
+Subject: um: virtio_uml: fix memory leak on init failures
+
+From: Johannes Berg <johannes.berg@intel.com>
+
+commit 7ad28e0df7ee9dbcb793bb88dd81d4d22bb9a10e upstream.
+
+If initialization fails, e.g. because the connection failed,
+we leak the 'vu_dev'. Fix that. Reported by smatch.
+
+Fixes: 5d38f324993f ("um: drivers: Add virtio vhost-user driver")
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Acked-By: Anton Ivanov <anton.ivanov@cambridgegreys.com>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/um/drivers/virtio_uml.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+--- a/arch/um/drivers/virtio_uml.c
++++ b/arch/um/drivers/virtio_uml.c
+@@ -1139,7 +1139,7 @@ static int virtio_uml_probe(struct platf
+ rc = os_connect_socket(pdata->socket_path);
+ } while (rc == -EINTR);
+ if (rc < 0)
+- return rc;
++ goto error_free;
+ vu_dev->sock = rc;
+
+ spin_lock_init(&vu_dev->sock_lock);
+@@ -1160,6 +1160,8 @@ static int virtio_uml_probe(struct platf
+
+ error_init:
+ os_close_file(vu_dev->sock);
++error_free:
++ kfree(vu_dev);
+ return rc;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
