]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
5.10-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:04:06 +0000 (13:04 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 20 Mar 2023 12:04:06 +0000 (13:04 +0100)
added patches:
cpuidle-psci-iterate-backwards-over-list-in-psci_pd_remove.patch
fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
mm-userfaultfd-propagate-uffd-wp-bit-when-pte-mapping-the-huge-zeropage.patch
mmc-sdhci_am654-lower-power-on-failed-message-severity.patch
x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch
x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch

queue-5.10/cpuidle-psci-iterate-backwards-over-list-in-psci_pd_remove.patch [new file with mode: 0644]
queue-5.10/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch [new file with mode: 0644]
queue-5.10/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch [new file with mode: 0644]
queue-5.10/mm-userfaultfd-propagate-uffd-wp-bit-when-pte-mapping-the-huge-zeropage.patch [new file with mode: 0644]
queue-5.10/mmc-sdhci_am654-lower-power-on-failed-message-severity.patch [new file with mode: 0644]
queue-5.10/series
queue-5.10/x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch [new file with mode: 0644]
queue-5.10/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch [new file with mode: 0644]

diff --git a/queue-5.10/cpuidle-psci-iterate-backwards-over-list-in-psci_pd_remove.patch b/queue-5.10/cpuidle-psci-iterate-backwards-over-list-in-psci_pd_remove.patch
new file mode 100644 (file)
index 0000000..0b2a678
--- /dev/null
@@ -0,0 +1,62 @@
+From 6b0313c2fa3d2cf991c9ffef6fae6e7ef592ce6d Mon Sep 17 00:00:00 2001
+From: Shawn Guo <shawn.guo@linaro.org>
+Date: Sat, 4 Mar 2023 15:41:07 +0800
+Subject: cpuidle: psci: Iterate backwards over list in psci_pd_remove()
+
+From: Shawn Guo <shawn.guo@linaro.org>
+
+commit 6b0313c2fa3d2cf991c9ffef6fae6e7ef592ce6d upstream.
+
+In case that psci_pd_init_topology() fails for some reason,
+psci_pd_remove() will be responsible for deleting provider and removing
+genpd from psci_pd_providers list.  There will be a failure when removing
+the cluster PD, because the cpu (child) PDs haven't been removed.
+
+[    0.050232] CPUidle PSCI: init PM domain cpu0
+[    0.050278] CPUidle PSCI: init PM domain cpu1
+[    0.050329] CPUidle PSCI: init PM domain cpu2
+[    0.050370] CPUidle PSCI: init PM domain cpu3
+[    0.050422] CPUidle PSCI: init PM domain cpu-cluster0
+[    0.050475] PM: genpd_remove: unable to remove cpu-cluster0
+[    0.051412] PM: genpd_remove: removed cpu3
+[    0.051449] PM: genpd_remove: removed cpu2
+[    0.051499] PM: genpd_remove: removed cpu1
+[    0.051546] PM: genpd_remove: removed cpu0
+
+Fix the problem by iterating the provider list reversely, so that parent
+PD gets removed after child's PDs like below.
+
+[    0.029052] CPUidle PSCI: init PM domain cpu0
+[    0.029076] CPUidle PSCI: init PM domain cpu1
+[    0.029103] CPUidle PSCI: init PM domain cpu2
+[    0.029124] CPUidle PSCI: init PM domain cpu3
+[    0.029151] CPUidle PSCI: init PM domain cpu-cluster0
+[    0.029647] PM: genpd_remove: removed cpu0
+[    0.029666] PM: genpd_remove: removed cpu1
+[    0.029690] PM: genpd_remove: removed cpu2
+[    0.029714] PM: genpd_remove: removed cpu3
+[    0.029738] PM: genpd_remove: removed cpu-cluster0
+
+Fixes: a65a397f2451 ("cpuidle: psci: Add support for PM domains by using genpd")
+Reviewed-by: Sudeep Holla <sudeep.holla@arm.com>
+Reviewed-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Shawn Guo <shawn.guo@linaro.org>
+Cc: 5.10+ <stable@vger.kernel.org> # 5.10+
+Signed-off-by: Rafael J. Wysocki <rjw@rjwysocki.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/cpuidle/cpuidle-psci-domain.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/drivers/cpuidle/cpuidle-psci-domain.c
++++ b/drivers/cpuidle/cpuidle-psci-domain.c
+@@ -182,7 +182,8 @@ static void psci_pd_remove(void)
+       struct psci_pd_provider *pd_provider, *it;
+       struct generic_pm_domain *genpd;
+-      list_for_each_entry_safe(pd_provider, it, &psci_pd_providers, link) {
++      list_for_each_entry_safe_reverse(pd_provider, it,
++                                       &psci_pd_providers, link) {
+               of_genpd_del_provider(pd_provider->node);
+               genpd = of_genpd_remove_last(pd_provider->node);
diff --git a/queue-5.10/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch b/queue-5.10/fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
new file mode 100644 (file)
index 0000000..cd73ec4
--- /dev/null
@@ -0,0 +1,77 @@
+From 203873a535d627c668f293be0cb73e26c30f9cc7 Mon Sep 17 00:00:00 2001
+From: Helge Deller <deller@gmx.de>
+Date: Thu, 16 Mar 2023 11:38:19 +0100
+Subject: fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks
+
+From: Helge Deller <deller@gmx.de>
+
+commit 203873a535d627c668f293be0cb73e26c30f9cc7 upstream.
+
+Find a valid modeline depending on the machine graphic card
+configuration and add the fb_check_var() function to validate
+Xorg provided graphics settings.
+
+Signed-off-by: Helge Deller <deller@gmx.de>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/video/fbdev/stifb.c |   27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+--- a/drivers/video/fbdev/stifb.c
++++ b/drivers/video/fbdev/stifb.c
+@@ -922,6 +922,28 @@ SETUP_HCRX(struct stifb_info *fb)
+ /* ------------------- driver specific functions --------------------------- */
+ static int
++stifb_check_var(struct fb_var_screeninfo *var, struct fb_info *info)
++{
++      struct stifb_info *fb = container_of(info, struct stifb_info, info);
++
++      if (var->xres != fb->info.var.xres ||
++          var->yres != fb->info.var.yres ||
++          var->bits_per_pixel != fb->info.var.bits_per_pixel)
++              return -EINVAL;
++
++      var->xres_virtual = var->xres;
++      var->yres_virtual = var->yres;
++      var->xoffset = 0;
++      var->yoffset = 0;
++      var->grayscale = fb->info.var.grayscale;
++      var->red.length = fb->info.var.red.length;
++      var->green.length = fb->info.var.green.length;
++      var->blue.length = fb->info.var.blue.length;
++
++      return 0;
++}
++
++static int
+ stifb_setcolreg(u_int regno, u_int red, u_int green,
+             u_int blue, u_int transp, struct fb_info *info)
+ {
+@@ -1145,6 +1167,7 @@ stifb_init_display(struct stifb_info *fb
+ static const struct fb_ops stifb_ops = {
+       .owner          = THIS_MODULE,
++      .fb_check_var   = stifb_check_var,
+       .fb_setcolreg   = stifb_setcolreg,
+       .fb_blank       = stifb_blank,
+       .fb_fillrect    = stifb_fillrect,
+@@ -1164,6 +1187,7 @@ static int __init stifb_init_fb(struct s
+       struct stifb_info *fb;
+       struct fb_info *info;
+       unsigned long sti_rom_address;
++      char modestr[32];
+       char *dev_name;
+       int bpp, xres, yres;
+@@ -1342,6 +1366,9 @@ static int __init stifb_init_fb(struct s
+       info->flags = FBINFO_HWACCEL_COPYAREA | FBINFO_HWACCEL_FILLRECT;
+       info->pseudo_palette = &fb->pseudo_palette;
++      scnprintf(modestr, sizeof(modestr), "%dx%d-%d", xres, yres, bpp);
++      fb_find_mode(&info->var, info, modestr, NULL, 0, NULL, bpp);
++
+       /* This has to be done !!! */
+       if (fb_alloc_cmap(&info->cmap, NR_PALETTE, 0))
+               goto out_err1;
diff --git a/queue-5.10/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch b/queue-5.10/ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
new file mode 100644 (file)
index 0000000..645eb22
--- /dev/null
@@ -0,0 +1,54 @@
+From ee92fa443358f4fc0017c1d0d325c27b37802504 Mon Sep 17 00:00:00 2001
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+Date: Thu, 9 Mar 2023 16:02:30 +0800
+Subject: ftrace: Fix invalid address access in lookup_rec() when index is 0
+
+From: Chen Zhongjin <chenzhongjin@huawei.com>
+
+commit ee92fa443358f4fc0017c1d0d325c27b37802504 upstream.
+
+KASAN reported follow problem:
+
+ BUG: KASAN: use-after-free in lookup_rec
+ Read of size 8 at addr ffff000199270ff0 by task modprobe
+ CPU: 2 Comm: modprobe
+ Call trace:
+  kasan_report
+  __asan_load8
+  lookup_rec
+  ftrace_location
+  arch_check_ftrace_location
+  check_kprobe_address_safe
+  register_kprobe
+
+When checking pg->records[pg->index - 1].ip in lookup_rec(), it can get a
+pg which is newly added to ftrace_pages_start in ftrace_process_locs().
+Before the first pg->index++, index is 0 and accessing pg->records[-1].ip
+will cause this problem.
+
+Don't check the ip when pg->index is 0.
+
+Link: https://lore.kernel.org/linux-trace-kernel/20230309080230.36064-1-chenzhongjin@huawei.com
+
+Cc: stable@vger.kernel.org
+Fixes: 9644302e3315 ("ftrace: Speed up search by skipping pages by address")
+Suggested-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Chen Zhongjin <chenzhongjin@huawei.com>
+Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/trace/ftrace.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/trace/ftrace.c
++++ b/kernel/trace/ftrace.c
+@@ -1538,7 +1538,8 @@ static struct dyn_ftrace *lookup_rec(uns
+       key.flags = end;        /* overload flags, as it is unsigned long */
+       for (pg = ftrace_pages_start; pg; pg = pg->next) {
+-              if (end < pg->records[0].ip ||
++              if (pg->index == 0 ||
++                  end < pg->records[0].ip ||
+                   start >= (pg->records[pg->index - 1].ip + MCOUNT_INSN_SIZE))
+                       continue;
+               rec = bsearch(&key, pg->records, pg->index,
diff --git a/queue-5.10/mm-userfaultfd-propagate-uffd-wp-bit-when-pte-mapping-the-huge-zeropage.patch b/queue-5.10/mm-userfaultfd-propagate-uffd-wp-bit-when-pte-mapping-the-huge-zeropage.patch
new file mode 100644 (file)
index 0000000..078519f
--- /dev/null
@@ -0,0 +1,223 @@
+From 42b2af2c9b7eede8ef21d0943f84d135e21a32a3 Mon Sep 17 00:00:00 2001
+From: David Hildenbrand <david@redhat.com>
+Date: Thu, 2 Mar 2023 18:54:23 +0100
+Subject: mm/userfaultfd: propagate uffd-wp bit when PTE-mapping the huge zeropage
+
+From: David Hildenbrand <david@redhat.com>
+
+commit 42b2af2c9b7eede8ef21d0943f84d135e21a32a3 upstream.
+
+Currently, we'd lose the userfaultfd-wp marker when PTE-mapping a huge
+zeropage, resulting in the next write faults in the PMD range not
+triggering uffd-wp events.
+
+Various actions (partial MADV_DONTNEED, partial mremap, partial munmap,
+partial mprotect) could trigger this.  However, most importantly,
+un-protecting a single sub-page from the userfaultfd-wp handler when
+processing a uffd-wp event will PTE-map the shared huge zeropage and lose
+the uffd-wp bit for the remainder of the PMD.
+
+Let's properly propagate the uffd-wp bit to the PMDs.
+
+ #define _GNU_SOURCE
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stdint.h>
+ #include <stdbool.h>
+ #include <inttypes.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+ #include <errno.h>
+ #include <poll.h>
+ #include <pthread.h>
+ #include <sys/mman.h>
+ #include <sys/syscall.h>
+ #include <sys/ioctl.h>
+ #include <linux/userfaultfd.h>
+
+ static size_t pagesize;
+ static int uffd;
+ static volatile bool uffd_triggered;
+
+ #define barrier() __asm__ __volatile__("": : :"memory")
+
+ static void uffd_wp_range(char *start, size_t size, bool wp)
+ {
+       struct uffdio_writeprotect uffd_writeprotect;
+
+       uffd_writeprotect.range.start = (unsigned long) start;
+       uffd_writeprotect.range.len = size;
+       if (wp) {
+               uffd_writeprotect.mode = UFFDIO_WRITEPROTECT_MODE_WP;
+       } else {
+               uffd_writeprotect.mode = 0;
+       }
+       if (ioctl(uffd, UFFDIO_WRITEPROTECT, &uffd_writeprotect)) {
+               fprintf(stderr, "UFFDIO_WRITEPROTECT failed: %d\n", errno);
+               exit(1);
+       }
+ }
+
+ static void *uffd_thread_fn(void *arg)
+ {
+       static struct uffd_msg msg;
+       ssize_t nread;
+
+       while (1) {
+               struct pollfd pollfd;
+               int nready;
+
+               pollfd.fd = uffd;
+               pollfd.events = POLLIN;
+               nready = poll(&pollfd, 1, -1);
+               if (nready == -1) {
+                       fprintf(stderr, "poll() failed: %d\n", errno);
+                       exit(1);
+               }
+
+               nread = read(uffd, &msg, sizeof(msg));
+               if (nread <= 0)
+                       continue;
+
+               if (msg.event != UFFD_EVENT_PAGEFAULT ||
+                   !(msg.arg.pagefault.flags & UFFD_PAGEFAULT_FLAG_WP)) {
+                       printf("FAIL: wrong uffd-wp event fired\n");
+                       exit(1);
+               }
+
+               /* un-protect the single page. */
+               uffd_triggered = true;
+               uffd_wp_range((char *)(uintptr_t)msg.arg.pagefault.address,
+                             pagesize, false);
+       }
+       return arg;
+ }
+
+ static int setup_uffd(char *map, size_t size)
+ {
+       struct uffdio_api uffdio_api;
+       struct uffdio_register uffdio_register;
+       pthread_t thread;
+
+       uffd = syscall(__NR_userfaultfd,
+                      O_CLOEXEC | O_NONBLOCK | UFFD_USER_MODE_ONLY);
+       if (uffd < 0) {
+               fprintf(stderr, "syscall() failed: %d\n", errno);
+               return -errno;
+       }
+
+       uffdio_api.api = UFFD_API;
+       uffdio_api.features = UFFD_FEATURE_PAGEFAULT_FLAG_WP;
+       if (ioctl(uffd, UFFDIO_API, &uffdio_api) < 0) {
+               fprintf(stderr, "UFFDIO_API failed: %d\n", errno);
+               return -errno;
+       }
+
+       if (!(uffdio_api.features & UFFD_FEATURE_PAGEFAULT_FLAG_WP)) {
+               fprintf(stderr, "UFFD_FEATURE_WRITEPROTECT missing\n");
+               return -ENOSYS;
+       }
+
+       uffdio_register.range.start = (unsigned long) map;
+       uffdio_register.range.len = size;
+       uffdio_register.mode = UFFDIO_REGISTER_MODE_WP;
+       if (ioctl(uffd, UFFDIO_REGISTER, &uffdio_register) < 0) {
+               fprintf(stderr, "UFFDIO_REGISTER failed: %d\n", errno);
+               return -errno;
+       }
+
+       pthread_create(&thread, NULL, uffd_thread_fn, NULL);
+
+       return 0;
+ }
+
+ int main(void)
+ {
+       const size_t size = 4 * 1024 * 1024ull;
+       char *map, *cur;
+
+       pagesize = getpagesize();
+
+       map = mmap(NULL, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0);
+       if (map == MAP_FAILED) {
+               fprintf(stderr, "mmap() failed\n");
+               return -errno;
+       }
+
+       if (madvise(map, size, MADV_HUGEPAGE)) {
+               fprintf(stderr, "MADV_HUGEPAGE failed\n");
+               return -errno;
+       }
+
+       if (setup_uffd(map, size))
+               return 1;
+
+       /* Read the whole range, populating zeropages. */
+       madvise(map, size, MADV_POPULATE_READ);
+
+       /* Write-protect the whole range. */
+       uffd_wp_range(map, size, true);
+
+       /* Make sure uffd-wp triggers on each page. */
+       for (cur = map; cur < map + size; cur += pagesize) {
+               uffd_triggered = false;
+
+               barrier();
+               /* Trigger a write fault. */
+               *cur = 1;
+               barrier();
+
+               if (!uffd_triggered) {
+                       printf("FAIL: uffd-wp did not trigger\n");
+                       return 1;
+               }
+       }
+
+       printf("PASS: uffd-wp triggered\n");
+       return 0;
+ }
+
+Link: https://lkml.kernel.org/r/20230302175423.589164-1-david@redhat.com
+Fixes: e06f1e1dd499 ("userfaultfd: wp: enabled write protection in userfaultfd API")
+Signed-off-by: David Hildenbrand <david@redhat.com>
+Acked-by: Peter Xu <peterx@redhat.com>
+Cc: Mike Rapoport <rppt@linux.vnet.ibm.com>
+Cc: Andrea Arcangeli <aarcange@redhat.com>
+Cc: Jerome Glisse <jglisse@redhat.com>
+Cc: Shaohua Li <shli@fb.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ mm/huge_memory.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/mm/huge_memory.c
++++ b/mm/huge_memory.c
+@@ -1994,7 +1994,7 @@ static void __split_huge_zero_page_pmd(s
+ {
+       struct mm_struct *mm = vma->vm_mm;
+       pgtable_t pgtable;
+-      pmd_t _pmd;
++      pmd_t _pmd, old_pmd;
+       int i;
+       /*
+@@ -2005,7 +2005,7 @@ static void __split_huge_zero_page_pmd(s
+        *
+        * See Documentation/vm/mmu_notifier.rst
+        */
+-      pmdp_huge_clear_flush(vma, haddr, pmd);
++      old_pmd = pmdp_huge_clear_flush(vma, haddr, pmd);
+       pgtable = pgtable_trans_huge_withdraw(mm, pmd);
+       pmd_populate(mm, &_pmd, pgtable);
+@@ -2014,6 +2014,8 @@ static void __split_huge_zero_page_pmd(s
+               pte_t *pte, entry;
+               entry = pfn_pte(my_zero_pfn(haddr), vma->vm_page_prot);
+               entry = pte_mkspecial(entry);
++              if (pmd_uffd_wp(old_pmd))
++                      entry = pte_mkuffd_wp(entry);
+               pte = pte_offset_map(&_pmd, haddr);
+               VM_BUG_ON(!pte_none(*pte));
+               set_pte_at(mm, haddr, pte, entry);
diff --git a/queue-5.10/mmc-sdhci_am654-lower-power-on-failed-message-severity.patch b/queue-5.10/mmc-sdhci_am654-lower-power-on-failed-message-severity.patch
new file mode 100644 (file)
index 0000000..dc0c760
--- /dev/null
@@ -0,0 +1,36 @@
+From 11440da77d6020831ee6f9ce4551b545dea789ee Mon Sep 17 00:00:00 2001
+From: Francesco Dolcini <francesco.dolcini@toradex.com>
+Date: Mon, 6 Mar 2023 17:27:51 +0100
+Subject: mmc: sdhci_am654: lower power-on failed message severity
+
+From: Francesco Dolcini <francesco.dolcini@toradex.com>
+
+commit 11440da77d6020831ee6f9ce4551b545dea789ee upstream.
+
+Lower the power-on failed message severity from warn to info when the
+controller does not power-up. It's normal to have this situation when
+the SD card slot is empty, therefore we should not warn the user about
+it.
+
+Fixes: 7ca0f166f5b2 ("mmc: sdhci_am654: Add workaround for card detect debounce timer")
+Signed-off-by: Francesco Dolcini <francesco.dolcini@toradex.com>
+Acked-by: Adrian Hunter <adrian.hunter@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230306162751.163369-1-francesco@dolcini.it
+Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/mmc/host/sdhci_am654.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/mmc/host/sdhci_am654.c
++++ b/drivers/mmc/host/sdhci_am654.c
+@@ -369,7 +369,7 @@ static void sdhci_am654_write_b(struct s
+                                       MAX_POWER_ON_TIMEOUT, false, host, val,
+                                       reg);
+               if (ret)
+-                      dev_warn(mmc_dev(host->mmc), "Power on failed\n");
++                      dev_info(mmc_dev(host->mmc), "Power on failed\n");
+       }
+ }
index 18cedcf57111885fb5090624aa1ea3204cddc7e7..9644035492476ccd2ca3c6ada9fc90469febb8da 100644 (file)
@@ -67,3 +67,10 @@ alsa-hda-intel-dsp-config-add-mtl-pci-id.patch
 alsa-hda-realtek-fix-the-speaker-output-on-samsung-galaxy-book2-pro.patch
 drm-shmem-helper-remove-another-errant-put-in-error-path.patch
 mptcp-avoid-setting-tcp_close-state-twice.patch
+ftrace-fix-invalid-address-access-in-lookup_rec-when-index-is-0.patch
+mm-userfaultfd-propagate-uffd-wp-bit-when-pte-mapping-the-huge-zeropage.patch
+mmc-sdhci_am654-lower-power-on-failed-message-severity.patch
+fbdev-stifb-provide-valid-pixelclock-and-add-fb_check_var-checks.patch
+cpuidle-psci-iterate-backwards-over-list-in-psci_pd_remove.patch
+x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch
+x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
diff --git a/queue-5.10/x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch b/queue-5.10/x86-mce-make-sure-logged-mces-are-processed-after-sysfs-update.patch
new file mode 100644 (file)
index 0000000..eb35dc7
--- /dev/null
@@ -0,0 +1,44 @@
+From 4783b9cb374af02d49740e00e2da19fd4ed6dec4 Mon Sep 17 00:00:00 2001
+From: Yazen Ghannam <yazen.ghannam@amd.com>
+Date: Wed, 1 Mar 2023 22:14:20 +0000
+Subject: x86/mce: Make sure logged MCEs are processed after sysfs update
+
+From: Yazen Ghannam <yazen.ghannam@amd.com>
+
+commit 4783b9cb374af02d49740e00e2da19fd4ed6dec4 upstream.
+
+A recent change introduced a flag to queue up errors found during
+boot-time polling. These errors will be processed during late init once
+the MCE subsystem is fully set up.
+
+A number of sysfs updates call mce_restart() which goes through a subset
+of the CPU init flow. This includes polling MCA banks and logging any
+errors found. Since the same function is used as boot-time polling,
+errors will be queued. However, the system is now past late init, so the
+errors will remain queued until another error is found and the workqueue
+is triggered.
+
+Call mce_schedule_work() at the end of mce_restart() so that queued
+errors are processed.
+
+Fixes: 3bff147b187d ("x86/mce: Defer processing of early errors")
+Signed-off-by: Yazen Ghannam <yazen.ghannam@amd.com>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Reviewed-by: Tony Luck <tony.luck@intel.com>
+Cc: stable@vger.kernel.org
+Link: https://lore.kernel.org/r/20230301221420.2203184-1-yazen.ghannam@amd.com
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/kernel/cpu/mce/core.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/arch/x86/kernel/cpu/mce/core.c
++++ b/arch/x86/kernel/cpu/mce/core.c
+@@ -2309,6 +2309,7 @@ static void mce_restart(void)
+ {
+       mce_timer_delete_all();
+       on_each_cpu(mce_cpu_restart, NULL, 1);
++      mce_schedule_work();
+ }
+ /* Toggle features for corrected errors */
diff --git a/queue-5.10/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch b/queue-5.10/x86-mm-fix-use-of-uninitialized-buffer-in-sme_enable.patch
new file mode 100644 (file)
index 0000000..04ed810
--- /dev/null
@@ -0,0 +1,40 @@
+From cbebd68f59f03633469f3ecf9bea99cd6cce3854 Mon Sep 17 00:00:00 2001
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Date: Mon, 6 Mar 2023 08:06:56 -0800
+Subject: x86/mm: Fix use of uninitialized buffer in sme_enable()
+
+From: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+
+commit cbebd68f59f03633469f3ecf9bea99cd6cce3854 upstream.
+
+cmdline_find_option() may fail before doing any initialization of
+the buffer array. This may lead to unpredictable results when the same
+buffer is used later in calls to strncmp() function.  Fix the issue by
+returning early if cmdline_find_option() returns an error.
+
+Found by Linux Verification Center (linuxtesting.org) with static
+analysis tool SVACE.
+
+Fixes: aca20d546214 ("x86/mm: Add support to make use of Secure Memory Encryption")
+Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
+Signed-off-by: Borislav Petkov (AMD) <bp@alien8.de>
+Acked-by: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: <stable@kernel.org>
+Link: https://lore.kernel.org/r/20230306160656.14844-1-n.zhandarovich@fintech.ru
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ arch/x86/mm/mem_encrypt_identity.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/arch/x86/mm/mem_encrypt_identity.c
++++ b/arch/x86/mm/mem_encrypt_identity.c
+@@ -586,7 +586,8 @@ void __init sme_enable(struct boot_param
+       cmdline_ptr = (const char *)((u64)bp->hdr.cmd_line_ptr |
+                                    ((u64)bp->ext_cmd_line_ptr << 32));
+-      cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer));
++      if (cmdline_find_option(cmdline_ptr, cmdline_arg, buffer, sizeof(buffer)) < 0)
++              return;
+       if (!strncmp(buffer, cmdline_on, sizeof(buffer)))
+               sme_me_mask = me_mask;