--- /dev/null
+From 2b9f5b9c0a4eb8abd720e9e48a8dc6bd17b52ad8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 7 Aug 2024 10:47:25 +0100
+Subject: 9p: Avoid creating multiple slab caches with the same name
+
+From: Pedro Falcato <pedro.falcato@gmail.com>
+
+[ Upstream commit 79efebae4afc2221fa814c3cae001bede66ab259 ]
+
+In the spirit of [1], avoid creating multiple slab caches with the same
+name. Instead, add the dev_name into the mix.
+
+[1]: https://lore.kernel.org/all/20240807090746.2146479-1-pedro.falcato@gmail.com/
+
+Signed-off-by: Pedro Falcato <pedro.falcato@gmail.com>
+Reported-by: syzbot+3c5d43e97993e1fa612b@syzkaller.appspotmail.com
+Message-ID: <20240807094725.2193423-1-pedro.falcato@gmail.com>
+Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/9p/client.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/net/9p/client.c b/net/9p/client.c
+index 2b54f1cef2b0d..0f5db1f414be1 100644
+--- a/net/9p/client.c
++++ b/net/9p/client.c
+@@ -1003,6 +1003,7 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
+ int err;
+ struct p9_client *clnt;
+ char *client_id;
++ char *cache_name;
+
+ err = 0;
+ clnt = kmalloc(sizeof(struct p9_client), GFP_KERNEL);
+@@ -1055,15 +1056,22 @@ struct p9_client *p9_client_create(const char *dev_name, char *options)
+ if (err)
+ goto close_trans;
+
++ cache_name = kasprintf(GFP_KERNEL, "9p-fcall-cache-%s", dev_name);
++ if (!cache_name) {
++ err = -ENOMEM;
++ goto close_trans;
++ }
++
+ /* P9_HDRSZ + 4 is the smallest packet header we can have that is
+ * followed by data accessed from userspace by read
+ */
+ clnt->fcall_cache =
+- kmem_cache_create_usercopy("9p-fcall-cache", clnt->msize,
++ kmem_cache_create_usercopy(cache_name, clnt->msize,
+ 0, 0, P9_HDRSZ + 4,
+ clnt->msize - (P9_HDRSZ + 4),
+ NULL);
+
++ kfree(cache_name);
+ return clnt;
+
+ close_trans:
+--
+2.43.0
+
--- /dev/null
+From c193206f80bfc75f17849bf36d73a15e6461c864 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 8 Oct 2024 17:07:35 -0400
+Subject: bpf: use kvzmalloc to allocate BPF verifier environment
+
+From: Rik van Riel <riel@surriel.com>
+
+[ Upstream commit 434247637c66e1be2bc71a9987d4c3f0d8672387 ]
+
+The kzmalloc call in bpf_check can fail when memory is very fragmented,
+which in turn can lead to an OOM kill.
+
+Use kvzmalloc to fall back to vmalloc when memory is too fragmented to
+allocate an order 3 sized bpf verifier environment.
+
+Admittedly this is not a very common case, and only happens on systems
+where memory has already been squeezed close to the limit, but this does
+not seem like much of a hot path, and it's a simple enough fix.
+
+Signed-off-by: Rik van Riel <riel@surriel.com>
+Reviewed-by: Shakeel Butt <shakeel.butt@linux.dev>
+Link: https://lore.kernel.org/r/20241008170735.16766766@imladris.surriel.com
+Signed-off-by: Alexei Starovoitov <ast@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ kernel/bpf/verifier.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
+index 0901911b42b56..013b9062c47c3 100644
+--- a/kernel/bpf/verifier.c
++++ b/kernel/bpf/verifier.c
+@@ -9558,7 +9558,7 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
+ /* 'struct bpf_verifier_env' can be global, but since it's not small,
+ * allocate/free it every time bpf_check() is called
+ */
+- env = kzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
++ env = kvzalloc(sizeof(struct bpf_verifier_env), GFP_KERNEL);
+ if (!env)
+ return -ENOMEM;
+ log = &env->log;
+@@ -9728,6 +9728,6 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr,
+ mutex_unlock(&bpf_verifier_lock);
+ vfree(env->insn_aux_data);
+ err_free_env:
+- kfree(env);
++ kvfree(env);
+ return ret;
+ }
+--
+2.43.0
+
--- /dev/null
+From 1e2704bc7599ace4416d9687a290f28fe364fd29 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 7 Oct 2024 12:08:03 +0800
+Subject: HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
+
+From: WangYuli <wangyuli@uniontech.com>
+
+[ Upstream commit 7a5ab8071114344f62a8b1e64ed3452a77257d76 ]
+
+The behavior of HONOR MagicBook Art 14 touchpad is not consistent
+after reboots, as sometimes it reports itself as a touchpad, and
+sometimes as a mouse.
+
+Similarly to GLO-GXXX it is possible to call MT_QUIRK_FORCE_GET_FEATURE as a
+workaround to force set feature in mt_set_input_mode() for such special touchpad
+device.
+
+[jkosina@suse.com: reword changelog a little bit]
+Link: https://gitlab.freedesktop.org/libinput/libinput/-/issues/1040
+Signed-off-by: Wentao Guan <guanwentao@uniontech.com>
+Signed-off-by: WangYuli <wangyuli@uniontech.com>
+Reviewed-by: Benjamin Tissoires <bentiss@kernel.org>
+Signed-off-by: Jiri Kosina <jkosina@suse.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-multitouch.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/drivers/hid/hid-multitouch.c b/drivers/hid/hid-multitouch.c
+index c3810e7140a55..5994e7d1b82d9 100644
+--- a/drivers/hid/hid-multitouch.c
++++ b/drivers/hid/hid-multitouch.c
+@@ -2008,6 +2008,11 @@ static const struct hid_device_id mt_devices[] = {
+ HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8,
+ 0x347d, 0x7853) },
+
++ /* HONOR MagicBook Art 14 touchpad */
++ { .driver_data = MT_CLS_VTL,
++ HID_DEVICE(BUS_I2C, HID_GROUP_MULTITOUCH_WIN_8,
++ 0x35cc, 0x0104) },
++
+ /* Ilitek dual touch panel */
+ { .driver_data = MT_CLS_NSMU,
+ MT_USB_DEVICE(USB_VENDOR_ID_ILITEK,
+--
+2.43.0
+
--- /dev/null
+From 2663091e76c789f45dca16c19761ad0c3c8a12e3 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 20 Sep 2024 19:35:20 +1000
+Subject: powerpc/powernv: Free name on error in opal_event_init()
+
+From: Michael Ellerman <mpe@ellerman.id.au>
+
+[ Upstream commit cf8989d20d64ad702a6210c11a0347ebf3852aa7 ]
+
+In opal_event_init() if request_irq() fails name is not freed, leading
+to a memory leak. The code only runs at boot time, there's no way for a
+user to trigger it, so there's no security impact.
+
+Fix the leak by freeing name in the error path.
+
+Reported-by: 2639161967 <2639161967@qq.com>
+Closes: https://lore.kernel.org/linuxppc-dev/87wmjp3wig.fsf@mail.lhotse
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+Link: https://patch.msgid.link/20240920093520.67997-1-mpe@ellerman.id.au
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/powerpc/platforms/powernv/opal-irqchip.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/powerpc/platforms/powernv/opal-irqchip.c b/arch/powerpc/platforms/powernv/opal-irqchip.c
+index dcec0f760c8f8..522bda391179a 100644
+--- a/arch/powerpc/platforms/powernv/opal-irqchip.c
++++ b/arch/powerpc/platforms/powernv/opal-irqchip.c
+@@ -285,6 +285,7 @@ int __init opal_event_init(void)
+ name, NULL);
+ if (rc) {
+ pr_warn("Error %d requesting OPAL irq %d\n", rc, (int)r->start);
++ kfree(name);
+ continue;
+ }
+ }
+--
+2.43.0
+
hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch
vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch
alsa-usb-audio-add-endianness-annotations.patch
+9p-avoid-creating-multiple-slab-caches-with-the-same.patch
+hid-multitouch-add-quirk-for-honor-magicbook-art-14-.patch
+bpf-use-kvzmalloc-to-allocate-bpf-verifier-environme.patch
+sound-make-config_snd-depend-on-indirect_iomem-inste.patch
+powerpc-powernv-free-name-on-error-in-opal_event_ini.patch
--- /dev/null
+From 3585bb73709bb407b0373816f1039ab669a10a6e Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 10 Oct 2024 14:46:01 +0200
+Subject: sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML
+
+From: Julian Vetter <jvetter@kalrayinc.com>
+
+[ Upstream commit ad6639f143a0b42d7fb110ad14f5949f7c218890 ]
+
+When building for the UM arch and neither INDIRECT_IOMEM=y, nor
+HAS_IOMEM=y is selected, it will fall back to the implementations from
+asm-generic/io.h for IO memcpy. But these fall-back functions just do a
+memcpy. So, instead of depending on UML, add dependency on 'HAS_IOMEM ||
+INDIRECT_IOMEM'.
+
+Reviewed-by: Yann Sionneau <ysionneau@kalrayinc.com>
+Signed-off-by: Julian Vetter <jvetter@kalrayinc.com>
+Link: https://patch.msgid.link/20241010124601.700528-1-jvetter@kalrayinc.com
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ sound/Kconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sound/Kconfig b/sound/Kconfig
+index aaf2022ffc57d..cb4cb0d5b9591 100644
+--- a/sound/Kconfig
++++ b/sound/Kconfig
+@@ -1,7 +1,7 @@
+ # SPDX-License-Identifier: GPL-2.0-only
+ menuconfig SOUND
+ tristate "Sound card support"
+- depends on HAS_IOMEM || UML
++ depends on HAS_IOMEM || INDIRECT_IOMEM
+ help
+ If you have a sound card in your computer, i.e. if it can say more
+ than an occasional beep, say Y.
+--
+2.43.0
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
