--- /dev/null
+From 981bc003a8fefa795cc15e0fd5899b63b1686894 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 16:25:26 +0300
+Subject: bus: imx-weim: fix branch condition evaluates to a garbage value
+
+From: Ivan Bornyakov <i.bornyakov@metrotek.ru>
+
+[ Upstream commit 1adab2922c58e7ff4fa9f0b43695079402cce876 ]
+
+If bus type is other than imx50_weim_devtype and have no child devices,
+variable 'ret' in function weim_parse_dt() will not be initialized, but
+will be used as branch condition and return value. Fix this by
+initializing 'ret' with 0.
+
+This was discovered with help of clang-analyzer, but the situation is
+quite possible in real life.
+
+Fixes: 52c47b63412b ("bus: imx-weim: improve error handling upon child probe-failure")
+Signed-off-by: Ivan Bornyakov <i.bornyakov@metrotek.ru>
+Cc: stable@vger.kernel.org
+Reviewed-by: Fabio Estevam <festevam@gmail.com>
+Signed-off-by: Shawn Guo <shawnguo@kernel.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/bus/imx-weim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/bus/imx-weim.c b/drivers/bus/imx-weim.c
+index 28bb65a5613fd..201767823edb5 100644
+--- a/drivers/bus/imx-weim.c
++++ b/drivers/bus/imx-weim.c
+@@ -192,8 +192,8 @@ static int weim_parse_dt(struct platform_device *pdev, void __iomem *base)
+ const struct of_device_id *of_id = of_match_device(weim_id_table,
+ &pdev->dev);
+ const struct imx_weim_devtype *devtype = of_id->data;
++ int ret = 0, have_child = 0;
+ struct device_node *child;
+- int ret, have_child = 0;
+ struct cs_timing_state ts = {};
+ u32 reg;
+
+--
+2.39.2
+
--- /dev/null
+From 12bde1764c3e925b3c5a81d4ec8bb117b47cbeaf Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 31 Dec 2021 00:55:15 +0100
+Subject: drm/meson: Fix error handling when afbcd.ops->init fails
+
+From: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+
+[ Upstream commit fa747d75f65d1b1cbc3f4691fa67b695e8a399c8 ]
+
+When afbcd.ops->init fails we need to free the struct drm_device. Also
+all errors which come after afbcd.ops->init was successful need to exit
+the AFBCD, just like meson_drv_unbind() does.
+
+Fixes: d1b5e41e13a7e9 ("drm/meson: Add AFBCD module driver")
+Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com>
+Acked-by: Neil Armstrong <narmstrong@baylibre.com>
+Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
+Link: https://patchwork.freedesktop.org/patch/msgid/20211230235515.1627522-3-martin.blumenstingl@googlemail.com
+Stable-dep-of: ba98413bf45e ("drm/meson: fix missing component unbind on bind errors")
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/meson/meson_drv.c | 15 +++++++++------
+ 1 file changed, 9 insertions(+), 6 deletions(-)
+
+diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
+index 9a39afc3939bc..1f81ab515876a 100644
+--- a/drivers/gpu/drm/meson/meson_drv.c
++++ b/drivers/gpu/drm/meson/meson_drv.c
+@@ -297,31 +297,31 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+
+ ret = meson_venc_cvbs_create(priv);
+ if (ret)
+- goto free_drm;
++ goto exit_afbcd;
+
+ if (has_components) {
+ ret = component_bind_all(drm->dev, drm);
+ if (ret) {
+ dev_err(drm->dev, "Couldn't bind all components\n");
+- goto free_drm;
++ goto exit_afbcd;
+ }
+ }
+
+ ret = meson_plane_create(priv);
+ if (ret)
+- goto free_drm;
++ goto exit_afbcd;
+
+ ret = meson_overlay_create(priv);
+ if (ret)
+- goto free_drm;
++ goto exit_afbcd;
+
+ ret = meson_crtc_create(priv);
+ if (ret)
+- goto free_drm;
++ goto exit_afbcd;
+
+ ret = drm_irq_install(drm, priv->vsync_irq);
+ if (ret)
+- goto free_drm;
++ goto exit_afbcd;
+
+ drm_mode_config_reset(drm);
+
+@@ -339,6 +339,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+
+ uninstall_irq:
+ drm_irq_uninstall(drm);
++exit_afbcd:
++ if (priv->afbcd.ops)
++ priv->afbcd.ops->exit(priv);
+ free_drm:
+ drm_dev_put(drm);
+
+--
+2.39.2
+
--- /dev/null
+From ad280f8ae51fae13ee6ec4a17764da73b7c417dc Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 6 Mar 2023 11:35:33 +0100
+Subject: drm/meson: fix missing component unbind on bind errors
+
+From: Johan Hovold <johan+linaro@kernel.org>
+
+[ Upstream commit ba98413bf45edbf33672e2539e321b851b2cfbd1 ]
+
+Make sure to unbind all subcomponents when binding the aggregate device
+fails.
+
+Fixes: a41e82e6c457 ("drm/meson: Add support for components")
+Cc: stable@vger.kernel.org # 4.12
+Cc: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Johan Hovold <johan+linaro@kernel.org>
+Acked-by: Neil Armstrong <neil.armstrong@linaro.org>
+Signed-off-by: Neil Armstrong <neil.armstrong@linaro.org>
+Link: https://patchwork.freedesktop.org/patch/msgid/20230306103533.4915-1-johan+linaro@kernel.org
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/gpu/drm/meson/meson_drv.c | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/gpu/drm/meson/meson_drv.c b/drivers/gpu/drm/meson/meson_drv.c
+index 1f81ab515876a..29ee2f9ab16bc 100644
+--- a/drivers/gpu/drm/meson/meson_drv.c
++++ b/drivers/gpu/drm/meson/meson_drv.c
+@@ -309,19 +309,19 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+
+ ret = meson_plane_create(priv);
+ if (ret)
+- goto exit_afbcd;
++ goto unbind_all;
+
+ ret = meson_overlay_create(priv);
+ if (ret)
+- goto exit_afbcd;
++ goto unbind_all;
+
+ ret = meson_crtc_create(priv);
+ if (ret)
+- goto exit_afbcd;
++ goto unbind_all;
+
+ ret = drm_irq_install(drm, priv->vsync_irq);
+ if (ret)
+- goto exit_afbcd;
++ goto unbind_all;
+
+ drm_mode_config_reset(drm);
+
+@@ -339,6 +339,9 @@ static int meson_drv_bind_master(struct device *dev, bool has_components)
+
+ uninstall_irq:
+ drm_irq_uninstall(drm);
++unbind_all:
++ if (has_components)
++ component_unbind_all(drm->dev, drm);
+ exit_afbcd:
+ if (priv->afbcd.ops)
+ priv->afbcd.ops->exit(priv);
+--
+2.39.2
+
--- /dev/null
+From 2d9d9c22afe9e7253d6126536a1ecc296f4dde31 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 14 Mar 2023 16:31:32 -0700
+Subject: fsverity: don't drop pagecache at end of FS_IOC_ENABLE_VERITY
+
+From: Eric Biggers <ebiggers@google.com>
+
+[ Upstream commit a075bacde257f755bea0e53400c9f1cdd1b8e8e6 ]
+
+The full pagecache drop at the end of FS_IOC_ENABLE_VERITY is causing
+performance problems and is hindering adoption of fsverity. It was
+intended to solve a race condition where unverified pages might be left
+in the pagecache. But actually it doesn't solve it fully.
+
+Since the incomplete solution for this race condition has too much
+performance impact for it to be worth it, let's remove it for now.
+
+Fixes: 3fda4c617e84 ("fs-verity: implement FS_IOC_ENABLE_VERITY ioctl")
+Cc: stable@vger.kernel.org
+Reviewed-by: Victor Hsieh <victorhsieh@google.com>
+Link: https://lore.kernel.org/r/20230314235332.50270-1-ebiggers@kernel.org
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/verity/enable.c | 24 +++++++++++++-----------
+ 1 file changed, 13 insertions(+), 11 deletions(-)
+
+diff --git a/fs/verity/enable.c b/fs/verity/enable.c
+index 1370bfd17e870..39459b1eff752 100644
+--- a/fs/verity/enable.c
++++ b/fs/verity/enable.c
+@@ -350,25 +350,27 @@ int fsverity_ioctl_enable(struct file *filp, const void __user *uarg)
+ goto out_drop_write;
+
+ err = enable_verity(filp, &arg);
+- if (err)
+- goto out_allow_write_access;
+
+ /*
+- * Some pages of the file may have been evicted from pagecache after
+- * being used in the Merkle tree construction, then read into pagecache
+- * again by another process reading from the file concurrently. Since
+- * these pages didn't undergo verification against the file measurement
+- * which fs-verity now claims to be enforcing, we have to wipe the
+- * pagecache to ensure that all future reads are verified.
++ * We no longer drop the inode's pagecache after enabling verity. This
++ * used to be done to try to avoid a race condition where pages could be
++ * evicted after being used in the Merkle tree construction, then
++ * re-instantiated by a concurrent read. Such pages are unverified, and
++ * the backing storage could have filled them with different content, so
++ * they shouldn't be used to fulfill reads once verity is enabled.
++ *
++ * But, dropping the pagecache has a big performance impact, and it
++ * doesn't fully solve the race condition anyway. So for those reasons,
++ * and also because this race condition isn't very important relatively
++ * speaking (especially for small-ish files, where the chance of a page
++ * being used, evicted, *and* re-instantiated all while enabling verity
++ * is quite small), we no longer drop the inode's pagecache.
+ */
+- filemap_write_and_wait(inode->i_mapping);
+- invalidate_inode_pages2(inode->i_mapping);
+
+ /*
+ * allow_write_access() is needed to pair with deny_write_access().
+ * Regardless, the filesystem won't allow writing to verity files.
+ */
+-out_allow_write_access:
+ allow_write_access(filp);
+ out_drop_write:
+ mnt_drop_write_file(filp);
+--
+2.39.2
+
sched-fair-sanitize-vruntime-of-entity-being-migrated.patch
tun-avoid-double-free-in-tun_free_netdev.patch
ocfs2-fix-data-corruption-after-failed-write.patch
+fsverity-don-t-drop-pagecache-at-end-of-fs_ioc_enabl.patch
+bus-imx-weim-fix-branch-condition-evaluates-to-a-gar.patch
+drm-meson-fix-error-handling-when-afbcd.ops-init-fai.patch
+drm-meson-fix-missing-component-unbind-on-bind-error.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
