From: Sasha Levin Date: Mon, 25 Apr 2022 08:25:53 +0000 (-0400) Subject: Fixes for 5.15 X-Git-Tag: v4.9.312~46^2~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2e9309e9e1bc67adfb3bbe602f7e5c8d3df8887d;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.15 Signed-off-by: Sasha Levin --- diff --git a/queue-5.15/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch b/queue-5.15/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch new file mode 100644 index 00000000000..d37b933e344 --- /dev/null +++ b/queue-5.15/drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch @@ -0,0 +1,43 @@ +From 0c503517978514916d5f9f9093e393d6b4d7db0d Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Apr 2022 18:25:12 +0200 +Subject: drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not + initialised + +From: Dave Stevenson + +[ Upstream commit f92055ae0acb035891e988ce345d6b81a0316423 ] + +If a call to rpi_touchscreen_i2c_write from rpi_touchscreen_probe +fails before mipi_dsi_device_register_full is called, then +in trying to log the error message if uses ts->dsi->dev when +it is still NULL. + +Use ts->i2c->dev instead, which is initialised earlier in probe. + +Fixes: 2f733d6194bd ("drm/panel: Add support for the Raspberry Pi 7" Touchscreen.") +Signed-off-by: Dave Stevenson +Signed-off-by: Stefan Wahren +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220415162513.42190-2-stefan.wahren@i2se.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +index 46029c5610c8..1f805eb8fdb5 100644 +--- a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c ++++ b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +@@ -229,7 +229,7 @@ static void rpi_touchscreen_i2c_write(struct rpi_touchscreen *ts, + + ret = i2c_smbus_write_byte_data(ts->i2c, reg, val); + if (ret) +- dev_err(&ts->dsi->dev, "I2C write failed: %d\n", ret); ++ dev_err(&ts->i2c->dev, "I2C write failed: %d\n", ret); + } + + static int rpi_touchscreen_write(struct rpi_touchscreen *ts, u16 reg, u32 val) +-- +2.35.1 + diff --git a/queue-5.15/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch b/queue-5.15/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch new file mode 100644 index 00000000000..9604a36d076 --- /dev/null +++ b/queue-5.15/drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch @@ -0,0 +1,63 @@ +From 28a35ba8b441673df7e1d804f4765aa7497272b1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 15 Apr 2022 18:25:13 +0200 +Subject: drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare + +From: Dave Stevenson + +[ Upstream commit 5f18c0782b99e26121efa93d20b76c19e17aa1dd ] + +The panel has a prepare call which is before video starts, and an +enable call which is after. +The Toshiba bridge should be configured before video, so move +the relevant power and initialisation calls to prepare. + +Fixes: 2f733d6194bd ("drm/panel: Add support for the Raspberry Pi 7" Touchscreen.") +Signed-off-by: Dave Stevenson +Signed-off-by: Stefan Wahren +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220415162513.42190-3-stefan.wahren@i2se.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +index 1f805eb8fdb5..145047e19394 100644 +--- a/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c ++++ b/drivers/gpu/drm/panel/panel-raspberrypi-touchscreen.c +@@ -265,7 +265,7 @@ static int rpi_touchscreen_noop(struct drm_panel *panel) + return 0; + } + +-static int rpi_touchscreen_enable(struct drm_panel *panel) ++static int rpi_touchscreen_prepare(struct drm_panel *panel) + { + struct rpi_touchscreen *ts = panel_to_ts(panel); + int i; +@@ -295,6 +295,13 @@ static int rpi_touchscreen_enable(struct drm_panel *panel) + rpi_touchscreen_write(ts, DSI_STARTDSI, 0x01); + msleep(100); + ++ return 0; ++} ++ ++static int rpi_touchscreen_enable(struct drm_panel *panel) ++{ ++ struct rpi_touchscreen *ts = panel_to_ts(panel); ++ + /* Turn on the backlight. */ + rpi_touchscreen_i2c_write(ts, REG_PWM, 255); + +@@ -349,7 +356,7 @@ static int rpi_touchscreen_get_modes(struct drm_panel *panel, + static const struct drm_panel_funcs rpi_touchscreen_funcs = { + .disable = rpi_touchscreen_disable, + .unprepare = rpi_touchscreen_noop, +- .prepare = rpi_touchscreen_noop, ++ .prepare = rpi_touchscreen_prepare, + .enable = rpi_touchscreen_enable, + .get_modes = rpi_touchscreen_get_modes, + }; +-- +2.35.1 + diff --git a/queue-5.15/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch b/queue-5.15/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch new file mode 100644 index 00000000000..e5356de72a2 --- /dev/null +++ b/queue-5.15/drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch @@ -0,0 +1,42 @@ +From 44e4109d812c8216beb68ab301e0b86992f482f4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 21:50:07 +0800 +Subject: drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync() + usage + +From: Miaoqian Lin + +[ Upstream commit 3d0b93d92a2790337aa9d18cb332d02356a24126 ] + +If the device is already in a runtime PM enabled state +pm_runtime_get_sync() will return 1. + +Also, we need to call pm_runtime_put_noidle() when pm_runtime_get_sync() +fails, so use pm_runtime_resume_and_get() instead. this function +will handle this. + +Fixes: 4078f5757144 ("drm/vc4: Add DSI driver") +Signed-off-by: Miaoqian Lin +Signed-off-by: Maxime Ripard +Link: https://patchwork.freedesktop.org/patch/msgid/20220420135008.2757-1-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/gpu/drm/vc4/vc4_dsi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/gpu/drm/vc4/vc4_dsi.c b/drivers/gpu/drm/vc4/vc4_dsi.c +index d09c1ea60c04..ca8506316660 100644 +--- a/drivers/gpu/drm/vc4/vc4_dsi.c ++++ b/drivers/gpu/drm/vc4/vc4_dsi.c +@@ -846,7 +846,7 @@ static void vc4_dsi_encoder_enable(struct drm_encoder *encoder) + unsigned long phy_clock; + int ret; + +- ret = pm_runtime_get_sync(dev); ++ ret = pm_runtime_resume_and_get(dev); + if (ret) { + DRM_ERROR("Failed to runtime PM enable on DSI%d\n", dsi->variant->port); + return; +-- +2.35.1 + diff --git a/queue-5.15/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch b/queue-5.15/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch new file mode 100644 index 00000000000..33c7fe7a80d --- /dev/null +++ b/queue-5.15/input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch @@ -0,0 +1,38 @@ +From 5ff97d795841b3a63b1e6cbd0c25360fd889ff7c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 17 Apr 2022 13:03:31 -0700 +Subject: Input: omap4-keypad - fix pm_runtime_get_sync() error checking + +From: Miaoqian Lin + +[ Upstream commit 81022a170462d38ea10612cb67e8e2c529d58abe ] + +If the device is already in a runtime PM enabled state +pm_runtime_get_sync() will return 1, so a test for negative +value should be used to check for errors. + +Fixes: f77621cc640a ("Input: omap-keypad - dynamically handle register offsets") +Signed-off-by: Miaoqian Lin +Link: https://lore.kernel.org/r/20220412070131.19848-1-linmq006@gmail.com +Signed-off-by: Dmitry Torokhov +Signed-off-by: Sasha Levin +--- + drivers/input/keyboard/omap4-keypad.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/input/keyboard/omap4-keypad.c b/drivers/input/keyboard/omap4-keypad.c +index 43375b38ee59..8a7ce41b8c56 100644 +--- a/drivers/input/keyboard/omap4-keypad.c ++++ b/drivers/input/keyboard/omap4-keypad.c +@@ -393,7 +393,7 @@ static int omap4_keypad_probe(struct platform_device *pdev) + * revision register. + */ + error = pm_runtime_get_sync(dev); +- if (error) { ++ if (error < 0) { + dev_err(dev, "pm_runtime_get_sync() failed\n"); + pm_runtime_put_noidle(dev); + return error; +-- +2.35.1 + diff --git a/queue-5.15/kvm-ppc-fix-tce-handling-for-vfio.patch b/queue-5.15/kvm-ppc-fix-tce-handling-for-vfio.patch new file mode 100644 index 00000000000..14bad69e2e8 --- /dev/null +++ b/queue-5.15/kvm-ppc-fix-tce-handling-for-vfio.patch @@ -0,0 +1,294 @@ +From 2253e2d03bd8d63729c9caa01557cb7fd5a12e36 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 20 Apr 2022 15:08:40 +1000 +Subject: KVM: PPC: Fix TCE handling for VFIO + +From: Alexey Kardashevskiy + +[ Upstream commit 26a62b750a4e6364b0393562f66759b1494c3a01 ] + +The LoPAPR spec defines a guest visible IOMMU with a variable page size. +Currently QEMU advertises 4K, 64K, 2M, 16MB pages, a Linux VM picks +the biggest (16MB). In the case of a passed though PCI device, there is +a hardware IOMMU which does not support all pages sizes from the above - +P8 cannot do 2MB and P9 cannot do 16MB. So for each emulated +16M IOMMU page we may create several smaller mappings ("TCEs") in +the hardware IOMMU. + +The code wrongly uses the emulated TCE index instead of hardware TCE +index in error handling. The problem is easier to see on POWER8 with +multi-level TCE tables (when only the first level is preallocated) +as hash mode uses real mode TCE hypercalls handlers. +The kernel starts using indirect tables when VMs get bigger than 128GB +(depends on the max page order). +The very first real mode hcall is going to fail with H_TOO_HARD as +in the real mode we cannot allocate memory for TCEs (we can in the virtual +mode) but on the way out the code attempts to clear hardware TCEs using +emulated TCE indexes which corrupts random kernel memory because +it_offset==1<<59 is subtracted from those indexes and the resulting index +is out of the TCE table bounds. + +This fixes kvmppc_clear_tce() to use the correct TCE indexes. + +While at it, this fixes TCE cache invalidation which uses emulated TCE +indexes instead of the hardware ones. This went unnoticed as 64bit DMA +is used these days and VMs map all RAM in one go and only then do DMA +and this is when the TCE cache gets populated. + +Potentially this could slow down mapping, however normally 16MB +emulated pages are backed by 64K hardware pages so it is one write to +the "TCE Kill" per 256 updates which is not that bad considering the size +of the cache (1024 TCEs or so). + +Fixes: ca1fc489cfa0 ("KVM: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages") + +Signed-off-by: Alexey Kardashevskiy +Tested-by: David Gibson +Reviewed-by: Frederic Barrat +Reviewed-by: David Gibson +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220420050840.328223-1-aik@ozlabs.ru +Signed-off-by: Sasha Levin +--- + arch/powerpc/kvm/book3s_64_vio.c | 45 +++++++++++++++-------------- + arch/powerpc/kvm/book3s_64_vio_hv.c | 44 ++++++++++++++-------------- + 2 files changed, 45 insertions(+), 44 deletions(-) + +diff --git a/arch/powerpc/kvm/book3s_64_vio.c b/arch/powerpc/kvm/book3s_64_vio.c +index 6365087f3160..3cb2e05a7ee8 100644 +--- a/arch/powerpc/kvm/book3s_64_vio.c ++++ b/arch/powerpc/kvm/book3s_64_vio.c +@@ -421,13 +421,19 @@ static void kvmppc_tce_put(struct kvmppc_spapr_tce_table *stt, + tbl[idx % TCES_PER_PAGE] = tce; + } + +-static void kvmppc_clear_tce(struct mm_struct *mm, struct iommu_table *tbl, +- unsigned long entry) ++static void kvmppc_clear_tce(struct mm_struct *mm, struct kvmppc_spapr_tce_table *stt, ++ struct iommu_table *tbl, unsigned long entry) + { +- unsigned long hpa = 0; +- enum dma_data_direction dir = DMA_NONE; ++ unsigned long i; ++ unsigned long subpages = 1ULL << (stt->page_shift - tbl->it_page_shift); ++ unsigned long io_entry = entry << (stt->page_shift - tbl->it_page_shift); ++ ++ for (i = 0; i < subpages; ++i) { ++ unsigned long hpa = 0; ++ enum dma_data_direction dir = DMA_NONE; + +- iommu_tce_xchg_no_kill(mm, tbl, entry, &hpa, &dir); ++ iommu_tce_xchg_no_kill(mm, tbl, io_entry + i, &hpa, &dir); ++ } + } + + static long kvmppc_tce_iommu_mapped_dec(struct kvm *kvm, +@@ -486,6 +492,8 @@ static long kvmppc_tce_iommu_unmap(struct kvm *kvm, + break; + } + ++ iommu_tce_kill(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -545,6 +553,8 @@ static long kvmppc_tce_iommu_map(struct kvm *kvm, + break; + } + ++ iommu_tce_kill(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -591,10 +601,9 @@ long kvmppc_h_put_tce(struct kvm_vcpu *vcpu, unsigned long liobn, + ret = kvmppc_tce_iommu_map(vcpu->kvm, stt, stit->tbl, + entry, ua, dir); + +- iommu_tce_kill(stit->tbl, entry, 1); + + if (ret != H_SUCCESS) { +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, entry); ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, entry); + goto unlock_exit; + } + } +@@ -670,13 +679,13 @@ long kvmppc_h_put_tce_indirect(struct kvm_vcpu *vcpu, + */ + if (get_user(tce, tces + i)) { + ret = H_TOO_HARD; +- goto invalidate_exit; ++ goto unlock_exit; + } + tce = be64_to_cpu(tce); + + if (kvmppc_tce_to_ua(vcpu->kvm, tce, &ua)) { + ret = H_PARAMETER; +- goto invalidate_exit; ++ goto unlock_exit; + } + + list_for_each_entry_lockless(stit, &stt->iommu_tables, next) { +@@ -685,19 +694,15 @@ long kvmppc_h_put_tce_indirect(struct kvm_vcpu *vcpu, + iommu_tce_direction(tce)); + + if (ret != H_SUCCESS) { +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, +- entry); +- goto invalidate_exit; ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, ++ entry + i); ++ goto unlock_exit; + } + } + + kvmppc_tce_put(stt, entry + i, tce); + } + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill(stit->tbl, entry, npages); +- + unlock_exit: + srcu_read_unlock(&vcpu->kvm->srcu, idx); + +@@ -736,20 +741,16 @@ long kvmppc_h_stuff_tce(struct kvm_vcpu *vcpu, + continue; + + if (ret == H_TOO_HARD) +- goto invalidate_exit; ++ return ret; + + WARN_ON_ONCE(1); +- kvmppc_clear_tce(vcpu->kvm->mm, stit->tbl, entry); ++ kvmppc_clear_tce(vcpu->kvm->mm, stt, stit->tbl, entry + i); + } + } + + for (i = 0; i < npages; ++i, ioba += (1ULL << stt->page_shift)) + kvmppc_tce_put(stt, ioba >> stt->page_shift, tce_value); + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill(stit->tbl, ioba >> stt->page_shift, npages); +- + return ret; + } + EXPORT_SYMBOL_GPL(kvmppc_h_stuff_tce); +diff --git a/arch/powerpc/kvm/book3s_64_vio_hv.c b/arch/powerpc/kvm/book3s_64_vio_hv.c +index 870b7f0c7ea5..fdeda6a9cff4 100644 +--- a/arch/powerpc/kvm/book3s_64_vio_hv.c ++++ b/arch/powerpc/kvm/book3s_64_vio_hv.c +@@ -247,13 +247,19 @@ static void iommu_tce_kill_rm(struct iommu_table *tbl, + tbl->it_ops->tce_kill(tbl, entry, pages, true); + } + +-static void kvmppc_rm_clear_tce(struct kvm *kvm, struct iommu_table *tbl, +- unsigned long entry) ++static void kvmppc_rm_clear_tce(struct kvm *kvm, struct kvmppc_spapr_tce_table *stt, ++ struct iommu_table *tbl, unsigned long entry) + { +- unsigned long hpa = 0; +- enum dma_data_direction dir = DMA_NONE; ++ unsigned long i; ++ unsigned long subpages = 1ULL << (stt->page_shift - tbl->it_page_shift); ++ unsigned long io_entry = entry << (stt->page_shift - tbl->it_page_shift); ++ ++ for (i = 0; i < subpages; ++i) { ++ unsigned long hpa = 0; ++ enum dma_data_direction dir = DMA_NONE; + +- iommu_tce_xchg_no_kill_rm(kvm->mm, tbl, entry, &hpa, &dir); ++ iommu_tce_xchg_no_kill_rm(kvm->mm, tbl, io_entry + i, &hpa, &dir); ++ } + } + + static long kvmppc_rm_tce_iommu_mapped_dec(struct kvm *kvm, +@@ -316,6 +322,8 @@ static long kvmppc_rm_tce_iommu_unmap(struct kvm *kvm, + break; + } + ++ iommu_tce_kill_rm(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -379,6 +387,8 @@ static long kvmppc_rm_tce_iommu_map(struct kvm *kvm, + break; + } + ++ iommu_tce_kill_rm(tbl, io_entry, subpages); ++ + return ret; + } + +@@ -420,10 +430,8 @@ long kvmppc_rm_h_put_tce(struct kvm_vcpu *vcpu, unsigned long liobn, + ret = kvmppc_rm_tce_iommu_map(vcpu->kvm, stt, + stit->tbl, entry, ua, dir); + +- iommu_tce_kill_rm(stit->tbl, entry, 1); +- + if (ret != H_SUCCESS) { +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, entry); ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, entry); + return ret; + } + } +@@ -561,7 +569,7 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu, + ua = 0; + if (kvmppc_rm_tce_to_ua(vcpu->kvm, tce, &ua)) { + ret = H_PARAMETER; +- goto invalidate_exit; ++ goto unlock_exit; + } + + list_for_each_entry_lockless(stit, &stt->iommu_tables, next) { +@@ -570,19 +578,15 @@ long kvmppc_rm_h_put_tce_indirect(struct kvm_vcpu *vcpu, + iommu_tce_direction(tce)); + + if (ret != H_SUCCESS) { +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, +- entry); +- goto invalidate_exit; ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, ++ entry + i); ++ goto unlock_exit; + } + } + + kvmppc_rm_tce_put(stt, entry + i, tce); + } + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill_rm(stit->tbl, entry, npages); +- + unlock_exit: + if (!prereg) + arch_spin_unlock(&kvm->mmu_lock.rlock.raw_lock); +@@ -620,20 +624,16 @@ long kvmppc_rm_h_stuff_tce(struct kvm_vcpu *vcpu, + continue; + + if (ret == H_TOO_HARD) +- goto invalidate_exit; ++ return ret; + + WARN_ON_ONCE_RM(1); +- kvmppc_rm_clear_tce(vcpu->kvm, stit->tbl, entry); ++ kvmppc_rm_clear_tce(vcpu->kvm, stt, stit->tbl, entry + i); + } + } + + for (i = 0; i < npages; ++i, ioba += (1ULL << stt->page_shift)) + kvmppc_rm_tce_put(stt, ioba >> stt->page_shift, tce_value); + +-invalidate_exit: +- list_for_each_entry_lockless(stit, &stt->iommu_tables, next) +- iommu_tce_kill_rm(stit->tbl, ioba >> stt->page_shift, npages); +- + return ret; + } + +-- +2.35.1 + diff --git a/queue-5.15/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch b/queue-5.15/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch new file mode 100644 index 00000000000..c412808af88 --- /dev/null +++ b/queue-5.15/perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch @@ -0,0 +1,89 @@ +From 74c0cdbe7a8694f0f25b2627601ba68ad70c236f Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 9 Feb 2022 09:54:17 -0500 +Subject: perf/core: Fix perf_mmap fail when CONFIG_PERF_USE_VMALLOC enabled + +From: Zhipeng Xie + +[ Upstream commit 60490e7966659b26d74bf1fa4aa8693d9a94ca88 ] + +This problem can be reproduced with CONFIG_PERF_USE_VMALLOC enabled on +both x86_64 and aarch64 arch when using sysdig -B(using ebpf)[1]. +sysdig -B works fine after rebuilding the kernel with +CONFIG_PERF_USE_VMALLOC disabled. + +I tracked it down to the if condition event->rb->nr_pages != nr_pages +in perf_mmap is true when CONFIG_PERF_USE_VMALLOC is enabled where +event->rb->nr_pages = 1 and nr_pages = 2048 resulting perf_mmap to +return -EINVAL. This is because when CONFIG_PERF_USE_VMALLOC is +enabled, rb->nr_pages is always equal to 1. + +Arch with CONFIG_PERF_USE_VMALLOC enabled by default: + arc/arm/csky/mips/sh/sparc/xtensa + +Arch with CONFIG_PERF_USE_VMALLOC disabled by default: + x86_64/aarch64/... + +Fix this problem by using data_page_nr() + +[1] https://github.com/draios/sysdig + +Fixes: 906010b2134e ("perf_event: Provide vmalloc() based mmap() backing") +Signed-off-by: Zhipeng Xie +Signed-off-by: Peter Zijlstra (Intel) +Link: https://lkml.kernel.org/r/20220209145417.6495-1-xiezhipeng1@huawei.com +Signed-off-by: Sasha Levin +--- + kernel/events/core.c | 2 +- + kernel/events/internal.h | 5 +++++ + kernel/events/ring_buffer.c | 5 ----- + 3 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 699446d60b6b..7c891a8eb323 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -6348,7 +6348,7 @@ static int perf_mmap(struct file *file, struct vm_area_struct *vma) + again: + mutex_lock(&event->mmap_mutex); + if (event->rb) { +- if (event->rb->nr_pages != nr_pages) { ++ if (data_page_nr(event->rb) != nr_pages) { + ret = -EINVAL; + goto unlock; + } +diff --git a/kernel/events/internal.h b/kernel/events/internal.h +index 228801e20788..aa23ffdaf819 100644 +--- a/kernel/events/internal.h ++++ b/kernel/events/internal.h +@@ -116,6 +116,11 @@ static inline int page_order(struct perf_buffer *rb) + } + #endif + ++static inline int data_page_nr(struct perf_buffer *rb) ++{ ++ return rb->nr_pages << page_order(rb); ++} ++ + static inline unsigned long perf_data_size(struct perf_buffer *rb) + { + return rb->nr_pages << (PAGE_SHIFT + page_order(rb)); +diff --git a/kernel/events/ring_buffer.c b/kernel/events/ring_buffer.c +index 52868716ec35..fb35b926024c 100644 +--- a/kernel/events/ring_buffer.c ++++ b/kernel/events/ring_buffer.c +@@ -859,11 +859,6 @@ void rb_free(struct perf_buffer *rb) + } + + #else +-static int data_page_nr(struct perf_buffer *rb) +-{ +- return rb->nr_pages << page_order(rb); +-} +- + static struct page * + __perf_mmap_to_page(struct perf_buffer *rb, unsigned long pgoff) + { +-- +2.35.1 + diff --git a/queue-5.15/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch b/queue-5.15/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch new file mode 100644 index 00000000000..ba4bef6fc30 --- /dev/null +++ b/queue-5.15/perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch @@ -0,0 +1,78 @@ +From 83bf48df68f144ea68a1360d53cfae9ff8ea86ea Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Apr 2022 20:32:01 +0800 +Subject: perf report: Set PERF_SAMPLE_DATA_SRC bit for Arm SPE event + +From: Leo Yan + +[ Upstream commit ccb17caecfbd542f49a2a79ae088136ba8bfb794 ] + +Since commit bb30acae4c4dacfa ("perf report: Bail out --mem-mode if mem +info is not available") "perf mem report" and "perf report --mem-mode" +don't report result if the PERF_SAMPLE_DATA_SRC bit is missed in sample +type. + +The commit ffab487052054162 ("perf: arm-spe: Fix perf report +--mem-mode") partially fixes the issue. It adds PERF_SAMPLE_DATA_SRC +bit for Arm SPE event, this allows the perf data file generated by +kernel v5.18-rc1 or later version can be reported properly. + +On the other hand, perf tool still fails to be backward compatibility +for a data file recorded by an older version's perf which contains Arm +SPE trace data. This patch is a workaround in reporting phase, when +detects ARM SPE PMU event and without PERF_SAMPLE_DATA_SRC bit, it will +force to set the bit in the sample type and give a warning info. + +Fixes: bb30acae4c4dacfa ("perf report: Bail out --mem-mode if mem info is not available") +Reviewed-by: James Clark +Signed-off-by: Leo Yan +Tested-by: German Gomez +Cc: Alexander Shishkin +Cc: Ingo Molnar +Cc: Jiri Olsa +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Cc: Ravi Bangoria +Link: https://lore.kernel.org/r/20220414123201.842754-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-report.c | 14 ++++++++++++++ + 1 file changed, 14 insertions(+) + +diff --git a/tools/perf/builtin-report.c b/tools/perf/builtin-report.c +index 997e0a4b0902..6583ad9cc7de 100644 +--- a/tools/perf/builtin-report.c ++++ b/tools/perf/builtin-report.c +@@ -349,6 +349,7 @@ static int report__setup_sample_type(struct report *rep) + struct perf_session *session = rep->session; + u64 sample_type = evlist__combined_sample_type(session->evlist); + bool is_pipe = perf_data__is_pipe(session->data); ++ struct evsel *evsel; + + if (session->itrace_synth_opts->callchain || + session->itrace_synth_opts->add_callchain || +@@ -403,6 +404,19 @@ static int report__setup_sample_type(struct report *rep) + } + + if (sort__mode == SORT_MODE__MEMORY) { ++ /* ++ * FIXUP: prior to kernel 5.18, Arm SPE missed to set ++ * PERF_SAMPLE_DATA_SRC bit in sample type. For backward ++ * compatibility, set the bit if it's an old perf data file. ++ */ ++ evlist__for_each_entry(session->evlist, evsel) { ++ if (strstr(evsel->name, "arm_spe") && ++ !(sample_type & PERF_SAMPLE_DATA_SRC)) { ++ evsel->core.attr.sample_type |= PERF_SAMPLE_DATA_SRC; ++ sample_type |= PERF_SAMPLE_DATA_SRC; ++ } ++ } ++ + if (!is_pipe && !(sample_type & PERF_SAMPLE_DATA_SRC)) { + ui__error("Selected --mem-mode but no mem data. " + "Did you call perf record without -d?\n"); +-- +2.35.1 + diff --git a/queue-5.15/perf-script-always-allow-field-data_src-for-auxtrace.patch b/queue-5.15/perf-script-always-allow-field-data_src-for-auxtrace.patch new file mode 100644 index 00000000000..99673d26de0 --- /dev/null +++ b/queue-5.15/perf-script-always-allow-field-data_src-for-auxtrace.patch @@ -0,0 +1,54 @@ +From 8bd38c34e434955d7314049dfb636a9d8f668e5e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 17 Apr 2022 19:48:37 +0800 +Subject: perf script: Always allow field 'data_src' for auxtrace + +From: Leo Yan + +[ Upstream commit c6d8df01064333dcf140eda996abdb60a60e24b3 ] + +If use command 'perf script -F,+data_src' to dump memory samples with +Arm SPE trace data, it reports error: + + # perf script -F,+data_src + Samples for 'dummy:u' event do not have DATA_SRC attribute set. Cannot print 'data_src' field. + +This is because the 'dummy:u' event is absent DATA_SRC bit in its sample +type, so if a file contains AUX area tracing data then always allow +field 'data_src' to be selected as an option for perf script. + +Fixes: e55ed3423c1bb29f ("perf arm-spe: Synthesize memory event") +Signed-off-by: Leo Yan +Cc: Adrian Hunter +Cc: Alexander Shishkin +Cc: German Gomez +Cc: Ingo Molnar +Cc: James Clark +Cc: Jiri Olsa +Cc: Leo Yan +Cc: Mark Rutland +Cc: Namhyung Kim +Cc: Peter Zijlstra +Link: https://lore.kernel.org/r/20220417114837.839896-1-leo.yan@linaro.org +Signed-off-by: Arnaldo Carvalho de Melo +Signed-off-by: Sasha Levin +--- + tools/perf/builtin-script.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/builtin-script.c b/tools/perf/builtin-script.c +index 18b56256bb6f..cb3d81adf5ca 100644 +--- a/tools/perf/builtin-script.c ++++ b/tools/perf/builtin-script.c +@@ -455,7 +455,7 @@ static int evsel__check_attr(struct evsel *evsel, struct perf_session *session) + return -EINVAL; + + if (PRINT_FIELD(DATA_SRC) && +- evsel__check_stype(evsel, PERF_SAMPLE_DATA_SRC, "DATA_SRC", PERF_OUTPUT_DATA_SRC)) ++ evsel__do_check_stype(evsel, PERF_SAMPLE_DATA_SRC, "DATA_SRC", PERF_OUTPUT_DATA_SRC, allow_user_set)) + return -EINVAL; + + if (PRINT_FIELD(WEIGHT) && +-- +2.35.1 + diff --git a/queue-5.15/powerpc-perf-fix-power10-event-alternatives.patch b/queue-5.15/powerpc-perf-fix-power10-event-alternatives.patch new file mode 100644 index 00000000000..cad05014051 --- /dev/null +++ b/queue-5.15/powerpc-perf-fix-power10-event-alternatives.patch @@ -0,0 +1,98 @@ +From 7eee6ee98a7251d06533260519bb5236abbb81eb Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Apr 2022 17:18:28 +0530 +Subject: powerpc/perf: Fix power10 event alternatives + +From: Athira Rajeev + +[ Upstream commit c6cc9a852f123301d5271f1484df8e961b2b64f1 ] + +When scheduling a group of events, there are constraint checks done to +make sure all events can go in a group. Example, one of the criteria is +that events in a group cannot use the same PMC. But platform specific +PMU supports alternative event for some of the event codes. During +perf_event_open(), if any event group doesn't match constraint check +criteria, further lookup is done to find alternative event. + +By current design, the array of alternatives events in PMU code is +expected to be sorted by column 0. This is because in +find_alternative() the return criteria is based on event code +comparison. ie. "event < ev_alt[i][0])". This optimisation is there +since find_alternative() can be called multiple times. In power10 PMU +code, the alternative event array is not sorted properly and hence there +is breakage in finding alternative event. + +To work with existing logic, fix the alternative event array to be +sorted by column 0 for power10-pmu.c + +Results: + +In case where an alternative event is not chosen when we could, events +will be multiplexed. ie, time sliced where it could actually run +concurrently. + +Example, in power10 PM_INST_CMPL_ALT(0x00002) has alternative event, +PM_INST_CMPL(0x500fa). Without the fix, if a group of events with PMC1 +to PMC4 is used along with PM_INST_CMPL_ALT, it will be time sliced +since all programmable PMC's are consumed already. But with the fix, +when it picks alternative event on PMC5, all events will run +concurrently. + +Before: + + # perf stat -e r00002,r100fc,r200fa,r300fc,r400fc + + Performance counter stats for 'system wide': + + 328668935 r00002 (79.94%) + 56501024 r100fc (79.95%) + 49564238 r200fa (79.95%) + 376 r300fc (80.19%) + 660 r400fc (79.97%) + + 4.039150522 seconds time elapsed + +With the fix, since alternative event is chosen to run on PMC6, events +will be run concurrently. + +After: + + # perf stat -e r00002,r100fc,r200fa,r300fc,r400fc + + Performance counter stats for 'system wide': + + 23596607 r00002 + 4907738 r100fc + 2283608 r200fa + 135 r300fc + 248 r400fc + + 1.664671390 seconds time elapsed + +Fixes: a64e697cef23 ("powerpc/perf: power10 Performance Monitoring support") +Signed-off-by: Athira Rajeev +Reviewed-by: Madhavan Srinivasan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220419114828.89843-2-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/power10-pmu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/arch/powerpc/perf/power10-pmu.c b/arch/powerpc/perf/power10-pmu.c +index 9dd75f385837..07ca62d084d9 100644 +--- a/arch/powerpc/perf/power10-pmu.c ++++ b/arch/powerpc/perf/power10-pmu.c +@@ -91,8 +91,8 @@ extern u64 PERF_REG_EXTENDED_MASK; + + /* Table of alternatives, sorted by column 0 */ + static const unsigned int power10_event_alternatives[][MAX_ALT] = { +- { PM_CYC_ALT, PM_CYC }, + { PM_INST_CMPL_ALT, PM_INST_CMPL }, ++ { PM_CYC_ALT, PM_CYC }, + }; + + static int power10_get_alternatives(u64 event, unsigned int flags, u64 alt[]) +-- +2.35.1 + diff --git a/queue-5.15/powerpc-perf-fix-power9-event-alternatives.patch b/queue-5.15/powerpc-perf-fix-power9-event-alternatives.patch new file mode 100644 index 00000000000..2f110917e1e --- /dev/null +++ b/queue-5.15/powerpc-perf-fix-power9-event-alternatives.patch @@ -0,0 +1,90 @@ +From d72051f71ddb0151338dcb5ac143acf746c8ae9e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 19 Apr 2022 17:18:27 +0530 +Subject: powerpc/perf: Fix power9 event alternatives + +From: Athira Rajeev + +[ Upstream commit 0dcad700bb2776e3886fe0a645a4bf13b1e747cd ] + +When scheduling a group of events, there are constraint checks done to +make sure all events can go in a group. Example, one of the criteria is +that events in a group cannot use the same PMC. But platform specific +PMU supports alternative event for some of the event codes. During +perf_event_open(), if any event group doesn't match constraint check +criteria, further lookup is done to find alternative event. + +By current design, the array of alternatives events in PMU code is +expected to be sorted by column 0. This is because in +find_alternative() the return criteria is based on event code +comparison. ie. "event < ev_alt[i][0])". This optimisation is there +since find_alternative() can be called multiple times. In power9 PMU +code, the alternative event array is not sorted properly and hence there +is breakage in finding alternative events. + +To work with existing logic, fix the alternative event array to be +sorted by column 0 for power9-pmu.c + +Results: + +With alternative events, multiplexing can be avoided. That is, for +example, in power9 PM_LD_MISS_L1 (0x3e054) has alternative event, +PM_LD_MISS_L1_ALT (0x400f0). This is an identical event which can be +programmed in a different PMC. + +Before: + + # perf stat -e r3e054,r300fc + + Performance counter stats for 'system wide': + + 1057860 r3e054 (50.21%) + 379 r300fc (49.79%) + + 0.944329741 seconds time elapsed + +Since both the events are using PMC3 in this case, they are +multiplexed here. + +After: + + # perf stat -e r3e054,r300fc + + Performance counter stats for 'system wide': + + 1006948 r3e054 + 182 r300fc + +Fixes: 91e0bd1e6251 ("powerpc/perf: Add PM_LD_MISS_L1 and PM_BR_2PATH to power9 event list") +Signed-off-by: Athira Rajeev +Reviewed-by: Madhavan Srinivasan +Signed-off-by: Michael Ellerman +Link: https://lore.kernel.org/r/20220419114828.89843-1-atrajeev@linux.vnet.ibm.com +Signed-off-by: Sasha Levin +--- + arch/powerpc/perf/power9-pmu.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/arch/powerpc/perf/power9-pmu.c b/arch/powerpc/perf/power9-pmu.c +index ff3382140d7e..cbdd074ee2a7 100644 +--- a/arch/powerpc/perf/power9-pmu.c ++++ b/arch/powerpc/perf/power9-pmu.c +@@ -133,11 +133,11 @@ int p9_dd22_bl_ev[] = { + + /* Table of alternatives, sorted by column 0 */ + static const unsigned int power9_event_alternatives[][MAX_ALT] = { +- { PM_INST_DISP, PM_INST_DISP_ALT }, +- { PM_RUN_CYC_ALT, PM_RUN_CYC }, +- { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, +- { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, + { PM_BR_2PATH, PM_BR_2PATH_ALT }, ++ { PM_INST_DISP, PM_INST_DISP_ALT }, ++ { PM_RUN_CYC_ALT, PM_RUN_CYC }, ++ { PM_LD_MISS_L1, PM_LD_MISS_L1_ALT }, ++ { PM_RUN_INST_CMPL_ALT, PM_RUN_INST_CMPL }, + }; + + static int power9_get_alternatives(u64 event, unsigned int flags, u64 alt[]) +-- +2.35.1 + diff --git a/queue-5.15/sched-pelt-fix-attach_entity_load_avg-corner-case.patch b/queue-5.15/sched-pelt-fix-attach_entity_load_avg-corner-case.patch new file mode 100644 index 00000000000..cfcc9bb0571 --- /dev/null +++ b/queue-5.15/sched-pelt-fix-attach_entity_load_avg-corner-case.patch @@ -0,0 +1,71 @@ +From bd60b22096ab9308f1bd97bc43533ec067f362b6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 14 Apr 2022 17:02:20 +0800 +Subject: sched/pelt: Fix attach_entity_load_avg() corner case + +From: kuyo chang + +[ Upstream commit 40f5aa4c5eaebfeaca4566217cb9c468e28ed682 ] + +The warning in cfs_rq_is_decayed() triggered: + + SCHED_WARN_ON(cfs_rq->avg.load_avg || + cfs_rq->avg.util_avg || + cfs_rq->avg.runnable_avg) + +There exists a corner case in attach_entity_load_avg() which will +cause load_sum to be zero while load_avg will not be. + +Consider se_weight is 88761 as per the sched_prio_to_weight[] table. +Further assume the get_pelt_divider() is 47742, this gives: +se->avg.load_avg is 1. + +However, calculating load_sum: + + se->avg.load_sum = div_u64(se->avg.load_avg * se->avg.load_sum, se_weight(se)); + se->avg.load_sum = 1*47742/88761 = 0. + +Then enqueue_load_avg() adds this to the cfs_rq totals: + + cfs_rq->avg.load_avg += se->avg.load_avg; + cfs_rq->avg.load_sum += se_weight(se) * se->avg.load_sum; + +Resulting in load_avg being 1 with load_sum is 0, which will trigger +the WARN. + +Fixes: f207934fb79d ("sched/fair: Align PELT windows between cfs_rq and its se") +Signed-off-by: kuyo chang +[peterz: massage changelog] +Signed-off-by: Peter Zijlstra (Intel) +Reviewed-by: Vincent Guittot +Tested-by: Dietmar Eggemann +Link: https://lkml.kernel.org/r/20220414090229.342-1-kuyo.chang@mediatek.com +Signed-off-by: Sasha Levin +--- + kernel/sched/fair.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index 02766f3fe206..9a4fa22a69ed 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -3794,11 +3794,11 @@ static void attach_entity_load_avg(struct cfs_rq *cfs_rq, struct sched_entity *s + + se->avg.runnable_sum = se->avg.runnable_avg * divider; + +- se->avg.load_sum = divider; +- if (se_weight(se)) { +- se->avg.load_sum = +- div_u64(se->avg.load_avg * se->avg.load_sum, se_weight(se)); +- } ++ se->avg.load_sum = se->avg.load_avg * divider; ++ if (se_weight(se) < se->avg.load_sum) ++ se->avg.load_sum = div_u64(se->avg.load_sum, se_weight(se)); ++ else ++ se->avg.load_sum = 1; + + enqueue_load_avg(cfs_rq, se); + cfs_rq->avg.util_avg += se->avg.util_avg; +-- +2.35.1 + diff --git a/queue-5.15/scsi-sr-do-not-leak-information-in-ioctl.patch b/queue-5.15/scsi-sr-do-not-leak-information-in-ioctl.patch new file mode 100644 index 00000000000..3e1a99d3d3c --- /dev/null +++ b/queue-5.15/scsi-sr-do-not-leak-information-in-ioctl.patch @@ -0,0 +1,120 @@ +From 0621e0e45f193ebe88e166b75973dfc607163a30 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 11 Apr 2022 13:47:56 -0400 +Subject: scsi: sr: Do not leak information in ioctl + +From: Tom Rix + +[ Upstream commit faad6cebded8e0fd902b672f220449b93db479eb ] + +sr_ioctl.c uses this pattern: + + result = sr_do_ioctl(cd, &cgc); + to-user = buffer[]; + kfree(buffer); + return result; + +Use of a buffer without checking leaks information. Check result and jump +over the use of buffer if there is an error. + + result = sr_do_ioctl(cd, &cgc); + if (result) + goto err; + to-user = buffer[]; +err: + kfree(buffer); + return result; + +Additionally, initialize the buffer to zero. + +This problem can be seen in the 2.4.0 kernel. + +Link: https://lore.kernel.org/r/20220411174756.2418435-1-trix@redhat.com +Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") +Reviewed-by: Christoph Hellwig +Signed-off-by: Tom Rix +Signed-off-by: Martin K. Petersen +Signed-off-by: Sasha Levin +--- + drivers/scsi/sr_ioctl.c | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/drivers/scsi/sr_ioctl.c b/drivers/scsi/sr_ioctl.c +index ddd00efc4882..fbdb5124d7f7 100644 +--- a/drivers/scsi/sr_ioctl.c ++++ b/drivers/scsi/sr_ioctl.c +@@ -41,7 +41,7 @@ static int sr_read_tochdr(struct cdrom_device_info *cdi, + int result; + unsigned char *buffer; + +- buffer = kmalloc(32, GFP_KERNEL); ++ buffer = kzalloc(32, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + +@@ -55,10 +55,13 @@ static int sr_read_tochdr(struct cdrom_device_info *cdi, + cgc.data_direction = DMA_FROM_DEVICE; + + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + tochdr->cdth_trk0 = buffer[2]; + tochdr->cdth_trk1 = buffer[3]; + ++err: + kfree(buffer); + return result; + } +@@ -71,7 +74,7 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + int result; + unsigned char *buffer; + +- buffer = kmalloc(32, GFP_KERNEL); ++ buffer = kzalloc(32, GFP_KERNEL); + if (!buffer) + return -ENOMEM; + +@@ -86,6 +89,8 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + cgc.data_direction = DMA_FROM_DEVICE; + + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + tocentry->cdte_ctrl = buffer[5] & 0xf; + tocentry->cdte_adr = buffer[5] >> 4; +@@ -98,6 +103,7 @@ static int sr_read_tocentry(struct cdrom_device_info *cdi, + tocentry->cdte_addr.lba = (((((buffer[8] << 8) + buffer[9]) << 8) + + buffer[10]) << 8) + buffer[11]; + ++err: + kfree(buffer); + return result; + } +@@ -384,7 +390,7 @@ int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn) + { + Scsi_CD *cd = cdi->handle; + struct packet_command cgc; +- char *buffer = kmalloc(32, GFP_KERNEL); ++ char *buffer = kzalloc(32, GFP_KERNEL); + int result; + + if (!buffer) +@@ -400,10 +406,13 @@ int sr_get_mcn(struct cdrom_device_info *cdi, struct cdrom_mcn *mcn) + cgc.data_direction = DMA_FROM_DEVICE; + cgc.timeout = IOCTL_TIMEOUT; + result = sr_do_ioctl(cd, &cgc); ++ if (result) ++ goto err; + + memcpy(mcn->medium_catalog_number, buffer + 9, 13); + mcn->medium_catalog_number[13] = 0; + ++err: + kfree(buffer); + return result; + } +-- +2.35.1 + diff --git a/queue-5.15/series b/queue-5.15/series index f86bbf7bb68..29e2573eb2b 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -74,3 +74,15 @@ vfs-filename_create-fix-incorrect-intent.patch nvme-add-a-quirk-to-disable-namespace-identifiers.patch nvme-pci-disable-namespace-identifiers-for-the-maxio.patch nvme-pci-disable-namespace-identifiers-for-qemu-cont.patch +input-omap4-keypad-fix-pm_runtime_get_sync-error-che.patch +scsi-sr-do-not-leak-information-in-ioctl.patch +sched-pelt-fix-attach_entity_load_avg-corner-case.patch +perf-core-fix-perf_mmap-fail-when-config_perf_use_vm.patch +drm-panel-raspberrypi-touchscreen-avoid-null-deref-i.patch +drm-panel-raspberrypi-touchscreen-initialise-the-bri.patch +kvm-ppc-fix-tce-handling-for-vfio.patch +drm-vc4-use-pm_runtime_resume_and_get-to-fix-pm_runt.patch +powerpc-perf-fix-power9-event-alternatives.patch +powerpc-perf-fix-power10-event-alternatives.patch +perf-script-always-allow-field-data_src-for-auxtrace.patch +perf-report-set-perf_sample_data_src-bit-for-arm-spe.patch