From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 24 Oct 2022 11:19:01 +0000 (+0200)
Subject: 5.15-stable patches
X-Git-Tag: v6.0.4~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=354d495335f7446c619abd1cf5b5fbd68c9165c5;p=thirdparty%2Fkernel%2Fstable-queue.git

5.15-stable patches

added patches:
	gcov-support-gcc-12.1-and-newer-compilers.patch
	io-wq-fix-memory-leak-in-worker-creation.patch
---

diff --git a/queue-5.15/gcov-support-gcc-12.1-and-newer-compilers.patch b/queue-5.15/gcov-support-gcc-12.1-and-newer-compilers.patch
new file mode 100644
index 00000000000..45f3838c6da
--- /dev/null
+++ b/queue-5.15/gcov-support-gcc-12.1-and-newer-compilers.patch
@@ -0,0 +1,80 @@
+From 977ef30a7d888eeb52fb6908f99080f33e5309a8 Mon Sep 17 00:00:00 2001
+From: Martin Liska <mliska@suse.cz>
+Date: Thu, 13 Oct 2022 09:40:59 +0200
+Subject: gcov: support GCC 12.1 and newer compilers
+
+From: Martin Liska <mliska@suse.cz>
+
+commit 977ef30a7d888eeb52fb6908f99080f33e5309a8 upstream.
+
+Starting with GCC 12.1, the created .gcda format can't be read by gcov
+tool.  There are 2 significant changes to the .gcda file format that
+need to be supported:
+
+a) [gcov: Use system IO buffering]
+   (23eb66d1d46a34cb28c4acbdf8a1deb80a7c5a05) changed that all sizes in
+   the format are in bytes and not in words (4B)
+
+b) [gcov: make profile merging smarter]
+   (72e0c742bd01f8e7e6dcca64042b9ad7e75979de) add a new checksum to the
+   file header.
+
+Tested with GCC 7.5, 10.4, 12.2 and the current master.
+
+Link: https://lkml.kernel.org/r/624bda92-f307-30e9-9aaa-8cc678b2dfb2@suse.cz
+Signed-off-by: Martin Liska <mliska@suse.cz>
+Tested-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Reviewed-by: Peter Oberparleiter <oberpar@linux.ibm.com>
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ kernel/gcov/gcc_4_7.c |   18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+--- a/kernel/gcov/gcc_4_7.c
++++ b/kernel/gcov/gcc_4_7.c
+@@ -30,6 +30,13 @@
+ 
+ #define GCOV_TAG_FUNCTION_LENGTH	3
+ 
++/* Since GCC 12.1 sizes are in BYTES and not in WORDS (4B). */
++#if (__GNUC__ >= 12)
++#define GCOV_UNIT_SIZE				4
++#else
++#define GCOV_UNIT_SIZE				1
++#endif
++
+ static struct gcov_info *gcov_info_head;
+ 
+ /**
+@@ -383,12 +390,18 @@ size_t convert_to_gcda(char *buffer, str
+ 	pos += store_gcov_u32(buffer, pos, info->version);
+ 	pos += store_gcov_u32(buffer, pos, info->stamp);
+ 
++#if (__GNUC__ >= 12)
++	/* Use zero as checksum of the compilation unit. */
++	pos += store_gcov_u32(buffer, pos, 0);
++#endif
++
+ 	for (fi_idx = 0; fi_idx < info->n_functions; fi_idx++) {
+ 		fi_ptr = info->functions[fi_idx];
+ 
+ 		/* Function record. */
+ 		pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION);
+-		pos += store_gcov_u32(buffer, pos, GCOV_TAG_FUNCTION_LENGTH);
++		pos += store_gcov_u32(buffer, pos,
++			GCOV_TAG_FUNCTION_LENGTH * GCOV_UNIT_SIZE);
+ 		pos += store_gcov_u32(buffer, pos, fi_ptr->ident);
+ 		pos += store_gcov_u32(buffer, pos, fi_ptr->lineno_checksum);
+ 		pos += store_gcov_u32(buffer, pos, fi_ptr->cfg_checksum);
+@@ -402,7 +415,8 @@ size_t convert_to_gcda(char *buffer, str
+ 			/* Counter record. */
+ 			pos += store_gcov_u32(buffer, pos,
+ 					      GCOV_TAG_FOR_COUNTER(ct_idx));
+-			pos += store_gcov_u32(buffer, pos, ci_ptr->num * 2);
++			pos += store_gcov_u32(buffer, pos,
++				ci_ptr->num * 2 * GCOV_UNIT_SIZE);
+ 
+ 			for (cv_idx = 0; cv_idx < ci_ptr->num; cv_idx++) {
+ 				pos += store_gcov_u64(buffer, pos,
diff --git a/queue-5.15/io-wq-fix-memory-leak-in-worker-creation.patch b/queue-5.15/io-wq-fix-memory-leak-in-worker-creation.patch
new file mode 100644
index 00000000000..92acae4aeb5
--- /dev/null
+++ b/queue-5.15/io-wq-fix-memory-leak-in-worker-creation.patch
@@ -0,0 +1,55 @@
+From 996d3efeb091c503afd3ee6b5e20eabf446fd955 Mon Sep 17 00:00:00 2001
+From: Rafael Mendonca <rafaelmendsr@gmail.com>
+Date: Wed, 19 Oct 2022 22:47:09 -0300
+Subject: io-wq: Fix memory leak in worker creation
+
+From: Rafael Mendonca <rafaelmendsr@gmail.com>
+
+commit 996d3efeb091c503afd3ee6b5e20eabf446fd955 upstream.
+
+If the CPU mask allocation for a node fails, then the memory allocated for
+the 'io_wqe' struct of the current node doesn't get freed on the error
+handling path, since it has not yet been added to the 'wqes' array.
+
+This was spotted when fuzzing v6.1-rc1 with Syzkaller:
+BUG: memory leak
+unreferenced object 0xffff8880093d5000 (size 1024):
+  comm "syz-executor.2", pid 7701, jiffies 4295048595 (age 13.900s)
+  hex dump (first 32 bytes):
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
+  backtrace:
+    [<00000000cb463369>] __kmem_cache_alloc_node+0x18e/0x720
+    [<00000000147a3f9c>] kmalloc_node_trace+0x2a/0x130
+    [<000000004e107011>] io_wq_create+0x7b9/0xdc0
+    [<00000000c38b2018>] io_uring_alloc_task_context+0x31e/0x59d
+    [<00000000867399da>] __io_uring_add_tctx_node.cold+0x19/0x1ba
+    [<000000007e0e7a79>] io_uring_setup.cold+0x1b80/0x1dce
+    [<00000000b545e9f6>] __x64_sys_io_uring_setup+0x5d/0x80
+    [<000000008a8a7508>] do_syscall_64+0x5d/0x90
+    [<000000004ac08bec>] entry_SYSCALL_64_after_hwframe+0x63/0xcd
+
+Fixes: 0e03496d1967 ("io-wq: use private CPU mask")
+Cc: stable@vger.kernel.org
+Signed-off-by: Rafael Mendonca <rafaelmendsr@gmail.com>
+Link: https://lore.kernel.org/r/20221020014710.902201-1-rafaelmendsr@gmail.com
+Signed-off-by: Jens Axboe <axboe@kernel.dk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/io-wq.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/fs/io-wq.c
++++ b/fs/io-wq.c
+@@ -1152,10 +1152,10 @@ struct io_wq *io_wq_create(unsigned boun
+ 		wqe = kzalloc_node(sizeof(struct io_wqe), GFP_KERNEL, alloc_node);
+ 		if (!wqe)
+ 			goto err;
++		wq->wqes[node] = wqe;
+ 		if (!alloc_cpumask_var(&wqe->cpu_mask, GFP_KERNEL))
+ 			goto err;
+ 		cpumask_copy(wqe->cpu_mask, cpumask_of_node(node));
+-		wq->wqes[node] = wqe;
+ 		wqe->node = alloc_node;
+ 		wqe->acct[IO_WQ_ACCT_BOUND].max_workers = bounded;
+ 		wqe->acct[IO_WQ_ACCT_UNBOUND].max_workers =
diff --git a/queue-5.15/series b/queue-5.15/series
index dcd562da687..d1d66c9e477 100644
--- a/queue-5.15/series
+++ b/queue-5.15/series
@@ -526,3 +526,5 @@ kconfig.debug-add-toolchain-checks-for-debug_info_dwarf_toolchain_default.patch
 lib-kconfig.debug-add-check-for-non-constant-.-s-u-leb128-support-to-dwarf5.patch
 ext4-continue-to-expand-file-system-when-the-target-size-doesn-t-reach.patch
 thermal-intel_powerclamp-use-first-online-cpu-as-control_cpu.patch
+gcov-support-gcc-12.1-and-newer-compilers.patch
+io-wq-fix-memory-leak-in-worker-creation.patch