From: Sasha Levin Date: Mon, 20 Jun 2022 07:16:28 +0000 (-0400) Subject: Fixes for 5.18 X-Git-Tag: v5.4.200~54 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3ceb3068bdf8e0ad77152e551e6187058257bb48;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.18 Signed-off-by: Sasha Levin --- diff --git a/queue-5.18/faddr2line-fix-overlapping-text-section-failures-the.patch b/queue-5.18/faddr2line-fix-overlapping-text-section-failures-the.patch new file mode 100644 index 00000000000..95976097104 --- /dev/null +++ b/queue-5.18/faddr2line-fix-overlapping-text-section-failures-the.patch @@ -0,0 +1,139 @@ +From 52db3cf7ea85012bd984a050d8174b11d1571741 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 17:42:22 -0700 +Subject: faddr2line: Fix overlapping text section failures, the sequel + +From: Josh Poimboeuf + +[ Upstream commit dcea997beed694cbd8705100ca1a6eb0d886de69 ] + +If a function lives in a section other than .text, but .text also exists +in the object, faddr2line may wrongly assume .text. This can result in +comically wrong output. For example: + + $ scripts/faddr2line vmlinux.o enter_from_user_mode+0x1c + enter_from_user_mode+0x1c/0x30: + find_next_bit at /home/jpoimboe/git/linux/./include/linux/find.h:40 + (inlined by) perf_clear_dirty_counters at /home/jpoimboe/git/linux/arch/x86/events/core.c:2504 + +Fix it by passing the section name to addr2line, unless the object file +is vmlinux, in which case the symbol table uses absolute addresses. + +Fixes: 1d1a0e7c5100 ("scripts/faddr2line: Fix overlapping text section failures") +Reported-by: Peter Zijlstra +Signed-off-by: Josh Poimboeuf +Link: https://lore.kernel.org/r/7d25bc1408bd3a750ac26e60d2f2815a5f4a8363.1654130536.git.jpoimboe@kernel.org +Signed-off-by: Sasha Levin +--- + scripts/faddr2line | 45 ++++++++++++++++++++++++++++++++++----------- + 1 file changed, 34 insertions(+), 11 deletions(-) + +diff --git a/scripts/faddr2line b/scripts/faddr2line +index 0e6268d59883..94ed98dd899f 100755 +--- a/scripts/faddr2line ++++ b/scripts/faddr2line +@@ -95,17 +95,25 @@ __faddr2line() { + local print_warnings=$4 + + local sym_name=${func_addr%+*} +- local offset=${func_addr#*+} +- offset=${offset%/*} ++ local func_offset=${func_addr#*+} ++ func_offset=${func_offset%/*} + local user_size= ++ local file_type ++ local is_vmlinux=0 + [[ $func_addr =~ "/" ]] && user_size=${func_addr#*/} + +- if [[ -z $sym_name ]] || [[ -z $offset ]] || [[ $sym_name = $func_addr ]]; then ++ if [[ -z $sym_name ]] || [[ -z $func_offset ]] || [[ $sym_name = $func_addr ]]; then + warn "bad func+offset $func_addr" + DONE=1 + return + fi + ++ # vmlinux uses absolute addresses in the section table rather than ++ # section offsets. ++ local file_type=$(${READELF} --file-header $objfile | ++ ${AWK} '$1 == "Type:" { print $2; exit }') ++ [[ $file_type = "EXEC" ]] && is_vmlinux=1 ++ + # Go through each of the object's symbols which match the func name. + # In rare cases there might be duplicates, in which case we print all + # matches. +@@ -114,9 +122,11 @@ __faddr2line() { + local sym_addr=0x${fields[1]} + local sym_elf_size=${fields[2]} + local sym_sec=${fields[6]} ++ local sec_size ++ local sec_name + + # Get the section size: +- local sec_size=$(${READELF} --section-headers --wide $objfile | ++ sec_size=$(${READELF} --section-headers --wide $objfile | + sed 's/\[ /\[/' | + ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print "0x" $6; exit }') + +@@ -126,6 +136,17 @@ __faddr2line() { + return + fi + ++ # Get the section name: ++ sec_name=$(${READELF} --section-headers --wide $objfile | ++ sed 's/\[ /\[/' | ++ ${AWK} -v sec=$sym_sec '$1 == "[" sec "]" { print $2; exit }') ++ ++ if [[ -z $sec_name ]]; then ++ warn "bad section name: section: $sym_sec" ++ DONE=1 ++ return ++ fi ++ + # Calculate the symbol size. + # + # Unfortunately we can't use the ELF size, because kallsyms +@@ -174,10 +195,10 @@ __faddr2line() { + + sym_size=0x$(printf %x $sym_size) + +- # Calculate the section address from user-supplied offset: +- local addr=$(($sym_addr + $offset)) ++ # Calculate the address from user-supplied offset: ++ local addr=$(($sym_addr + $func_offset)) + if [[ -z $addr ]] || [[ $addr = 0 ]]; then +- warn "bad address: $sym_addr + $offset" ++ warn "bad address: $sym_addr + $func_offset" + DONE=1 + return + fi +@@ -191,9 +212,9 @@ __faddr2line() { + fi + + # Make sure the provided offset is within the symbol's range: +- if [[ $offset -gt $sym_size ]]; then ++ if [[ $func_offset -gt $sym_size ]]; then + [[ $print_warnings = 1 ]] && +- echo "skipping $sym_name address at $addr due to size mismatch ($offset > $sym_size)" ++ echo "skipping $sym_name address at $addr due to size mismatch ($func_offset > $sym_size)" + continue + fi + +@@ -202,11 +223,13 @@ __faddr2line() { + [[ $FIRST = 0 ]] && echo + FIRST=0 + +- echo "$sym_name+$offset/$sym_size:" ++ echo "$sym_name+$func_offset/$sym_size:" + + # Pass section address to addr2line and strip absolute paths + # from the output: +- local output=$(${ADDR2LINE} -fpie $objfile $addr | sed "s; $dir_prefix\(\./\)*; ;") ++ local args="--functions --pretty-print --inlines --exe=$objfile" ++ [[ $is_vmlinux = 0 ]] && args="$args --section=$sec_name" ++ local output=$(${ADDR2LINE} $args $addr | sed "s; $dir_prefix\(\./\)*; ;") + [[ -z $output ]] && continue + + # Default output (non --list): +-- +2.35.1 + diff --git a/queue-5.18/i2c-designware-use-standard-optional-ref-clock-imple.patch b/queue-5.18/i2c-designware-use-standard-optional-ref-clock-imple.patch new file mode 100644 index 00000000000..29db50478a0 --- /dev/null +++ b/queue-5.18/i2c-designware-use-standard-optional-ref-clock-imple.patch @@ -0,0 +1,80 @@ +From 36cc9f3baeb83e67dd0d819c9b215f76a7b0405e Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 10 Jun 2022 10:42:33 +0300 +Subject: i2c: designware: Use standard optional ref clock implementation + +From: Serge Semin + +[ Upstream commit 27071b5cbca59d8e8f8750c199a6cbf8c9799963 ] + +Even though the DW I2C controller reference clock source is requested by +the method devm_clk_get() with non-optional clock requirement the way the +clock handler is used afterwards has a pure optional clock semantic +(though in some circumstances we can get a warning about the clock missing +printed in the system console). There is no point in reimplementing that +functionality seeing the kernel clock framework already supports the +optional interface from scratch. Thus let's convert the platform driver to +using it. + +Note by providing this commit we get to fix two problems. The first one +was introduced in commit c62ebb3d5f0d ("i2c: designware: Add support for +an interface clock"). It causes not having the interface clock (pclk) +enabled/disabled in case if the reference clock isn't provided. The second +problem was first introduced in commit b33af11de236 ("i2c: designware: Do +not require clock when SSCN and FFCN are provided"). Since that +modification the deferred probe procedure has been unsupported in case if +the interface clock isn't ready. + +Fixes: c62ebb3d5f0d ("i2c: designware: Add support for an interface clock") +Fixes: b33af11de236 ("i2c: designware: Do not require clock when SSCN and FFCN are provided") +Signed-off-by: Serge Semin +Reviewed-by: Andy Shevchenko +Acked-by: Jarkko Nikula +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-designware-common.c | 3 --- + drivers/i2c/busses/i2c-designware-platdrv.c | 13 +++++++++++-- + 2 files changed, 11 insertions(+), 5 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-designware-common.c b/drivers/i2c/busses/i2c-designware-common.c +index 9f8574320eb2..b08e5bc2b64c 100644 +--- a/drivers/i2c/busses/i2c-designware-common.c ++++ b/drivers/i2c/busses/i2c-designware-common.c +@@ -477,9 +477,6 @@ int i2c_dw_prepare_clk(struct dw_i2c_dev *dev, bool prepare) + { + int ret; + +- if (IS_ERR(dev->clk)) +- return PTR_ERR(dev->clk); +- + if (prepare) { + /* Optional interface clock */ + ret = clk_prepare_enable(dev->pclk); +diff --git a/drivers/i2c/busses/i2c-designware-platdrv.c b/drivers/i2c/busses/i2c-designware-platdrv.c +index 70ade5306e45..ba043b547393 100644 +--- a/drivers/i2c/busses/i2c-designware-platdrv.c ++++ b/drivers/i2c/busses/i2c-designware-platdrv.c +@@ -320,8 +320,17 @@ static int dw_i2c_plat_probe(struct platform_device *pdev) + goto exit_reset; + } + +- dev->clk = devm_clk_get(&pdev->dev, NULL); +- if (!i2c_dw_prepare_clk(dev, true)) { ++ dev->clk = devm_clk_get_optional(&pdev->dev, NULL); ++ if (IS_ERR(dev->clk)) { ++ ret = PTR_ERR(dev->clk); ++ goto exit_reset; ++ } ++ ++ ret = i2c_dw_prepare_clk(dev, true); ++ if (ret) ++ goto exit_reset; ++ ++ if (dev->clk) { + u64 clk_khz; + + dev->get_clk_rate_khz = i2c_dw_get_clk_rate_khz; +-- +2.35.1 + diff --git a/queue-5.18/i2c-mediatek-fix-an-error-handling-path-in-mtk_i2c_p.patch b/queue-5.18/i2c-mediatek-fix-an-error-handling-path-in-mtk_i2c_p.patch new file mode 100644 index 00000000000..6bc52f8fb88 --- /dev/null +++ b/queue-5.18/i2c-mediatek-fix-an-error-handling-path-in-mtk_i2c_p.patch @@ -0,0 +1,57 @@ +From 8612953538b62072bcd9e684286dbd13bcb09d01 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Sun, 22 May 2022 14:22:07 +0200 +Subject: i2c: mediatek: Fix an error handling path in mtk_i2c_probe() + +From: Christophe JAILLET + +[ Upstream commit de87b603b0919e31578c8fa312a3541f1fb37e1c ] + +The clsk are prepared, enabled, then disabled. So if an error occurs after +the disable step, they are still prepared. + +Add an error handling path to unprepare the clks in such a case, as already +done in the .remove function. + +Fixes: 8b4fc246c3ff ("i2c: mediatek: Optimize master_xfer() and avoid circular locking") +Signed-off-by: Christophe JAILLET +Reviewed-by: AngeloGioacchino Del Regno +Reviewed-by: Qii Wang +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-mt65xx.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-mt65xx.c b/drivers/i2c/busses/i2c-mt65xx.c +index bdecb78bfc26..8e6985354fd5 100644 +--- a/drivers/i2c/busses/i2c-mt65xx.c ++++ b/drivers/i2c/busses/i2c-mt65xx.c +@@ -1420,17 +1420,22 @@ static int mtk_i2c_probe(struct platform_device *pdev) + if (ret < 0) { + dev_err(&pdev->dev, + "Request I2C IRQ %d fail\n", irq); +- return ret; ++ goto err_bulk_unprepare; + } + + i2c_set_adapdata(&i2c->adap, i2c); + ret = i2c_add_adapter(&i2c->adap); + if (ret) +- return ret; ++ goto err_bulk_unprepare; + + platform_set_drvdata(pdev, i2c); + + return 0; ++ ++err_bulk_unprepare: ++ clk_bulk_unprepare(I2C_MT65XX_CLK_MAX, i2c->clocks); ++ ++ return ret; + } + + static int mtk_i2c_remove(struct platform_device *pdev) +-- +2.35.1 + diff --git a/queue-5.18/i2c-npcm7xx-add-check-for-platform_driver_register.patch b/queue-5.18/i2c-npcm7xx-add-check-for-platform_driver_register.patch new file mode 100644 index 00000000000..d95be1d4c5d --- /dev/null +++ b/queue-5.18/i2c-npcm7xx-add-check-for-platform_driver_register.patch @@ -0,0 +1,39 @@ +From 00f3f2b4c199a57014cb2193a1548b6160b876d1 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 26 May 2022 17:41:00 +0800 +Subject: i2c: npcm7xx: Add check for platform_driver_register + +From: Jiasheng Jiang + +[ Upstream commit 6ba12b56b9b844b83ed54fb7ed59fb0eb41e4045 ] + +As platform_driver_register() could fail, it should be better +to deal with the return value in order to maintain the code +consisitency. + +Fixes: 56a1485b102e ("i2c: npcm7xx: Add Nuvoton NPCM I2C controller driver") +Signed-off-by: Jiasheng Jiang +Acked-by: Tali Perry +Signed-off-by: Wolfram Sang +Signed-off-by: Sasha Levin +--- + drivers/i2c/busses/i2c-npcm7xx.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c +index c638f2efb97c..743ac20a405c 100644 +--- a/drivers/i2c/busses/i2c-npcm7xx.c ++++ b/drivers/i2c/busses/i2c-npcm7xx.c +@@ -2369,8 +2369,7 @@ static struct platform_driver npcm_i2c_bus_driver = { + static int __init npcm_i2c_init(void) + { + npcm_i2c_debugfs_dir = debugfs_create_dir("npcm_i2c", NULL); +- platform_driver_register(&npcm_i2c_bus_driver); +- return 0; ++ return platform_driver_register(&npcm_i2c_bus_driver); + } + module_init(npcm_i2c_init); + +-- +2.35.1 + diff --git a/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-aic_of_ic_ini.patch b/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-aic_of_ic_ini.patch new file mode 100644 index 00000000000..085ffff62df --- /dev/null +++ b/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-aic_of_ic_ini.patch @@ -0,0 +1,37 @@ +From 8885ea00b91811019a196418df2ab5fa1e327ebf Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:27 +0400 +Subject: irqchip/apple-aic: Fix refcount leak in aic_of_ic_init + +From: Miaoqian Lin + +[ Upstream commit 3d45670fab3c25a7452721e4588cc95c51cda134 ] + +of_get_child_by_name() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: a5e8801202b3 ("irqchip/apple-aic: Parse FIQ affinities from device-tree") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-4-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-apple-aic.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/irqchip/irq-apple-aic.c b/drivers/irqchip/irq-apple-aic.c +index 478d0af16d9f..5ac83185ff47 100644 +--- a/drivers/irqchip/irq-apple-aic.c ++++ b/drivers/irqchip/irq-apple-aic.c +@@ -1144,6 +1144,7 @@ static int __init aic_of_ic_init(struct device_node *node, struct device_node *p + for_each_child_of_node(affs, chld) + build_fiq_affinity(irqc, chld); + } ++ of_node_put(affs); + + set_handle_irq(aic_handle_irq); + set_handle_fiq(aic_handle_fiq); +-- +2.35.1 + diff --git a/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-build_fiq_aff.patch b/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-build_fiq_aff.patch new file mode 100644 index 00000000000..9d42af8346f --- /dev/null +++ b/queue-5.18/irqchip-apple-aic-fix-refcount-leak-in-build_fiq_aff.patch @@ -0,0 +1,37 @@ +From 70b35bfec33268a3f6ec0834da5f2d72da654f7a Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:26 +0400 +Subject: irqchip/apple-aic: Fix refcount leak in build_fiq_affinity + +From: Miaoqian Lin + +[ Upstream commit b1ac803f47cb1615468f35cf1ccb553c52087301 ] + +of_find_node_by_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: a5e8801202b3 ("irqchip/apple-aic: Parse FIQ affinities from device-tree") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-3-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-apple-aic.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/irqchip/irq-apple-aic.c b/drivers/irqchip/irq-apple-aic.c +index 12dd48727a15..478d0af16d9f 100644 +--- a/drivers/irqchip/irq-apple-aic.c ++++ b/drivers/irqchip/irq-apple-aic.c +@@ -1035,6 +1035,7 @@ static void build_fiq_affinity(struct aic_irq_chip *ic, struct device_node *aff) + continue; + + cpu = of_cpu_node_to_id(cpu_node); ++ of_node_put(cpu_node); + if (WARN_ON(cpu < 0)) + continue; + +-- +2.35.1 + diff --git a/queue-5.18/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch b/queue-5.18/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch new file mode 100644 index 00000000000..9c3dbdce44a --- /dev/null +++ b/queue-5.18/irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch @@ -0,0 +1,37 @@ +From bad130d7163ee8ef951fae7cf3b4f2f4b4108ca4 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:25 +0400 +Subject: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init + +From: Miaoqian Lin + +[ Upstream commit f4b98e314888cc51486421bcf6d52852452ea48b ] + +of_find_matching_node_and_match() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: 82b0a434b436 ("irqchip/gic/realview: Support more RealView DCC variants") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-2-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-realview.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/drivers/irqchip/irq-gic-realview.c b/drivers/irqchip/irq-gic-realview.c +index b4c1924f0255..38fab02ffe9d 100644 +--- a/drivers/irqchip/irq-gic-realview.c ++++ b/drivers/irqchip/irq-gic-realview.c +@@ -57,6 +57,7 @@ realview_gic_of_init(struct device_node *node, struct device_node *parent) + + /* The PB11MPCore GIC needs to be configured in the syscon */ + map = syscon_node_to_regmap(np); ++ of_node_put(np); + if (!IS_ERR(map)) { + /* new irq mode with no DCC */ + regmap_write(map, REALVIEW_SYS_LOCK_OFFSET, +-- +2.35.1 + diff --git a/queue-5.18/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch b/queue-5.18/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch new file mode 100644 index 00000000000..6cb673d3b4e --- /dev/null +++ b/queue-5.18/irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch @@ -0,0 +1,39 @@ +From 19ce237ebe1f69ca274ffef73cd885729a829785 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:28 +0400 +Subject: irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions + +From: Miaoqian Lin + +[ Upstream commit ec8401a429ffee34ccf38cebf3443f8d5ae6cb0d ] + +of_get_child_by_name() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +When kcalloc fails, it missing of_node_put() and results in refcount +leak. Fix this by goto out_put_node label. + +Fixes: 52085d3f2028 ("irqchip/gic-v3: Dynamically allocate PPI partition descriptors") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-5-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-v3.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c +index 1af2b50f36f3..7855a2d7499e 100644 +--- a/drivers/irqchip/irq-gic-v3.c ++++ b/drivers/irqchip/irq-gic-v3.c +@@ -1922,7 +1922,7 @@ static void __init gic_populate_ppi_partitions(struct device_node *gic_node) + + gic_data.ppi_descs = kcalloc(gic_data.ppi_nr, sizeof(*gic_data.ppi_descs), GFP_KERNEL); + if (!gic_data.ppi_descs) +- return; ++ goto out_put_node; + + nr_parts = of_get_child_count(parts_node); + +-- +2.35.1 + diff --git a/queue-5.18/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch b/queue-5.18/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch new file mode 100644 index 00000000000..7c5e3a145a1 --- /dev/null +++ b/queue-5.18/irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch @@ -0,0 +1,46 @@ +From a2269da2f05e700b823df52cfe1fa289f60ae9c8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:29 +0400 +Subject: irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions + +From: Miaoqian Lin + +[ Upstream commit fa1ad9d4cc47ca2470cd904ad4519f05d7e43a2b ] + +of_find_node_by_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +Add missing of_node_put() to avoid refcount leak. + +Fixes: e3825ba1af3a ("irqchip/gic-v3: Add support for partitioned PPIs") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-6-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-gic-v3.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-gic-v3.c b/drivers/irqchip/irq-gic-v3.c +index 7855a2d7499e..d5420f9d6219 100644 +--- a/drivers/irqchip/irq-gic-v3.c ++++ b/drivers/irqchip/irq-gic-v3.c +@@ -1963,12 +1963,15 @@ static void __init gic_populate_ppi_partitions(struct device_node *gic_node) + continue; + + cpu = of_cpu_node_to_id(cpu_node); +- if (WARN_ON(cpu < 0)) ++ if (WARN_ON(cpu < 0)) { ++ of_node_put(cpu_node); + continue; ++ } + + pr_cont("%pOF[%d] ", cpu_node, cpu); + + cpumask_set_cpu(cpu, &part->mask); ++ of_node_put(cpu_node); + } + + pr_cont("}\n"); +-- +2.35.1 + diff --git a/queue-5.18/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch b/queue-5.18/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch new file mode 100644 index 00000000000..59818f03d77 --- /dev/null +++ b/queue-5.18/irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch @@ -0,0 +1,42 @@ +From fd448447b570554e3ae16e1fec01b62fb18c9ff8 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Wed, 1 Jun 2022 12:09:30 +0400 +Subject: irqchip/realtek-rtl: Fix refcount leak in map_interrupts + +From: Miaoqian Lin + +[ Upstream commit eff4780f83d0ae3e5b6c02ff5d999dc4c1c5c8ce ] + +of_find_node_by_phandle() returns a node pointer with refcount +incremented, we should use of_node_put() on it when not need anymore. +This function doesn't call of_node_put() in error path. +Call of_node_put() directly after of_property_read_u32() to cover +both normal path and error path. + +Fixes: 9f3a0f34b84a ("irqchip: Add support for Realtek RTL838x/RTL839x interrupt controller") +Signed-off-by: Miaoqian Lin +Signed-off-by: Marc Zyngier +Link: https://lore.kernel.org/r/20220601080930.31005-7-linmq006@gmail.com +Signed-off-by: Sasha Levin +--- + drivers/irqchip/irq-realtek-rtl.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/drivers/irqchip/irq-realtek-rtl.c b/drivers/irqchip/irq-realtek-rtl.c +index 50a56820c99b..56bf502d9c67 100644 +--- a/drivers/irqchip/irq-realtek-rtl.c ++++ b/drivers/irqchip/irq-realtek-rtl.c +@@ -134,9 +134,9 @@ static int __init map_interrupts(struct device_node *node, struct irq_domain *do + if (!cpu_ictl) + return -EINVAL; + ret = of_property_read_u32(cpu_ictl, "#interrupt-cells", &tmp); ++ of_node_put(cpu_ictl); + if (ret || tmp != 1) + return -EINVAL; +- of_node_put(cpu_ictl); + + cpu_int = be32_to_cpup(imap + 2); + if (cpu_int > 7 || cpu_int < 2) +-- +2.35.1 + diff --git a/queue-5.18/sched-fix-balance_push-vs-__sched_setscheduler.patch b/queue-5.18/sched-fix-balance_push-vs-__sched_setscheduler.patch new file mode 100644 index 00000000000..acda7c6745e --- /dev/null +++ b/queue-5.18/sched-fix-balance_push-vs-__sched_setscheduler.patch @@ -0,0 +1,120 @@ +From 2fabba2fdac0b050045e8e2c743e15dbd7023d24 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Tue, 7 Jun 2022 22:41:55 +0200 +Subject: sched: Fix balance_push() vs __sched_setscheduler() + +From: Peter Zijlstra + +[ Upstream commit 04193d590b390ec7a0592630f46d559ec6564ba1 ] + +The purpose of balance_push() is to act as a filter on task selection +in the case of CPU hotplug, specifically when taking the CPU out. + +It does this by (ab)using the balance callback infrastructure, with +the express purpose of keeping all the unlikely/odd cases in a single +place. + +In order to serve its purpose, the balance_push_callback needs to be +(exclusively) on the callback list at all times (noting that the +callback always places itself back on the list the moment it runs, +also noting that when the CPU goes down, regular balancing concerns +are moot, so ignoring them is fine). + +And here-in lies the problem, __sched_setscheduler()'s use of +splice_balance_callbacks() takes the callbacks off the list across a +lock-break, making it possible for, an interleaving, __schedule() to +see an empty list and not get filtered. + +Fixes: ae7927023243 ("sched: Optimize finish_lock_switch()") +Reported-by: Jing-Ting Wu +Signed-off-by: Peter Zijlstra (Intel) +Tested-by: Jing-Ting Wu +Link: https://lkml.kernel.org/r/20220519134706.GH2578@worktop.programming.kicks-ass.net +Signed-off-by: Sasha Levin +--- + kernel/sched/core.c | 36 +++++++++++++++++++++++++++++++++--- + kernel/sched/sched.h | 5 +++++ + 2 files changed, 38 insertions(+), 3 deletions(-) + +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index e58d894df207..dd11daa7a84b 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -4755,25 +4755,55 @@ static void do_balance_callbacks(struct rq *rq, struct callback_head *head) + + static void balance_push(struct rq *rq); + ++/* ++ * balance_push_callback is a right abuse of the callback interface and plays ++ * by significantly different rules. ++ * ++ * Where the normal balance_callback's purpose is to be ran in the same context ++ * that queued it (only later, when it's safe to drop rq->lock again), ++ * balance_push_callback is specifically targeted at __schedule(). ++ * ++ * This abuse is tolerated because it places all the unlikely/odd cases behind ++ * a single test, namely: rq->balance_callback == NULL. ++ */ + struct callback_head balance_push_callback = { + .next = NULL, + .func = (void (*)(struct callback_head *))balance_push, + }; + +-static inline struct callback_head *splice_balance_callbacks(struct rq *rq) ++static inline struct callback_head * ++__splice_balance_callbacks(struct rq *rq, bool split) + { + struct callback_head *head = rq->balance_callback; + ++ if (likely(!head)) ++ return NULL; ++ + lockdep_assert_rq_held(rq); +- if (head) ++ /* ++ * Must not take balance_push_callback off the list when ++ * splice_balance_callbacks() and balance_callbacks() are not ++ * in the same rq->lock section. ++ * ++ * In that case it would be possible for __schedule() to interleave ++ * and observe the list empty. ++ */ ++ if (split && head == &balance_push_callback) ++ head = NULL; ++ else + rq->balance_callback = NULL; + + return head; + } + ++static inline struct callback_head *splice_balance_callbacks(struct rq *rq) ++{ ++ return __splice_balance_callbacks(rq, true); ++} ++ + static void __balance_callbacks(struct rq *rq) + { +- do_balance_callbacks(rq, splice_balance_callbacks(rq)); ++ do_balance_callbacks(rq, __splice_balance_callbacks(rq, false)); + } + + static inline void balance_callbacks(struct rq *rq, struct callback_head *head) +diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h +index 0d2b6b758f32..84bba67c92dc 100644 +--- a/kernel/sched/sched.h ++++ b/kernel/sched/sched.h +@@ -1686,6 +1686,11 @@ queue_balance_callback(struct rq *rq, + { + lockdep_assert_rq_held(rq); + ++ /* ++ * Don't (re)queue an already queued item; nor queue anything when ++ * balance_push() is active, see the comment with ++ * balance_push_callback. ++ */ + if (unlikely(head->next || rq->balance_callback == &balance_push_callback)) + return; + +-- +2.35.1 + diff --git a/queue-5.18/series b/queue-5.18/series index 3465c7c13dd..9009c6527ec 100644 --- a/queue-5.18/series +++ b/queue-5.18/series @@ -85,3 +85,15 @@ arm64-ftrace-consistently-handle-plts.patch certs-blacklist_hashes.c-fix-const-confusion-in-cert.patch init-initialize-noop_backing_dev_info-early.patch block-fix-handling-of-offline-queues-in-blk_mq_alloc.patch +faddr2line-fix-overlapping-text-section-failures-the.patch +x86-ftrace-remove-object_files_non_standard-usage.patch +i2c-npcm7xx-add-check-for-platform_driver_register.patch +irqchip-gic-realview-fix-refcount-leak-in-realview_g.patch +irqchip-apple-aic-fix-refcount-leak-in-build_fiq_aff.patch +irqchip-apple-aic-fix-refcount-leak-in-aic_of_ic_ini.patch +irqchip-gic-v3-fix-error-handling-in-gic_populate_pp.patch +irqchip-gic-v3-fix-refcount-leak-in-gic_populate_ppi.patch +irqchip-realtek-rtl-fix-refcount-leak-in-map_interru.patch +sched-fix-balance_push-vs-__sched_setscheduler.patch +i2c-designware-use-standard-optional-ref-clock-imple.patch +i2c-mediatek-fix-an-error-handling-path-in-mtk_i2c_p.patch diff --git a/queue-5.18/x86-ftrace-remove-object_files_non_standard-usage.patch b/queue-5.18/x86-ftrace-remove-object_files_non_standard-usage.patch new file mode 100644 index 00000000000..5f0d352b2c4 --- /dev/null +++ b/queue-5.18/x86-ftrace-remove-object_files_non_standard-usage.patch @@ -0,0 +1,141 @@ +From 54064bfe78da9ec66990e72a42376bb919df2424 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Fri, 3 Jun 2022 08:04:44 -0700 +Subject: x86/ftrace: Remove OBJECT_FILES_NON_STANDARD usage + +From: Josh Poimboeuf + +[ Upstream commit 7b6c7a877cc616bc7dc9cd39646fe454acbed48b ] + +The file-wide OBJECT_FILES_NON_STANDARD annotation is used with +CONFIG_FRAME_POINTER to tell objtool to skip the entire file when frame +pointers are enabled. However that annotation is now deprecated because +it doesn't work with IBT, where objtool runs on vmlinux.o instead of +individual translation units. + +Instead, use more fine-grained function-specific annotations: + +- The 'save_mcount_regs' macro does funny things with the frame pointer. + Use STACK_FRAME_NON_STANDARD_FP to tell objtool to ignore the + functions using it. + +- The return_to_handler() "function" isn't actually a callable function. + Instead of being called, it's returned to. The real return address + isn't on the stack, so unwinding is already doomed no matter which + unwinder is used. So just remove the STT_FUNC annotation, telling + objtool to ignore it. That also removes the implicit + ANNOTATE_NOENDBR, which now needs to be made explicit. + +Fixes the following warning: + + vmlinux.o: warning: objtool: __fentry__+0x16: return with modified stack frame + +Fixes: ed53a0d97192 ("x86/alternative: Use .ibt_endbr_seal to seal indirect calls") +Reported-by: kernel test robot +Signed-off-by: Josh Poimboeuf +Link: https://lore.kernel.org/r/b7a7a42fe306aca37826043dac89e113a1acdbac.1654268610.git.jpoimboe@kernel.org +Signed-off-by: Sasha Levin +--- + arch/x86/kernel/Makefile | 4 ---- + arch/x86/kernel/ftrace_64.S | 11 ++++++++--- + include/linux/objtool.h | 6 ++++++ + tools/include/linux/objtool.h | 6 ++++++ + 4 files changed, 20 insertions(+), 7 deletions(-) + +diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile +index c41ef42adbe8..25828e4c6237 100644 +--- a/arch/x86/kernel/Makefile ++++ b/arch/x86/kernel/Makefile +@@ -36,10 +36,6 @@ KCSAN_SANITIZE := n + + OBJECT_FILES_NON_STANDARD_test_nx.o := y + +-ifdef CONFIG_FRAME_POINTER +-OBJECT_FILES_NON_STANDARD_ftrace_$(BITS).o := y +-endif +- + # If instrumentation of this dir is enabled, boot hangs during first second. + # Probably could be more selective here, but note that files related to irqs, + # boot, dumpstack/stacktrace, etc are either non-interesting or can lead to +diff --git a/arch/x86/kernel/ftrace_64.S b/arch/x86/kernel/ftrace_64.S +index 4ec13608d3c6..dfeb227de561 100644 +--- a/arch/x86/kernel/ftrace_64.S ++++ b/arch/x86/kernel/ftrace_64.S +@@ -175,6 +175,7 @@ SYM_INNER_LABEL(ftrace_caller_end, SYM_L_GLOBAL) + + jmp ftrace_epilogue + SYM_FUNC_END(ftrace_caller); ++STACK_FRAME_NON_STANDARD_FP(ftrace_caller) + + SYM_FUNC_START(ftrace_epilogue) + /* +@@ -282,6 +283,7 @@ SYM_INNER_LABEL(ftrace_regs_caller_end, SYM_L_GLOBAL) + jmp ftrace_epilogue + + SYM_FUNC_END(ftrace_regs_caller) ++STACK_FRAME_NON_STANDARD_FP(ftrace_regs_caller) + + + #else /* ! CONFIG_DYNAMIC_FTRACE */ +@@ -311,10 +313,14 @@ trace: + jmp ftrace_stub + SYM_FUNC_END(__fentry__) + EXPORT_SYMBOL(__fentry__) ++STACK_FRAME_NON_STANDARD_FP(__fentry__) ++ + #endif /* CONFIG_DYNAMIC_FTRACE */ + + #ifdef CONFIG_FUNCTION_GRAPH_TRACER +-SYM_FUNC_START(return_to_handler) ++SYM_CODE_START(return_to_handler) ++ UNWIND_HINT_EMPTY ++ ANNOTATE_NOENDBR + subq $16, %rsp + + /* Save the return values */ +@@ -339,7 +345,6 @@ SYM_FUNC_START(return_to_handler) + int3 + .Ldo_rop: + mov %rdi, (%rsp) +- UNWIND_HINT_FUNC + RET +-SYM_FUNC_END(return_to_handler) ++SYM_CODE_END(return_to_handler) + #endif +diff --git a/include/linux/objtool.h b/include/linux/objtool.h +index 586d35720f13..c81ea2264ad8 100644 +--- a/include/linux/objtool.h ++++ b/include/linux/objtool.h +@@ -141,6 +141,12 @@ struct unwind_hint { + .popsection + .endm + ++.macro STACK_FRAME_NON_STANDARD_FP func:req ++#ifdef CONFIG_FRAME_POINTER ++ STACK_FRAME_NON_STANDARD \func ++#endif ++.endm ++ + .macro ANNOTATE_NOENDBR + .Lhere_\@: + .pushsection .discard.noendbr +diff --git a/tools/include/linux/objtool.h b/tools/include/linux/objtool.h +index 586d35720f13..c81ea2264ad8 100644 +--- a/tools/include/linux/objtool.h ++++ b/tools/include/linux/objtool.h +@@ -141,6 +141,12 @@ struct unwind_hint { + .popsection + .endm + ++.macro STACK_FRAME_NON_STANDARD_FP func:req ++#ifdef CONFIG_FRAME_POINTER ++ STACK_FRAME_NON_STANDARD \func ++#endif ++.endm ++ + .macro ANNOTATE_NOENDBR + .Lhere_\@: + .pushsection .discard.noendbr +-- +2.35.1 +