From: Greg Kroah-Hartman Date: Fri, 6 Dec 2024 12:09:16 +0000 (+0100) Subject: 6.1-stable patches X-Git-Tag: v6.6.64~26 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3dda40203b0ad59274fcebed3bcc317bea7b7522;p=thirdparty%2Fkernel%2Fstable-queue.git 6.1-stable patches added patches: ad7780-fix-division-by-zero-in-ad7780_write_raw.patch arm-9429-1-ioremap-sync-pgds-for-vmalloc-shadow.patch arm-9430-1-entry-do-a-dummy-read-from-vmap-shadow.patch arm-9431-1-mm-pair-atomic_set_release-with-_read_acquire.patch ceph-extract-entity-name-from-device-id.patch s390-entry-mark-irq-entries-to-fix-stack-depot-warnings.patch --- diff --git a/queue-6.1/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch b/queue-6.1/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch new file mode 100644 index 00000000000..cb066480a93 --- /dev/null +++ b/queue-6.1/ad7780-fix-division-by-zero-in-ad7780_write_raw.patch @@ -0,0 +1,35 @@ +From c174b53e95adf2eece2afc56cd9798374919f99a Mon Sep 17 00:00:00 2001 +From: Zicheng Qu +Date: Mon, 28 Oct 2024 14:20:27 +0000 +Subject: ad7780: fix division by zero in ad7780_write_raw() + +From: Zicheng Qu + +commit c174b53e95adf2eece2afc56cd9798374919f99a upstream. + +In the ad7780_write_raw() , val2 can be zero, which might lead to a +division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() +is based on iio_info's write_raw. While val is explicitly declared that +can be zero (in read mode), val2 is not specified to be non-zero. + +Fixes: 9085daa4abcc ("staging: iio: ad7780: add gain & filter gpio support") +Cc: stable@vger.kernel.org +Signed-off-by: Zicheng Qu +Link: https://patch.msgid.link/20241028142027.1032332-1-quzicheng@huawei.com +Signed-off-by: Jonathan Cameron +Signed-off-by: Greg Kroah-Hartman +--- + drivers/iio/adc/ad7780.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/drivers/iio/adc/ad7780.c ++++ b/drivers/iio/adc/ad7780.c +@@ -152,7 +152,7 @@ static int ad7780_write_raw(struct iio_d + + switch (m) { + case IIO_CHAN_INFO_SCALE: +- if (val != 0) ++ if (val != 0 || val2 == 0) + return -EINVAL; + + vref = st->int_vref_mv * 1000000LL; diff --git a/queue-6.1/arm-9429-1-ioremap-sync-pgds-for-vmalloc-shadow.patch b/queue-6.1/arm-9429-1-ioremap-sync-pgds-for-vmalloc-shadow.patch new file mode 100644 index 00000000000..f71e60d4703 --- /dev/null +++ b/queue-6.1/arm-9429-1-ioremap-sync-pgds-for-vmalloc-shadow.patch @@ -0,0 +1,94 @@ +From d6e6a74d4cea853b5321eeabb69c611148eedefe Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Wed, 23 Oct 2024 13:03:14 +0100 +Subject: ARM: 9429/1: ioremap: Sync PGDs for VMALLOC shadow + +From: Linus Walleij + +commit d6e6a74d4cea853b5321eeabb69c611148eedefe upstream. + +When sync:ing the VMALLOC area to other CPUs, make sure to also +sync the KASAN shadow memory for the VMALLOC area, so that we +don't get stale entries for the shadow memory in the top level PGD. + +Since we are now copying PGDs in two instances, create a helper +function named memcpy_pgd() to do the actual copying, and +create a helper to map the addresses of VMALLOC_START and +VMALLOC_END into the corresponding shadow memory. + +Co-developed-by: Melon Liu + +Cc: stable@vger.kernel.org +Fixes: 565cbaad83d8 ("ARM: 9202/1: kasan: support CONFIG_KASAN_VMALLOC") +Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ +Reported-by: Clement LE GOFFIC +Suggested-by: Mark Rutland +Suggested-by: Russell King (Oracle) +Acked-by: Mark Rutland +Signed-off-by: Linus Walleij +Signed-off-by: Russell King (Oracle) +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mm/ioremap.c | 33 +++++++++++++++++++++++++++++---- + 1 file changed, 29 insertions(+), 4 deletions(-) + +diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c +index 794cfea9f9d4..ff555823cceb 100644 +--- a/arch/arm/mm/ioremap.c ++++ b/arch/arm/mm/ioremap.c +@@ -23,6 +23,7 @@ + */ + #include + #include ++#include + #include + #include + #include +@@ -115,16 +116,40 @@ int ioremap_page(unsigned long virt, unsigned long phys, + } + EXPORT_SYMBOL(ioremap_page); + ++#ifdef CONFIG_KASAN ++static unsigned long arm_kasan_mem_to_shadow(unsigned long addr) ++{ ++ return (unsigned long)kasan_mem_to_shadow((void *)addr); ++} ++#else ++static unsigned long arm_kasan_mem_to_shadow(unsigned long addr) ++{ ++ return 0; ++} ++#endif ++ ++static void memcpy_pgd(struct mm_struct *mm, unsigned long start, ++ unsigned long end) ++{ ++ end = ALIGN(end, PGDIR_SIZE); ++ memcpy(pgd_offset(mm, start), pgd_offset_k(start), ++ sizeof(pgd_t) * (pgd_index(end) - pgd_index(start))); ++} ++ + void __check_vmalloc_seq(struct mm_struct *mm) + { + int seq; + + do { + seq = atomic_read(&init_mm.context.vmalloc_seq); +- memcpy(pgd_offset(mm, VMALLOC_START), +- pgd_offset_k(VMALLOC_START), +- sizeof(pgd_t) * (pgd_index(VMALLOC_END) - +- pgd_index(VMALLOC_START))); ++ memcpy_pgd(mm, VMALLOC_START, VMALLOC_END); ++ if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) { ++ unsigned long start = ++ arm_kasan_mem_to_shadow(VMALLOC_START); ++ unsigned long end = ++ arm_kasan_mem_to_shadow(VMALLOC_END); ++ memcpy_pgd(mm, start, end); ++ } + /* + * Use a store-release so that other CPUs that observe the + * counter's new value are guaranteed to see the results of the +-- +2.47.1 + diff --git a/queue-6.1/arm-9430-1-entry-do-a-dummy-read-from-vmap-shadow.patch b/queue-6.1/arm-9430-1-entry-do-a-dummy-read-from-vmap-shadow.patch new file mode 100644 index 00000000000..6eef87156ca --- /dev/null +++ b/queue-6.1/arm-9430-1-entry-do-a-dummy-read-from-vmap-shadow.patch @@ -0,0 +1,50 @@ +From 44e9a3bb76e5f2eecd374c8176b2c5163c8bb2e2 Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Wed, 23 Oct 2024 13:04:44 +0100 +Subject: ARM: 9430/1: entry: Do a dummy read from VMAP shadow + +From: Linus Walleij + +commit 44e9a3bb76e5f2eecd374c8176b2c5163c8bb2e2 upstream. + +When switching task, in addition to a dummy read from the new +VMAP stack, also do a dummy read from the VMAP stack's +corresponding KASAN shadow memory to sync things up in +the new MM context. + +Cc: stable@vger.kernel.org +Fixes: a1c510d0adc6 ("ARM: implement support for vmap'ed stacks") +Link: https://lore.kernel.org/linux-arm-kernel/a1a1d062-f3a2-4d05-9836-3b098de9db6d@foss.st.com/ +Reported-by: Clement LE GOFFIC +Suggested-by: Ard Biesheuvel +Signed-off-by: Linus Walleij +Signed-off-by: Russell King (Oracle) +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/kernel/entry-armv.S | 8 ++++++++ + 1 file changed, 8 insertions(+) + +--- a/arch/arm/kernel/entry-armv.S ++++ b/arch/arm/kernel/entry-armv.S +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #include "entry-header.S" + #include +@@ -787,6 +788,13 @@ ENTRY(__switch_to) + @ entries covering the vmalloc region. + @ + ldr r2, [ip] ++#ifdef CONFIG_KASAN_VMALLOC ++ @ Also dummy read from the KASAN shadow memory for the new stack if we ++ @ are using KASAN ++ mov_l r2, KASAN_SHADOW_OFFSET ++ add r2, r2, ip, lsr #KASAN_SHADOW_SCALE_SHIFT ++ ldr r2, [r2] ++#endif + #endif + + @ When CONFIG_THREAD_INFO_IN_TASK=n, the update of SP itself is what diff --git a/queue-6.1/arm-9431-1-mm-pair-atomic_set_release-with-_read_acquire.patch b/queue-6.1/arm-9431-1-mm-pair-atomic_set_release-with-_read_acquire.patch new file mode 100644 index 00000000000..cce8d4d8b7e --- /dev/null +++ b/queue-6.1/arm-9431-1-mm-pair-atomic_set_release-with-_read_acquire.patch @@ -0,0 +1,42 @@ +From 93ee385254d53849c01dd8ab9bc9d02790ee7f0e Mon Sep 17 00:00:00 2001 +From: Linus Walleij +Date: Wed, 23 Oct 2024 13:05:34 +0100 +Subject: ARM: 9431/1: mm: Pair atomic_set_release() with _read_acquire() + +From: Linus Walleij + +commit 93ee385254d53849c01dd8ab9bc9d02790ee7f0e upstream. + +The code for syncing vmalloc memory PGD pointers is using +atomic_read() in pair with atomic_set_release() but the +proper pairing is atomic_read_acquire() paired with +atomic_set_release(). + +This is done to clearly instruct the compiler to not +reorder the memcpy() or similar calls inside the section +so that we do not observe changes to init_mm. memcpy() +calls should be identified by the compiler as having +unpredictable side effects, but let's try to be on the +safe side. + +Cc: stable@vger.kernel.org +Fixes: d31e23aff011 ("ARM: mm: make vmalloc_seq handling SMP safe") +Suggested-by: Mark Rutland +Signed-off-by: Linus Walleij +Signed-off-by: Russell King (Oracle) +Signed-off-by: Greg Kroah-Hartman +--- + arch/arm/mm/ioremap.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/arch/arm/mm/ioremap.c ++++ b/arch/arm/mm/ioremap.c +@@ -141,7 +141,7 @@ void __check_vmalloc_seq(struct mm_struc + int seq; + + do { +- seq = atomic_read(&init_mm.context.vmalloc_seq); ++ seq = atomic_read_acquire(&init_mm.context.vmalloc_seq); + memcpy_pgd(mm, VMALLOC_START, VMALLOC_END); + if (IS_ENABLED(CONFIG_KASAN_VMALLOC)) { + unsigned long start = diff --git a/queue-6.1/ceph-extract-entity-name-from-device-id.patch b/queue-6.1/ceph-extract-entity-name-from-device-id.patch new file mode 100644 index 00000000000..b652ee2b710 --- /dev/null +++ b/queue-6.1/ceph-extract-entity-name-from-device-id.patch @@ -0,0 +1,53 @@ +From 955710afcb3bb63e21e186451ed5eba85fa14d0b Mon Sep 17 00:00:00 2001 +From: Patrick Donnelly +Date: Sat, 12 Oct 2024 20:54:11 -0400 +Subject: ceph: extract entity name from device id + +From: Patrick Donnelly + +commit 955710afcb3bb63e21e186451ed5eba85fa14d0b upstream. + +Previously, the "name" in the new device syntax "@." +was ignored because (presumably) tests were done using mount.ceph which +also passed the entity name using "-o name=foo". If mounting is done +without the mount.ceph helper, the new device id syntax fails to set +the name properly. + +Cc: stable@vger.kernel.org +Link: https://tracker.ceph.com/issues/68516 +Signed-off-by: Patrick Donnelly +Reviewed-by: Ilya Dryomov +Signed-off-by: Ilya Dryomov +Signed-off-by: Greg Kroah-Hartman +--- + fs/ceph/super.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +--- a/fs/ceph/super.c ++++ b/fs/ceph/super.c +@@ -274,7 +274,9 @@ static int ceph_parse_new_source(const c + size_t len; + struct ceph_fsid fsid; + struct ceph_parse_opts_ctx *pctx = fc->fs_private; ++ struct ceph_options *opts = pctx->copts; + struct ceph_mount_options *fsopt = pctx->opts; ++ const char *name_start = dev_name; + char *fsid_start, *fs_name_start; + + if (*dev_name_end != '=') { +@@ -285,8 +287,14 @@ static int ceph_parse_new_source(const c + fsid_start = strchr(dev_name, '@'); + if (!fsid_start) + return invalfc(fc, "missing cluster fsid"); +- ++fsid_start; /* start of cluster fsid */ ++ len = fsid_start - name_start; ++ kfree(opts->name); ++ opts->name = kstrndup(name_start, len, GFP_KERNEL); ++ if (!opts->name) ++ return -ENOMEM; ++ dout("using %s entity name", opts->name); + ++ ++fsid_start; /* start of cluster fsid */ + fs_name_start = strchr(fsid_start, '.'); + if (!fs_name_start) + return invalfc(fc, "missing file system name"); diff --git a/queue-6.1/s390-entry-mark-irq-entries-to-fix-stack-depot-warnings.patch b/queue-6.1/s390-entry-mark-irq-entries-to-fix-stack-depot-warnings.patch new file mode 100644 index 00000000000..2cb4b38635d --- /dev/null +++ b/queue-6.1/s390-entry-mark-irq-entries-to-fix-stack-depot-warnings.patch @@ -0,0 +1,89 @@ +From 45c9f2b856a075a34873d00788d2e8a250c1effd Mon Sep 17 00:00:00 2001 +From: Vasily Gorbik +Date: Tue, 19 Nov 2024 14:54:07 +0100 +Subject: s390/entry: Mark IRQ entries to fix stack depot warnings + +From: Vasily Gorbik + +commit 45c9f2b856a075a34873d00788d2e8a250c1effd upstream. + +The stack depot filters out everything outside of the top interrupt +context as an uninteresting or irrelevant part of the stack traces. This +helps with stack trace de-duplication, avoiding an explosion of saved +stack traces that share the same IRQ context code path but originate +from different randomly interrupted points, eventually exhausting the +stack depot. + +Filtering uses in_irqentry_text() to identify functions within the +.irqentry.text and .softirqentry.text sections, which then become the +last stack trace entries being saved. + +While __do_softirq() is placed into the .softirqentry.text section by +common code, populating .irqentry.text is architecture-specific. + +Currently, the .irqentry.text section on s390 is empty, which prevents +stack depot filtering and de-duplication and could result in warnings +like: + +Stack depot reached limit capacity +WARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8 + +with PREEMPT and KASAN enabled. + +Fix this by moving the IO/EXT interrupt handlers from .kprobes.text into +the .irqentry.text section and updating the kprobes blacklist to include +the .irqentry.text section. + +This is done only for asynchronous interrupts and explicitly not for +program checks, which are synchronous and where the context beyond the +program check is important to preserve. Despite machine checks being +somewhat in between, they are extremely rare, and preserving context +when possible is also of value. + +SVCs and Restart Interrupts are not relevant, one being always at the +boundary to user space and the other being a one-time thing. + +IRQ entries filtering is also optionally used in ftrace function graph, +where the same logic applies. + +Cc: stable@vger.kernel.org # 5.15+ +Reviewed-by: Heiko Carstens +Signed-off-by: Vasily Gorbik +Signed-off-by: Heiko Carstens +Signed-off-by: Greg Kroah-Hartman +--- + arch/s390/kernel/entry.S | 4 ++++ + arch/s390/kernel/kprobes.c | 6 ++++++ + 2 files changed, 10 insertions(+) + +--- a/arch/s390/kernel/entry.S ++++ b/arch/s390/kernel/entry.S +@@ -484,9 +484,13 @@ ENTRY(\name) + ENDPROC(\name) + .endm + ++ .section .irqentry.text, "ax" ++ + INT_HANDLER ext_int_handler,__LC_EXT_OLD_PSW,do_ext_irq + INT_HANDLER io_int_handler,__LC_IO_OLD_PSW,do_io_irq + ++ .section .kprobes.text, "ax" ++ + /* + * Load idle PSW. + */ +--- a/arch/s390/kernel/kprobes.c ++++ b/arch/s390/kernel/kprobes.c +@@ -549,6 +549,12 @@ int __init arch_init_kprobes(void) + return 0; + } + ++int __init arch_populate_kprobe_blacklist(void) ++{ ++ return kprobe_add_area_blacklist((unsigned long)__irqentry_text_start, ++ (unsigned long)__irqentry_text_end); ++} ++ + int arch_trampoline_kprobe(struct kprobe *p) + { + return 0; diff --git a/queue-6.1/series b/queue-6.1/series index 068735e4874..dc0e5c7969f 100644 --- a/queue-6.1/series +++ b/queue-6.1/series @@ -480,3 +480,9 @@ vmstat-call-fold_vm_zone_numa_events-before-show-per-zone-numa-event.patch iommu-io-pgtable-arm-fix-stage-2-map-unmap-for-concatenated-tables.patch leds-lp55xx-remove-redundant-test-for-invalid-channel-number.patch clk-qcom-gcc-qcs404-fix-initial-rate-of-gpll3.patch +ad7780-fix-division-by-zero-in-ad7780_write_raw.patch +arm-9429-1-ioremap-sync-pgds-for-vmalloc-shadow.patch +s390-entry-mark-irq-entries-to-fix-stack-depot-warnings.patch +arm-9430-1-entry-do-a-dummy-read-from-vmap-shadow.patch +arm-9431-1-mm-pair-atomic_set_release-with-_read_acquire.patch +ceph-extract-entity-name-from-device-id.patch